diff options
Diffstat (limited to 'sys-kernel')
12 files changed, 1740 insertions, 2538 deletions
diff --git a/sys-kernel/linux-image-redcore-lts/Manifest b/sys-kernel/linux-image-redcore-lts/Manifest index 88488d9f..17b5b0b2 100644 --- a/sys-kernel/linux-image-redcore-lts/Manifest +++ b/sys-kernel/linux-image-redcore-lts/Manifest @@ -1 +1 @@ -DIST linux-4.14.50.tar.xz 100914360 BLAKE2B ab5139121e6f6fb47983822f9655da31d73c64c7d7543222480da73ffc7e0b495c5d7e47364152badf4d483b38ecf79eddc450bb8ac40224d20051a5cf3a7c6b SHA512 e8cec475c53624b29e17d7295818d2f8c1ddc98ab72bdd5c9901fcef4f06117d3da5896add182ca85af0acaa872d25c16266165886bff822c260d5466561c7e7 +DIST linux-4.14.65.tar.xz 100977596 BLAKE2B 1864dadfbdd4cf2e8c89c196291e04a680f06f9916a792bc6f2c22e9b74e512f6475a7dbfb70c81882841583e726466c0f7ff6995d3e78d6334a71b4cef06303 SHA512 162382b3567ba256a1caac7b9c0e2188484ae22d8731c2627ab0faa471ac35ca6578e0f0428c17d63d14f53316b7701a0e9c7a99b1bc749ddd6ab408f10c2185 diff --git a/sys-kernel/linux-image-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch b/sys-kernel/linux-image-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch new file mode 100644 index 00000000..d12753be --- /dev/null +++ b/sys-kernel/linux-image-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch @@ -0,0 +1,38 @@ +From 0e7ab31fb218e2a18fbecd19c24dfaae14c88afd Mon Sep 17 00:00:00 2001 +From: Con Kolivas <kernel@kolivas.org> +Date: Mon, 20 Nov 2017 18:02:03 +1100 +Subject: [PATCH 15/18] Enable BFQ io scheduler by default. + +--- + block/Kconfig.iosched | 2 +- + drivers/scsi/Kconfig | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/block/Kconfig.iosched b/block/Kconfig.iosched +index a4a8914bf7a4..2d9be91e8e87 100644 +--- a/block/Kconfig.iosched ++++ b/block/Kconfig.iosched +@@ -82,7 +82,7 @@ config MQ_IOSCHED_KYBER + + config IOSCHED_BFQ + tristate "BFQ I/O scheduler" +- default n ++ default y + ---help--- + BFQ I/O scheduler for BLK-MQ. BFQ distributes the bandwidth of + of the device among all processes according to their weights, +diff --git a/drivers/scsi/Kconfig b/drivers/scsi/Kconfig +index 8a739b74cfb7..9e939ee76e72 100644 +--- a/drivers/scsi/Kconfig ++++ b/drivers/scsi/Kconfig +@@ -50,6 +50,7 @@ config SCSI_NETLINK + config SCSI_MQ_DEFAULT + bool "SCSI: use blk-mq I/O path by default" + depends on SCSI ++ default y + ---help--- + This option enables the new blk-mq based I/O path for SCSI + devices by default. With the option the scsi_mod.use_blk_mq +-- +2.14.1 + diff --git a/sys-kernel/linux-image-redcore-lts/files/enable_alx_wol.patch b/sys-kernel/linux-image-redcore-lts/files/enable_alx_wol.patch deleted file mode 100644 index 38f460fb..00000000 --- a/sys-kernel/linux-image-redcore-lts/files/enable_alx_wol.patch +++ /dev/null @@ -1,478 +0,0 @@ -diff --git a/drivers/net/ethernet/atheros/alx/ethtool.c b/drivers/net/ethernet/atheros/alx/ethtool.c -index 2f4eabf65..859e27236 100644 ---- a/drivers/net/ethernet/atheros/alx/ethtool.c -+++ b/drivers/net/ethernet/atheros/alx/ethtool.c -@@ -310,11 +310,47 @@ static int alx_get_sset_count(struct net_device *netdev, int sset) - } - } - -+static void alx_get_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) -+{ -+ struct alx_priv *alx = netdev_priv(netdev); -+ struct alx_hw *hw = &alx->hw; -+ -+ wol->supported = WAKE_MAGIC | WAKE_PHY; -+ wol->wolopts = 0; -+ -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_MAGIC) -+ wol->wolopts |= WAKE_MAGIC; -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_PHY) -+ wol->wolopts |= WAKE_PHY; -+} -+ -+static int alx_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) -+{ -+ struct alx_priv *alx = netdev_priv(netdev); -+ struct alx_hw *hw = &alx->hw; -+ -+ if (wol->wolopts & ~(WAKE_MAGIC | WAKE_PHY)) -+ return -EOPNOTSUPP; -+ -+ hw->sleep_ctrl = 0; -+ -+ if (wol->wolopts & WAKE_MAGIC) -+ hw->sleep_ctrl |= ALX_SLEEP_WOL_MAGIC; -+ if (wol->wolopts & WAKE_PHY) -+ hw->sleep_ctrl |= ALX_SLEEP_WOL_PHY; -+ -+ device_set_wakeup_enable(&alx->hw.pdev->dev, hw->sleep_ctrl); -+ -+ return 0; -+} -+ - const struct ethtool_ops alx_ethtool_ops = { - .get_pauseparam = alx_get_pauseparam, - .set_pauseparam = alx_set_pauseparam, - .get_msglevel = alx_get_msglevel, - .set_msglevel = alx_set_msglevel, -+ .get_wol = alx_get_wol, -+ .set_wol = alx_set_wol, - .get_link = ethtool_op_get_link, - .get_strings = alx_get_strings, - .get_sset_count = alx_get_sset_count, -diff --git a/drivers/net/ethernet/atheros/alx/hw.c b/drivers/net/ethernet/atheros/alx/hw.c -index 6ac40b000..4791b9dbb 100644 ---- a/drivers/net/ethernet/atheros/alx/hw.c -+++ b/drivers/net/ethernet/atheros/alx/hw.c -@@ -332,6 +332,16 @@ void alx_set_macaddr(struct alx_hw *hw, const u8 *addr) - alx_write_mem32(hw, ALX_STAD1, val); - } - -+static void alx_enable_osc(struct alx_hw *hw) -+{ -+ u32 val; -+ -+ /* rising edge */ -+ val = alx_read_mem32(hw, ALX_MISC); -+ alx_write_mem32(hw, ALX_MISC, val & ~ALX_MISC_INTNLOSC_OPEN); -+ alx_write_mem32(hw, ALX_MISC, val | ALX_MISC_INTNLOSC_OPEN); -+} -+ - static void alx_reset_osc(struct alx_hw *hw, u8 rev) - { - u32 val, val2; -@@ -848,6 +858,66 @@ void alx_post_phy_link(struct alx_hw *hw) - } - } - -+ -+/* NOTE: -+ * 1. phy link must be established before calling this function -+ * 2. wol option (pattern,magic,link,etc.) is configed before call it. -+ */ -+int alx_pre_suspend(struct alx_hw *hw, int speed, u8 duplex) -+{ -+ u32 master, mac, phy, val; -+ int err = 0; -+ -+ master = alx_read_mem32(hw, ALX_MASTER); -+ master &= ~ALX_MASTER_PCLKSEL_SRDS; -+ mac = hw->rx_ctrl; -+ /* 10/100 half */ -+ ALX_SET_FIELD(mac, ALX_MAC_CTRL_SPEED, ALX_MAC_CTRL_SPEED_10_100); -+ mac &= ~(ALX_MAC_CTRL_FULLD | ALX_MAC_CTRL_RX_EN | ALX_MAC_CTRL_TX_EN); -+ -+ phy = alx_read_mem32(hw, ALX_PHY_CTRL); -+ phy &= ~(ALX_PHY_CTRL_DSPRST_OUT | ALX_PHY_CTRL_CLS); -+ phy |= ALX_PHY_CTRL_RST_ANALOG | ALX_PHY_CTRL_HIB_PULSE | -+ ALX_PHY_CTRL_HIB_EN; -+ -+ /* without any activity */ -+ if (!(hw->sleep_ctrl & ALX_SLEEP_ACTIVE)) { -+ err = alx_write_phy_reg(hw, ALX_MII_IER, 0); -+ if (err) -+ return err; -+ phy |= ALX_PHY_CTRL_IDDQ | ALX_PHY_CTRL_POWER_DOWN; -+ } else { -+ if (hw->sleep_ctrl & (ALX_SLEEP_WOL_MAGIC | ALX_SLEEP_CIFS)) -+ mac |= ALX_MAC_CTRL_RX_EN | ALX_MAC_CTRL_BRD_EN; -+ if (hw->sleep_ctrl & ALX_SLEEP_CIFS) -+ mac |= ALX_MAC_CTRL_TX_EN; -+ if (duplex == DUPLEX_FULL) -+ mac |= ALX_MAC_CTRL_FULLD; -+ if (speed == SPEED_1000) -+ ALX_SET_FIELD(mac, ALX_MAC_CTRL_SPEED, -+ ALX_MAC_CTRL_SPEED_1000); -+ phy |= ALX_PHY_CTRL_DSPRST_OUT; -+ err = alx_write_phy_ext(hw, ALX_MIIEXT_ANEG, -+ ALX_MIIEXT_S3DIG10, -+ ALX_MIIEXT_S3DIG10_SL); -+ if (err) -+ return err; -+ } -+ -+ alx_enable_osc(hw); -+ hw->rx_ctrl = mac; -+ alx_write_mem32(hw, ALX_MASTER, master); -+ alx_write_mem32(hw, ALX_MAC_CTRL, mac); -+ alx_write_mem32(hw, ALX_PHY_CTRL, phy); -+ -+ /* set val of PDLL D3PLLOFF */ -+ val = alx_read_mem32(hw, ALX_PDLL_TRNS1); -+ val |= ALX_PDLL_TRNS1_D3PLLOFF_EN; -+ alx_write_mem32(hw, ALX_PDLL_TRNS1, val); -+ -+ return 0; -+} -+ - bool alx_phy_configured(struct alx_hw *hw) - { - u32 cfg, hw_cfg; -@@ -920,6 +990,26 @@ int alx_clear_phy_intr(struct alx_hw *hw) - return alx_read_phy_reg(hw, ALX_MII_ISR, &isr); - } - -+int alx_config_wol(struct alx_hw *hw) -+{ -+ u32 wol = 0; -+ int err = 0; -+ -+ /* turn on magic packet event */ -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_MAGIC) -+ wol |= ALX_WOL0_MAGIC_EN | ALX_WOL0_PME_MAGIC_EN; -+ -+ /* turn on link up event */ -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_PHY) { -+ wol |= ALX_WOL0_LINK_EN | ALX_WOL0_PME_LINK; -+ /* only link up can wake up */ -+ err = alx_write_phy_reg(hw, ALX_MII_IER, ALX_IER_LINK_UP); -+ } -+ alx_write_mem32(hw, ALX_WOL0, wol); -+ -+ return err; -+} -+ - void alx_disable_rss(struct alx_hw *hw) - { - u32 ctrl = alx_read_mem32(hw, ALX_RXQ0); -@@ -1045,6 +1135,71 @@ void alx_mask_msix(struct alx_hw *hw, int index, bool mask) - } - - -+int alx_select_powersaving_speed(struct alx_hw *hw, int *speed, u8 *duplex) -+{ -+ int i, err; -+ u16 lpa; -+ -+ err = alx_read_phy_link(hw); -+ if (err) -+ return err; -+ -+ if (hw->link_speed == SPEED_UNKNOWN) { -+ *speed = SPEED_UNKNOWN; -+ *duplex = DUPLEX_UNKNOWN; -+ return 0; -+ } -+ -+ err = alx_read_phy_reg(hw, MII_LPA, &lpa); -+ if (err) -+ return err; -+ -+ if (!(lpa & LPA_LPACK)) { -+ *speed = hw->link_speed; -+ return 0; -+ } -+ -+ if (lpa & LPA_10FULL) { -+ *speed = SPEED_10; -+ *duplex = DUPLEX_FULL; -+ } else if (lpa & LPA_10HALF) { -+ *speed = SPEED_10; -+ *duplex = DUPLEX_HALF; -+ } else if (lpa & LPA_100FULL) { -+ *speed = SPEED_100; -+ *duplex = DUPLEX_FULL; -+ } else { -+ *speed = SPEED_100; -+ *duplex = DUPLEX_HALF; -+ } -+ -+ if (*speed == hw->link_speed && *duplex == hw->duplex) -+ return 0; -+ err = alx_write_phy_reg(hw, ALX_MII_IER, 0); -+ if (err) -+ return err; -+ err = alx_setup_speed_duplex(hw, alx_speed_to_ethadv(*speed, *duplex) | -+ ADVERTISED_Autoneg, ALX_FC_ANEG | -+ ALX_FC_RX | ALX_FC_TX); -+ if (err) -+ return err; -+ -+ /* wait for linkup */ -+ for (i = 0; i < ALX_MAX_SETUP_LNK_CYCLE; i++) { -+ msleep(100); -+ -+ err = alx_read_phy_link(hw); -+ if (err < 0) -+ return err; -+ if (hw->link_speed != SPEED_UNKNOWN) -+ break; -+ } -+ if (i == ALX_MAX_SETUP_LNK_CYCLE) -+ return -ETIMEDOUT; -+ -+ return 0; -+} -+ - bool alx_get_phy_info(struct alx_hw *hw) - { - u16 devs1, devs2; -diff --git a/drivers/net/ethernet/atheros/alx/hw.h b/drivers/net/ethernet/atheros/alx/hw.h -index e42d7e094..a7fb6c8d8 100644 ---- a/drivers/net/ethernet/atheros/alx/hw.h -+++ b/drivers/net/ethernet/atheros/alx/hw.h -@@ -487,6 +487,8 @@ struct alx_hw { - u8 flowctrl; - u32 adv_cfg; - -+ u32 sleep_ctrl; -+ - spinlock_t mdio_lock; - struct mdio_if_info mdio; - u16 phy_id[2]; -@@ -549,12 +551,14 @@ void alx_reset_pcie(struct alx_hw *hw); - void alx_enable_aspm(struct alx_hw *hw, bool l0s_en, bool l1_en); - int alx_setup_speed_duplex(struct alx_hw *hw, u32 ethadv, u8 flowctrl); - void alx_post_phy_link(struct alx_hw *hw); -+int alx_pre_suspend(struct alx_hw *hw, int speed, u8 duplex); - int alx_read_phy_reg(struct alx_hw *hw, u16 reg, u16 *phy_data); - int alx_write_phy_reg(struct alx_hw *hw, u16 reg, u16 phy_data); - int alx_read_phy_ext(struct alx_hw *hw, u8 dev, u16 reg, u16 *pdata); - int alx_write_phy_ext(struct alx_hw *hw, u8 dev, u16 reg, u16 data); - int alx_read_phy_link(struct alx_hw *hw); - int alx_clear_phy_intr(struct alx_hw *hw); -+int alx_config_wol(struct alx_hw *hw); - void alx_cfg_mac_flowcontrol(struct alx_hw *hw, u8 fc); - void alx_start_mac(struct alx_hw *hw); - int alx_reset_mac(struct alx_hw *hw); -@@ -563,6 +567,7 @@ bool alx_phy_configured(struct alx_hw *hw); - void alx_configure_basic(struct alx_hw *hw); - void alx_mask_msix(struct alx_hw *hw, int index, bool mask); - void alx_disable_rss(struct alx_hw *hw); -+int alx_select_powersaving_speed(struct alx_hw *hw, int *speed, u8 *duplex); - bool alx_get_phy_info(struct alx_hw *hw); - void alx_update_hw_stats(struct alx_hw *hw); - -diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c -index 567ee5450..94fd0118d 100644 ---- a/drivers/net/ethernet/atheros/alx/main.c -+++ b/drivers/net/ethernet/atheros/alx/main.c -@@ -1070,6 +1070,7 @@ static int alx_init_sw(struct alx_priv *alx) - alx->dev->max_mtu = ALX_MAX_FRAME_LEN(ALX_MAX_FRAME_SIZE); - alx->tx_ringsz = 256; - alx->rx_ringsz = 512; -+ hw->sleep_ctrl = ALX_SLEEP_WOL_MAGIC | ALX_SLEEP_WOL_PHY; - hw->imt = 200; - alx->int_mask = ALX_ISR_MISC; - hw->dma_chnl = hw->max_dma_chnl; -@@ -1345,6 +1346,65 @@ static int alx_stop(struct net_device *netdev) - __alx_stop(netdev_priv(netdev)); - return 0; - } -+static int __alx_shutdown(struct pci_dev *pdev, bool *wol_en) -+{ -+ struct alx_priv *alx = pci_get_drvdata(pdev); -+ struct net_device *netdev = alx->dev; -+ struct alx_hw *hw = &alx->hw; -+ int err, speed; -+ u8 duplex; -+ -+ netif_device_detach(netdev); -+ -+ if (netif_running(netdev)) -+ __alx_stop(alx); -+ -+#ifdef CONFIG_PM_SLEEP -+ err = pci_save_state(pdev); -+ if (err) -+ return err; -+#endif -+ -+ err = alx_select_powersaving_speed(hw, &speed, &duplex); -+ if (err) -+ return err; -+ err = alx_clear_phy_intr(hw); -+ if (err) -+ return err; -+ err = alx_pre_suspend(hw, speed, duplex); -+ if (err) -+ return err; -+ err = alx_config_wol(hw); -+ if (err) -+ return err; -+ -+ *wol_en = false; -+ if (hw->sleep_ctrl & ALX_SLEEP_ACTIVE) { -+ netif_info(alx, wol, netdev, -+ "wol: ctrl=%X, speed=%X\n", -+ hw->sleep_ctrl, speed); -+ device_set_wakeup_enable(&pdev->dev, true); -+ *wol_en = true; -+ } -+ -+ pci_disable_device(pdev); -+ -+ return 0; -+} -+ -+static void alx_shutdown(struct pci_dev *pdev) -+{ -+ int err; -+ bool wol_en; -+ -+ err = __alx_shutdown(pdev, &wol_en); -+ if (!err) { -+ pci_wake_from_d3(pdev, wol_en); -+ pci_set_power_state(pdev, PCI_D3hot); -+ } else { -+ dev_err(&pdev->dev, "shutdown fail %d\n", err); -+ } -+} - - static void alx_link_check(struct work_struct *work) - { -@@ -1841,6 +1901,8 @@ static int alx_probe(struct pci_dev *pdev, const struct pci_device_id *ent) - goto out_unmap; - } - -+ device_set_wakeup_enable(&pdev->dev, hw->sleep_ctrl); -+ - netdev_info(netdev, - "Qualcomm Atheros AR816x/AR817x Ethernet [%pM]\n", - netdev->dev_addr); -@@ -1883,12 +1945,21 @@ static void alx_remove(struct pci_dev *pdev) - static int alx_suspend(struct device *dev) - { - struct pci_dev *pdev = to_pci_dev(dev); -- struct alx_priv *alx = pci_get_drvdata(pdev); -+ int err; -+ bool wol_en; - -- if (!netif_running(alx->dev)) -- return 0; -- netif_device_detach(alx->dev); -- __alx_stop(alx); -+ err = __alx_shutdown(pdev, &wol_en); -+ if (err) { -+ dev_err(&pdev->dev, "shutdown fail in suspend %d\n", err); -+ return err; -+ } -+ -+ if (wol_en) { -+ pci_prepare_to_sleep(pdev); -+ } else { -+ pci_wake_from_d3(pdev, false); -+ pci_set_power_state(pdev, PCI_D3hot); -+ } - return 0; - } - -@@ -1896,20 +1967,47 @@ static int alx_resume(struct device *dev) - { - struct pci_dev *pdev = to_pci_dev(dev); - struct alx_priv *alx = pci_get_drvdata(pdev); -- struct alx_hw *hw = &alx->hw; -- -- alx_reset_phy(hw); -- -- if (!netif_running(alx->dev)) -- return 0; -- netif_device_attach(alx->dev); -- return __alx_open(alx, true); -+ struct net_device *netdev = alx->dev; -+ struct alx_hw *hw = &alx->hw; -+ int err; -+ -+ pci_set_power_state(pdev, PCI_D0); -+ pci_restore_state(pdev); -+ pci_save_state(pdev); -+ -+ pci_enable_wake(pdev, PCI_D3hot, 0); -+ pci_enable_wake(pdev, PCI_D3cold, 0); -+ -+ hw->link_speed = SPEED_UNKNOWN; -+ alx->int_mask = ALX_ISR_MISC; -+ -+ alx_reset_pcie(hw); -+ alx_reset_phy(hw); -+ -+ err = alx_reset_mac(hw); -+ if (err) { -+ netif_err(alx, hw, alx->dev, -+ "resume:reset_mac fail %d\n", err); -+ return -EIO; -+ } -+ -+ err = alx_setup_speed_duplex(hw, hw->adv_cfg, hw->flowctrl); -+ if (err) { -+ netif_err(alx, hw, alx->dev, -+ "resume:setup_speed_duplex fail %d\n", err); -+ return -EIO; -+ } -+ -+ if (netif_running(netdev)) { -+ err = __alx_open(alx, true); -+ if (err) -+ return err; -+ } -+ -+ netif_device_attach(netdev); -+ return err; - } - --static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume); --#define ALX_PM_OPS (&alx_pm_ops) --#else --#define ALX_PM_OPS NULL - #endif - - -@@ -1955,6 +2053,8 @@ static pci_ers_result_t alx_pci_error_slot_reset(struct pci_dev *pdev) - } - - pci_set_master(pdev); -+ pci_enable_wake(pdev, PCI_D3hot, 0); -+ pci_enable_wake(pdev, PCI_D3cold, 0); - - alx_reset_pcie(hw); - if (!alx_reset_mac(hw)) -@@ -2006,11 +2106,19 @@ static const struct pci_device_id alx_pci_tbl[] = { - {} - }; - -+#ifdef CONFIG_PM_SLEEP -+static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume); -+#define ALX_PM_OPS (&alx_pm_ops) -+#else -+#define ALX_PM_OPS NULL -+#endif -+ - static struct pci_driver alx_driver = { - .name = alx_drv_name, - .id_table = alx_pci_tbl, - .probe = alx_probe, - .remove = alx_remove, -+ .shutdown = alx_shutdown, - .err_handler = &alx_err_handlers, - .driver.pm = ALX_PM_OPS, - }; diff --git a/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch b/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch index 0085a4f2..b5bfc225 100644 --- a/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch +++ b/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch @@ -1,90 +1,94 @@ -diff -Nur a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig ---- a/arch/arm64/configs/defconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/configs/defconfig 2018-05-26 19:24:34.821782579 +0100 -@@ -1,4 +1,3 @@ --CONFIG_SYSVIPC=y - CONFIG_POSIX_MQUEUE=y - CONFIG_AUDIT=y - CONFIG_NO_HZ_IDLE=y -diff -Nur a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h ---- a/arch/arm64/include/asm/elf.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/include/asm/elf.h 2018-05-26 19:24:34.821782579 +0100 -@@ -114,10 +114,10 @@ +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 9841bad6f271..99aab439ba8e 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -490,16 +490,6 @@ + nosocket -- Disable socket memory accounting. + nokmem -- Disable kernel memory accounting. - /* - * This is the base location for PIE (ET_DYN with INTERP) loads. On -- * 64-bit, this is above 4GB to leave the entire 32-bit address -+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address - * space open for things that want to use the area for 32-bit pointers. - */ --#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) -+#define ELF_ET_DYN_BASE 0x100000000UL +- checkreqprot [SELINUX] Set initial checkreqprot flag value. +- Format: { "0" | "1" } +- See security/selinux/Kconfig help text. +- 0 -- check protection applied by kernel (includes +- any implied execute protection). +- 1 -- check protection requested by application. +- Default value is set via a kernel config option. +- Value can be changed at runtime via +- /selinux/checkreqprot. +- + cio_ignore= [S390] + See Documentation/s390/CommonIO for details. + clk_ignore_unused +@@ -2977,6 +2967,11 @@ + the specified number of seconds. This is to be used if + your oopses keep scrolling off the screen. - #ifndef __ASSEMBLY__ ++ extra_latent_entropy ++ Enable a very simple form of latent entropy extraction ++ from the first 4GB of memory as the bootmem allocator ++ passes the memory pages to the buddy allocator. ++ + pcbit= [HW,ISDN] -@@ -158,10 +158,10 @@ - /* 1GB of VA */ - #ifdef CONFIG_COMPAT - #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ -- 0x7ff >> (PAGE_SHIFT - 12) : \ -- 0x3ffff >> (PAGE_SHIFT - 12)) -+ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ -+ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #else --#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) -+#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #endif + pcd. [PARIDE] +diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt +index 694968c7523c..002d86416ef8 100644 +--- a/Documentation/sysctl/kernel.txt ++++ b/Documentation/sysctl/kernel.txt +@@ -91,6 +91,7 @@ show up in /proc/sys/kernel: + - sysctl_writes_strict + - tainted + - threads-max ++- tiocsti_restrict + - unknown_nmi_panic + - watchdog + - watchdog_thresh +@@ -999,6 +1000,26 @@ available RAM pages threads-max is reduced accordingly. - #ifdef __AARCH64EB__ -diff -Nur a/arch/arm64/Kconfig b/arch/arm64/Kconfig ---- a/arch/arm64/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/Kconfig 2018-05-26 19:24:34.821782579 +0100 -@@ -918,6 +918,7 @@ + ============================================================== - config ARM64_SW_TTBR0_PAN - bool "Emulate Privileged Access Never using TTBR0_EL1 switching" -+ default y - help - Enabling this option prevents the kernel from accessing - user-space memory directly by pointing TTBR0_EL1 to a reserved -@@ -1044,6 +1045,7 @@ - bool "Randomize the address of the kernel image" - select ARM64_MODULE_PLTS if MODULES - select RELOCATABLE -+ default y - help - Randomizes the virtual address at which the kernel image is - loaded, as a security feature that deters exploit attempts -diff -Nur a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug ---- a/arch/arm64/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/Kconfig.debug 2018-05-26 19:24:34.821782579 +0100 -@@ -45,6 +45,7 @@ - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select ARM64_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. ++tiocsti_restrict: ++ ++This toggle indicates whether unprivileged users are prevented ++from using the TIOCSTI ioctl to inject commands into other processes ++which share a tty session. ++ ++When tiocsti_restrict is set to (0) there are no restrictions(accept ++the default restriction of only being able to injection commands into ++one's own tty). When tiocsti_restrict is set to (1), users must ++have CAP_SYS_ADMIN to use the TIOCSTI ioctl. ++ ++When user namespaces are in use, the check for the capability ++CAP_SYS_ADMIN is done against the user namespace that originally ++opened the tty. ++ ++The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the ++default value of tiocsti_restrict. ++ ++============================================================== ++ + unknown_nmi_panic: -diff -Nur a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c ---- a/arch/arm64/kernel/process.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/kernel/process.c 2018-05-26 19:24:34.821782579 +0100 -@@ -419,9 +419,9 @@ - unsigned long arch_randomize_brk(struct mm_struct *mm) - { - if (is_compat_task()) -- return randomize_page(mm->brk, SZ_32M); -+ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; - else -- return randomize_page(mm->brk, SZ_1G); -+ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; - } + The value in this file affects behavior of handling NMI. When the +diff --git a/Makefile b/Makefile +index 025156791e90..c45debf0a8e2 100644 +--- a/Makefile ++++ b/Makefile +@@ -706,6 +706,9 @@ endif + KBUILD_CFLAGS += $(stackp-flag) - /* -diff -Nur a/arch/Kconfig b/arch/Kconfig ---- a/arch/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/Kconfig 2018-05-26 19:24:34.820782546 +0100 -@@ -440,6 +440,11 @@ + ifeq ($(cc-name),clang) ++ifdef CONFIG_LOCAL_INIT ++KBUILD_CFLAGS += -fsanitize=local-init ++endif + KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) + KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) + KBUILD_CFLAGS += $(call cc-disable-warning, gnu) +diff --git a/arch/Kconfig b/arch/Kconfig +index 4e01862f58e4..111da81b4277 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -443,6 +443,11 @@ config GCC_PLUGIN_LATENT_ENTROPY is some slowdown of the boot process (about 0.5%) and fork and irq processing. @@ -96,7 +100,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig Note that entropy extracted this way is not cryptographically secure! -@@ -533,7 +538,7 @@ +@@ -536,7 +541,7 @@ config CC_STACKPROTECTOR choice prompt "Stack Protector buffer overflow detection" depends on HAVE_CC_STACKPROTECTOR @@ -105,7 +109,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig help This option turns on the "stack-protector" GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -735,7 +740,7 @@ +@@ -738,7 +743,7 @@ config ARCH_MMAP_RND_BITS int "Number of bits to use for ASLR of mmap base address" if EXPERT range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT @@ -114,7 +118,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig depends on HAVE_ARCH_MMAP_RND_BITS help This value can be used to select the number of bits to use to -@@ -769,7 +774,7 @@ +@@ -772,7 +777,7 @@ config ARCH_MMAP_RND_COMPAT_BITS int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT @@ -123,7 +127,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS help This value can be used to select the number of bits to use to -@@ -952,6 +957,7 @@ +@@ -955,6 +960,7 @@ config ARCH_HAS_REFCOUNT config REFCOUNT_FULL bool "Perform full reference count validation at the expense of speed" @@ -131,19 +135,154 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig help Enabling this switches the refcounting infrastructure from a fast unchecked atomic_t implementation to a fully state checked -diff -Nur a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig ---- a/arch/x86/configs/x86_64_defconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/configs/x86_64_defconfig 2018-05-26 19:24:34.822782611 +0100 +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 1bbb89d37f57..e3776376cafa 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -927,6 +927,7 @@ endif + + config ARM64_SW_TTBR0_PAN + bool "Emulate Privileged Access Never using TTBR0_EL1 switching" ++ default y + help + Enabling this option prevents the kernel from accessing + user-space memory directly by pointing TTBR0_EL1 to a reserved +@@ -1053,6 +1054,7 @@ config RANDOMIZE_BASE + bool "Randomize the address of the kernel image" + select ARM64_MODULE_PLTS if MODULES + select RELOCATABLE ++ default y + help + Randomizes the virtual address at which the kernel image is + loaded, as a security feature that deters exploit attempts +diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug +index cc6bd559af85..01d5442d4722 100644 +--- a/arch/arm64/Kconfig.debug ++++ b/arch/arm64/Kconfig.debug +@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select ARM64_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig +index b05796578e7a..8f6e2099717d 100644 +--- a/arch/arm64/configs/defconfig ++++ b/arch/arm64/configs/defconfig +@@ -1,4 +1,3 @@ +-CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y + CONFIG_AUDIT=y + CONFIG_NO_HZ_IDLE=y +diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h +index 33be513ef24c..6f0c0e3ef0dd 100644 +--- a/arch/arm64/include/asm/elf.h ++++ b/arch/arm64/include/asm/elf.h +@@ -114,10 +114,10 @@ + + /* + * This is the base location for PIE (ET_DYN with INTERP) loads. On +- * 64-bit, this is above 4GB to leave the entire 32-bit address ++ * 64-bit, this is raised to 4GB to leave the entire 32-bit address + * space open for things that want to use the area for 32-bit pointers. + */ +-#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) ++#define ELF_ET_DYN_BASE 0x100000000UL + + #ifndef __ASSEMBLY__ + +@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, + /* 1GB of VA */ + #ifdef CONFIG_COMPAT + #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ +- 0x7ff >> (PAGE_SHIFT - 12) : \ +- 0x3ffff >> (PAGE_SHIFT - 12)) ++ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ ++ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #else +-#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) ++#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #endif + + #ifdef __AARCH64EB__ +diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c +index 9e773732520c..91359f45b5fc 100644 +--- a/arch/arm64/kernel/process.c ++++ b/arch/arm64/kernel/process.c +@@ -419,9 +419,9 @@ unsigned long arch_align_stack(unsigned long sp) + unsigned long arch_randomize_brk(struct mm_struct *mm) + { + if (is_compat_task()) +- return randomize_page(mm->brk, SZ_32M); ++ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; + else +- return randomize_page(mm->brk, SZ_1G); ++ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; + } + + /* +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 1c63a4b5320d..54f70e88db20 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1154,8 +1154,7 @@ config VM86 + default X86_LEGACY_VM86 + + config X86_16BIT +- bool "Enable support for 16-bit segments" if EXPERT +- default y ++ bool "Enable support for 16-bit segments" + depends on MODIFY_LDT_SYSCALL + ---help--- + This option is required by programs like Wine to run 16-bit +@@ -2229,7 +2228,7 @@ config COMPAT_VDSO + choice + prompt "vsyscall table for legacy applications" + depends on X86_64 +- default LEGACY_VSYSCALL_EMULATE ++ default LEGACY_VSYSCALL_NONE + help + Legacy user code that does not know how to find the vDSO expects + to be able to issue three syscalls by calling fixed addresses in +@@ -2319,8 +2318,7 @@ config CMDLINE_OVERRIDE + be set to 'N' under normal conditions. + + config MODIFY_LDT_SYSCALL +- bool "Enable the LDT (local descriptor table)" if EXPERT +- default y ++ bool "Enable the LDT (local descriptor table)" + ---help--- + Linux can allow user programs to install a per-process x86 + Local Descriptor Table (LDT) using the modify_ldt(2) system +diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug +index 6293a8768a91..add82e0f1df3 100644 +--- a/arch/x86/Kconfig.debug ++++ b/arch/x86/Kconfig.debug +@@ -101,6 +101,7 @@ config EFI_PGT_DUMP + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select X86_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig +index e32fc1f274d8..d08acc76502a 100644 +--- a/arch/x86/configs/x86_64_defconfig ++++ b/arch/x86/configs/x86_64_defconfig @@ -1,5 +1,4 @@ # CONFIG_LOCALVERSION_AUTO is not set -CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_TASKSTATS=y -diff -Nur a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c ---- a/arch/x86/entry/vdso/vma.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/entry/vdso/vma.c 2018-05-26 19:24:34.822782611 +0100 -@@ -203,55 +203,9 @@ +diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c +index 1911310959f8..bba8dbbc07a8 100644 +--- a/arch/x86/entry/vdso/vma.c ++++ b/arch/x86/entry/vdso/vma.c +@@ -203,55 +203,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) } #ifdef CONFIG_X86_64 @@ -200,10 +339,11 @@ diff -Nur a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c } #endif -diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h ---- a/arch/x86/include/asm/elf.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/include/asm/elf.h 2018-05-26 19:24:34.822782611 +0100 -@@ -249,11 +249,11 @@ +diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h +index 3a091cea36c5..0931c05a3348 100644 +--- a/arch/x86/include/asm/elf.h ++++ b/arch/x86/include/asm/elf.h +@@ -249,11 +249,11 @@ extern int force_personality32; /* * This is the base location for PIE (ET_DYN with INTERP) loads. On @@ -217,7 +357,7 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -312,8 +312,8 @@ +@@ -312,8 +312,8 @@ extern unsigned long get_mmap_base(int is_legacy); #ifdef CONFIG_X86_32 @@ -228,7 +368,7 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h #define ARCH_DLINFO ARCH_DLINFO_IA32 -@@ -322,7 +322,11 @@ +@@ -322,7 +322,11 @@ extern unsigned long get_mmap_base(int is_legacy); #else /* CONFIG_X86_32 */ /* 1GB for 64bit, 8MB for 32bit */ @@ -241,16 +381,17 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h #define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32()) #define ARCH_DLINFO \ -@@ -380,5 +384,4 @@ +@@ -380,5 +384,4 @@ struct va_alignment { } ____cacheline_aligned; extern struct va_alignment va_align; -extern unsigned long align_vdso_addr(unsigned long); #endif /* _ASM_X86_ELF_H */ -diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h ---- a/arch/x86/include/asm/tlbflush.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/include/asm/tlbflush.h 2018-05-26 19:24:34.823782643 +0100 -@@ -253,6 +253,7 @@ +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index 875ca99b82ee..77edc169f7a2 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -258,6 +258,7 @@ static inline void cr4_set_bits(unsigned long mask) unsigned long cr4; cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -258,7 +399,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h if ((cr4 | mask) != cr4) { cr4 |= mask; this_cpu_write(cpu_tlbstate.cr4, cr4); -@@ -266,6 +267,7 @@ +@@ -271,6 +272,7 @@ static inline void cr4_clear_bits(unsigned long mask) unsigned long cr4; cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -266,7 +407,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h if ((cr4 & ~mask) != cr4) { cr4 &= ~mask; this_cpu_write(cpu_tlbstate.cr4, cr4); -@@ -278,6 +280,7 @@ +@@ -283,6 +285,7 @@ static inline void cr4_toggle_bits(unsigned long mask) unsigned long cr4; cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -274,7 +415,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h cr4 ^= mask; this_cpu_write(cpu_tlbstate.cr4, cr4); __write_cr4(cr4); -@@ -386,6 +389,7 @@ +@@ -391,6 +394,7 @@ static inline void __native_flush_tlb_global(void) raw_local_irq_save(flags); cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -282,53 +423,11 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h /* toggle PGE */ native_write_cr4(cr4 ^ X86_CR4_PGE); /* write old PGE again and flush TLBs */ -diff -Nur a/arch/x86/Kconfig b/arch/x86/Kconfig ---- a/arch/x86/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/Kconfig 2018-05-26 19:24:34.822782611 +0100 -@@ -1153,8 +1153,7 @@ - default X86_LEGACY_VM86 - - config X86_16BIT -- bool "Enable support for 16-bit segments" if EXPERT -- default y -+ bool "Enable support for 16-bit segments" - depends on MODIFY_LDT_SYSCALL - ---help--- - This option is required by programs like Wine to run 16-bit -@@ -2228,7 +2227,7 @@ - choice - prompt "vsyscall table for legacy applications" - depends on X86_64 -- default LEGACY_VSYSCALL_EMULATE -+ default LEGACY_VSYSCALL_NONE - help - Legacy user code that does not know how to find the vDSO expects - to be able to issue three syscalls by calling fixed addresses in -@@ -2318,8 +2317,7 @@ - be set to 'N' under normal conditions. - - config MODIFY_LDT_SYSCALL -- bool "Enable the LDT (local descriptor table)" if EXPERT -- default y -+ bool "Enable the LDT (local descriptor table)" - ---help--- - Linux can allow user programs to install a per-process x86 - Local Descriptor Table (LDT) using the modify_ldt(2) system -diff -Nur a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug ---- a/arch/x86/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/Kconfig.debug 2018-05-26 19:24:34.822782611 +0100 -@@ -101,6 +101,7 @@ - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select X86_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. - -diff -Nur a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c ---- a/arch/x86/kernel/cpu/common.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/kernel/cpu/common.c 2018-05-26 19:24:34.823782643 +0100 -@@ -1637,7 +1637,6 @@ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index dd02ee4fa8cd..f991b4f69f21 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1658,7 +1658,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -336,20 +435,20 @@ diff -Nur a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c x2apic_setup(); /* -diff -Nur a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c ---- a/arch/x86/kernel/process.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/kernel/process.c 2018-05-26 19:26:32.692611050 +0100 -@@ -40,6 +40,9 @@ +diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c +index 988a98f34c66..dc36d2d9078a 100644 +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -40,6 +40,8 @@ #include <asm/desc.h> #include <asm/prctl.h> #include <asm/spec-ctrl.h> +#include <asm/elf.h> +#include <linux/sizes.h> -+ /* * per-CPU TSS segments. Threads are completely 'soft' on Linux, -@@ -719,7 +722,10 @@ +@@ -719,7 +721,10 @@ unsigned long arch_align_stack(unsigned long sp) unsigned long arch_randomize_brk(struct mm_struct *mm) { @@ -361,10 +460,11 @@ diff -Nur a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c } /* -diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c ---- a/arch/x86/kernel/sys_x86_64.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/kernel/sys_x86_64.c 2018-05-26 19:24:34.823782643 +0100 -@@ -54,13 +54,6 @@ +diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c +index a63fe77b3217..e1085e76043e 100644 +--- a/arch/x86/kernel/sys_x86_64.c ++++ b/arch/x86/kernel/sys_x86_64.c +@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void) return va_align.bits & get_align_mask(); } @@ -378,7 +478,7 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c static int __init control_va_addr_alignment(char *str) { /* guard against enabling this on other CPU families */ -@@ -122,10 +115,7 @@ +@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags, } *begin = get_mmap_base(1); @@ -390,7 +490,7 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c } unsigned long -@@ -206,7 +196,7 @@ +@@ -206,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.flags = VM_UNMAPPED_AREA_TOPDOWN; info.length = len; @@ -399,10 +499,11 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c info.high_limit = get_mmap_base(0); /* -diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c ---- a/arch/x86/mm/init_32.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/mm/init_32.c 2018-05-26 19:24:34.824782676 +0100 -@@ -558,7 +558,7 @@ +diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c +index 3141e67ec24c..e93173193f60 100644 +--- a/arch/x86/mm/init_32.c ++++ b/arch/x86/mm/init_32.c +@@ -558,7 +558,7 @@ static void __init pagetable_init(void) permanent_kmaps_init(pgd_base); } @@ -411,7 +512,7 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -865,7 +865,7 @@ +@@ -865,7 +865,7 @@ int arch_remove_memory(u64 start, u64 size) #endif #endif @@ -420,7 +521,7 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c void set_kernel_text_rw(void) { -@@ -917,12 +917,11 @@ +@@ -917,12 +917,11 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -434,9 +535,10 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c #ifdef CONFIG_CPA_DEBUG printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", start, start+size); -diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c ---- a/arch/x86/mm/init_64.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/mm/init_64.c 2018-05-26 19:24:34.824782676 +0100 +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c +index 642357aff216..8bbf93ce3cd2 100644 +--- a/arch/x86/mm/init_64.c ++++ b/arch/x86/mm/init_64.c @@ -65,7 +65,7 @@ * around without checking the pgd every time. */ @@ -446,7 +548,7 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c EXPORT_SYMBOL_GPL(__supported_pte_mask); int force_personality32; -@@ -1185,7 +1185,7 @@ +@@ -1185,7 +1185,7 @@ void __init mem_init(void) mem_init_print_info(NULL); } @@ -455,7 +557,7 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c void set_kernel_text_rw(void) { -@@ -1234,9 +1234,8 @@ +@@ -1234,9 +1234,8 @@ void mark_rodata_ro(void) printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", (end - start) >> 10); @@ -466,10 +568,11 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c /* * The rodata/data/bss/brk section (but not the kernel text!) -diff -Nur a/block/blk-softirq.c b/block/blk-softirq.c ---- a/block/blk-softirq.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/block/blk-softirq.c 2018-05-26 19:24:34.824782676 +0100 -@@ -20,7 +20,7 @@ +diff --git a/block/blk-softirq.c b/block/blk-softirq.c +index 01e2b353a2b9..9aeddca4a29f 100644 +--- a/block/blk-softirq.c ++++ b/block/blk-softirq.c +@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); * Softirq action handler - move entries to local list and loop over them * while passing them to the queue registered handler. */ @@ -478,80 +581,11 @@ diff -Nur a/block/blk-softirq.c b/block/blk-softirq.c { struct list_head *cpu_list, local_list; -diff -Nur a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt ---- a/Documentation/admin-guide/kernel-parameters.txt 2018-05-25 15:18:02.000000000 +0100 -+++ b/Documentation/admin-guide/kernel-parameters.txt 2018-05-26 19:24:34.819782514 +0100 -@@ -490,16 +490,6 @@ - nosocket -- Disable socket memory accounting. - nokmem -- Disable kernel memory accounting. - -- checkreqprot [SELINUX] Set initial checkreqprot flag value. -- Format: { "0" | "1" } -- See security/selinux/Kconfig help text. -- 0 -- check protection applied by kernel (includes -- any implied execute protection). -- 1 -- check protection requested by application. -- Default value is set via a kernel config option. -- Value can be changed at runtime via -- /selinux/checkreqprot. -- - cio_ignore= [S390] - See Documentation/s390/CommonIO for details. - clk_ignore_unused -@@ -2899,6 +2889,11 @@ - the specified number of seconds. This is to be used if - your oopses keep scrolling off the screen. - -+ extra_latent_entropy -+ Enable a very simple form of latent entropy extraction -+ from the first 4GB of memory as the bootmem allocator -+ passes the memory pages to the buddy allocator. -+ - pcbit= [HW,ISDN] - - pcd. [PARIDE] -diff -Nur a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt ---- a/Documentation/sysctl/kernel.txt 2018-05-25 15:18:02.000000000 +0100 -+++ b/Documentation/sysctl/kernel.txt 2018-05-26 19:24:34.820782546 +0100 -@@ -91,6 +91,7 @@ - - sysctl_writes_strict - - tainted - - threads-max -+- tiocsti_restrict - - unknown_nmi_panic - - watchdog - - watchdog_thresh -@@ -999,6 +1000,26 @@ - - ============================================================== - -+tiocsti_restrict: -+ -+This toggle indicates whether unprivileged users are prevented -+from using the TIOCSTI ioctl to inject commands into other processes -+which share a tty session. -+ -+When tiocsti_restrict is set to (0) there are no restrictions(accept -+the default restriction of only being able to injection commands into -+one's own tty). When tiocsti_restrict is set to (1), users must -+have CAP_SYS_ADMIN to use the TIOCSTI ioctl. -+ -+When user namespaces are in use, the check for the capability -+CAP_SYS_ADMIN is done against the user namespace that originally -+opened the tty. -+ -+The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the -+default value of tiocsti_restrict. -+ -+============================================================== -+ - unknown_nmi_panic: - - The value in this file affects behavior of handling NMI. When the -diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c ---- a/drivers/ata/libata-core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/ata/libata-core.c 2018-05-26 19:24:34.825782708 +0100 -@@ -5141,7 +5141,7 @@ +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 6938bd86ff1c..89e202988379 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -5147,7 +5147,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -560,7 +594,7 @@ diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c ap = qc->ap; qc->flags = 0; -@@ -5158,7 +5158,7 @@ +@@ -5164,7 +5164,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -569,10 +603,11 @@ diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig ---- a/drivers/char/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/char/Kconfig 2018-05-26 19:24:34.826782741 +0100 -@@ -9,7 +9,6 @@ +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index c28dca0c613d..d4813f0d25ca 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig" config DEVMEM bool "/dev/mem virtual device support" @@ -580,7 +615,7 @@ diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig help Say Y here if you want to support the /dev/mem device. The /dev/mem device is used to access areas of physical -@@ -568,7 +567,6 @@ +@@ -568,7 +567,6 @@ config TELCLOCK config DEVPORT bool "/dev/port character device" depends on ISA || PCI @@ -588,10 +623,11 @@ diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig help Say Y here if you want to support the /dev/port device. The /dev/port device is similar to /dev/mem, but for I/O ports. -diff -Nur a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c ---- a/drivers/media/dvb-frontends/cx24116.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24116.c 2018-05-26 19:24:34.826782741 +0100 -@@ -1462,7 +1462,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c +index e105532bfba8..e07d52bb9b62 100644 +--- a/drivers/media/dvb-frontends/cx24116.c ++++ b/drivers/media/dvb-frontends/cx24116.c +@@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune, return cx24116_read_status(fe, status); } @@ -600,10 +636,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c ---- a/drivers/media/dvb-frontends/cx24117.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24117.c 2018-05-26 19:24:34.826782741 +0100 -@@ -1555,7 +1555,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c +index d37cb7762bd6..97e0feff0ede 100644 +--- a/drivers/media/dvb-frontends/cx24117.c ++++ b/drivers/media/dvb-frontends/cx24117.c +@@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune, return cx24117_read_status(fe, status); } @@ -612,10 +649,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c ---- a/drivers/media/dvb-frontends/cx24120.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24120.c 2018-05-26 19:24:34.827782773 +0100 -@@ -1491,7 +1491,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c +index 7f11dcc94d85..01da670760ba 100644 +--- a/drivers/media/dvb-frontends/cx24120.c ++++ b/drivers/media/dvb-frontends/cx24120.c +@@ -1491,7 +1491,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune, return cx24120_read_status(fe, status); } @@ -624,10 +662,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c ---- a/drivers/media/dvb-frontends/cx24123.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24123.c 2018-05-26 19:24:34.827782773 +0100 -@@ -1005,7 +1005,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c +index 1d59d1d3bd82..41cd0e9ea199 100644 +--- a/drivers/media/dvb-frontends/cx24123.c ++++ b/drivers/media/dvb-frontends/cx24123.c +@@ -1005,7 +1005,7 @@ static int cx24123_tune(struct dvb_frontend *fe, return retval; } @@ -636,10 +675,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c ---- a/drivers/media/dvb-frontends/cxd2820r_core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cxd2820r_core.c 2018-05-26 19:24:34.827782773 +0100 -@@ -403,7 +403,7 @@ +diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c +index f6ebbb47b9b2..3e0d8cbd76da 100644 +--- a/drivers/media/dvb-frontends/cxd2820r_core.c ++++ b/drivers/media/dvb-frontends/cxd2820r_core.c +@@ -403,7 +403,7 @@ static enum dvbfe_search cxd2820r_search(struct dvb_frontend *fe) return DVBFE_ALGO_SEARCH_ERROR; } @@ -648,10 +688,11 @@ diff -Nur a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-fron { return DVBFE_ALGO_CUSTOM; } -diff -Nur a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c ---- a/drivers/media/dvb-frontends/mb86a20s.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/mb86a20s.c 2018-05-26 19:24:34.827782773 +0100 -@@ -2055,7 +2055,7 @@ +diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c +index e8ac8c3e2ec0..e0f4ba8302d1 100644 +--- a/drivers/media/dvb-frontends/mb86a20s.c ++++ b/drivers/media/dvb-frontends/mb86a20s.c +@@ -2055,7 +2055,7 @@ static void mb86a20s_release(struct dvb_frontend *fe) kfree(state); } @@ -660,10 +701,11 @@ diff -Nur a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c ---- a/drivers/media/dvb-frontends/s921.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/s921.c 2018-05-26 19:24:34.828782806 +0100 -@@ -464,7 +464,7 @@ +diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c +index 274544a3ae0e..9ef9b9bc1bd2 100644 +--- a/drivers/media/dvb-frontends/s921.c ++++ b/drivers/media/dvb-frontends/s921.c +@@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe, return rc; } @@ -672,10 +714,11 @@ diff -Nur a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s92 { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c ---- a/drivers/media/pci/bt8xx/dst.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/pci/bt8xx/dst.c 2018-05-26 19:24:34.828782806 +0100 -@@ -1657,7 +1657,7 @@ +diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c +index 7166d2279465..fa682f9fdc4b 100644 +--- a/drivers/media/pci/bt8xx/dst.c ++++ b/drivers/media/pci/bt8xx/dst.c +@@ -1657,7 +1657,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe, return 0; } @@ -684,10 +727,11 @@ diff -Nur a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c { return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW; } -diff -Nur a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c ---- a/drivers/media/pci/pt1/va1j5jf8007s.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/pci/pt1/va1j5jf8007s.c 2018-05-26 19:24:34.828782806 +0100 -@@ -98,7 +98,7 @@ +diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c +index f75f69556be7..d913a6050e8c 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007s.c ++++ b/drivers/media/pci/pt1/va1j5jf8007s.c +@@ -98,7 +98,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr) return 0; } @@ -696,10 +740,11 @@ diff -Nur a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c ---- a/drivers/media/pci/pt1/va1j5jf8007t.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/pci/pt1/va1j5jf8007t.c 2018-05-26 19:24:34.828782806 +0100 -@@ -88,7 +88,7 @@ +diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c +index 63fda79a75c0..4115c3ccd4a8 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007t.c ++++ b/drivers/media/pci/pt1/va1j5jf8007t.c +@@ -88,7 +88,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr) return 0; } @@ -708,10 +753,11 @@ diff -Nur a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c ---- a/drivers/misc/lkdtm_core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/misc/lkdtm_core.c 2018-05-26 19:24:34.828782806 +0100 -@@ -78,7 +78,7 @@ +diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c +index 981b3ef71e47..9883da1da383 100644 +--- a/drivers/misc/lkdtm_core.c ++++ b/drivers/misc/lkdtm_core.c +@@ -78,7 +78,7 @@ static irqreturn_t jp_handle_irq_event(unsigned int irq, return 0; } @@ -720,10 +766,11 @@ diff -Nur a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c { lkdtm_handler(); jprobe_return(); -diff -Nur a/drivers/tty/Kconfig b/drivers/tty/Kconfig ---- a/drivers/tty/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/tty/Kconfig 2018-05-26 19:24:34.829782838 +0100 -@@ -122,7 +122,6 @@ +diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig +index b811442c5ce6..4f62a63cbcb1 100644 +--- a/drivers/tty/Kconfig ++++ b/drivers/tty/Kconfig +@@ -122,7 +122,6 @@ config UNIX98_PTYS config LEGACY_PTYS bool "Legacy (BSD) PTY support" @@ -731,10 +778,11 @@ diff -Nur a/drivers/tty/Kconfig b/drivers/tty/Kconfig ---help--- A pseudo terminal (PTY) is a software device consisting of two halves: a master and a slave. The slave device behaves identical to -diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c ---- a/drivers/tty/tty_io.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/tty/tty_io.c 2018-05-26 19:24:34.829782838 +0100 -@@ -171,6 +171,7 @@ +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c +index 562d31073f9a..2184b9b5485f 100644 +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty) put_device(tty->dev); kfree(tty->write_buf); tty->magic = 0xDEADDEAD; @@ -742,7 +790,7 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c kfree(tty); } -@@ -2154,11 +2155,19 @@ +@@ -2154,11 +2155,19 @@ static int tty_fasync(int fd, struct file *filp, int on) * FIXME: may race normal receive processing */ @@ -762,7 +810,7 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) return -EPERM; if (get_user(ch, p)) -@@ -2841,6 +2850,7 @@ +@@ -2841,6 +2850,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) tty->index = idx; tty_line_name(driver, idx, tty->name); tty->dev = tty_get_device(tty); @@ -770,9 +818,10 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c return tty; } -diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c ---- a/drivers/usb/core/hub.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/usb/core/hub.c 2018-05-26 19:24:34.830782871 +0100 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index a9db0887edca..95464d2471c2 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c @@ -38,6 +38,8 @@ #define USB_VENDOR_GENESYS_LOGIC 0x05e3 #define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND 0x01 @@ -782,7 +831,7 @@ diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c /* Protect struct usb_device->state and ->children members * Note: Both are also protected by ->dev.sem, except that ->state can * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ -@@ -4806,6 +4808,12 @@ +@@ -4816,6 +4818,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, goto done; return; } @@ -795,9 +844,10 @@ diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c if (hub_is_superspeed(hub->hdev)) unit_load = 150; else -diff -Nur a/fs/exec.c b/fs/exec.c ---- a/fs/exec.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/exec.c 2018-05-26 19:24:34.831782903 +0100 +diff --git a/fs/exec.c b/fs/exec.c +index 0da4d748b4e6..69fcee853363 100644 +--- a/fs/exec.c ++++ b/fs/exec.c @@ -62,6 +62,7 @@ #include <linux/oom.h> #include <linux/compat.h> @@ -806,7 +856,7 @@ diff -Nur a/fs/exec.c b/fs/exec.c #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -321,6 +322,8 @@ +@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) arch_bprm_mm_init(mm, vma); up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -815,10 +865,11 @@ diff -Nur a/fs/exec.c b/fs/exec.c return 0; err: up_write(&mm->mmap_sem); -diff -Nur a/fs/namei.c b/fs/namei.c ---- a/fs/namei.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/namei.c 2018-05-26 19:24:34.832782936 +0100 -@@ -902,8 +902,8 @@ +diff --git a/fs/namei.c b/fs/namei.c +index 0b46b858cd42..3ae8e72341da 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -902,8 +902,8 @@ static inline void put_link(struct nameidata *nd) path_put(&last->link); } @@ -829,18 +880,20 @@ diff -Nur a/fs/namei.c b/fs/namei.c /** * may_follow_link - Check symlink following for unsafe situations -diff -Nur a/fs/nfs/Kconfig b/fs/nfs/Kconfig ---- a/fs/nfs/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/nfs/Kconfig 2018-05-26 19:24:34.832782936 +0100 -@@ -195,4 +195,3 @@ +diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig +index 5f93cfacb3d1..cea0d7d3b23e 100644 +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -195,4 +195,3 @@ config NFS_DEBUG bool depends on NFS_FS && SUNRPC_DEBUG select CRC32 - default y -diff -Nur a/fs/pipe.c b/fs/pipe.c ---- a/fs/pipe.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/pipe.c 2018-05-26 19:24:34.832782936 +0100 -@@ -38,7 +38,7 @@ +diff --git a/fs/pipe.c b/fs/pipe.c +index 8ef7d7bef775..b82f305ec13d 100644 +--- a/fs/pipe.c ++++ b/fs/pipe.c +@@ -38,7 +38,7 @@ unsigned int pipe_max_size = 1048576; /* * Minimum pipe size, as required by POSIX */ @@ -849,10 +902,11 @@ diff -Nur a/fs/pipe.c b/fs/pipe.c /* Maximum allocatable pages per user. Hard limit is unset by default, soft * matches default values. -diff -Nur a/fs/proc/Kconfig b/fs/proc/Kconfig ---- a/fs/proc/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/proc/Kconfig 2018-05-26 19:24:34.832782936 +0100 -@@ -39,7 +39,6 @@ +diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig +index 1ade1206bb89..60b0f76dec47 100644 +--- a/fs/proc/Kconfig ++++ b/fs/proc/Kconfig +@@ -39,7 +39,6 @@ config PROC_KCORE config PROC_VMCORE bool "/proc/vmcore support" depends on PROC_FS && CRASH_DUMP @@ -860,10 +914,11 @@ diff -Nur a/fs/proc/Kconfig b/fs/proc/Kconfig help Exports the dump image of crashed kernel in ELF format. -diff -Nur a/fs/stat.c b/fs/stat.c ---- a/fs/stat.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/stat.c 2018-05-26 19:24:34.832782936 +0100 -@@ -40,8 +40,13 @@ +diff --git a/fs/stat.c b/fs/stat.c +index 873785dae022..d3c2ada8b9c7 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -40,8 +40,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) stat->gid = inode->i_gid; stat->rdev = inode->i_rdev; stat->size = i_size_read(inode); @@ -879,7 +934,7 @@ diff -Nur a/fs/stat.c b/fs/stat.c stat->ctime = inode->i_ctime; stat->blksize = i_blocksize(inode); stat->blocks = inode->i_blocks; -@@ -75,9 +80,14 @@ +@@ -75,9 +80,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, stat->result_mask |= STATX_BASIC_STATS; request_mask &= STATX_ALL; query_flags &= KSTAT_QUERY_FLAGS; @@ -897,9 +952,10 @@ diff -Nur a/fs/stat.c b/fs/stat.c generic_fillattr(inode, stat); return 0; -diff -Nur a/include/linux/cache.h b/include/linux/cache.h ---- a/include/linux/cache.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/cache.h 2018-05-26 19:24:34.832782936 +0100 +diff --git a/include/linux/cache.h b/include/linux/cache.h +index 750621e41d1c..e7157c18c62c 100644 +--- a/include/linux/cache.h ++++ b/include/linux/cache.h @@ -31,6 +31,8 @@ #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) #endif @@ -909,10 +965,11 @@ diff -Nur a/include/linux/cache.h b/include/linux/cache.h #ifndef ____cacheline_aligned #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif -diff -Nur a/include/linux/capability.h b/include/linux/capability.h ---- a/include/linux/capability.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/capability.h 2018-05-26 19:24:34.832782936 +0100 -@@ -207,6 +207,7 @@ +diff --git a/include/linux/capability.h b/include/linux/capability.h +index f640dcbc880c..2b4f5d651f19 100644 +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -207,6 +207,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); extern bool has_ns_capability_noaudit(struct task_struct *t, struct user_namespace *ns, int cap); extern bool capable(int cap); @@ -920,7 +977,7 @@ diff -Nur a/include/linux/capability.h b/include/linux/capability.h extern bool ns_capable(struct user_namespace *ns, int cap); extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); #else -@@ -232,6 +233,10 @@ +@@ -232,6 +233,10 @@ static inline bool capable(int cap) { return true; } @@ -931,10 +988,11 @@ diff -Nur a/include/linux/capability.h b/include/linux/capability.h static inline bool ns_capable(struct user_namespace *ns, int cap) { return true; -diff -Nur a/include/linux/fs.h b/include/linux/fs.h ---- a/include/linux/fs.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/fs.h 2018-05-26 19:24:34.833782968 +0100 -@@ -3392,4 +3392,15 @@ +diff --git a/include/linux/fs.h b/include/linux/fs.h +index cc613f20e5a6..7606596d6c2e 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -3392,4 +3392,15 @@ static inline bool dir_relax_shared(struct inode *inode) extern bool path_noexec(const struct path *path); extern void inode_nohighmem(struct inode *inode); @@ -950,10 +1008,11 @@ diff -Nur a/include/linux/fs.h b/include/linux/fs.h +} + #endif /* _LINUX_FS_H */ -diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h ---- a/include/linux/fsnotify.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/fsnotify.h 2018-05-26 19:24:34.833782968 +0100 -@@ -181,6 +181,9 @@ +diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h +index bdaf22582f6e..326ff15d4637 100644 +--- a/include/linux/fsnotify.h ++++ b/include/linux/fsnotify.h +@@ -181,6 +181,9 @@ static inline void fsnotify_access(struct file *file) struct inode *inode = path->dentry->d_inode; __u32 mask = FS_ACCESS; @@ -963,7 +1022,7 @@ diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -199,6 +202,9 @@ +@@ -199,6 +202,9 @@ static inline void fsnotify_modify(struct file *file) struct inode *inode = path->dentry->d_inode; __u32 mask = FS_MODIFY; @@ -973,10 +1032,11 @@ diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -diff -Nur a/include/linux/gfp.h b/include/linux/gfp.h ---- a/include/linux/gfp.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/gfp.h 2018-05-26 19:24:34.833782968 +0100 -@@ -518,9 +518,9 @@ +diff --git a/include/linux/gfp.h b/include/linux/gfp.h +index b041f94678de..fd8bb5a78b75 100644 +--- a/include/linux/gfp.h ++++ b/include/linux/gfp.h +@@ -518,9 +518,9 @@ extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); extern unsigned long get_zeroed_page(gfp_t gfp_mask); @@ -984,14 +1044,15 @@ diff -Nur a/include/linux/gfp.h b/include/linux/gfp.h +void *alloc_pages_exact(size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); void free_pages_exact(void *virt, size_t size); -void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); -+void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); ++void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(2))); #define __get_free_page(gfp_mask) \ __get_free_pages((gfp_mask), 0) -diff -Nur a/include/linux/highmem.h b/include/linux/highmem.h ---- a/include/linux/highmem.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/highmem.h 2018-05-26 19:24:34.834783001 +0100 -@@ -191,6 +191,13 @@ +diff --git a/include/linux/highmem.h b/include/linux/highmem.h +index 776f90f3a1cd..3f5c47000059 100644 +--- a/include/linux/highmem.h ++++ b/include/linux/highmem.h +@@ -191,6 +191,13 @@ static inline void clear_highpage(struct page *page) kunmap_atomic(kaddr); } @@ -1005,10 +1066,11 @@ diff -Nur a/include/linux/highmem.h b/include/linux/highmem.h static inline void zero_user_segments(struct page *page, unsigned start1, unsigned end1, unsigned start2, unsigned end2) -diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h ---- a/include/linux/interrupt.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/interrupt.h 2018-05-26 19:24:34.834783001 +0100 -@@ -485,7 +485,7 @@ +diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h +index 69c238210325..ee487ea4f48f 100644 +--- a/include/linux/interrupt.h ++++ b/include/linux/interrupt.h +@@ -485,7 +485,7 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; struct softirq_action { @@ -1017,7 +1079,7 @@ diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h }; asmlinkage void do_softirq(void); -@@ -500,7 +500,7 @@ +@@ -500,7 +500,7 @@ static inline void do_softirq_own_stack(void) } #endif @@ -1026,10 +1088,11 @@ diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h extern void softirq_init(void); extern void __raise_softirq_irqoff(unsigned int nr); -diff -Nur a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h ---- a/include/linux/kobject_ns.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/kobject_ns.h 2018-05-26 19:24:34.834783001 +0100 -@@ -46,7 +46,7 @@ +diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h +index df32d2508290..c992d130b94d 100644 +--- a/include/linux/kobject_ns.h ++++ b/include/linux/kobject_ns.h +@@ -46,7 +46,7 @@ struct kobj_ns_type_operations { void (*drop_ns)(void *); }; @@ -1038,10 +1101,11 @@ diff -Nur a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h int kobj_ns_type_registered(enum kobj_ns_type type); const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); -diff -Nur a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/mm.h 2018-05-26 19:24:34.834783001 +0100 -@@ -525,7 +525,7 @@ +diff --git a/include/linux/mm.h b/include/linux/mm.h +index a26cf767407e..e0a700be00e3 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -525,7 +525,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) } #endif @@ -1050,10 +1114,11 @@ diff -Nur a/include/linux/mm.h b/include/linux/mm.h static inline void *kvmalloc(size_t size, gfp_t flags) { return kvmalloc_node(size, flags, NUMA_NO_NODE); -diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h ---- a/include/linux/percpu.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/percpu.h 2018-05-26 19:24:34.835783033 +0100 -@@ -129,7 +129,7 @@ +diff --git a/include/linux/percpu.h b/include/linux/percpu.h +index 296bbe49d5d1..b26652c9a98d 100644 +--- a/include/linux/percpu.h ++++ b/include/linux/percpu.h +@@ -129,7 +129,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, pcpu_fc_populate_pte_fn_t populate_pte_fn); #endif @@ -1062,7 +1127,7 @@ diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); extern bool is_kernel_percpu_address(unsigned long addr); -@@ -137,8 +137,8 @@ +@@ -137,8 +137,8 @@ extern bool is_kernel_percpu_address(unsigned long addr); extern void __init setup_per_cpu_areas(void); #endif @@ -1073,10 +1138,11 @@ diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h extern void free_percpu(void __percpu *__pdata); extern phys_addr_t per_cpu_ptr_to_phys(void *addr); -diff -Nur a/include/linux/perf_event.h b/include/linux/perf_event.h ---- a/include/linux/perf_event.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/perf_event.h 2018-05-26 19:24:34.835783033 +0100 -@@ -1165,6 +1165,11 @@ +diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h +index 8e22f24ded6a..b7fecdfa6de5 100644 +--- a/include/linux/perf_event.h ++++ b/include/linux/perf_event.h +@@ -1165,6 +1165,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, int perf_event_max_stack_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); @@ -1088,10 +1154,11 @@ diff -Nur a/include/linux/perf_event.h b/include/linux/perf_event.h static inline bool perf_paranoid_tracepoint_raw(void) { return sysctl_perf_event_paranoid > -1; -diff -Nur a/include/linux/slab.h b/include/linux/slab.h ---- a/include/linux/slab.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/slab.h 2018-05-26 19:24:34.835783033 +0100 -@@ -146,8 +146,8 @@ +diff --git a/include/linux/slab.h b/include/linux/slab.h +index ae5ed6492d54..fd0786124504 100644 +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -146,8 +146,8 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *); /* * Common kmalloc functions provided by all allocators */ @@ -1102,7 +1169,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); -@@ -324,7 +324,7 @@ +@@ -324,7 +324,7 @@ static __always_inline int kmalloc_index(size_t size) } #endif /* !CONFIG_SLOB */ @@ -1111,7 +1178,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; void kmem_cache_free(struct kmem_cache *, void *); -@@ -348,7 +348,7 @@ +@@ -348,7 +348,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) } #ifdef CONFIG_NUMA @@ -1120,7 +1187,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; #else static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) -@@ -473,7 +473,7 @@ +@@ -473,7 +473,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ @@ -1129,7 +1196,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h { if (__builtin_constant_p(size)) { if (size > KMALLOC_MAX_CACHE_SIZE) -@@ -513,7 +513,7 @@ +@@ -513,7 +513,7 @@ static __always_inline int kmalloc_size(int n) return 0; } @@ -1138,10 +1205,11 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h { #ifndef CONFIG_SLOB if (__builtin_constant_p(size) && -diff -Nur a/include/linux/slub_def.h b/include/linux/slub_def.h ---- a/include/linux/slub_def.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/slub_def.h 2018-05-26 19:24:34.835783033 +0100 -@@ -120,6 +120,11 @@ +diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h +index 2038ab531616..a88f322c8c8b 100644 +--- a/include/linux/slub_def.h ++++ b/include/linux/slub_def.h +@@ -120,6 +120,11 @@ struct kmem_cache { unsigned long random; #endif @@ -1153,10 +1221,11 @@ diff -Nur a/include/linux/slub_def.h b/include/linux/slub_def.h #ifdef CONFIG_NUMA /* * Defragmentation by allocating from a remote node. -diff -Nur a/include/linux/string.h b/include/linux/string.h ---- a/include/linux/string.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/string.h 2018-05-26 19:24:34.835783033 +0100 -@@ -234,10 +234,16 @@ +diff --git a/include/linux/string.h b/include/linux/string.h +index 96115bf561b4..f93d908c5bbc 100644 +--- a/include/linux/string.h ++++ b/include/linux/string.h +@@ -234,10 +234,16 @@ void __read_overflow2(void) __compiletime_error("detected read beyond size of ob void __read_overflow3(void) __compiletime_error("detected read beyond size of object passed as 3rd parameter"); void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter"); @@ -1174,7 +1243,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (__builtin_constant_p(size) && p_size < size) __write_overflow(); if (p_size < size) -@@ -247,7 +253,7 @@ +@@ -247,7 +253,7 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) __FORTIFY_INLINE char *strcat(char *p, const char *q) { @@ -1183,7 +1252,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1) return __builtin_strcat(p, q); if (strlcat(p, q, p_size) >= p_size) -@@ -258,7 +264,7 @@ +@@ -258,7 +264,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q) __FORTIFY_INLINE __kernel_size_t strlen(const char *p) { __kernel_size_t ret; @@ -1192,7 +1261,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h /* Work around gcc excess stack consumption issue */ if (p_size == (size_t)-1 || -@@ -273,7 +279,7 @@ +@@ -273,7 +279,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) { @@ -1201,7 +1270,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); if (p_size <= ret && maxlen != ret) fortify_panic(__func__); -@@ -285,8 +291,8 @@ +@@ -285,8 +291,8 @@ extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) { size_t ret; @@ -1212,7 +1281,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1 && q_size == (size_t)-1) return __real_strlcpy(p, q, size); ret = strlen(q); -@@ -306,8 +312,8 @@ +@@ -306,8 +312,8 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) { size_t p_len, copy_len; @@ -1223,7 +1292,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1 && q_size == (size_t)-1) return __builtin_strncat(p, q, count); p_len = strlen(p); -@@ -420,8 +426,8 @@ +@@ -420,8 +426,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) /* defined after fortified strlen and memcpy to reuse them */ __FORTIFY_INLINE char *strcpy(char *p, const char *q) { @@ -1234,9 +1303,10 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1 && q_size == (size_t)-1) return __builtin_strcpy(p, q); memcpy(p, q, strlen(q) + 1); -diff -Nur a/include/linux/tty.h b/include/linux/tty.h ---- a/include/linux/tty.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/tty.h 2018-05-26 19:24:34.836783066 +0100 +diff --git a/include/linux/tty.h b/include/linux/tty.h +index 1dd587ba6d88..9a9a04fb641d 100644 +--- a/include/linux/tty.h ++++ b/include/linux/tty.h @@ -13,6 +13,7 @@ #include <uapi/linux/tty.h> #include <linux/rwsem.h> @@ -1245,7 +1315,7 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h /* -@@ -335,6 +336,7 @@ +@@ -335,6 +336,7 @@ struct tty_struct { /* If the tty has a pending do_SAK, queue it here - akpm */ struct work_struct SAK_work; struct tty_port *port; @@ -1253,7 +1323,7 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h } __randomize_layout; /* Each of a tty's open files has private_data pointing to tty_file_private */ -@@ -344,6 +346,8 @@ +@@ -344,6 +346,8 @@ struct tty_file_private { struct list_head list; }; @@ -1262,10 +1332,11 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h /* tty magic number */ #define TTY_MAGIC 0x5401 -diff -Nur a/include/linux/vmalloc.h b/include/linux/vmalloc.h ---- a/include/linux/vmalloc.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/vmalloc.h 2018-05-26 19:24:34.836783066 +0100 -@@ -68,19 +68,19 @@ +diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h +index 1e5d8c392f15..66d0e49c9987 100644 +--- a/include/linux/vmalloc.h ++++ b/include/linux/vmalloc.h +@@ -68,19 +68,19 @@ static inline void vmalloc_init(void) } #endif @@ -1295,10 +1366,11 @@ diff -Nur a/include/linux/vmalloc.h b/include/linux/vmalloc.h #ifndef CONFIG_MMU extern void *__vmalloc_node_flags(unsigned long size, int node, gfp_t flags); static inline void *__vmalloc_node_flags_caller(unsigned long size, int node, -diff -Nur a/init/Kconfig b/init/Kconfig ---- a/init/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/init/Kconfig 2018-05-26 19:24:34.836783066 +0100 -@@ -309,6 +309,7 @@ +diff --git a/init/Kconfig b/init/Kconfig +index 46075327c165..0c78750bc76d 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -309,6 +309,7 @@ config USELIB config AUDIT bool "Auditing support" depends on NET @@ -1306,7 +1378,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for -@@ -1052,6 +1053,12 @@ +@@ -1052,6 +1053,12 @@ config CC_OPTIMIZE_FOR_SIZE endchoice @@ -1319,7 +1391,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig config SYSCTL bool -@@ -1361,8 +1368,7 @@ +@@ -1361,8 +1368,7 @@ config SHMEM which may be appropriate on small systems without swap. config AIO @@ -1329,7 +1401,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help This option enables POSIX asynchronous I/O which may by used by some high performance threaded applications. Disabling -@@ -1491,7 +1497,7 @@ +@@ -1491,7 +1497,7 @@ config VM_EVENT_COUNTERS config SLUB_DEBUG default y @@ -1338,7 +1410,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig depends on SLUB && SYSFS help SLUB has extensive debug support features. Disabling these can -@@ -1515,7 +1521,6 @@ +@@ -1515,7 +1521,6 @@ config SLUB_MEMCG_SYSFS_ON config COMPAT_BRK bool "Disable heap randomization" @@ -1346,7 +1418,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1562,7 +1567,6 @@ +@@ -1562,7 +1567,6 @@ endchoice config SLAB_MERGE_DEFAULT bool "Allow slab caches to be merged" @@ -1354,7 +1426,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help For reduced kernel memory fragmentation, slab caches can be merged when they share the same size and other characteristics. -@@ -1575,9 +1579,9 @@ +@@ -1575,9 +1579,9 @@ config SLAB_MERGE_DEFAULT command line. config SLAB_FREELIST_RANDOM @@ -1365,7 +1437,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help Randomizes the freelist order used on creating new pages. This security feature reduces the predictability of the kernel slab -@@ -1586,12 +1590,56 @@ +@@ -1586,12 +1590,56 @@ config SLAB_FREELIST_RANDOM config SLAB_FREELIST_HARDENED bool "Harden slab freelist metadata" depends on SLUB @@ -1422,10 +1494,11 @@ diff -Nur a/init/Kconfig b/init/Kconfig config SLUB_CPU_PARTIAL default y depends on SLUB && SMP -diff -Nur a/kernel/audit.c b/kernel/audit.c ---- a/kernel/audit.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/audit.c 2018-05-26 19:24:34.837783098 +0100 -@@ -1573,6 +1573,9 @@ +diff --git a/kernel/audit.c b/kernel/audit.c +index d301276bca58..d55a1e290cea 100644 +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -1575,6 +1575,9 @@ static int __init audit_enable(char *str) audit_default = !!simple_strtol(str, NULL, 0); if (!audit_default) audit_initialized = AUDIT_DISABLED; @@ -1435,10 +1508,11 @@ diff -Nur a/kernel/audit.c b/kernel/audit.c audit_enabled = audit_default; audit_ever_enabled = !!audit_enabled; -diff -Nur a/kernel/bpf/core.c b/kernel/bpf/core.c ---- a/kernel/bpf/core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/bpf/core.c 2018-05-26 19:24:34.837783098 +0100 -@@ -539,7 +539,7 @@ +diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c +index d203a5d6b726..2a6c3e2c57a6 100644 +--- a/kernel/bpf/core.c ++++ b/kernel/bpf/core.c +@@ -539,7 +539,7 @@ void __weak bpf_jit_free(struct bpf_prog *fp) bpf_prog_unlock_free(fp); } @@ -1447,10 +1521,11 @@ diff -Nur a/kernel/bpf/core.c b/kernel/bpf/core.c static int bpf_jit_blind_insn(const struct bpf_insn *from, const struct bpf_insn *aux, -diff -Nur a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c ---- a/kernel/bpf/syscall.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/bpf/syscall.c 2018-05-26 19:24:34.837783098 +0100 -@@ -37,7 +37,7 @@ +diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c +index 4e933219fec6..0f37db32a2b1 100644 +--- a/kernel/bpf/syscall.c ++++ b/kernel/bpf/syscall.c +@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(prog_idr_lock); static DEFINE_IDR(map_idr); static DEFINE_SPINLOCK(map_idr_lock); @@ -1459,10 +1534,11 @@ diff -Nur a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c static const struct bpf_map_ops * const bpf_map_types[] = { #define BPF_PROG_TYPE(_id, _ops) -diff -Nur a/kernel/capability.c b/kernel/capability.c ---- a/kernel/capability.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/capability.c 2018-05-26 19:24:34.838783131 +0100 -@@ -431,6 +431,12 @@ +diff --git a/kernel/capability.c b/kernel/capability.c +index 1e1c0236f55b..452062fe45ce 100644 +--- a/kernel/capability.c ++++ b/kernel/capability.c +@@ -431,6 +431,12 @@ bool capable(int cap) return ns_capable(&init_user_ns, cap); } EXPORT_SYMBOL(capable); @@ -1475,10 +1551,11 @@ diff -Nur a/kernel/capability.c b/kernel/capability.c #endif /* CONFIG_MULTIUSER */ /** -diff -Nur a/kernel/events/core.c b/kernel/events/core.c ---- a/kernel/events/core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/events/core.c 2018-05-26 19:24:34.840783196 +0100 -@@ -397,8 +397,13 @@ +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 7c394ddf1ce6..9069886d38da 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -397,8 +397,13 @@ static cpumask_var_t perf_online_mask; * 0 - disallow raw tracepoint access for unpriv * 1 - disallow cpu events for unpriv * 2 - disallow kernel profiling for unpriv @@ -1492,7 +1569,7 @@ diff -Nur a/kernel/events/core.c b/kernel/events/core.c /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -9941,6 +9946,9 @@ +@@ -9977,6 +9982,9 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -1502,9 +1579,10 @@ diff -Nur a/kernel/events/core.c b/kernel/events/core.c err = perf_copy_attr(attr_uptr, &attr); if (err) return err; -diff -Nur a/kernel/fork.c b/kernel/fork.c ---- a/kernel/fork.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/fork.c 2018-05-26 19:24:34.840783196 +0100 +diff --git a/kernel/fork.c b/kernel/fork.c +index 91907a3701ce..8021b98c69e1 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c @@ -102,6 +102,11 @@ #define CREATE_TRACE_POINTS @@ -1517,7 +1595,7 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c /* * Minimum number of threads to boot the kernel -@@ -1554,6 +1559,10 @@ +@@ -1553,6 +1558,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -1528,7 +1606,7 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2347,6 +2356,12 @@ +@@ -2346,6 +2355,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -1541,10 +1619,11 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c err = check_unshare_flags(unshare_flags); if (err) goto bad_unshare_out; -diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c ---- a/kernel/power/snapshot.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/power/snapshot.c 2018-05-26 19:24:34.840783196 +0100 -@@ -1136,7 +1136,7 @@ +diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c +index 0972a8e09d08..00dde7aad47a 100644 +--- a/kernel/power/snapshot.c ++++ b/kernel/power/snapshot.c +@@ -1136,7 +1136,7 @@ void free_basic_memory_bitmaps(void) void clear_free_pages(void) { @@ -1553,7 +1632,7 @@ diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c struct memory_bitmap *bm = free_pages_map; unsigned long pfn; -@@ -1153,7 +1153,7 @@ +@@ -1153,7 +1153,7 @@ void clear_free_pages(void) } memory_bm_position_reset(bm); pr_info("PM: free pages cleared after restore\n"); @@ -1562,10 +1641,11 @@ diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c } /** -diff -Nur a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c ---- a/kernel/rcu/tiny.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/rcu/tiny.c 2018-05-26 19:24:34.841783228 +0100 -@@ -164,7 +164,7 @@ +diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c +index a64eee0db39e..4d7de378fe4c 100644 +--- a/kernel/rcu/tiny.c ++++ b/kernel/rcu/tiny.c +@@ -164,7 +164,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) } } @@ -1574,10 +1654,11 @@ diff -Nur a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c { __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); -diff -Nur a/kernel/rcu/tree.c b/kernel/rcu/tree.c ---- a/kernel/rcu/tree.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/rcu/tree.c 2018-05-26 19:24:34.841783228 +0100 -@@ -2918,7 +2918,7 @@ +diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c +index 3e3650e94ae6..7ecd7a5d04b3 100644 +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -2918,7 +2918,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* * Do RCU core processing for the current CPU. */ @@ -1586,10 +1667,11 @@ diff -Nur a/kernel/rcu/tree.c b/kernel/rcu/tree.c { struct rcu_state *rsp; -diff -Nur a/kernel/sched/fair.c b/kernel/sched/fair.c ---- a/kernel/sched/fair.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/sched/fair.c 2018-05-26 19:24:34.843783293 +0100 -@@ -8986,7 +8986,7 @@ +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 0cc7098c6dfd..3e69eaf4ddee 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -8987,7 +8987,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -1598,10 +1680,11 @@ diff -Nur a/kernel/sched/fair.c b/kernel/sched/fair.c { struct rq *this_rq = this_rq(); enum cpu_idle_type idle = this_rq->idle_balance ? -diff -Nur a/kernel/softirq.c b/kernel/softirq.c ---- a/kernel/softirq.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/softirq.c 2018-05-26 19:24:34.843783293 +0100 -@@ -53,7 +53,7 @@ +diff --git a/kernel/softirq.c b/kernel/softirq.c +index a4c87cf27f9d..efb97a8dc568 100644 +--- a/kernel/softirq.c ++++ b/kernel/softirq.c +@@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; EXPORT_SYMBOL(irq_stat); #endif @@ -1610,7 +1693,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c DEFINE_PER_CPU(struct task_struct *, ksoftirqd); -@@ -281,7 +281,7 @@ +@@ -285,7 +285,7 @@ asmlinkage __visible void __softirq_entry __do_softirq(void) kstat_incr_softirqs_this_cpu(vec_nr); trace_softirq_entry(vec_nr); @@ -1619,7 +1702,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c trace_softirq_exit(vec_nr); if (unlikely(prev_count != preempt_count())) { pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n", -@@ -444,7 +444,7 @@ +@@ -448,7 +448,7 @@ void __raise_softirq_irqoff(unsigned int nr) or_softirq_pending(1UL << nr); } @@ -1628,7 +1711,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c { softirq_vec[nr].action = action; } -@@ -486,7 +486,7 @@ +@@ -490,7 +490,7 @@ void __tasklet_hi_schedule(struct tasklet_struct *t) } EXPORT_SYMBOL(__tasklet_hi_schedule); @@ -1637,7 +1720,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c { struct tasklet_struct *list; -@@ -522,7 +522,7 @@ +@@ -526,7 +526,7 @@ static __latent_entropy void tasklet_action(struct softirq_action *a) } } @@ -1646,9 +1729,10 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c { struct tasklet_struct *list; -diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c ---- a/kernel/sysctl.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/sysctl.c 2018-05-26 19:24:34.844783326 +0100 +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 069550540a39..822783a174aa 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c @@ -66,6 +66,7 @@ #include <linux/kexec.h> #include <linux/bpf.h> @@ -1677,7 +1761,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c extern int pid_max; extern int pid_max_min, pid_max_max; extern int percpu_pagelist_fraction; -@@ -115,40 +123,43 @@ +@@ -115,40 +123,43 @@ extern int sysctl_nr_trim_pages; /* Constants used for minimum and maximum */ #ifdef CONFIG_LOCKUP_DETECTOR @@ -1736,7 +1820,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c #ifdef CONFIG_INOTIFY_USER #include <linux/inotify.h> #endif -@@ -286,19 +297,19 @@ +@@ -286,19 +297,19 @@ static struct ctl_table sysctl_base_table[] = { }; #ifdef CONFIG_SCHED_DEBUG @@ -1764,7 +1848,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c #endif static struct ctl_table kern_table[] = { -@@ -512,6 +523,15 @@ +@@ -512,6 +523,15 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif @@ -1780,10 +1864,11 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c #ifdef CONFIG_PROC_SYSCTL { .procname = "tainted", -@@ -854,6 +874,37 @@ +@@ -853,6 +873,37 @@ static struct ctl_table kern_table[] = { + .extra1 = &zero, .extra2 = &two, }, - #endif ++#endif +#if defined CONFIG_TTY + { + .procname = "tiocsti_restrict", @@ -1814,14 +1899,14 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c + .extra1 = &zero, + .extra2 = &one, + }, -+#endif + #endif { .procname = "ngroups_max", - .data = &ngroups_max, -diff -Nur a/kernel/time/timer.c b/kernel/time/timer.c ---- a/kernel/time/timer.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/time/timer.c 2018-05-26 19:24:34.844783326 +0100 -@@ -1624,7 +1624,7 @@ +diff --git a/kernel/time/timer.c b/kernel/time/timer.c +index 9fe525f410bf..6a85b0e1292e 100644 +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -1624,7 +1624,7 @@ static inline void __run_timers(struct timer_base *base) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -1830,9 +1915,10 @@ diff -Nur a/kernel/time/timer.c b/kernel/time/timer.c { struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); -diff -Nur a/kernel/user_namespace.c b/kernel/user_namespace.c ---- a/kernel/user_namespace.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/user_namespace.c 2018-05-26 19:24:34.844783326 +0100 +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index c490f1e4313b..dd03bd39d7bf 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c @@ -24,6 +24,9 @@ #include <linux/projid.h> #include <linux/fs_struct.h> @@ -1843,22 +1929,11 @@ diff -Nur a/kernel/user_namespace.c b/kernel/user_namespace.c static struct kmem_cache *user_ns_cachep __read_mostly; static DEFINE_MUTEX(userns_state_mutex); -diff -Nur a/lib/irq_poll.c b/lib/irq_poll.c ---- a/lib/irq_poll.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/irq_poll.c 2018-05-26 19:24:34.845783358 +0100 -@@ -75,7 +75,7 @@ - } - EXPORT_SYMBOL(irq_poll_complete); - --static void __latent_entropy irq_poll_softirq(struct softirq_action *h) -+static void __latent_entropy irq_poll_softirq(void) - { - struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); - int rearm = 0, budget = irq_poll_budget; -diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug ---- a/lib/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/Kconfig.debug 2018-05-26 19:24:34.845783358 +0100 -@@ -937,6 +937,7 @@ +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 62d0e25c054c..3953072277eb 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -937,6 +937,7 @@ endmenu # "Debug lockups and hangs" config PANIC_ON_OOPS bool "Panic on Oops" @@ -1866,7 +1941,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug help Say Y here to enable the kernel to panic when it oopses. This has the same effect as setting oops=panic on the kernel command -@@ -946,7 +947,7 @@ +@@ -946,7 +947,7 @@ config PANIC_ON_OOPS anything erroneous after an oops which could result in data corruption or other issues. @@ -1875,7 +1950,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug config PANIC_ON_OOPS_VALUE int -@@ -1319,6 +1320,7 @@ +@@ -1319,6 +1320,7 @@ config DEBUG_BUGVERBOSE config DEBUG_LIST bool "Debug linked list manipulation" depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION @@ -1883,7 +1958,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug help Enable this to turn on extended checks in the linked-list walking routines. -@@ -1932,6 +1934,7 @@ +@@ -1932,6 +1934,7 @@ config MEMTEST config BUG_ON_DATA_CORRUPTION bool "Trigger a BUG when data corruption is detected" select DEBUG_LIST @@ -1891,7 +1966,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug help Select this option if the kernel should BUG when it encounters data corruption in kernel memory structures when they get checked -@@ -1952,7 +1955,7 @@ +@@ -1952,7 +1955,7 @@ config STRICT_DEVMEM bool "Filter access to /dev/mem" depends on MMU && DEVMEM depends on ARCH_HAS_DEVMEM_IS_ALLOWED @@ -1900,7 +1975,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug ---help--- If this option is disabled, you allow userspace (root) access to all of memory, including kernel and userspace memory. Accidental -@@ -1971,6 +1974,7 @@ +@@ -1971,6 +1974,7 @@ config STRICT_DEVMEM config IO_STRICT_DEVMEM bool "Filter I/O access to /dev/mem" depends on STRICT_DEVMEM @@ -1908,10 +1983,24 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug ---help--- If this option is disabled, you allow userspace (root) access to all io-memory regardless of whether a driver is actively using that -diff -Nur a/lib/kobject.c b/lib/kobject.c ---- a/lib/kobject.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/kobject.c 2018-05-26 19:24:34.845783358 +0100 -@@ -956,9 +956,9 @@ +diff --git a/lib/irq_poll.c b/lib/irq_poll.c +index 86a709954f5a..6f15787fcb1b 100644 +--- a/lib/irq_poll.c ++++ b/lib/irq_poll.c +@@ -75,7 +75,7 @@ void irq_poll_complete(struct irq_poll *iop) + } + EXPORT_SYMBOL(irq_poll_complete); + +-static void __latent_entropy irq_poll_softirq(struct softirq_action *h) ++static void __latent_entropy irq_poll_softirq(void) + { + struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); + int rearm = 0, budget = irq_poll_budget; +diff --git a/lib/kobject.c b/lib/kobject.c +index 34f847252c02..4fda329de614 100644 +--- a/lib/kobject.c ++++ b/lib/kobject.c +@@ -956,9 +956,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); static DEFINE_SPINLOCK(kobj_ns_type_lock); @@ -1923,10 +2012,11 @@ diff -Nur a/lib/kobject.c b/lib/kobject.c { enum kobj_ns_type type = ops->type; int error; -diff -Nur a/lib/nlattr.c b/lib/nlattr.c ---- a/lib/nlattr.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/nlattr.c 2018-05-26 19:24:34.845783358 +0100 -@@ -341,6 +341,8 @@ +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 3d8295c85505..3fa3b3409d69 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -341,6 +341,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) { int minlen = min_t(int, count, nla_len(src)); @@ -1935,10 +2025,11 @@ diff -Nur a/lib/nlattr.c b/lib/nlattr.c memcpy(dest, nla_data(src), minlen); if (count > minlen) memset(dest + minlen, 0, count - minlen); -diff -Nur a/lib/vsprintf.c b/lib/vsprintf.c ---- a/lib/vsprintf.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/vsprintf.c 2018-05-26 19:24:34.846783391 +0100 -@@ -1591,7 +1591,7 @@ +diff --git a/lib/vsprintf.c b/lib/vsprintf.c +index 4a990f3fd345..3df8db5af0ba 100644 +--- a/lib/vsprintf.c ++++ b/lib/vsprintf.c +@@ -1588,7 +1588,7 @@ char *device_node_string(char *buf, char *end, struct device_node *dn, return widen_string(buf, buf - buf_start, end, spec); } @@ -1947,23 +2038,11 @@ diff -Nur a/lib/vsprintf.c b/lib/vsprintf.c /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -diff -Nur a/Makefile b/Makefile ---- a/Makefile 2018-05-25 15:18:02.000000000 +0100 -+++ b/Makefile 2018-05-26 19:24:34.820782546 +0100 -@@ -710,6 +710,9 @@ - KBUILD_CFLAGS += $(stackp-flag) - - ifeq ($(cc-name),clang) -+ifdef CONFIG_LOCAL_INIT -+KBUILD_CFLAGS += -fsanitize=local-init -+endif - KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) - KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable) - KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) -diff -Nur a/mm/Kconfig b/mm/Kconfig ---- a/mm/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/Kconfig 2018-05-26 19:24:34.846783391 +0100 -@@ -319,7 +319,8 @@ +diff --git a/mm/Kconfig b/mm/Kconfig +index 59efbd3337e0..c070e14ec83d 100644 +--- a/mm/Kconfig ++++ b/mm/Kconfig +@@ -319,7 +319,8 @@ config KSM config DEFAULT_MMAP_MIN_ADDR int "Low address space to protect from user allocation" depends on MMU @@ -1973,10 +2052,11 @@ diff -Nur a/mm/Kconfig b/mm/Kconfig help This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages -diff -Nur a/mm/mmap.c b/mm/mmap.c ---- a/mm/mmap.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/mmap.c 2018-05-26 19:24:34.847783423 +0100 -@@ -220,6 +220,13 @@ +diff --git a/mm/mmap.c b/mm/mmap.c +index 2398776195d2..a8ffa2223ad1 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) newbrk = PAGE_ALIGN(brk); oldbrk = PAGE_ALIGN(mm->brk); @@ -1990,9 +2070,10 @@ diff -Nur a/mm/mmap.c b/mm/mmap.c if (oldbrk == newbrk) goto set_brk; -diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c ---- a/mm/page_alloc.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/page_alloc.c 2018-05-26 19:24:34.848783456 +0100 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 59ccf455fcbd..929c2dae4954 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c @@ -67,6 +67,7 @@ #include <linux/ftrace.h> #include <linux/lockdep.h> @@ -2001,7 +2082,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c #include <asm/sections.h> #include <asm/tlbflush.h> -@@ -98,6 +99,15 @@ +@@ -98,6 +99,15 @@ int _node_numa_mem_[MAX_NUMNODES]; DEFINE_MUTEX(pcpu_drain_mutex); DEFINE_PER_CPU(struct work_struct, pcpu_drain); @@ -2017,7 +2098,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY volatile unsigned long latent_entropy __latent_entropy; EXPORT_SYMBOL(latent_entropy); -@@ -1063,6 +1073,13 @@ +@@ -1063,6 +1073,13 @@ static __always_inline bool free_pages_prepare(struct page *page, debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -2031,7 +2112,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c arch_free_page(page, order); kernel_poison_pages(page, 1 << order, 0); kernel_map_pages(page, 1 << order, 0); -@@ -1278,6 +1295,21 @@ +@@ -1278,6 +1295,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -2053,7 +2134,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -1718,8 +1750,8 @@ +@@ -1718,8 +1750,8 @@ static inline int check_new_page(struct page *page) static inline bool free_pages_prezeroed(void) { @@ -2064,7 +2145,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c } #ifdef CONFIG_DEBUG_VM -@@ -1776,6 +1808,11 @@ +@@ -1776,6 +1808,11 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags post_alloc_hook(page, order, gfp_flags); @@ -2076,44 +2157,11 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c if (!free_pages_prezeroed() && (gfp_flags & __GFP_ZERO)) for (i = 0; i < (1 << order); i++) clear_highpage(page + i); -diff -Nur a/mm/slab_common.c b/mm/slab_common.c ---- a/mm/slab_common.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/slab_common.c 2018-05-26 19:24:34.849783488 +0100 -@@ -26,10 +26,10 @@ - - #include "slab.h" - --enum slab_state slab_state; -+enum slab_state slab_state __ro_after_init; - LIST_HEAD(slab_caches); - DEFINE_MUTEX(slab_mutex); --struct kmem_cache *kmem_cache; -+struct kmem_cache *kmem_cache __ro_after_init; - - static LIST_HEAD(slab_caches_to_rcu_destroy); - static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); -@@ -49,7 +49,7 @@ - /* - * Merge control. If this is set then no merging of slab caches will occur. - */ --static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); -+static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); - - static int __init setup_slab_nomerge(char *str) - { -@@ -927,7 +927,7 @@ - * of two cache sizes there. The size of larger slabs can be determined using - * fls. - */ --static s8 size_index[24] = { -+static s8 size_index[24] __ro_after_init = { - 3, /* 8 */ - 4, /* 16 */ - 5, /* 24 */ -diff -Nur a/mm/slab.h b/mm/slab.h ---- a/mm/slab.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/slab.h 2018-05-26 19:24:34.848783456 +0100 -@@ -311,7 +311,11 @@ +diff --git a/mm/slab.h b/mm/slab.h +index 485d9fbb8802..436461588804 100644 +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -311,7 +311,11 @@ static inline bool is_root_cache(struct kmem_cache *s) static inline bool slab_equal_or_root(struct kmem_cache *s, struct kmem_cache *p) { @@ -2125,7 +2173,7 @@ diff -Nur a/mm/slab.h b/mm/slab.h } static inline const char *cache_name(struct kmem_cache *s) -@@ -363,18 +367,26 @@ +@@ -363,18 +367,26 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) * to not do even the assignment. In that case, slab_equal_or_root * will also be a constant. */ @@ -2153,7 +2201,7 @@ diff -Nur a/mm/slab.h b/mm/slab.h return s; } -@@ -399,7 +411,7 @@ +@@ -399,7 +411,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) * back there or track user information then we can * only use the space before that information. */ @@ -2162,10 +2210,46 @@ diff -Nur a/mm/slab.h b/mm/slab.h return s->inuse; /* * Else we can use all the padding etc for the allocation -diff -Nur a/mm/slub.c b/mm/slub.c ---- a/mm/slub.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/slub.c 2018-05-26 19:24:34.850783521 +0100 -@@ -125,6 +125,16 @@ +diff --git a/mm/slab_common.c b/mm/slab_common.c +index 91d271b90600..f4af25f18af2 100644 +--- a/mm/slab_common.c ++++ b/mm/slab_common.c +@@ -26,10 +26,10 @@ + + #include "slab.h" + +-enum slab_state slab_state; ++enum slab_state slab_state __ro_after_init; + LIST_HEAD(slab_caches); + DEFINE_MUTEX(slab_mutex); +-struct kmem_cache *kmem_cache; ++struct kmem_cache *kmem_cache __ro_after_init; + + static LIST_HEAD(slab_caches_to_rcu_destroy); + static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); +@@ -49,7 +49,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, + /* + * Merge control. If this is set then no merging of slab caches will occur. + */ +-static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); ++static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); + + static int __init setup_slab_nomerge(char *str) + { +@@ -931,7 +931,7 @@ EXPORT_SYMBOL(kmalloc_dma_caches); + * of two cache sizes there. The size of larger slabs can be determined using + * fls. + */ +-static s8 size_index[24] = { ++static s8 size_index[24] __ro_after_init = { + 3, /* 8 */ + 4, /* 16 */ + 5, /* 24 */ +diff --git a/mm/slub.c b/mm/slub.c +index 10e54c4acd19..23fa3d3be997 100644 +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -125,6 +125,16 @@ static inline int kmem_cache_debug(struct kmem_cache *s) #endif } @@ -2182,7 +2266,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c void *fixup_red_left(struct kmem_cache *s, void *p) { if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) -@@ -297,6 +307,35 @@ +@@ -297,6 +307,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); } @@ -2218,7 +2302,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* Loop over all objects in a slab */ #define for_each_object(__p, __s, __addr, __objects) \ for (__p = fixup_red_left(__s, __addr); \ -@@ -484,13 +523,13 @@ +@@ -484,13 +523,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) * Debug settings: */ #if defined(CONFIG_SLUB_DEBUG_ON) @@ -2236,7 +2320,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* * slub is about to manipulate internal object metadata. This memory lies -@@ -550,6 +589,9 @@ +@@ -550,6 +589,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, else p = object + s->inuse; @@ -2246,7 +2330,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c return p + alloc; } -@@ -688,6 +730,9 @@ +@@ -688,6 +730,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) else off = s->inuse; @@ -2256,7 +2340,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c if (s->flags & SLAB_STORE_USER) off += 2 * sizeof(struct track); -@@ -817,6 +862,9 @@ +@@ -817,6 +862,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) /* Freepointer is placed after the object. */ off += sizeof(void *); @@ -2266,7 +2350,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c if (s->flags & SLAB_STORE_USER) /* We also have user information there */ off += 2 * sizeof(struct track); -@@ -1416,8 +1464,9 @@ +@@ -1416,8 +1464,9 @@ static void setup_object(struct kmem_cache *s, struct page *page, void *object) { setup_object_debug(s, page, object); @@ -2277,7 +2361,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c kasan_unpoison_object_data(s, object); s->ctor(object); kasan_poison_object_data(s, object); -@@ -2717,9 +2766,21 @@ +@@ -2717,9 +2766,21 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, stat(s, ALLOC_FASTPATH); } @@ -2300,7 +2384,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c slab_post_alloc_hook(s, gfpflags, 1, &object); return object; -@@ -2926,6 +2987,27 @@ +@@ -2926,6 +2987,27 @@ static __always_inline void do_slab_free(struct kmem_cache *s, void *tail_obj = tail ? : head; struct kmem_cache_cpu *c; unsigned long tid; @@ -2328,7 +2412,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c redo: /* * Determine the currently cpus per cpu slab. -@@ -3104,7 +3186,7 @@ +@@ -3104,7 +3186,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, void **p) { struct kmem_cache_cpu *c; @@ -2337,7 +2421,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* memcg and kmem_cache debug support */ s = slab_pre_alloc_hook(s, flags); -@@ -3141,13 +3223,29 @@ +@@ -3141,13 +3223,29 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, local_irq_enable(); /* Clear memory outside IRQ disabled fastpath loop */ @@ -2368,7 +2452,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* memcg and kmem_cache debug support */ slab_post_alloc_hook(s, flags, size, p); return i; -@@ -3179,9 +3277,9 @@ +@@ -3179,9 +3277,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); * and increases the number of allocations possible without having to * take the list_lock. */ @@ -2381,7 +2465,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* * Calculate the order of allocation given an slab object size. -@@ -3351,6 +3449,7 @@ +@@ -3351,6 +3449,7 @@ static void early_kmem_cache_node_alloc(int node) init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); init_tracking(kmem_cache_node, n); #endif @@ -2389,7 +2473,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), GFP_KERNEL); init_kmem_cache_node(n); -@@ -3507,6 +3606,9 @@ +@@ -3507,6 +3606,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) size += sizeof(void *); } @@ -2399,7 +2483,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c #ifdef CONFIG_SLUB_DEBUG if (flags & SLAB_STORE_USER) /* -@@ -3577,6 +3679,10 @@ +@@ -3577,6 +3679,10 @@ static int kmem_cache_open(struct kmem_cache *s, unsigned long flags) #ifdef CONFIG_SLAB_FREELIST_HARDENED s->random = get_random_long(); #endif @@ -2410,7 +2494,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c if (need_reserve_slab_rcu && (s->flags & SLAB_TYPESAFE_BY_RCU)) s->reserved = sizeof(struct rcu_head); -@@ -3841,6 +3947,8 @@ +@@ -3841,6 +3947,8 @@ const char *__check_heap_object(const void *ptr, unsigned long n, offset -= s->red_left_pad; } @@ -2419,7 +2503,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* Allow address range falling entirely within object size. */ if (offset <= object_size && n <= object_size - offset) return NULL; -@@ -3859,7 +3967,11 @@ +@@ -3859,7 +3967,11 @@ static size_t __ksize(const void *object) page = virt_to_head_page(object); if (unlikely(!PageSlab(page))) { @@ -2431,7 +2515,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c return PAGE_SIZE << compound_order(page); } -@@ -4724,7 +4836,7 @@ +@@ -4724,7 +4836,7 @@ enum slab_stat_type { #define SO_TOTAL (1 << SL_TOTAL) #ifdef CONFIG_MEMCG @@ -2440,10 +2524,11 @@ diff -Nur a/mm/slub.c b/mm/slub.c static int __init setup_slub_memcg_sysfs(char *str) { -diff -Nur a/mm/swap.c b/mm/swap.c ---- a/mm/swap.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/swap.c 2018-05-26 19:24:34.850783521 +0100 -@@ -92,6 +92,13 @@ +diff --git a/mm/swap.c b/mm/swap.c +index a77d68f2c1b6..d1f1d75f4d1f 100644 +--- a/mm/swap.c ++++ b/mm/swap.c +@@ -92,6 +92,13 @@ static void __put_compound_page(struct page *page) if (!PageHuge(page)) __page_cache_release(page); dtor = get_compound_page_dtor(page); @@ -2457,10 +2542,11 @@ diff -Nur a/mm/swap.c b/mm/swap.c (*dtor)(page); } -diff -Nur a/net/core/dev.c b/net/core/dev.c ---- a/net/core/dev.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/net/core/dev.c 2018-05-26 19:24:34.852783586 +0100 -@@ -4095,7 +4095,7 @@ +diff --git a/net/core/dev.c b/net/core/dev.c +index 6ca771f2f25b..6da2c9c3e6a5 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -4095,7 +4095,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -2469,7 +2555,7 @@ diff -Nur a/net/core/dev.c b/net/core/dev.c { struct softnet_data *sd = this_cpu_ptr(&softnet_data); -@@ -5609,7 +5609,7 @@ +@@ -5609,7 +5609,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) return work; } @@ -2478,10 +2564,11 @@ diff -Nur a/net/core/dev.c b/net/core/dev.c { struct softnet_data *sd = this_cpu_ptr(&softnet_data); unsigned long time_limit = jiffies + -diff -Nur a/net/ipv4/Kconfig b/net/ipv4/Kconfig ---- a/net/ipv4/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/net/ipv4/Kconfig 2018-05-26 19:24:34.852783586 +0100 -@@ -261,6 +261,7 @@ +diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig +index f48fe6fc7e8c..d78c52835c08 100644 +--- a/net/ipv4/Kconfig ++++ b/net/ipv4/Kconfig +@@ -261,6 +261,7 @@ config IP_PIMSM_V2 config SYN_COOKIES bool "IP: TCP syncookie support" @@ -2489,10 +2576,11 @@ diff -Nur a/net/ipv4/Kconfig b/net/ipv4/Kconfig ---help--- Normal TCP/IP networking is open to an attack known as "SYN flooding". This denial-of-service attack prevents legitimate remote -diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c ---- a/scripts/mod/modpost.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/scripts/mod/modpost.c 2018-05-26 19:24:34.852783586 +0100 -@@ -37,6 +37,7 @@ +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c +index 54deaa1066cf..211f97bd5ee3 100644 +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; static int warn_unresolved = 0; /* How a symbol is exported */ static int sec_mismatch_count = 0; @@ -2500,7 +2588,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c static int sec_mismatch_verbose = 1; static int sec_mismatch_fatal = 0; /* ignore missing files */ -@@ -965,6 +966,7 @@ +@@ -965,6 +966,7 @@ enum mismatch { ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, EXTABLE_TO_NON_TEXT, @@ -2508,7 +2596,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c }; /** -@@ -1091,6 +1093,12 @@ +@@ -1091,6 +1093,12 @@ static const struct sectioncheck sectioncheck[] = { .good_tosec = {ALL_TEXT_SECTIONS , NULL}, .mismatch = EXTABLE_TO_NON_TEXT, .handler = extable_mismatch_handler, @@ -2521,7 +2609,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c } }; -@@ -1240,10 +1248,10 @@ +@@ -1240,10 +1248,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -2534,7 +2622,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1402,7 +1410,11 @@ +@@ -1402,7 +1410,11 @@ static void report_sec_mismatch(const char *modname, char *prl_from; char *prl_to; @@ -2547,7 +2635,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c if (!sec_mismatch_verbose) return; -@@ -1526,6 +1538,14 @@ +@@ -1526,6 +1538,14 @@ static void report_sec_mismatch(const char *modname, fatal("There's a special handler for this mismatch type, " "we should never get here."); break; @@ -2562,7 +2650,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c } fprintf(stderr, "\n"); } -@@ -2539,6 +2559,14 @@ +@@ -2539,6 +2559,14 @@ int main(int argc, char **argv) } } free(buf.p); @@ -2577,10 +2665,11 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c return err; } -diff -Nur a/security/Kconfig b/security/Kconfig ---- a/security/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/Kconfig 2018-05-26 19:24:34.853783618 +0100 -@@ -8,7 +8,7 @@ +diff --git a/security/Kconfig b/security/Kconfig +index 87f2a6f842fd..7bdbb7edf5bf 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -8,7 +8,7 @@ source security/keys/Kconfig config SECURITY_DMESG_RESTRICT bool "Restrict unprivileged access to the kernel syslog" @@ -2589,7 +2678,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This enforces restrictions on unprivileged users reading the kernel syslog via dmesg(8). -@@ -18,10 +18,34 @@ +@@ -18,10 +18,34 @@ config SECURITY_DMESG_RESTRICT If you are unsure how to answer this question, answer N. @@ -2624,7 +2713,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This allows you to choose different security modules to be configured into your kernel. -@@ -48,6 +72,7 @@ +@@ -48,6 +72,7 @@ config SECURITYFS config SECURITY_NETWORK bool "Socket and Networking Security Hooks" depends on SECURITY @@ -2632,7 +2721,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This enables the socket and networking security hooks. If enabled, a security module can use these hooks to -@@ -155,6 +180,7 @@ +@@ -155,6 +180,7 @@ config HARDENED_USERCOPY depends on HAVE_HARDENED_USERCOPY_ALLOCATOR select BUG imply STRICT_DEVMEM @@ -2640,7 +2729,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This option checks for obviously wrong memory regions when copying memory to/from the kernel (via copy_to_user() and -@@ -178,10 +204,36 @@ +@@ -178,10 +204,36 @@ config HARDENED_USERCOPY_PAGESPAN config FORTIFY_SOURCE bool "Harden common str/mem functions against buffer overflows" depends on ARCH_HAS_FORTIFY_SOURCE @@ -2677,21 +2766,11 @@ diff -Nur a/security/Kconfig b/security/Kconfig config STATIC_USERMODEHELPER bool "Force all usermode helper calls through a single binary" help -diff -Nur a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h ---- a/security/selinux/include/objsec.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/selinux/include/objsec.h 2018-05-26 19:24:34.853783618 +0100 -@@ -150,6 +150,6 @@ - u32 sid; /* SID of pkey */ - }; - --extern unsigned int selinux_checkreqprot; -+extern const unsigned int selinux_checkreqprot; - - #endif /* _SELINUX_OBJSEC_H_ */ -diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig ---- a/security/selinux/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/selinux/Kconfig 2018-05-26 19:24:34.853783618 +0100 -@@ -2,7 +2,7 @@ +diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig +index 8af7a690eb40..6539694b0fd3 100644 +--- a/security/selinux/Kconfig ++++ b/security/selinux/Kconfig +@@ -2,7 +2,7 @@ config SECURITY_SELINUX bool "NSA SELinux Support" depends on SECURITY_NETWORK && AUDIT && NET && INET select NETWORK_SECMARK @@ -2700,7 +2779,7 @@ diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig help This selects NSA Security-Enhanced Linux (SELinux). You will also need a policy configuration and a labeled filesystem. -@@ -79,23 +79,3 @@ +@@ -79,23 +79,3 @@ config SECURITY_SELINUX_AVC_STATS This option collects access vector cache statistics to /selinux/avc/cache_stats, which may be monitored via tools such as avcstat. @@ -2724,9 +2803,22 @@ diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig - via /selinux/checkreqprot if authorized by policy. - - If you are unsure how to answer this question, answer 0. -diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c ---- a/security/selinux/selinuxfs.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/selinux/selinuxfs.c 2018-05-26 19:24:34.853783618 +0100 +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h +index 1649cd18eb0b..067f35559aa7 100644 +--- a/security/selinux/include/objsec.h ++++ b/security/selinux/include/objsec.h +@@ -150,6 +150,6 @@ struct pkey_security_struct { + u32 sid; /* SID of pkey */ + }; + +-extern unsigned int selinux_checkreqprot; ++extern const unsigned int selinux_checkreqprot; + + #endif /* _SELINUX_OBJSEC_H_ */ +diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c +index 00eed842c491..8f7b8d7e6f91 100644 +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c @@ -41,16 +41,7 @@ #include "objsec.h" #include "conditional.h" @@ -2745,7 +2837,7 @@ diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c static DEFINE_MUTEX(sel_mutex); -@@ -610,10 +601,9 @@ +@@ -610,10 +601,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, return PTR_ERR(page); length = -EINVAL; @@ -2757,9 +2849,10 @@ diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c length = count; out: kfree(page); -diff -Nur a/security/yama/Kconfig b/security/yama/Kconfig ---- a/security/yama/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/yama/Kconfig 2018-05-26 19:24:34.853783618 +0100 +diff --git a/security/yama/Kconfig b/security/yama/Kconfig +index 96b27405558a..485c1b85c325 100644 +--- a/security/yama/Kconfig ++++ b/security/yama/Kconfig @@ -1,7 +1,7 @@ config SECURITY_YAMA bool "Yama support" diff --git a/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config b/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config index b19d02da..89478fba 100644 --- a/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config +++ b/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.44-redcore-lts Kernel Configuration +# Linux/x86 4.14.65-redcore-lts Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -206,12 +206,10 @@ CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_LOCAL_INIT is not set CONFIG_SYSCTL=y CONFIG_ANON_INODES=y -CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_HAVE_PCSPKR_PLATFORM=y CONFIG_BPF=y # CONFIG_EXPERT is not set -CONFIG_UID16=y CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y @@ -234,7 +232,6 @@ CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_BPF_SYSCALL=y -CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_ADVISE_SYSCALLS=y @@ -263,10 +260,9 @@ CONFIG_SLAB_HARDENED=y CONFIG_SLAB_SANITIZE=y CONFIG_SLAB_SANITIZE_VERIFY=y CONFIG_SLUB_CPU_PARTIAL=y -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=y # CONFIG_PROFILING is not set -CONFIG_CRASH_CORE=y -CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y CONFIG_HAVE_OPROFILE=y CONFIG_OPROFILE_NMI_TIMER=y # CONFIG_KPROBES is not set @@ -305,8 +301,6 @@ CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y -CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y -CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y @@ -332,15 +326,10 @@ CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_HAVE_ARCH_MMAP_RND_BITS=y CONFIG_HAVE_EXIT_THREAD=y CONFIG_ARCH_MMAP_RND_BITS=32 -CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y -CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16 -CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y CONFIG_HAVE_COPY_THREAD_TLS=y CONFIG_HAVE_STACK_VALIDATION=y # CONFIG_HAVE_ARCH_HASH is not set # CONFIG_ISA_BUS_API is not set -CONFIG_OLD_SIGSUSPEND3=y -CONFIG_COMPAT_OLD_SIGACTION=y # CONFIG_CPU_NO_EFFICIENT_FFS is not set CONFIG_HAVE_ARCH_VMAP_STACK=y CONFIG_VMAP_STACK=y @@ -351,7 +340,7 @@ CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y CONFIG_ARCH_HAS_REFCOUNT=y -# CONFIG_REFCOUNT_FULL is not set +CONFIG_REFCOUNT_FULL=y # # GCOV-based kernel profiling @@ -368,7 +357,15 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS=y CONFIG_MODULE_COMPRESS_GZIP=y # CONFIG_MODULE_COMPRESS_XZ is not set @@ -413,7 +410,6 @@ CONFIG_LDM_DEBUG=y CONFIG_EFI_PARTITION=y # CONFIG_SYSV68_PARTITION is not set CONFIG_CMDLINE_PARTITION=y -CONFIG_BLOCK_COMPAT=y CONFIG_BLK_MQ_PCI=y CONFIG_BLK_MQ_VIRTIO=y CONFIG_BLK_MQ_RDMA=y @@ -435,7 +431,7 @@ CONFIG_IOSCHED_BFQ=y CONFIG_BFQ_GROUP_IOSCHED=y CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y -CONFIG_ASN1=m +CONFIG_ASN1=y CONFIG_UNINLINE_SPIN_UNLOCK=y CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y @@ -527,8 +523,6 @@ CONFIG_PERF_EVENTS_INTEL_RAPL=y CONFIG_PERF_EVENTS_INTEL_CSTATE=y CONFIG_PERF_EVENTS_AMD_POWER=m # CONFIG_VM86 is not set -CONFIG_X86_16BIT=y -CONFIG_X86_ESPFIX64=y CONFIG_X86_VSYSCALL_EMULATION=y CONFIG_I8K=m CONFIG_MICROCODE=y @@ -649,9 +643,8 @@ CONFIG_SECCOMP=y CONFIG_HZ_1000=y CONFIG_HZ=1000 CONFIG_SCHED_HRTICK=y -CONFIG_KEXEC=y +# CONFIG_KEXEC is not set # CONFIG_CRASH_DUMP is not set -CONFIG_KEXEC_JUMP=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_RANDOMIZE_BASE=y @@ -662,12 +655,11 @@ CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa CONFIG_HOTPLUG_CPU=y CONFIG_BOOTPARAM_HOTPLUG_CPU0=y # CONFIG_DEBUG_HOTPLUG_CPU0 is not set -# CONFIG_COMPAT_VDSO is not set # CONFIG_LEGACY_VSYSCALL_NATIVE is not set -CONFIG_LEGACY_VSYSCALL_EMULATE=y -# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_LEGACY_VSYSCALL_EMULATE is not set +CONFIG_LEGACY_VSYSCALL_NONE=y # CONFIG_CMDLINE_BOOL is not set -CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_MODIFY_LDT_SYSCALL is not set CONFIG_HAVE_LIVEPATCH=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y @@ -904,23 +896,16 @@ CONFIG_X86_SYSFB=y # Executable file formats / Emulations # CONFIG_BINFMT_ELF=y -CONFIG_COMPAT_BINFMT_ELF=y CONFIG_ELFCORE=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_SCRIPT=y # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_COREDUMP=y -CONFIG_IA32_EMULATION=y -CONFIG_IA32_AOUT=y +# CONFIG_IA32_EMULATION is not set # CONFIG_X86_X32 is not set -CONFIG_COMPAT_32=y -CONFIG_COMPAT=y -CONFIG_COMPAT_FOR_U64_ALIGNMENT=y -CONFIG_SYSVIPC_COMPAT=y CONFIG_X86_DEV_DMA_OPS=y CONFIG_NET=y -CONFIG_COMPAT_NETLINK_MESSAGES=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y @@ -979,11 +964,7 @@ CONFIG_INET_TUNNEL=m CONFIG_INET_XFRM_MODE_TRANSPORT=m CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_XFRM_MODE_BEET=m -CONFIG_INET_DIAG=m -CONFIG_INET_TCP_DIAG=m -CONFIG_INET_UDP_DIAG=m -CONFIG_INET_RAW_DIAG=m -CONFIG_INET_DIAG_DESTROY=y +# CONFIG_INET_DIAG is not set CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=m @@ -1325,6 +1306,9 @@ CONFIG_NF_CONNTRACK_IPV6=m CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TABLES_IPV6=m CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m CONFIG_NFT_REJECT_IPV6=m CONFIG_NFT_DUP_IPV6=m CONFIG_NFT_FIB_IPV6=m @@ -1332,10 +1316,7 @@ CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m CONFIG_NF_NAT_IPV6=m -CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_NF_NAT_MASQUERADE_IPV6=m -CONFIG_NFT_MASQ_IPV6=m -CONFIG_NFT_REDIR_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1385,21 +1366,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=m CONFIG_BRIDGE_EBT_SNAT=m CONFIG_BRIDGE_EBT_LOG=m CONFIG_BRIDGE_EBT_NFLOG=m -CONFIG_IP_DCCP=m -CONFIG_INET_DCCP_DIAG=m - -# -# DCCP CCIDs Configuration -# -# CONFIG_IP_DCCP_CCID2_DEBUG is not set -CONFIG_IP_DCCP_CCID3=y -# CONFIG_IP_DCCP_CCID3_DEBUG is not set -CONFIG_IP_DCCP_TFRC_LIB=y - -# -# DCCP Kernel Hacking -# -# CONFIG_IP_DCCP_DEBUG is not set +# CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y @@ -1407,7 +1374,6 @@ CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y # CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set CONFIG_SCTP_COOKIE_HMAC_MD5=y CONFIG_SCTP_COOKIE_HMAC_SHA1=y -CONFIG_INET_SCTP_DIAG=m CONFIG_RDS=m CONFIG_RDS_RDMA=m CONFIG_RDS_TCP=m @@ -1597,8 +1563,8 @@ CONFIG_CGROUP_NET_PRIO=y CONFIG_CGROUP_NET_CLASSID=y CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y -CONFIG_BPF_JIT=y -CONFIG_BPF_STREAM_PARSER=y +# CONFIG_BPF_JIT is not set +# CONFIG_BPF_STREAM_PARSER is not set CONFIG_NET_FLOW_LIMIT=y # @@ -1737,7 +1703,7 @@ CONFIG_AF_RXRPC_IPV6=y # CONFIG_AF_RXRPC_DEBUG is not set # CONFIG_RXKAD is not set CONFIG_AF_KCM=m -CONFIG_STREAM_PARSER=y +CONFIG_STREAM_PARSER=m CONFIG_FIB_RULES=y CONFIG_WIRELESS=y CONFIG_WIRELESS_EXT=y @@ -3779,8 +3745,7 @@ CONFIG_VT_CONSOLE_SLEEP=y CONFIG_HW_CONSOLE=y CONFIG_VT_HW_CONSOLE_BINDING=y CONFIG_UNIX98_PTYS=y -CONFIG_LEGACY_PTYS=y -CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_LEGACY_PTYS is not set CONFIG_SERIAL_NONSTANDARD=y CONFIG_ROCKETPORT=m CONFIG_CYCLADES=m @@ -6880,7 +6845,6 @@ CONFIG_SYNC_FILE=y # CONFIG_SW_SYNC is not set CONFIG_DCA=m CONFIG_AUXDISPLAY=y -CONFIG_CHARLCD=m CONFIG_HD44780=m CONFIG_KS0108=m CONFIG_KS0108_PORT=0x378 @@ -6892,6 +6856,7 @@ CONFIG_PANEL=m CONFIG_PANEL_PARPORT=0 CONFIG_PANEL_PROFILE=5 # CONFIG_PANEL_CHANGE_MESSAGE is not set +CONFIG_CHARLCD=m CONFIG_UIO=m CONFIG_UIO_CIF=m CONFIG_UIO_PDRV_GENIRQ=m @@ -8097,7 +8062,6 @@ CONFIG_EFI_VARS=m CONFIG_EFI_ESRT=y CONFIG_EFI_VARS_PSTORE=m CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y -CONFIG_EFI_RUNTIME_MAP=y # CONFIG_EFI_FAKE_MEMMAP is not set CONFIG_EFI_RUNTIME_WRAPPERS=y CONFIG_EFI_BOOTLOADER_CONTROL=m @@ -8177,7 +8141,6 @@ CONFIG_QUOTA_TREE=m CONFIG_QFMT_V1=m CONFIG_QFMT_V2=m CONFIG_QUOTACTL=y -CONFIG_QUOTACTL_COMPAT=y CONFIG_AUTOFS4_FS=m CONFIG_FUSE_FS=m CONFIG_CUSE=m @@ -8484,10 +8447,12 @@ CONFIG_DEBUG_KERNEL=y # # CONFIG_PAGE_EXTENSION is not set # CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_PAGE_POISONING is not set +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POISONING_NO_SANITY=y +CONFIG_PAGE_POISONING_ZERO=y # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_DEBUG_ON is not set +CONFIG_SLUB_DEBUG_ON=y # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set @@ -8519,7 +8484,7 @@ CONFIG_PANIC_TIMEOUT=0 CONFIG_SCHED_DEBUG=y CONFIG_SCHED_INFO=y CONFIG_SCHEDSTATS=y -# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_SCHED_STACK_END_CHECK=y # CONFIG_DEBUG_TIMEKEEPING is not set # CONFIG_DEBUG_PREEMPT is not set @@ -8541,11 +8506,11 @@ CONFIG_SCHEDSTATS=y # CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set # CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y -# CONFIG_DEBUG_LIST is not set -# CONFIG_DEBUG_PI_LIST is not set -# CONFIG_DEBUG_SG is not set -# CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_DEBUG_CREDENTIALS is not set +CONFIG_DEBUG_LIST=y +CONFIG_DEBUG_PI_LIST=y +CONFIG_DEBUG_SG=y +CONFIG_DEBUG_NOTIFIERS=y +CONFIG_DEBUG_CREDENTIALS=y # # RCU Debugging @@ -8573,32 +8538,14 @@ CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_HAVE_FENTRY=y CONFIG_HAVE_C_RECORDMCOUNT=y CONFIG_TRACING_SUPPORT=y -CONFIG_FTRACE=y -# CONFIG_FUNCTION_TRACER is not set -# CONFIG_IRQSOFF_TRACER is not set -# CONFIG_PREEMPT_TRACER is not set -# CONFIG_SCHED_TRACER is not set -# CONFIG_HWLAT_TRACER is not set -# CONFIG_ENABLE_DEFAULT_TRACERS is not set -# CONFIG_FTRACE_SYSCALLS is not set -# CONFIG_TRACER_SNAPSHOT is not set -CONFIG_BRANCH_PROFILE_NONE=y -# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set -# CONFIG_STACK_TRACER is not set -# CONFIG_BLK_DEV_IO_TRACE is not set -# CONFIG_UPROBE_EVENTS is not set -# CONFIG_PROBE_EVENTS is not set -# CONFIG_MMIOTRACE is not set -# CONFIG_HIST_TRIGGERS is not set -# CONFIG_TRACEPOINT_BENCHMARK is not set -CONFIG_TRACING_EVENTS_GPIO=y +# CONFIG_FTRACE is not set # CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set # CONFIG_DMA_API_DEBUG is not set # # Runtime Testing # -# CONFIG_LKDTM is not set +CONFIG_LKDTM=m # CONFIG_TEST_LIST_SORT is not set # CONFIG_TEST_SORT is not set # CONFIG_BACKTRACE_SELF_TEST is not set @@ -8625,7 +8572,7 @@ CONFIG_TEST_SYSCTL=m CONFIG_TEST_STATIC_KEYS=m CONFIG_TEST_KMOD=m CONFIG_MEMTEST=y -# CONFIG_BUG_ON_DATA_CORRUPTION is not set +CONFIG_BUG_ON_DATA_CORRUPTION=y # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y # CONFIG_KGDB is not set @@ -8634,17 +8581,17 @@ CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y CONFIG_STRICT_DEVMEM=y -# CONFIG_IO_STRICT_DEVMEM is not set +CONFIG_IO_STRICT_DEVMEM=y CONFIG_EARLY_PRINTK_USB=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set # CONFIG_EARLY_PRINTK_EFI is not set CONFIG_EARLY_PRINTK_USB_XDBC=y -# CONFIG_X86_PTDUMP_CORE is not set +CONFIG_X86_PTDUMP_CORE=y # CONFIG_X86_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_WX is not set +CONFIG_DEBUG_WX=y CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_DEBUG is not set @@ -8673,7 +8620,6 @@ CONFIG_UNWINDER_ORC=y # Security options # CONFIG_KEYS=y -CONFIG_KEYS_COMPAT=y CONFIG_PERSISTENT_KEYRINGS=y # CONFIG_BIG_KEYS is not set CONFIG_TRUSTED_KEYS=m @@ -8691,7 +8637,8 @@ CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y CONFIG_PAGE_SANITIZE=y CONFIG_PAGE_SANITIZE_VERIFY=y -# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_STATIC_USERMODEHELPER=y +CONFIG_STATIC_USERMODEHELPER_PATH="" CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m @@ -8717,11 +8664,11 @@ CONFIG_CRYPTO_RNG=m CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=m CONFIG_CRYPTO_AKCIPHER2=y -CONFIG_CRYPTO_AKCIPHER=m +CONFIG_CRYPTO_AKCIPHER=y CONFIG_CRYPTO_KPP2=y CONFIG_CRYPTO_KPP=m CONFIG_CRYPTO_ACOMP2=y -CONFIG_CRYPTO_RSA=m +CONFIG_CRYPTO_RSA=y CONFIG_CRYPTO_DH=m CONFIG_CRYPTO_ECDH=m CONFIG_CRYPTO_MANAGER=y @@ -8798,7 +8745,7 @@ CONFIG_CRYPTO_SHA1_MB=m CONFIG_CRYPTO_SHA256_MB=m CONFIG_CRYPTO_SHA512_MB=m CONFIG_CRYPTO_SHA256=m -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m @@ -8830,7 +8777,6 @@ CONFIG_CRYPTO_DES3_EDE_X86_64=m CONFIG_CRYPTO_FCRYPT=m CONFIG_CRYPTO_KHAZAD=m CONFIG_CRYPTO_SALSA20=m -CONFIG_CRYPTO_SALSA20_X86_64=m CONFIG_CRYPTO_CHACHA20=m CONFIG_CRYPTO_CHACHA20_X86_64=m CONFIG_CRYPTO_SEED=m @@ -8891,13 +8837,16 @@ CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m CONFIG_CRYPTO_DEV_CHELSIO=m CONFIG_CRYPTO_DEV_VIRTIO=m CONFIG_ASYMMETRIC_KEY_TYPE=y -CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m -CONFIG_X509_CERTIFICATE_PARSER=m -CONFIG_PKCS7_MESSAGE_PARSER=m +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set @@ -8915,7 +8864,6 @@ CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y CONFIG_KVM_VFIO=y CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y -CONFIG_KVM_COMPAT=y CONFIG_HAVE_KVM_IRQ_BYPASS=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m @@ -9019,8 +8967,8 @@ CONFIG_CLZ_TAB=y CONFIG_CORDIC=m CONFIG_DDR=y CONFIG_IRQ_POLL=y -CONFIG_MPILIB=m -CONFIG_OID_REGISTRY=m +CONFIG_MPILIB=y +CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y CONFIG_FONT_SUPPORT=y CONFIG_FONTS=y diff --git a/sys-kernel/linux-image-redcore-lts/linux-image-redcore-lts-4.14.50.ebuild b/sys-kernel/linux-image-redcore-lts/linux-image-redcore-lts-4.14.65.ebuild index 52067050..8577515c 100644 --- a/sys-kernel/linux-image-redcore-lts/linux-image-redcore-lts-4.14.50.ebuild +++ b/sys-kernel/linux-image-redcore-lts/linux-image-redcore-lts-4.14.65.ebuild @@ -31,14 +31,14 @@ DEPEND=" >=sys-kernel/linux-firmware-20180314" RDEPEND="${DEPEND}" -PATCHES=( "${FILESDIR}"/enable_alx_wol.patch - "${FILESDIR}"/introduce-NUMA-identity-node-sched-domain.patch +PATCHES=( "${FILESDIR}"/introduce-NUMA-identity-node-sched-domain.patch "${FILESDIR}"/k10temp-add-ZEN-support.patch "${FILESDIR}"/mute-pps_state_mismatch.patch "${FILESDIR}"/restore-SD_PREFER_SIBLING-on-MC-domains.patch "${FILESDIR}"/Revert-ath10k-activate-user-space-firmware-loading.patch "${FILESDIR}"/linux-hardened.patch - "${FILESDIR}"/uksm-for-linux-hardened.patch ) + "${FILESDIR}"/uksm-for-linux-hardened.patch + "${FILESDIR}"/0015-Enable-BFQ-io-scheduler-by-default.patch ) S="${WORKDIR}"/linux-"${PV}" diff --git a/sys-kernel/linux-sources-redcore-lts/Manifest b/sys-kernel/linux-sources-redcore-lts/Manifest index 88488d9f..17b5b0b2 100644 --- a/sys-kernel/linux-sources-redcore-lts/Manifest +++ b/sys-kernel/linux-sources-redcore-lts/Manifest @@ -1 +1 @@ -DIST linux-4.14.50.tar.xz 100914360 BLAKE2B ab5139121e6f6fb47983822f9655da31d73c64c7d7543222480da73ffc7e0b495c5d7e47364152badf4d483b38ecf79eddc450bb8ac40224d20051a5cf3a7c6b SHA512 e8cec475c53624b29e17d7295818d2f8c1ddc98ab72bdd5c9901fcef4f06117d3da5896add182ca85af0acaa872d25c16266165886bff822c260d5466561c7e7 +DIST linux-4.14.65.tar.xz 100977596 BLAKE2B 1864dadfbdd4cf2e8c89c196291e04a680f06f9916a792bc6f2c22e9b74e512f6475a7dbfb70c81882841583e726466c0f7ff6995d3e78d6334a71b4cef06303 SHA512 162382b3567ba256a1caac7b9c0e2188484ae22d8731c2627ab0faa471ac35ca6578e0f0428c17d63d14f53316b7701a0e9c7a99b1bc749ddd6ab408f10c2185 diff --git a/sys-kernel/linux-sources-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch b/sys-kernel/linux-sources-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch new file mode 100644 index 00000000..d12753be --- /dev/null +++ b/sys-kernel/linux-sources-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch @@ -0,0 +1,38 @@ +From 0e7ab31fb218e2a18fbecd19c24dfaae14c88afd Mon Sep 17 00:00:00 2001 +From: Con Kolivas <kernel@kolivas.org> +Date: Mon, 20 Nov 2017 18:02:03 +1100 +Subject: [PATCH 15/18] Enable BFQ io scheduler by default. + +--- + block/Kconfig.iosched | 2 +- + drivers/scsi/Kconfig | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/block/Kconfig.iosched b/block/Kconfig.iosched +index a4a8914bf7a4..2d9be91e8e87 100644 +--- a/block/Kconfig.iosched ++++ b/block/Kconfig.iosched +@@ -82,7 +82,7 @@ config MQ_IOSCHED_KYBER + + config IOSCHED_BFQ + tristate "BFQ I/O scheduler" +- default n ++ default y + ---help--- + BFQ I/O scheduler for BLK-MQ. BFQ distributes the bandwidth of + of the device among all processes according to their weights, +diff --git a/drivers/scsi/Kconfig b/drivers/scsi/Kconfig +index 8a739b74cfb7..9e939ee76e72 100644 +--- a/drivers/scsi/Kconfig ++++ b/drivers/scsi/Kconfig +@@ -50,6 +50,7 @@ config SCSI_NETLINK + config SCSI_MQ_DEFAULT + bool "SCSI: use blk-mq I/O path by default" + depends on SCSI ++ default y + ---help--- + This option enables the new blk-mq based I/O path for SCSI + devices by default. With the option the scsi_mod.use_blk_mq +-- +2.14.1 + diff --git a/sys-kernel/linux-sources-redcore-lts/files/enable_alx_wol.patch b/sys-kernel/linux-sources-redcore-lts/files/enable_alx_wol.patch deleted file mode 100644 index 38f460fb..00000000 --- a/sys-kernel/linux-sources-redcore-lts/files/enable_alx_wol.patch +++ /dev/null @@ -1,478 +0,0 @@ -diff --git a/drivers/net/ethernet/atheros/alx/ethtool.c b/drivers/net/ethernet/atheros/alx/ethtool.c -index 2f4eabf65..859e27236 100644 ---- a/drivers/net/ethernet/atheros/alx/ethtool.c -+++ b/drivers/net/ethernet/atheros/alx/ethtool.c -@@ -310,11 +310,47 @@ static int alx_get_sset_count(struct net_device *netdev, int sset) - } - } - -+static void alx_get_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) -+{ -+ struct alx_priv *alx = netdev_priv(netdev); -+ struct alx_hw *hw = &alx->hw; -+ -+ wol->supported = WAKE_MAGIC | WAKE_PHY; -+ wol->wolopts = 0; -+ -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_MAGIC) -+ wol->wolopts |= WAKE_MAGIC; -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_PHY) -+ wol->wolopts |= WAKE_PHY; -+} -+ -+static int alx_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) -+{ -+ struct alx_priv *alx = netdev_priv(netdev); -+ struct alx_hw *hw = &alx->hw; -+ -+ if (wol->wolopts & ~(WAKE_MAGIC | WAKE_PHY)) -+ return -EOPNOTSUPP; -+ -+ hw->sleep_ctrl = 0; -+ -+ if (wol->wolopts & WAKE_MAGIC) -+ hw->sleep_ctrl |= ALX_SLEEP_WOL_MAGIC; -+ if (wol->wolopts & WAKE_PHY) -+ hw->sleep_ctrl |= ALX_SLEEP_WOL_PHY; -+ -+ device_set_wakeup_enable(&alx->hw.pdev->dev, hw->sleep_ctrl); -+ -+ return 0; -+} -+ - const struct ethtool_ops alx_ethtool_ops = { - .get_pauseparam = alx_get_pauseparam, - .set_pauseparam = alx_set_pauseparam, - .get_msglevel = alx_get_msglevel, - .set_msglevel = alx_set_msglevel, -+ .get_wol = alx_get_wol, -+ .set_wol = alx_set_wol, - .get_link = ethtool_op_get_link, - .get_strings = alx_get_strings, - .get_sset_count = alx_get_sset_count, -diff --git a/drivers/net/ethernet/atheros/alx/hw.c b/drivers/net/ethernet/atheros/alx/hw.c -index 6ac40b000..4791b9dbb 100644 ---- a/drivers/net/ethernet/atheros/alx/hw.c -+++ b/drivers/net/ethernet/atheros/alx/hw.c -@@ -332,6 +332,16 @@ void alx_set_macaddr(struct alx_hw *hw, const u8 *addr) - alx_write_mem32(hw, ALX_STAD1, val); - } - -+static void alx_enable_osc(struct alx_hw *hw) -+{ -+ u32 val; -+ -+ /* rising edge */ -+ val = alx_read_mem32(hw, ALX_MISC); -+ alx_write_mem32(hw, ALX_MISC, val & ~ALX_MISC_INTNLOSC_OPEN); -+ alx_write_mem32(hw, ALX_MISC, val | ALX_MISC_INTNLOSC_OPEN); -+} -+ - static void alx_reset_osc(struct alx_hw *hw, u8 rev) - { - u32 val, val2; -@@ -848,6 +858,66 @@ void alx_post_phy_link(struct alx_hw *hw) - } - } - -+ -+/* NOTE: -+ * 1. phy link must be established before calling this function -+ * 2. wol option (pattern,magic,link,etc.) is configed before call it. -+ */ -+int alx_pre_suspend(struct alx_hw *hw, int speed, u8 duplex) -+{ -+ u32 master, mac, phy, val; -+ int err = 0; -+ -+ master = alx_read_mem32(hw, ALX_MASTER); -+ master &= ~ALX_MASTER_PCLKSEL_SRDS; -+ mac = hw->rx_ctrl; -+ /* 10/100 half */ -+ ALX_SET_FIELD(mac, ALX_MAC_CTRL_SPEED, ALX_MAC_CTRL_SPEED_10_100); -+ mac &= ~(ALX_MAC_CTRL_FULLD | ALX_MAC_CTRL_RX_EN | ALX_MAC_CTRL_TX_EN); -+ -+ phy = alx_read_mem32(hw, ALX_PHY_CTRL); -+ phy &= ~(ALX_PHY_CTRL_DSPRST_OUT | ALX_PHY_CTRL_CLS); -+ phy |= ALX_PHY_CTRL_RST_ANALOG | ALX_PHY_CTRL_HIB_PULSE | -+ ALX_PHY_CTRL_HIB_EN; -+ -+ /* without any activity */ -+ if (!(hw->sleep_ctrl & ALX_SLEEP_ACTIVE)) { -+ err = alx_write_phy_reg(hw, ALX_MII_IER, 0); -+ if (err) -+ return err; -+ phy |= ALX_PHY_CTRL_IDDQ | ALX_PHY_CTRL_POWER_DOWN; -+ } else { -+ if (hw->sleep_ctrl & (ALX_SLEEP_WOL_MAGIC | ALX_SLEEP_CIFS)) -+ mac |= ALX_MAC_CTRL_RX_EN | ALX_MAC_CTRL_BRD_EN; -+ if (hw->sleep_ctrl & ALX_SLEEP_CIFS) -+ mac |= ALX_MAC_CTRL_TX_EN; -+ if (duplex == DUPLEX_FULL) -+ mac |= ALX_MAC_CTRL_FULLD; -+ if (speed == SPEED_1000) -+ ALX_SET_FIELD(mac, ALX_MAC_CTRL_SPEED, -+ ALX_MAC_CTRL_SPEED_1000); -+ phy |= ALX_PHY_CTRL_DSPRST_OUT; -+ err = alx_write_phy_ext(hw, ALX_MIIEXT_ANEG, -+ ALX_MIIEXT_S3DIG10, -+ ALX_MIIEXT_S3DIG10_SL); -+ if (err) -+ return err; -+ } -+ -+ alx_enable_osc(hw); -+ hw->rx_ctrl = mac; -+ alx_write_mem32(hw, ALX_MASTER, master); -+ alx_write_mem32(hw, ALX_MAC_CTRL, mac); -+ alx_write_mem32(hw, ALX_PHY_CTRL, phy); -+ -+ /* set val of PDLL D3PLLOFF */ -+ val = alx_read_mem32(hw, ALX_PDLL_TRNS1); -+ val |= ALX_PDLL_TRNS1_D3PLLOFF_EN; -+ alx_write_mem32(hw, ALX_PDLL_TRNS1, val); -+ -+ return 0; -+} -+ - bool alx_phy_configured(struct alx_hw *hw) - { - u32 cfg, hw_cfg; -@@ -920,6 +990,26 @@ int alx_clear_phy_intr(struct alx_hw *hw) - return alx_read_phy_reg(hw, ALX_MII_ISR, &isr); - } - -+int alx_config_wol(struct alx_hw *hw) -+{ -+ u32 wol = 0; -+ int err = 0; -+ -+ /* turn on magic packet event */ -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_MAGIC) -+ wol |= ALX_WOL0_MAGIC_EN | ALX_WOL0_PME_MAGIC_EN; -+ -+ /* turn on link up event */ -+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_PHY) { -+ wol |= ALX_WOL0_LINK_EN | ALX_WOL0_PME_LINK; -+ /* only link up can wake up */ -+ err = alx_write_phy_reg(hw, ALX_MII_IER, ALX_IER_LINK_UP); -+ } -+ alx_write_mem32(hw, ALX_WOL0, wol); -+ -+ return err; -+} -+ - void alx_disable_rss(struct alx_hw *hw) - { - u32 ctrl = alx_read_mem32(hw, ALX_RXQ0); -@@ -1045,6 +1135,71 @@ void alx_mask_msix(struct alx_hw *hw, int index, bool mask) - } - - -+int alx_select_powersaving_speed(struct alx_hw *hw, int *speed, u8 *duplex) -+{ -+ int i, err; -+ u16 lpa; -+ -+ err = alx_read_phy_link(hw); -+ if (err) -+ return err; -+ -+ if (hw->link_speed == SPEED_UNKNOWN) { -+ *speed = SPEED_UNKNOWN; -+ *duplex = DUPLEX_UNKNOWN; -+ return 0; -+ } -+ -+ err = alx_read_phy_reg(hw, MII_LPA, &lpa); -+ if (err) -+ return err; -+ -+ if (!(lpa & LPA_LPACK)) { -+ *speed = hw->link_speed; -+ return 0; -+ } -+ -+ if (lpa & LPA_10FULL) { -+ *speed = SPEED_10; -+ *duplex = DUPLEX_FULL; -+ } else if (lpa & LPA_10HALF) { -+ *speed = SPEED_10; -+ *duplex = DUPLEX_HALF; -+ } else if (lpa & LPA_100FULL) { -+ *speed = SPEED_100; -+ *duplex = DUPLEX_FULL; -+ } else { -+ *speed = SPEED_100; -+ *duplex = DUPLEX_HALF; -+ } -+ -+ if (*speed == hw->link_speed && *duplex == hw->duplex) -+ return 0; -+ err = alx_write_phy_reg(hw, ALX_MII_IER, 0); -+ if (err) -+ return err; -+ err = alx_setup_speed_duplex(hw, alx_speed_to_ethadv(*speed, *duplex) | -+ ADVERTISED_Autoneg, ALX_FC_ANEG | -+ ALX_FC_RX | ALX_FC_TX); -+ if (err) -+ return err; -+ -+ /* wait for linkup */ -+ for (i = 0; i < ALX_MAX_SETUP_LNK_CYCLE; i++) { -+ msleep(100); -+ -+ err = alx_read_phy_link(hw); -+ if (err < 0) -+ return err; -+ if (hw->link_speed != SPEED_UNKNOWN) -+ break; -+ } -+ if (i == ALX_MAX_SETUP_LNK_CYCLE) -+ return -ETIMEDOUT; -+ -+ return 0; -+} -+ - bool alx_get_phy_info(struct alx_hw *hw) - { - u16 devs1, devs2; -diff --git a/drivers/net/ethernet/atheros/alx/hw.h b/drivers/net/ethernet/atheros/alx/hw.h -index e42d7e094..a7fb6c8d8 100644 ---- a/drivers/net/ethernet/atheros/alx/hw.h -+++ b/drivers/net/ethernet/atheros/alx/hw.h -@@ -487,6 +487,8 @@ struct alx_hw { - u8 flowctrl; - u32 adv_cfg; - -+ u32 sleep_ctrl; -+ - spinlock_t mdio_lock; - struct mdio_if_info mdio; - u16 phy_id[2]; -@@ -549,12 +551,14 @@ void alx_reset_pcie(struct alx_hw *hw); - void alx_enable_aspm(struct alx_hw *hw, bool l0s_en, bool l1_en); - int alx_setup_speed_duplex(struct alx_hw *hw, u32 ethadv, u8 flowctrl); - void alx_post_phy_link(struct alx_hw *hw); -+int alx_pre_suspend(struct alx_hw *hw, int speed, u8 duplex); - int alx_read_phy_reg(struct alx_hw *hw, u16 reg, u16 *phy_data); - int alx_write_phy_reg(struct alx_hw *hw, u16 reg, u16 phy_data); - int alx_read_phy_ext(struct alx_hw *hw, u8 dev, u16 reg, u16 *pdata); - int alx_write_phy_ext(struct alx_hw *hw, u8 dev, u16 reg, u16 data); - int alx_read_phy_link(struct alx_hw *hw); - int alx_clear_phy_intr(struct alx_hw *hw); -+int alx_config_wol(struct alx_hw *hw); - void alx_cfg_mac_flowcontrol(struct alx_hw *hw, u8 fc); - void alx_start_mac(struct alx_hw *hw); - int alx_reset_mac(struct alx_hw *hw); -@@ -563,6 +567,7 @@ bool alx_phy_configured(struct alx_hw *hw); - void alx_configure_basic(struct alx_hw *hw); - void alx_mask_msix(struct alx_hw *hw, int index, bool mask); - void alx_disable_rss(struct alx_hw *hw); -+int alx_select_powersaving_speed(struct alx_hw *hw, int *speed, u8 *duplex); - bool alx_get_phy_info(struct alx_hw *hw); - void alx_update_hw_stats(struct alx_hw *hw); - -diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c -index 567ee5450..94fd0118d 100644 ---- a/drivers/net/ethernet/atheros/alx/main.c -+++ b/drivers/net/ethernet/atheros/alx/main.c -@@ -1070,6 +1070,7 @@ static int alx_init_sw(struct alx_priv *alx) - alx->dev->max_mtu = ALX_MAX_FRAME_LEN(ALX_MAX_FRAME_SIZE); - alx->tx_ringsz = 256; - alx->rx_ringsz = 512; -+ hw->sleep_ctrl = ALX_SLEEP_WOL_MAGIC | ALX_SLEEP_WOL_PHY; - hw->imt = 200; - alx->int_mask = ALX_ISR_MISC; - hw->dma_chnl = hw->max_dma_chnl; -@@ -1345,6 +1346,65 @@ static int alx_stop(struct net_device *netdev) - __alx_stop(netdev_priv(netdev)); - return 0; - } -+static int __alx_shutdown(struct pci_dev *pdev, bool *wol_en) -+{ -+ struct alx_priv *alx = pci_get_drvdata(pdev); -+ struct net_device *netdev = alx->dev; -+ struct alx_hw *hw = &alx->hw; -+ int err, speed; -+ u8 duplex; -+ -+ netif_device_detach(netdev); -+ -+ if (netif_running(netdev)) -+ __alx_stop(alx); -+ -+#ifdef CONFIG_PM_SLEEP -+ err = pci_save_state(pdev); -+ if (err) -+ return err; -+#endif -+ -+ err = alx_select_powersaving_speed(hw, &speed, &duplex); -+ if (err) -+ return err; -+ err = alx_clear_phy_intr(hw); -+ if (err) -+ return err; -+ err = alx_pre_suspend(hw, speed, duplex); -+ if (err) -+ return err; -+ err = alx_config_wol(hw); -+ if (err) -+ return err; -+ -+ *wol_en = false; -+ if (hw->sleep_ctrl & ALX_SLEEP_ACTIVE) { -+ netif_info(alx, wol, netdev, -+ "wol: ctrl=%X, speed=%X\n", -+ hw->sleep_ctrl, speed); -+ device_set_wakeup_enable(&pdev->dev, true); -+ *wol_en = true; -+ } -+ -+ pci_disable_device(pdev); -+ -+ return 0; -+} -+ -+static void alx_shutdown(struct pci_dev *pdev) -+{ -+ int err; -+ bool wol_en; -+ -+ err = __alx_shutdown(pdev, &wol_en); -+ if (!err) { -+ pci_wake_from_d3(pdev, wol_en); -+ pci_set_power_state(pdev, PCI_D3hot); -+ } else { -+ dev_err(&pdev->dev, "shutdown fail %d\n", err); -+ } -+} - - static void alx_link_check(struct work_struct *work) - { -@@ -1841,6 +1901,8 @@ static int alx_probe(struct pci_dev *pdev, const struct pci_device_id *ent) - goto out_unmap; - } - -+ device_set_wakeup_enable(&pdev->dev, hw->sleep_ctrl); -+ - netdev_info(netdev, - "Qualcomm Atheros AR816x/AR817x Ethernet [%pM]\n", - netdev->dev_addr); -@@ -1883,12 +1945,21 @@ static void alx_remove(struct pci_dev *pdev) - static int alx_suspend(struct device *dev) - { - struct pci_dev *pdev = to_pci_dev(dev); -- struct alx_priv *alx = pci_get_drvdata(pdev); -+ int err; -+ bool wol_en; - -- if (!netif_running(alx->dev)) -- return 0; -- netif_device_detach(alx->dev); -- __alx_stop(alx); -+ err = __alx_shutdown(pdev, &wol_en); -+ if (err) { -+ dev_err(&pdev->dev, "shutdown fail in suspend %d\n", err); -+ return err; -+ } -+ -+ if (wol_en) { -+ pci_prepare_to_sleep(pdev); -+ } else { -+ pci_wake_from_d3(pdev, false); -+ pci_set_power_state(pdev, PCI_D3hot); -+ } - return 0; - } - -@@ -1896,20 +1967,47 @@ static int alx_resume(struct device *dev) - { - struct pci_dev *pdev = to_pci_dev(dev); - struct alx_priv *alx = pci_get_drvdata(pdev); -- struct alx_hw *hw = &alx->hw; -- -- alx_reset_phy(hw); -- -- if (!netif_running(alx->dev)) -- return 0; -- netif_device_attach(alx->dev); -- return __alx_open(alx, true); -+ struct net_device *netdev = alx->dev; -+ struct alx_hw *hw = &alx->hw; -+ int err; -+ -+ pci_set_power_state(pdev, PCI_D0); -+ pci_restore_state(pdev); -+ pci_save_state(pdev); -+ -+ pci_enable_wake(pdev, PCI_D3hot, 0); -+ pci_enable_wake(pdev, PCI_D3cold, 0); -+ -+ hw->link_speed = SPEED_UNKNOWN; -+ alx->int_mask = ALX_ISR_MISC; -+ -+ alx_reset_pcie(hw); -+ alx_reset_phy(hw); -+ -+ err = alx_reset_mac(hw); -+ if (err) { -+ netif_err(alx, hw, alx->dev, -+ "resume:reset_mac fail %d\n", err); -+ return -EIO; -+ } -+ -+ err = alx_setup_speed_duplex(hw, hw->adv_cfg, hw->flowctrl); -+ if (err) { -+ netif_err(alx, hw, alx->dev, -+ "resume:setup_speed_duplex fail %d\n", err); -+ return -EIO; -+ } -+ -+ if (netif_running(netdev)) { -+ err = __alx_open(alx, true); -+ if (err) -+ return err; -+ } -+ -+ netif_device_attach(netdev); -+ return err; - } - --static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume); --#define ALX_PM_OPS (&alx_pm_ops) --#else --#define ALX_PM_OPS NULL - #endif - - -@@ -1955,6 +2053,8 @@ static pci_ers_result_t alx_pci_error_slot_reset(struct pci_dev *pdev) - } - - pci_set_master(pdev); -+ pci_enable_wake(pdev, PCI_D3hot, 0); -+ pci_enable_wake(pdev, PCI_D3cold, 0); - - alx_reset_pcie(hw); - if (!alx_reset_mac(hw)) -@@ -2006,11 +2106,19 @@ static const struct pci_device_id alx_pci_tbl[] = { - {} - }; - -+#ifdef CONFIG_PM_SLEEP -+static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume); -+#define ALX_PM_OPS (&alx_pm_ops) -+#else -+#define ALX_PM_OPS NULL -+#endif -+ - static struct pci_driver alx_driver = { - .name = alx_drv_name, - .id_table = alx_pci_tbl, - .probe = alx_probe, - .remove = alx_remove, -+ .shutdown = alx_shutdown, - .err_handler = &alx_err_handlers, - .driver.pm = ALX_PM_OPS, - }; diff --git a/sys-kernel/linux-sources-redcore-lts/files/linux-hardened.patch b/sys-kernel/linux-sources-redcore-lts/files/linux-hardened.patch index 0085a4f2..b5bfc225 100644 --- a/sys-kernel/linux-sources-redcore-lts/files/linux-hardened.patch +++ b/sys-kernel/linux-sources-redcore-lts/files/linux-hardened.patch @@ -1,90 +1,94 @@ -diff -Nur a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig ---- a/arch/arm64/configs/defconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/configs/defconfig 2018-05-26 19:24:34.821782579 +0100 -@@ -1,4 +1,3 @@ --CONFIG_SYSVIPC=y - CONFIG_POSIX_MQUEUE=y - CONFIG_AUDIT=y - CONFIG_NO_HZ_IDLE=y -diff -Nur a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h ---- a/arch/arm64/include/asm/elf.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/include/asm/elf.h 2018-05-26 19:24:34.821782579 +0100 -@@ -114,10 +114,10 @@ +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 9841bad6f271..99aab439ba8e 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -490,16 +490,6 @@ + nosocket -- Disable socket memory accounting. + nokmem -- Disable kernel memory accounting. - /* - * This is the base location for PIE (ET_DYN with INTERP) loads. On -- * 64-bit, this is above 4GB to leave the entire 32-bit address -+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address - * space open for things that want to use the area for 32-bit pointers. - */ --#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) -+#define ELF_ET_DYN_BASE 0x100000000UL +- checkreqprot [SELINUX] Set initial checkreqprot flag value. +- Format: { "0" | "1" } +- See security/selinux/Kconfig help text. +- 0 -- check protection applied by kernel (includes +- any implied execute protection). +- 1 -- check protection requested by application. +- Default value is set via a kernel config option. +- Value can be changed at runtime via +- /selinux/checkreqprot. +- + cio_ignore= [S390] + See Documentation/s390/CommonIO for details. + clk_ignore_unused +@@ -2977,6 +2967,11 @@ + the specified number of seconds. This is to be used if + your oopses keep scrolling off the screen. - #ifndef __ASSEMBLY__ ++ extra_latent_entropy ++ Enable a very simple form of latent entropy extraction ++ from the first 4GB of memory as the bootmem allocator ++ passes the memory pages to the buddy allocator. ++ + pcbit= [HW,ISDN] -@@ -158,10 +158,10 @@ - /* 1GB of VA */ - #ifdef CONFIG_COMPAT - #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ -- 0x7ff >> (PAGE_SHIFT - 12) : \ -- 0x3ffff >> (PAGE_SHIFT - 12)) -+ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ -+ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #else --#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) -+#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) - #endif + pcd. [PARIDE] +diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt +index 694968c7523c..002d86416ef8 100644 +--- a/Documentation/sysctl/kernel.txt ++++ b/Documentation/sysctl/kernel.txt +@@ -91,6 +91,7 @@ show up in /proc/sys/kernel: + - sysctl_writes_strict + - tainted + - threads-max ++- tiocsti_restrict + - unknown_nmi_panic + - watchdog + - watchdog_thresh +@@ -999,6 +1000,26 @@ available RAM pages threads-max is reduced accordingly. - #ifdef __AARCH64EB__ -diff -Nur a/arch/arm64/Kconfig b/arch/arm64/Kconfig ---- a/arch/arm64/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/Kconfig 2018-05-26 19:24:34.821782579 +0100 -@@ -918,6 +918,7 @@ + ============================================================== - config ARM64_SW_TTBR0_PAN - bool "Emulate Privileged Access Never using TTBR0_EL1 switching" -+ default y - help - Enabling this option prevents the kernel from accessing - user-space memory directly by pointing TTBR0_EL1 to a reserved -@@ -1044,6 +1045,7 @@ - bool "Randomize the address of the kernel image" - select ARM64_MODULE_PLTS if MODULES - select RELOCATABLE -+ default y - help - Randomizes the virtual address at which the kernel image is - loaded, as a security feature that deters exploit attempts -diff -Nur a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug ---- a/arch/arm64/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/Kconfig.debug 2018-05-26 19:24:34.821782579 +0100 -@@ -45,6 +45,7 @@ - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select ARM64_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. ++tiocsti_restrict: ++ ++This toggle indicates whether unprivileged users are prevented ++from using the TIOCSTI ioctl to inject commands into other processes ++which share a tty session. ++ ++When tiocsti_restrict is set to (0) there are no restrictions(accept ++the default restriction of only being able to injection commands into ++one's own tty). When tiocsti_restrict is set to (1), users must ++have CAP_SYS_ADMIN to use the TIOCSTI ioctl. ++ ++When user namespaces are in use, the check for the capability ++CAP_SYS_ADMIN is done against the user namespace that originally ++opened the tty. ++ ++The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the ++default value of tiocsti_restrict. ++ ++============================================================== ++ + unknown_nmi_panic: -diff -Nur a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c ---- a/arch/arm64/kernel/process.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/arm64/kernel/process.c 2018-05-26 19:24:34.821782579 +0100 -@@ -419,9 +419,9 @@ - unsigned long arch_randomize_brk(struct mm_struct *mm) - { - if (is_compat_task()) -- return randomize_page(mm->brk, SZ_32M); -+ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; - else -- return randomize_page(mm->brk, SZ_1G); -+ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; - } + The value in this file affects behavior of handling NMI. When the +diff --git a/Makefile b/Makefile +index 025156791e90..c45debf0a8e2 100644 +--- a/Makefile ++++ b/Makefile +@@ -706,6 +706,9 @@ endif + KBUILD_CFLAGS += $(stackp-flag) - /* -diff -Nur a/arch/Kconfig b/arch/Kconfig ---- a/arch/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/Kconfig 2018-05-26 19:24:34.820782546 +0100 -@@ -440,6 +440,11 @@ + ifeq ($(cc-name),clang) ++ifdef CONFIG_LOCAL_INIT ++KBUILD_CFLAGS += -fsanitize=local-init ++endif + KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) + KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) + KBUILD_CFLAGS += $(call cc-disable-warning, gnu) +diff --git a/arch/Kconfig b/arch/Kconfig +index 4e01862f58e4..111da81b4277 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -443,6 +443,11 @@ config GCC_PLUGIN_LATENT_ENTROPY is some slowdown of the boot process (about 0.5%) and fork and irq processing. @@ -96,7 +100,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig Note that entropy extracted this way is not cryptographically secure! -@@ -533,7 +538,7 @@ +@@ -536,7 +541,7 @@ config CC_STACKPROTECTOR choice prompt "Stack Protector buffer overflow detection" depends on HAVE_CC_STACKPROTECTOR @@ -105,7 +109,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig help This option turns on the "stack-protector" GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -735,7 +740,7 @@ +@@ -738,7 +743,7 @@ config ARCH_MMAP_RND_BITS int "Number of bits to use for ASLR of mmap base address" if EXPERT range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT @@ -114,7 +118,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig depends on HAVE_ARCH_MMAP_RND_BITS help This value can be used to select the number of bits to use to -@@ -769,7 +774,7 @@ +@@ -772,7 +777,7 @@ config ARCH_MMAP_RND_COMPAT_BITS int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT @@ -123,7 +127,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS help This value can be used to select the number of bits to use to -@@ -952,6 +957,7 @@ +@@ -955,6 +960,7 @@ config ARCH_HAS_REFCOUNT config REFCOUNT_FULL bool "Perform full reference count validation at the expense of speed" @@ -131,19 +135,154 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig help Enabling this switches the refcounting infrastructure from a fast unchecked atomic_t implementation to a fully state checked -diff -Nur a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig ---- a/arch/x86/configs/x86_64_defconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/configs/x86_64_defconfig 2018-05-26 19:24:34.822782611 +0100 +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 1bbb89d37f57..e3776376cafa 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -927,6 +927,7 @@ endif + + config ARM64_SW_TTBR0_PAN + bool "Emulate Privileged Access Never using TTBR0_EL1 switching" ++ default y + help + Enabling this option prevents the kernel from accessing + user-space memory directly by pointing TTBR0_EL1 to a reserved +@@ -1053,6 +1054,7 @@ config RANDOMIZE_BASE + bool "Randomize the address of the kernel image" + select ARM64_MODULE_PLTS if MODULES + select RELOCATABLE ++ default y + help + Randomizes the virtual address at which the kernel image is + loaded, as a security feature that deters exploit attempts +diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug +index cc6bd559af85..01d5442d4722 100644 +--- a/arch/arm64/Kconfig.debug ++++ b/arch/arm64/Kconfig.debug +@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select ARM64_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig +index b05796578e7a..8f6e2099717d 100644 +--- a/arch/arm64/configs/defconfig ++++ b/arch/arm64/configs/defconfig +@@ -1,4 +1,3 @@ +-CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y + CONFIG_AUDIT=y + CONFIG_NO_HZ_IDLE=y +diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h +index 33be513ef24c..6f0c0e3ef0dd 100644 +--- a/arch/arm64/include/asm/elf.h ++++ b/arch/arm64/include/asm/elf.h +@@ -114,10 +114,10 @@ + + /* + * This is the base location for PIE (ET_DYN with INTERP) loads. On +- * 64-bit, this is above 4GB to leave the entire 32-bit address ++ * 64-bit, this is raised to 4GB to leave the entire 32-bit address + * space open for things that want to use the area for 32-bit pointers. + */ +-#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3) ++#define ELF_ET_DYN_BASE 0x100000000UL + + #ifndef __ASSEMBLY__ + +@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, + /* 1GB of VA */ + #ifdef CONFIG_COMPAT + #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \ +- 0x7ff >> (PAGE_SHIFT - 12) : \ +- 0x3ffff >> (PAGE_SHIFT - 12)) ++ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \ ++ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #else +-#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12)) ++#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12)) + #endif + + #ifdef __AARCH64EB__ +diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c +index 9e773732520c..91359f45b5fc 100644 +--- a/arch/arm64/kernel/process.c ++++ b/arch/arm64/kernel/process.c +@@ -419,9 +419,9 @@ unsigned long arch_align_stack(unsigned long sp) + unsigned long arch_randomize_brk(struct mm_struct *mm) + { + if (is_compat_task()) +- return randomize_page(mm->brk, SZ_32M); ++ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE; + else +- return randomize_page(mm->brk, SZ_1G); ++ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE; + } + + /* +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 1c63a4b5320d..54f70e88db20 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1154,8 +1154,7 @@ config VM86 + default X86_LEGACY_VM86 + + config X86_16BIT +- bool "Enable support for 16-bit segments" if EXPERT +- default y ++ bool "Enable support for 16-bit segments" + depends on MODIFY_LDT_SYSCALL + ---help--- + This option is required by programs like Wine to run 16-bit +@@ -2229,7 +2228,7 @@ config COMPAT_VDSO + choice + prompt "vsyscall table for legacy applications" + depends on X86_64 +- default LEGACY_VSYSCALL_EMULATE ++ default LEGACY_VSYSCALL_NONE + help + Legacy user code that does not know how to find the vDSO expects + to be able to issue three syscalls by calling fixed addresses in +@@ -2319,8 +2318,7 @@ config CMDLINE_OVERRIDE + be set to 'N' under normal conditions. + + config MODIFY_LDT_SYSCALL +- bool "Enable the LDT (local descriptor table)" if EXPERT +- default y ++ bool "Enable the LDT (local descriptor table)" + ---help--- + Linux can allow user programs to install a per-process x86 + Local Descriptor Table (LDT) using the modify_ldt(2) system +diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug +index 6293a8768a91..add82e0f1df3 100644 +--- a/arch/x86/Kconfig.debug ++++ b/arch/x86/Kconfig.debug +@@ -101,6 +101,7 @@ config EFI_PGT_DUMP + config DEBUG_WX + bool "Warn on W+X mappings at boot" + select X86_PTDUMP_CORE ++ default y + ---help--- + Generate a warning if any W+X mappings are found at boot. + +diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig +index e32fc1f274d8..d08acc76502a 100644 +--- a/arch/x86/configs/x86_64_defconfig ++++ b/arch/x86/configs/x86_64_defconfig @@ -1,5 +1,4 @@ # CONFIG_LOCALVERSION_AUTO is not set -CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_TASKSTATS=y -diff -Nur a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c ---- a/arch/x86/entry/vdso/vma.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/entry/vdso/vma.c 2018-05-26 19:24:34.822782611 +0100 -@@ -203,55 +203,9 @@ +diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c +index 1911310959f8..bba8dbbc07a8 100644 +--- a/arch/x86/entry/vdso/vma.c ++++ b/arch/x86/entry/vdso/vma.c +@@ -203,55 +203,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) } #ifdef CONFIG_X86_64 @@ -200,10 +339,11 @@ diff -Nur a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c } #endif -diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h ---- a/arch/x86/include/asm/elf.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/include/asm/elf.h 2018-05-26 19:24:34.822782611 +0100 -@@ -249,11 +249,11 @@ +diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h +index 3a091cea36c5..0931c05a3348 100644 +--- a/arch/x86/include/asm/elf.h ++++ b/arch/x86/include/asm/elf.h +@@ -249,11 +249,11 @@ extern int force_personality32; /* * This is the base location for PIE (ET_DYN with INTERP) loads. On @@ -217,7 +357,7 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -312,8 +312,8 @@ +@@ -312,8 +312,8 @@ extern unsigned long get_mmap_base(int is_legacy); #ifdef CONFIG_X86_32 @@ -228,7 +368,7 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h #define ARCH_DLINFO ARCH_DLINFO_IA32 -@@ -322,7 +322,11 @@ +@@ -322,7 +322,11 @@ extern unsigned long get_mmap_base(int is_legacy); #else /* CONFIG_X86_32 */ /* 1GB for 64bit, 8MB for 32bit */ @@ -241,16 +381,17 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h #define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32()) #define ARCH_DLINFO \ -@@ -380,5 +384,4 @@ +@@ -380,5 +384,4 @@ struct va_alignment { } ____cacheline_aligned; extern struct va_alignment va_align; -extern unsigned long align_vdso_addr(unsigned long); #endif /* _ASM_X86_ELF_H */ -diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h ---- a/arch/x86/include/asm/tlbflush.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/include/asm/tlbflush.h 2018-05-26 19:24:34.823782643 +0100 -@@ -253,6 +253,7 @@ +diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h +index 875ca99b82ee..77edc169f7a2 100644 +--- a/arch/x86/include/asm/tlbflush.h ++++ b/arch/x86/include/asm/tlbflush.h +@@ -258,6 +258,7 @@ static inline void cr4_set_bits(unsigned long mask) unsigned long cr4; cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -258,7 +399,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h if ((cr4 | mask) != cr4) { cr4 |= mask; this_cpu_write(cpu_tlbstate.cr4, cr4); -@@ -266,6 +267,7 @@ +@@ -271,6 +272,7 @@ static inline void cr4_clear_bits(unsigned long mask) unsigned long cr4; cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -266,7 +407,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h if ((cr4 & ~mask) != cr4) { cr4 &= ~mask; this_cpu_write(cpu_tlbstate.cr4, cr4); -@@ -278,6 +280,7 @@ +@@ -283,6 +285,7 @@ static inline void cr4_toggle_bits(unsigned long mask) unsigned long cr4; cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -274,7 +415,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h cr4 ^= mask; this_cpu_write(cpu_tlbstate.cr4, cr4); __write_cr4(cr4); -@@ -386,6 +389,7 @@ +@@ -391,6 +394,7 @@ static inline void __native_flush_tlb_global(void) raw_local_irq_save(flags); cr4 = this_cpu_read(cpu_tlbstate.cr4); @@ -282,53 +423,11 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h /* toggle PGE */ native_write_cr4(cr4 ^ X86_CR4_PGE); /* write old PGE again and flush TLBs */ -diff -Nur a/arch/x86/Kconfig b/arch/x86/Kconfig ---- a/arch/x86/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/Kconfig 2018-05-26 19:24:34.822782611 +0100 -@@ -1153,8 +1153,7 @@ - default X86_LEGACY_VM86 - - config X86_16BIT -- bool "Enable support for 16-bit segments" if EXPERT -- default y -+ bool "Enable support for 16-bit segments" - depends on MODIFY_LDT_SYSCALL - ---help--- - This option is required by programs like Wine to run 16-bit -@@ -2228,7 +2227,7 @@ - choice - prompt "vsyscall table for legacy applications" - depends on X86_64 -- default LEGACY_VSYSCALL_EMULATE -+ default LEGACY_VSYSCALL_NONE - help - Legacy user code that does not know how to find the vDSO expects - to be able to issue three syscalls by calling fixed addresses in -@@ -2318,8 +2317,7 @@ - be set to 'N' under normal conditions. - - config MODIFY_LDT_SYSCALL -- bool "Enable the LDT (local descriptor table)" if EXPERT -- default y -+ bool "Enable the LDT (local descriptor table)" - ---help--- - Linux can allow user programs to install a per-process x86 - Local Descriptor Table (LDT) using the modify_ldt(2) system -diff -Nur a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug ---- a/arch/x86/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/Kconfig.debug 2018-05-26 19:24:34.822782611 +0100 -@@ -101,6 +101,7 @@ - config DEBUG_WX - bool "Warn on W+X mappings at boot" - select X86_PTDUMP_CORE -+ default y - ---help--- - Generate a warning if any W+X mappings are found at boot. - -diff -Nur a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c ---- a/arch/x86/kernel/cpu/common.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/kernel/cpu/common.c 2018-05-26 19:24:34.823782643 +0100 -@@ -1637,7 +1637,6 @@ +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index dd02ee4fa8cd..f991b4f69f21 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1658,7 +1658,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -336,20 +435,20 @@ diff -Nur a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c x2apic_setup(); /* -diff -Nur a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c ---- a/arch/x86/kernel/process.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/kernel/process.c 2018-05-26 19:26:32.692611050 +0100 -@@ -40,6 +40,9 @@ +diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c +index 988a98f34c66..dc36d2d9078a 100644 +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -40,6 +40,8 @@ #include <asm/desc.h> #include <asm/prctl.h> #include <asm/spec-ctrl.h> +#include <asm/elf.h> +#include <linux/sizes.h> -+ /* * per-CPU TSS segments. Threads are completely 'soft' on Linux, -@@ -719,7 +722,10 @@ +@@ -719,7 +721,10 @@ unsigned long arch_align_stack(unsigned long sp) unsigned long arch_randomize_brk(struct mm_struct *mm) { @@ -361,10 +460,11 @@ diff -Nur a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c } /* -diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c ---- a/arch/x86/kernel/sys_x86_64.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/kernel/sys_x86_64.c 2018-05-26 19:24:34.823782643 +0100 -@@ -54,13 +54,6 @@ +diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c +index a63fe77b3217..e1085e76043e 100644 +--- a/arch/x86/kernel/sys_x86_64.c ++++ b/arch/x86/kernel/sys_x86_64.c +@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void) return va_align.bits & get_align_mask(); } @@ -378,7 +478,7 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c static int __init control_va_addr_alignment(char *str) { /* guard against enabling this on other CPU families */ -@@ -122,10 +115,7 @@ +@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags, } *begin = get_mmap_base(1); @@ -390,7 +490,7 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c } unsigned long -@@ -206,7 +196,7 @@ +@@ -206,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.flags = VM_UNMAPPED_AREA_TOPDOWN; info.length = len; @@ -399,10 +499,11 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c info.high_limit = get_mmap_base(0); /* -diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c ---- a/arch/x86/mm/init_32.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/mm/init_32.c 2018-05-26 19:24:34.824782676 +0100 -@@ -558,7 +558,7 @@ +diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c +index 3141e67ec24c..e93173193f60 100644 +--- a/arch/x86/mm/init_32.c ++++ b/arch/x86/mm/init_32.c +@@ -558,7 +558,7 @@ static void __init pagetable_init(void) permanent_kmaps_init(pgd_base); } @@ -411,7 +512,7 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -865,7 +865,7 @@ +@@ -865,7 +865,7 @@ int arch_remove_memory(u64 start, u64 size) #endif #endif @@ -420,7 +521,7 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c void set_kernel_text_rw(void) { -@@ -917,12 +917,11 @@ +@@ -917,12 +917,11 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -434,9 +535,10 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c #ifdef CONFIG_CPA_DEBUG printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", start, start+size); -diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c ---- a/arch/x86/mm/init_64.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/arch/x86/mm/init_64.c 2018-05-26 19:24:34.824782676 +0100 +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c +index 642357aff216..8bbf93ce3cd2 100644 +--- a/arch/x86/mm/init_64.c ++++ b/arch/x86/mm/init_64.c @@ -65,7 +65,7 @@ * around without checking the pgd every time. */ @@ -446,7 +548,7 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c EXPORT_SYMBOL_GPL(__supported_pte_mask); int force_personality32; -@@ -1185,7 +1185,7 @@ +@@ -1185,7 +1185,7 @@ void __init mem_init(void) mem_init_print_info(NULL); } @@ -455,7 +557,7 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c void set_kernel_text_rw(void) { -@@ -1234,9 +1234,8 @@ +@@ -1234,9 +1234,8 @@ void mark_rodata_ro(void) printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", (end - start) >> 10); @@ -466,10 +568,11 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c /* * The rodata/data/bss/brk section (but not the kernel text!) -diff -Nur a/block/blk-softirq.c b/block/blk-softirq.c ---- a/block/blk-softirq.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/block/blk-softirq.c 2018-05-26 19:24:34.824782676 +0100 -@@ -20,7 +20,7 @@ +diff --git a/block/blk-softirq.c b/block/blk-softirq.c +index 01e2b353a2b9..9aeddca4a29f 100644 +--- a/block/blk-softirq.c ++++ b/block/blk-softirq.c +@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); * Softirq action handler - move entries to local list and loop over them * while passing them to the queue registered handler. */ @@ -478,80 +581,11 @@ diff -Nur a/block/blk-softirq.c b/block/blk-softirq.c { struct list_head *cpu_list, local_list; -diff -Nur a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt ---- a/Documentation/admin-guide/kernel-parameters.txt 2018-05-25 15:18:02.000000000 +0100 -+++ b/Documentation/admin-guide/kernel-parameters.txt 2018-05-26 19:24:34.819782514 +0100 -@@ -490,16 +490,6 @@ - nosocket -- Disable socket memory accounting. - nokmem -- Disable kernel memory accounting. - -- checkreqprot [SELINUX] Set initial checkreqprot flag value. -- Format: { "0" | "1" } -- See security/selinux/Kconfig help text. -- 0 -- check protection applied by kernel (includes -- any implied execute protection). -- 1 -- check protection requested by application. -- Default value is set via a kernel config option. -- Value can be changed at runtime via -- /selinux/checkreqprot. -- - cio_ignore= [S390] - See Documentation/s390/CommonIO for details. - clk_ignore_unused -@@ -2899,6 +2889,11 @@ - the specified number of seconds. This is to be used if - your oopses keep scrolling off the screen. - -+ extra_latent_entropy -+ Enable a very simple form of latent entropy extraction -+ from the first 4GB of memory as the bootmem allocator -+ passes the memory pages to the buddy allocator. -+ - pcbit= [HW,ISDN] - - pcd. [PARIDE] -diff -Nur a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt ---- a/Documentation/sysctl/kernel.txt 2018-05-25 15:18:02.000000000 +0100 -+++ b/Documentation/sysctl/kernel.txt 2018-05-26 19:24:34.820782546 +0100 -@@ -91,6 +91,7 @@ - - sysctl_writes_strict - - tainted - - threads-max -+- tiocsti_restrict - - unknown_nmi_panic - - watchdog - - watchdog_thresh -@@ -999,6 +1000,26 @@ - - ============================================================== - -+tiocsti_restrict: -+ -+This toggle indicates whether unprivileged users are prevented -+from using the TIOCSTI ioctl to inject commands into other processes -+which share a tty session. -+ -+When tiocsti_restrict is set to (0) there are no restrictions(accept -+the default restriction of only being able to injection commands into -+one's own tty). When tiocsti_restrict is set to (1), users must -+have CAP_SYS_ADMIN to use the TIOCSTI ioctl. -+ -+When user namespaces are in use, the check for the capability -+CAP_SYS_ADMIN is done against the user namespace that originally -+opened the tty. -+ -+The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the -+default value of tiocsti_restrict. -+ -+============================================================== -+ - unknown_nmi_panic: - - The value in this file affects behavior of handling NMI. When the -diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c ---- a/drivers/ata/libata-core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/ata/libata-core.c 2018-05-26 19:24:34.825782708 +0100 -@@ -5141,7 +5141,7 @@ +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 6938bd86ff1c..89e202988379 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -5147,7 +5147,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -560,7 +594,7 @@ diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c ap = qc->ap; qc->flags = 0; -@@ -5158,7 +5158,7 @@ +@@ -5164,7 +5164,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -569,10 +603,11 @@ diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig ---- a/drivers/char/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/char/Kconfig 2018-05-26 19:24:34.826782741 +0100 -@@ -9,7 +9,6 @@ +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index c28dca0c613d..d4813f0d25ca 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig" config DEVMEM bool "/dev/mem virtual device support" @@ -580,7 +615,7 @@ diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig help Say Y here if you want to support the /dev/mem device. The /dev/mem device is used to access areas of physical -@@ -568,7 +567,6 @@ +@@ -568,7 +567,6 @@ config TELCLOCK config DEVPORT bool "/dev/port character device" depends on ISA || PCI @@ -588,10 +623,11 @@ diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig help Say Y here if you want to support the /dev/port device. The /dev/port device is similar to /dev/mem, but for I/O ports. -diff -Nur a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c ---- a/drivers/media/dvb-frontends/cx24116.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24116.c 2018-05-26 19:24:34.826782741 +0100 -@@ -1462,7 +1462,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c +index e105532bfba8..e07d52bb9b62 100644 +--- a/drivers/media/dvb-frontends/cx24116.c ++++ b/drivers/media/dvb-frontends/cx24116.c +@@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune, return cx24116_read_status(fe, status); } @@ -600,10 +636,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c ---- a/drivers/media/dvb-frontends/cx24117.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24117.c 2018-05-26 19:24:34.826782741 +0100 -@@ -1555,7 +1555,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c +index d37cb7762bd6..97e0feff0ede 100644 +--- a/drivers/media/dvb-frontends/cx24117.c ++++ b/drivers/media/dvb-frontends/cx24117.c +@@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune, return cx24117_read_status(fe, status); } @@ -612,10 +649,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c ---- a/drivers/media/dvb-frontends/cx24120.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24120.c 2018-05-26 19:24:34.827782773 +0100 -@@ -1491,7 +1491,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c +index 7f11dcc94d85..01da670760ba 100644 +--- a/drivers/media/dvb-frontends/cx24120.c ++++ b/drivers/media/dvb-frontends/cx24120.c +@@ -1491,7 +1491,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune, return cx24120_read_status(fe, status); } @@ -624,10 +662,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c ---- a/drivers/media/dvb-frontends/cx24123.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cx24123.c 2018-05-26 19:24:34.827782773 +0100 -@@ -1005,7 +1005,7 @@ +diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c +index 1d59d1d3bd82..41cd0e9ea199 100644 +--- a/drivers/media/dvb-frontends/cx24123.c ++++ b/drivers/media/dvb-frontends/cx24123.c +@@ -1005,7 +1005,7 @@ static int cx24123_tune(struct dvb_frontend *fe, return retval; } @@ -636,10 +675,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/ { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c ---- a/drivers/media/dvb-frontends/cxd2820r_core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/cxd2820r_core.c 2018-05-26 19:24:34.827782773 +0100 -@@ -403,7 +403,7 @@ +diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c +index f6ebbb47b9b2..3e0d8cbd76da 100644 +--- a/drivers/media/dvb-frontends/cxd2820r_core.c ++++ b/drivers/media/dvb-frontends/cxd2820r_core.c +@@ -403,7 +403,7 @@ static enum dvbfe_search cxd2820r_search(struct dvb_frontend *fe) return DVBFE_ALGO_SEARCH_ERROR; } @@ -648,10 +688,11 @@ diff -Nur a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-fron { return DVBFE_ALGO_CUSTOM; } -diff -Nur a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c ---- a/drivers/media/dvb-frontends/mb86a20s.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/mb86a20s.c 2018-05-26 19:24:34.827782773 +0100 -@@ -2055,7 +2055,7 @@ +diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c +index e8ac8c3e2ec0..e0f4ba8302d1 100644 +--- a/drivers/media/dvb-frontends/mb86a20s.c ++++ b/drivers/media/dvb-frontends/mb86a20s.c +@@ -2055,7 +2055,7 @@ static void mb86a20s_release(struct dvb_frontend *fe) kfree(state); } @@ -660,10 +701,11 @@ diff -Nur a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c ---- a/drivers/media/dvb-frontends/s921.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/dvb-frontends/s921.c 2018-05-26 19:24:34.828782806 +0100 -@@ -464,7 +464,7 @@ +diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c +index 274544a3ae0e..9ef9b9bc1bd2 100644 +--- a/drivers/media/dvb-frontends/s921.c ++++ b/drivers/media/dvb-frontends/s921.c +@@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe, return rc; } @@ -672,10 +714,11 @@ diff -Nur a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s92 { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c ---- a/drivers/media/pci/bt8xx/dst.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/pci/bt8xx/dst.c 2018-05-26 19:24:34.828782806 +0100 -@@ -1657,7 +1657,7 @@ +diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c +index 7166d2279465..fa682f9fdc4b 100644 +--- a/drivers/media/pci/bt8xx/dst.c ++++ b/drivers/media/pci/bt8xx/dst.c +@@ -1657,7 +1657,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe, return 0; } @@ -684,10 +727,11 @@ diff -Nur a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c { return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW; } -diff -Nur a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c ---- a/drivers/media/pci/pt1/va1j5jf8007s.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/pci/pt1/va1j5jf8007s.c 2018-05-26 19:24:34.828782806 +0100 -@@ -98,7 +98,7 @@ +diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c +index f75f69556be7..d913a6050e8c 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007s.c ++++ b/drivers/media/pci/pt1/va1j5jf8007s.c +@@ -98,7 +98,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr) return 0; } @@ -696,10 +740,11 @@ diff -Nur a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c ---- a/drivers/media/pci/pt1/va1j5jf8007t.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/media/pci/pt1/va1j5jf8007t.c 2018-05-26 19:24:34.828782806 +0100 -@@ -88,7 +88,7 @@ +diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c +index 63fda79a75c0..4115c3ccd4a8 100644 +--- a/drivers/media/pci/pt1/va1j5jf8007t.c ++++ b/drivers/media/pci/pt1/va1j5jf8007t.c +@@ -88,7 +88,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr) return 0; } @@ -708,10 +753,11 @@ diff -Nur a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf { return DVBFE_ALGO_HW; } -diff -Nur a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c ---- a/drivers/misc/lkdtm_core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/misc/lkdtm_core.c 2018-05-26 19:24:34.828782806 +0100 -@@ -78,7 +78,7 @@ +diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c +index 981b3ef71e47..9883da1da383 100644 +--- a/drivers/misc/lkdtm_core.c ++++ b/drivers/misc/lkdtm_core.c +@@ -78,7 +78,7 @@ static irqreturn_t jp_handle_irq_event(unsigned int irq, return 0; } @@ -720,10 +766,11 @@ diff -Nur a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c { lkdtm_handler(); jprobe_return(); -diff -Nur a/drivers/tty/Kconfig b/drivers/tty/Kconfig ---- a/drivers/tty/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/tty/Kconfig 2018-05-26 19:24:34.829782838 +0100 -@@ -122,7 +122,6 @@ +diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig +index b811442c5ce6..4f62a63cbcb1 100644 +--- a/drivers/tty/Kconfig ++++ b/drivers/tty/Kconfig +@@ -122,7 +122,6 @@ config UNIX98_PTYS config LEGACY_PTYS bool "Legacy (BSD) PTY support" @@ -731,10 +778,11 @@ diff -Nur a/drivers/tty/Kconfig b/drivers/tty/Kconfig ---help--- A pseudo terminal (PTY) is a software device consisting of two halves: a master and a slave. The slave device behaves identical to -diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c ---- a/drivers/tty/tty_io.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/tty/tty_io.c 2018-05-26 19:24:34.829782838 +0100 -@@ -171,6 +171,7 @@ +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c +index 562d31073f9a..2184b9b5485f 100644 +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty) put_device(tty->dev); kfree(tty->write_buf); tty->magic = 0xDEADDEAD; @@ -742,7 +790,7 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c kfree(tty); } -@@ -2154,11 +2155,19 @@ +@@ -2154,11 +2155,19 @@ static int tty_fasync(int fd, struct file *filp, int on) * FIXME: may race normal receive processing */ @@ -762,7 +810,7 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) return -EPERM; if (get_user(ch, p)) -@@ -2841,6 +2850,7 @@ +@@ -2841,6 +2850,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) tty->index = idx; tty_line_name(driver, idx, tty->name); tty->dev = tty_get_device(tty); @@ -770,9 +818,10 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c return tty; } -diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c ---- a/drivers/usb/core/hub.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/drivers/usb/core/hub.c 2018-05-26 19:24:34.830782871 +0100 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index a9db0887edca..95464d2471c2 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c @@ -38,6 +38,8 @@ #define USB_VENDOR_GENESYS_LOGIC 0x05e3 #define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND 0x01 @@ -782,7 +831,7 @@ diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c /* Protect struct usb_device->state and ->children members * Note: Both are also protected by ->dev.sem, except that ->state can * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */ -@@ -4806,6 +4808,12 @@ +@@ -4816,6 +4818,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, goto done; return; } @@ -795,9 +844,10 @@ diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c if (hub_is_superspeed(hub->hdev)) unit_load = 150; else -diff -Nur a/fs/exec.c b/fs/exec.c ---- a/fs/exec.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/exec.c 2018-05-26 19:24:34.831782903 +0100 +diff --git a/fs/exec.c b/fs/exec.c +index 0da4d748b4e6..69fcee853363 100644 +--- a/fs/exec.c ++++ b/fs/exec.c @@ -62,6 +62,7 @@ #include <linux/oom.h> #include <linux/compat.h> @@ -806,7 +856,7 @@ diff -Nur a/fs/exec.c b/fs/exec.c #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -321,6 +322,8 @@ +@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) arch_bprm_mm_init(mm, vma); up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -815,10 +865,11 @@ diff -Nur a/fs/exec.c b/fs/exec.c return 0; err: up_write(&mm->mmap_sem); -diff -Nur a/fs/namei.c b/fs/namei.c ---- a/fs/namei.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/namei.c 2018-05-26 19:24:34.832782936 +0100 -@@ -902,8 +902,8 @@ +diff --git a/fs/namei.c b/fs/namei.c +index 0b46b858cd42..3ae8e72341da 100644 +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -902,8 +902,8 @@ static inline void put_link(struct nameidata *nd) path_put(&last->link); } @@ -829,18 +880,20 @@ diff -Nur a/fs/namei.c b/fs/namei.c /** * may_follow_link - Check symlink following for unsafe situations -diff -Nur a/fs/nfs/Kconfig b/fs/nfs/Kconfig ---- a/fs/nfs/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/nfs/Kconfig 2018-05-26 19:24:34.832782936 +0100 -@@ -195,4 +195,3 @@ +diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig +index 5f93cfacb3d1..cea0d7d3b23e 100644 +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -195,4 +195,3 @@ config NFS_DEBUG bool depends on NFS_FS && SUNRPC_DEBUG select CRC32 - default y -diff -Nur a/fs/pipe.c b/fs/pipe.c ---- a/fs/pipe.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/pipe.c 2018-05-26 19:24:34.832782936 +0100 -@@ -38,7 +38,7 @@ +diff --git a/fs/pipe.c b/fs/pipe.c +index 8ef7d7bef775..b82f305ec13d 100644 +--- a/fs/pipe.c ++++ b/fs/pipe.c +@@ -38,7 +38,7 @@ unsigned int pipe_max_size = 1048576; /* * Minimum pipe size, as required by POSIX */ @@ -849,10 +902,11 @@ diff -Nur a/fs/pipe.c b/fs/pipe.c /* Maximum allocatable pages per user. Hard limit is unset by default, soft * matches default values. -diff -Nur a/fs/proc/Kconfig b/fs/proc/Kconfig ---- a/fs/proc/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/proc/Kconfig 2018-05-26 19:24:34.832782936 +0100 -@@ -39,7 +39,6 @@ +diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig +index 1ade1206bb89..60b0f76dec47 100644 +--- a/fs/proc/Kconfig ++++ b/fs/proc/Kconfig +@@ -39,7 +39,6 @@ config PROC_KCORE config PROC_VMCORE bool "/proc/vmcore support" depends on PROC_FS && CRASH_DUMP @@ -860,10 +914,11 @@ diff -Nur a/fs/proc/Kconfig b/fs/proc/Kconfig help Exports the dump image of crashed kernel in ELF format. -diff -Nur a/fs/stat.c b/fs/stat.c ---- a/fs/stat.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/fs/stat.c 2018-05-26 19:24:34.832782936 +0100 -@@ -40,8 +40,13 @@ +diff --git a/fs/stat.c b/fs/stat.c +index 873785dae022..d3c2ada8b9c7 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -40,8 +40,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) stat->gid = inode->i_gid; stat->rdev = inode->i_rdev; stat->size = i_size_read(inode); @@ -879,7 +934,7 @@ diff -Nur a/fs/stat.c b/fs/stat.c stat->ctime = inode->i_ctime; stat->blksize = i_blocksize(inode); stat->blocks = inode->i_blocks; -@@ -75,9 +80,14 @@ +@@ -75,9 +80,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, stat->result_mask |= STATX_BASIC_STATS; request_mask &= STATX_ALL; query_flags &= KSTAT_QUERY_FLAGS; @@ -897,9 +952,10 @@ diff -Nur a/fs/stat.c b/fs/stat.c generic_fillattr(inode, stat); return 0; -diff -Nur a/include/linux/cache.h b/include/linux/cache.h ---- a/include/linux/cache.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/cache.h 2018-05-26 19:24:34.832782936 +0100 +diff --git a/include/linux/cache.h b/include/linux/cache.h +index 750621e41d1c..e7157c18c62c 100644 +--- a/include/linux/cache.h ++++ b/include/linux/cache.h @@ -31,6 +31,8 @@ #define __ro_after_init __attribute__((__section__(".data..ro_after_init"))) #endif @@ -909,10 +965,11 @@ diff -Nur a/include/linux/cache.h b/include/linux/cache.h #ifndef ____cacheline_aligned #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif -diff -Nur a/include/linux/capability.h b/include/linux/capability.h ---- a/include/linux/capability.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/capability.h 2018-05-26 19:24:34.832782936 +0100 -@@ -207,6 +207,7 @@ +diff --git a/include/linux/capability.h b/include/linux/capability.h +index f640dcbc880c..2b4f5d651f19 100644 +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -207,6 +207,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap); extern bool has_ns_capability_noaudit(struct task_struct *t, struct user_namespace *ns, int cap); extern bool capable(int cap); @@ -920,7 +977,7 @@ diff -Nur a/include/linux/capability.h b/include/linux/capability.h extern bool ns_capable(struct user_namespace *ns, int cap); extern bool ns_capable_noaudit(struct user_namespace *ns, int cap); #else -@@ -232,6 +233,10 @@ +@@ -232,6 +233,10 @@ static inline bool capable(int cap) { return true; } @@ -931,10 +988,11 @@ diff -Nur a/include/linux/capability.h b/include/linux/capability.h static inline bool ns_capable(struct user_namespace *ns, int cap) { return true; -diff -Nur a/include/linux/fs.h b/include/linux/fs.h ---- a/include/linux/fs.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/fs.h 2018-05-26 19:24:34.833782968 +0100 -@@ -3392,4 +3392,15 @@ +diff --git a/include/linux/fs.h b/include/linux/fs.h +index cc613f20e5a6..7606596d6c2e 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -3392,4 +3392,15 @@ static inline bool dir_relax_shared(struct inode *inode) extern bool path_noexec(const struct path *path); extern void inode_nohighmem(struct inode *inode); @@ -950,10 +1008,11 @@ diff -Nur a/include/linux/fs.h b/include/linux/fs.h +} + #endif /* _LINUX_FS_H */ -diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h ---- a/include/linux/fsnotify.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/fsnotify.h 2018-05-26 19:24:34.833782968 +0100 -@@ -181,6 +181,9 @@ +diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h +index bdaf22582f6e..326ff15d4637 100644 +--- a/include/linux/fsnotify.h ++++ b/include/linux/fsnotify.h +@@ -181,6 +181,9 @@ static inline void fsnotify_access(struct file *file) struct inode *inode = path->dentry->d_inode; __u32 mask = FS_ACCESS; @@ -963,7 +1022,7 @@ diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -@@ -199,6 +202,9 @@ +@@ -199,6 +202,9 @@ static inline void fsnotify_modify(struct file *file) struct inode *inode = path->dentry->d_inode; __u32 mask = FS_MODIFY; @@ -973,10 +1032,11 @@ diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h if (S_ISDIR(inode->i_mode)) mask |= FS_ISDIR; -diff -Nur a/include/linux/gfp.h b/include/linux/gfp.h ---- a/include/linux/gfp.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/gfp.h 2018-05-26 19:24:34.833782968 +0100 -@@ -518,9 +518,9 @@ +diff --git a/include/linux/gfp.h b/include/linux/gfp.h +index b041f94678de..fd8bb5a78b75 100644 +--- a/include/linux/gfp.h ++++ b/include/linux/gfp.h +@@ -518,9 +518,9 @@ extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); extern unsigned long get_zeroed_page(gfp_t gfp_mask); @@ -984,14 +1044,15 @@ diff -Nur a/include/linux/gfp.h b/include/linux/gfp.h +void *alloc_pages_exact(size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); void free_pages_exact(void *virt, size_t size); -void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask); -+void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1))); ++void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(2))); #define __get_free_page(gfp_mask) \ __get_free_pages((gfp_mask), 0) -diff -Nur a/include/linux/highmem.h b/include/linux/highmem.h ---- a/include/linux/highmem.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/highmem.h 2018-05-26 19:24:34.834783001 +0100 -@@ -191,6 +191,13 @@ +diff --git a/include/linux/highmem.h b/include/linux/highmem.h +index 776f90f3a1cd..3f5c47000059 100644 +--- a/include/linux/highmem.h ++++ b/include/linux/highmem.h +@@ -191,6 +191,13 @@ static inline void clear_highpage(struct page *page) kunmap_atomic(kaddr); } @@ -1005,10 +1066,11 @@ diff -Nur a/include/linux/highmem.h b/include/linux/highmem.h static inline void zero_user_segments(struct page *page, unsigned start1, unsigned end1, unsigned start2, unsigned end2) -diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h ---- a/include/linux/interrupt.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/interrupt.h 2018-05-26 19:24:34.834783001 +0100 -@@ -485,7 +485,7 @@ +diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h +index 69c238210325..ee487ea4f48f 100644 +--- a/include/linux/interrupt.h ++++ b/include/linux/interrupt.h +@@ -485,7 +485,7 @@ extern const char * const softirq_to_name[NR_SOFTIRQS]; struct softirq_action { @@ -1017,7 +1079,7 @@ diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h }; asmlinkage void do_softirq(void); -@@ -500,7 +500,7 @@ +@@ -500,7 +500,7 @@ static inline void do_softirq_own_stack(void) } #endif @@ -1026,10 +1088,11 @@ diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h extern void softirq_init(void); extern void __raise_softirq_irqoff(unsigned int nr); -diff -Nur a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h ---- a/include/linux/kobject_ns.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/kobject_ns.h 2018-05-26 19:24:34.834783001 +0100 -@@ -46,7 +46,7 @@ +diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h +index df32d2508290..c992d130b94d 100644 +--- a/include/linux/kobject_ns.h ++++ b/include/linux/kobject_ns.h +@@ -46,7 +46,7 @@ struct kobj_ns_type_operations { void (*drop_ns)(void *); }; @@ -1038,10 +1101,11 @@ diff -Nur a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h int kobj_ns_type_registered(enum kobj_ns_type type); const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); -diff -Nur a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/mm.h 2018-05-26 19:24:34.834783001 +0100 -@@ -525,7 +525,7 @@ +diff --git a/include/linux/mm.h b/include/linux/mm.h +index a26cf767407e..e0a700be00e3 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -525,7 +525,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) } #endif @@ -1050,10 +1114,11 @@ diff -Nur a/include/linux/mm.h b/include/linux/mm.h static inline void *kvmalloc(size_t size, gfp_t flags) { return kvmalloc_node(size, flags, NUMA_NO_NODE); -diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h ---- a/include/linux/percpu.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/percpu.h 2018-05-26 19:24:34.835783033 +0100 -@@ -129,7 +129,7 @@ +diff --git a/include/linux/percpu.h b/include/linux/percpu.h +index 296bbe49d5d1..b26652c9a98d 100644 +--- a/include/linux/percpu.h ++++ b/include/linux/percpu.h +@@ -129,7 +129,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size, pcpu_fc_populate_pte_fn_t populate_pte_fn); #endif @@ -1062,7 +1127,7 @@ diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr); extern bool is_kernel_percpu_address(unsigned long addr); -@@ -137,8 +137,8 @@ +@@ -137,8 +137,8 @@ extern bool is_kernel_percpu_address(unsigned long addr); extern void __init setup_per_cpu_areas(void); #endif @@ -1073,10 +1138,11 @@ diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h extern void free_percpu(void __percpu *__pdata); extern phys_addr_t per_cpu_ptr_to_phys(void *addr); -diff -Nur a/include/linux/perf_event.h b/include/linux/perf_event.h ---- a/include/linux/perf_event.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/perf_event.h 2018-05-26 19:24:34.835783033 +0100 -@@ -1165,6 +1165,11 @@ +diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h +index 8e22f24ded6a..b7fecdfa6de5 100644 +--- a/include/linux/perf_event.h ++++ b/include/linux/perf_event.h +@@ -1165,6 +1165,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, int perf_event_max_stack_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); @@ -1088,10 +1154,11 @@ diff -Nur a/include/linux/perf_event.h b/include/linux/perf_event.h static inline bool perf_paranoid_tracepoint_raw(void) { return sysctl_perf_event_paranoid > -1; -diff -Nur a/include/linux/slab.h b/include/linux/slab.h ---- a/include/linux/slab.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/slab.h 2018-05-26 19:24:34.835783033 +0100 -@@ -146,8 +146,8 @@ +diff --git a/include/linux/slab.h b/include/linux/slab.h +index ae5ed6492d54..fd0786124504 100644 +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -146,8 +146,8 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *); /* * Common kmalloc functions provided by all allocators */ @@ -1102,7 +1169,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); -@@ -324,7 +324,7 @@ +@@ -324,7 +324,7 @@ static __always_inline int kmalloc_index(size_t size) } #endif /* !CONFIG_SLOB */ @@ -1111,7 +1178,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc; void kmem_cache_free(struct kmem_cache *, void *); -@@ -348,7 +348,7 @@ +@@ -348,7 +348,7 @@ static __always_inline void kfree_bulk(size_t size, void **p) } #ifdef CONFIG_NUMA @@ -1120,7 +1187,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc; #else static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node) -@@ -473,7 +473,7 @@ +@@ -473,7 +473,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags) * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ @@ -1129,7 +1196,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h { if (__builtin_constant_p(size)) { if (size > KMALLOC_MAX_CACHE_SIZE) -@@ -513,7 +513,7 @@ +@@ -513,7 +513,7 @@ static __always_inline int kmalloc_size(int n) return 0; } @@ -1138,10 +1205,11 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h { #ifndef CONFIG_SLOB if (__builtin_constant_p(size) && -diff -Nur a/include/linux/slub_def.h b/include/linux/slub_def.h ---- a/include/linux/slub_def.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/slub_def.h 2018-05-26 19:24:34.835783033 +0100 -@@ -120,6 +120,11 @@ +diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h +index 2038ab531616..a88f322c8c8b 100644 +--- a/include/linux/slub_def.h ++++ b/include/linux/slub_def.h +@@ -120,6 +120,11 @@ struct kmem_cache { unsigned long random; #endif @@ -1153,10 +1221,11 @@ diff -Nur a/include/linux/slub_def.h b/include/linux/slub_def.h #ifdef CONFIG_NUMA /* * Defragmentation by allocating from a remote node. -diff -Nur a/include/linux/string.h b/include/linux/string.h ---- a/include/linux/string.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/string.h 2018-05-26 19:24:34.835783033 +0100 -@@ -234,10 +234,16 @@ +diff --git a/include/linux/string.h b/include/linux/string.h +index 96115bf561b4..f93d908c5bbc 100644 +--- a/include/linux/string.h ++++ b/include/linux/string.h +@@ -234,10 +234,16 @@ void __read_overflow2(void) __compiletime_error("detected read beyond size of ob void __read_overflow3(void) __compiletime_error("detected read beyond size of object passed as 3rd parameter"); void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter"); @@ -1174,7 +1243,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (__builtin_constant_p(size) && p_size < size) __write_overflow(); if (p_size < size) -@@ -247,7 +253,7 @@ +@@ -247,7 +253,7 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size) __FORTIFY_INLINE char *strcat(char *p, const char *q) { @@ -1183,7 +1252,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1) return __builtin_strcat(p, q); if (strlcat(p, q, p_size) >= p_size) -@@ -258,7 +264,7 @@ +@@ -258,7 +264,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q) __FORTIFY_INLINE __kernel_size_t strlen(const char *p) { __kernel_size_t ret; @@ -1192,7 +1261,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h /* Work around gcc excess stack consumption issue */ if (p_size == (size_t)-1 || -@@ -273,7 +279,7 @@ +@@ -273,7 +279,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p) extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen); __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen) { @@ -1201,7 +1270,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size); if (p_size <= ret && maxlen != ret) fortify_panic(__func__); -@@ -285,8 +291,8 @@ +@@ -285,8 +291,8 @@ extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy); __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) { size_t ret; @@ -1212,7 +1281,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1 && q_size == (size_t)-1) return __real_strlcpy(p, q, size); ret = strlen(q); -@@ -306,8 +312,8 @@ +@@ -306,8 +312,8 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size) __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count) { size_t p_len, copy_len; @@ -1223,7 +1292,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1 && q_size == (size_t)-1) return __builtin_strncat(p, q, count); p_len = strlen(p); -@@ -420,8 +426,8 @@ +@@ -420,8 +426,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp) /* defined after fortified strlen and memcpy to reuse them */ __FORTIFY_INLINE char *strcpy(char *p, const char *q) { @@ -1234,9 +1303,10 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h if (p_size == (size_t)-1 && q_size == (size_t)-1) return __builtin_strcpy(p, q); memcpy(p, q, strlen(q) + 1); -diff -Nur a/include/linux/tty.h b/include/linux/tty.h ---- a/include/linux/tty.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/tty.h 2018-05-26 19:24:34.836783066 +0100 +diff --git a/include/linux/tty.h b/include/linux/tty.h +index 1dd587ba6d88..9a9a04fb641d 100644 +--- a/include/linux/tty.h ++++ b/include/linux/tty.h @@ -13,6 +13,7 @@ #include <uapi/linux/tty.h> #include <linux/rwsem.h> @@ -1245,7 +1315,7 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h /* -@@ -335,6 +336,7 @@ +@@ -335,6 +336,7 @@ struct tty_struct { /* If the tty has a pending do_SAK, queue it here - akpm */ struct work_struct SAK_work; struct tty_port *port; @@ -1253,7 +1323,7 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h } __randomize_layout; /* Each of a tty's open files has private_data pointing to tty_file_private */ -@@ -344,6 +346,8 @@ +@@ -344,6 +346,8 @@ struct tty_file_private { struct list_head list; }; @@ -1262,10 +1332,11 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h /* tty magic number */ #define TTY_MAGIC 0x5401 -diff -Nur a/include/linux/vmalloc.h b/include/linux/vmalloc.h ---- a/include/linux/vmalloc.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/include/linux/vmalloc.h 2018-05-26 19:24:34.836783066 +0100 -@@ -68,19 +68,19 @@ +diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h +index 1e5d8c392f15..66d0e49c9987 100644 +--- a/include/linux/vmalloc.h ++++ b/include/linux/vmalloc.h +@@ -68,19 +68,19 @@ static inline void vmalloc_init(void) } #endif @@ -1295,10 +1366,11 @@ diff -Nur a/include/linux/vmalloc.h b/include/linux/vmalloc.h #ifndef CONFIG_MMU extern void *__vmalloc_node_flags(unsigned long size, int node, gfp_t flags); static inline void *__vmalloc_node_flags_caller(unsigned long size, int node, -diff -Nur a/init/Kconfig b/init/Kconfig ---- a/init/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/init/Kconfig 2018-05-26 19:24:34.836783066 +0100 -@@ -309,6 +309,7 @@ +diff --git a/init/Kconfig b/init/Kconfig +index 46075327c165..0c78750bc76d 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -309,6 +309,7 @@ config USELIB config AUDIT bool "Auditing support" depends on NET @@ -1306,7 +1378,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for -@@ -1052,6 +1053,12 @@ +@@ -1052,6 +1053,12 @@ config CC_OPTIMIZE_FOR_SIZE endchoice @@ -1319,7 +1391,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig config SYSCTL bool -@@ -1361,8 +1368,7 @@ +@@ -1361,8 +1368,7 @@ config SHMEM which may be appropriate on small systems without swap. config AIO @@ -1329,7 +1401,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help This option enables POSIX asynchronous I/O which may by used by some high performance threaded applications. Disabling -@@ -1491,7 +1497,7 @@ +@@ -1491,7 +1497,7 @@ config VM_EVENT_COUNTERS config SLUB_DEBUG default y @@ -1338,7 +1410,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig depends on SLUB && SYSFS help SLUB has extensive debug support features. Disabling these can -@@ -1515,7 +1521,6 @@ +@@ -1515,7 +1521,6 @@ config SLUB_MEMCG_SYSFS_ON config COMPAT_BRK bool "Disable heap randomization" @@ -1346,7 +1418,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1562,7 +1567,6 @@ +@@ -1562,7 +1567,6 @@ endchoice config SLAB_MERGE_DEFAULT bool "Allow slab caches to be merged" @@ -1354,7 +1426,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help For reduced kernel memory fragmentation, slab caches can be merged when they share the same size and other characteristics. -@@ -1575,9 +1579,9 @@ +@@ -1575,9 +1579,9 @@ config SLAB_MERGE_DEFAULT command line. config SLAB_FREELIST_RANDOM @@ -1365,7 +1437,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig help Randomizes the freelist order used on creating new pages. This security feature reduces the predictability of the kernel slab -@@ -1586,12 +1590,56 @@ +@@ -1586,12 +1590,56 @@ config SLAB_FREELIST_RANDOM config SLAB_FREELIST_HARDENED bool "Harden slab freelist metadata" depends on SLUB @@ -1422,10 +1494,11 @@ diff -Nur a/init/Kconfig b/init/Kconfig config SLUB_CPU_PARTIAL default y depends on SLUB && SMP -diff -Nur a/kernel/audit.c b/kernel/audit.c ---- a/kernel/audit.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/audit.c 2018-05-26 19:24:34.837783098 +0100 -@@ -1573,6 +1573,9 @@ +diff --git a/kernel/audit.c b/kernel/audit.c +index d301276bca58..d55a1e290cea 100644 +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -1575,6 +1575,9 @@ static int __init audit_enable(char *str) audit_default = !!simple_strtol(str, NULL, 0); if (!audit_default) audit_initialized = AUDIT_DISABLED; @@ -1435,10 +1508,11 @@ diff -Nur a/kernel/audit.c b/kernel/audit.c audit_enabled = audit_default; audit_ever_enabled = !!audit_enabled; -diff -Nur a/kernel/bpf/core.c b/kernel/bpf/core.c ---- a/kernel/bpf/core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/bpf/core.c 2018-05-26 19:24:34.837783098 +0100 -@@ -539,7 +539,7 @@ +diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c +index d203a5d6b726..2a6c3e2c57a6 100644 +--- a/kernel/bpf/core.c ++++ b/kernel/bpf/core.c +@@ -539,7 +539,7 @@ void __weak bpf_jit_free(struct bpf_prog *fp) bpf_prog_unlock_free(fp); } @@ -1447,10 +1521,11 @@ diff -Nur a/kernel/bpf/core.c b/kernel/bpf/core.c static int bpf_jit_blind_insn(const struct bpf_insn *from, const struct bpf_insn *aux, -diff -Nur a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c ---- a/kernel/bpf/syscall.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/bpf/syscall.c 2018-05-26 19:24:34.837783098 +0100 -@@ -37,7 +37,7 @@ +diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c +index 4e933219fec6..0f37db32a2b1 100644 +--- a/kernel/bpf/syscall.c ++++ b/kernel/bpf/syscall.c +@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(prog_idr_lock); static DEFINE_IDR(map_idr); static DEFINE_SPINLOCK(map_idr_lock); @@ -1459,10 +1534,11 @@ diff -Nur a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c static const struct bpf_map_ops * const bpf_map_types[] = { #define BPF_PROG_TYPE(_id, _ops) -diff -Nur a/kernel/capability.c b/kernel/capability.c ---- a/kernel/capability.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/capability.c 2018-05-26 19:24:34.838783131 +0100 -@@ -431,6 +431,12 @@ +diff --git a/kernel/capability.c b/kernel/capability.c +index 1e1c0236f55b..452062fe45ce 100644 +--- a/kernel/capability.c ++++ b/kernel/capability.c +@@ -431,6 +431,12 @@ bool capable(int cap) return ns_capable(&init_user_ns, cap); } EXPORT_SYMBOL(capable); @@ -1475,10 +1551,11 @@ diff -Nur a/kernel/capability.c b/kernel/capability.c #endif /* CONFIG_MULTIUSER */ /** -diff -Nur a/kernel/events/core.c b/kernel/events/core.c ---- a/kernel/events/core.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/events/core.c 2018-05-26 19:24:34.840783196 +0100 -@@ -397,8 +397,13 @@ +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 7c394ddf1ce6..9069886d38da 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -397,8 +397,13 @@ static cpumask_var_t perf_online_mask; * 0 - disallow raw tracepoint access for unpriv * 1 - disallow cpu events for unpriv * 2 - disallow kernel profiling for unpriv @@ -1492,7 +1569,7 @@ diff -Nur a/kernel/events/core.c b/kernel/events/core.c /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -9941,6 +9946,9 @@ +@@ -9977,6 +9982,9 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -1502,9 +1579,10 @@ diff -Nur a/kernel/events/core.c b/kernel/events/core.c err = perf_copy_attr(attr_uptr, &attr); if (err) return err; -diff -Nur a/kernel/fork.c b/kernel/fork.c ---- a/kernel/fork.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/fork.c 2018-05-26 19:24:34.840783196 +0100 +diff --git a/kernel/fork.c b/kernel/fork.c +index 91907a3701ce..8021b98c69e1 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c @@ -102,6 +102,11 @@ #define CREATE_TRACE_POINTS @@ -1517,7 +1595,7 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c /* * Minimum number of threads to boot the kernel -@@ -1554,6 +1559,10 @@ +@@ -1553,6 +1558,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -1528,7 +1606,7 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2347,6 +2356,12 @@ +@@ -2346,6 +2355,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -1541,10 +1619,11 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c err = check_unshare_flags(unshare_flags); if (err) goto bad_unshare_out; -diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c ---- a/kernel/power/snapshot.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/power/snapshot.c 2018-05-26 19:24:34.840783196 +0100 -@@ -1136,7 +1136,7 @@ +diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c +index 0972a8e09d08..00dde7aad47a 100644 +--- a/kernel/power/snapshot.c ++++ b/kernel/power/snapshot.c +@@ -1136,7 +1136,7 @@ void free_basic_memory_bitmaps(void) void clear_free_pages(void) { @@ -1553,7 +1632,7 @@ diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c struct memory_bitmap *bm = free_pages_map; unsigned long pfn; -@@ -1153,7 +1153,7 @@ +@@ -1153,7 +1153,7 @@ void clear_free_pages(void) } memory_bm_position_reset(bm); pr_info("PM: free pages cleared after restore\n"); @@ -1562,10 +1641,11 @@ diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c } /** -diff -Nur a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c ---- a/kernel/rcu/tiny.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/rcu/tiny.c 2018-05-26 19:24:34.841783228 +0100 -@@ -164,7 +164,7 @@ +diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c +index a64eee0db39e..4d7de378fe4c 100644 +--- a/kernel/rcu/tiny.c ++++ b/kernel/rcu/tiny.c +@@ -164,7 +164,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) } } @@ -1574,10 +1654,11 @@ diff -Nur a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c { __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); -diff -Nur a/kernel/rcu/tree.c b/kernel/rcu/tree.c ---- a/kernel/rcu/tree.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/rcu/tree.c 2018-05-26 19:24:34.841783228 +0100 -@@ -2918,7 +2918,7 @@ +diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c +index 3e3650e94ae6..7ecd7a5d04b3 100644 +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -2918,7 +2918,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* * Do RCU core processing for the current CPU. */ @@ -1586,10 +1667,11 @@ diff -Nur a/kernel/rcu/tree.c b/kernel/rcu/tree.c { struct rcu_state *rsp; -diff -Nur a/kernel/sched/fair.c b/kernel/sched/fair.c ---- a/kernel/sched/fair.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/sched/fair.c 2018-05-26 19:24:34.843783293 +0100 -@@ -8986,7 +8986,7 @@ +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 0cc7098c6dfd..3e69eaf4ddee 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -8987,7 +8987,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -1598,10 +1680,11 @@ diff -Nur a/kernel/sched/fair.c b/kernel/sched/fair.c { struct rq *this_rq = this_rq(); enum cpu_idle_type idle = this_rq->idle_balance ? -diff -Nur a/kernel/softirq.c b/kernel/softirq.c ---- a/kernel/softirq.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/softirq.c 2018-05-26 19:24:34.843783293 +0100 -@@ -53,7 +53,7 @@ +diff --git a/kernel/softirq.c b/kernel/softirq.c +index a4c87cf27f9d..efb97a8dc568 100644 +--- a/kernel/softirq.c ++++ b/kernel/softirq.c +@@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; EXPORT_SYMBOL(irq_stat); #endif @@ -1610,7 +1693,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c DEFINE_PER_CPU(struct task_struct *, ksoftirqd); -@@ -281,7 +281,7 @@ +@@ -285,7 +285,7 @@ asmlinkage __visible void __softirq_entry __do_softirq(void) kstat_incr_softirqs_this_cpu(vec_nr); trace_softirq_entry(vec_nr); @@ -1619,7 +1702,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c trace_softirq_exit(vec_nr); if (unlikely(prev_count != preempt_count())) { pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n", -@@ -444,7 +444,7 @@ +@@ -448,7 +448,7 @@ void __raise_softirq_irqoff(unsigned int nr) or_softirq_pending(1UL << nr); } @@ -1628,7 +1711,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c { softirq_vec[nr].action = action; } -@@ -486,7 +486,7 @@ +@@ -490,7 +490,7 @@ void __tasklet_hi_schedule(struct tasklet_struct *t) } EXPORT_SYMBOL(__tasklet_hi_schedule); @@ -1637,7 +1720,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c { struct tasklet_struct *list; -@@ -522,7 +522,7 @@ +@@ -526,7 +526,7 @@ static __latent_entropy void tasklet_action(struct softirq_action *a) } } @@ -1646,9 +1729,10 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c { struct tasklet_struct *list; -diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c ---- a/kernel/sysctl.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/sysctl.c 2018-05-26 19:24:34.844783326 +0100 +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 069550540a39..822783a174aa 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c @@ -66,6 +66,7 @@ #include <linux/kexec.h> #include <linux/bpf.h> @@ -1677,7 +1761,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c extern int pid_max; extern int pid_max_min, pid_max_max; extern int percpu_pagelist_fraction; -@@ -115,40 +123,43 @@ +@@ -115,40 +123,43 @@ extern int sysctl_nr_trim_pages; /* Constants used for minimum and maximum */ #ifdef CONFIG_LOCKUP_DETECTOR @@ -1736,7 +1820,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c #ifdef CONFIG_INOTIFY_USER #include <linux/inotify.h> #endif -@@ -286,19 +297,19 @@ +@@ -286,19 +297,19 @@ static struct ctl_table sysctl_base_table[] = { }; #ifdef CONFIG_SCHED_DEBUG @@ -1764,7 +1848,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c #endif static struct ctl_table kern_table[] = { -@@ -512,6 +523,15 @@ +@@ -512,6 +523,15 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif @@ -1780,10 +1864,11 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c #ifdef CONFIG_PROC_SYSCTL { .procname = "tainted", -@@ -854,6 +874,37 @@ +@@ -853,6 +873,37 @@ static struct ctl_table kern_table[] = { + .extra1 = &zero, .extra2 = &two, }, - #endif ++#endif +#if defined CONFIG_TTY + { + .procname = "tiocsti_restrict", @@ -1814,14 +1899,14 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c + .extra1 = &zero, + .extra2 = &one, + }, -+#endif + #endif { .procname = "ngroups_max", - .data = &ngroups_max, -diff -Nur a/kernel/time/timer.c b/kernel/time/timer.c ---- a/kernel/time/timer.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/time/timer.c 2018-05-26 19:24:34.844783326 +0100 -@@ -1624,7 +1624,7 @@ +diff --git a/kernel/time/timer.c b/kernel/time/timer.c +index 9fe525f410bf..6a85b0e1292e 100644 +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -1624,7 +1624,7 @@ static inline void __run_timers(struct timer_base *base) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -1830,9 +1915,10 @@ diff -Nur a/kernel/time/timer.c b/kernel/time/timer.c { struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); -diff -Nur a/kernel/user_namespace.c b/kernel/user_namespace.c ---- a/kernel/user_namespace.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/kernel/user_namespace.c 2018-05-26 19:24:34.844783326 +0100 +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index c490f1e4313b..dd03bd39d7bf 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c @@ -24,6 +24,9 @@ #include <linux/projid.h> #include <linux/fs_struct.h> @@ -1843,22 +1929,11 @@ diff -Nur a/kernel/user_namespace.c b/kernel/user_namespace.c static struct kmem_cache *user_ns_cachep __read_mostly; static DEFINE_MUTEX(userns_state_mutex); -diff -Nur a/lib/irq_poll.c b/lib/irq_poll.c ---- a/lib/irq_poll.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/irq_poll.c 2018-05-26 19:24:34.845783358 +0100 -@@ -75,7 +75,7 @@ - } - EXPORT_SYMBOL(irq_poll_complete); - --static void __latent_entropy irq_poll_softirq(struct softirq_action *h) -+static void __latent_entropy irq_poll_softirq(void) - { - struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); - int rearm = 0, budget = irq_poll_budget; -diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug ---- a/lib/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/Kconfig.debug 2018-05-26 19:24:34.845783358 +0100 -@@ -937,6 +937,7 @@ +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 62d0e25c054c..3953072277eb 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -937,6 +937,7 @@ endmenu # "Debug lockups and hangs" config PANIC_ON_OOPS bool "Panic on Oops" @@ -1866,7 +1941,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug help Say Y here to enable the kernel to panic when it oopses. This has the same effect as setting oops=panic on the kernel command -@@ -946,7 +947,7 @@ +@@ -946,7 +947,7 @@ config PANIC_ON_OOPS anything erroneous after an oops which could result in data corruption or other issues. @@ -1875,7 +1950,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug config PANIC_ON_OOPS_VALUE int -@@ -1319,6 +1320,7 @@ +@@ -1319,6 +1320,7 @@ config DEBUG_BUGVERBOSE config DEBUG_LIST bool "Debug linked list manipulation" depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION @@ -1883,7 +1958,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug help Enable this to turn on extended checks in the linked-list walking routines. -@@ -1932,6 +1934,7 @@ +@@ -1932,6 +1934,7 @@ config MEMTEST config BUG_ON_DATA_CORRUPTION bool "Trigger a BUG when data corruption is detected" select DEBUG_LIST @@ -1891,7 +1966,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug help Select this option if the kernel should BUG when it encounters data corruption in kernel memory structures when they get checked -@@ -1952,7 +1955,7 @@ +@@ -1952,7 +1955,7 @@ config STRICT_DEVMEM bool "Filter access to /dev/mem" depends on MMU && DEVMEM depends on ARCH_HAS_DEVMEM_IS_ALLOWED @@ -1900,7 +1975,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug ---help--- If this option is disabled, you allow userspace (root) access to all of memory, including kernel and userspace memory. Accidental -@@ -1971,6 +1974,7 @@ +@@ -1971,6 +1974,7 @@ config STRICT_DEVMEM config IO_STRICT_DEVMEM bool "Filter I/O access to /dev/mem" depends on STRICT_DEVMEM @@ -1908,10 +1983,24 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug ---help--- If this option is disabled, you allow userspace (root) access to all io-memory regardless of whether a driver is actively using that -diff -Nur a/lib/kobject.c b/lib/kobject.c ---- a/lib/kobject.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/kobject.c 2018-05-26 19:24:34.845783358 +0100 -@@ -956,9 +956,9 @@ +diff --git a/lib/irq_poll.c b/lib/irq_poll.c +index 86a709954f5a..6f15787fcb1b 100644 +--- a/lib/irq_poll.c ++++ b/lib/irq_poll.c +@@ -75,7 +75,7 @@ void irq_poll_complete(struct irq_poll *iop) + } + EXPORT_SYMBOL(irq_poll_complete); + +-static void __latent_entropy irq_poll_softirq(struct softirq_action *h) ++static void __latent_entropy irq_poll_softirq(void) + { + struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll); + int rearm = 0, budget = irq_poll_budget; +diff --git a/lib/kobject.c b/lib/kobject.c +index 34f847252c02..4fda329de614 100644 +--- a/lib/kobject.c ++++ b/lib/kobject.c +@@ -956,9 +956,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); static DEFINE_SPINLOCK(kobj_ns_type_lock); @@ -1923,10 +2012,11 @@ diff -Nur a/lib/kobject.c b/lib/kobject.c { enum kobj_ns_type type = ops->type; int error; -diff -Nur a/lib/nlattr.c b/lib/nlattr.c ---- a/lib/nlattr.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/nlattr.c 2018-05-26 19:24:34.845783358 +0100 -@@ -341,6 +341,8 @@ +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 3d8295c85505..3fa3b3409d69 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -341,6 +341,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) { int minlen = min_t(int, count, nla_len(src)); @@ -1935,10 +2025,11 @@ diff -Nur a/lib/nlattr.c b/lib/nlattr.c memcpy(dest, nla_data(src), minlen); if (count > minlen) memset(dest + minlen, 0, count - minlen); -diff -Nur a/lib/vsprintf.c b/lib/vsprintf.c ---- a/lib/vsprintf.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/lib/vsprintf.c 2018-05-26 19:24:34.846783391 +0100 -@@ -1591,7 +1591,7 @@ +diff --git a/lib/vsprintf.c b/lib/vsprintf.c +index 4a990f3fd345..3df8db5af0ba 100644 +--- a/lib/vsprintf.c ++++ b/lib/vsprintf.c +@@ -1588,7 +1588,7 @@ char *device_node_string(char *buf, char *end, struct device_node *dn, return widen_string(buf, buf - buf_start, end, spec); } @@ -1947,23 +2038,11 @@ diff -Nur a/lib/vsprintf.c b/lib/vsprintf.c /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -diff -Nur a/Makefile b/Makefile ---- a/Makefile 2018-05-25 15:18:02.000000000 +0100 -+++ b/Makefile 2018-05-26 19:24:34.820782546 +0100 -@@ -710,6 +710,9 @@ - KBUILD_CFLAGS += $(stackp-flag) - - ifeq ($(cc-name),clang) -+ifdef CONFIG_LOCAL_INIT -+KBUILD_CFLAGS += -fsanitize=local-init -+endif - KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) - KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable) - KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier) -diff -Nur a/mm/Kconfig b/mm/Kconfig ---- a/mm/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/Kconfig 2018-05-26 19:24:34.846783391 +0100 -@@ -319,7 +319,8 @@ +diff --git a/mm/Kconfig b/mm/Kconfig +index 59efbd3337e0..c070e14ec83d 100644 +--- a/mm/Kconfig ++++ b/mm/Kconfig +@@ -319,7 +319,8 @@ config KSM config DEFAULT_MMAP_MIN_ADDR int "Low address space to protect from user allocation" depends on MMU @@ -1973,10 +2052,11 @@ diff -Nur a/mm/Kconfig b/mm/Kconfig help This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages -diff -Nur a/mm/mmap.c b/mm/mmap.c ---- a/mm/mmap.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/mmap.c 2018-05-26 19:24:34.847783423 +0100 -@@ -220,6 +220,13 @@ +diff --git a/mm/mmap.c b/mm/mmap.c +index 2398776195d2..a8ffa2223ad1 100644 +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) newbrk = PAGE_ALIGN(brk); oldbrk = PAGE_ALIGN(mm->brk); @@ -1990,9 +2070,10 @@ diff -Nur a/mm/mmap.c b/mm/mmap.c if (oldbrk == newbrk) goto set_brk; -diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c ---- a/mm/page_alloc.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/page_alloc.c 2018-05-26 19:24:34.848783456 +0100 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 59ccf455fcbd..929c2dae4954 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c @@ -67,6 +67,7 @@ #include <linux/ftrace.h> #include <linux/lockdep.h> @@ -2001,7 +2082,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c #include <asm/sections.h> #include <asm/tlbflush.h> -@@ -98,6 +99,15 @@ +@@ -98,6 +99,15 @@ int _node_numa_mem_[MAX_NUMNODES]; DEFINE_MUTEX(pcpu_drain_mutex); DEFINE_PER_CPU(struct work_struct, pcpu_drain); @@ -2017,7 +2098,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY volatile unsigned long latent_entropy __latent_entropy; EXPORT_SYMBOL(latent_entropy); -@@ -1063,6 +1073,13 @@ +@@ -1063,6 +1073,13 @@ static __always_inline bool free_pages_prepare(struct page *page, debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -2031,7 +2112,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c arch_free_page(page, order); kernel_poison_pages(page, 1 << order, 0); kernel_map_pages(page, 1 << order, 0); -@@ -1278,6 +1295,21 @@ +@@ -1278,6 +1295,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -2053,7 +2134,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -1718,8 +1750,8 @@ +@@ -1718,8 +1750,8 @@ static inline int check_new_page(struct page *page) static inline bool free_pages_prezeroed(void) { @@ -2064,7 +2145,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c } #ifdef CONFIG_DEBUG_VM -@@ -1776,6 +1808,11 @@ +@@ -1776,6 +1808,11 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags post_alloc_hook(page, order, gfp_flags); @@ -2076,44 +2157,11 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c if (!free_pages_prezeroed() && (gfp_flags & __GFP_ZERO)) for (i = 0; i < (1 << order); i++) clear_highpage(page + i); -diff -Nur a/mm/slab_common.c b/mm/slab_common.c ---- a/mm/slab_common.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/slab_common.c 2018-05-26 19:24:34.849783488 +0100 -@@ -26,10 +26,10 @@ - - #include "slab.h" - --enum slab_state slab_state; -+enum slab_state slab_state __ro_after_init; - LIST_HEAD(slab_caches); - DEFINE_MUTEX(slab_mutex); --struct kmem_cache *kmem_cache; -+struct kmem_cache *kmem_cache __ro_after_init; - - static LIST_HEAD(slab_caches_to_rcu_destroy); - static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); -@@ -49,7 +49,7 @@ - /* - * Merge control. If this is set then no merging of slab caches will occur. - */ --static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); -+static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); - - static int __init setup_slab_nomerge(char *str) - { -@@ -927,7 +927,7 @@ - * of two cache sizes there. The size of larger slabs can be determined using - * fls. - */ --static s8 size_index[24] = { -+static s8 size_index[24] __ro_after_init = { - 3, /* 8 */ - 4, /* 16 */ - 5, /* 24 */ -diff -Nur a/mm/slab.h b/mm/slab.h ---- a/mm/slab.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/slab.h 2018-05-26 19:24:34.848783456 +0100 -@@ -311,7 +311,11 @@ +diff --git a/mm/slab.h b/mm/slab.h +index 485d9fbb8802..436461588804 100644 +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -311,7 +311,11 @@ static inline bool is_root_cache(struct kmem_cache *s) static inline bool slab_equal_or_root(struct kmem_cache *s, struct kmem_cache *p) { @@ -2125,7 +2173,7 @@ diff -Nur a/mm/slab.h b/mm/slab.h } static inline const char *cache_name(struct kmem_cache *s) -@@ -363,18 +367,26 @@ +@@ -363,18 +367,26 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) * to not do even the assignment. In that case, slab_equal_or_root * will also be a constant. */ @@ -2153,7 +2201,7 @@ diff -Nur a/mm/slab.h b/mm/slab.h return s; } -@@ -399,7 +411,7 @@ +@@ -399,7 +411,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) * back there or track user information then we can * only use the space before that information. */ @@ -2162,10 +2210,46 @@ diff -Nur a/mm/slab.h b/mm/slab.h return s->inuse; /* * Else we can use all the padding etc for the allocation -diff -Nur a/mm/slub.c b/mm/slub.c ---- a/mm/slub.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/slub.c 2018-05-26 19:24:34.850783521 +0100 -@@ -125,6 +125,16 @@ +diff --git a/mm/slab_common.c b/mm/slab_common.c +index 91d271b90600..f4af25f18af2 100644 +--- a/mm/slab_common.c ++++ b/mm/slab_common.c +@@ -26,10 +26,10 @@ + + #include "slab.h" + +-enum slab_state slab_state; ++enum slab_state slab_state __ro_after_init; + LIST_HEAD(slab_caches); + DEFINE_MUTEX(slab_mutex); +-struct kmem_cache *kmem_cache; ++struct kmem_cache *kmem_cache __ro_after_init; + + static LIST_HEAD(slab_caches_to_rcu_destroy); + static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); +@@ -49,7 +49,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work, + /* + * Merge control. If this is set then no merging of slab caches will occur. + */ +-static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); ++static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT); + + static int __init setup_slab_nomerge(char *str) + { +@@ -931,7 +931,7 @@ EXPORT_SYMBOL(kmalloc_dma_caches); + * of two cache sizes there. The size of larger slabs can be determined using + * fls. + */ +-static s8 size_index[24] = { ++static s8 size_index[24] __ro_after_init = { + 3, /* 8 */ + 4, /* 16 */ + 5, /* 24 */ +diff --git a/mm/slub.c b/mm/slub.c +index 10e54c4acd19..23fa3d3be997 100644 +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -125,6 +125,16 @@ static inline int kmem_cache_debug(struct kmem_cache *s) #endif } @@ -2182,7 +2266,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c void *fixup_red_left(struct kmem_cache *s, void *p) { if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) -@@ -297,6 +307,35 @@ +@@ -297,6 +307,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); } @@ -2218,7 +2302,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* Loop over all objects in a slab */ #define for_each_object(__p, __s, __addr, __objects) \ for (__p = fixup_red_left(__s, __addr); \ -@@ -484,13 +523,13 @@ +@@ -484,13 +523,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) * Debug settings: */ #if defined(CONFIG_SLUB_DEBUG_ON) @@ -2236,7 +2320,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* * slub is about to manipulate internal object metadata. This memory lies -@@ -550,6 +589,9 @@ +@@ -550,6 +589,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, else p = object + s->inuse; @@ -2246,7 +2330,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c return p + alloc; } -@@ -688,6 +730,9 @@ +@@ -688,6 +730,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) else off = s->inuse; @@ -2256,7 +2340,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c if (s->flags & SLAB_STORE_USER) off += 2 * sizeof(struct track); -@@ -817,6 +862,9 @@ +@@ -817,6 +862,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) /* Freepointer is placed after the object. */ off += sizeof(void *); @@ -2266,7 +2350,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c if (s->flags & SLAB_STORE_USER) /* We also have user information there */ off += 2 * sizeof(struct track); -@@ -1416,8 +1464,9 @@ +@@ -1416,8 +1464,9 @@ static void setup_object(struct kmem_cache *s, struct page *page, void *object) { setup_object_debug(s, page, object); @@ -2277,7 +2361,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c kasan_unpoison_object_data(s, object); s->ctor(object); kasan_poison_object_data(s, object); -@@ -2717,9 +2766,21 @@ +@@ -2717,9 +2766,21 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, stat(s, ALLOC_FASTPATH); } @@ -2300,7 +2384,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c slab_post_alloc_hook(s, gfpflags, 1, &object); return object; -@@ -2926,6 +2987,27 @@ +@@ -2926,6 +2987,27 @@ static __always_inline void do_slab_free(struct kmem_cache *s, void *tail_obj = tail ? : head; struct kmem_cache_cpu *c; unsigned long tid; @@ -2328,7 +2412,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c redo: /* * Determine the currently cpus per cpu slab. -@@ -3104,7 +3186,7 @@ +@@ -3104,7 +3186,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, void **p) { struct kmem_cache_cpu *c; @@ -2337,7 +2421,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* memcg and kmem_cache debug support */ s = slab_pre_alloc_hook(s, flags); -@@ -3141,13 +3223,29 @@ +@@ -3141,13 +3223,29 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, local_irq_enable(); /* Clear memory outside IRQ disabled fastpath loop */ @@ -2368,7 +2452,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* memcg and kmem_cache debug support */ slab_post_alloc_hook(s, flags, size, p); return i; -@@ -3179,9 +3277,9 @@ +@@ -3179,9 +3277,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); * and increases the number of allocations possible without having to * take the list_lock. */ @@ -2381,7 +2465,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* * Calculate the order of allocation given an slab object size. -@@ -3351,6 +3449,7 @@ +@@ -3351,6 +3449,7 @@ static void early_kmem_cache_node_alloc(int node) init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); init_tracking(kmem_cache_node, n); #endif @@ -2389,7 +2473,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), GFP_KERNEL); init_kmem_cache_node(n); -@@ -3507,6 +3606,9 @@ +@@ -3507,6 +3606,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) size += sizeof(void *); } @@ -2399,7 +2483,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c #ifdef CONFIG_SLUB_DEBUG if (flags & SLAB_STORE_USER) /* -@@ -3577,6 +3679,10 @@ +@@ -3577,6 +3679,10 @@ static int kmem_cache_open(struct kmem_cache *s, unsigned long flags) #ifdef CONFIG_SLAB_FREELIST_HARDENED s->random = get_random_long(); #endif @@ -2410,7 +2494,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c if (need_reserve_slab_rcu && (s->flags & SLAB_TYPESAFE_BY_RCU)) s->reserved = sizeof(struct rcu_head); -@@ -3841,6 +3947,8 @@ +@@ -3841,6 +3947,8 @@ const char *__check_heap_object(const void *ptr, unsigned long n, offset -= s->red_left_pad; } @@ -2419,7 +2503,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c /* Allow address range falling entirely within object size. */ if (offset <= object_size && n <= object_size - offset) return NULL; -@@ -3859,7 +3967,11 @@ +@@ -3859,7 +3967,11 @@ static size_t __ksize(const void *object) page = virt_to_head_page(object); if (unlikely(!PageSlab(page))) { @@ -2431,7 +2515,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c return PAGE_SIZE << compound_order(page); } -@@ -4724,7 +4836,7 @@ +@@ -4724,7 +4836,7 @@ enum slab_stat_type { #define SO_TOTAL (1 << SL_TOTAL) #ifdef CONFIG_MEMCG @@ -2440,10 +2524,11 @@ diff -Nur a/mm/slub.c b/mm/slub.c static int __init setup_slub_memcg_sysfs(char *str) { -diff -Nur a/mm/swap.c b/mm/swap.c ---- a/mm/swap.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/mm/swap.c 2018-05-26 19:24:34.850783521 +0100 -@@ -92,6 +92,13 @@ +diff --git a/mm/swap.c b/mm/swap.c +index a77d68f2c1b6..d1f1d75f4d1f 100644 +--- a/mm/swap.c ++++ b/mm/swap.c +@@ -92,6 +92,13 @@ static void __put_compound_page(struct page *page) if (!PageHuge(page)) __page_cache_release(page); dtor = get_compound_page_dtor(page); @@ -2457,10 +2542,11 @@ diff -Nur a/mm/swap.c b/mm/swap.c (*dtor)(page); } -diff -Nur a/net/core/dev.c b/net/core/dev.c ---- a/net/core/dev.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/net/core/dev.c 2018-05-26 19:24:34.852783586 +0100 -@@ -4095,7 +4095,7 @@ +diff --git a/net/core/dev.c b/net/core/dev.c +index 6ca771f2f25b..6da2c9c3e6a5 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -4095,7 +4095,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -2469,7 +2555,7 @@ diff -Nur a/net/core/dev.c b/net/core/dev.c { struct softnet_data *sd = this_cpu_ptr(&softnet_data); -@@ -5609,7 +5609,7 @@ +@@ -5609,7 +5609,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) return work; } @@ -2478,10 +2564,11 @@ diff -Nur a/net/core/dev.c b/net/core/dev.c { struct softnet_data *sd = this_cpu_ptr(&softnet_data); unsigned long time_limit = jiffies + -diff -Nur a/net/ipv4/Kconfig b/net/ipv4/Kconfig ---- a/net/ipv4/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/net/ipv4/Kconfig 2018-05-26 19:24:34.852783586 +0100 -@@ -261,6 +261,7 @@ +diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig +index f48fe6fc7e8c..d78c52835c08 100644 +--- a/net/ipv4/Kconfig ++++ b/net/ipv4/Kconfig +@@ -261,6 +261,7 @@ config IP_PIMSM_V2 config SYN_COOKIES bool "IP: TCP syncookie support" @@ -2489,10 +2576,11 @@ diff -Nur a/net/ipv4/Kconfig b/net/ipv4/Kconfig ---help--- Normal TCP/IP networking is open to an attack known as "SYN flooding". This denial-of-service attack prevents legitimate remote -diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c ---- a/scripts/mod/modpost.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/scripts/mod/modpost.c 2018-05-26 19:24:34.852783586 +0100 -@@ -37,6 +37,7 @@ +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c +index 54deaa1066cf..211f97bd5ee3 100644 +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; static int warn_unresolved = 0; /* How a symbol is exported */ static int sec_mismatch_count = 0; @@ -2500,7 +2588,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c static int sec_mismatch_verbose = 1; static int sec_mismatch_fatal = 0; /* ignore missing files */ -@@ -965,6 +966,7 @@ +@@ -965,6 +966,7 @@ enum mismatch { ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, EXTABLE_TO_NON_TEXT, @@ -2508,7 +2596,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c }; /** -@@ -1091,6 +1093,12 @@ +@@ -1091,6 +1093,12 @@ static const struct sectioncheck sectioncheck[] = { .good_tosec = {ALL_TEXT_SECTIONS , NULL}, .mismatch = EXTABLE_TO_NON_TEXT, .handler = extable_mismatch_handler, @@ -2521,7 +2609,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c } }; -@@ -1240,10 +1248,10 @@ +@@ -1240,10 +1248,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -2534,7 +2622,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1402,7 +1410,11 @@ +@@ -1402,7 +1410,11 @@ static void report_sec_mismatch(const char *modname, char *prl_from; char *prl_to; @@ -2547,7 +2635,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c if (!sec_mismatch_verbose) return; -@@ -1526,6 +1538,14 @@ +@@ -1526,6 +1538,14 @@ static void report_sec_mismatch(const char *modname, fatal("There's a special handler for this mismatch type, " "we should never get here."); break; @@ -2562,7 +2650,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c } fprintf(stderr, "\n"); } -@@ -2539,6 +2559,14 @@ +@@ -2539,6 +2559,14 @@ int main(int argc, char **argv) } } free(buf.p); @@ -2577,10 +2665,11 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c return err; } -diff -Nur a/security/Kconfig b/security/Kconfig ---- a/security/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/Kconfig 2018-05-26 19:24:34.853783618 +0100 -@@ -8,7 +8,7 @@ +diff --git a/security/Kconfig b/security/Kconfig +index 87f2a6f842fd..7bdbb7edf5bf 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -8,7 +8,7 @@ source security/keys/Kconfig config SECURITY_DMESG_RESTRICT bool "Restrict unprivileged access to the kernel syslog" @@ -2589,7 +2678,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This enforces restrictions on unprivileged users reading the kernel syslog via dmesg(8). -@@ -18,10 +18,34 @@ +@@ -18,10 +18,34 @@ config SECURITY_DMESG_RESTRICT If you are unsure how to answer this question, answer N. @@ -2624,7 +2713,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This allows you to choose different security modules to be configured into your kernel. -@@ -48,6 +72,7 @@ +@@ -48,6 +72,7 @@ config SECURITYFS config SECURITY_NETWORK bool "Socket and Networking Security Hooks" depends on SECURITY @@ -2632,7 +2721,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This enables the socket and networking security hooks. If enabled, a security module can use these hooks to -@@ -155,6 +180,7 @@ +@@ -155,6 +180,7 @@ config HARDENED_USERCOPY depends on HAVE_HARDENED_USERCOPY_ALLOCATOR select BUG imply STRICT_DEVMEM @@ -2640,7 +2729,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig help This option checks for obviously wrong memory regions when copying memory to/from the kernel (via copy_to_user() and -@@ -178,10 +204,36 @@ +@@ -178,10 +204,36 @@ config HARDENED_USERCOPY_PAGESPAN config FORTIFY_SOURCE bool "Harden common str/mem functions against buffer overflows" depends on ARCH_HAS_FORTIFY_SOURCE @@ -2677,21 +2766,11 @@ diff -Nur a/security/Kconfig b/security/Kconfig config STATIC_USERMODEHELPER bool "Force all usermode helper calls through a single binary" help -diff -Nur a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h ---- a/security/selinux/include/objsec.h 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/selinux/include/objsec.h 2018-05-26 19:24:34.853783618 +0100 -@@ -150,6 +150,6 @@ - u32 sid; /* SID of pkey */ - }; - --extern unsigned int selinux_checkreqprot; -+extern const unsigned int selinux_checkreqprot; - - #endif /* _SELINUX_OBJSEC_H_ */ -diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig ---- a/security/selinux/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/selinux/Kconfig 2018-05-26 19:24:34.853783618 +0100 -@@ -2,7 +2,7 @@ +diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig +index 8af7a690eb40..6539694b0fd3 100644 +--- a/security/selinux/Kconfig ++++ b/security/selinux/Kconfig +@@ -2,7 +2,7 @@ config SECURITY_SELINUX bool "NSA SELinux Support" depends on SECURITY_NETWORK && AUDIT && NET && INET select NETWORK_SECMARK @@ -2700,7 +2779,7 @@ diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig help This selects NSA Security-Enhanced Linux (SELinux). You will also need a policy configuration and a labeled filesystem. -@@ -79,23 +79,3 @@ +@@ -79,23 +79,3 @@ config SECURITY_SELINUX_AVC_STATS This option collects access vector cache statistics to /selinux/avc/cache_stats, which may be monitored via tools such as avcstat. @@ -2724,9 +2803,22 @@ diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig - via /selinux/checkreqprot if authorized by policy. - - If you are unsure how to answer this question, answer 0. -diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c ---- a/security/selinux/selinuxfs.c 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/selinux/selinuxfs.c 2018-05-26 19:24:34.853783618 +0100 +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h +index 1649cd18eb0b..067f35559aa7 100644 +--- a/security/selinux/include/objsec.h ++++ b/security/selinux/include/objsec.h +@@ -150,6 +150,6 @@ struct pkey_security_struct { + u32 sid; /* SID of pkey */ + }; + +-extern unsigned int selinux_checkreqprot; ++extern const unsigned int selinux_checkreqprot; + + #endif /* _SELINUX_OBJSEC_H_ */ +diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c +index 00eed842c491..8f7b8d7e6f91 100644 +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c @@ -41,16 +41,7 @@ #include "objsec.h" #include "conditional.h" @@ -2745,7 +2837,7 @@ diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c static DEFINE_MUTEX(sel_mutex); -@@ -610,10 +601,9 @@ +@@ -610,10 +601,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, return PTR_ERR(page); length = -EINVAL; @@ -2757,9 +2849,10 @@ diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c length = count; out: kfree(page); -diff -Nur a/security/yama/Kconfig b/security/yama/Kconfig ---- a/security/yama/Kconfig 2018-05-25 15:18:02.000000000 +0100 -+++ b/security/yama/Kconfig 2018-05-26 19:24:34.853783618 +0100 +diff --git a/security/yama/Kconfig b/security/yama/Kconfig +index 96b27405558a..485c1b85c325 100644 +--- a/security/yama/Kconfig ++++ b/security/yama/Kconfig @@ -1,7 +1,7 @@ config SECURITY_YAMA bool "Yama support" diff --git a/sys-kernel/linux-sources-redcore-lts/files/redcore-lts-amd64.config b/sys-kernel/linux-sources-redcore-lts/files/redcore-lts-amd64.config index b19d02da..89478fba 100644 --- a/sys-kernel/linux-sources-redcore-lts/files/redcore-lts-amd64.config +++ b/sys-kernel/linux-sources-redcore-lts/files/redcore-lts-amd64.config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.44-redcore-lts Kernel Configuration +# Linux/x86 4.14.65-redcore-lts Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -206,12 +206,10 @@ CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_LOCAL_INIT is not set CONFIG_SYSCTL=y CONFIG_ANON_INODES=y -CONFIG_HAVE_UID16=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_HAVE_PCSPKR_PLATFORM=y CONFIG_BPF=y # CONFIG_EXPERT is not set -CONFIG_UID16=y CONFIG_MULTIUSER=y CONFIG_SGETMASK_SYSCALL=y CONFIG_SYSFS_SYSCALL=y @@ -234,7 +232,6 @@ CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_BPF_SYSCALL=y -CONFIG_BPF_JIT_ALWAYS_ON=y CONFIG_SHMEM=y CONFIG_AIO=y CONFIG_ADVISE_SYSCALLS=y @@ -263,10 +260,9 @@ CONFIG_SLAB_HARDENED=y CONFIG_SLAB_SANITIZE=y CONFIG_SLAB_SANITIZE_VERIFY=y CONFIG_SLUB_CPU_PARTIAL=y -# CONFIG_SYSTEM_DATA_VERIFICATION is not set +CONFIG_SYSTEM_DATA_VERIFICATION=y # CONFIG_PROFILING is not set -CONFIG_CRASH_CORE=y -CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y CONFIG_HAVE_OPROFILE=y CONFIG_OPROFILE_NMI_TIMER=y # CONFIG_KPROBES is not set @@ -305,8 +301,6 @@ CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y -CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y -CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_GCC_PLUGINS=y @@ -332,15 +326,10 @@ CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_HAVE_ARCH_MMAP_RND_BITS=y CONFIG_HAVE_EXIT_THREAD=y CONFIG_ARCH_MMAP_RND_BITS=32 -CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y -CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16 -CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y CONFIG_HAVE_COPY_THREAD_TLS=y CONFIG_HAVE_STACK_VALIDATION=y # CONFIG_HAVE_ARCH_HASH is not set # CONFIG_ISA_BUS_API is not set -CONFIG_OLD_SIGSUSPEND3=y -CONFIG_COMPAT_OLD_SIGACTION=y # CONFIG_CPU_NO_EFFICIENT_FFS is not set CONFIG_HAVE_ARCH_VMAP_STACK=y CONFIG_VMAP_STACK=y @@ -351,7 +340,7 @@ CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y CONFIG_ARCH_HAS_REFCOUNT=y -# CONFIG_REFCOUNT_FULL is not set +CONFIG_REFCOUNT_FULL=y # # GCOV-based kernel profiling @@ -368,7 +357,15 @@ CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_MODULE_SRCVERSION_ALL=y -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS=y CONFIG_MODULE_COMPRESS_GZIP=y # CONFIG_MODULE_COMPRESS_XZ is not set @@ -413,7 +410,6 @@ CONFIG_LDM_DEBUG=y CONFIG_EFI_PARTITION=y # CONFIG_SYSV68_PARTITION is not set CONFIG_CMDLINE_PARTITION=y -CONFIG_BLOCK_COMPAT=y CONFIG_BLK_MQ_PCI=y CONFIG_BLK_MQ_VIRTIO=y CONFIG_BLK_MQ_RDMA=y @@ -435,7 +431,7 @@ CONFIG_IOSCHED_BFQ=y CONFIG_BFQ_GROUP_IOSCHED=y CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y -CONFIG_ASN1=m +CONFIG_ASN1=y CONFIG_UNINLINE_SPIN_UNLOCK=y CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y @@ -527,8 +523,6 @@ CONFIG_PERF_EVENTS_INTEL_RAPL=y CONFIG_PERF_EVENTS_INTEL_CSTATE=y CONFIG_PERF_EVENTS_AMD_POWER=m # CONFIG_VM86 is not set -CONFIG_X86_16BIT=y -CONFIG_X86_ESPFIX64=y CONFIG_X86_VSYSCALL_EMULATION=y CONFIG_I8K=m CONFIG_MICROCODE=y @@ -649,9 +643,8 @@ CONFIG_SECCOMP=y CONFIG_HZ_1000=y CONFIG_HZ=1000 CONFIG_SCHED_HRTICK=y -CONFIG_KEXEC=y +# CONFIG_KEXEC is not set # CONFIG_CRASH_DUMP is not set -CONFIG_KEXEC_JUMP=y CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y CONFIG_RANDOMIZE_BASE=y @@ -662,12 +655,11 @@ CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa CONFIG_HOTPLUG_CPU=y CONFIG_BOOTPARAM_HOTPLUG_CPU0=y # CONFIG_DEBUG_HOTPLUG_CPU0 is not set -# CONFIG_COMPAT_VDSO is not set # CONFIG_LEGACY_VSYSCALL_NATIVE is not set -CONFIG_LEGACY_VSYSCALL_EMULATE=y -# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_LEGACY_VSYSCALL_EMULATE is not set +CONFIG_LEGACY_VSYSCALL_NONE=y # CONFIG_CMDLINE_BOOL is not set -CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_MODIFY_LDT_SYSCALL is not set CONFIG_HAVE_LIVEPATCH=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y @@ -904,23 +896,16 @@ CONFIG_X86_SYSFB=y # Executable file formats / Emulations # CONFIG_BINFMT_ELF=y -CONFIG_COMPAT_BINFMT_ELF=y CONFIG_ELFCORE=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_SCRIPT=y # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=y CONFIG_COREDUMP=y -CONFIG_IA32_EMULATION=y -CONFIG_IA32_AOUT=y +# CONFIG_IA32_EMULATION is not set # CONFIG_X86_X32 is not set -CONFIG_COMPAT_32=y -CONFIG_COMPAT=y -CONFIG_COMPAT_FOR_U64_ALIGNMENT=y -CONFIG_SYSVIPC_COMPAT=y CONFIG_X86_DEV_DMA_OPS=y CONFIG_NET=y -CONFIG_COMPAT_NETLINK_MESSAGES=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y @@ -979,11 +964,7 @@ CONFIG_INET_TUNNEL=m CONFIG_INET_XFRM_MODE_TRANSPORT=m CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_XFRM_MODE_BEET=m -CONFIG_INET_DIAG=m -CONFIG_INET_TCP_DIAG=m -CONFIG_INET_UDP_DIAG=m -CONFIG_INET_RAW_DIAG=m -CONFIG_INET_DIAG_DESTROY=y +# CONFIG_INET_DIAG is not set CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=m @@ -1325,6 +1306,9 @@ CONFIG_NF_CONNTRACK_IPV6=m CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TABLES_IPV6=m CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m CONFIG_NFT_REJECT_IPV6=m CONFIG_NFT_DUP_IPV6=m CONFIG_NFT_FIB_IPV6=m @@ -1332,10 +1316,7 @@ CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m CONFIG_NF_NAT_IPV6=m -CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_NF_NAT_MASQUERADE_IPV6=m -CONFIG_NFT_MASQ_IPV6=m -CONFIG_NFT_REDIR_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -1385,21 +1366,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=m CONFIG_BRIDGE_EBT_SNAT=m CONFIG_BRIDGE_EBT_LOG=m CONFIG_BRIDGE_EBT_NFLOG=m -CONFIG_IP_DCCP=m -CONFIG_INET_DCCP_DIAG=m - -# -# DCCP CCIDs Configuration -# -# CONFIG_IP_DCCP_CCID2_DEBUG is not set -CONFIG_IP_DCCP_CCID3=y -# CONFIG_IP_DCCP_CCID3_DEBUG is not set -CONFIG_IP_DCCP_TFRC_LIB=y - -# -# DCCP Kernel Hacking -# -# CONFIG_IP_DCCP_DEBUG is not set +# CONFIG_IP_DCCP is not set CONFIG_IP_SCTP=m # CONFIG_SCTP_DBG_OBJCNT is not set CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y @@ -1407,7 +1374,6 @@ CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y # CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set CONFIG_SCTP_COOKIE_HMAC_MD5=y CONFIG_SCTP_COOKIE_HMAC_SHA1=y -CONFIG_INET_SCTP_DIAG=m CONFIG_RDS=m CONFIG_RDS_RDMA=m CONFIG_RDS_TCP=m @@ -1597,8 +1563,8 @@ CONFIG_CGROUP_NET_PRIO=y CONFIG_CGROUP_NET_CLASSID=y CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y -CONFIG_BPF_JIT=y -CONFIG_BPF_STREAM_PARSER=y +# CONFIG_BPF_JIT is not set +# CONFIG_BPF_STREAM_PARSER is not set CONFIG_NET_FLOW_LIMIT=y # @@ -1737,7 +1703,7 @@ CONFIG_AF_RXRPC_IPV6=y # CONFIG_AF_RXRPC_DEBUG is not set # CONFIG_RXKAD is not set CONFIG_AF_KCM=m -CONFIG_STREAM_PARSER=y +CONFIG_STREAM_PARSER=m CONFIG_FIB_RULES=y CONFIG_WIRELESS=y CONFIG_WIRELESS_EXT=y @@ -3779,8 +3745,7 @@ CONFIG_VT_CONSOLE_SLEEP=y CONFIG_HW_CONSOLE=y CONFIG_VT_HW_CONSOLE_BINDING=y CONFIG_UNIX98_PTYS=y -CONFIG_LEGACY_PTYS=y -CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_LEGACY_PTYS is not set CONFIG_SERIAL_NONSTANDARD=y CONFIG_ROCKETPORT=m CONFIG_CYCLADES=m @@ -6880,7 +6845,6 @@ CONFIG_SYNC_FILE=y # CONFIG_SW_SYNC is not set CONFIG_DCA=m CONFIG_AUXDISPLAY=y -CONFIG_CHARLCD=m CONFIG_HD44780=m CONFIG_KS0108=m CONFIG_KS0108_PORT=0x378 @@ -6892,6 +6856,7 @@ CONFIG_PANEL=m CONFIG_PANEL_PARPORT=0 CONFIG_PANEL_PROFILE=5 # CONFIG_PANEL_CHANGE_MESSAGE is not set +CONFIG_CHARLCD=m CONFIG_UIO=m CONFIG_UIO_CIF=m CONFIG_UIO_PDRV_GENIRQ=m @@ -8097,7 +8062,6 @@ CONFIG_EFI_VARS=m CONFIG_EFI_ESRT=y CONFIG_EFI_VARS_PSTORE=m CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y -CONFIG_EFI_RUNTIME_MAP=y # CONFIG_EFI_FAKE_MEMMAP is not set CONFIG_EFI_RUNTIME_WRAPPERS=y CONFIG_EFI_BOOTLOADER_CONTROL=m @@ -8177,7 +8141,6 @@ CONFIG_QUOTA_TREE=m CONFIG_QFMT_V1=m CONFIG_QFMT_V2=m CONFIG_QUOTACTL=y -CONFIG_QUOTACTL_COMPAT=y CONFIG_AUTOFS4_FS=m CONFIG_FUSE_FS=m CONFIG_CUSE=m @@ -8484,10 +8447,12 @@ CONFIG_DEBUG_KERNEL=y # # CONFIG_PAGE_EXTENSION is not set # CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_PAGE_POISONING is not set +CONFIG_PAGE_POISONING=y +CONFIG_PAGE_POISONING_NO_SANITY=y +CONFIG_PAGE_POISONING_ZERO=y # CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_DEBUG_ON is not set +CONFIG_SLUB_DEBUG_ON=y # CONFIG_SLUB_STATS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set @@ -8519,7 +8484,7 @@ CONFIG_PANIC_TIMEOUT=0 CONFIG_SCHED_DEBUG=y CONFIG_SCHED_INFO=y CONFIG_SCHEDSTATS=y -# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_SCHED_STACK_END_CHECK=y # CONFIG_DEBUG_TIMEKEEPING is not set # CONFIG_DEBUG_PREEMPT is not set @@ -8541,11 +8506,11 @@ CONFIG_SCHEDSTATS=y # CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set # CONFIG_DEBUG_KOBJECT is not set CONFIG_DEBUG_BUGVERBOSE=y -# CONFIG_DEBUG_LIST is not set -# CONFIG_DEBUG_PI_LIST is not set -# CONFIG_DEBUG_SG is not set -# CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_DEBUG_CREDENTIALS is not set +CONFIG_DEBUG_LIST=y +CONFIG_DEBUG_PI_LIST=y +CONFIG_DEBUG_SG=y +CONFIG_DEBUG_NOTIFIERS=y +CONFIG_DEBUG_CREDENTIALS=y # # RCU Debugging @@ -8573,32 +8538,14 @@ CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_HAVE_FENTRY=y CONFIG_HAVE_C_RECORDMCOUNT=y CONFIG_TRACING_SUPPORT=y -CONFIG_FTRACE=y -# CONFIG_FUNCTION_TRACER is not set -# CONFIG_IRQSOFF_TRACER is not set -# CONFIG_PREEMPT_TRACER is not set -# CONFIG_SCHED_TRACER is not set -# CONFIG_HWLAT_TRACER is not set -# CONFIG_ENABLE_DEFAULT_TRACERS is not set -# CONFIG_FTRACE_SYSCALLS is not set -# CONFIG_TRACER_SNAPSHOT is not set -CONFIG_BRANCH_PROFILE_NONE=y -# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set -# CONFIG_STACK_TRACER is not set -# CONFIG_BLK_DEV_IO_TRACE is not set -# CONFIG_UPROBE_EVENTS is not set -# CONFIG_PROBE_EVENTS is not set -# CONFIG_MMIOTRACE is not set -# CONFIG_HIST_TRIGGERS is not set -# CONFIG_TRACEPOINT_BENCHMARK is not set -CONFIG_TRACING_EVENTS_GPIO=y +# CONFIG_FTRACE is not set # CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set # CONFIG_DMA_API_DEBUG is not set # # Runtime Testing # -# CONFIG_LKDTM is not set +CONFIG_LKDTM=m # CONFIG_TEST_LIST_SORT is not set # CONFIG_TEST_SORT is not set # CONFIG_BACKTRACE_SELF_TEST is not set @@ -8625,7 +8572,7 @@ CONFIG_TEST_SYSCTL=m CONFIG_TEST_STATIC_KEYS=m CONFIG_TEST_KMOD=m CONFIG_MEMTEST=y -# CONFIG_BUG_ON_DATA_CORRUPTION is not set +CONFIG_BUG_ON_DATA_CORRUPTION=y # CONFIG_SAMPLES is not set CONFIG_HAVE_ARCH_KGDB=y # CONFIG_KGDB is not set @@ -8634,17 +8581,17 @@ CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y CONFIG_STRICT_DEVMEM=y -# CONFIG_IO_STRICT_DEVMEM is not set +CONFIG_IO_STRICT_DEVMEM=y CONFIG_EARLY_PRINTK_USB=y CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set # CONFIG_EARLY_PRINTK_EFI is not set CONFIG_EARLY_PRINTK_USB_XDBC=y -# CONFIG_X86_PTDUMP_CORE is not set +CONFIG_X86_PTDUMP_CORE=y # CONFIG_X86_PTDUMP is not set # CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_WX is not set +CONFIG_DEBUG_WX=y CONFIG_DOUBLEFAULT=y # CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_DEBUG is not set @@ -8673,7 +8620,6 @@ CONFIG_UNWINDER_ORC=y # Security options # CONFIG_KEYS=y -CONFIG_KEYS_COMPAT=y CONFIG_PERSISTENT_KEYRINGS=y # CONFIG_BIG_KEYS is not set CONFIG_TRUSTED_KEYS=m @@ -8691,7 +8637,8 @@ CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y CONFIG_PAGE_SANITIZE=y CONFIG_PAGE_SANITIZE_VERIFY=y -# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_STATIC_USERMODEHELPER=y +CONFIG_STATIC_USERMODEHELPER_PATH="" CONFIG_DEFAULT_SECURITY_DAC=y CONFIG_DEFAULT_SECURITY="" CONFIG_XOR_BLOCKS=m @@ -8717,11 +8664,11 @@ CONFIG_CRYPTO_RNG=m CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=m CONFIG_CRYPTO_AKCIPHER2=y -CONFIG_CRYPTO_AKCIPHER=m +CONFIG_CRYPTO_AKCIPHER=y CONFIG_CRYPTO_KPP2=y CONFIG_CRYPTO_KPP=m CONFIG_CRYPTO_ACOMP2=y -CONFIG_CRYPTO_RSA=m +CONFIG_CRYPTO_RSA=y CONFIG_CRYPTO_DH=m CONFIG_CRYPTO_ECDH=m CONFIG_CRYPTO_MANAGER=y @@ -8798,7 +8745,7 @@ CONFIG_CRYPTO_SHA1_MB=m CONFIG_CRYPTO_SHA256_MB=m CONFIG_CRYPTO_SHA512_MB=m CONFIG_CRYPTO_SHA256=m -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m @@ -8830,7 +8777,6 @@ CONFIG_CRYPTO_DES3_EDE_X86_64=m CONFIG_CRYPTO_FCRYPT=m CONFIG_CRYPTO_KHAZAD=m CONFIG_CRYPTO_SALSA20=m -CONFIG_CRYPTO_SALSA20_X86_64=m CONFIG_CRYPTO_CHACHA20=m CONFIG_CRYPTO_CHACHA20_X86_64=m CONFIG_CRYPTO_SEED=m @@ -8891,13 +8837,16 @@ CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m CONFIG_CRYPTO_DEV_CHELSIO=m CONFIG_CRYPTO_DEV_VIRTIO=m CONFIG_ASYMMETRIC_KEY_TYPE=y -CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m -CONFIG_X509_CERTIFICATE_PARSER=m -CONFIG_PKCS7_MESSAGE_PARSER=m +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +CONFIG_X509_CERTIFICATE_PARSER=y +CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set # # Certificates for signature checking # +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="" # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set @@ -8915,7 +8864,6 @@ CONFIG_HAVE_KVM_MSI=y CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y CONFIG_KVM_VFIO=y CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y -CONFIG_KVM_COMPAT=y CONFIG_HAVE_KVM_IRQ_BYPASS=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m @@ -9019,8 +8967,8 @@ CONFIG_CLZ_TAB=y CONFIG_CORDIC=m CONFIG_DDR=y CONFIG_IRQ_POLL=y -CONFIG_MPILIB=m -CONFIG_OID_REGISTRY=m +CONFIG_MPILIB=y +CONFIG_OID_REGISTRY=y CONFIG_UCS2_STRING=y CONFIG_FONT_SUPPORT=y CONFIG_FONTS=y diff --git a/sys-kernel/linux-sources-redcore-lts/linux-sources-redcore-lts-4.14.50.ebuild b/sys-kernel/linux-sources-redcore-lts/linux-sources-redcore-lts-4.14.65.ebuild index 229bb6f2..885311ba 100644 --- a/sys-kernel/linux-sources-redcore-lts/linux-sources-redcore-lts-4.14.50.ebuild +++ b/sys-kernel/linux-sources-redcore-lts/linux-sources-redcore-lts-4.14.65.ebuild @@ -25,14 +25,14 @@ DEPEND=" sys-devel/make" RDEPEND="${DEPEND}" -PATCHES=( "${FILESDIR}"/enable_alx_wol.patch - "${FILESDIR}"/introduce-NUMA-identity-node-sched-domain.patch +PATCHES=( "${FILESDIR}"/introduce-NUMA-identity-node-sched-domain.patch "${FILESDIR}"/k10temp-add-ZEN-support.patch "${FILESDIR}"/mute-pps_state_mismatch.patch "${FILESDIR}"/restore-SD_PREFER_SIBLING-on-MC-domains.patch "${FILESDIR}"/Revert-ath10k-activate-user-space-firmware-loading.patch "${FILESDIR}"/linux-hardened.patch - "${FILESDIR}"/uksm-for-linux-hardened.patch ) + "${FILESDIR}"/uksm-for-linux-hardened.patch + "${FILESDIR}"/0015-Enable-BFQ-io-scheduler-by-default.patch ) S="${WORKDIR}"/linux-"${PV}" |