kernel: Remove Copperhead

The patches are unmaintained and suggest a false sense of security
author: Tim Steinbach <tim@nequissimus.com> 2018-09-03 11:18:11 -0400
committer: Tim Steinbach <tim@nequissimus.com> 2018-09-03 11:18:11 -0400
commit: 5fccac2b8d77a660a968809519710a5bb7838e63 (patch)
tree: 1ce25dd58632f6c5a35dfc610ce747a30e4ddc19
parent: eac06ed0702638b7e9a058e5412940474ff872ca (diff)
7 files changed, 0 insertions, 5505 deletions
diff --git a/nixos/release.nix b/nixos/release.nix
index 1013053b5b3b..17f51d977c98 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -327,7 +327,6 @@ in rec {
   tests.keymap = callSubTests tests/keymap.nix {};
   tests.initrdNetwork = callTest tests/initrd-network.nix {};
   tests.kafka = callSubTests tests/kafka.nix {};
-  tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {};
   tests.kernel-latest = callTest tests/kernel-latest.nix {};
   tests.kernel-lts = callTest tests/kernel-lts.nix {};
   tests.kubernetes.dns = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/dns.nix {};
diff --git a/nixos/tests/kernel-copperhead.nix b/nixos/tests/kernel-copperhead.nix
deleted file mode 100644
index 652fbf055373..000000000000
--- a/nixos/tests/kernel-copperhead.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-import ./make-test.nix ({ pkgs, ...} : {
-  name = "kernel-copperhead";
-  meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ nequissimus ];
-  };
-
-  machine = { pkgs, ... }:
-    {
-      boot.kernelPackages = pkgs.linuxPackages_copperhead_lts;
-    };
-
-  testScript =
-    ''
-      $machine->succeed("uname -a");
-      $machine->succeed("uname -s | grep 'Linux'");
-      $machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_lts.kernel.modDirVersion}'");
-      $machine->succeed("uname -a | grep 'hardened'");
-    '';
-})
diff --git a/pkgs/os-specific/linux/kernel/copperhead-4-14.patch b/pkgs/os-specific/linux/kernel/copperhead-4-14.patch
deleted file mode 100644
index 78112d164f06..000000000000
--- a/pkgs/os-specific/linux/kernel/copperhead-4-14.patch
+++ /dev/null
@@ -1,2864 +0,0 @@
-diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 0380a45ecf4b..39956a3ef645 100644
---- a/Documentation/admin-guide/kernel-parameters.txt
-+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -490,16 +490,6 @@
-			nosocket -- Disable socket memory accounting.
-			nokmem -- Disable kernel memory accounting.
-
--	checkreqprot	[SELINUX] Set initial checkreqprot flag value.
--			Format: { "0" | "1" }
--			See security/selinux/Kconfig help text.
--			0 -- check protection applied by kernel (includes
--				any implied execute protection).
--			1 -- check protection requested by application.
--			Default value is set via a kernel config option.
--			Value can be changed at runtime via
--				/selinux/checkreqprot.
--
-	cio_ignore=	[S390]
-			See Documentation/s390/CommonIO for details.
-	clk_ignore_unused
-@@ -2899,6 +2889,11 @@
-			the specified number of seconds.  This is to be used if
-			your oopses keep scrolling off the screen.
-
-+	extra_latent_entropy
-+			Enable a very simple form of latent entropy extraction
-+			from the first 4GB of memory as the bootmem allocator
-+			passes the memory pages to the buddy allocator.
-+
-	pcbit=		[HW,ISDN]
-
-	pcd.		[PARIDE]
-diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
-index 694968c7523c..002d86416ef8 100644
---- a/Documentation/sysctl/kernel.txt
-+++ b/Documentation/sysctl/kernel.txt
-@@ -91,6 +91,7 @@ show up in /proc/sys/kernel:
- - sysctl_writes_strict
- - tainted
- - threads-max
-+- tiocsti_restrict
- - unknown_nmi_panic
- - watchdog
- - watchdog_thresh
-@@ -999,6 +1000,26 @@ available RAM pages threads-max is reduced accordingly.
-
- ==============================================================
-
-+tiocsti_restrict:
-+
-+This toggle indicates whether unprivileged users are prevented
-+from using the TIOCSTI ioctl to inject commands into other processes
-+which share a tty session.
-+
-+When tiocsti_restrict is set to (0) there are no restrictions(accept
-+the default restriction of only being able to injection commands into
-+one's own tty). When tiocsti_restrict is set to (1), users must
-+have CAP_SYS_ADMIN to use the TIOCSTI ioctl.
-+
-+When user namespaces are in use, the check for the capability
-+CAP_SYS_ADMIN is done against the user namespace that originally
-+opened the tty.
-+
-+The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the
-+default value of tiocsti_restrict.
-+
-+==============================================================
-+
- unknown_nmi_panic:
-
- The value in this file affects behavior of handling NMI. When the
-diff --git a/Makefile b/Makefile
-index 787cf6605209..e4fda5330730 100644
---- a/Makefile
-+++ b/Makefile
-@@ -710,6 +710,9 @@ endif
- KBUILD_CFLAGS += $(stackp-flag)
-
- ifeq ($(cc-name),clang)
-+ifdef CONFIG_LOCAL_INIT
-+KBUILD_CFLAGS   += -fsanitize=local-init
-+endif
- KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,)
- KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable)
- KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier)
-diff --git a/arch/Kconfig b/arch/Kconfig
-index 400b9e1b2f27..4637096f7902 100644
---- a/arch/Kconfig
-+++ b/arch/Kconfig
-@@ -440,6 +440,11 @@ config GCC_PLUGIN_LATENT_ENTROPY
-	  is some slowdown of the boot process (about 0.5%) and fork and
-	  irq processing.
-
-+	  When extra_latent_entropy is passed on the kernel command line,
-+	  entropy will be extracted from up to the first 4GB of RAM while the
-+	  runtime memory allocator is being initialized.  This costs even more
-+	  slowdown of the boot process.
-+
-	  Note that entropy extracted this way is not cryptographically
-	  secure!
-
-@@ -533,7 +538,7 @@ config CC_STACKPROTECTOR
- choice
-	prompt "Stack Protector buffer overflow detection"
-	depends on HAVE_CC_STACKPROTECTOR
--	default CC_STACKPROTECTOR_NONE
-+	default CC_STACKPROTECTOR_STRONG
-	help
-	  This option turns on the "stack-protector" GCC feature. This
-	  feature puts, at the beginning of functions, a canary value on
-@@ -735,7 +740,7 @@ config ARCH_MMAP_RND_BITS
-	int "Number of bits to use for ASLR of mmap base address" if EXPERT
-	range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
-	default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
--	default ARCH_MMAP_RND_BITS_MIN
-+	default ARCH_MMAP_RND_BITS_MAX
-	depends on HAVE_ARCH_MMAP_RND_BITS
-	help
-	  This value can be used to select the number of bits to use to
-@@ -769,7 +774,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
-	int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
-	range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
-	default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
--	default ARCH_MMAP_RND_COMPAT_BITS_MIN
-+	default ARCH_MMAP_RND_COMPAT_BITS_MAX
-	depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
-	help
-	  This value can be used to select the number of bits to use to
-@@ -952,6 +957,7 @@ config ARCH_HAS_REFCOUNT
-
- config REFCOUNT_FULL
-	bool "Perform full reference count validation at the expense of speed"
-+	default y
-	help
-	  Enabling this switches the refcounting infrastructure from a fast
-	  unchecked atomic_t implementation to a fully state checked
-diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
-index 2d5f7aca156d..aa4839a74c6a 100644
---- a/arch/arm64/Kconfig
-+++ b/arch/arm64/Kconfig
-@@ -918,6 +918,7 @@ endif
-
- config ARM64_SW_TTBR0_PAN
-	bool "Emulate Privileged Access Never using TTBR0_EL1 switching"
-+	default y
-	help
-	  Enabling this option prevents the kernel from accessing
-	  user-space memory directly by pointing TTBR0_EL1 to a reserved
-@@ -1044,6 +1045,7 @@ config RANDOMIZE_BASE
-	bool "Randomize the address of the kernel image"
-	select ARM64_MODULE_PLTS if MODULES
-	select RELOCATABLE
-+	default y
-	help
-	  Randomizes the virtual address at which the kernel image is
-	  loaded, as a security feature that deters exploit attempts
-diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
-index cc6bd559af85..01d5442d4722 100644
---- a/arch/arm64/Kconfig.debug
-+++ b/arch/arm64/Kconfig.debug
-@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET
- config DEBUG_WX
-	bool "Warn on W+X mappings at boot"
-	select ARM64_PTDUMP_CORE
-+	default y
-	---help---
-	  Generate a warning if any W+X mappings are found at boot.
-
-diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
-index 34480e9af2e7..26304242250c 100644
---- a/arch/arm64/configs/defconfig
-+++ b/arch/arm64/configs/defconfig
-@@ -1,4 +1,3 @@
--CONFIG_SYSVIPC=y
- CONFIG_POSIX_MQUEUE=y
- CONFIG_AUDIT=y
- CONFIG_NO_HZ_IDLE=y
-diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
-index 33be513ef24c..6f0c0e3ef0dd 100644
---- a/arch/arm64/include/asm/elf.h
-+++ b/arch/arm64/include/asm/elf.h
-@@ -114,10 +114,10 @@
-
- /*
-  * This is the base location for PIE (ET_DYN with INTERP) loads. On
-- * 64-bit, this is above 4GB to leave the entire 32-bit address
-+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address
-  * space open for things that want to use the area for 32-bit pointers.
-  */
--#define ELF_ET_DYN_BASE		(2 * TASK_SIZE_64 / 3)
-+#define ELF_ET_DYN_BASE		0x100000000UL
-
- #ifndef __ASSEMBLY__
-
-@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
- /* 1GB of VA */
- #ifdef CONFIG_COMPAT
- #define STACK_RND_MASK			(test_thread_flag(TIF_32BIT) ? \
--						0x7ff >> (PAGE_SHIFT - 12) : \
--						0x3ffff >> (PAGE_SHIFT - 12))
-+						((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \
-+						((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12))
- #else
--#define STACK_RND_MASK			(0x3ffff >> (PAGE_SHIFT - 12))
-+#define STACK_RND_MASK			(((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12))
- #endif
-
- #ifdef __AARCH64EB__
-diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
-index 9e773732520c..91359f45b5fc 100644
---- a/arch/arm64/kernel/process.c
-+++ b/arch/arm64/kernel/process.c
-@@ -419,9 +419,9 @@ unsigned long arch_align_stack(unsigned long sp)
- unsigned long arch_randomize_brk(struct mm_struct *mm)
- {
-	if (is_compat_task())
--		return randomize_page(mm->brk, SZ_32M);
-+		return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE;
-	else
--		return randomize_page(mm->brk, SZ_1G);
-+		return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE;
- }
-
- /*
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 7483cd514c32..835a86c45fb0 100644
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -1153,8 +1153,7 @@ config VM86
-        default X86_LEGACY_VM86
-
- config X86_16BIT
--	bool "Enable support for 16-bit segments" if EXPERT
--	default y
-+	bool "Enable support for 16-bit segments"
-	depends on MODIFY_LDT_SYSCALL
-	---help---
-	  This option is required by programs like Wine to run 16-bit
-@@ -2228,7 +2227,7 @@ config COMPAT_VDSO
- choice
-	prompt "vsyscall table for legacy applications"
-	depends on X86_64
--	default LEGACY_VSYSCALL_EMULATE
-+	default LEGACY_VSYSCALL_NONE
-	help
-	  Legacy user code that does not know how to find the vDSO expects
-	  to be able to issue three syscalls by calling fixed addresses in
-@@ -2318,8 +2317,7 @@ config CMDLINE_OVERRIDE
-	  be set to 'N' under normal conditions.
-
- config MODIFY_LDT_SYSCALL
--	bool "Enable the LDT (local descriptor table)" if EXPERT
--	default y
-+	bool "Enable the LDT (local descriptor table)"
-	---help---
-	  Linux can allow user programs to install a per-process x86
-	  Local Descriptor Table (LDT) using the modify_ldt(2) system
-diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
-index 6293a8768a91..add82e0f1df3 100644
---- a/arch/x86/Kconfig.debug
-+++ b/arch/x86/Kconfig.debug
-@@ -101,6 +101,7 @@ config EFI_PGT_DUMP
- config DEBUG_WX
-	bool "Warn on W+X mappings at boot"
-	select X86_PTDUMP_CORE
-+	default y
-	---help---
-	  Generate a warning if any W+X mappings are found at boot.
-
-diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
-index e32fc1f274d8..d08acc76502a 100644
---- a/arch/x86/configs/x86_64_defconfig
-+++ b/arch/x86/configs/x86_64_defconfig
-@@ -1,5 +1,4 @@
- # CONFIG_LOCALVERSION_AUTO is not set
--CONFIG_SYSVIPC=y
- CONFIG_POSIX_MQUEUE=y
- CONFIG_BSD_PROCESS_ACCT=y
- CONFIG_TASKSTATS=y
-diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
-index 1911310959f8..bba8dbbc07a8 100644
---- a/arch/x86/entry/vdso/vma.c
-+++ b/arch/x86/entry/vdso/vma.c
-@@ -203,55 +203,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr)
- }
-
- #ifdef CONFIG_X86_64
--/*
-- * Put the vdso above the (randomized) stack with another randomized
-- * offset.  This way there is no hole in the middle of address space.
-- * To save memory make sure it is still in the same PTE as the stack
-- * top.  This doesn't give that many random bits.
-- *
-- * Note that this algorithm is imperfect: the distribution of the vdso
-- * start address within a PMD is biased toward the end.
-- *
-- * Only used for the 64-bit and x32 vdsos.
-- */
--static unsigned long vdso_addr(unsigned long start, unsigned len)
--{
--	unsigned long addr, end;
--	unsigned offset;
--
--	/*
--	 * Round up the start address.  It can start out unaligned as a result
--	 * of stack start randomization.
--	 */
--	start = PAGE_ALIGN(start);
--
--	/* Round the lowest possible end address up to a PMD boundary. */
--	end = (start + len + PMD_SIZE - 1) & PMD_MASK;
--	if (end >= TASK_SIZE_MAX)
--		end = TASK_SIZE_MAX;
--	end -= len;
--
--	if (end > start) {
--		offset = get_random_int() % (((end - start) >> PAGE_SHIFT) + 1);
--		addr = start + (offset << PAGE_SHIFT);
--	} else {
--		addr = start;
--	}
--
--	/*
--	 * Forcibly align the final address in case we have a hardware
--	 * issue that requires alignment for performance reasons.
--	 */
--	addr = align_vdso_addr(addr);
--
--	return addr;
--}
--
- static int map_vdso_randomized(const struct vdso_image *image)
- {
--	unsigned long addr = vdso_addr(current->mm->start_stack, image->size-image->sym_vvar_start);
--
--	return map_vdso(image, addr);
-+	return map_vdso(image, 0);
- }
- #endif
-
-diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
-index 3a091cea36c5..0931c05a3348 100644
---- a/arch/x86/include/asm/elf.h
-+++ b/arch/x86/include/asm/elf.h
-@@ -249,11 +249,11 @@ extern int force_personality32;
-
- /*
-  * This is the base location for PIE (ET_DYN with INTERP) loads. On
-- * 64-bit, this is above 4GB to leave the entire 32-bit address
-+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address
-  * space open for things that want to use the area for 32-bit pointers.
-  */
- #define ELF_ET_DYN_BASE		(mmap_is_ia32() ? 0x000400000UL : \
--						  (DEFAULT_MAP_WINDOW / 3 * 2))
-+						  0x100000000UL)
-
- /* This yields a mask that user programs can use to figure out what
-    instruction set this CPU supports.  This could be done in user space,
-@@ -312,8 +312,8 @@ extern unsigned long get_mmap_base(int is_legacy);
-
- #ifdef CONFIG_X86_32
-
--#define __STACK_RND_MASK(is32bit) (0x7ff)
--#define STACK_RND_MASK (0x7ff)
-+#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1)
-+#define STACK_RND_MASK ((1UL << mmap_rnd_bits) - 1)
-
- #define ARCH_DLINFO		ARCH_DLINFO_IA32
-
-@@ -322,7 +322,11 @@ extern unsigned long get_mmap_base(int is_legacy);
- #else /* CONFIG_X86_32 */
-
- /* 1GB for 64bit, 8MB for 32bit */
--#define __STACK_RND_MASK(is32bit) ((is32bit) ? 0x7ff : 0x3fffff)
-+#ifdef CONFIG_COMPAT
-+#define __STACK_RND_MASK(is32bit) ((is32bit) ? (1UL << mmap_rnd_compat_bits) - 1 : (1UL << mmap_rnd_bits) - 1)
-+#else
-+#define __STACK_RND_MASK(is32bit) ((1UL << mmap_rnd_bits) - 1)
-+#endif
- #define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32())
-
- #define ARCH_DLINFO							\
-@@ -380,5 +384,4 @@ struct va_alignment {
- } ____cacheline_aligned;
-
- extern struct va_alignment va_align;
--extern unsigned long align_vdso_addr(unsigned long);
- #endif /* _ASM_X86_ELF_H */
-diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index 704f31315dde..bb82b6344a7b 100644
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -253,6 +253,7 @@ static inline void cr4_set_bits(unsigned long mask)
-	unsigned long cr4;
-
-	cr4 = this_cpu_read(cpu_tlbstate.cr4);
-+	BUG_ON(cr4 != __read_cr4());
-	if ((cr4 | mask) != cr4) {
-		cr4 |= mask;
-		this_cpu_write(cpu_tlbstate.cr4, cr4);
-@@ -266,6 +267,7 @@ static inline void cr4_clear_bits(unsigned long mask)
-	unsigned long cr4;
-
-	cr4 = this_cpu_read(cpu_tlbstate.cr4);
-+	BUG_ON(cr4 != __read_cr4());
-	if ((cr4 & ~mask) != cr4) {
-		cr4 &= ~mask;
-		this_cpu_write(cpu_tlbstate.cr4, cr4);
-@@ -278,6 +280,7 @@ static inline void cr4_toggle_bits(unsigned long mask)
-	unsigned long cr4;
-
-	cr4 = this_cpu_read(cpu_tlbstate.cr4);
-+	BUG_ON(cr4 != __read_cr4());
-	cr4 ^= mask;
-	this_cpu_write(cpu_tlbstate.cr4, cr4);
-	__write_cr4(cr4);
-@@ -386,6 +389,7 @@ static inline void __native_flush_tlb_global(void)
-	raw_local_irq_save(flags);
-
-	cr4 = this_cpu_read(cpu_tlbstate.cr4);
-+	BUG_ON(cr4 != __read_cr4());
-	/* toggle PGE */
-	native_write_cr4(cr4 ^ X86_CR4_PGE);
-	/* write old PGE again and flush TLBs */
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 48e98964ecad..a94dc690612f 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -1637,7 +1637,6 @@ void cpu_init(void)
-	wrmsrl(MSR_KERNEL_GS_BASE, 0);
-	barrier();
-
--	x86_configure_nx();
-	x2apic_setup();
-
-	/*
-diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 988a98f34c66..dc36d2d9078a 100644
---- a/arch/x86/kernel/process.c
-+++ b/arch/x86/kernel/process.c
-@@ -40,6 +40,8 @@
- #include <asm/desc.h>
- #include <asm/prctl.h>
- #include <asm/spec-ctrl.h>
-+#include <asm/elf.h>
-+#include <linux/sizes.h>
-
- /*
-  * per-CPU TSS segments. Threads are completely 'soft' on Linux,
-@@ -719,7 +721,10 @@ unsigned long arch_align_stack(unsigned long sp)
-
- unsigned long arch_randomize_brk(struct mm_struct *mm)
- {
--	return randomize_page(mm->brk, 0x02000000);
-+	if (mmap_is_ia32())
-+		return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE;
-+	else
-+		return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE;
- }
-
- /*
-diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
-index a63fe77b3217..e1085e76043e 100644
---- a/arch/x86/kernel/sys_x86_64.c
-+++ b/arch/x86/kernel/sys_x86_64.c
-@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void)
-	return va_align.bits & get_align_mask();
- }
-
--unsigned long align_vdso_addr(unsigned long addr)
--{
--	unsigned long align_mask = get_align_mask();
--	addr = (addr + align_mask) & ~align_mask;
--	return addr | get_align_bits();
--}
--
- static int __init control_va_addr_alignment(char *str)
- {
-	/* guard against enabling this on other CPU families */
-@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags,
-	}
-
-	*begin	= get_mmap_base(1);
--	if (in_compat_syscall())
--		*end = task_size_32bit();
--	else
--		*end = task_size_64bit(addr > DEFAULT_MAP_WINDOW);
-+	*end	= get_mmap_base(0);
- }
-
- unsigned long
-@@ -206,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
-
-	info.flags = VM_UNMAPPED_AREA_TOPDOWN;
-	info.length = len;
--	info.low_limit = PAGE_SIZE;
-+	info.low_limit = get_mmap_base(1);
-	info.high_limit = get_mmap_base(0);
-
-	/*
-diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index 3141e67ec24c..e93173193f60 100644
---- a/arch/x86/mm/init_32.c
-+++ b/arch/x86/mm/init_32.c
-@@ -558,7 +558,7 @@ static void __init pagetable_init(void)
-	permanent_kmaps_init(pgd_base);
- }
-
--pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL);
-+pteval_t __supported_pte_mask __ro_after_init = ~(_PAGE_NX | _PAGE_GLOBAL);
- EXPORT_SYMBOL_GPL(__supported_pte_mask);
-
- /* user-defined highmem size */
-@@ -865,7 +865,7 @@ int arch_remove_memory(u64 start, u64 size)
- #endif
- #endif
-
--int kernel_set_to_readonly __read_mostly;
-+int kernel_set_to_readonly __ro_after_init;
-
- void set_kernel_text_rw(void)
- {
-@@ -917,12 +917,11 @@ void mark_rodata_ro(void)
-	unsigned long start = PFN_ALIGN(_text);
-	unsigned long size = PFN_ALIGN(_etext) - start;
-
-+	kernel_set_to_readonly = 1;
-	set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
-	printk(KERN_INFO "Write protecting the kernel text: %luk\n",
-		size >> 10);
-
--	kernel_set_to_readonly = 1;
--
- #ifdef CONFIG_CPA_DEBUG
-	printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n",
-		start, start+size);
-diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 642357aff216..8bbf93ce3cd2 100644
---- a/arch/x86/mm/init_64.c
-+++ b/arch/x86/mm/init_64.c
-@@ -65,7 +65,7 @@
-  * around without checking the pgd every time.
-  */
-
--pteval_t __supported_pte_mask __read_mostly = ~0;
-+pteval_t __supported_pte_mask __ro_after_init = ~0;
- EXPORT_SYMBOL_GPL(__supported_pte_mask);
-
- int force_personality32;
-@@ -1185,7 +1185,7 @@ void __init mem_init(void)
-	mem_init_print_info(NULL);
- }
-
--int kernel_set_to_readonly;
-+int kernel_set_to_readonly __ro_after_init;
-
- void set_kernel_text_rw(void)
- {
-@@ -1234,9 +1234,8 @@ void mark_rodata_ro(void)
-
-	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
-	       (end - start) >> 10);
--	set_memory_ro(start, (end - start) >> PAGE_SHIFT);
--
-	kernel_set_to_readonly = 1;
-+	set_memory_ro(start, (end - start) >> PAGE_SHIFT);
-
-	/*
-	 * The rodata/data/bss/brk section (but not the kernel text!)
-diff --git a/block/blk-softirq.c b/block/blk-softirq.c
-index 01e2b353a2b9..9aeddca4a29f 100644
---- a/block/blk-softirq.c
-+++ b/block/blk-softirq.c
-@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done);
-  * Softirq action handler - move entries to local list and loop over them
-  * while passing them to the queue registered handler.
-  */
--static __latent_entropy void blk_done_softirq(struct softirq_action *h)
-+static __latent_entropy void blk_done_softirq(void)
- {
-	struct list_head *cpu_list, local_list;
-
-diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 473f150d6b22..65a65f9824ed 100644
---- a/drivers/ata/libata-core.c
-+++ b/drivers/ata/libata-core.c
-@@ -5141,7 +5141,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
-	struct ata_port *ap;
-	unsigned int tag;
-
--	WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
-+	BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
-	ap = qc->ap;
-
-	qc->flags = 0;
-@@ -5158,7 +5158,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
-	struct ata_port *ap;
-	struct ata_link *link;
-
--	WARN_ON_ONCE(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
-+	BUG_ON(qc == NULL); /* ata_qc_from_tag _might_ return NULL */
-	WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
-	ap = qc->ap;
-	link = qc->dev->link;
-diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
-index c28dca0c613d..d4813f0d25ca 100644
---- a/drivers/char/Kconfig
-+++ b/drivers/char/Kconfig
-@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig"
-
- config DEVMEM
-	bool "/dev/mem virtual device support"
--	default y
-	help
-	  Say Y here if you want to support the /dev/mem device.
-	  The /dev/mem device is used to access areas of physical
-@@ -568,7 +567,6 @@ config TELCLOCK
- config DEVPORT
-	bool "/dev/port character device"
-	depends on ISA || PCI
--	default y
-	help
-	  Say Y here if you want to support the /dev/port device. The /dev/port
-	  device is similar to /dev/mem, but for I/O ports.
-diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c
-index e105532bfba8..e07d52bb9b62 100644
---- a/drivers/media/dvb-frontends/cx24116.c
-+++ b/drivers/media/dvb-frontends/cx24116.c
-@@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune,
-	return cx24116_read_status(fe, status);
- }
-
--static int cx24116_get_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo cx24116_get_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c
-index d37cb7762bd6..97e0feff0ede 100644
---- a/drivers/media/dvb-frontends/cx24117.c
-+++ b/drivers/media/dvb-frontends/cx24117.c
-@@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune,
-	return cx24117_read_status(fe, status);
- }
-
--static int cx24117_get_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo cx24117_get_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c
-index 7f11dcc94d85..01da670760ba 100644
---- a/drivers/media/dvb-frontends/cx24120.c
-+++ b/drivers/media/dvb-frontends/cx24120.c
-@@ -1491,7 +1491,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune,
-	return cx24120_read_status(fe, status);
- }
-
--static int cx24120_get_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo cx24120_get_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c
-index 1d59d1d3bd82..41cd0e9ea199 100644
---- a/drivers/media/dvb-frontends/cx24123.c
-+++ b/drivers/media/dvb-frontends/cx24123.c
-@@ -1005,7 +1005,7 @@ static int cx24123_tune(struct dvb_frontend *fe,
-	return retval;
- }
-
--static int cx24123_get_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo cx24123_get_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c
-index f6ebbb47b9b2..3e0d8cbd76da 100644
---- a/drivers/media/dvb-frontends/cxd2820r_core.c
-+++ b/drivers/media/dvb-frontends/cxd2820r_core.c
-@@ -403,7 +403,7 @@ static enum dvbfe_search cxd2820r_search(struct dvb_frontend *fe)
-	return DVBFE_ALGO_SEARCH_ERROR;
- }
-
--static int cxd2820r_get_frontend_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo cxd2820r_get_frontend_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_CUSTOM;
- }
-diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c
-index e8ac8c3e2ec0..e0f4ba8302d1 100644
---- a/drivers/media/dvb-frontends/mb86a20s.c
-+++ b/drivers/media/dvb-frontends/mb86a20s.c
-@@ -2055,7 +2055,7 @@ static void mb86a20s_release(struct dvb_frontend *fe)
-	kfree(state);
- }
-
--static int mb86a20s_get_frontend_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo mb86a20s_get_frontend_algo(struct dvb_frontend *fe)
- {
-         return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c
-index 274544a3ae0e..9ef9b9bc1bd2 100644
---- a/drivers/media/dvb-frontends/s921.c
-+++ b/drivers/media/dvb-frontends/s921.c
-@@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe,
-	return rc;
- }
-
--static int s921_get_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo s921_get_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c
-index 7166d2279465..fa682f9fdc4b 100644
---- a/drivers/media/pci/bt8xx/dst.c
-+++ b/drivers/media/pci/bt8xx/dst.c
-@@ -1657,7 +1657,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe,
-	return 0;
- }
-
--static int dst_get_tuning_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo dst_get_tuning_algo(struct dvb_frontend *fe)
- {
-	return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW;
- }
-diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c
-index f75f69556be7..d913a6050e8c 100644
---- a/drivers/media/pci/pt1/va1j5jf8007s.c
-+++ b/drivers/media/pci/pt1/va1j5jf8007s.c
-@@ -98,7 +98,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr)
-	return 0;
- }
-
--static int va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo va1j5jf8007s_get_frontend_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c
-index 63fda79a75c0..4115c3ccd4a8 100644
---- a/drivers/media/pci/pt1/va1j5jf8007t.c
-+++ b/drivers/media/pci/pt1/va1j5jf8007t.c
-@@ -88,7 +88,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr)
-	return 0;
- }
-
--static int va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe)
-+static enum dvbfe_algo va1j5jf8007t_get_frontend_algo(struct dvb_frontend *fe)
- {
-	return DVBFE_ALGO_HW;
- }
-diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
-index 981b3ef71e47..9883da1da383 100644
---- a/drivers/misc/lkdtm_core.c
-+++ b/drivers/misc/lkdtm_core.c
-@@ -78,7 +78,7 @@ static irqreturn_t jp_handle_irq_event(unsigned int irq,
-	return 0;
- }
-
--static void jp_tasklet_action(struct softirq_action *a)
-+static void jp_tasklet_action(void)
- {
-	lkdtm_handler();
-	jprobe_return();
-diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig
-index b811442c5ce6..4f62a63cbcb1 100644
---- a/drivers/tty/Kconfig
-+++ b/drivers/tty/Kconfig
-@@ -122,7 +122,6 @@ config UNIX98_PTYS
-
- config LEGACY_PTYS
-	bool "Legacy (BSD) PTY support"
--	default y
-	---help---
-	  A pseudo terminal (PTY) is a software device consisting of two
-	  halves: a master and a slave. The slave device behaves identical to
-diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 562d31073f9a..2184b9b5485f 100644
---- a/drivers/tty/tty_io.c
-+++ b/drivers/tty/tty_io.c
-@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty)
-	put_device(tty->dev);
-	kfree(tty->write_buf);
-	tty->magic = 0xDEADDEAD;
-+	put_user_ns(tty->owner_user_ns);
-	kfree(tty);
- }
-
-@@ -2154,11 +2155,19 @@ static int tty_fasync(int fd, struct file *filp, int on)
-  *	FIXME: may race normal receive processing
-  */
-
-+int tiocsti_restrict = IS_ENABLED(CONFIG_SECURITY_TIOCSTI_RESTRICT);
-+
- static int tiocsti(struct tty_struct *tty, char __user *p)
- {
-	char ch, mbz = 0;
-	struct tty_ldisc *ld;
-
-+	if (tiocsti_restrict &&
-+		!ns_capable(tty->owner_user_ns, CAP_SYS_ADMIN)) {
-+		dev_warn_ratelimited(tty->dev,
-+			"Denied TIOCSTI ioctl for non-privileged process\n");
-+		return -EPERM;
-+	}
-	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
-		return -EPERM;
-	if (get_user(ch, p))
-@@ -2841,6 +2850,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
-	tty->index = idx;
-	tty_line_name(driver, idx, tty->name);
-	tty->dev = tty_get_device(tty);
-+	tty->owner_user_ns = get_user_ns(current_user_ns());
-
-	return tty;
- }
-diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 442be7f312f6..788557d5c454 100644
---- a/drivers/usb/core/hub.c
-+++ b/drivers/usb/core/hub.c
-@@ -38,6 +38,8 @@
- #define USB_VENDOR_GENESYS_LOGIC		0x05e3
- #define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND	0x01
-
-+extern int deny_new_usb;
-+
- /* Protect struct usb_device->state and ->children members
-  * Note: Both are also protected by ->dev.sem, except that ->state can
-  * change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */
-@@ -4806,6 +4808,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
-			goto done;
-		return;
-	}
-+
-+	if (deny_new_usb) {
-+		dev_err(&port_dev->dev, "denied insert of USB device on port %d\n", port1);
-+		goto done;
-+	}
-+
-	if (hub_is_superspeed(hub->hdev))
-		unit_load = 150;
-	else
-diff --git a/fs/exec.c b/fs/exec.c
-index 0da4d748b4e6..69fcee853363 100644
---- a/fs/exec.c
-+++ b/fs/exec.c
-@@ -62,6 +62,7 @@
- #include <linux/oom.h>
- #include <linux/compat.h>
- #include <linux/vmalloc.h>
-+#include <linux/random.h>
-
- #include <linux/uaccess.h>
- #include <asm/mmu_context.h>
-@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
-	arch_bprm_mm_init(mm, vma);
-	up_write(&mm->mmap_sem);
-	bprm->p = vma->vm_end - sizeof(void *);
-+	if (randomize_va_space)
-+		bprm->p ^= get_random_int() & ~PAGE_MASK;
-	return 0;
- err:
-	up_write(&mm->mmap_sem);
-diff --git a/fs/namei.c b/fs/namei.c
-index 0b46b858cd42..3ae8e72341da 100644
---- a/fs/namei.c
-+++ b/fs/namei.c
-@@ -902,8 +902,8 @@ static inline void put_link(struct nameidata *nd)
-		path_put(&last->link);
- }
-
--int sysctl_protected_symlinks __read_mostly = 0;
--int sysctl_protected_hardlinks __read_mostly = 0;
-+int sysctl_protected_symlinks __read_mostly = 1;
-+int sysctl_protected_hardlinks __read_mostly = 1;
-
- /**
-  * may_follow_link - Check symlink following for unsafe situations
-diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
-index 5f93cfacb3d1..cea0d7d3b23e 100644
---- a/fs/nfs/Kconfig
-+++ b/fs/nfs/Kconfig
-@@ -195,4 +195,3 @@ config NFS_DEBUG
-	bool
-	depends on NFS_FS && SUNRPC_DEBUG
-	select CRC32
--	default y
-diff --git a/fs/pipe.c b/fs/pipe.c
-index 8ef7d7bef775..b82f305ec13d 100644
---- a/fs/pipe.c
-+++ b/fs/pipe.c
-@@
author	Tim Steinbach <tim@nequissimus.com>	2018-09-03 11:18:11 -0400
committer	Tim Steinbach <tim@nequissimus.com>	2018-09-03 11:18:11 -0400
commit	5fccac2b8d77a660a968809519710a5bb7838e63 (patch)
tree	1ce25dd58632f6c5a35dfc610ce747a30e4ddc19
parent	eac06ed0702638b7e9a058e5412940474ff872ca (diff)