* [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.55/, 3.13.5/, 3.13.3/
@ 2014-02-25 14:57 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2014-02-25 14:57 UTC (permalink / raw
To: gentoo-commits
commit: 8aa05d3d048b18099f62ae408847abb9c29648eb
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 25 14:58:37 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Feb 25 14:58:37 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=8aa05d3d
Grsec/PaX: 3.0-{3.2.55,3.13.5}-201402241943
---
{3.13.3 => 3.13.5}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.13.5-201402241943.patch | 414 ++++++++++-----------
{3.13.3 => 3.13.5}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.13.3 => 3.13.5}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.13.3 => 3.13.5}/4470_disable-compat_vdso.patch | 0
{3.13.3 => 3.13.5}/4475_emutramp_default_on.patch | 0
3.2.55/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.55-201402241936.patch} | 4 +-
13 files changed, 201 insertions(+), 221 deletions(-)
diff --git a/3.13.3/0000_README b/3.13.5/0000_README
similarity index 96%
rename from 3.13.3/0000_README
rename to 3.13.5/0000_README
index dc48ad4..7516385 100644
--- a/3.13.3/0000_README
+++ b/3.13.5/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.13.4-201402221308.patch
+Patch: 4420_grsecurity-3.0-3.13.5-201402241943.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.13.3/4420_grsecurity-3.0-3.13.4-201402221308.patch b/3.13.5/4420_grsecurity-3.0-3.13.5-201402241943.patch
similarity index 99%
rename from 3.13.3/4420_grsecurity-3.0-3.13.4-201402221308.patch
rename to 3.13.5/4420_grsecurity-3.0-3.13.5-201402241943.patch
index 0cb3174..0356b07 100644
--- a/3.13.3/4420_grsecurity-3.0-3.13.4-201402221308.patch
+++ b/3.13.5/4420_grsecurity-3.0-3.13.5-201402241943.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 2236ed8..89d7bf0 100644
+index a03bbf9..0817ef1 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -17178,7 +17178,7 @@ index 81bb91b..9392125 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index bbc8b12..f228861 100644
+index 5ad38ad..71db3f2 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -17301,7 +17301,7 @@ index bbc8b12..f228861 100644
#include <linux/mm_types.h>
#include <linux/mmdebug.h>
#include <linux/log2.h>
-@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+@@ -580,7 +655,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17310,7 +17310,7 @@ index bbc8b12..f228861 100644
/* Find an entry in the second-level page table.. */
static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
-@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -620,7 +695,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -17319,7 +17319,7 @@ index bbc8b12..f228861 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -635,7 +710,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -17328,7 +17328,7 @@ index bbc8b12..f228861 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -658,7 +733,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -17342,7 +17342,7 @@ index bbc8b12..f228861 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
+@@ -669,6 +749,23 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -17366,7 +17366,7 @@ index bbc8b12..f228861 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -835,11 +932,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -20437,7 +20437,7 @@ index 59bfebc..d8f27bd 100644
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 6abc172..77b0d1b 100644
+index fe2bdd0..77b0d1b 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -88,60 +88,6 @@ static const struct cpu_dev default_cpu = {
@@ -20501,18 +20501,8 @@ index 6abc172..77b0d1b 100644
static int __init x86_xsave_setup(char *s)
{
setup_clear_cpu_cap(X86_FEATURE_XSAVE);
-@@ -284,10 +230,68 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
- raw_local_save_flags(eflags);
- BUG_ON(eflags & X86_EFLAGS_AC);
-
-- if (cpu_has(c, X86_FEATURE_SMAP))
-+ if (cpu_has(c, X86_FEATURE_SMAP)) {
-+#ifdef CONFIG_X86_SMAP
- set_in_cr4(X86_CR4_SMAP);
-+#else
-+ clear_in_cr4(X86_CR4_SMAP);
-+#endif
-+ }
+@@ -293,6 +239,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+ }
}
+#ifdef CONFIG_X86_64
@@ -20571,7 +20561,7 @@ index 6abc172..77b0d1b 100644
/*
* Some CPU features depend on higher CPUID levels, which may not always
* be available due to CPUID level capping or broken virtualization
-@@ -388,7 +392,7 @@ void switch_to_new_gdt(int cpu)
+@@ -393,7 +392,7 @@ void switch_to_new_gdt(int cpu)
{
struct desc_ptr gdt_descr;
@@ -20580,7 +20570,7 @@ index 6abc172..77b0d1b 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
/* Reload the per-cpu base */
-@@ -877,6 +881,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+@@ -882,6 +881,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
setup_smep(c);
setup_smap(c);
@@ -20591,7 +20581,7 @@ index 6abc172..77b0d1b 100644
/*
* The vendor-specific functions might have changed features.
* Now we do "generic changes."
-@@ -885,6 +893,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+@@ -890,6 +893,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
/* Filter out anything that depends on CPUID levels we don't have */
filter_cpuid_features(c, true);
@@ -20602,7 +20592,7 @@ index 6abc172..77b0d1b 100644
/* If the model name is still unset, do table lookup. */
if (!c->x86_model_id[0]) {
const char *p;
-@@ -1072,10 +1084,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1077,10 +1084,12 @@ static __init int setup_disablecpuid(char *arg)
}
__setup("clearcpuid=", setup_disablecpuid);
@@ -20618,7 +20608,7 @@ index 6abc172..77b0d1b 100644
DEFINE_PER_CPU_FIRST(union irq_stack_union,
irq_stack_union) __aligned(PAGE_SIZE) __visible;
-@@ -1089,7 +1103,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+@@ -1094,7 +1103,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
EXPORT_PER_CPU_SYMBOL(current_task);
DEFINE_PER_CPU(unsigned long, kernel_stack) =
@@ -20627,7 +20617,7 @@ index 6abc172..77b0d1b 100644
EXPORT_PER_CPU_SYMBOL(kernel_stack);
DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1239,7 +1253,7 @@ void cpu_init(void)
+@@ -1244,7 +1253,7 @@ void cpu_init(void)
load_ucode_ap();
cpu = stack_smp_processor_id();
@@ -20636,7 +20626,7 @@ index 6abc172..77b0d1b 100644
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1274,7 +1288,6 @@ void cpu_init(void)
+@@ -1279,7 +1288,6 @@ void cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
@@ -20644,7 +20634,7 @@ index 6abc172..77b0d1b 100644
enable_x2apic();
/*
-@@ -1326,7 +1339,7 @@ void cpu_init(void)
+@@ -1331,7 +1339,7 @@ void cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
@@ -23545,10 +23535,10 @@ index 1e96c36..3ff710a 100644
/*
* End of kprobes section
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index d4bdd25..912664c 100644
+index e625319..b9abb9d 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
-@@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
+@@ -104,6 +104,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
{
unsigned char replaced[MCOUNT_INSN_SIZE];
@@ -23557,25 +23547,16 @@ index d4bdd25..912664c 100644
/*
* Note: Due to modules and __init, code can
* disappear and change, we need to protect against faulting
-@@ -227,7 +229,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
- unsigned char old[MCOUNT_INSN_SIZE], *new;
+@@ -229,7 +231,7 @@ static int update_ftrace_func(unsigned long ip, void *new)
+ unsigned char old[MCOUNT_INSN_SIZE];
int ret;
-- memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
-+ memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE);
- new = ftrace_call_replace(ip, (unsigned long)func);
+- memcpy(old, (void *)ip, MCOUNT_INSN_SIZE);
++ memcpy(old, (void *)ktla_ktva(ip), MCOUNT_INSN_SIZE);
- /* See comment above by declaration of modifying_ftrace_code */
-@@ -238,7 +240,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
- /* Also update the regs callback function */
- if (!ret) {
- ip = (unsigned long)(&ftrace_regs_call);
-- memcpy(old, &ftrace_regs_call, MCOUNT_INSN_SIZE);
-+ memcpy(old, ktla_ktva((void *)&ftrace_regs_call), MCOUNT_INSN_SIZE);
- new = ftrace_call_replace(ip, (unsigned long)func);
- ret = ftrace_modify_code(ip, old, new);
- }
-@@ -291,7 +293,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size)
+ ftrace_update_func = ip;
+ /* Make sure the breakpoints see the ftrace_update_func update */
+@@ -306,7 +308,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size)
* kernel identity mapping to modify code.
*/
if (within(ip, (unsigned long)_text, (unsigned long)_etext))
@@ -23584,7 +23565,7 @@ index d4bdd25..912664c 100644
return probe_kernel_write((void *)ip, val, size);
}
-@@ -301,7 +303,7 @@ static int add_break(unsigned long ip, const char *old)
+@@ -316,7 +318,7 @@ static int add_break(unsigned long ip, const char *old)
unsigned char replaced[MCOUNT_INSN_SIZE];
unsigned char brk = BREAKPOINT_INSTRUCTION;
@@ -23593,7 +23574,7 @@ index d4bdd25..912664c 100644
return -EFAULT;
/* Make sure it is what we expect it to be */
-@@ -649,7 +651,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
+@@ -664,7 +666,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
return ret;
fail_update:
@@ -23602,15 +23583,6 @@ index d4bdd25..912664c 100644
goto out;
}
-@@ -682,6 +684,8 @@ static int ftrace_mod_jmp(unsigned long ip,
- {
- unsigned char code[MCOUNT_INSN_SIZE];
-
-+ ip = ktla_ktva(ip);
-+
- if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
- return -EFAULT;
-
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 85126cc..1bbce17 100644
--- a/arch/x86/kernel/head64.c
@@ -30828,7 +30800,7 @@ index 903ec1e..c4166b2 100644
}
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 9d591c8..31e52ff 100644
+index 6dea040..31e52ff 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -14,11 +14,18 @@
@@ -31192,16 +31164,7 @@ index 9d591c8..31e52ff 100644
if (error_code & PF_WRITE) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -1001,10 +1209,16 @@ static int fault_in_kernel_space(unsigned long address)
-
- static inline bool smap_violation(int error_code, struct pt_regs *regs)
- {
-+ if (!IS_ENABLED(CONFIG_X86_SMAP))
-+ return false;
-+
-+ if (!static_cpu_has(X86_FEATURE_SMAP))
-+ return false;
-+
+@@ -1010,7 +1218,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
if (error_code & PF_USER)
return false;
@@ -31210,7 +31173,7 @@ index 9d591c8..31e52ff 100644
return false;
return true;
-@@ -1031,6 +1245,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1037,6 +1245,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
/* Get the faulting address: */
address = read_cr2();
@@ -31233,22 +31196,7 @@ index 9d591c8..31e52ff 100644
/*
* Detect and handle instructions that would cause a page fault for
* both a tracked kernel page and a userspace page.
-@@ -1087,11 +1317,9 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
- if (unlikely(error_code & PF_RSVD))
- pgtable_bad(regs, error_code, address);
-
-- if (static_cpu_has(X86_FEATURE_SMAP)) {
-- if (unlikely(smap_violation(error_code, regs))) {
-- bad_area_nosemaphore(regs, error_code, address);
-- return;
-- }
-+ if (unlikely(smap_violation(error_code, regs))) {
-+ bad_area_nosemaphore(regs, error_code, address);
-+ return;
- }
-
- /*
-@@ -1110,7 +1338,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1114,7 +1338,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
@@ -31257,7 +31205,7 @@ index 9d591c8..31e52ff 100644
local_irq_enable();
error_code |= PF_USER;
flags |= FAULT_FLAG_USER;
-@@ -1157,6 +1385,11 @@ retry:
+@@ -1161,6 +1385,11 @@ retry:
might_sleep();
}
@@ -31269,7 +31217,7 @@ index 9d591c8..31e52ff 100644
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1168,18 +1401,24 @@ retry:
+@@ -1172,18 +1401,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
@@ -31305,7 +31253,7 @@ index 9d591c8..31e52ff 100644
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1273,3 +1512,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1277,3 +1512,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
__do_page_fault(regs, error_code);
exception_exit(prev_state);
}
@@ -35088,7 +35036,7 @@ index fa6ade7..73da73a5 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index ce563be..7327d91 100644
+index 3c76c3d..7871755 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
@@ -35098,7 +35046,7 @@ index ce563be..7327d91 100644
-static pteval_t pte_pfn_to_mfn(pteval_t val)
+static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val)
{
- if (val & _PAGE_PRESENT) {
+ if (pteval_present(val)) {
unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
/* L3_k[510] -> level2_kernel_pgt
@@ -38960,10 +38908,10 @@ index 1026743..80b081c 100644
EXPORT_SYMBOL_GPL(edac_device_alloc_index);
diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
-index 9f7e0e60..348c875 100644
+index e5bdf21..b8f9055 100644
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
-@@ -150,7 +150,7 @@ static const char * const edac_caps[] = {
+@@ -152,7 +152,7 @@ static const char * const edac_caps[] = {
struct dev_ch_attribute {
struct device_attribute attr;
int channel;
@@ -38972,7 +38920,7 @@ index 9f7e0e60..348c875 100644
#define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \
struct dev_ch_attribute dev_attr_legacy_##_name = \
-@@ -1007,14 +1007,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
+@@ -1009,14 +1009,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
}
if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) {
@@ -39724,10 +39672,10 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index f13d5ed..8e6f36d 100644
+index a209177..842a89a 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
-@@ -1420,7 +1420,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
+@@ -1419,7 +1419,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
int pipe;
u32 pipe_stats[I915_MAX_PIPES];
@@ -39736,7 +39684,7 @@ index f13d5ed..8e6f36d 100644
while (true) {
iir = I915_READ(VLV_IIR);
-@@ -1730,7 +1730,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
+@@ -1729,7 +1729,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
u32 de_iir, gt_iir, de_ier, sde_ier = 0;
irqreturn_t ret = IRQ_NONE;
@@ -39745,7 +39693,7 @@ index f13d5ed..8e6f36d 100644
/* We get interrupts on unclaimed registers, so check for this before we
* do any I915_{READ,WRITE}. */
-@@ -1800,7 +1800,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg)
+@@ -1799,7 +1799,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg)
uint32_t tmp = 0;
enum pipe pipe;
@@ -39754,7 +39702,7 @@ index f13d5ed..8e6f36d 100644
master_ctl = I915_READ(GEN8_MASTER_IRQ);
master_ctl &= ~GEN8_MASTER_IRQ_CONTROL;
-@@ -2624,7 +2624,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -2623,7 +2623,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
@@ -39763,7 +39711,7 @@ index f13d5ed..8e6f36d 100644
I915_WRITE(HWSTAM, 0xeffe);
-@@ -2642,7 +2642,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -2641,7 +2641,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39772,7 +39720,7 @@ index f13d5ed..8e6f36d 100644
/* VLV magic */
I915_WRITE(VLV_IMR, 0);
-@@ -2673,7 +2673,7 @@ static void gen8_irq_preinstall(struct drm_device *dev)
+@@ -2672,7 +2672,7 @@ static void gen8_irq_preinstall(struct drm_device *dev)
struct drm_i915_private *dev_priv = dev->dev_private;
int pipe;
@@ -39781,7 +39729,7 @@ index f13d5ed..8e6f36d 100644
I915_WRITE(GEN8_MASTER_IRQ, 0);
POSTING_READ(GEN8_MASTER_IRQ);
-@@ -2999,7 +2999,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
+@@ -2998,7 +2998,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
if (!dev_priv)
return;
@@ -39790,7 +39738,7 @@ index f13d5ed..8e6f36d 100644
I915_WRITE(GEN8_MASTER_IRQ, 0);
-@@ -3093,7 +3093,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -3092,7 +3092,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39799,7 +39747,7 @@ index f13d5ed..8e6f36d 100644
for_each_pipe(pipe)
I915_WRITE(PIPESTAT(pipe), 0);
-@@ -3179,7 +3179,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -3178,7 +3178,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -39808,7 +39756,7 @@ index f13d5ed..8e6f36d 100644
iir = I915_READ16(IIR);
if (iir == 0)
-@@ -3254,7 +3254,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -3253,7 +3253,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39817,7 +39765,7 @@ index f13d5ed..8e6f36d 100644
if (I915_HAS_HOTPLUG(dev)) {
I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -3361,7 +3361,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+@@ -3360,7 +3360,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
int pipe, ret = IRQ_NONE;
@@ -39826,7 +39774,7 @@ index f13d5ed..8e6f36d 100644
iir = I915_READ(IIR);
do {
-@@ -3488,7 +3488,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -3487,7 +3487,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -39835,7 +39783,7 @@ index f13d5ed..8e6f36d 100644
I915_WRITE(PORT_HOTPLUG_EN, 0);
I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -3604,7 +3604,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+@@ -3603,7 +3603,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -43638,7 +43586,7 @@ index 3e6d115..ffecdeb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index a49cfcc..20b9a65 100644
+index 63b2e8d..225f16b 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1921,7 +1921,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
@@ -43650,7 +43598,7 @@ index a49cfcc..20b9a65 100644
}
sectors -= s;
sect += s;
-@@ -2148,7 +2148,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2155,7 +2155,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -43723,7 +43671,7 @@ index 06eeb99..770613e 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 03f82ab..374bb38 100644
+index 48cdec8..c7726b1 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1991,21 +1991,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
@@ -49132,10 +49080,10 @@ index df5e961..df6b97f 100644
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index d745f95..6bef2fc 100644
+index 349ebba..ff2a249 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
-@@ -1947,7 +1947,7 @@ int spi_bus_unlock(struct spi_master *master)
+@@ -1945,7 +1945,7 @@ int spi_bus_unlock(struct spi_master *master)
EXPORT_SYMBOL_GPL(spi_bus_unlock);
/* portable code must never pass more than 32 bytes */
@@ -49357,6 +49305,19 @@ index f3108c7..cd4f9da 100644
};
extern int insert_proc(void);
+diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c
+index a4e0472..05d854c 100644
+--- a/drivers/staging/lustre/lustre/llite/dir.c
++++ b/drivers/staging/lustre/lustre/llite/dir.c
+@@ -660,7 +660,7 @@ int ll_dir_setdirstripe(struct inode *dir, struct lmv_user_md *lump,
+ int mode;
+ int err;
+
+- mode = (0755 & (S_IRWXUGO|S_ISVTX) & ~current->fs->umask) | S_IFDIR;
++ mode = (0755 & (S_IRWXUGO|S_ISVTX) & ~current_umask()) | S_IFDIR;
+ op_data = ll_prep_md_op_data(NULL, dir, NULL, filename,
+ strlen(filename), mode, LUSTRE_OPC_MKDIR,
+ lump);
diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c
index 3675020..e80d92c 100644
--- a/drivers/staging/media/solo6x10/solo6x10-core.c
@@ -50070,10 +50031,10 @@ index 1deaca4..c8582d4 100644
tty_port_tty_set(&ch->port, tty);
mutex_lock(&ch->port.mutex);
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
-index c0f76da..d974c32 100644
+index 5056090..c80ca04 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
-@@ -1632,7 +1632,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
+@@ -1643,7 +1643,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
spin_lock_init(&dlci->lock);
mutex_init(&dlci->mutex);
dlci->fifo = &dlci->_fifo;
@@ -50082,7 +50043,7 @@ index c0f76da..d974c32 100644
kfree(dlci);
return NULL;
}
-@@ -2935,7 +2935,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
+@@ -2946,7 +2946,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
struct gsm_dlci *dlci = tty->driver_data;
struct tty_port *port = &dlci->port;
@@ -50092,7 +50053,7 @@ index c0f76da..d974c32 100644
dlci_get(dlci->gsm->dlci[0]);
mux_get(dlci->gsm);
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 34aacaa..dad073b 100644
+index 4c10837..a40ec45 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -114,7 +114,7 @@ struct n_tty_data {
@@ -50104,7 +50065,7 @@ index 34aacaa..dad073b 100644
size_t line_start;
/* protected by output lock */
-@@ -2502,6 +2502,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2504,6 +2504,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
@@ -50974,19 +50935,6 @@ index d0e3a44..5f8b754 100644
if (!perm) {
ret = -EPERM;
goto reterr;
-diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
-index 61b1137..23b5d32 100644
---- a/drivers/tty/vt/vt.c
-+++ b/drivers/tty/vt/vt.c
-@@ -1164,6 +1164,8 @@ static void csi_J(struct vc_data *vc, int vpar)
- scr_memsetw(vc->vc_screenbuf, vc->vc_video_erase_char,
- vc->vc_screenbuf_size >> 1);
- set_origin(vc);
-+ if (CON_IS_VISIBLE(vc))
-+ update_screen(vc);
- /* fall through */
- case 2: /* erase whole display */
- count = vc->vc_cols * vc->vc_rows;
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
index a673e5b..36e5d32 100644
--- a/drivers/uio/uio.c
@@ -51245,10 +51193,10 @@ index 967152a..16fa2e5 100644
dev->rawdescriptors[i] + (*ppos - pos),
min(len, alloclen))) {
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index 6bffb8c..b404e8b 100644
+index d39106c..bfe13a4 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
-@@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1549,7 +1549,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
*/
usb_get_urb(urb);
atomic_inc(&urb->use_count);
@@ -51257,7 +51205,7 @@ index 6bffb8c..b404e8b 100644
usbmon_urb_submit(&hcd->self, urb);
/* NOTE requirements on root-hub callers (usbfs and the hub
-@@ -1577,7 +1577,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1576,7 +1576,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
urb->hcpriv = NULL;
INIT_LIST_HEAD(&urb->urb_list);
atomic_dec(&urb->use_count);
@@ -51267,7 +51215,7 @@ index 6bffb8c..b404e8b 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 07e6654..6420edf 100644
+index ebcd3bf..be93a64 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
@@ -51278,7 +51226,7 @@ index 07e6654..6420edf 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -4442,6 +4443,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -4437,6 +4438,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
goto done;
return;
}
@@ -56828,10 +56776,10 @@ index 849f613..eae6dec 100644
atomic_set(&midCount, 0);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index f918a99..bb300d5 100644
+index 579c6d5..95b6d03353 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
-@@ -787,35 +787,35 @@ struct cifs_tcon {
+@@ -797,35 +797,35 @@ struct cifs_tcon {
__u16 Flags; /* optional support bits */
enum statusEnum tidStatus;
#ifdef CONFIG_CIFS_STATS
@@ -56891,7 +56839,7 @@ index f918a99..bb300d5 100644
} smb2_stats;
#endif /* CONFIG_CIFS_SMB2 */
} stats;
-@@ -1145,7 +1145,7 @@ convert_delimiter(char *path, char delim)
+@@ -1155,7 +1155,7 @@ convert_delimiter(char *path, char delim)
}
#ifdef CONFIG_CIFS_STATS
@@ -56900,7 +56848,7 @@ index f918a99..bb300d5 100644
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
-@@ -1511,8 +1511,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -1521,8 +1521,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
/* Various Debug counters */
GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
#ifdef CONFIG_CIFS_STATS2
@@ -57013,7 +56961,7 @@ index 2f9f379..43f8025 100644
}
diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
-index 5f5ba0d..8d6ef7d 100644
+index ffc9ef9..b3c992b 100644
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
@@ -609,27 +609,27 @@ static void
@@ -58958,7 +58906,7 @@ index 999ff5c..41f4109 100644
sizeof(struct file_handle) + handle_bytes))
retval = -EFAULT;
diff --git a/fs/file.c b/fs/file.c
-index 4a78f98..f9a6d25 100644
+index 9de2026..8e334ca 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -16,6 +16,7 @@
@@ -61499,22 +61447,6 @@ index f4ccfe6..a5cf064 100644
static struct callback_op callback_ops[];
-diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
-index 812154a..c442a74 100644
---- a/fs/nfs/dir.c
-+++ b/fs/nfs/dir.c
-@@ -1837,6 +1837,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
- GFP_KERNEL)) {
- SetPageUptodate(page);
- unlock_page(page);
-+ /*
-+ * add_to_page_cache_lru() grabs an extra page refcount.
-+ * Drop it here to avoid leaking this page later.
-+ */
-+ page_cache_release(page);
- } else
- __free_page(page);
-
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index 00ad1c2..2fde15e 100644
--- a/fs/nfs/inode.c
@@ -73717,7 +73649,7 @@ index 0000000..ae6c028
+}
diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c
new file mode 100644
-index 0000000..78d1680
+index 0000000..1773300
--- /dev/null
+++ b/grsecurity/grsec_ipc.c
@@ -0,0 +1,48 @@
@@ -73740,7 +73672,7 @@ index 0000000..78d1680
+ kgid_t egid;
+
+ if (!grsec_enable_harden_ipc)
-+ return 0;
++ return 1;
+
+ euid = current_euid();
+ egid = current_egid();
@@ -76610,7 +76542,7 @@ index 19f6003..90b64f4 100644
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
/*
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..55203f8 100644
+index 2507fd2..55203f8 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -39,9 +39,34 @@
@@ -76648,19 +76580,6 @@ index ded4299..55203f8 100644
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -75,11 +100,7 @@
- *
- * (asm goto is automatically volatile - the naming reflects this.)
- */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...) do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
-
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 92669cd..cc564c0 100644
--- a/include/linux/compiler.h
@@ -81754,7 +81673,7 @@ index 99c1b4d..562e6f3 100644
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 512ab16..f53e1bf 100644
+index 7454865..29f4bfa 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
@@ -563,7 +563,7 @@ struct usb_device {
@@ -81766,7 +81685,7 @@ index 512ab16..f53e1bf 100644
unsigned long active_duration;
-@@ -1643,7 +1643,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
+@@ -1641,7 +1641,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
extern int usb_control_msg(struct usb_device *dev, unsigned int pipe,
__u8 request, __u8 requesttype, __u16 value, __u16 index,
@@ -89450,7 +89369,7 @@ index 38463d2..68abe92 100644
ftrace_graph_active++;
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index cc2f66f..05edd54 100644
+index 0e337ee..3370631 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -352,9 +352,9 @@ struct buffer_data_page {
@@ -89585,7 +89504,7 @@ index cc2f66f..05edd54 100644
/* set write to only the index of the write */
write &= RB_WRITE_MASK;
-@@ -2408,7 +2408,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
kmemcheck_annotate_bitfield(event, bitfield);
rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
@@ -89594,7 +89513,7 @@ index cc2f66f..05edd54 100644
/*
* If this is the first commit on the page, then update
-@@ -2441,7 +2441,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
unsigned long write_mask =
@@ -89603,7 +89522,7 @@ index cc2f66f..05edd54 100644
unsigned long event_length = rb_event_length(event);
/*
* This is on the tail page. It is possible that
-@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
*/
old_index += write_mask;
new_index += write_mask;
@@ -89612,7 +89531,7 @@ index cc2f66f..05edd54 100644
if (index == old_index) {
/* update counters */
local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2843,7 +2843,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
/* Do the likely case first */
if (likely(bpage->page == (void *)addr)) {
@@ -89621,7 +89540,7 @@ index cc2f66f..05edd54 100644
return;
}
-@@ -2855,7 +2855,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
start = bpage;
do {
if (bpage->page == (void *)addr) {
@@ -89630,7 +89549,7 @@ index cc2f66f..05edd54 100644
return;
}
rb_inc_page(cpu_buffer, &bpage);
-@@ -3139,7 +3139,7 @@ static inline unsigned long
+@@ -3146,7 +3146,7 @@ static inline unsigned long
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
{
return local_read(&cpu_buffer->entries) -
@@ -89639,7 +89558,7 @@ index cc2f66f..05edd54 100644
}
/**
-@@ -3228,7 +3228,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -89648,7 +89567,7 @@ index cc2f66f..05edd54 100644
return ret;
}
-@@ -3251,7 +3251,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -89657,7 +89576,7 @@ index cc2f66f..05edd54 100644
return ret;
}
-@@ -3336,7 +3336,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
/* if you care about this being correct, lock the buffer */
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
@@ -89666,7 +89585,7 @@ index cc2f66f..05edd54 100644
}
return overruns;
-@@ -3512,8 +3512,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3519,8 +3519,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
/*
* Reset the reader page to size zero.
*/
@@ -89677,7 +89596,7 @@ index cc2f66f..05edd54 100644
local_set(&cpu_buffer->reader_page->page->commit, 0);
cpu_buffer->reader_page->real_end = 0;
-@@ -3547,7 +3547,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3554,7 +3554,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
* want to compare with the last_overrun.
*/
smp_mb();
@@ -89686,7 +89605,7 @@ index cc2f66f..05edd54 100644
/*
* Here's the tricky part.
-@@ -4117,8 +4117,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4124,8 +4124,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
cpu_buffer->head_page
= list_entry(cpu_buffer->pages, struct buffer_page, list);
@@ -89697,7 +89616,7 @@ index cc2f66f..05edd54 100644
local_set(&cpu_buffer->head_page->page->commit, 0);
cpu_buffer->head_page->read = 0;
-@@ -4128,14 +4128,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4135,14 +4135,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
INIT_LIST_HEAD(&cpu_buffer->new_pages);
@@ -89716,7 +89635,7 @@ index cc2f66f..05edd54 100644
local_set(&cpu_buffer->dropped_events, 0);
local_set(&cpu_buffer->entries, 0);
local_set(&cpu_buffer->committing, 0);
-@@ -4540,8 +4540,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4547,8 +4547,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
rb_init_page(bpage);
bpage = reader->page;
reader->page = *data_page;
@@ -90478,6 +90397,19 @@ index 7811ed3..f80ca19 100644
static inline void *ptr_to_indirect(void *ptr)
{
+diff --git a/lib/random32.c b/lib/random32.c
+index 1e5b2df..fb616c7 100644
+--- a/lib/random32.c
++++ b/lib/random32.c
+@@ -44,7 +44,7 @@
+ static void __init prandom_state_selftest(void);
+ #endif
+
+-static DEFINE_PER_CPU(struct rnd_state, net_rand_state);
++static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
+
+ /**
+ * prandom_u32_state - seeded pseudo-random number generator.
diff --git a/lib/rbtree.c b/lib/rbtree.c
index 65f4eff..2cfa167 100644
--- a/lib/rbtree.c
@@ -91102,7 +91034,7 @@ index 539eeb9..e24a987 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 6420be5..b7b7c8f 100644
+index 90977ac..487ab84 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -91132,7 +91064,7 @@ index 6420be5..b7b7c8f 100644
{ reserved, reserved, "reserved kernel", me_kernel },
/*
* free pages are specially detected outside this table:
-@@ -1060,7 +1060,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1062,7 +1062,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
nr_pages = 1 << compound_order(hpage);
else /* normal page or thp */
nr_pages = 1;
@@ -91141,7 +91073,7 @@ index 6420be5..b7b7c8f 100644
/*
* We need/can do nothing about count=0 pages.
-@@ -1090,7 +1090,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1092,7 +1092,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
if (!PageHWPoison(hpage)
|| (hwpoison_filter(p) && TestClearPageHWPoison(p))
|| (p != hpage && TestSetPageHWPoison(hpage))) {
@@ -91150,7 +91082,7 @@ index 6420be5..b7b7c8f 100644
return 0;
}
set_page_hwpoison_huge_page(hpage);
-@@ -1159,7 +1159,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1161,7 +1161,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
}
if (hwpoison_filter(p)) {
if (TestClearPageHWPoison(p))
@@ -91159,7 +91091,7 @@ index 6420be5..b7b7c8f 100644
unlock_page(hpage);
put_page(hpage);
return 0;
-@@ -1381,7 +1381,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1383,7 +1383,7 @@ int unpoison_memory(unsigned long pfn)
return 0;
}
if (TestClearPageHWPoison(p))
@@ -91168,7 +91100,7 @@ index 6420be5..b7b7c8f 100644
pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
return 0;
}
-@@ -1395,7 +1395,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1397,7 +1397,7 @@ int unpoison_memory(unsigned long pfn)
*/
if (TestClearPageHWPoison(page)) {
pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
@@ -91177,7 +91109,7 @@ index 6420be5..b7b7c8f 100644
freeit = 1;
if (PageHuge(page))
clear_page_hwpoison_huge_page(page);
-@@ -1520,11 +1520,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+@@ -1522,11 +1522,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -91191,7 +91123,7 @@ index 6420be5..b7b7c8f 100644
}
}
return ret;
-@@ -1563,7 +1563,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1565,7 +1565,7 @@ static int __soft_offline_page(struct page *page, int flags)
put_page(page);
pr_info("soft_offline: %#lx: invalidated\n", pfn);
SetPageHWPoison(page);
@@ -91200,7 +91132,7 @@ index 6420be5..b7b7c8f 100644
return 0;
}
-@@ -1608,7 +1608,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1610,7 +1610,7 @@ static int __soft_offline_page(struct page *page, int flags)
if (!is_free_buddy_page(page))
pr_info("soft offline: %#lx: page leaked\n",
pfn);
@@ -91209,7 +91141,7 @@ index 6420be5..b7b7c8f 100644
}
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1682,11 +1682,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1684,11 +1684,11 @@ int soft_offline_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -99073,7 +99005,7 @@ index da1a1ce..571db8d 100644
if (inet->cmsg_flags)
ip_cmsg_recv(msg, skb);
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index 364ce0c..3ebb5a4 100644
+index b4b61b2..ac84a257 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -826,7 +826,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
@@ -99085,7 +99017,7 @@ index 364ce0c..3ebb5a4 100644
local->_oper_chandef = *chandef;
ieee80211_hw_config(local, 0);
}
-@@ -3308,7 +3308,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
+@@ -3311,7 +3311,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
else
local->probe_req_reg--;
@@ -99094,7 +99026,7 @@ index 364ce0c..3ebb5a4 100644
break;
ieee80211_queue_work(&local->hw, &local->reconfig_filter);
-@@ -3771,8 +3771,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
+@@ -3774,8 +3774,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
if (chanctx_conf) {
*chandef = chanctx_conf->def;
ret = 0;
@@ -102033,7 +101965,7 @@ index 2dcb377..a82c500 100644
kallsymso=""
kallsyms_vmlinux=""
diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index 2370863..212fbca 100644
+index 25e5cb0..6e85821 100644
--- a/scripts/mod/file2alias.c
+++ b/scripts/mod/file2alias.c
@@ -142,7 +142,7 @@ static void device_id_check(const char *modname, const char *device_id,
@@ -106500,10 +106432,10 @@ index 0000000..dd73713
+}
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
new file mode 100644
-index 0000000..7e39d81
+index 0000000..1a98bed
--- /dev/null
+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,403 @@
+@@ -0,0 +1,451 @@
+/*
+ * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -106532,7 +106464,7 @@ index 0000000..7e39d81
+static tree latent_entropy_decl;
+
+static struct plugin_info latent_entropy_plugin_info = {
-+ .version = "201402210120",
++ .version = "201402240545",
+ .help = NULL
+};
+
@@ -106555,6 +106487,12 @@ index 0000000..7e39d81
+static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
+{
+ tree type;
++ unsigned long long mask;
++#if BUILDING_GCC_VERSION <= 4007
++ VEC(constructor_elt, gc) *vals;
++#else
++ vec<constructor_elt, va_gc> *vals;
++#endif
+
+ switch (TREE_CODE(*node)) {
+ default:
@@ -106579,22 +106517,64 @@ index 0000000..7e39d81
+ switch (TREE_CODE(type)) {
+ default:
+ *no_add_attrs = true;
-+ error("variable %qD with %qE attribute must be an integer or a fixed length integer array type", *node, name);
++ error("variable %qD with %qE attribute must be an integer or a fixed length integer array type or a fixed sized structure with integer fields", *node, name);
++ break;
++
++ case RECORD_TYPE: {
++ tree field;
++ unsigned int nelt = 0;
++
++ for (field = TYPE_FIELDS(type); field; nelt++, field = TREE_CHAIN(field)) {
++ tree fieldtype;
++
++ fieldtype = TREE_TYPE(field);
++ if (TREE_CODE(fieldtype) != INTEGER_TYPE) {
++ *no_add_attrs = true;
++ error("structure variable %qD with %qE attribute has a non-integer field %qE", *node, name, field);
++ break;
++ }
++ }
++
++ if (field)
++ break;
++
++#if BUILDING_GCC_VERSION <= 4007
++ vals = VEC_alloc(constructor_elt, gc, nelt);
++#else
++ vec_alloc(vals, nelt);
++#endif
++
++ for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
++ tree fieldtype;
++
++ fieldtype = TREE_TYPE(field);
++ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(fieldtype)) - 1);
++ mask = 2 * (mask - 1) + 1;
++
++ if (TYPE_UNSIGNED(fieldtype))
++ CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cstu(fieldtype, mask & get_random_const()));
++ else
++ CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cst(fieldtype, mask & get_random_const()));
++ }
++
++ DECL_INITIAL(*node) = build_constructor(type, vals);
++//debug_tree(DECL_INITIAL(*node));
+ break;
++ }
+
+ case INTEGER_TYPE:
-+ DECL_INITIAL(*node) = build_int_cstu(type, get_random_const());
++ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(type)) - 1);
++ mask = 2 * (mask - 1) + 1;
++
++ if (TYPE_UNSIGNED(type))
++ DECL_INITIAL(*node) = build_int_cstu(type, mask & get_random_const());
++ else
++ DECL_INITIAL(*node) = build_int_cst(type, mask & get_random_const());
+ break;
+
+ case ARRAY_TYPE: {
+ tree elt_type, array_size, elt_size;
-+ unsigned long long mask;
+ unsigned int i, nelt;
-+#if BUILDING_GCC_VERSION <= 4007
-+ VEC(constructor_elt, gc) *vals;
-+#else
-+ vec<constructor_elt, va_gc> *vals;
-+#endif
+
+ elt_type = TREE_TYPE(type);
+ elt_size = TYPE_SIZE_UNIT(TREE_TYPE(type));
@@ -106602,7 +106582,7 @@ index 0000000..7e39d81
+
+ if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) {
+ *no_add_attrs = true;
-+ error("variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
++ error("array variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
+ break;
+ }
+
diff --git a/3.13.3/4425_grsec_remove_EI_PAX.patch b/3.13.5/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.13.3/4425_grsec_remove_EI_PAX.patch
rename to 3.13.5/4425_grsec_remove_EI_PAX.patch
diff --git a/3.13.3/4427_force_XATTR_PAX_tmpfs.patch b/3.13.5/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.13.3/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.13.5/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.13.3/4430_grsec-remove-localversion-grsec.patch b/3.13.5/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.13.3/4430_grsec-remove-localversion-grsec.patch
rename to 3.13.5/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.13.3/4435_grsec-mute-warnings.patch b/3.13.5/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.13.3/4435_grsec-mute-warnings.patch
rename to 3.13.5/4435_grsec-mute-warnings.patch
diff --git a/3.13.3/4440_grsec-remove-protected-paths.patch b/3.13.5/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.13.3/4440_grsec-remove-protected-paths.patch
rename to 3.13.5/4440_grsec-remove-protected-paths.patch
diff --git a/3.13.3/4450_grsec-kconfig-default-gids.patch b/3.13.5/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.13.3/4450_grsec-kconfig-default-gids.patch
rename to 3.13.5/4450_grsec-kconfig-default-gids.patch
diff --git a/3.13.3/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.5/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.13.3/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.13.5/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.13.3/4470_disable-compat_vdso.patch b/3.13.5/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.13.3/4470_disable-compat_vdso.patch
rename to 3.13.5/4470_disable-compat_vdso.patch
diff --git a/3.13.3/4475_emutramp_default_on.patch b/3.13.5/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.13.3/4475_emutramp_default_on.patch
rename to 3.13.5/4475_emutramp_default_on.patch
diff --git a/3.2.55/0000_README b/3.2.55/0000_README
index f58c905..0a4207c 100644
--- a/3.2.55/0000_README
+++ b/3.2.55/0000_README
@@ -138,7 +138,7 @@ Patch: 1054_linux-3.2.55.patch
From: http://www.kernel.org
Desc: Linux 3.2.55
-Patch: 4420_grsecurity-3.0-3.2.55-201402221305.patch
+Patch: 4420_grsecurity-3.0-3.2.55-201402241936.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201402241936.patch
similarity index 99%
rename from 3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch
rename to 3.2.55/4420_grsecurity-3.0-3.2.55-201402241936.patch
index 8c95615..f875551 100644
--- a/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch
+++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201402241936.patch
@@ -71890,7 +71890,7 @@ index 0000000..7bcfc7a
+}
diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c
new file mode 100644
-index 0000000..5377493
+index 0000000..28dbb82
--- /dev/null
+++ b/grsecurity/grsec_ipc.c
@@ -0,0 +1,48 @@
@@ -71913,7 +71913,7 @@ index 0000000..5377493
+ gid_t egid;
+
+ if (!grsec_enable_harden_ipc)
-+ return 0;
++ return 1;
+
+ euid = current_euid();
+ egid = current_egid();
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-02-25 14:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-25 14:57 [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.55/, 3.13.5/, 3.13.3/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox