Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.45/, 2.6.32/, 3.9.4/
Date: Sun, 02 Jun 2013 19:19:42
Message-Id: 1370200763.eda95dd2718f4d0606694398aaaf1fd652b5f712.blueness@gentoo
1 commit: eda95dd2718f4d0606694398aaaf1fd652b5f712
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jun 2 19:19:23 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Jun 2 19:19:23 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=eda95dd2
7
8 Grsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.4}-201306011536
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.60-201306011535.patch} | 26 +-
13 3.2.45/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.2.46-201306011535.patch} | 350 +++++++++------------
15 3.9.4/0000_README | 2 +-
16 ...4420_grsecurity-2.9.1-3.9.4-201306011536.patch} | 61 +++-
17 6 files changed, 224 insertions(+), 219 deletions(-)
18
19 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20 index 1fce241..4edfd58 100644
21 --- a/2.6.32/0000_README
22 +++ b/2.6.32/0000_README
23 @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
24 From: http://www.kernel.org
25 Desc: Linux 2.6.32.59
26
27 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201305301924.patch
28 +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305301924.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch
34 similarity index 99%
35 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305301924.patch
36 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch
37 index 220fd66..eb29409 100644
38 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305301924.patch
39 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201306011535.patch
40 @@ -71445,6 +71445,20 @@ index e941367..b631f5a 100644
41
42 ret = uio_get_minor(idev);
43 if (ret)
44 +diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
45 +index 56802d2..420c771 100644
46 +--- a/drivers/usb/atm/cxacru.c
47 ++++ b/drivers/usb/atm/cxacru.c
48 +@@ -580,7 +580,8 @@ static int cxacru_cm_get_array(struct cxacru_data *instance, enum cxacru_cm_requ
49 + {
50 + int ret, len;
51 + __le32 *buf;
52 +- int offb, offd;
53 ++ int offb;
54 ++ unsigned int offd;
55 + const int stride = CMD_PACKET_SIZE / (4 * 2) - 1;
56 + int buflen = ((size - 1) / stride + 1 + size * 2) * 4;
57 +
58 diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
59 index fbea856..06efea6 100644
60 --- a/drivers/usb/atm/usbatm.c
61 @@ -111118,7 +111132,7 @@ index aaca868..2ebecdc 100644
62 err = -EPERM;
63 goto out;
64 diff --git a/mm/mlock.c b/mm/mlock.c
65 -index 2d846cf..8d5cdd8 100644
66 +index 2d846cf..ca1e492 100644
67 --- a/mm/mlock.c
68 +++ b/mm/mlock.c
69 @@ -13,6 +13,7 @@
70 @@ -111195,7 +111209,7 @@ index 2d846cf..8d5cdd8 100644
71 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
72 error = do_mlock(start, len, 1);
73 up_write(&current->mm->mmap_sem);
74 -@@ -528,17 +525,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
75 +@@ -528,16 +525,21 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
76 static int do_mlockall(int flags)
77 {
78 struct vm_area_struct * vma, * prev = NULL;
79 @@ -111213,17 +111227,15 @@ index 2d846cf..8d5cdd8 100644
80 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
81 - unsigned int newflags;
82 + unsigned long newflags;
83 -
84 ++
85 +#ifdef CONFIG_PAX_SEGMEXEC
86 + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
87 + break;
88 +#endif
89 -+
90 -+ BUG_ON(vma->vm_end > TASK_SIZE);
91 +
92 newflags = vma->vm_flags | VM_LOCKED;
93 if (!(flags & MCL_CURRENT))
94 - newflags &= ~VM_LOCKED;
95 -@@ -570,6 +573,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
96 +@@ -570,6 +572,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
97 lock_limit >>= PAGE_SHIFT;
98
99 ret = -ENOMEM;
100
101 diff --git a/3.2.45/0000_README b/3.2.45/0000_README
102 index c1bb1b0..00f8a3a 100644
103 --- a/3.2.45/0000_README
104 +++ b/3.2.45/0000_README
105 @@ -98,7 +98,7 @@ Patch: 1044_linux-3.2.45.patch
106 From: http://www.kernel.org
107 Desc: Linux 3.2.45
108
109 -Patch: 4420_grsecurity-2.9.1-3.2.45-201305301925.patch
110 +Patch: 4420_grsecurity-2.9.1-3.2.46-201306011535.patch
111 From: http://www.grsecurity.net
112 Desc: hardened-sources base patch from upstream grsecurity
113
114
115 diff --git a/3.2.45/4420_grsecurity-2.9.1-3.2.45-201305301925.patch b/3.2.45/4420_grsecurity-2.9.1-3.2.46-201306011535.patch
116 similarity index 99%
117 rename from 3.2.45/4420_grsecurity-2.9.1-3.2.45-201305301925.patch
118 rename to 3.2.45/4420_grsecurity-2.9.1-3.2.46-201306011535.patch
119 index 4aeabd6..6555c18 100644
120 --- a/3.2.45/4420_grsecurity-2.9.1-3.2.45-201305301925.patch
121 +++ b/3.2.45/4420_grsecurity-2.9.1-3.2.46-201306011535.patch
122 @@ -196,10 +196,10 @@ index dfa6fc6..fad9813 100644
123 +zconf.lex.c
124 zoffset.h
125 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
126 -index 897f223..cbe33de 100644
127 +index 2ba8272..187c634 100644
128 --- a/Documentation/kernel-parameters.txt
129 +++ b/Documentation/kernel-parameters.txt
130 -@@ -853,6 +853,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
131 +@@ -859,6 +859,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
132 gpt [EFI] Forces disk with valid GPT signature but
133 invalid Protective MBR to be treated as GPT.
134
135 @@ -209,7 +209,7 @@ index 897f223..cbe33de 100644
136 hashdist= [KNL,NUMA] Large hashes allocated during boot
137 are distributed across NUMA nodes. Defaults on
138 for 64-bit NUMA, off otherwise.
139 -@@ -1954,6 +1957,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
140 +@@ -1960,6 +1963,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
141 the specified number of seconds. This is to be used if
142 your oopses keep scrolling off the screen.
143
144 @@ -262,7 +262,7 @@ index 88fd7f5..b318a78 100644
145 ==============================================================
146
147 diff --git a/Makefile b/Makefile
148 -index 9072fee..85e58c2 100644
149 +index f600582..30efca3 100644
150 --- a/Makefile
151 +++ b/Makefile
152 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
153 @@ -19064,7 +19064,7 @@ index 8c96897..be66bfa 100644
154 return -EPERM;
155 }
156 diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
157 -index 429e0c9..17b3ece 100644
158 +index fb2eb32..62793bd 100644
159 --- a/arch/x86/kernel/irq.c
160 +++ b/arch/x86/kernel/irq.c
161 @@ -18,7 +18,7 @@
162 @@ -19088,19 +19088,15 @@ index 429e0c9..17b3ece 100644
163 #endif
164 return 0;
165 }
166 -@@ -159,10 +159,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
167 +@@ -159,7 +159,7 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
168
169 u64 arch_irq_stat(void)
170 {
171 - u64 sum = atomic_read(&irq_err_count);
172 + u64 sum = atomic_read_unchecked(&irq_err_count);
173 -
174 - #ifdef CONFIG_X86_IO_APIC
175 -- sum += atomic_read(&irq_mis_count);
176 -+ sum += atomic_read_unchecked(&irq_mis_count);
177 - #endif
178 return sum;
179 }
180 +
181 diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
182 index 7209070..cbcd71a 100644
183 --- a/arch/x86/kernel/irq_32.c
184 @@ -22372,7 +22368,7 @@ index 94a4672..5c6b853 100644
185
186 local_irq_disable();
187 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
188 -index 407789b..8bde3e2 100644
189 +index aac5ea7..266eda9 100644
190 --- a/arch/x86/kvm/vmx.c
191 +++ b/arch/x86/kvm/vmx.c
192 @@ -1099,12 +1099,12 @@ static void vmcs_write64(unsigned long field, u64 value)
193 @@ -22447,7 +22443,7 @@ index 407789b..8bde3e2 100644
194
195 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
196 vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
197 -@@ -6172,6 +6186,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
198 +@@ -6178,6 +6192,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
199 "jmp .Lkvm_vmx_return \n\t"
200 ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
201 ".Lkvm_vmx_return: "
202 @@ -22460,7 +22456,7 @@ index 407789b..8bde3e2 100644
203 /* Save guest registers, load host registers, keep flags */
204 "mov %0, %c[wordsize](%%"R"sp) \n\t"
205 "pop %0 \n\t"
206 -@@ -6220,6 +6240,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
207 +@@ -6226,6 +6246,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
208 #endif
209 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
210 [wordsize]"i"(sizeof(ulong))
211 @@ -22472,7 +22468,7 @@ index 407789b..8bde3e2 100644
212 : "cc", "memory"
213 , R"ax", R"bx", R"di", R"si"
214 #ifdef CONFIG_X86_64
215 -@@ -6248,7 +6273,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
216 +@@ -6254,7 +6279,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
217 }
218 }
219
220 @@ -29528,7 +29524,7 @@ index 153407c..611cba9 100644
221 -}
222 -__setup("vdso=", vdso_setup);
223 diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
224 -index 044f5d9..d4e3e58 100644
225 +index 5189fe8..d937469 100644
226 --- a/arch/x86/xen/enlighten.c
227 +++ b/arch/x86/xen/enlighten.c
228 @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
229 @@ -29540,7 +29536,7 @@ index 044f5d9..d4e3e58 100644
230 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
231 __read_mostly int xen_have_vector_callback;
232 EXPORT_SYMBOL_GPL(xen_have_vector_callback);
233 -@@ -367,8 +365,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
234 +@@ -382,8 +380,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
235 {
236 unsigned long va = dtr->address;
237 unsigned int size = dtr->size + 1;
238 @@ -29550,7 +29546,7 @@ index 044f5d9..d4e3e58 100644
239 int f;
240
241 /*
242 -@@ -416,8 +413,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
243 +@@ -431,8 +428,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
244 {
245 unsigned long va = dtr->address;
246 unsigned int size = dtr->size + 1;
247 @@ -29560,7 +29556,7 @@ index 044f5d9..d4e3e58 100644
248 int f;
249
250 /*
251 -@@ -425,7 +421,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
252 +@@ -440,7 +436,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
253 * 8-byte entries, or 16 4k pages..
254 */
255
256 @@ -29569,7 +29565,7 @@ index 044f5d9..d4e3e58 100644
257 BUG_ON(va & ~PAGE_MASK);
258
259 for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
260 -@@ -1057,30 +1053,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
261 +@@ -1072,30 +1068,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
262 #endif
263 };
264
265 @@ -29607,7 +29603,7 @@ index 044f5d9..d4e3e58 100644
266 {
267 if (pm_power_off)
268 pm_power_off();
269 -@@ -1181,7 +1177,17 @@ asmlinkage void __init xen_start_kernel(void)
270 +@@ -1196,7 +1192,17 @@ asmlinkage void __init xen_start_kernel(void)
271 __userpte_alloc_gfp &= ~__GFP_HIGHMEM;
272
273 /* Work out if we support NX */
274 @@ -29626,7 +29622,7 @@ index 044f5d9..d4e3e58 100644
275
276 xen_setup_features();
277
278 -@@ -1212,13 +1218,6 @@ asmlinkage void __init xen_start_kernel(void)
279 +@@ -1227,13 +1233,6 @@ asmlinkage void __init xen_start_kernel(void)
280
281 machine_ops = xen_machine_ops;
282
283 @@ -29640,7 +29636,7 @@ index 044f5d9..d4e3e58 100644
284 xen_smp_init();
285
286 #ifdef CONFIG_ACPI_NUMA
287 -@@ -1403,7 +1402,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
288 +@@ -1418,7 +1417,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
289 return NOTIFY_OK;
290 }
291
292 @@ -31890,7 +31886,7 @@ index af2a250..0fdeb75 100644
293 cn_reply->len = sizeof(struct drbd_nl_cfg_reply) +
294 (int)((char *)tl - (char *)reply->tag_list);
295 diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
296 -index 43beaca..32e74a7 100644
297 +index 13cbdd3..d374957 100644
298 --- a/drivers/block/drbd/drbd_receiver.c
299 +++ b/drivers/block/drbd/drbd_receiver.c
300 @@ -894,7 +894,7 @@ retry:
301 @@ -31969,7 +31965,7 @@ index 43beaca..32e74a7 100644
302 atomic_inc(&e->epoch->active);
303 spin_unlock(&mdev->epoch_lock);
304
305 -@@ -3638,7 +3638,7 @@ struct data_cmd {
306 +@@ -3637,7 +3637,7 @@ struct data_cmd {
307 int expect_payload;
308 size_t pkt_size;
309 drbd_cmd_handler_f function;
310 @@ -31978,7 +31974,7 @@ index 43beaca..32e74a7 100644
311
312 static struct data_cmd drbd_cmd_handler[] = {
313 [P_DATA] = { 1, sizeof(struct p_data), receive_Data },
314 -@@ -3885,7 +3885,7 @@ static void drbd_disconnect(struct drbd_conf *mdev)
315 +@@ -3884,7 +3884,7 @@ static void drbd_disconnect(struct drbd_conf *mdev)
316 D_ASSERT(list_empty(&mdev->done_ee));
317
318 /* ok, no more ee's on the fly, it is safe to reset the epoch_size */
319 @@ -31987,7 +31983,7 @@ index 43beaca..32e74a7 100644
320 D_ASSERT(list_empty(&mdev->current_epoch->list));
321 }
322
323 -@@ -4493,7 +4493,7 @@ static int got_skip(struct drbd_conf *mdev, struct p_header80 *h)
324 +@@ -4492,7 +4492,7 @@ static int got_skip(struct drbd_conf *mdev, struct p_header80 *h)
325 struct asender_cmd {
326 size_t pkt_size;
327 int (*process)(struct drbd_conf *mdev, struct p_header80 *h);
328 @@ -32173,22 +32169,6 @@ index 14d49e4..d331fd8 100644
329 struct hpet_info *info)
330 {
331 struct hpet_timer __iomem *timer;
332 -diff --git a/drivers/char/ipmi/ipmi_bt_sm.c b/drivers/char/ipmi/ipmi_bt_sm.c
333 -index 3ed20e8..92ce302 100644
334 ---- a/drivers/char/ipmi/ipmi_bt_sm.c
335 -+++ b/drivers/char/ipmi/ipmi_bt_sm.c
336 -@@ -95,9 +95,9 @@ struct si_sm_data {
337 - enum bt_states state;
338 - unsigned char seq; /* BT sequence number */
339 - struct si_sm_io *io;
340 -- unsigned char write_data[IPMI_MAX_MSG_LENGTH];
341 -+ unsigned char write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
342 - int write_count;
343 -- unsigned char read_data[IPMI_MAX_MSG_LENGTH];
344 -+ unsigned char read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
345 - int read_count;
346 - int truncated;
347 - long timeout; /* microseconds countdown */
348 diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
349 index 58c0e63..46c16bf 100644
350 --- a/drivers/char/ipmi/ipmi_msghandler.c
351 @@ -32432,7 +32412,7 @@ index da3cfee..a5a6606 100644
352
353 *ppos = i;
354 diff --git a/drivers/char/random.c b/drivers/char/random.c
355 -index 8ae9235..788c4ba 100644
356 +index b651733..788c4ba 100644
357 --- a/drivers/char/random.c
358 +++ b/drivers/char/random.c
359 @@ -269,8 +269,13 @@
360 @@ -32494,43 +32474,20 @@ index 8ae9235..788c4ba 100644
361
362 /* Hold lock while accounting */
363 spin_lock_irqsave(&r->lock, flags);
364 -@@ -889,19 +903,25 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
365 - if (r->entropy_count / 8 < min + reserved) {
366 - nbytes = 0;
367 - } else {
368 -+ int entropy_count, orig;
369 -+retry:
370 -+ entropy_count = orig = ACCESS_ONCE(r->entropy_count);
371 - /* If limited, never pull more than available */
372 -- if (r->limit && nbytes + reserved >= r->entropy_count / 8)
373 -- nbytes = r->entropy_count/8 - reserved;
374 -+ if (r->limit && nbytes + reserved >= entropy_count / 8)
375 -+ nbytes = entropy_count/8 - reserved;
376 -
377 -- if (r->entropy_count / 8 >= nbytes + reserved)
378 -- r->entropy_count -= nbytes*8;
379 -- else
380 -- r->entropy_count = reserved;
381 --
382 -- if (r->entropy_count < random_write_wakeup_thresh) {
383 +@@ -906,10 +920,8 @@ retry:
384 + goto retry;
385 + }
386 +
387 +- if (entropy_count < random_write_wakeup_thresh) {
388 - wake_up_interruptible(&random_write_wait);
389 - kill_fasync(&fasync, SIGIO, POLL_OUT);
390 -+ if (entropy_count / 8 >= nbytes + reserved) {
391 -+ entropy_count -= nbytes*8;
392 -+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
393 -+ goto retry;
394 -+ } else {
395 -+ entropy_count = reserved;
396 -+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
397 -+ goto retry;
398 - }
399 -+
400 +- }
401 + if (entropy_count < random_write_wakeup_thresh)
402 + wakeup_write = 1;
403 }
404
405 DEBUG_ENT("debiting %d entropy credits from %s%s\n",
406 -@@ -909,6 +929,11 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
407 +@@ -917,6 +929,11 @@ retry:
408
409 spin_unlock_irqrestore(&r->lock, flags);
410
411 @@ -32542,7 +32499,7 @@ index 8ae9235..788c4ba 100644
412 return nbytes;
413 }
414
415 -@@ -978,6 +1003,21 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
416 +@@ -986,6 +1003,21 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
417 {
418 ssize_t ret = 0, i;
419 __u8 tmp[EXTRACT_SIZE];
420 @@ -32564,7 +32521,7 @@ index 8ae9235..788c4ba 100644
421
422 xfer_secondary_pool(r, nbytes);
423 nbytes = account(r, nbytes, min, reserved);
424 -@@ -986,8 +1026,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
425 +@@ -994,8 +1026,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
426 extract_buf(r, tmp);
427
428 if (fips_enabled) {
429 @@ -32573,7 +32530,7 @@ index 8ae9235..788c4ba 100644
430 spin_lock_irqsave(&r->lock, flags);
431 if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
432 panic("Hardware RNG duplicated output!\n");
433 -@@ -1028,7 +1066,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
434 +@@ -1036,7 +1066,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
435
436 extract_buf(r, tmp);
437 i = min_t(int, nbytes, EXTRACT_SIZE);
438 @@ -32582,7 +32539,7 @@ index 8ae9235..788c4ba 100644
439 ret = -EFAULT;
440 break;
441 }
442 -@@ -1105,6 +1143,7 @@ static void init_std_data(struct entropy_store *r)
443 +@@ -1113,6 +1143,7 @@ static void init_std_data(struct entropy_store *r)
444
445 r->entropy_count = 0;
446 r->entropy_total = 0;
447 @@ -32590,7 +32547,7 @@ index 8ae9235..788c4ba 100644
448 mix_pool_bytes(r, &now, sizeof(now), NULL);
449 for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) {
450 if (!arch_get_random_long(&rv))
451 -@@ -1379,7 +1418,7 @@ EXPORT_SYMBOL(generate_random_uuid);
452 +@@ -1387,7 +1418,7 @@ EXPORT_SYMBOL(generate_random_uuid);
453 #include <linux/sysctl.h>
454
455 static int min_read_thresh = 8, min_write_thresh;
456 @@ -32599,7 +32556,7 @@ index 8ae9235..788c4ba 100644
457 static int max_write_thresh = INPUT_POOL_WORDS * 32;
458 static char sysctl_bootid[16];
459
460 -@@ -1395,7 +1434,7 @@ static char sysctl_bootid[16];
461 +@@ -1403,7 +1434,7 @@ static char sysctl_bootid[16];
462 static int proc_do_uuid(ctl_table *table, int write,
463 void __user *buffer, size_t *lenp, loff_t *ppos)
464 {
465 @@ -33403,10 +33360,10 @@ index 4cd392d..4b629e1 100644
466 iounmap(buf);
467 return 0;
468 diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
469 -index b15c0aa..9a15a68 100644
470 +index 2a64e69..ac8fe51 100644
471 --- a/drivers/firmware/efivars.c
472 +++ b/drivers/firmware/efivars.c
473 -@@ -1233,7 +1233,7 @@ efivar_create_sysfs_entry(struct efivars *efivars,
474 +@@ -1221,7 +1221,7 @@ efivar_create_sysfs_entry(struct efivars *efivars,
475 static int
476 create_efivars_bin_attributes(struct efivars *efivars)
477 {
478 @@ -33415,7 +33372,7 @@ index b15c0aa..9a15a68 100644
479 int error;
480
481 /* new_var */
482 -@@ -1425,7 +1425,7 @@ out:
483 +@@ -1413,7 +1413,7 @@ out:
484 }
485 EXPORT_SYMBOL_GPL(register_efivars);
486
487 @@ -33905,10 +33862,10 @@ index 9b4e5c6..d7ec240 100644
488 mutex_unlock(&dev->struct_mutex);
489
490 diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
491 -index c77fc67..4057c13 100644
492 +index ca67338..0003ba7 100644
493 --- a/drivers/gpu/drm/i915/i915_dma.c
494 +++ b/drivers/gpu/drm/i915/i915_dma.c
495 -@@ -1166,7 +1166,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
496 +@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
497 bool can_switch;
498
499 spin_lock(&dev->count_lock);
500 @@ -33918,7 +33875,7 @@ index c77fc67..4057c13 100644
501 return can_switch;
502 }
503 diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
504 -index 20cd295..052b178 100644
505 +index 144d37c..bf1110f 100644
506 --- a/drivers/gpu/drm/i915/i915_drv.h
507 +++ b/drivers/gpu/drm/i915/i915_drv.h
508 @@ -320,7 +320,7 @@ typedef struct drm_i915_private {
509 @@ -33930,7 +33887,7 @@ index 20cd295..052b178 100644
510
511 /* protects the irq masks */
512 spinlock_t irq_lock;
513 -@@ -898,7 +898,7 @@ struct drm_i915_gem_object {
514 +@@ -897,7 +897,7 @@ struct drm_i915_gem_object {
515 * will be page flipped away on the next vblank. When it
516 * reaches 0, dev_priv->pending_flip_queue will be woken up.
517 */
518 @@ -33939,7 +33896,7 @@ index 20cd295..052b178 100644
519 };
520
521 #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base)
522 -@@ -1275,7 +1275,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
523 +@@ -1274,7 +1274,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
524 extern void intel_teardown_gmbus(struct drm_device *dev);
525 extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
526 extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
527 @@ -39511,10 +39468,10 @@ index d0893e4..14b0d44 100644
528 .init = loopback_net_init,
529 };
530 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
531 -index 544ac06..0064ab3 100644
532 +index 301b39e..345c414 100644
533 --- a/drivers/net/macvlan.c
534 +++ b/drivers/net/macvlan.c
535 -@@ -789,13 +789,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
536 +@@ -790,13 +790,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
537 int macvlan_link_register(struct rtnl_link_ops *ops)
538 {
539 /* common fields */
540 @@ -39537,7 +39494,7 @@ index 544ac06..0064ab3 100644
541
542 return rtnl_link_register(ops);
543 };
544 -@@ -851,7 +853,7 @@ static int macvlan_device_event(struct notifier_block *unused,
545 +@@ -852,7 +854,7 @@ static int macvlan_device_event(struct notifier_block *unused,
546 return NOTIFY_DONE;
547 }
548
549 @@ -42546,7 +42503,7 @@ index 7735027..30eed13 100644
550
551 pDevice->apdev->type = ARPHRD_IEEE80211;
552 diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c
553 -index 51b5adf..098e320 100644
554 +index df8ea25..47dd9c6 100644
555 --- a/drivers/staging/vt6656/hostap.c
556 +++ b/drivers/staging/vt6656/hostap.c
557 @@ -80,14 +80,13 @@ static int msglevel =MSG_LEVEL_INFO;
558 @@ -42630,6 +42587,48 @@ index 3effde2..dda7d46 100644
559 if (hdr->flags & ISCSI_FLAG_CMD_FINAL)
560 if (--cmd->outstanding_r2ts < 1) {
561 iscsit_stop_dataout_timer(cmd);
562 +diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c
563 +index 5b77316..db313ba 100644
564 +--- a/drivers/target/iscsi/iscsi_target_parameters.c
565 ++++ b/drivers/target/iscsi/iscsi_target_parameters.c
566 +@@ -713,9 +713,9 @@ static int iscsi_add_notunderstood_response(
567 + }
568 + INIT_LIST_HEAD(&extra_response->er_list);
569 +
570 +- strncpy(extra_response->key, key, strlen(key) + 1);
571 +- strncpy(extra_response->value, NOTUNDERSTOOD,
572 +- strlen(NOTUNDERSTOOD) + 1);
573 ++ strlcpy(extra_response->key, key, sizeof(extra_response->key));
574 ++ strlcpy(extra_response->value, NOTUNDERSTOOD,
575 ++ sizeof(extra_response->value));
576 +
577 + list_add_tail(&extra_response->er_list,
578 + &param_list->extra_response_list);
579 +@@ -1572,8 +1572,6 @@ int iscsi_decode_text_input(
580 +
581 + if (phase & PHASE_SECURITY) {
582 + if (iscsi_check_for_auth_key(key) > 0) {
583 +- char *tmpptr = key + strlen(key);
584 +- *tmpptr = '=';
585 + kfree(tmpbuf);
586 + return 1;
587 + }
588 +diff --git a/drivers/target/iscsi/iscsi_target_parameters.h b/drivers/target/iscsi/iscsi_target_parameters.h
589 +index 6a37fd6..83eed65 100644
590 +--- a/drivers/target/iscsi/iscsi_target_parameters.h
591 ++++ b/drivers/target/iscsi/iscsi_target_parameters.h
592 +@@ -1,8 +1,10 @@
593 + #ifndef ISCSI_PARAMETERS_H
594 + #define ISCSI_PARAMETERS_H
595 +
596 ++#include <scsi/iscsi_proto.h>
597 ++
598 + struct iscsi_extra_response {
599 +- char key[64];
600 ++ char key[KEY_MAXLEN];
601 + char value[32];
602 + struct list_head er_list;
603 + } ____cacheline_aligned;
604 diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c
605 index 6845228..df77141 100644
606 --- a/drivers/target/target_core_tmr.c
607 @@ -42977,10 +42976,10 @@ index d190269..f59727e 100644
608 return NULL;
609 }
610 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
611 -index 8481aae..e1a589c 100644
612 +index 0f8a785..64c35dd 100644
613 --- a/drivers/tty/n_tty.c
614 +++ b/drivers/tty/n_tty.c
615 -@@ -2124,6 +2124,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
616 +@@ -2132,6 +2132,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
617 {
618 *ops = tty_ldisc_N_TTY;
619 ops->owner = NULL;
620 @@ -43384,7 +43383,7 @@ index a783d53..cb30d94 100644
621 ret = uio_get_minor(idev);
622 if (ret)
623 diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
624 -index a845f8b..4f54072 100644
625 +index 9497171..bfeecaf 100644
626 --- a/drivers/usb/atm/cxacru.c
627 +++ b/drivers/usb/atm/cxacru.c
628 @@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev,
629 @@ -48549,7 +48548,7 @@ index 8d4d53d..d0dec4c 100644
630 do_chunk_alloc(trans, root->fs_info->extent_root,
631 num_bytes, data, CHUNK_ALLOC_FORCE);
632 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
633 -index c04f02c..f5c9e2e 100644
634 +index 618ae6f..118fe0c 100644
635 --- a/fs/btrfs/ioctl.c
636 +++ b/fs/btrfs/ioctl.c
637 @@ -2733,9 +2733,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
638 @@ -50682,7 +50681,7 @@ index 60b6ca5..bfa15a7 100644
639
640 /* locality groups */
641 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
642 -index 7b18563..4dc0cd9 100644
643 +index 9243103..750691a 100644
644 --- a/fs/ext4/mballoc.c
645 +++ b/fs/ext4/mballoc.c
646 @@ -1794,7 +1794,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
647 @@ -50694,7 +50693,7 @@ index 7b18563..4dc0cd9 100644
648
649 break;
650 }
651 -@@ -2088,7 +2088,7 @@ repeat:
652 +@@ -2092,7 +2092,7 @@ repeat:
653 ac->ac_status = AC_STATUS_CONTINUE;
654 ac->ac_flags |= EXT4_MB_HINT_FIRST;
655 cr = 3;
656 @@ -50703,7 +50702,7 @@ index 7b18563..4dc0cd9 100644
657 goto repeat;
658 }
659 }
660 -@@ -2595,25 +2595,25 @@ int ext4_mb_release(struct super_block *sb)
661 +@@ -2599,25 +2599,25 @@ int ext4_mb_release(struct super_block *sb)
662 if (sbi->s_mb_stats) {
663 ext4_msg(sb, KERN_INFO,
664 "mballoc: %u blocks %u reqs (%u success)",
665 @@ -50739,7 +50738,7 @@ index 7b18563..4dc0cd9 100644
666 }
667
668 free_percpu(sbi->s_locality_groups);
669 -@@ -3097,16 +3097,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
670 +@@ -3101,16 +3101,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
671 struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
672
673 if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
674 @@ -50762,7 +50761,7 @@ index 7b18563..4dc0cd9 100644
675 }
676
677 if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
678 -@@ -3510,7 +3510,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
679 +@@ -3514,7 +3514,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
680 trace_ext4_mb_new_inode_pa(ac, pa);
681
682 ext4_mb_use_inode_pa(ac, pa);
683 @@ -50771,7 +50770,7 @@ index 7b18563..4dc0cd9 100644
684
685 ei = EXT4_I(ac->ac_inode);
686 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
687 -@@ -3570,7 +3570,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
688 +@@ -3574,7 +3574,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
689 trace_ext4_mb_new_group_pa(ac, pa);
690
691 ext4_mb_use_group_pa(ac, pa);
692 @@ -50780,7 +50779,7 @@ index 7b18563..4dc0cd9 100644
693
694 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
695 lg = ac->ac_lg;
696 -@@ -3659,7 +3659,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
697 +@@ -3663,7 +3663,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
698 * from the bitmap and continue.
699 */
700 }
701 @@ -50789,7 +50788,7 @@ index 7b18563..4dc0cd9 100644
702
703 return err;
704 }
705 -@@ -3677,7 +3677,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
706 +@@ -3681,7 +3681,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
707 ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
708 BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
709 mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
710 @@ -50861,39 +50860,6 @@ index cc386b2..22725d2 100644
711
712 static int __init ext4_init_feat_adverts(void)
713 {
714 -diff --git a/fs/fat/inode.c b/fs/fat/inode.c
715 -index 808cac7..fc33ca1 100644
716 ---- a/fs/fat/inode.c
717 -+++ b/fs/fat/inode.c
718 -@@ -1238,6 +1238,19 @@ static int fat_read_root(struct inode *inode)
719 - return 0;
720 - }
721 -
722 -+static unsigned long calc_fat_clusters(struct super_block *sb)
723 -+{
724 -+ struct msdos_sb_info *sbi = MSDOS_SB(sb);
725 -+
726 -+ /* Divide first to avoid overflow */
727 -+ if (sbi->fat_bits != 12) {
728 -+ unsigned long ent_per_sec = sb->s_blocksize * 8 / sbi->fat_bits;
729 -+ return ent_per_sec * sbi->fat_length;
730 -+ }
731 -+
732 -+ return sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits;
733 -+}
734 -+
735 - /*
736 - * Read the super block of an MS-DOS FS.
737 - */
738 -@@ -1434,7 +1447,7 @@ int fat_fill_super(struct super_block *sb, void *data, int silent, int isvfat,
739 - sbi->fat_bits = (total_clusters > MAX_FAT12) ? 16 : 12;
740 -
741 - /* check that FAT table does not overflow */
742 -- fat_clusters = sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits;
743 -+ fat_clusters = calc_fat_clusters(sb);
744 - total_clusters = min(total_clusters, fat_clusters - FAT_START_ENT);
745 - if (total_clusters > MAX_FAT(sb)) {
746 - if (!silent)
747 diff --git a/fs/fat/namei_msdos.c b/fs/fat/namei_msdos.c
748 index 216b419..350a088 100644
749 --- a/fs/fat/namei_msdos.c
750 @@ -53723,10 +53689,10 @@ index 1943898..396c460 100644
751 -
752 #endif /* CONFIG_NFS_V4 */
753 diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
754 -index 08921b8..e60b7da 100644
755 +index e065497..258fa11 100644
756 --- a/fs/nfsd/nfs4proc.c
757 +++ b/fs/nfsd/nfs4proc.c
758 -@@ -1037,7 +1037,7 @@ struct nfsd4_operation {
759 +@@ -1048,7 +1048,7 @@ struct nfsd4_operation {
760 char *op_name;
761 /* Try to get response size before operation */
762 nfsd4op_rsize op_rsize_bop;
763 @@ -68269,12 +68235,12 @@ index 75f53f8..5c7972d 100644
764 unsigned int offset, size_t len);
765
766 diff --git a/include/linux/efi.h b/include/linux/efi.h
767 -index 8469f3f..41618bb 100644
768 +index 88c953d..48685de 100644
769 --- a/include/linux/efi.h
770 +++ b/include/linux/efi.h
771 -@@ -477,6 +477,7 @@ struct efivar_operations {
772 +@@ -486,6 +486,7 @@ struct efivar_operations {
773 efi_set_variable_t *set_variable;
774 - efi_query_variable_info_t *query_variable_info;
775 + efi_query_variable_store_t *query_variable_store;
776 };
777 +typedef struct efivar_operations __no_const efivar_operations_no_const;
778
779 @@ -71188,7 +71154,7 @@ index 29e217a..1dee1dd 100644
780
781 /**
782 diff --git a/include/linux/rculist.h b/include/linux/rculist.h
783 -index d079290..fa711cb 100644
784 +index 6f95e24..68fe817 100644
785 --- a/include/linux/rculist.h
786 +++ b/include/linux/rculist.h
787 @@ -39,6 +39,9 @@ static inline void __list_add_rcu(struct list_head *new,
788 @@ -73298,7 +73264,7 @@ index c2e542b..6ca975b 100644
789 extern __u32 secure_ipv6_id(const __be32 daddr[4]);
790 extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
791 diff --git a/include/net/sock.h b/include/net/sock.h
792 -index ddf523c..1f06685 100644
793 +index e6454b6..cda5eaf 100644
794 --- a/include/net/sock.h
795 +++ b/include/net/sock.h
796 @@ -278,7 +278,7 @@ struct sock {
797 @@ -73310,7 +73276,7 @@ index ddf523c..1f06685 100644
798 int sk_rcvbuf;
799
800 struct sk_filter __rcu *sk_filter;
801 -@@ -1404,7 +1404,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags)
802 +@@ -1416,7 +1416,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags)
803 }
804
805 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
806 @@ -73319,7 +73285,7 @@ index ddf523c..1f06685 100644
807 int copy, int offset)
808 {
809 if (skb->ip_summed == CHECKSUM_NONE) {
810 -@@ -1666,7 +1666,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
811 +@@ -1678,7 +1678,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
812 }
813 }
814
815 @@ -73329,7 +73295,7 @@ index ddf523c..1f06685 100644
816 static inline struct page *sk_stream_alloc_page(struct sock *sk)
817 {
818 diff --git a/include/net/tcp.h b/include/net/tcp.h
819 -index 0768715..3fedeb4 100644
820 +index fe46019..1422c5a 100644
821 --- a/include/net/tcp.h
822 +++ b/include/net/tcp.h
823 @@ -470,7 +470,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
824 @@ -75746,7 +75712,7 @@ index dc7bc08..4601964 100644
825
826 /* Don't allow clients that don't understand the native
827 diff --git a/kernel/kmod.c b/kernel/kmod.c
828 -index d6fe08a..fb66cab 100644
829 +index a16dac1..fb66cab 100644
830 --- a/kernel/kmod.c
831 +++ b/kernel/kmod.c
832 @@ -64,7 +64,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
833 @@ -75874,19 +75840,7 @@ index d6fe08a..fb66cab 100644
834
835 /*
836 * If ret is 0, either ____call_usermodehelper failed and the
837 -@@ -467,6 +520,11 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info,
838 - int retval = 0;
839 -
840 - helper_lock();
841 -+ if (!sub_info->path) {
842 -+ retval = -EINVAL;
843 -+ goto out;
844 -+ }
845 -+
846 - if (sub_info->path[0] == '\0')
847 - goto out;
848 -
849 -@@ -507,7 +565,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
850 +@@ -512,7 +565,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec);
851 static int proc_cap_handler(struct ctl_table *table, int write,
852 void __user *buffer, size_t *lenp, loff_t *ppos)
853 {
854 @@ -78060,7 +78014,7 @@ index 3d9f31c..7fefc9e 100644
855
856 default:
857 diff --git a/kernel/sched.c b/kernel/sched.c
858 -index d08c9f4..9a9af37 100644
859 +index d93369a..700af59 100644
860 --- a/kernel/sched.c
861 +++ b/kernel/sched.c
862 @@ -5046,7 +5046,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible);
863 @@ -78148,7 +78102,7 @@ index d08c9f4..9a9af37 100644
864
865 /*
866 * In the intermediate directories, both the child directory and
867 -@@ -6661,19 +6665,22 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
868 +@@ -6661,22 +6665,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
869 * will always be set. In the lowest directory the names are
870 * static strings and all have proc handlers.
871 */
872 @@ -78171,13 +78125,16 @@ index d08c9f4..9a9af37 100644
873 + kfree(tablep);
874 }
875
876 + static int min_load_idx = 0;
877 + static int max_load_idx = CPU_LOAD_IDX_MAX-1;
878 +
879 static void
880 -set_table_entry(struct ctl_table *entry,
881 +set_table_entry(ctl_table_no_const *entry,
882 const char *procname, void *data, int maxlen,
883 - mode_t mode, proc_handler *proc_handler)
884 - {
885 -@@ -6687,7 +6694,7 @@ set_table_entry(struct ctl_table *entry,
886 + mode_t mode, proc_handler *proc_handler,
887 + bool load_idx)
888 +@@ -6696,7 +6703,7 @@ set_table_entry(struct ctl_table *entry,
889 static struct ctl_table *
890 sd_alloc_ctl_domain_table(struct sched_domain *sd)
891 {
892 @@ -78186,7 +78143,7 @@ index d08c9f4..9a9af37 100644
893
894 if (table == NULL)
895 return NULL;
896 -@@ -6722,9 +6729,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
897 +@@ -6731,9 +6738,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
898 return table;
899 }
900
901 @@ -78198,7 +78155,7 @@ index d08c9f4..9a9af37 100644
902 struct sched_domain *sd;
903 int domain_num = 0, i;
904 char buf[32];
905 -@@ -6751,11 +6758,13 @@ static struct ctl_table_header *sd_sysctl_header;
906 +@@ -6760,11 +6767,13 @@ static struct ctl_table_header *sd_sysctl_header;
907 static void register_sched_domain_sysctl(void)
908 {
909 int i, cpu_num = num_possible_cpus();
910 @@ -78213,7 +78170,7 @@ index d08c9f4..9a9af37 100644
911
912 if (entry == NULL)
913 return;
914 -@@ -6778,8 +6787,12 @@ static void unregister_sched_domain_sysctl(void)
915 +@@ -6787,8 +6796,12 @@ static void unregister_sched_domain_sysctl(void)
916 if (sd_sysctl_header)
917 unregister_sysctl_table(sd_sysctl_header);
918 sd_sysctl_header = NULL;
919 @@ -78228,7 +78185,7 @@ index d08c9f4..9a9af37 100644
920 }
921 #else
922 static void register_sched_domain_sysctl(void)
923 -@@ -6877,7 +6890,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
924 +@@ -6886,7 +6899,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
925 * happens before everything else. This has to be lower priority than
926 * the notifier in the perf_event subsystem, though.
927 */
928 @@ -79321,7 +79278,7 @@ index 0b537f2..40d6c20 100644
929 return -ENOMEM;
930 return 0;
931 diff --git a/kernel/timer.c b/kernel/timer.c
932 -index c219db6..894cecb 100644
933 +index f2f71d7..dd26ca7 100644
934 --- a/kernel/timer.c
935 +++ b/kernel/timer.c
936 @@ -1306,7 +1306,7 @@ void update_process_times(int user_tick)
937 @@ -80742,7 +80699,7 @@ index 2a07f97..2cdc054 100644
938 set_page_address(page, (void *)vaddr);
939
940 diff --git a/mm/huge_memory.c b/mm/huge_memory.c
941 -index 470cbb4..9fd73bc 100644
942 +index d80ac4b..9fd73bc 100644
943 --- a/mm/huge_memory.c
944 +++ b/mm/huge_memory.c
945 @@ -704,7 +704,7 @@ out:
946 @@ -80754,20 +80711,6 @@ index 470cbb4..9fd73bc 100644
947 return VM_FAULT_OOM;
948 /* if an huge pmd materialized from under us just retry later */
949 if (unlikely(pmd_trans_huge(*pmd)))
950 -@@ -1937,7 +1937,12 @@ static void collapse_huge_page(struct mm_struct *mm,
951 - pte_unmap(pte);
952 - spin_lock(&mm->page_table_lock);
953 - BUG_ON(!pmd_none(*pmd));
954 -- set_pmd_at(mm, address, pmd, _pmd);
955 -+ /*
956 -+ * We can only use set_pmd_at when establishing
957 -+ * hugepmds and never for establishing regular pmds that
958 -+ * points to regular pagetables. Use pmd_populate for that
959 -+ */
960 -+ pmd_populate(mm, pmd, pmd_pgtable(_pmd));
961 - spin_unlock(&mm->page_table_lock);
962 - anon_vma_unlock(vma->anon_vma);
963 - goto out;
964 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
965 index 70b4733..ab692a7 100644
966 --- a/mm/hugetlb.c
967 @@ -81917,7 +81860,7 @@ index 4d1e637..9e0a005 100644
968 err = -EPERM;
969 goto out;
970 diff --git a/mm/migrate.c b/mm/migrate.c
971 -index 180d97f..c75ef28 100644
972 +index e1052d1..61c9e50 100644
973 --- a/mm/migrate.c
974 +++ b/mm/migrate.c
975 @@ -1376,6 +1376,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
976 @@ -81946,7 +81889,7 @@ index 180d97f..c75ef28 100644
977 err = -EPERM;
978 goto out;
979 diff --git a/mm/mlock.c b/mm/mlock.c
980 -index 4f4f53b..de8e432 100644
981 +index 4f4f53b..02d443a 100644
982 --- a/mm/mlock.c
983 +++ b/mm/mlock.c
984 @@ -13,6 +13,7 @@
985 @@ -81996,7 +81939,7 @@ index 4f4f53b..de8e432 100644
986 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
987 error = do_mlock(start, len, 1);
988 up_write(&current->mm->mmap_sem);
989 -@@ -523,17 +533,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
990 +@@ -523,17 +533,22 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
991 static int do_mlockall(int flags)
992 {
993 struct vm_area_struct * vma, * prev = NULL;
994 @@ -82019,11 +81962,10 @@ index 4f4f53b..de8e432 100644
995 + break;
996 +#endif
997 +
998 -+ BUG_ON(vma->vm_end > TASK_SIZE);
999 newflags = vma->vm_flags | VM_LOCKED;
1000 if (!(flags & MCL_CURRENT))
1001 newflags &= ~VM_LOCKED;
1002 -@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
1003 +@@ -566,6 +581,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
1004 lock_limit >>= PAGE_SHIFT;
1005
1006 ret = -ENOMEM;
1007 @@ -86845,7 +86787,7 @@ index 925991a..209a505 100644
1008 #ifdef CONFIG_INET
1009 static u32 seq_scale(u32 seq)
1010 diff --git a/net/core/sock.c b/net/core/sock.c
1011 -index 2c73adf..d7698ef 100644
1012 +index 8a2c2dd..3ba3cf1 100644
1013 --- a/net/core/sock.c
1014 +++ b/net/core/sock.c
1015 @@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
1016 @@ -86958,7 +86900,7 @@ index 2c73adf..d7698ef 100644
1017 return -EFAULT;
1018 lenout:
1019 if (put_user(len, optlen))
1020 -@@ -2039,7 +2039,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1021 +@@ -2027,7 +2027,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1022 */
1023 smp_wmb();
1024 atomic_set(&sk->sk_refcnt, 1);
1025 @@ -86967,7 +86909,7 @@ index 2c73adf..d7698ef 100644
1026 }
1027 EXPORT_SYMBOL(sock_init_data);
1028
1029 -@@ -2576,7 +2576,7 @@ static __net_exit void proto_exit_net(struct net *net)
1030 +@@ -2564,7 +2564,7 @@ static __net_exit void proto_exit_net(struct net *net)
1031 }
1032
1033
1034 @@ -88670,7 +88612,7 @@ index 166a57c..dc4e6b8 100644
1035 struct ctl_table *ipv6_icmp_table;
1036 int err;
1037 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
1038 -index db10805..42998ba 100644
1039 +index c69358c..d1e5855 100644
1040 --- a/net/ipv6/tcp_ipv6.c
1041 +++ b/net/ipv6/tcp_ipv6.c
1042 @@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
1043 @@ -88773,7 +88715,7 @@ index db10805..42998ba 100644
1044
1045 static int tcp6_seq_show(struct seq_file *seq, void *v)
1046 diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
1047 -index 8c25419..47a51ae 100644
1048 +index 20f0812..7d4ede1 100644
1049 --- a/net/ipv6/udp.c
1050 +++ b/net/ipv6/udp.c
1051 @@ -50,6 +50,10 @@
1052 @@ -89845,10 +89787,10 @@ index 3df7c5a..8f324b0 100644
1053 *uaddr_len = sizeof(struct sockaddr_ax25);
1054 }
1055 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
1056 -index 835fcea..d9fb2db 100644
1057 +index 5a70215..379f8ee 100644
1058 --- a/net/packet/af_packet.c
1059 +++ b/net/packet/af_packet.c
1060 -@@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1061 +@@ -1670,7 +1670,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1062
1063 spin_lock(&sk->sk_receive_queue.lock);
1064 po->stats.tp_packets++;
1065 @@ -89857,7 +89799,7 @@ index 835fcea..d9fb2db 100644
1066 __skb_queue_tail(&sk->sk_receive_queue, skb);
1067 spin_unlock(&sk->sk_receive_queue.lock);
1068 sk->sk_data_ready(sk, skb->len);
1069 -@@ -1693,7 +1693,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1070 +@@ -1679,7 +1679,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1071 drop_n_acct:
1072 spin_lock(&sk->sk_receive_queue.lock);
1073 po->stats.tp_drops++;
1074 @@ -89866,7 +89808,7 @@ index 835fcea..d9fb2db 100644
1075 spin_unlock(&sk->sk_receive_queue.lock);
1076
1077 drop_n_restore:
1078 -@@ -2623,6 +2623,7 @@ out:
1079 +@@ -2609,6 +2609,7 @@ out:
1080
1081 static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
1082 {
1083 @@ -89874,7 +89816,7 @@ index 835fcea..d9fb2db 100644
1084 struct sock_exterr_skb *serr;
1085 struct sk_buff *skb, *skb2;
1086 int copied, err;
1087 -@@ -2644,8 +2645,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
1088 +@@ -2630,8 +2631,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
1089 sock_recv_timestamp(msg, sk, skb);
1090
1091 serr = SKB_EXT_ERR(skb);
1092 @@ -89885,7 +89827,7 @@ index 835fcea..d9fb2db 100644
1093
1094 msg->msg_flags |= MSG_ERRQUEUE;
1095 err = copied;
1096 -@@ -3276,7 +3278,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1097 +@@ -3262,7 +3264,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1098 case PACKET_HDRLEN:
1099 if (len > sizeof(int))
1100 len = sizeof(int);
1101 @@ -89894,7 +89836,7 @@ index 835fcea..d9fb2db 100644
1102 return -EFAULT;
1103 switch (val) {
1104 case TPACKET_V1:
1105 -@@ -3326,7 +3328,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1106 +@@ -3312,7 +3314,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1107
1108 if (put_user(len, optlen))
1109 return -EFAULT;
1110 @@ -91030,7 +90972,7 @@ index bfddd68..567429b 100644
1111 -/* Make 'mount -t rpc_pipefs ...' autoload this module. */
1112 -MODULE_ALIAS("rpc_pipefs");
1113 diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
1114 -index dc6af27..e3fba77 100644
1115 +index 206c61e..e3641fb 100644
1116 --- a/net/sunrpc/sched.c
1117 +++ b/net/sunrpc/sched.c
1118 @@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word)
1119
1120 diff --git a/3.9.4/0000_README b/3.9.4/0000_README
1121 index 236a360..1cbe9a3 100644
1122 --- a/3.9.4/0000_README
1123 +++ b/3.9.4/0000_README
1124 @@ -2,7 +2,7 @@ README
1125 -----------------------------------------------------------------------------
1126 Individual Patch Descriptions:
1127 -----------------------------------------------------------------------------
1128 -Patch: 4420_grsecurity-2.9.1-3.9.4-201305301927.patch
1129 +Patch: 4420_grsecurity-2.9.1-3.9.4-201306011536.patch
1130 From: http://www.grsecurity.net
1131 Desc: hardened-sources base patch from upstream grsecurity
1132
1133
1134 diff --git a/3.9.4/4420_grsecurity-2.9.1-3.9.4-201305301927.patch b/3.9.4/4420_grsecurity-2.9.1-3.9.4-201306011536.patch
1135 similarity index 99%
1136 rename from 3.9.4/4420_grsecurity-2.9.1-3.9.4-201305301927.patch
1137 rename to 3.9.4/4420_grsecurity-2.9.1-3.9.4-201306011536.patch
1138 index 06e925c..9a1a55c 100644
1139 --- a/3.9.4/4420_grsecurity-2.9.1-3.9.4-201305301927.patch
1140 +++ b/3.9.4/4420_grsecurity-2.9.1-3.9.4-201306011536.patch
1141 @@ -42751,6 +42751,48 @@ index adbe5a8..d387359 100644
1142 extern void tmem_register_hostops(struct tmem_hostops *m);
1143
1144 /* core tmem accessor functions */
1145 +diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c
1146 +index ca2be40..93ae910 100644
1147 +--- a/drivers/target/iscsi/iscsi_target_parameters.c
1148 ++++ b/drivers/target/iscsi/iscsi_target_parameters.c
1149 +@@ -712,9 +712,9 @@ static int iscsi_add_notunderstood_response(
1150 + }
1151 + INIT_LIST_HEAD(&extra_response->er_list);
1152 +
1153 +- strncpy(extra_response->key, key, strlen(key) + 1);
1154 +- strncpy(extra_response->value, NOTUNDERSTOOD,
1155 +- strlen(NOTUNDERSTOOD) + 1);
1156 ++ strlcpy(extra_response->key, key, sizeof(extra_response->key));
1157 ++ strlcpy(extra_response->value, NOTUNDERSTOOD,
1158 ++ sizeof(extra_response->value));
1159 +
1160 + list_add_tail(&extra_response->er_list,
1161 + &param_list->extra_response_list);
1162 +@@ -1583,8 +1583,6 @@ int iscsi_decode_text_input(
1163 +
1164 + if (phase & PHASE_SECURITY) {
1165 + if (iscsi_check_for_auth_key(key) > 0) {
1166 +- char *tmpptr = key + strlen(key);
1167 +- *tmpptr = '=';
1168 + kfree(tmpbuf);
1169 + return 1;
1170 + }
1171 +diff --git a/drivers/target/iscsi/iscsi_target_parameters.h b/drivers/target/iscsi/iscsi_target_parameters.h
1172 +index 1e1b750..2c536a0 100644
1173 +--- a/drivers/target/iscsi/iscsi_target_parameters.h
1174 ++++ b/drivers/target/iscsi/iscsi_target_parameters.h
1175 +@@ -1,8 +1,10 @@
1176 + #ifndef ISCSI_PARAMETERS_H
1177 + #define ISCSI_PARAMETERS_H
1178 +
1179 ++#include <scsi/iscsi_proto.h>
1180 ++
1181 + struct iscsi_extra_response {
1182 +- char key[64];
1183 ++ char key[KEY_MAXLEN];
1184 + char value[32];
1185 + struct list_head er_list;
1186 + } ____cacheline_aligned;
1187 diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
1188 index 2e4d655..fd72e68 100644
1189 --- a/drivers/target/target_core_device.c
1190 @@ -44036,7 +44078,7 @@ index c8b9262..7e824e6 100644
1191 ret = uio_get_minor(idev);
1192 if (ret)
1193 diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
1194 -index b7eb86a..36d28af 100644
1195 +index b7eb86a..c00402f 100644
1196 --- a/drivers/usb/atm/cxacru.c
1197 +++ b/drivers/usb/atm/cxacru.c
1198 @@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev,
1199 @@ -44048,6 +44090,16 @@ index b7eb86a..36d28af 100644
1200 return -EINVAL;
1201 pos += tmp;
1202
1203 +@@ -686,7 +686,8 @@ static int cxacru_cm_get_array(struct cxacru_data *instance, enum cxacru_cm_requ
1204 + {
1205 + int ret, len;
1206 + __le32 *buf;
1207 +- int offb, offd;
1208 ++ int offb;
1209 ++ unsigned int offd;
1210 + const int stride = CMD_PACKET_SIZE / (4 * 2) - 1;
1211 + int buflen = ((size - 1) / stride + 1 + size * 2) * 4;
1212 +
1213 diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
1214 index 35f10bf..6a38a0b 100644
1215 --- a/drivers/usb/atm/usbatm.c
1216 @@ -81515,7 +81567,7 @@ index 3bbaf5d..299b0e9 100644
1217 err = -EPERM;
1218 goto out;
1219 diff --git a/mm/mlock.c b/mm/mlock.c
1220 -index 79b7cf7..c60424f 100644
1221 +index 79b7cf7..9944291 100644
1222 --- a/mm/mlock.c
1223 +++ b/mm/mlock.c
1224 @@ -13,6 +13,7 @@
1225 @@ -81565,7 +81617,7 @@ index 79b7cf7..c60424f 100644
1226 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
1227 error = do_mlock(start, len, 1);
1228 up_write(&current->mm->mmap_sem);
1229 -@@ -500,6 +510,12 @@ static int do_mlockall(int flags)
1230 +@@ -500,6 +510,11 @@ static int do_mlockall(int flags)
1231 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
1232 vm_flags_t newflags;
1233
1234 @@ -81574,11 +81626,10 @@ index 79b7cf7..c60424f 100644
1235 + break;
1236 +#endif
1237 +
1238 -+ BUG_ON(vma->vm_end > TASK_SIZE);
1239 newflags = vma->vm_flags & ~VM_LOCKED;
1240 if (flags & MCL_CURRENT)
1241 newflags |= VM_LOCKED;
1242 -@@ -532,6 +548,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
1243 +@@ -532,6 +547,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
1244 lock_limit >>= PAGE_SHIFT;
1245
1246 ret = -ENOMEM;