Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: scripts/, 3.2.22/, 2.6.32/, 3.2.21/, 3.4.4/
Date: Sun, 08 Jul 2012 14:07:07
Message-Id: 1341756385.6945acd26a70cab18361185055af47ca9257acd4.blueness@gentoo
1 commit: 6945acd26a70cab18361185055af47ca9257acd4
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 8 14:06:25 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 8 14:06:25 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=6945acd2
7
8 Grsec/PaX: 2.9-{2.6.32.59,3.2.22,3.4.4}-201207080925
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.59-201207080923.patch} | 2189 +++++++++++++++++---
13 {3.2.21 => 3.2.22}/0000_README | 2 +-
14 ...4420_grsecurity-2.9.1-3.2.22-201207080924.patch | 1063 ++++++----
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 {3.2.21 => 3.2.22}/4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4445_grsec-pax-without-grsec.patch | 0
19 .../4450_grsec-kconfig-default-gids.patch | 0
20 {3.2.21 => 3.2.22}/4455_grsec-kconfig-gentoo.patch | 0
21 .../4460-grsec-kconfig-proc-user.patch | 0
22 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
23 {3.2.21 => 3.2.22}/4470_disable-compat_vdso.patch | 0
24 3.4.4/0000_README | 2 +-
25 ...4420_grsecurity-2.9.1-3.4.4-201207080925.patch} | 101 +-
26 scripts/just_fetch.pl | 4 +-
27 16 files changed, 2637 insertions(+), 726 deletions(-)
28
29 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
30 index 8f54317..2011830 100644
31 --- a/2.6.32/0000_README
32 +++ b/2.6.32/0000_README
33 @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
34 From: http://www.kernel.org
35 Desc: Linux 2.6.32.59
36
37 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch
38 +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch
39 From: http://www.grsecurity.net
40 Desc: hardened-sources base patch from upstream grsecurity
41
42
43 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch
44 similarity index 98%
45 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch
46 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch
47 index 8602df6..2ebb2bb 100644
48 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch
49 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch
50 @@ -185,10 +185,22 @@ index e1efc40..e7a5667 100644
51 zconf.hash.c
52 +zoffset.h
53 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
54 -index c840e7d..f4c451c 100644
55 +index c840e7d..ad11cac 100644
56 --- a/Documentation/kernel-parameters.txt
57 +++ b/Documentation/kernel-parameters.txt
58 -@@ -1837,6 +1837,13 @@ and is between 256 and 4096 characters. It is defined in the file
59 +@@ -1725,6 +1725,11 @@ and is between 256 and 4096 characters. It is defined in the file
60 +
61 + noresidual [PPC] Don't use residual data on PReP machines.
62 +
63 ++ nordrand [X86] Disable the direct use of the RDRAND
64 ++ instruction even if it is supported by the
65 ++ processor. RDRAND is still available to user
66 ++ space applications.
67 ++
68 + noresume [SWSUSP] Disables resume and restores original swap
69 + space.
70 +
71 +@@ -1837,6 +1842,13 @@ and is between 256 and 4096 characters. It is defined in the file
72 the specified number of seconds. This is to be used if
73 your oopses keep scrolling off the screen.
74
75 @@ -8557,7 +8569,7 @@ index d1b93c4..ae1b7fd 100644
76 void default_idle(void);
77
78 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
79 -index 73ae02a..f932de5 100644
80 +index 73ae02a..1468e63 100644
81 --- a/arch/x86/Kconfig
82 +++ b/arch/x86/Kconfig
83 @@ -223,7 +223,7 @@ config X86_TRAMPOLINE
84 @@ -8596,7 +8608,23 @@ index 73ae02a..f932de5 100644
85 default 0x40000000 if VMSPLIT_1G
86 default 0xC0000000
87 depends on X86_32
88 -@@ -1460,6 +1460,7 @@ config SECCOMP
89 +@@ -1428,6 +1428,15 @@ config ARCH_USES_PG_UNCACHED
90 + def_bool y
91 + depends on X86_PAT
92 +
93 ++config ARCH_RANDOM
94 ++ def_bool y
95 ++ prompt "x86 architectural random number generator" if EXPERT
96 ++ ---help---
97 ++ Enable the x86 architectural RDRAND instruction
98 ++ (Intel Bull Mountain technology) to generate random numbers.
99 ++ If supported, this is a high bandwidth, cryptographically
100 ++ secure hardware random number generator.
101 ++
102 + config EFI
103 + bool "EFI runtime service support"
104 + depends on ACPI
105 +@@ -1460,6 +1469,7 @@ config SECCOMP
106
107 config CC_STACKPROTECTOR
108 bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
109 @@ -8604,7 +8632,7 @@ index 73ae02a..f932de5 100644
110 ---help---
111 This option turns on the -fstack-protector GCC feature. This
112 feature puts, at the beginning of functions, a canary value on
113 -@@ -1517,6 +1518,7 @@ config KEXEC_JUMP
114 +@@ -1517,6 +1527,7 @@ config KEXEC_JUMP
115 config PHYSICAL_START
116 hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
117 default "0x1000000"
118 @@ -8612,7 +8640,7 @@ index 73ae02a..f932de5 100644
119 ---help---
120 This gives the physical address where the kernel is loaded.
121
122 -@@ -1581,6 +1583,7 @@ config PHYSICAL_ALIGN
123 +@@ -1581,6 +1592,7 @@ config PHYSICAL_ALIGN
124 hex
125 prompt "Alignment value to which kernel should be aligned" if X86_32
126 default "0x1000000"
127 @@ -8620,7 +8648,7 @@ index 73ae02a..f932de5 100644
128 range 0x2000 0x1000000
129 ---help---
130 This value puts the alignment restrictions on physical address
131 -@@ -1612,9 +1615,10 @@ config HOTPLUG_CPU
132 +@@ -1612,9 +1624,10 @@ config HOTPLUG_CPU
133 Say N if you want to disable CPU hotplug.
134
135 config COMPAT_VDSO
136 @@ -8806,7 +8834,7 @@ index f543b70..b60fba8 100644
137 jmp 1b
138 2:
139 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
140 -index 077e1b6..2c6b13b 100644
141 +index 077e1b6..2c6b13b5 100644
142 --- a/arch/x86/boot/compressed/head_64.S
143 +++ b/arch/x86/boot/compressed/head_64.S
144 @@ -91,7 +91,7 @@ ENTRY(startup_32)
145 @@ -10067,6 +10095,87 @@ index 20370c6..a2eb9b0 100644
146 "setc %%bl\n\t"
147 "popl %%ebp\n\t"
148 "popl %%edi\n\t"
149 +diff --git a/arch/x86/include/asm/archrandom.h b/arch/x86/include/asm/archrandom.h
150 +new file mode 100644
151 +index 0000000..0d9ec77
152 +--- /dev/null
153 ++++ b/arch/x86/include/asm/archrandom.h
154 +@@ -0,0 +1,75 @@
155 ++/*
156 ++ * This file is part of the Linux kernel.
157 ++ *
158 ++ * Copyright (c) 2011, Intel Corporation
159 ++ * Authors: Fenghua Yu <fenghua.yu@×××××.com>,
160 ++ * H. Peter Anvin <hpa@×××××××××××.com>
161 ++ *
162 ++ * This program is free software; you can redistribute it and/or modify it
163 ++ * under the terms and conditions of the GNU General Public License,
164 ++ * version 2, as published by the Free Software Foundation.
165 ++ *
166 ++ * This program is distributed in the hope it will be useful, but WITHOUT
167 ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
168 ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
169 ++ * more details.
170 ++ *
171 ++ * You should have received a copy of the GNU General Public License along with
172 ++ * this program; if not, write to the Free Software Foundation, Inc.,
173 ++ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
174 ++ *
175 ++ */
176 ++
177 ++#ifndef ASM_X86_ARCHRANDOM_H
178 ++#define ASM_X86_ARCHRANDOM_H
179 ++
180 ++#include <asm/processor.h>
181 ++#include <asm/cpufeature.h>
182 ++#include <asm/alternative.h>
183 ++#include <asm/nops.h>
184 ++
185 ++#define RDRAND_RETRY_LOOPS 10
186 ++
187 ++#define RDRAND_INT ".byte 0x0f,0xc7,0xf0"
188 ++#ifdef CONFIG_X86_64
189 ++# define RDRAND_LONG ".byte 0x48,0x0f,0xc7,0xf0"
190 ++#else
191 ++# define RDRAND_LONG RDRAND_INT
192 ++#endif
193 ++
194 ++#ifdef CONFIG_ARCH_RANDOM
195 ++
196 ++#define GET_RANDOM(name, type, rdrand, nop) \
197 ++static inline int name(type *v) \
198 ++{ \
199 ++ int ok; \
200 ++ alternative_io("movl $0, %0\n\t" \
201 ++ nop, \
202 ++ "\n1: " rdrand "\n\t" \
203 ++ "jc 2f\n\t" \
204 ++ "decl %0\n\t" \
205 ++ "jnz 1b\n\t" \
206 ++ "2:", \
207 ++ X86_FEATURE_RDRAND, \
208 ++ ASM_OUTPUT2("=r" (ok), "=a" (*v)), \
209 ++ "0" (RDRAND_RETRY_LOOPS)); \
210 ++ return ok; \
211 ++}
212 ++
213 ++#ifdef CONFIG_X86_64
214 ++
215 ++GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP5);
216 ++GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP4);
217 ++
218 ++#else
219 ++
220 ++GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP3);
221 ++GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP3);
222 ++
223 ++#endif /* CONFIG_X86_64 */
224 ++
225 ++#endif /* CONFIG_ARCH_RANDOM */
226 ++
227 ++extern void x86_init_rdrand(struct cpuinfo_x86 *c);
228 ++
229 ++#endif /* ASM_X86_ARCHRANDOM_H */
230 diff --git a/arch/x86/include/asm/atomic_32.h b/arch/x86/include/asm/atomic_32.h
231 index dc5a667..939040c 100644
232 --- a/arch/x86/include/asm/atomic_32.h
233 @@ -11428,6 +11537,18 @@ index 46fc474..b02b0f9 100644
234 len, sum, NULL, err_ptr);
235
236 if (len)
237 +diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
238 +index 1efb1fa..9e2957c 100644
239 +--- a/arch/x86/include/asm/cpufeature.h
240 ++++ b/arch/x86/include/asm/cpufeature.h
241 +@@ -124,6 +124,7 @@
242 + #define X86_FEATURE_XSAVE (4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */
243 + #define X86_FEATURE_OSXSAVE (4*32+27) /* "" XSAVE enabled in the OS */
244 + #define X86_FEATURE_AVX (4*32+28) /* Advanced Vector Extensions */
245 ++#define X86_FEATURE_RDRAND (4*32+30) /* The RDRAND instruction */
246 + #define X86_FEATURE_HYPERVISOR (4*32+31) /* Running on a hypervisor */
247 +
248 + /* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */
249 diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
250 index 617bd56..7b047a1 100644
251 --- a/arch/x86/include/asm/desc.h
252 @@ -15476,10 +15597,10 @@ index 4a6aeed..371de20 100644
253 BLANK();
254 OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
255 diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
256 -index ff502cc..dc5133e 100644
257 +index ff502cc..a7cb6c6 100644
258 --- a/arch/x86/kernel/cpu/Makefile
259 +++ b/arch/x86/kernel/cpu/Makefile
260 -@@ -7,10 +7,6 @@ ifdef CONFIG_FUNCTION_TRACER
261 +@@ -7,13 +7,10 @@ ifdef CONFIG_FUNCTION_TRACER
262 CFLAGS_REMOVE_common.o = -pg
263 endif
264
265 @@ -15490,6 +15611,10 @@ index ff502cc..dc5133e 100644
266 obj-y := intel_cacheinfo.o addon_cpuid_features.o
267 obj-y += proc.o capflags.o powerflags.o common.o
268 obj-y += vmware.o hypervisor.o sched.o
269 ++obj-y += rdrand.o
270 +
271 + obj-$(CONFIG_X86_32) += bugs.o cmpxchg.o
272 + obj-$(CONFIG_X86_64) += bugs_64.o
273 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
274 index 6e082dc..a0b5f36 100644
275 --- a/arch/x86/kernel/cpu/amd.c
276 @@ -15504,10 +15629,18 @@ index 6e082dc..a0b5f36 100644
277 if (c->x86_model == 3 && c->x86_mask == 0)
278 size = 64;
279 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
280 -index 4e34d10..ba6bc97 100644
281 +index 4e34d10..1a4b0af 100644
282 --- a/arch/x86/kernel/cpu/common.c
283 +++ b/arch/x86/kernel/cpu/common.c
284 -@@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
285 +@@ -15,6 +15,7 @@
286 + #include <asm/stackprotector.h>
287 + #include <asm/perf_event.h>
288 + #include <asm/mmu_context.h>
289 ++#include <asm/archrandom.h>
290 + #include <asm/hypervisor.h>
291 + #include <asm/processor.h>
292 + #include <asm/sections.h>
293 +@@ -83,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
294
295 static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
296
297 @@ -15568,7 +15701,7 @@ index 4e34d10..ba6bc97 100644
298 static int __init x86_xsave_setup(char *s)
299 {
300 setup_clear_cpu_cap(X86_FEATURE_XSAVE);
301 -@@ -344,7 +290,7 @@ void switch_to_new_gdt(int cpu)
302 +@@ -344,7 +291,7 @@ void switch_to_new_gdt(int cpu)
303 {
304 struct desc_ptr gdt_descr;
305
306 @@ -15577,7 +15710,7 @@ index 4e34d10..ba6bc97 100644
307 gdt_descr.size = GDT_SIZE - 1;
308 load_gdt(&gdt_descr);
309 /* Reload the per-cpu base */
310 -@@ -798,6 +744,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
311 +@@ -798,6 +745,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
312 /* Filter out anything that depends on CPUID levels we don't have */
313 filter_cpuid_features(c, true);
314
315 @@ -15588,7 +15721,15 @@ index 4e34d10..ba6bc97 100644
316 /* If the model name is still unset, do table lookup. */
317 if (!c->x86_model_id[0]) {
318 const char *p;
319 -@@ -980,6 +930,9 @@ static __init int setup_disablecpuid(char *arg)
320 +@@ -815,6 +766,7 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
321 + #endif
322 +
323 + init_hypervisor(c);
324 ++ x86_init_rdrand(c);
325 +
326 + /*
327 + * Clear/Set all flags overriden by options, need do it
328 +@@ -980,6 +932,9 @@ static __init int setup_disablecpuid(char *arg)
329 }
330 __setup("clearcpuid=", setup_disablecpuid);
331
332 @@ -15598,7 +15739,7 @@ index 4e34d10..ba6bc97 100644
333 #ifdef CONFIG_X86_64
334 struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table };
335
336 -@@ -995,7 +948,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
337 +@@ -995,7 +950,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
338 EXPORT_PER_CPU_SYMBOL(current_task);
339
340 DEFINE_PER_CPU(unsigned long, kernel_stack) =
341 @@ -15607,7 +15748,7 @@ index 4e34d10..ba6bc97 100644
342 EXPORT_PER_CPU_SYMBOL(kernel_stack);
343
344 DEFINE_PER_CPU(char *, irq_stack_ptr) =
345 -@@ -1060,7 +1013,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
346 +@@ -1060,7 +1015,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
347 {
348 memset(regs, 0, sizeof(struct pt_regs));
349 regs->fs = __KERNEL_PERCPU;
350 @@ -15616,7 +15757,7 @@ index 4e34d10..ba6bc97 100644
351
352 return regs;
353 }
354 -@@ -1101,7 +1054,7 @@ void __cpuinit cpu_init(void)
355 +@@ -1101,7 +1056,7 @@ void __cpuinit cpu_init(void)
356 int i;
357
358 cpu = stack_smp_processor_id();
359 @@ -15625,7 +15766,7 @@ index 4e34d10..ba6bc97 100644
360 orig_ist = &per_cpu(orig_ist, cpu);
361
362 #ifdef CONFIG_NUMA
363 -@@ -1127,7 +1080,7 @@ void __cpuinit cpu_init(void)
364 +@@ -1127,7 +1082,7 @@ void __cpuinit cpu_init(void)
365 switch_to_new_gdt(cpu);
366 loadsegment(fs, 0);
367
368 @@ -15634,7 +15775,7 @@ index 4e34d10..ba6bc97 100644
369
370 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
371 syscall_init();
372 -@@ -1136,7 +1089,6 @@ void __cpuinit cpu_init(void)
373 +@@ -1136,7 +1091,6 @@ void __cpuinit cpu_init(void)
374 wrmsrl(MSR_KERNEL_GS_BASE, 0);
375 barrier();
376
377 @@ -15642,7 +15783,7 @@ index 4e34d10..ba6bc97 100644
378 if (cpu != 0)
379 enable_x2apic();
380
381 -@@ -1199,7 +1151,7 @@ void __cpuinit cpu_init(void)
382 +@@ -1199,7 +1153,7 @@ void __cpuinit cpu_init(void)
383 {
384 int cpu = smp_processor_id();
385 struct task_struct *curr = current;
386 @@ -16062,6 +16203,85 @@ index 898df97..9e82503 100644
387 static struct wd_ops intel_arch_wd_ops __read_mostly = {
388 .reserve = single_msr_reserve,
389 .unreserve = single_msr_unreserve,
390 +diff --git a/arch/x86/kernel/cpu/rdrand.c b/arch/x86/kernel/cpu/rdrand.c
391 +new file mode 100644
392 +index 0000000..feca286
393 +--- /dev/null
394 ++++ b/arch/x86/kernel/cpu/rdrand.c
395 +@@ -0,0 +1,73 @@
396 ++/*
397 ++ * This file is part of the Linux kernel.
398 ++ *
399 ++ * Copyright (c) 2011, Intel Corporation
400 ++ * Authors: Fenghua Yu <fenghua.yu@×××××.com>,
401 ++ * H. Peter Anvin <hpa@×××××××××××.com>
402 ++ *
403 ++ * This program is free software; you can redistribute it and/or modify it
404 ++ * under the terms and conditions of the GNU General Public License,
405 ++ * version 2, as published by the Free Software Foundation.
406 ++ *
407 ++ * This program is distributed in the hope it will be useful, but WITHOUT
408 ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
409 ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
410 ++ * more details.
411 ++ *
412 ++ * You should have received a copy of the GNU General Public License along with
413 ++ * this program; if not, write to the Free Software Foundation, Inc.,
414 ++ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
415 ++ *
416 ++ */
417 ++
418 ++#include <asm/processor.h>
419 ++#include <asm/archrandom.h>
420 ++#include <asm/sections.h>
421 ++
422 ++static int __init x86_rdrand_setup(char *s)
423 ++{
424 ++ setup_clear_cpu_cap(X86_FEATURE_RDRAND);
425 ++ return 1;
426 ++}
427 ++__setup("nordrand", x86_rdrand_setup);
428 ++
429 ++/* We can't use arch_get_random_long() here since alternatives haven't run */
430 ++static inline int rdrand_long(unsigned long *v)
431 ++{
432 ++ int ok;
433 ++ asm volatile("1: " RDRAND_LONG "\n\t"
434 ++ "jc 2f\n\t"
435 ++ "decl %0\n\t"
436 ++ "jnz 1b\n\t"
437 ++ "2:"
438 ++ : "=r" (ok), "=a" (*v)
439 ++ : "0" (RDRAND_RETRY_LOOPS));
440 ++ return ok;
441 ++}
442 ++
443 ++/*
444 ++ * Force a reseed cycle; we are architecturally guaranteed a reseed
445 ++ * after no more than 512 128-bit chunks of random data. This also
446 ++ * acts as a test of the CPU capability.
447 ++ */
448 ++#define RESEED_LOOP ((512*128)/sizeof(unsigned long))
449 ++
450 ++void __cpuinit x86_init_rdrand(struct cpuinfo_x86 *c)
451 ++{
452 ++#ifdef CONFIG_ARCH_RANDOM
453 ++ unsigned long tmp;
454 ++ int i, count, ok;
455 ++
456 ++ if (!cpu_has(c, X86_FEATURE_RDRAND))
457 ++ return; /* Nothing to do */
458 ++
459 ++ for (count = i = 0; i < RESEED_LOOP; i++) {
460 ++ ok = rdrand_long(&tmp);
461 ++ if (ok)
462 ++ count++;
463 ++ }
464 ++
465 ++ if (count != RESEED_LOOP)
466 ++ clear_cpu_cap(c, X86_FEATURE_RDRAND);
467 ++#endif
468 ++}
469 diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
470 index ff95824..2ffdcb5 100644
471 --- a/arch/x86/kernel/crash.c
472 @@ -33842,10 +34062,65 @@ index 62f282e..e45c45c 100644
473 cdev_init(&ptmx_cdev, &ptmx_fops);
474 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
475 diff --git a/drivers/char/random.c b/drivers/char/random.c
476 -index 3a19e2d..1b8116a3 100644
477 +index 3a19e2d..8eb80fc 100644
478 --- a/drivers/char/random.c
479 +++ b/drivers/char/random.c
480 -@@ -254,8 +254,13 @@
481 +@@ -125,20 +125,32 @@
482 + * The current exported interfaces for gathering environmental noise
483 + * from the devices are:
484 + *
485 ++ * void add_device_randomness(const void *buf, unsigned int size);
486 + * void add_input_randomness(unsigned int type, unsigned int code,
487 + * unsigned int value);
488 +- * void add_interrupt_randomness(int irq);
489 ++ * void add_interrupt_randomness(int irq, int irq_flags);
490 ++ * void add_disk_randomness(struct gendisk *disk);
491 ++ *
492 ++ * add_device_randomness() is for adding data to the random pool that
493 ++ * is likely to differ between two devices (or possibly even per boot).
494 ++ * This would be things like MAC addresses or serial numbers, or the
495 ++ * read-out of the RTC. This does *not* add any actual entropy to the
496 ++ * pool, but it initializes the pool to different values for devices
497 ++ * that might otherwise be identical and have very little entropy
498 ++ * available to them (particularly common in the embedded world).
499 + *
500 + * add_input_randomness() uses the input layer interrupt timing, as well as
501 + * the event type information from the hardware.
502 + *
503 +- * add_interrupt_randomness() uses the inter-interrupt timing as random
504 +- * inputs to the entropy pool. Note that not all interrupts are good
505 +- * sources of randomness! For example, the timer interrupts is not a
506 +- * good choice, because the periodicity of the interrupts is too
507 +- * regular, and hence predictable to an attacker. Disk interrupts are
508 +- * a better measure, since the timing of the disk interrupts are more
509 +- * unpredictable.
510 ++ * add_interrupt_randomness() uses the interrupt timing as random
511 ++ * inputs to the entropy pool. Using the cycle counters and the irq source
512 ++ * as inputs, it feeds the randomness roughly once a second.
513 ++ *
514 ++ * add_disk_randomness() uses what amounts to the seek time of block
515 ++ * layer request events, on a per-disk_devt basis, as input to the
516 ++ * entropy pool. Note that high-speed solid state drives with very low
517 ++ * seek times do not make for good sources of entropy, as their seek
518 ++ * times are usually fairly consistent.
519 + *
520 + * All of these routines try to estimate how many bits of randomness a
521 + * particular randomness source. They do this by keeping track of the
522 +@@ -241,6 +253,7 @@
523 + #include <linux/percpu.h>
524 + #include <linux/cryptohash.h>
525 + #include <linux/fips.h>
526 ++#include <linux/ptrace.h>
527 +
528 + #ifdef CONFIG_GENERIC_HARDIRQS
529 + # include <linux/irq.h>
530 +@@ -249,14 +262,21 @@
531 + #include <asm/processor.h>
532 + #include <asm/uaccess.h>
533 + #include <asm/irq.h>
534 ++#include <asm/irq_regs.h>
535 + #include <asm/io.h>
536 +
537 /*
538 * Configuration information
539 */
540 @@ -33857,9 +34132,11 @@ index 3a19e2d..1b8116a3 100644
541 #define OUTPUT_POOL_WORDS 32
542 +#endif
543 #define SEC_XFER_SIZE 512
544 ++#define EXTRACT_SIZE 10
545
546 /*
547 -@@ -292,10 +297,17 @@ static struct poolinfo {
548 + * The minimum number of bits of entropy before we wake up a read on
549 +@@ -292,10 +312,17 @@ static struct poolinfo {
550 int poolwords;
551 int tap1, tap2, tap3, tap4, tap5;
552 } poolinfo_table[] = {
553 @@ -33877,7 +34154,414 @@ index 3a19e2d..1b8116a3 100644
554 #if 0
555 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
556 { 2048, 1638, 1231, 819, 411, 1 },
557 -@@ -1209,7 +1221,7 @@ EXPORT_SYMBOL(generate_random_uuid);
558 +@@ -412,9 +439,11 @@ struct entropy_store {
559 + /* read-write data: */
560 + spinlock_t lock;
561 + unsigned add_ptr;
562 ++ unsigned input_rotate;
563 + int entropy_count;
564 +- int input_rotate;
565 +- __u8 *last_data;
566 ++ int entropy_total;
567 ++ unsigned int initialized:1;
568 ++ __u8 last_data[EXTRACT_SIZE];
569 + };
570 +
571 + static __u32 input_pool_data[INPUT_POOL_WORDS];
572 +@@ -446,6 +475,10 @@ static struct entropy_store nonblocking_pool = {
573 + .pool = nonblocking_pool_data
574 + };
575 +
576 ++static __u32 const twist_table[8] = {
577 ++ 0x00000000, 0x3b6e20c8, 0x76dc4190, 0x4db26158,
578 ++ 0xedb88320, 0xd6d6a3e8, 0x9b64c2b0, 0xa00ae278 };
579 ++
580 + /*
581 + * This function adds bytes into the entropy "pool". It does not
582 + * update the entropy estimate. The caller should call
583 +@@ -456,29 +489,24 @@ static struct entropy_store nonblocking_pool = {
584 + * it's cheap to do so and helps slightly in the expected case where
585 + * the entropy is concentrated in the low-order bits.
586 + */
587 +-static void mix_pool_bytes_extract(struct entropy_store *r, const void *in,
588 +- int nbytes, __u8 out[64])
589 ++static void __mix_pool_bytes(struct entropy_store *r, const void *in,
590 ++ int nbytes, __u8 out[64])
591 + {
592 +- static __u32 const twist_table[8] = {
593 +- 0x00000000, 0x3b6e20c8, 0x76dc4190, 0x4db26158,
594 +- 0xedb88320, 0xd6d6a3e8, 0x9b64c2b0, 0xa00ae278 };
595 + unsigned long i, j, tap1, tap2, tap3, tap4, tap5;
596 + int input_rotate;
597 + int wordmask = r->poolinfo->poolwords - 1;
598 + const char *bytes = in;
599 + __u32 w;
600 +- unsigned long flags;
601 +
602 +- /* Taps are constant, so we can load them without holding r->lock. */
603 + tap1 = r->poolinfo->tap1;
604 + tap2 = r->poolinfo->tap2;
605 + tap3 = r->poolinfo->tap3;
606 + tap4 = r->poolinfo->tap4;
607 + tap5 = r->poolinfo->tap5;
608 +
609 +- spin_lock_irqsave(&r->lock, flags);
610 +- input_rotate = r->input_rotate;
611 +- i = r->add_ptr;
612 ++ smp_rmb();
613 ++ input_rotate = ACCESS_ONCE(r->input_rotate);
614 ++ i = ACCESS_ONCE(r->add_ptr);
615 +
616 + /* mix one byte at a time to simplify size handling and churn faster */
617 + while (nbytes--) {
618 +@@ -505,19 +533,53 @@ static void mix_pool_bytes_extract(struct entropy_store *r, const void *in,
619 + input_rotate += i ? 7 : 14;
620 + }
621 +
622 +- r->input_rotate = input_rotate;
623 +- r->add_ptr = i;
624 ++ ACCESS_ONCE_RW(r->input_rotate) = input_rotate;
625 ++ ACCESS_ONCE_RW(r->add_ptr) = i;
626 ++ smp_wmb();
627 +
628 + if (out)
629 + for (j = 0; j < 16; j++)
630 + ((__u32 *)out)[j] = r->pool[(i - j) & wordmask];
631 ++}
632 +
633 ++static void mix_pool_bytes(struct entropy_store *r, const void *in,
634 ++ int nbytes, __u8 out[64])
635 ++{
636 ++ unsigned long flags;
637 ++
638 ++ spin_lock_irqsave(&r->lock, flags);
639 ++ __mix_pool_bytes(r, in, nbytes, out);
640 + spin_unlock_irqrestore(&r->lock, flags);
641 + }
642 +
643 +-static void mix_pool_bytes(struct entropy_store *r, const void *in, int bytes)
644 ++struct fast_pool {
645 ++ __u32 pool[4];
646 ++ unsigned long last;
647 ++ unsigned short count;
648 ++ unsigned char rotate;
649 ++ unsigned char last_timer_intr;
650 ++};
651 ++
652 ++/*
653 ++ * This is a fast mixing routine used by the interrupt randomness
654 ++ * collector. It's hardcoded for an 128 bit pool and assumes that any
655 ++ * locks that might be needed are taken by the caller.
656 ++ */
657 ++static void fast_mix(struct fast_pool *f, const void *in, int nbytes)
658 + {
659 +- mix_pool_bytes_extract(r, in, bytes, NULL);
660 ++ const char *bytes = in;
661 ++ __u32 w;
662 ++ unsigned i = f->count;
663 ++ unsigned input_rotate = f->rotate;
664 ++
665 ++ while (nbytes--) {
666 ++ w = rol32(*bytes++, input_rotate & 31) ^ f->pool[i & 3] ^
667 ++ f->pool[(i + 1) & 3];
668 ++ f->pool[i & 3] = (w >> 3) ^ twist_table[w & 7];
669 ++ input_rotate += (i++ & 3) ? 7 : 14;
670 ++ }
671 ++ f->count = i;
672 ++ f->rotate = input_rotate;
673 + }
674 +
675 + /*
676 +@@ -525,30 +587,34 @@ static void mix_pool_bytes(struct entropy_store *r, const void *in, int bytes)
677 + */
678 + static void credit_entropy_bits(struct entropy_store *r, int nbits)
679 + {
680 +- unsigned long flags;
681 +- int entropy_count;
682 ++ int entropy_count, orig;
683 +
684 + if (!nbits)
685 + return;
686 +
687 +- spin_lock_irqsave(&r->lock, flags);
688 +-
689 + DEBUG_ENT("added %d entropy credits to %s\n", nbits, r->name);
690 +- entropy_count = r->entropy_count;
691 ++retry:
692 ++ entropy_count = orig = ACCESS_ONCE(r->entropy_count);
693 + entropy_count += nbits;
694 + if (entropy_count < 0) {
695 + DEBUG_ENT("negative entropy/overflow\n");
696 + entropy_count = 0;
697 + } else if (entropy_count > r->poolinfo->POOLBITS)
698 + entropy_count = r->poolinfo->POOLBITS;
699 +- r->entropy_count = entropy_count;
700 ++ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
701 ++ goto retry;
702 ++
703 ++ if (!r->initialized && nbits > 0) {
704 ++ r->entropy_total += nbits;
705 ++ if (r->entropy_total > 128)
706 ++ r->initialized = 1;
707 ++ }
708 +
709 + /* should we wake readers? */
710 + if (r == &input_pool && entropy_count >= random_read_wakeup_thresh) {
711 + wake_up_interruptible(&random_read_wait);
712 + kill_fasync(&fasync, SIGIO, POLL_IN);
713 + }
714 +- spin_unlock_irqrestore(&r->lock, flags);
715 + }
716 +
717 + /*********************************************************************
718 +@@ -601,6 +667,25 @@ static void set_timer_rand_state(unsigned int irq,
719 + }
720 + #endif
721 +
722 ++/*
723 ++ * Add device- or boot-specific data to the input and nonblocking
724 ++ * pools to help initialize them to unique values.
725 ++ *
726 ++ * None of this adds any entropy, it is meant to avoid the
727 ++ * problem of the nonblocking pool having similar initial state
728 ++ * across largely identical devices.
729 ++ */
730 ++void add_device_randomness(const void *buf, unsigned int size)
731 ++{
732 ++ unsigned long time = get_cycles() ^ jiffies;
733 ++
734 ++ mix_pool_bytes(&input_pool, buf, size, NULL);
735 ++ mix_pool_bytes(&input_pool, &time, sizeof(time), NULL);
736 ++ mix_pool_bytes(&nonblocking_pool, buf, size, NULL);
737 ++ mix_pool_bytes(&nonblocking_pool, &time, sizeof(time), NULL);
738 ++}
739 ++EXPORT_SYMBOL(add_device_randomness);
740 ++
741 + static struct timer_rand_state input_timer_state;
742 +
743 + /*
744 +@@ -631,7 +716,7 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
745 + sample.jiffies = jiffies;
746 + sample.cycles = get_cycles();
747 + sample.num = num;
748 +- mix_pool_bytes(&input_pool, &sample, sizeof(sample));
749 ++ mix_pool_bytes(&input_pool, &sample, sizeof(sample), NULL);
750 +
751 + /*
752 + * Calculate number of bits of randomness we probably added.
753 +@@ -688,17 +773,48 @@ void add_input_randomness(unsigned int type, unsigned int code,
754 + }
755 + EXPORT_SYMBOL_GPL(add_input_randomness);
756 +
757 +-void add_interrupt_randomness(int irq)
758 ++static DEFINE_PER_CPU(struct fast_pool, irq_randomness);
759 ++
760 ++void add_interrupt_randomness(int irq, int irq_flags)
761 + {
762 +- struct timer_rand_state *state;
763 ++ struct entropy_store *r;
764 ++ struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness);
765 ++ struct pt_regs *regs = get_irq_regs();
766 ++ unsigned long now = jiffies;
767 ++ __u32 input[4], cycles = get_cycles();
768 +
769 +- state = get_timer_rand_state(irq);
770 ++ input[0] = cycles ^ jiffies;
771 ++ input[1] = irq;
772 ++ if (regs) {
773 ++ __u64 ip = instruction_pointer(regs);
774 ++ input[2] = ip;
775 ++ input[3] = ip >> 32;
776 ++ }
777 +
778 +- if (state == NULL)
779 ++ fast_mix(fast_pool, input, sizeof(input));
780 ++
781 ++ if ((fast_pool->count & 255) &&
782 ++ !time_after(now, fast_pool->last + HZ))
783 + return;
784 +
785 +- DEBUG_ENT("irq event %d\n", irq);
786 +- add_timer_randomness(state, 0x100 + irq);
787 ++ fast_pool->last = now;
788 ++
789 ++ r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool;
790 ++ __mix_pool_bytes(r, &fast_pool->pool, sizeof(fast_pool->pool), NULL);
791 ++ /*
792 ++ * If we don't have a valid cycle counter, and we see
793 ++ * back-to-back timer interrupts, then skip giving credit for
794 ++ * any entropy.
795 ++ */
796 ++ if (cycles == 0) {
797 ++ if (irq_flags & __IRQF_TIMER) {
798 ++ if (fast_pool->last_timer_intr)
799 ++ return;
800 ++ fast_pool->last_timer_intr = 1;
801 ++ } else
802 ++ fast_pool->last_timer_intr = 0;
803 ++ }
804 ++ credit_entropy_bits(r, 1);
805 + }
806 +
807 + #ifdef CONFIG_BLOCK
808 +@@ -714,8 +830,6 @@ void add_disk_randomness(struct gendisk *disk)
809 + }
810 + #endif
811 +
812 +-#define EXTRACT_SIZE 10
813 +-
814 + /*********************************************************************
815 + *
816 + * Entropy extraction routines
817 +@@ -732,7 +846,11 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
818 + */
819 + static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
820 + {
821 +- __u32 tmp[OUTPUT_POOL_WORDS];
822 ++ union {
823 ++ __u32 tmp[OUTPUT_POOL_WORDS];
824 ++ long hwrand[4];
825 ++ } u;
826 ++ int i;
827 +
828 + if (r->pull && r->entropy_count < nbytes * 8 &&
829 + r->entropy_count < r->poolinfo->POOLBITS) {
830 +@@ -743,17 +861,22 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
831 + /* pull at least as many as BYTES as wakeup BITS */
832 + bytes = max_t(int, bytes, random_read_wakeup_thresh / 8);
833 + /* but never more than the buffer size */
834 +- bytes = min_t(int, bytes, sizeof(tmp));
835 ++ bytes = min_t(int, bytes, sizeof(u.tmp));
836 +
837 + DEBUG_ENT("going to reseed %s with %d bits "
838 + "(%d of %d requested)\n",
839 + r->name, bytes * 8, nbytes * 8, r->entropy_count);
840 +
841 +- bytes = extract_entropy(r->pull, tmp, bytes,
842 ++ bytes = extract_entropy(r->pull, u.tmp, bytes,
843 + random_read_wakeup_thresh / 8, rsvd);
844 +- mix_pool_bytes(r, tmp, bytes);
845 ++ mix_pool_bytes(r, u.tmp, bytes, NULL);
846 + credit_entropy_bits(r, bytes*8);
847 + }
848 ++ for (i = 0; i < 4; i++)
849 ++ if (arch_get_random_long(&u.hwrand[i]))
850 ++ break;
851 ++ if (i)
852 ++ mix_pool_bytes(r, &u.hwrand, sizeof(u.hwrand), 0);
853 + }
854 +
855 + /*
856 +@@ -812,9 +935,11 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
857 + int i;
858 + __u32 hash[5], workspace[SHA_WORKSPACE_WORDS];
859 + __u8 extract[64];
860 ++ unsigned long flags;
861 +
862 + /* Generate a hash across the pool, 16 words (512 bits) at a time */
863 + sha_init(hash);
864 ++ spin_lock_irqsave(&r->lock, flags);
865 + for (i = 0; i < r->poolinfo->poolwords; i += 16)
866 + sha_transform(hash, (__u8 *)(r->pool + i), workspace);
867 +
868 +@@ -827,7 +952,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
869 + * brute-forcing the feedback as hard as brute-forcing the
870 + * hash.
871 + */
872 +- mix_pool_bytes_extract(r, hash, sizeof(hash), extract);
873 ++ __mix_pool_bytes(r, hash, sizeof(hash), extract);
874 ++ spin_unlock_irqrestore(&r->lock, flags);
875 +
876 + /*
877 + * To avoid duplicates, we atomically extract a portion of the
878 +@@ -850,11 +976,10 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
879 + }
880 +
881 + static ssize_t extract_entropy(struct entropy_store *r, void *buf,
882 +- size_t nbytes, int min, int reserved)
883 ++ size_t nbytes, int min, int reserved)
884 + {
885 + ssize_t ret = 0, i;
886 + __u8 tmp[EXTRACT_SIZE];
887 +- unsigned long flags;
888 +
889 + xfer_secondary_pool(r, nbytes);
890 + nbytes = account(r, nbytes, min, reserved);
891 +@@ -862,7 +987,9 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
892 + while (nbytes) {
893 + extract_buf(r, tmp);
894 +
895 +- if (r->last_data) {
896 ++ if (fips_enabled) {
897 ++ unsigned long flags;
898 ++
899 + spin_lock_irqsave(&r->lock, flags);
900 + if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
901 + panic("Hardware RNG duplicated output!\n");
902 +@@ -926,7 +1053,21 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
903 + */
904 + void get_random_bytes(void *buf, int nbytes)
905 + {
906 +- extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
907 ++ char *p = buf;
908 ++
909 ++ while (nbytes) {
910 ++ unsigned long v;
911 ++ int chunk = min(nbytes, (int)sizeof(unsigned long));
912 ++
913 ++ if (!arch_get_random_long(&v))
914 ++ break;
915 ++
916 ++ memcpy(buf, &v, chunk);
917 ++ p += chunk;
918 ++ nbytes -= chunk;
919 ++ }
920 ++
921 ++ extract_entropy(&nonblocking_pool, p, nbytes, 0, 0);
922 + }
923 + EXPORT_SYMBOL(get_random_bytes);
924 +
925 +@@ -941,19 +1082,19 @@ EXPORT_SYMBOL(get_random_bytes);
926 + */
927 + static void init_std_data(struct entropy_store *r)
928 + {
929 +- ktime_t now;
930 +- unsigned long flags;
931 ++ int i;
932 ++ ktime_t now = ktime_get_real();
933 ++ unsigned long rv;
934 +
935 +- spin_lock_irqsave(&r->lock, flags);
936 + r->entropy_count = 0;
937 +- spin_unlock_irqrestore(&r->lock, flags);
938 +-
939 +- now = ktime_get_real();
940 +- mix_pool_bytes(r, &now, sizeof(now));
941 +- mix_pool_bytes(r, utsname(), sizeof(*(utsname())));
942 +- /* Enable continuous test in fips mode */
943 +- if (fips_enabled)
944 +- r->last_data = kmalloc(EXTRACT_SIZE, GFP_KERNEL);
945 ++ r->entropy_total = 0;
946 ++ mix_pool_bytes(r, &now, sizeof(now), NULL);
947 ++ for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) {
948 ++ if (!arch_get_random_long(&rv))
949 ++ break;
950 ++ mix_pool_bytes(r, &rv, sizeof(rv), NULL);
951 ++ }
952 ++ mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL);
953 + }
954 +
955 + static int rand_initialize(void)
956 +@@ -1090,7 +1231,7 @@ write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
957 + count -= bytes;
958 + p += bytes;
959 +
960 +- mix_pool_bytes(r, buf, bytes);
961 ++ mix_pool_bytes(r, buf, bytes, NULL);
962 + cond_resched();
963 + }
964 +
965 +@@ -1209,7 +1350,7 @@ EXPORT_SYMBOL(generate_random_uuid);
966 #include <linux/sysctl.h>
967
968 static int min_read_thresh = 8, min_write_thresh;
969 @@ -33886,7 +34570,7 @@ index 3a19e2d..1b8116a3 100644
970 static int max_write_thresh = INPUT_POOL_WORDS * 32;
971 static char sysctl_bootid[16];
972
973 -@@ -1231,10 +1243,15 @@ static int proc_do_uuid(ctl_table *table, int write,
974 +@@ -1231,10 +1372,15 @@ static int proc_do_uuid(ctl_table *table, int write,
975 uuid = table->data;
976 if (!uuid) {
977 uuid = tmp_uuid;
978 @@ -33905,6 +34589,34 @@ index 3a19e2d..1b8116a3 100644
979
980 sprintf(buf, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-"
981 "%02x%02x%02x%02x%02x%02x",
982 +@@ -1279,6 +1425,7 @@ static int uuid_strategy(ctl_table *table,
983 + }
984 +
985 + static int sysctl_poolsize = INPUT_POOL_WORDS * 32;
986 ++extern ctl_table random_table[];
987 + ctl_table random_table[] = {
988 + {
989 + .ctl_name = RANDOM_POOLSIZE,
990 +@@ -1354,12 +1501,17 @@ late_initcall(random_int_secret_init);
991 + * value is not cryptographically secure but for several uses the cost of
992 + * depleting entropy is too high
993 + */
994 +-DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash);
995 ++static DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash);
996 + unsigned int get_random_int(void)
997 + {
998 +- __u32 *hash = get_cpu_var(get_random_int_hash);
999 ++ __u32 *hash;
1000 + unsigned int ret;
1001 +
1002 ++ if (arch_get_random_int(&ret))
1003 ++ return ret;
1004 ++
1005 ++ hash = get_cpu_var(get_random_int_hash);
1006 ++
1007 + hash[0] += current->pid + jiffies + get_cycles();
1008 + md5_transform(hash, random_int_secret);
1009 + ret = hash[0];
1010 diff --git a/drivers/char/rocket.c b/drivers/char/rocket.c
1011 index 0e29a23..0efc2c2 100644
1012 --- a/drivers/char/rocket.c
1013 @@ -40059,6 +40771,19 @@ index 726a1b8..f46b460 100644
1014 DEBUG(MTD_DEBUG_LEVEL0, "MTD_ioctl\n");
1015
1016 size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT;
1017 +diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
1018 +index c828d9a..97b9c7b 100644
1019 +--- a/drivers/mtd/nand/cafe_nand.c
1020 ++++ b/drivers/mtd/nand/cafe_nand.c
1021 +@@ -103,7 +103,7 @@ static const char *part_probes[] = { "cmdlinepart", "RedBoot", NULL };
1022 + static int cafe_device_ready(struct mtd_info *mtd)
1023 + {
1024 + struct cafe_priv *cafe = mtd->priv;
1025 +- int result = !!(cafe_readl(cafe, NAND_STATUS) | 0x40000000);
1026 ++ int result = !!(cafe_readl(cafe, NAND_STATUS) & 0x40000000);
1027 + uint32_t irqs = cafe_readl(cafe, NAND_IRQ);
1028 +
1029 + cafe_writel(cafe, irqs, NAND_IRQ);
1030 diff --git a/drivers/mtd/nftlcore.c b/drivers/mtd/nftlcore.c
1031 index 1002e18..26d82d5 100644
1032 --- a/drivers/mtd/nftlcore.c
1033 @@ -61822,6 +62547,33 @@ index bcbe104..9cfd1c6 100644
1034 void usb_mon_deregister(void);
1035
1036 #else
1037 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
1038 +index 2b428fc..f0b27f8 100644
1039 +--- a/drivers/usb/core/hub.c
1040 ++++ b/drivers/usb/core/hub.c
1041 +@@ -23,6 +23,7 @@
1042 + #include <linux/mutex.h>
1043 + #include <linux/freezer.h>
1044 + #include <linux/usb/quirks.h>
1045 ++#include <linux/random.h>
1046 +
1047 + #include <asm/uaccess.h>
1048 + #include <asm/byteorder.h>
1049 +@@ -1812,6 +1813,14 @@ int usb_new_device(struct usb_device *udev)
1050 + /* Tell the world! */
1051 + announce_device(udev);
1052 +
1053 ++ if (udev->serial)
1054 ++ add_device_randomness(udev->serial, strlen(udev->serial));
1055 ++ if (udev->product)
1056 ++ add_device_randomness(udev->product, strlen(udev->product));
1057 ++ if (udev->manufacturer)
1058 ++ add_device_randomness(udev->manufacturer,
1059 ++ strlen(udev->manufacturer));
1060 ++
1061 + /* Register the device. The device driver is responsible
1062 + * for configuring the device and invoking the add-device
1063 + * notifier chain (used by usbfs and possibly others).
1064 diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
1065 index 62ff5e7..530b74e 100644
1066 --- a/drivers/usb/misc/appledisplay.c
1067 @@ -67733,6 +68485,366 @@ index 90a6087..fa05803 100644
1068 set_fs(old_fs);
1069 if (rc < 0)
1070 goto out_free;
1071 +diff --git a/fs/eventpoll.c b/fs/eventpoll.c
1072 +index f539204..068db1f 100644
1073 +--- a/fs/eventpoll.c
1074 ++++ b/fs/eventpoll.c
1075 +@@ -200,6 +200,12 @@ struct eventpoll {
1076 +
1077 + /* The user that created the eventpoll descriptor */
1078 + struct user_struct *user;
1079 ++
1080 ++ struct file *file;
1081 ++
1082 ++ /* used to optimize loop detection check */
1083 ++ int visited;
1084 ++ struct list_head visited_list_link;
1085 + };
1086 +
1087 + /* Wait structure used by the poll hooks */
1088 +@@ -258,6 +264,15 @@ static struct kmem_cache *epi_cache __read_mostly;
1089 + /* Slab cache used to allocate "struct eppoll_entry" */
1090 + static struct kmem_cache *pwq_cache __read_mostly;
1091 +
1092 ++/* Visited nodes during ep_loop_check(), so we can unset them when we finish */
1093 ++static LIST_HEAD(visited_list);
1094 ++
1095 ++/*
1096 ++ * List of files with newly added links, where we may need to limit the number
1097 ++ * of emanating paths. Protected by the epmutex.
1098 ++ */
1099 ++static LIST_HEAD(tfile_check_list);
1100 ++
1101 + #ifdef CONFIG_SYSCTL
1102 +
1103 + #include <linux/sysctl.h>
1104 +@@ -277,6 +292,12 @@ ctl_table epoll_table[] = {
1105 + };
1106 + #endif /* CONFIG_SYSCTL */
1107 +
1108 ++static const struct file_operations eventpoll_fops;
1109 ++
1110 ++static inline int is_file_epoll(struct file *f)
1111 ++{
1112 ++ return f->f_op == &eventpoll_fops;
1113 ++}
1114 +
1115 + /* Setup the structure that is used as key for the RB tree */
1116 + static inline void ep_set_ffd(struct epoll_filefd *ffd,
1117 +@@ -698,12 +719,6 @@ static const struct file_operations eventpoll_fops = {
1118 + .poll = ep_eventpoll_poll
1119 + };
1120 +
1121 +-/* Fast test to see if the file is an evenpoll file */
1122 +-static inline int is_file_epoll(struct file *f)
1123 +-{
1124 +- return f->f_op == &eventpoll_fops;
1125 +-}
1126 +-
1127 + /*
1128 + * This is called from eventpoll_release() to unlink files from the eventpoll
1129 + * interface. We need to have this facility to cleanup correctly files that are
1130 +@@ -913,6 +928,103 @@ static void ep_rbtree_insert(struct eventpoll *ep, struct epitem *epi)
1131 + rb_insert_color(&epi->rbn, &ep->rbr);
1132 + }
1133 +
1134 ++
1135 ++
1136 ++#define PATH_ARR_SIZE 5
1137 ++/*
1138 ++ * These are the number paths of length 1 to 5, that we are allowing to emanate
1139 ++ * from a single file of interest. For example, we allow 1000 paths of length
1140 ++ * 1, to emanate from each file of interest. This essentially represents the
1141 ++ * potential wakeup paths, which need to be limited in order to avoid massive
1142 ++ * uncontrolled wakeup storms. The common use case should be a single ep which
1143 ++ * is connected to n file sources. In this case each file source has 1 path
1144 ++ * of length 1. Thus, the numbers below should be more than sufficient. These
1145 ++ * path limits are enforced during an EPOLL_CTL_ADD operation, since a modify
1146 ++ * and delete can't add additional paths. Protected by the epmutex.
1147 ++ */
1148 ++static const int path_limits[PATH_ARR_SIZE] = { 1000, 500, 100, 50, 10 };
1149 ++static int path_count[PATH_ARR_SIZE];
1150 ++
1151 ++static int path_count_inc(int nests)
1152 ++{
1153 ++ /* Allow an arbitrary number of depth 1 paths */
1154 ++ if (nests == 0)
1155 ++ return 0;
1156 ++
1157 ++ if (++path_count[nests] > path_limits[nests])
1158 ++ return -1;
1159 ++ return 0;
1160 ++}
1161 ++
1162 ++static void path_count_init(void)
1163 ++{
1164 ++ int i;
1165 ++
1166 ++ for (i = 0; i < PATH_ARR_SIZE; i++)
1167 ++ path_count[i] = 0;
1168 ++}
1169 ++
1170 ++static int reverse_path_check_proc(void *priv, void *cookie, int call_nests)
1171 ++{
1172 ++ int error = 0;
1173 ++ struct file *file = priv;
1174 ++ struct file *child_file;
1175 ++ struct epitem *epi;
1176 ++
1177 ++ list_for_each_entry(epi, &file->f_ep_links, fllink) {
1178 ++ child_file = epi->ep->file;
1179 ++ if (is_file_epoll(child_file)) {
1180 ++ if (list_empty(&child_file->f_ep_links)) {
1181 ++ if (path_count_inc(call_nests)) {
1182 ++ error = -1;
1183 ++ break;
1184 ++ }
1185 ++ } else {
1186 ++ error = ep_call_nested(&poll_loop_ncalls,
1187 ++ EP_MAX_NESTS,
1188 ++ reverse_path_check_proc,
1189 ++ child_file, child_file,
1190 ++ current);
1191 ++ }
1192 ++ if (error != 0)
1193 ++ break;
1194 ++ } else {
1195 ++ printk(KERN_ERR "reverse_path_check_proc: "
1196 ++ "file is not an ep!\n");
1197 ++ }
1198 ++ }
1199 ++ return error;
1200 ++}
1201 ++
1202 ++/**
1203 ++ * reverse_path_check - The tfile_check_list is list of file *, which have
1204 ++ * links that are proposed to be newly added. We need to
1205 ++ * make sure that those added links don't add too many
1206 ++ * paths such that we will spend all our time waking up
1207 ++ * eventpoll objects.
1208 ++ *
1209 ++ * Returns: Returns zero if the proposed links don't create too many paths,
1210 ++ * -1 otherwise.
1211 ++ */
1212 ++static int reverse_path_check(void)
1213 ++{
1214 ++ int length = 0;
1215 ++ int error = 0;
1216 ++ struct file *current_file;
1217 ++
1218 ++ /* let's call this for all tfiles */
1219 ++ list_for_each_entry(current_file, &tfile_check_list, f_tfile_llink) {
1220 ++ length++;
1221 ++ path_count_init();
1222 ++ error = ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS,
1223 ++ reverse_path_check_proc, current_file,
1224 ++ current_file, current);
1225 ++ if (error)
1226 ++ break;
1227 ++ }
1228 ++ return error;
1229 ++}
1230 ++
1231 + /*
1232 + * Must be called with "mtx" held.
1233 + */
1234 +@@ -973,6 +1085,11 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event,
1235 + */
1236 + ep_rbtree_insert(ep, epi);
1237 +
1238 ++ /* now check if we've created too many backpaths */
1239 ++ error = -EINVAL;
1240 ++ if (reverse_path_check())
1241 ++ goto error_remove_epi;
1242 ++
1243 + /* We have to drop the new item inside our item list to keep track of it */
1244 + spin_lock_irqsave(&ep->lock, flags);
1245 +
1246 +@@ -997,6 +1114,14 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event,
1247 +
1248 + return 0;
1249 +
1250 ++error_remove_epi:
1251 ++ spin_lock(&tfile->f_lock);
1252 ++ if (ep_is_linked(&epi->fllink))
1253 ++ list_del_init(&epi->fllink);
1254 ++ spin_unlock(&tfile->f_lock);
1255 ++
1256 ++ rb_erase(&epi->rbn, &ep->rbr);
1257 ++
1258 + error_unregister:
1259 + ep_unregister_pollwait(ep, epi);
1260 +
1261 +@@ -1223,18 +1348,36 @@ static int ep_loop_check_proc(void *priv, void *cookie, int call_nests)
1262 + int error = 0;
1263 + struct file *file = priv;
1264 + struct eventpoll *ep = file->private_data;
1265 ++ struct eventpoll *ep_tovisit;
1266 + struct rb_node *rbp;
1267 + struct epitem *epi;
1268 +
1269 + mutex_lock_nested(&ep->mtx, call_nests + 1);
1270 ++ ep->visited = 1;
1271 ++ list_add(&ep->visited_list_link, &visited_list);
1272 + for (rbp = rb_first(&ep->rbr); rbp; rbp = rb_next(rbp)) {
1273 + epi = rb_entry(rbp, struct epitem, rbn);
1274 + if (unlikely(is_file_epoll(epi->ffd.file))) {
1275 ++ ep_tovisit = epi->ffd.file->private_data;
1276 ++ if (ep_tovisit->visited)
1277 ++ continue;
1278 + error = ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS,
1279 +- ep_loop_check_proc, epi->ffd.file,
1280 +- epi->ffd.file->private_data, current);
1281 ++ ep_loop_check_proc, epi->ffd.file,
1282 ++ ep_tovisit, current);
1283 + if (error != 0)
1284 + break;
1285 ++ } else {
1286 ++ /*
1287 ++ * If we've reached a file that is not associated with
1288 ++ * an ep, then we need to check if the newly added
1289 ++ * links are going to add too many wakeup paths. We do
1290 ++ * this by adding it to the tfile_check_list, if it's
1291 ++ * not already there, and calling reverse_path_check()
1292 ++ * during ep_insert().
1293 ++ */
1294 ++ if (list_empty(&epi->ffd.file->f_tfile_llink))
1295 ++ list_add(&epi->ffd.file->f_tfile_llink,
1296 ++ &tfile_check_list);
1297 + }
1298 + }
1299 + mutex_unlock(&ep->mtx);
1300 +@@ -1255,8 +1398,31 @@ static int ep_loop_check_proc(void *priv, void *cookie, int call_nests)
1301 + */
1302 + static int ep_loop_check(struct eventpoll *ep, struct file *file)
1303 + {
1304 +- return ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS,
1305 ++ int ret;
1306 ++ struct eventpoll *ep_cur, *ep_next;
1307 ++
1308 ++ ret = ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS,
1309 + ep_loop_check_proc, file, ep, current);
1310 ++ /* clear visited list */
1311 ++ list_for_each_entry_safe(ep_cur, ep_next, &visited_list,
1312 ++ visited_list_link) {
1313 ++ ep_cur->visited = 0;
1314 ++ list_del(&ep_cur->visited_list_link);
1315 ++ }
1316 ++ return ret;
1317 ++}
1318 ++
1319 ++static void clear_tfile_check_list(void)
1320 ++{
1321 ++ struct file *file;
1322 ++
1323 ++ /* first clear the tfile_check_list */
1324 ++ while (!list_empty(&tfile_check_list)) {
1325 ++ file = list_first_entry(&tfile_check_list, struct file,
1326 ++ f_tfile_llink);
1327 ++ list_del_init(&file->f_tfile_llink);
1328 ++ }
1329 ++ INIT_LIST_HEAD(&tfile_check_list);
1330 + }
1331 +
1332 + /*
1333 +@@ -1264,8 +1430,9 @@ static int ep_loop_check(struct eventpoll *ep, struct file *file)
1334 + */
1335 + SYSCALL_DEFINE1(epoll_create1, int, flags)
1336 + {
1337 +- int error;
1338 ++ int error, fd;
1339 + struct eventpoll *ep = NULL;
1340 ++ struct file *file;
1341 +
1342 + /* Check the EPOLL_* constant for consistency. */
1343 + BUILD_BUG_ON(EPOLL_CLOEXEC != O_CLOEXEC);
1344 +@@ -1282,11 +1449,25 @@ SYSCALL_DEFINE1(epoll_create1, int, flags)
1345 + * Creates all the items needed to setup an eventpoll file. That is,
1346 + * a file structure and a free file descriptor.
1347 + */
1348 +- error = anon_inode_getfd("[eventpoll]", &eventpoll_fops, ep,
1349 +- flags & O_CLOEXEC);
1350 +- if (error < 0)
1351 +- ep_free(ep);
1352 ++ fd = get_unused_fd_flags(O_RDWR | (flags & O_CLOEXEC));
1353 ++ if (fd < 0) {
1354 ++ error = fd;
1355 ++ goto out_free_ep;
1356 ++ }
1357 ++ file = anon_inode_getfile("[eventpoll]", &eventpoll_fops, ep,
1358 ++ O_RDWR | (flags & O_CLOEXEC));
1359 ++ if (IS_ERR(file)) {
1360 ++ error = PTR_ERR(file);
1361 ++ goto out_free_fd;
1362 ++ }
1363 ++ fd_install(fd, file);
1364 ++ ep->file = file;
1365 ++ return fd;
1366 +
1367 ++out_free_fd:
1368 ++ put_unused_fd(fd);
1369 ++out_free_ep:
1370 ++ ep_free(ep);
1371 + return error;
1372 + }
1373 +
1374 +@@ -1352,21 +1533,29 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
1375 + /*
1376 + * When we insert an epoll file descriptor, inside another epoll file
1377 + * descriptor, there is the change of creating closed loops, which are
1378 +- * better be handled here, than in more critical paths.
1379 ++ * better be handled here, than in more critical paths. While we are
1380 ++ * checking for loops we also determine the list of files reachable
1381 ++ * and hang them on the tfile_check_list, so we can check that we
1382 ++ * haven't created too many possible wakeup paths.
1383 + *
1384 +- * We hold epmutex across the loop check and the insert in this case, in
1385 +- * order to prevent two separate inserts from racing and each doing the
1386 +- * insert "at the same time" such that ep_loop_check passes on both
1387 +- * before either one does the insert, thereby creating a cycle.
1388 ++ * We need to hold the epmutex across both ep_insert and ep_remove
1389 ++ * b/c we want to make sure we are looking at a coherent view of
1390 ++ * epoll network.
1391 + */
1392 +- if (unlikely(is_file_epoll(tfile) && op == EPOLL_CTL_ADD)) {
1393 ++ if (op == EPOLL_CTL_ADD || op == EPOLL_CTL_DEL) {
1394 + mutex_lock(&epmutex);
1395 + did_lock_epmutex = 1;
1396 +- error = -ELOOP;
1397 +- if (ep_loop_check(ep, tfile) != 0)
1398 +- goto error_tgt_fput;
1399 + }
1400 +-
1401 ++ if (op == EPOLL_CTL_ADD) {
1402 ++ if (is_file_epoll(tfile)) {
1403 ++ error = -ELOOP;
1404 ++ if (ep_loop_check(ep, tfile) != 0) {
1405 ++ clear_tfile_check_list();
1406 ++ goto error_tgt_fput;
1407 ++ }
1408 ++ } else
1409 ++ list_add(&tfile->f_tfile_llink, &tfile_check_list);
1410 ++ }
1411 +
1412 + mutex_lock_nested(&ep->mtx, 0);
1413 +
1414 +@@ -1385,6 +1574,7 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
1415 + error = ep_insert(ep, &epds, tfile, fd);
1416 + } else
1417 + error = -EEXIST;
1418 ++ clear_tfile_check_list();
1419 + break;
1420 + case EPOLL_CTL_DEL:
1421 + if (epi)
1422 +@@ -1403,7 +1593,7 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
1423 + mutex_unlock(&ep->mtx);
1424 +
1425 + error_tgt_fput:
1426 +- if (unlikely(did_lock_epmutex))
1427 ++ if (did_lock_epmutex)
1428 + mutex_unlock(&epmutex);
1429 +
1430 + fput(tfile);
1431 diff --git a/fs/exec.c b/fs/exec.c
1432 index 86fafc6..574abd3 100644
1433 --- a/fs/exec.c
1434 @@ -70811,7 +71923,7 @@ index ec88ff3..b843a82 100644
1435 cache->c_bucket_bits = bucket_bits;
1436 #ifdef MB_CACHE_INDEXES_COUNT
1437 diff --git a/fs/namei.c b/fs/namei.c
1438 -index b0afbd4..8d065a1 100644
1439 +index b0afbd4..6579ccc 100644
1440 --- a/fs/namei.c
1441 +++ b/fs/namei.c
1442 @@ -224,6 +224,14 @@ int generic_permission(struct inode *inode, int mask,
1443 @@ -70854,7 +71966,7 @@ index b0afbd4..8d065a1 100644
1444 goto ok;
1445
1446 return ret;
1447 -@@ -638,7 +639,7 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata
1448 +@@ -638,13 +639,17 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata
1449 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
1450 error = PTR_ERR(cookie);
1451 if (!IS_ERR(cookie)) {
1452 @@ -70863,7 +71975,17 @@ index b0afbd4..8d065a1 100644
1453 error = 0;
1454 if (s)
1455 error = __vfs_follow_link(nd, s);
1456 -@@ -669,6 +670,13 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
1457 + if (dentry->d_inode->i_op->put_link)
1458 + dentry->d_inode->i_op->put_link(dentry, nd, cookie);
1459 + }
1460 ++
1461 ++ if (!error && gr_handle_symlink_owner(path, nd->path.dentry->d_inode))
1462 ++ error = -EACCES;
1463 ++
1464 + path_put(path);
1465 +
1466 + return error;
1467 +@@ -669,6 +674,13 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
1468 err = security_inode_follow_link(path->dentry, nd);
1469 if (err)
1470 goto loop;
1471 @@ -70877,7 +71999,7 @@ index b0afbd4..8d065a1 100644
1472 current->link_count++;
1473 current->total_link_count++;
1474 nd->depth++;
1475 -@@ -1016,11 +1024,19 @@ return_reval:
1476 +@@ -1016,11 +1028,19 @@ return_reval:
1477 break;
1478 }
1479 return_base:
1480 @@ -70897,7 +72019,7 @@ index b0afbd4..8d065a1 100644
1481 path_put(&nd->path);
1482 return_err:
1483 return err;
1484 -@@ -1091,13 +1107,20 @@ static int do_path_lookup(int dfd, const char *name,
1485 +@@ -1091,13 +1111,20 @@ static int do_path_lookup(int dfd, const char *name,
1486 int retval = path_init(dfd, name, flags, nd);
1487 if (!retval)
1488 retval = path_walk(name, nd);
1489 @@ -70921,7 +72043,7 @@ index b0afbd4..8d065a1 100644
1490 return retval;
1491 }
1492
1493 -@@ -1576,6 +1599,20 @@ int may_open(struct path *path, int acc_mode, int flag)
1494 +@@ -1576,6 +1603,20 @@ int may_open(struct path *path, int acc_mode, int flag)
1495 if (error)
1496 goto err_out;
1497
1498 @@ -70942,7 +72064,7 @@ index b0afbd4..8d065a1 100644
1499 if (flag & O_TRUNC) {
1500 error = get_write_access(inode);
1501 if (error)
1502 -@@ -1620,6 +1657,17 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
1503 +@@ -1620,6 +1661,17 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
1504 {
1505 int error;
1506 struct dentry *dir = nd->path.dentry;
1507 @@ -70960,7 +72082,7 @@ index b0afbd4..8d065a1 100644
1508
1509 if (!IS_POSIXACL(dir->d_inode))
1510 mode &= ~current_umask();
1511 -@@ -1627,6 +1675,8 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
1512 +@@ -1627,6 +1679,8 @@ static int __open_namei_create(struct nameidata *nd, struct path *path,
1513 if (error)
1514 goto out_unlock;
1515 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
1516 @@ -70969,7 +72091,15 @@ index b0afbd4..8d065a1 100644
1517 out_unlock:
1518 mutex_unlock(&dir->d_inode->i_mutex);
1519 dput(nd->path.dentry);
1520 -@@ -1709,6 +1759,22 @@ struct file *do_filp_open(int dfd, const char *pathname,
1521 +@@ -1684,6 +1738,7 @@ struct file *do_filp_open(int dfd, const char *pathname,
1522 + struct nameidata nd;
1523 + int error;
1524 + struct path path;
1525 ++ struct path link_path;
1526 + struct dentry *dir;
1527 + int count = 0;
1528 + int will_write;
1529 +@@ -1709,6 +1764,22 @@ struct file *do_filp_open(int dfd, const char *pathname,
1530 &nd, flag);
1531 if (error)
1532 return ERR_PTR(error);
1533 @@ -70992,7 +72122,7 @@ index b0afbd4..8d065a1 100644
1534 goto ok;
1535 }
1536
1537 -@@ -1795,6 +1861,19 @@ do_last:
1538 +@@ -1795,6 +1866,19 @@ do_last:
1539 /*
1540 * It already exists.
1541 */
1542 @@ -71012,7 +72142,7 @@ index b0afbd4..8d065a1 100644
1543 mutex_unlock(&dir->d_inode->i_mutex);
1544 audit_inode(pathname, path.dentry);
1545
1546 -@@ -1887,6 +1966,13 @@ do_link:
1547 +@@ -1887,6 +1971,13 @@ do_link:
1548 error = security_inode_follow_link(path.dentry, &nd);
1549 if (error)
1550 goto exit_dput;
1551 @@ -71026,7 +72156,23 @@ index b0afbd4..8d065a1 100644
1552 error = __do_follow_link(&path, &nd);
1553 if (error) {
1554 /* Does someone understand code flow here? Or it is only
1555 -@@ -1984,6 +2070,10 @@ struct dentry *lookup_create(struct nameidata *nd, int is_dir)
1556 +@@ -1915,9 +2006,15 @@ do_link:
1557 + }
1558 + dir = nd.path.dentry;
1559 + mutex_lock(&dir->d_inode->i_mutex);
1560 ++ link_path.dentry = path.dentry;
1561 ++ link_path.mnt = path.mnt;
1562 + path.dentry = lookup_hash(&nd);
1563 + path.mnt = nd.path.mnt;
1564 + __putname(nd.last.name);
1565 ++ if (!IS_ERR(path.dentry) && gr_handle_symlink_owner(&link_path, path.dentry->d_inode)) {
1566 ++ error = -EACCES;
1567 ++ goto exit_mutex_unlock;
1568 ++ }
1569 + goto do_last;
1570 + }
1571 +
1572 +@@ -1984,6 +2081,10 @@ struct dentry *lookup_create(struct nameidata *nd, int is_dir)
1573 }
1574 return dentry;
1575 eexist:
1576 @@ -71037,7 +72183,7 @@ index b0afbd4..8d065a1 100644
1577 dput(dentry);
1578 dentry = ERR_PTR(-EEXIST);
1579 fail:
1580 -@@ -2061,6 +2151,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
1581 +@@ -2061,6 +2162,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
1582 error = may_mknod(mode);
1583 if (error)
1584 goto out_dput;
1585 @@ -71055,7 +72201,7 @@ index b0afbd4..8d065a1 100644
1586 error = mnt_want_write(nd.path.mnt);
1587 if (error)
1588 goto out_dput;
1589 -@@ -2081,6 +2182,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
1590 +@@ -2081,6 +2193,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
1591 }
1592 out_drop_write:
1593 mnt_drop_write(nd.path.mnt);
1594 @@ -71065,7 +72211,7 @@ index b0afbd4..8d065a1 100644
1595 out_dput:
1596 dput(dentry);
1597 out_unlock:
1598 -@@ -2134,6 +2238,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
1599 +@@ -2134,6 +2249,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
1600 if (IS_ERR(dentry))
1601 goto out_unlock;
1602
1603 @@ -71077,7 +72223,7 @@ index b0afbd4..8d065a1 100644
1604 if (!IS_POSIXACL(nd.path.dentry->d_inode))
1605 mode &= ~current_umask();
1606 error = mnt_want_write(nd.path.mnt);
1607 -@@ -2145,6 +2254,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
1608 +@@ -2145,6 +2265,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
1609 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
1610 out_drop_write:
1611 mnt_drop_write(nd.path.mnt);
1612 @@ -71088,7 +72234,7 @@ index b0afbd4..8d065a1 100644
1613 out_dput:
1614 dput(dentry);
1615 out_unlock:
1616 -@@ -2226,6 +2339,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
1617 +@@ -2226,6 +2350,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
1618 char * name;
1619 struct dentry *dentry;
1620 struct nameidata nd;
1621 @@ -71097,7 +72243,7 @@ index b0afbd4..8d065a1 100644
1622
1623 error = user_path_parent(dfd, pathname, &nd, &name);
1624 if (error)
1625 -@@ -2250,6 +2365,17 @@ static long do_rmdir(int dfd, const char __user *pathname)
1626 +@@ -2250,6 +2376,17 @@ static long do_rmdir(int dfd, const char __user *pathname)
1627 error = PTR_ERR(dentry);
1628 if (IS_ERR(dentry))
1629 goto exit2;
1630 @@ -71115,7 +72261,7 @@ index b0afbd4..8d065a1 100644
1631 error = mnt_want_write(nd.path.mnt);
1632 if (error)
1633 goto exit3;
1634 -@@ -2257,6 +2383,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
1635 +@@ -2257,6 +2394,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
1636 if (error)
1637 goto exit4;
1638 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
1639 @@ -71124,7 +72270,7 @@ index b0afbd4..8d065a1 100644
1640 exit4:
1641 mnt_drop_write(nd.path.mnt);
1642 exit3:
1643 -@@ -2318,6 +2446,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1644 +@@ -2318,6 +2457,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1645 struct dentry *dentry;
1646 struct nameidata nd;
1647 struct inode *inode = NULL;
1648 @@ -71133,7 +72279,7 @@ index b0afbd4..8d065a1 100644
1649
1650 error = user_path_parent(dfd, pathname, &nd, &name);
1651 if (error)
1652 -@@ -2337,8 +2467,19 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1653 +@@ -2337,8 +2478,19 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1654 if (nd.last.name[nd.last.len])
1655 goto slashes;
1656 inode = dentry->d_inode;
1657 @@ -71154,7 +72300,7 @@ index b0afbd4..8d065a1 100644
1658 error = mnt_want_write(nd.path.mnt);
1659 if (error)
1660 goto exit2;
1661 -@@ -2346,6 +2487,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1662 +@@ -2346,6 +2498,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1663 if (error)
1664 goto exit3;
1665 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
1666 @@ -71163,7 +72309,7 @@ index b0afbd4..8d065a1 100644
1667 exit3:
1668 mnt_drop_write(nd.path.mnt);
1669 exit2:
1670 -@@ -2424,6 +2567,11 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
1671 +@@ -2424,6 +2578,11 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
1672 if (IS_ERR(dentry))
1673 goto out_unlock;
1674
1675 @@ -71175,7 +72321,7 @@ index b0afbd4..8d065a1 100644
1676 error = mnt_want_write(nd.path.mnt);
1677 if (error)
1678 goto out_dput;
1679 -@@ -2431,6 +2579,8 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
1680 +@@ -2431,6 +2590,8 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
1681 if (error)
1682 goto out_drop_write;
1683 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
1684 @@ -71184,7 +72330,7 @@ index b0afbd4..8d065a1 100644
1685 out_drop_write:
1686 mnt_drop_write(nd.path.mnt);
1687 out_dput:
1688 -@@ -2524,6 +2674,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
1689 +@@ -2524,6 +2685,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
1690 error = PTR_ERR(new_dentry);
1691 if (IS_ERR(new_dentry))
1692 goto out_unlock;
1693 @@ -71205,7 +72351,7 @@ index b0afbd4..8d065a1 100644
1694 error = mnt_want_write(nd.path.mnt);
1695 if (error)
1696 goto out_dput;
1697 -@@ -2531,6 +2695,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
1698 +@@ -2531,6 +2706,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
1699 if (error)
1700 goto out_drop_write;
1701 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
1702 @@ -71214,7 +72360,7 @@ index b0afbd4..8d065a1 100644
1703 out_drop_write:
1704 mnt_drop_write(nd.path.mnt);
1705 out_dput:
1706 -@@ -2708,6 +2874,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
1707 +@@ -2708,6 +2885,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
1708 char *to;
1709 int error;
1710
1711 @@ -71223,7 +72369,7 @@ index b0afbd4..8d065a1 100644
1712 error = user_path_parent(olddfd, oldname, &oldnd, &from);
1713 if (error)
1714 goto exit;
1715 -@@ -2764,6 +2932,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
1716 +@@ -2764,6 +2943,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
1717 if (new_dentry == trap)
1718 goto exit5;
1719
1720 @@ -71236,7 +72382,7 @@ index b0afbd4..8d065a1 100644
1721 error = mnt_want_write(oldnd.path.mnt);
1722 if (error)
1723 goto exit5;
1724 -@@ -2773,6 +2947,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
1725 +@@ -2773,6 +2958,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
1726 goto exit6;
1727 error = vfs_rename(old_dir->d_inode, old_dentry,
1728 new_dir->d_inode, new_dentry);
1729 @@ -71246,7 +72392,7 @@ index b0afbd4..8d065a1 100644
1730 exit6:
1731 mnt_drop_write(oldnd.path.mnt);
1732 exit5:
1733 -@@ -2798,6 +2975,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
1734 +@@ -2798,6 +2986,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
1735
1736 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
1737 {
1738 @@ -71255,7 +72401,7 @@ index b0afbd4..8d065a1 100644
1739 int len;
1740
1741 len = PTR_ERR(link);
1742 -@@ -2807,7 +2986,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
1743 +@@ -2807,7 +2997,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
1744 len = strlen(link);
1745 if (len > (unsigned) buflen)
1746 len = buflen;
1747 @@ -74187,6 +75333,150 @@ index 9215700..bf1f68e 100644
1748 u8 checksum = 0;
1749 int i;
1750 for (i = 0; i < sizeof(struct tag); ++i)
1751 +diff --git a/fs/udf/super.c b/fs/udf/super.c
1752 +index ee6b3af..ab17bcd 100644
1753 +--- a/fs/udf/super.c
1754 ++++ b/fs/udf/super.c
1755 +@@ -57,6 +57,7 @@
1756 + #include <linux/seq_file.h>
1757 + #include <linux/bitmap.h>
1758 + #include <linux/crc-itu-t.h>
1759 ++#include <linux/log2.h>
1760 + #include <asm/byteorder.h>
1761 +
1762 + #include "udf_sb.h"
1763 +@@ -1239,16 +1240,65 @@ out_bh:
1764 + return ret;
1765 + }
1766 +
1767 ++static int udf_load_sparable_map(struct super_block *sb,
1768 ++ struct udf_part_map *map,
1769 ++ struct sparablePartitionMap *spm)
1770 ++{
1771 ++ uint32_t loc;
1772 ++ uint16_t ident;
1773 ++ struct sparingTable *st;
1774 ++ struct udf_sparing_data *sdata = &map->s_type_specific.s_sparing;
1775 ++ int i;
1776 ++ struct buffer_head *bh;
1777 ++
1778 ++ map->s_partition_type = UDF_SPARABLE_MAP15;
1779 ++ sdata->s_packet_len = le16_to_cpu(spm->packetLength);
1780 ++ if (!is_power_of_2(sdata->s_packet_len)) {
1781 ++ udf_error(sb, __func__, "error loading logical volume descriptor: "
1782 ++ "Invalid packet length %u\n",
1783 ++ (unsigned)sdata->s_packet_len);
1784 ++ return -EIO;
1785 ++ }
1786 ++ if (spm->numSparingTables > 4) {
1787 ++ udf_error(sb, __func__, "error loading logical volume descriptor: "
1788 ++ "Too many sparing tables (%d)\n",
1789 ++ (int)spm->numSparingTables);
1790 ++ return -EIO;
1791 ++ }
1792 ++
1793 ++ for (i = 0; i < spm->numSparingTables; i++) {
1794 ++ loc = le32_to_cpu(spm->locSparingTable[i]);
1795 ++ bh = udf_read_tagged(sb, loc, loc, &ident);
1796 ++ if (!bh)
1797 ++ continue;
1798 ++
1799 ++ st = (struct sparingTable *)bh->b_data;
1800 ++ if (ident != 0 ||
1801 ++ strncmp(st->sparingIdent.ident, UDF_ID_SPARING,
1802 ++ strlen(UDF_ID_SPARING)) ||
1803 ++ sizeof(*st) + le16_to_cpu(st->reallocationTableLen) >
1804 ++ sb->s_blocksize) {
1805 ++ brelse(bh);
1806 ++ continue;
1807 ++ }
1808 ++
1809 ++ sdata->s_spar_map[i] = bh;
1810 ++ }
1811 ++ map->s_partition_func = udf_get_pblock_spar15;
1812 ++ return 0;
1813 ++}
1814 ++
1815 + static int udf_load_logicalvol(struct super_block *sb, sector_t block,
1816 + struct kernel_lb_addr *fileset)
1817 + {
1818 + struct logicalVolDesc *lvd;
1819 +- int i, j, offset;
1820 ++ int i, offset;
1821 + uint8_t type;
1822 + struct udf_sb_info *sbi = UDF_SB(sb);
1823 + struct genericPartitionMap *gpm;
1824 + uint16_t ident;
1825 + struct buffer_head *bh;
1826 ++ unsigned int table_len;
1827 + int ret = 0;
1828 +
1829 + bh = udf_read_tagged(sb, block, block, &ident);
1830 +@@ -1256,6 +1306,13 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
1831 + return 1;
1832 + BUG_ON(ident != TAG_IDENT_LVD);
1833 + lvd = (struct logicalVolDesc *)bh->b_data;
1834 ++ table_len = le32_to_cpu(lvd->mapTableLength);
1835 ++ if (sizeof(*lvd) + table_len > sb->s_blocksize) {
1836 ++ udf_error(sb, __func__, "error loading logical volume descriptor: "
1837 ++ "Partition table too long (%u > %lu)\n", table_len,
1838 ++ sb->s_blocksize - sizeof(*lvd));
1839 ++ goto out_bh;
1840 ++ }
1841 +
1842 + i = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps));
1843 + if (i != 0) {
1844 +@@ -1264,7 +1321,7 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
1845 + }
1846 +
1847 + for (i = 0, offset = 0;
1848 +- i < sbi->s_partitions && offset < le32_to_cpu(lvd->mapTableLength);
1849 ++ i < sbi->s_partitions && offset < table_len;
1850 + i++, offset += gpm->partitionMapLength) {
1851 + struct udf_part_map *map = &sbi->s_partmaps[i];
1852 + gpm = (struct genericPartitionMap *)
1853 +@@ -1299,38 +1356,9 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
1854 + } else if (!strncmp(upm2->partIdent.ident,
1855 + UDF_ID_SPARABLE,
1856 + strlen(UDF_ID_SPARABLE))) {
1857 +- uint32_t loc;
1858 +- struct sparingTable *st;
1859 +- struct sparablePartitionMap *spm =
1860 +- (struct sparablePartitionMap *)gpm;
1861 +-
1862 +- map->s_partition_type = UDF_SPARABLE_MAP15;
1863 +- map->s_type_specific.s_sparing.s_packet_len =
1864 +- le16_to_cpu(spm->packetLength);
1865 +- for (j = 0; j < spm->numSparingTables; j++) {
1866 +- struct buffer_head *bh2;
1867 +-
1868 +- loc = le32_to_cpu(
1869 +- spm->locSparingTable[j]);
1870 +- bh2 = udf_read_tagged(sb, loc, loc,
1871 +- &ident);
1872 +- map->s_type_specific.s_sparing.
1873 +- s_spar_map[j] = bh2;
1874 +-
1875 +- if (bh2 == NULL)
1876 +- continue;
1877 +-
1878 +- st = (struct sparingTable *)bh2->b_data;
1879 +- if (ident != 0 || strncmp(
1880 +- st->sparingIdent.ident,
1881 +- UDF_ID_SPARING,
1882 +- strlen(UDF_ID_SPARING))) {
1883 +- brelse(bh2);
1884 +- map->s_type_specific.s_sparing.
1885 +- s_spar_map[j] = NULL;
1886 +- }
1887 +- }
1888 +- map->s_partition_func = udf_get_pblock_spar15;
1889 ++ if (udf_load_sparable_map(sb, map,
1890 ++ (struct sparablePartitionMap *)gpm) < 0)
1891 ++ goto out_bh;
1892 + } else if (!strncmp(upm2->partIdent.ident,
1893 + UDF_ID_METADATA,
1894 + strlen(UDF_ID_METADATA))) {
1895 diff --git a/fs/utimes.c b/fs/utimes.c
1896 index e4c75db..b4df0e0 100644
1897 --- a/fs/utimes.c
1898 @@ -74411,221 +75701,19 @@ index 8f32f50..b6a41e8 100644
1899 link[pathlen] = '\0';
1900 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
1901 new file mode 100644
1902 -index 0000000..5be91c0
1903 +index 0000000..c20c1db
1904 --- /dev/null
1905 +++ b/grsecurity/Kconfig
1906 -@@ -0,0 +1,1078 @@
1907 +@@ -0,0 +1,939 @@
1908 +#
1909 +# grecurity configuration
1910 +#
1911 -+
1912 -+menu "Grsecurity"
1913 -+
1914 -+config GRKERNSEC
1915 -+ bool "Grsecurity"
1916 -+ select CRYPTO
1917 -+ select CRYPTO_SHA256
1918 -+ help
1919 -+ If you say Y here, you will be able to configure many features
1920 -+ that will enhance the security of your system. It is highly
1921 -+ recommended that you say Y here and read through the help
1922 -+ for each option so that you fully understand the features and
1923 -+ can evaluate their usefulness for your machine.
1924 -+
1925 -+choice
1926 -+ prompt "Security Level"
1927 -+ depends on GRKERNSEC
1928 -+ default GRKERNSEC_CUSTOM
1929 -+
1930 -+config GRKERNSEC_LOW
1931 -+ bool "Low"
1932 -+ select GRKERNSEC_LINK
1933 -+ select GRKERNSEC_FIFO
1934 -+ select GRKERNSEC_RANDNET
1935 -+ select GRKERNSEC_DMESG
1936 -+ select GRKERNSEC_CHROOT
1937 -+ select GRKERNSEC_CHROOT_CHDIR
1938 -+
1939 -+ help
1940 -+ If you choose this option, several of the grsecurity options will
1941 -+ be enabled that will give you greater protection against a number
1942 -+ of attacks, while assuring that none of your software will have any
1943 -+ conflicts with the additional security measures. If you run a lot
1944 -+ of unusual software, or you are having problems with the higher
1945 -+ security levels, you should say Y here. With this option, the
1946 -+ following features are enabled:
1947 -+
1948 -+ - Linking restrictions
1949 -+ - FIFO restrictions
1950 -+ - Restricted dmesg
1951 -+ - Enforced chdir("/") on chroot
1952 -+ - Runtime module disabling
1953 -+
1954 -+config GRKERNSEC_MEDIUM
1955 -+ bool "Medium"
1956 -+ select PAX
1957 -+ select PAX_EI_PAX
1958 -+ select PAX_PT_PAX_FLAGS
1959 -+ select PAX_HAVE_ACL_FLAGS
1960 -+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
1961 -+ select GRKERNSEC_CHROOT
1962 -+ select GRKERNSEC_CHROOT_SYSCTL
1963 -+ select GRKERNSEC_LINK
1964 -+ select GRKERNSEC_FIFO
1965 -+ select GRKERNSEC_DMESG
1966 -+ select GRKERNSEC_RANDNET
1967 -+ select GRKERNSEC_FORKFAIL
1968 -+ select GRKERNSEC_TIME
1969 -+ select GRKERNSEC_SIGNAL
1970 -+ select GRKERNSEC_CHROOT
1971 -+ select GRKERNSEC_CHROOT_UNIX
1972 -+ select GRKERNSEC_CHROOT_MOUNT
1973 -+ select GRKERNSEC_CHROOT_PIVOT
1974 -+ select GRKERNSEC_CHROOT_DOUBLE
1975 -+ select GRKERNSEC_CHROOT_CHDIR
1976 -+ select GRKERNSEC_CHROOT_MKNOD
1977 -+ select GRKERNSEC_PROC
1978 -+ select GRKERNSEC_PROC_USERGROUP
1979 -+ select PAX_RANDUSTACK
1980 -+ select PAX_ASLR
1981 -+ select PAX_RANDMMAP
1982 -+ select PAX_REFCOUNT if (X86 || SPARC64)
1983 -+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB))
1984 -+
1985 -+ help
1986 -+ If you say Y here, several features in addition to those included
1987 -+ in the low additional security level will be enabled. These
1988 -+ features provide even more security to your system, though in rare
1989 -+ cases they may be incompatible with very old or poorly written
1990 -+ software. If you enable this option, make sure that your auth
1991 -+ service (identd) is running as gid 1001. With this option,
1992 -+ the following features (in addition to those provided in the
1993 -+ low additional security level) will be enabled:
1994 -+
1995 -+ - Failed fork logging
1996 -+ - Time change logging
1997 -+ - Signal logging
1998 -+ - Deny mounts in chroot
1999 -+ - Deny double chrooting
2000 -+ - Deny sysctl writes in chroot
2001 -+ - Deny mknod in chroot
2002 -+ - Deny access to abstract AF_UNIX sockets out of chroot
2003 -+ - Deny pivot_root in chroot
2004 -+ - Denied reads/writes of /dev/kmem, /dev/mem, and /dev/port
2005 -+ - /proc restrictions with special GID set to 10 (usually wheel)
2006 -+ - Address Space Layout Randomization (ASLR)
2007 -+ - Prevent exploitation of most refcount overflows
2008 -+ - Bounds checking of copying between the kernel and userland
2009 -+
2010 -+config GRKERNSEC_HIGH
2011 -+ bool "High"
2012 -+ select GRKERNSEC_LINK
2013 -+ select GRKERNSEC_FIFO
2014 -+ select GRKERNSEC_DMESG
2015 -+ select GRKERNSEC_FORKFAIL
2016 -+ select GRKERNSEC_TIME
2017 -+ select GRKERNSEC_SIGNAL
2018 -+ select GRKERNSEC_CHROOT
2019 -+ select GRKERNSEC_CHROOT_SHMAT
2020 -+ select GRKERNSEC_CHROOT_UNIX
2021 -+ select GRKERNSEC_CHROOT_MOUNT
2022 -+ select GRKERNSEC_CHROOT_FCHDIR
2023 -+ select GRKERNSEC_CHROOT_PIVOT
2024 -+ select GRKERNSEC_CHROOT_DOUBLE
2025 -+ select GRKERNSEC_CHROOT_CHDIR
2026 -+ select GRKERNSEC_CHROOT_MKNOD
2027 -+ select GRKERNSEC_CHROOT_CAPS
2028 -+ select GRKERNSEC_CHROOT_SYSCTL
2029 -+ select GRKERNSEC_CHROOT_FINDTASK
2030 -+ select GRKERNSEC_SYSFS_RESTRICT
2031 -+ select GRKERNSEC_PROC
2032 -+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
2033 -+ select GRKERNSEC_HIDESYM
2034 -+ select GRKERNSEC_BRUTE
2035 -+ select GRKERNSEC_PROC_USERGROUP
2036 -+ select GRKERNSEC_KMEM
2037 -+ select GRKERNSEC_RESLOG
2038 -+ select GRKERNSEC_RANDNET
2039 -+ select GRKERNSEC_PROC_ADD
2040 -+ select GRKERNSEC_CHROOT_CHMOD
2041 -+ select GRKERNSEC_CHROOT_NICE
2042 -+ select GRKERNSEC_SETXID if (X86 || SPARC64 || PPC || ARM || MIPS)
2043 -+ select GRKERNSEC_AUDIT_MOUNT
2044 -+ select GRKERNSEC_MODHARDEN if (MODULES)
2045 -+ select GRKERNSEC_HARDEN_PTRACE
2046 -+ select GRKERNSEC_PTRACE_READEXEC
2047 -+ select GRKERNSEC_VM86 if (X86_32)
2048 -+ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
2049 -+ select PAX
2050 -+ select PAX_RANDUSTACK
2051 -+ select PAX_ASLR
2052 -+ select PAX_RANDMMAP
2053 -+ select PAX_NOEXEC
2054 -+ select PAX_MPROTECT
2055 -+ select PAX_EI_PAX
2056 -+ select PAX_PT_PAX_FLAGS
2057 -+ select PAX_HAVE_ACL_FLAGS
2058 -+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
2059 -+ select PAX_MEMORY_UDEREF if (X86 && !XEN)
2060 -+ select PAX_RANDKSTACK if (X86_TSC && X86)
2061 -+ select PAX_SEGMEXEC if (X86_32)
2062 -+ select PAX_PAGEEXEC
2063 -+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
2064 -+ select PAX_EMUTRAMP if (PARISC)
2065 -+ select PAX_EMUSIGRT if (PARISC)
2066 -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
2067 -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
2068 -+ select PAX_REFCOUNT if (X86 || SPARC64)
2069 -+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB))
2070 -+ help
2071 -+ If you say Y here, many of the features of grsecurity will be
2072 -+ enabled, which will protect you against many kinds of attacks
2073 -+ against your system. The heightened security comes at a cost
2074 -+ of an increased chance of incompatibilities with rare software
2075 -+ on your machine. Since this security level enables PaX, you should
2076 -+ view <http://pax.grsecurity.net> and read about the PaX
2077 -+ project. While you are there, download chpax and run it on
2078 -+ binaries that cause problems with PaX. Also remember that
2079 -+ since the /proc restrictions are enabled, you must run your
2080 -+ identd as gid 1001. This security level enables the following
2081 -+ features in addition to those listed in the low and medium
2082 -+ security levels:
2083 -+
2084 -+ - Additional /proc restrictions
2085 -+ - Chmod restrictions in chroot
2086 -+ - No signals, ptrace, or viewing of processes outside of chroot
2087 -+ - Capability restrictions in chroot
2088 -+ - Deny fchdir out of chroot
2089 -+ - Priority restrictions in chroot
2090 -+ - Segmentation-based implementation of PaX
2091 -+ - Mprotect restrictions
2092 -+ - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
2093 -+ - Kernel stack randomization
2094 -+ - Mount/unmount/remount logging
2095 -+ - Kernel symbol hiding
2096 -+ - Hardening of module auto-loading
2097 -+ - Ptrace restrictions
2098 -+ - Restricted vm86 mode
2099 -+ - Restricted sysfs/debugfs
2100 -+ - Active kernel exploit response
2101 -+
2102 -+config GRKERNSEC_CUSTOM
2103 -+ bool "Custom"
2104 -+ help
2105 -+ If you say Y here, you will be able to configure every grsecurity
2106 -+ option, which allows you to enable many more features that aren't
2107 -+ covered in the basic security levels. These additional features
2108 -+ include TPE, socket restrictions, and the sysctl system for
2109 -+ grsecurity. It is advised that you read through the help for
2110 -+ each option to determine its usefulness in your situation.
2111 -+
2112 -+endchoice
2113 -+
2114 +menu "Memory Protections"
2115 +depends on GRKERNSEC
2116 +
2117 +config GRKERNSEC_KMEM
2118 + bool "Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port"
2119 ++ default y if GRKERNSEC_CONFIG_AUTO
2120 + select STRICT_DEVMEM if (X86 || ARM || TILE || S390)
2121 + help
2122 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
2123 @@ -74647,6 +75735,7 @@ index 0000000..5be91c0
2124 +
2125 +config GRKERNSEC_VM86
2126 + bool "Restrict VM86 mode"
2127 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
2128 + depends on X86_32
2129 +
2130 + help
2131 @@ -74660,6 +75749,7 @@ index 0000000..5be91c0
2132 +
2133 +config GRKERNSEC_IO
2134 + bool "Disable privileged I/O"
2135 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
2136 + depends on X86
2137 + select RTC_CLASS
2138 + select RTC_INTF_DEV
2139 @@ -74679,7 +75769,7 @@ index 0000000..5be91c0
2140 +
2141 +config GRKERNSEC_PROC_MEMMAP
2142 + bool "Harden ASLR against information leaks and entropy reduction"
2143 -+ default y if (PAX_NOEXEC || PAX_ASLR)
2144 ++ default y if (GRKERNSEC_CONFIG_AUTO || PAX_NOEXEC || PAX_ASLR)
2145 + depends on PAX_NOEXEC || PAX_ASLR
2146 + help
2147 + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
2148 @@ -74699,6 +75789,7 @@ index 0000000..5be91c0
2149 +
2150 +config GRKERNSEC_BRUTE
2151 + bool "Deter exploit bruteforcing"
2152 ++ default y if GRKERNSEC_CONFIG_AUTO
2153 + help
2154 + If you say Y here, attempts to bruteforce exploits against forking
2155 + daemons such as apache or sshd, as well as against suid/sgid binaries
2156 @@ -74718,6 +75809,7 @@ index 0000000..5be91c0
2157 +
2158 +config GRKERNSEC_MODHARDEN
2159 + bool "Harden module auto-loading"
2160 ++ default y if GRKERNSEC_CONFIG_AUTO
2161 + depends on MODULES
2162 + help
2163 + If you say Y here, module auto-loading in response to use of some
2164 @@ -74739,6 +75831,7 @@ index 0000000..5be91c0
2165 +
2166 +config GRKERNSEC_HIDESYM
2167 + bool "Hide kernel symbols"
2168 ++ default y if GRKERNSEC_CONFIG_AUTO
2169 + help
2170 + If you say Y here, getting information on loaded modules, and
2171 + displaying all kernel symbols through a syscall will be restricted
2172 @@ -74764,11 +75857,12 @@ index 0000000..5be91c0
2173 +
2174 +config GRKERNSEC_KERN_LOCKOUT
2175 + bool "Active kernel exploit response"
2176 ++ default y if GRKERNSEC_CONFIG_AUTO
2177 + depends on X86 || ARM || PPC || SPARC
2178 + help
2179 + If you say Y here, when a PaX alert is triggered due to suspicious
2180 + activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
2181 -+ or an OOPs occurs due to bad memory accesses, instead of just
2182 ++ or an OOPS occurs due to bad memory accesses, instead of just
2183 + terminating the offending process (and potentially allowing
2184 + a subsequent exploit from the same user), we will take one of two
2185 + actions:
2186 @@ -74827,6 +75921,7 @@ index 0000000..5be91c0
2187 +
2188 +config GRKERNSEC_PROC
2189 + bool "Proc restrictions"
2190 ++ default y if GRKERNSEC_CONFIG_AUTO
2191 + help
2192 + If you say Y here, the permissions of the /proc filesystem
2193 + will be altered to enhance system security and privacy. You MUST
2194 @@ -74848,6 +75943,7 @@ index 0000000..5be91c0
2195 +
2196 +config GRKERNSEC_PROC_USERGROUP
2197 + bool "Allow special group"
2198 ++ default y if GRKERNSEC_CONFIG_AUTO
2199 + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
2200 + help
2201 + If you say Y here, you will be able to select a group that will be
2202 @@ -74863,6 +75959,7 @@ index 0000000..5be91c0
2203 +
2204 +config GRKERNSEC_PROC_ADD
2205 + bool "Additional restrictions"
2206 ++ default y if GRKERNSEC_CONFIG_AUTO
2207 + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
2208 + help
2209 + If you say Y here, additional restrictions will be placed on
2210 @@ -74871,6 +75968,7 @@ index 0000000..5be91c0
2211 +
2212 +config GRKERNSEC_LINK
2213 + bool "Linking restrictions"
2214 ++ default y if GRKERNSEC_CONFIG_AUTO
2215 + help
2216 + If you say Y here, /tmp race exploits will be prevented, since users
2217 + will no longer be able to follow symlinks owned by other users in
2218 @@ -74879,8 +75977,34 @@ index 0000000..5be91c0
2219 + able to hardlink to files they do not own. If the sysctl option is
2220 + enabled, a sysctl option with name "linking_restrictions" is created.
2221 +
2222 ++config GRKERNSEC_SYMLINKOWN
2223 ++ bool "Kernel-enforced SymlinksIfOwnerMatch"
2224 ++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER
2225 ++ help
2226 ++ Apache's SymlinksIfOwnerMatch option has an inherent race condition
2227 ++ that prevents it from being used as a security feature. As Apache
2228 ++ verifies the symlink by performing a stat() against the target of
2229 ++ the symlink before it is followed, an attacker can setup a symlink
2230 ++ to point to a same-owned file, then replace the symlink with one
2231 ++ that targets another user's file just after Apache "validates" the
2232 ++ symlink -- a classic TOCTOU race. If you say Y here, a complete,
2233 ++ race-free replacement for Apache's "SymlinksIfOwnerMatch" option
2234 ++ will be in place for the group you specify. If the sysctl option
2235 ++ is enabled, a sysctl option with name "enforce_symlinksifowner" is
2236 ++ created.
2237 ++
2238 ++config GRKERNSEC_SYMLINKOWN_GID
2239 ++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
2240 ++ depends on GRKERNSEC_SYMLINKOWN
2241 ++ default 1006
2242 ++ help
2243 ++ Setting this GID determines what group kernel-enforced
2244 ++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option
2245 ++ is enabled, a sysctl option with name "symlinkown_gid" is created.
2246 ++
2247 +config GRKERNSEC_FIFO
2248 + bool "FIFO restrictions"
2249 ++ default y if GRKERNSEC_CONFIG_AUTO
2250 + help
2251 + If you say Y here, users will not be able to write to FIFOs they don't
2252 + own in world-writable +t directories (e.g. /tmp), unless the owner of
2253 @@ -74890,6 +76014,7 @@ index 0000000..5be91c0
2254 +
2255 +config GRKERNSEC_SYSFS_RESTRICT
2256 + bool "Sysfs/debugfs restriction"
2257 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
2258 + depends on SYSFS
2259 + help
2260 + If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and
2261 @@ -74923,6 +76048,7 @@ index 0000000..5be91c0
2262 +
2263 +config GRKERNSEC_CHROOT
2264 + bool "Chroot jail restrictions"
2265 ++ default y if GRKERNSEC_CONFIG_AUTO
2266 + help
2267 + If you say Y here, you will be able to choose several options that will
2268 + make breaking out of a chrooted jail much more difficult. If you
2269 @@ -74931,6 +76057,7 @@ index 0000000..5be91c0
2270 +
2271 +config GRKERNSEC_CHROOT_MOUNT
2272 + bool "Deny mounts"
2273 ++ default y if GRKERNSEC_CONFIG_AUTO
2274 + depends on GRKERNSEC_CHROOT
2275 + help
2276 + If you say Y here, processes inside a chroot will not be able to
2277 @@ -74939,6 +76066,7 @@ index 0000000..5be91c0
2278 +
2279 +config GRKERNSEC_CHROOT_DOUBLE
2280 + bool "Deny double-chroots"
2281 ++ default y if GRKERNSEC_CONFIG_AUTO
2282 + depends on GRKERNSEC_CHROOT
2283 + help
2284 + If you say Y here, processes inside a chroot will not be able to chroot
2285 @@ -74949,6 +76077,7 @@ index 0000000..5be91c0
2286 +
2287 +config GRKERNSEC_CHROOT_PIVOT
2288 + bool "Deny pivot_root in chroot"
2289 ++ default y if GRKERNSEC_CONFIG_AUTO
2290 + depends on GRKERNSEC_CHROOT
2291 + help
2292 + If you say Y here, processes inside a chroot will not be able to use
2293 @@ -74961,6 +76090,7 @@ index 0000000..5be91c0
2294 +
2295 +config GRKERNSEC_CHROOT_CHDIR
2296 + bool "Enforce chdir(\"/\") on all chroots"
2297 ++ default y if GRKERNSEC_CONFIG_AUTO
2298 + depends on GRKERNSEC_CHROOT
2299 + help
2300 + If you say Y here, the current working directory of all newly-chrooted
2301 @@ -74977,6 +76107,7 @@ index 0000000..5be91c0
2302 +
2303 +config GRKERNSEC_CHROOT_CHMOD
2304 + bool "Deny (f)chmod +s"
2305 ++ default y if GRKERNSEC_CONFIG_AUTO
2306 + depends on GRKERNSEC_CHROOT
2307 + help
2308 + If you say Y here, processes inside a chroot will not be able to chmod
2309 @@ -74987,6 +76118,7 @@ index 0000000..5be91c0
2310 +
2311 +config GRKERNSEC_CHROOT_FCHDIR
2312 + bool "Deny fchdir out of chroot"
2313 ++ default y if GRKERNSEC_CONFIG_AUTO
2314 + depends on GRKERNSEC_CHROOT
2315 + help
2316 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
2317 @@ -74996,6 +76128,7 @@ index 0000000..5be91c0
2318 +
2319 +config GRKERNSEC_CHROOT_MKNOD
2320 + bool "Deny mknod"
2321 ++ default y if GRKERNSEC_CONFIG_AUTO
2322 + depends on GRKERNSEC_CHROOT
2323 + help
2324 + If you say Y here, processes inside a chroot will not be allowed to
2325 @@ -75010,6 +76143,7 @@ index 0000000..5be91c0
2326 +
2327 +config GRKERNSEC_CHROOT_SHMAT
2328 + bool "Deny shmat() out of chroot"
2329 ++ default y if GRKERNSEC_CONFIG_AUTO
2330 + depends on GRKERNSEC_CHROOT
2331 + help
2332 + If you say Y here, processes inside a chroot will not be able to attach
2333 @@ -75019,6 +76153,7 @@ index 0000000..5be91c0
2334 +
2335 +config GRKERNSEC_CHROOT_UNIX
2336 + bool "Deny access to abstract AF_UNIX sockets out of chroot"
2337 ++ default y if GRKERNSEC_CONFIG_AUTO
2338 + depends on GRKERNSEC_CHROOT
2339 + help
2340 + If you say Y here, processes inside a chroot will not be able to
2341 @@ -75029,6 +76164,7 @@ index 0000000..5be91c0
2342 +
2343 +config GRKERNSEC_CHROOT_FINDTASK
2344 + bool "Protect outside processes"
2345 ++ default y if GRKERNSEC_CONFIG_AUTO
2346 + depends on GRKERNSEC_CHROOT
2347 + help
2348 + If you say Y here, processes inside a chroot will not be able to
2349 @@ -75039,6 +76175,7 @@ index 0000000..5be91c0
2350 +
2351 +config GRKERNSEC_CHROOT_NICE
2352 + bool "Restrict priority changes"
2353 ++ default y if GRKERNSEC_CONFIG_AUTO
2354 + depends on GRKERNSEC_CHROOT
2355 + help
2356 + If you say Y here, processes inside a chroot will not be able to raise
2357 @@ -75050,6 +76187,7 @@ index 0000000..5be91c0
2358 +
2359 +config GRKERNSEC_CHROOT_SYSCTL
2360 + bool "Deny sysctl writes"
2361 ++ default y if GRKERNSEC_CONFIG_AUTO
2362 + depends on GRKERNSEC_CHROOT
2363 + help
2364 + If you say Y here, an attacker in a chroot will not be able to
2365 @@ -75060,6 +76198,7 @@ index 0000000..5be91c0
2366 +
2367 +config GRKERNSEC_CHROOT_CAPS
2368 + bool "Capability restrictions"
2369 ++ default y if GRKERNSEC_CONFIG_AUTO
2370 + depends on GRKERNSEC_CHROOT
2371 + help
2372 + If you say Y here, the capabilities on all processes within a
2373 @@ -75102,6 +76241,7 @@ index 0000000..5be91c0
2374 +
2375 +config GRKERNSEC_RESLOG
2376 + bool "Resource logging"
2377 ++ default y if GRKERNSEC_CONFIG_AUTO
2378 + help
2379 + If you say Y here, all attempts to overstep resource limits will
2380 + be logged with the resource name, the requested size, and the current
2381 @@ -75140,6 +76280,7 @@ index 0000000..5be91c0
2382 +
2383 +config GRKERNSEC_SIGNAL
2384 + bool "Signal logging"
2385 ++ default y if GRKERNSEC_CONFIG_AUTO
2386 + help
2387 + If you say Y here, certain important signals will be logged, such as
2388 + SIGSEGV, which will as a result inform you of when a error in a program
2389 @@ -75157,6 +76298,7 @@ index 0000000..5be91c0
2390 +
2391 +config GRKERNSEC_TIME
2392 + bool "Time change logging"
2393 ++ default y if GRKERNSEC_CONFIG_AUTO
2394 + help
2395 + If you say Y here, any changes of the system clock will be logged.
2396 + If the sysctl option is enabled, a sysctl option with name
2397 @@ -75164,6 +76306,7 @@ index 0000000..5be91c0
2398 +
2399 +config GRKERNSEC_PROC_IPADDR
2400 + bool "/proc/<pid>/ipaddr support"
2401 ++ default y if GRKERNSEC_CONFIG_AUTO
2402 + help
2403 + If you say Y here, a new entry will be added to each /proc/<pid>
2404 + directory that contains the IP address of the person using the task.
2405 @@ -75175,6 +76318,7 @@ index 0000000..5be91c0
2406 +
2407 +config GRKERNSEC_RWXMAP_LOG
2408 + bool 'Denied RWX mmap/mprotect logging'
2409 ++ default y if GRKERNSEC_CONFIG_AUTO
2410 + depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT
2411 + help
2412 + If you say Y here, calls to mmap() and mprotect() with explicit
2413 @@ -75203,6 +76347,7 @@ index 0000000..5be91c0
2414 +
2415 +config GRKERNSEC_DMESG
2416 + bool "Dmesg(8) restriction"
2417 ++ default y if GRKERNSEC_CONFIG_AUTO
2418 + help
2419 + If you say Y here, non-root users will not be able to use dmesg(8)
2420 + to view up to the last 4kb of messages in the kernel's log buffer.
2421 @@ -75214,6 +76359,7 @@ index 0000000..5be91c0
2422 +
2423 +config GRKERNSEC_HARDEN_PTRACE
2424 + bool "Deter ptrace-based process snooping"
2425 ++ default y if GRKERNSEC_CONFIG_AUTO
2426 + help
2427 + If you say Y here, TTY sniffers and other malicious monitoring
2428 + programs implemented through ptrace will be defeated. If you
2429 @@ -75230,6 +76376,7 @@ index 0000000..5be91c0
2430 +
2431 +config GRKERNSEC_PTRACE_READEXEC
2432 + bool "Require read access to ptrace sensitive binaries"
2433 ++ default y if GRKERNSEC_CONFIG_AUTO
2434 + help
2435 + If you say Y here, unprivileged users will not be able to ptrace unreadable
2436 + binaries. This option is useful in environments that
2437 @@ -75243,6 +76390,7 @@ index 0000000..5be91c0
2438 +
2439 +config GRKERNSEC_SETXID
2440 + bool "Enforce consistent multithreaded privileges"
2441 ++ default y if GRKERNSEC_CONFIG_AUTO
2442 + depends on (X86 || SPARC64 || PPC || ARM || MIPS)
2443 + help
2444 + If you say Y here, a change from a root uid to a non-root uid
2445 @@ -75257,6 +76405,7 @@ index 0000000..5be91c0
2446 +
2447 +config GRKERNSEC_TPE
2448 + bool "Trusted Path Execution (TPE)"
2449 ++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER
2450 + help
2451 + If you say Y here, you will be able to choose a gid to add to the
2452 + supplementary groups of users you want to mark as "untrusted."
2453 @@ -75313,6 +76462,7 @@ index 0000000..5be91c0
2454 +
2455 +config GRKERNSEC_RANDNET
2456 + bool "Larger entropy pools"
2457 ++ default y if GRKERNSEC_CONFIG_AUTO
2458 + help
2459 + If you say Y here, the entropy pools used for many features of Linux
2460 + and grsecurity will be doubled in size. Since several grsecurity
2461 @@ -75322,6 +76472,7 @@ index 0000000..5be91c0
2462 +
2463 +config GRKERNSEC_BLACKHOLE
2464 + bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
2465 ++ default y if GRKERNSEC_CONFIG_AUTO
2466 + depends on NET
2467 + help
2468 + If you say Y here, neither TCP resets nor ICMP
2469 @@ -75421,11 +76572,12 @@ index 0000000..5be91c0
2470 + option with name "socket_server_gid" is created.
2471 +
2472 +endmenu
2473 -+menu "Sysctl support"
2474 ++menu "Sysctl Support"
2475 +depends on GRKERNSEC && SYSCTL
2476 +
2477 +config GRKERNSEC_SYSCTL
2478 + bool "Sysctl support"
2479 ++ default y if GRKERNSEC_CONFIG_AUTO
2480 + help
2481 + If you say Y here, you will be able to change the options that
2482 + grsecurity runs with at bootup, without having to recompile your
2483 @@ -75456,6 +76608,7 @@ index 0000000..5be91c0
2484 +
2485 +config GRKERNSEC_SYSCTL_ON
2486 + bool "Turn on features by default"
2487 ++ default y if GRKERNSEC_CONFIG_AUTO
2488 + depends on GRKERNSEC_SYSCTL
2489 + help
2490 + If you say Y here, instead of having all features enabled in the
2491 @@ -75491,8 +76644,6 @@ index 0000000..5be91c0
2492 + raise this value.
2493 +
2494 +endmenu
2495 -+
2496 -+endmenu
2497 diff --git a/grsecurity/Makefile b/grsecurity/Makefile
2498 new file mode 100644
2499 index 0000000..1b9afa9
2500 @@ -82522,10 +83673,10 @@ index 0000000..8ca18bf
2501 +}
2502 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
2503 new file mode 100644
2504 -index 0000000..1e995d3
2505 +index 0000000..13e8574
2506 --- /dev/null
2507 +++ b/grsecurity/grsec_init.c
2508 -@@ -0,0 +1,278 @@
2509 +@@ -0,0 +1,284 @@
2510 +#include <linux/kernel.h>
2511 +#include <linux/sched.h>
2512 +#include <linux/mm.h>
2513 @@ -82538,6 +83689,8 @@ index 0000000..1e995d3
2514 +
2515 +int grsec_enable_ptrace_readexec;
2516 +int grsec_enable_setxid;
2517 ++int grsec_enable_symlinkown;
2518 ++int grsec_symlinkown_gid;
2519 +int grsec_enable_brute;
2520 +int grsec_enable_link;
2521 +int grsec_enable_dmesg;
2522 @@ -82781,6 +83934,10 @@ index 0000000..1e995d3
2523 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
2524 + grsec_enable_chroot_sysctl = 1;
2525 +#endif
2526 ++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
2527 ++ grsec_enable_symlinkown = 1;
2528 ++ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID;
2529 ++#endif
2530 +#ifdef CONFIG_GRKERNSEC_TPE
2531 + grsec_enable_tpe = 1;
2532 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
2533 @@ -82806,16 +83963,32 @@ index 0000000..1e995d3
2534 +}
2535 diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c
2536 new file mode 100644
2537 -index 0000000..3efe141
2538 +index 0000000..35a96d1
2539 --- /dev/null
2540 +++ b/grsecurity/grsec_link.c
2541 -@@ -0,0 +1,43 @@
2542 +@@ -0,0 +1,59 @@
2543 +#include <linux/kernel.h>
2544 +#include <linux/sched.h>
2545 +#include <linux/fs.h>
2546 +#include <linux/file.h>
2547 +#include <linux/grinternal.h>
2548 +
2549 ++int gr_handle_symlink_owner(const struct path *link, const struct inode *target)
2550 ++{
2551 ++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
2552 ++ const struct inode *link_inode = link->dentry->d_inode;
2553 ++
2554 ++ if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) &&
2555 ++ /* ignore root-owned links, e.g. /proc/self */
2556 ++ link_inode->i_uid &&
2557 ++ link_inode->i_uid != target->i_uid) {
2558 ++ gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid);
2559 ++ return 1;
2560 ++ }
2561 ++#endif
2562 ++ return 0;
2563 ++}
2564 ++
2565 +int
2566 +gr_handle_follow_link(const struct inode *parent,
2567 + const struct inode *inode,
2568 @@ -83868,10 +85041,10 @@ index 0000000..7512ea9
2569 +}
2570 diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c
2571 new file mode 100644
2572 -index 0000000..31f3258
2573 +index 0000000..f33decd
2574 --- /dev/null
2575 +++ b/grsecurity/grsec_sysctl.c
2576 -@@ -0,0 +1,499 @@
2577 +@@ -0,0 +1,517 @@
2578 +#include <linux/kernel.h>
2579 +#include <linux/sched.h>
2580 +#include <linux/sysctl.h>
2581 @@ -83919,6 +85092,24 @@ index 0000000..31f3258
2582 + .proc_handler = &proc_dointvec,
2583 + },
2584 +#endif
2585 ++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
2586 ++ {
2587 ++ .ctl_name = CTL_UNNUMBERED,
2588 ++ .procname = "enforce_symlinksifowner",
2589 ++ .data = &grsec_enable_symlinkown,
2590 ++ .maxlen = sizeof(int),
2591 ++ .mode = 0600,
2592 ++ .proc_handler = &proc_dointvec,
2593 ++ },
2594 ++ {
2595 ++ .ctl_name = CTL_UNNUMBERED,
2596 ++ .procname = "symlinkown_gid",
2597 ++ .data = &grsec_symlinkown_gid,
2598 ++ .maxlen = sizeof(int),
2599 ++ .mode = 0600,
2600 ++ .proc_handler = &proc_dointvec,
2601 ++ },
2602 ++#endif
2603 +#ifdef CONFIG_GRKERNSEC_BRUTE
2604 + {
2605 + .ctl_name = CTL_UNNUMBERED,
2606 @@ -85933,8 +87124,20 @@ index 90a4ed0..d652617 100644
2607
2608 #endif
2609
2610 +diff --git a/include/linux/eventpoll.h b/include/linux/eventpoll.h
2611 +index f6856a5..ca399c5 100644
2612 +--- a/include/linux/eventpoll.h
2613 ++++ b/include/linux/eventpoll.h
2614 +@@ -61,6 +61,7 @@ struct file;
2615 + static inline void eventpoll_init_file(struct file *file)
2616 + {
2617 + INIT_LIST_HEAD(&file->f_ep_links);
2618 ++ INIT_LIST_HEAD(&file->f_tfile_llink);
2619 + }
2620 +
2621 +
2622 diff --git a/include/linux/fs.h b/include/linux/fs.h
2623 -index 1b9a47a..6fe2934 100644
2624 +index 1b9a47a..e17111d 100644
2625 --- a/include/linux/fs.h
2626 +++ b/include/linux/fs.h
2627 @@ -568,41 +568,41 @@ typedef int (*read_actor_t)(read_descriptor_t *, struct page *,
2628 @@ -85996,7 +87199,15 @@ index 1b9a47a..6fe2934 100644
2629 };
2630
2631 /*
2632 -@@ -1031,19 +1031,19 @@ static inline int file_check_writeable(struct file *filp)
2633 +@@ -941,6 +941,7 @@ struct file {
2634 + #ifdef CONFIG_EPOLL
2635 + /* Used by fs/eventpoll.c to link all the hooks to this file */
2636 + struct list_head f_ep_links;
2637 ++ struct list_head f_tfile_llink;
2638 + #endif /* #ifdef CONFIG_EPOLL */
2639 + struct address_space *f_mapping;
2640 + #ifdef CONFIG_DEBUG_WRITECOUNT
2641 +@@ -1031,19 +1032,19 @@ static inline int file_check_writeable(struct file *filp)
2642 typedef struct files_struct *fl_owner_t;
2643
2644 struct file_lock_operations {
2645 @@ -86026,7 +87237,7 @@ index 1b9a47a..6fe2934 100644
2646 };
2647
2648 struct lock_manager {
2649 -@@ -1442,7 +1442,7 @@ struct fiemap_extent_info {
2650 +@@ -1442,7 +1443,7 @@ struct fiemap_extent_info {
2651 unsigned int fi_flags; /* Flags as passed from user */
2652 unsigned int fi_extents_mapped; /* Number of mapped extents */
2653 unsigned int fi_extents_max; /* Size of fiemap_extent array */
2654 @@ -86035,7 +87246,7 @@ index 1b9a47a..6fe2934 100644
2655 * array */
2656 };
2657 int fiemap_fill_next_extent(struct fiemap_extent_info *info, u64 logical,
2658 -@@ -1512,7 +1512,8 @@ struct file_operations {
2659 +@@ -1512,7 +1513,8 @@ struct file_operations {
2660 ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int);
2661 ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int);
2662 int (*setlease)(struct file *, long, struct file_lock **);
2663 @@ -86045,7 +87256,7 @@ index 1b9a47a..6fe2934 100644
2664
2665 struct inode_operations {
2666 int (*create) (struct inode *,struct dentry *,int, struct nameidata *);
2667 -@@ -1559,30 +1560,30 @@ extern ssize_t vfs_writev(struct file *, const struct iovec __user *,
2668 +@@ -1559,30 +1561,30 @@ extern ssize_t vfs_writev(struct file *, const struct iovec __user *,
2669 unsigned long, loff_t *);
2670
2671 struct super_operations {
2672 @@ -86658,10 +87869,10 @@ index 0000000..70d6cd5
2673 +#endif
2674 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
2675 new file mode 100644
2676 -index 0000000..3826b91
2677 +index 0000000..3322652
2678 --- /dev/null
2679 +++ b/include/linux/grinternal.h
2680 -@@ -0,0 +1,219 @@
2681 +@@ -0,0 +1,221 @@
2682 +#ifndef __GRINTERNAL_H
2683 +#define __GRINTERNAL_H
2684 +
2685 @@ -86722,6 +87933,8 @@ index 0000000..3826b91
2686 +extern int grsec_enable_chroot_caps;
2687 +extern int grsec_enable_chroot_sysctl;
2688 +extern int grsec_enable_chroot_unix;
2689 ++extern int grsec_enable_symlinkown;
2690 ++extern int grsec_symlinkown_gid;
2691 +extern int grsec_enable_tpe;
2692 +extern int grsec_tpe_gid;
2693 +extern int grsec_enable_tpe_all;
2694 @@ -86883,10 +88096,10 @@ index 0000000..3826b91
2695 +#endif
2696 diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
2697 new file mode 100644
2698 -index 0000000..f885406
2699 +index 0000000..ac88734
2700 --- /dev/null
2701 +++ b/include/linux/grmsg.h
2702 -@@ -0,0 +1,109 @@
2703 +@@ -0,0 +1,110 @@
2704 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
2705 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
2706 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
2707 @@ -86996,12 +88209,13 @@ index 0000000..f885406
2708 +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
2709 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
2710 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
2711 ++#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
2712 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
2713 new file mode 100644
2714 -index 0000000..c1793ae
2715 +index 0000000..29ccfc4
2716 --- /dev/null
2717 +++ b/include/linux/grsecurity.h
2718 -@@ -0,0 +1,219 @@
2719 +@@ -0,0 +1,220 @@
2720 +#ifndef GR_SECURITY_H
2721 +#define GR_SECURITY_H
2722 +#include <linux/fs.h>
2723 @@ -87173,6 +88387,7 @@ index 0000000..c1793ae
2724 + const struct vfsmount *parent_mnt,
2725 + const struct dentry *old_dentry,
2726 + const struct vfsmount *old_mnt, const char *to);
2727 ++int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
2728 +int gr_acl_handle_rename(struct dentry *new_dentry,
2729 + struct dentry *parent_dentry,
2730 + const struct vfsmount *parent_mnt,
2731 @@ -88327,10 +89542,22 @@ index 7456d7d..6c1cfc9 100644
2732 static inline int ptrace_reparented(struct task_struct *child)
2733 {
2734 diff --git a/include/linux/random.h b/include/linux/random.h
2735 -index 2948046..3262567 100644
2736 +index 2948046..6fe7065 100644
2737 --- a/include/linux/random.h
2738 +++ b/include/linux/random.h
2739 -@@ -63,6 +63,11 @@ unsigned long randomize_range(unsigned long start, unsigned long end, unsigned l
2740 +@@ -46,9 +46,10 @@ struct rand_pool_info {
2741 +
2742 + extern void rand_initialize_irq(int irq);
2743 +
2744 ++extern void add_device_randomness(const void *, unsigned int);
2745 + extern void add_input_randomness(unsigned int type, unsigned int code,
2746 + unsigned int value);
2747 +-extern void add_interrupt_randomness(int irq);
2748 ++extern void add_interrupt_randomness(int irq, int irq_flags);
2749 +
2750 + extern void get_random_bytes(void *buf, int nbytes);
2751 + void generate_random_uuid(unsigned char uuid_out[16]);
2752 +@@ -63,6 +64,24 @@ unsigned long randomize_range(unsigned long start, unsigned long end, unsigned l
2753 u32 random32(void);
2754 void srandom32(u32 seed);
2755
2756 @@ -88339,6 +89566,19 @@ index 2948046..3262567 100644
2757 + return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0);
2758 +}
2759 +
2760 ++#ifdef CONFIG_ARCH_RANDOM
2761 ++# include <asm/archrandom.h>
2762 ++#else
2763 ++static inline int arch_get_random_long(unsigned long *v)
2764 ++{
2765 ++ return 0;
2766 ++}
2767 ++static inline int arch_get_random_int(unsigned int *v)
2768 ++{
2769 ++ return 0;
2770 ++}
2771 ++#endif
2772 ++
2773 #endif /* __KERNEL___ */
2774
2775 #endif /* _LINUX_RANDOM_H */
2776 @@ -89440,7 +90680,7 @@ index a8cc4e1..98d3b85 100644
2777 u32 flags;
2778 u32 bitset;
2779 diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h
2780 -index 1eb44a9..f582df3 100644
2781 +index 1eb44a9..f582df31 100644
2782 --- a/include/linux/tracehook.h
2783 +++ b/include/linux/tracehook.h
2784 @@ -69,12 +69,12 @@ static inline int tracehook_expect_breakpoints(struct task_struct *task)
2785 @@ -92140,6 +93380,38 @@ index a6e9d00..a0da4f9 100644
2786 {
2787 hrtimer_peek_ahead_timers();
2788 }
2789 +diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c
2790 +index 17c71bb..27fd0a6 100644
2791 +--- a/kernel/irq/handle.c
2792 ++++ b/kernel/irq/handle.c
2793 +@@ -370,7 +370,7 @@ static void warn_no_thread(unsigned int irq, struct irqaction *action)
2794 + irqreturn_t handle_IRQ_event(unsigned int irq, struct irqaction *action)
2795 + {
2796 + irqreturn_t ret, retval = IRQ_NONE;
2797 +- unsigned int status = 0;
2798 ++ unsigned int flags = 0;
2799 +
2800 + if (!(action->flags & IRQF_DISABLED))
2801 + local_irq_enable_in_hardirq();
2802 +@@ -413,7 +413,7 @@ irqreturn_t handle_IRQ_event(unsigned int irq, struct irqaction *action)
2803 +
2804 + /* Fall through to add to randomness */
2805 + case IRQ_HANDLED:
2806 +- status |= action->flags;
2807 ++ flags |= action->flags;
2808 + break;
2809 +
2810 + default:
2811 +@@ -424,8 +424,7 @@ irqreturn_t handle_IRQ_event(unsigned int irq, struct irqaction *action)
2812 + action = action->next;
2813 + } while (action);
2814 +
2815 +- if (status & IRQF_SAMPLE_RANDOM)
2816 +- add_interrupt_randomness(irq);
2817 ++ add_interrupt_randomness(irq, flags);
2818 + local_irq_disable();
2819 +
2820 + return retval;
2821 diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
2822 index 8b6b8b6..6bc87df 100644
2823 --- a/kernel/kallsyms.c
2824 @@ -96661,10 +97933,19 @@ index 9073695..1127f348 100644
2825 set_fs(old_fs);
2826
2827 diff --git a/mm/madvise.c b/mm/madvise.c
2828 -index 35b1479..499f7d4 100644
2829 +index 35b1479..d5de85b 100644
2830 --- a/mm/madvise.c
2831 +++ b/mm/madvise.c
2832 -@@ -44,6 +44,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
2833 +@@ -12,6 +12,8 @@
2834 + #include <linux/hugetlb.h>
2835 + #include <linux/sched.h>
2836 + #include <linux/ksm.h>
2837 ++#include <linux/fs.h>
2838 ++#include <linux/file.h>
2839 +
2840 + /*
2841 + * Any behaviour which results in changes to the vma->vm_flags needs to
2842 +@@ -44,6 +46,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
2843 pgoff_t pgoff;
2844 unsigned long new_flags = vma->vm_flags;
2845
2846 @@ -96675,7 +97956,7 @@ index 35b1479..499f7d4 100644
2847 switch (behavior) {
2848 case MADV_NORMAL:
2849 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
2850 -@@ -103,6 +107,13 @@ success:
2851 +@@ -103,6 +109,13 @@ success:
2852 /*
2853 * vm_flags is protected by the mmap_sem held in write mode.
2854 */
2855 @@ -96689,7 +97970,7 @@ index 35b1479..499f7d4 100644
2856 vma->vm_flags = new_flags;
2857
2858 out:
2859 -@@ -161,6 +172,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
2860 +@@ -161,6 +174,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
2861 struct vm_area_struct ** prev,
2862 unsigned long start, unsigned long end)
2863 {
2864 @@ -96701,7 +97982,7 @@ index 35b1479..499f7d4 100644
2865 *prev = vma;
2866 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
2867 return -EINVAL;
2868 -@@ -173,6 +189,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
2869 +@@ -173,6 +191,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
2870 zap_page_range(vma, start, end - start, &details);
2871 } else
2872 zap_page_range(vma, start, end - start, NULL);
2873 @@ -96723,7 +98004,47 @@ index 35b1479..499f7d4 100644
2874 return 0;
2875 }
2876
2877 -@@ -359,6 +390,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
2878 +@@ -190,16 +223,17 @@ static long madvise_remove(struct vm_area_struct *vma,
2879 + struct address_space *mapping;
2880 + loff_t offset, endoff;
2881 + int error;
2882 ++ struct file *f;
2883 +
2884 + *prev = NULL; /* tell sys_madvise we drop mmap_sem */
2885 +
2886 + if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
2887 + return -EINVAL;
2888 +
2889 +- if (!vma->vm_file || !vma->vm_file->f_mapping
2890 +- || !vma->vm_file->f_mapping->host) {
2891 +- return -EINVAL;
2892 +- }
2893 ++ f = vma->vm_file;
2894 ++
2895 ++ if (!f || !f->f_mapping || !f->f_mapping->host)
2896 ++ return -EINVAL;
2897 +
2898 + if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
2899 + return -EACCES;
2900 +@@ -211,10 +245,16 @@ static long madvise_remove(struct vm_area_struct *vma,
2901 + endoff = (loff_t)(end - vma->vm_start - 1)
2902 + + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
2903 +
2904 +- /* vmtruncate_range needs to take i_mutex and i_alloc_sem */
2905 ++ /* vmtruncate_range needs to take i_mutex and i_alloc_sem. We need to
2906 ++ * explicitly grab a reference because the vma (and hence the
2907 ++ * vma's reference to the file) can go away as soon as we drop
2908 ++ * mmap_sem.
2909 ++ */
2910 ++ get_file(f);
2911 + up_read(&current->mm->mmap_sem);
2912 + error = vmtruncate_range(mapping->host, offset, endoff);
2913 + down_read(&current->mm->mmap_sem);
2914 ++ fput(f);
2915 + return error;
2916 + }
2917 +
2918 +@@ -359,6 +399,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
2919 if (end < start)
2920 goto out;
2921
2922 @@ -100961,7 +102282,7 @@ index 9559afc..ccd74e1 100644
2923 u32 interface, fmode, numsrc;
2924
2925 diff --git a/net/core/dev.c b/net/core/dev.c
2926 -index 84a0705..575db4c 100644
2927 +index 84a0705..fb849b8 100644
2928 --- a/net/core/dev.c
2929 +++ b/net/core/dev.c
2930 @@ -1047,10 +1047,14 @@ void dev_load(struct net *net, const char *name)
2931 @@ -100979,7 +102300,19 @@ index 84a0705..575db4c 100644
2932 }
2933 }
2934 EXPORT_SYMBOL(dev_load);
2935 -@@ -1654,7 +1658,7 @@ static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
2936 +@@ -1129,10 +1133,7 @@ int dev_open(struct net_device *dev)
2937 + * Wakeup transmit queue engine
2938 + */
2939 + dev_activate(dev);
2940 +-
2941 +- /*
2942 +- * ... and announce new interface.
2943 +- */
2944 ++ add_device_randomness(dev->dev_addr, dev->addr_len);
2945 + call_netdevice_notifiers(NETDEV_UP, dev);
2946 + }
2947 +
2948 +@@ -1654,7 +1655,7 @@ static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
2949
2950 struct dev_gso_cb {
2951 void (*destructor)(struct sk_buff *skb);
2952 @@ -100988,7 +102321,7 @@ index 84a0705..575db4c 100644
2953
2954 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
2955
2956 -@@ -2063,7 +2067,7 @@ int netif_rx_ni(struct sk_buff *skb)
2957 +@@ -2063,7 +2064,7 @@ int netif_rx_ni(struct sk_buff *skb)
2958 }
2959 EXPORT_SYMBOL(netif_rx_ni);
2960
2961 @@ -100997,7 +102330,7 @@ index 84a0705..575db4c 100644
2962 {
2963 struct softnet_data *sd = &__get_cpu_var(softnet_data);
2964
2965 -@@ -2827,7 +2831,7 @@ void netif_napi_del(struct napi_struct *napi)
2966 +@@ -2827,7 +2828,7 @@ void netif_napi_del(struct napi_struct *napi)
2967 EXPORT_SYMBOL(netif_napi_del);
2968
2969
2970 @@ -101006,6 +102339,22 @@ index 84a0705..575db4c 100644
2971 {
2972 struct list_head *list = &__get_cpu_var(softnet_data).poll_list;
2973 unsigned long time_limit = jiffies + 2;
2974 +@@ -4268,6 +4269,7 @@ int dev_set_mac_address(struct net_device *dev, struct sockaddr *sa)
2975 + err = ops->ndo_set_mac_address(dev, sa);
2976 + if (!err)
2977 + call_netdevice_notifiers(NETDEV_CHANGEADDR, dev);
2978 ++ add_device_randomness(dev->dev_addr, dev->addr_len);
2979 + return err;
2980 + }
2981 + EXPORT_SYMBOL(dev_set_mac_address);
2982 +@@ -4871,6 +4873,7 @@ int register_netdevice(struct net_device *dev)
2983 + dev_init_scheduler(dev);
2984 + dev_hold(dev);
2985 + list_netdevice(dev);
2986 ++ add_device_randomness(dev->dev_addr, dev->addr_len);
2987 +
2988 + /* Notify protocols, that a new device appeared. */
2989 + ret = call_netdevice_notifiers(NETDEV_REGISTER, dev);
2990 diff --git a/net/core/flow.c b/net/core/flow.c
2991 index 9601587..8c4824e 100644
2992 --- a/net/core/flow.c
2993 @@ -101070,7 +102419,7 @@ index 9601587..8c4824e 100644
2994 if (!fle->object || fle->genid == genid)
2995 continue;
2996 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
2997 -index d4fd895..ac9b1e6 100644
2998 +index d4fd895..9adcdc5 100644
2999 --- a/net/core/rtnetlink.c
3000 +++ b/net/core/rtnetlink.c
3001 @@ -57,7 +57,7 @@ struct rtnl_link
3002 @@ -101082,6 +102431,14 @@ index d4fd895..ac9b1e6 100644
3003
3004 static DEFINE_MUTEX(rtnl_mutex);
3005
3006 +@@ -817,6 +817,7 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
3007 + goto errout;
3008 + send_addr_notify = 1;
3009 + modified = 1;
3010 ++ add_device_randomness(dev->dev_addr, dev->addr_len);
3011 + }
3012 +
3013 + if (tb[IFLA_MTU]) {
3014 diff --git a/net/core/scm.c b/net/core/scm.c
3015 index d98eafc..1a190a9 100644
3016 --- a/net/core/scm.c
3017 @@ -104831,16 +106188,14 @@ index d52f7a0..b66cdd9 100755
3018 rm -f tags
3019 xtags ctags
3020 diff --git a/security/Kconfig b/security/Kconfig
3021 -index fb363cd..c2c0a96 100644
3022 +index fb363cd..6ef754f 100644
3023 --- a/security/Kconfig
3024 +++ b/security/Kconfig
3025 -@@ -4,6 +4,634 @@
3026 +@@ -4,6 +4,854 @@
3027
3028 menu "Security options"
3029
3030 -+source grsecurity/Kconfig
3031 -+
3032 -+menu "PaX"
3033 ++menu "Grsecurity"
3034 +
3035 + config ARCH_TRACK_EXEC_LIMIT
3036 + bool
3037 @@ -104861,8 +106216,205 @@ index fb363cd..c2c0a96 100644
3038 + bool
3039 + default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM))
3040 +
3041 ++config GRKERNSEC
3042 ++ bool "Grsecurity"
3043 ++ select CRYPTO
3044 ++ select CRYPTO_SHA256
3045 ++ help
3046 ++ If you say Y here, you will be able to configure many features
3047 ++ that will enhance the security of your system. It is highly
3048 ++ recommended that you say Y here and read through the help
3049 ++ for each option so that you fully understand the features and
3050 ++ can evaluate their usefulness for your machine.
3051 ++
3052 ++choice
3053 ++ prompt "Configuration Method"
3054 ++ depends on GRKERNSEC
3055 ++ default GRKERNSEC_CONFIG_CUSTOM
3056 ++ help
3057 ++
3058 ++config GRKERNSEC_CONFIG_AUTO
3059 ++ bool "Automatic"
3060 ++ help
3061 ++ If you choose this configuration method, you'll be able to answer a small
3062 ++ number of simple questions about how you plan to use this kernel.
3063 ++ The settings of grsecurity and PaX will be automatically configured for
3064 ++ the highest commonly-used settings within the provided constraints.
3065 ++
3066 ++ If you require additional configuration, custom changes can still be made
3067 ++ from the "custom configuration" menu.
3068 ++
3069 ++config GRKERNSEC_CONFIG_CUSTOM
3070 ++ bool "Custom"
3071 ++ help
3072 ++ If you choose this configuration method, you'll be able to configure all
3073 ++ grsecurity and PaX settings manually. Via this method, no options are
3074 ++ automatically enabled.
3075 ++
3076 ++endchoice
3077 ++
3078 ++choice
3079 ++ prompt "Usage Type"
3080 ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
3081 ++ default GRKERNSEC_CONFIG_SERVER
3082 ++ help
3083 ++
3084 ++config GRKERNSEC_CONFIG_SERVER
3085 ++ bool "Server"
3086 ++ help
3087 ++ Choose this option if you plan to use this kernel on a server.
3088 ++
3089 ++config GRKERNSEC_CONFIG_DESKTOP
3090 ++ bool "Desktop"
3091 ++ help
3092 ++ Choose this option if you plan to use this kernel on a desktop.
3093 ++
3094 ++endchoice
3095 ++
3096 ++choice
3097 ++ prompt "Virtualization Type"
3098 ++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO)
3099 ++ default GRKERNSEC_CONFIG_VIRT_NONE
3100 ++ help
3101 ++
3102 ++config GRKERNSEC_CONFIG_VIRT_NONE
3103 ++ bool "None"
3104 ++ help
3105 ++ Choose this option if this kernel will be run on bare metal.
3106 ++
3107 ++config GRKERNSEC_CONFIG_VIRT_GUEST
3108 ++ bool "Guest"
3109 ++ help
3110 ++ Choose this option if this kernel will be run as a VM guest.
3111 ++
3112 ++config GRKERNSEC_CONFIG_VIRT_HOST
3113 ++ bool "Host"
3114 ++ help
3115 ++ Choose this option if this kernel will be run as a VM host.
3116 ++
3117 ++endchoice
3118 ++
3119 ++choice
3120 ++ prompt "Virtualization Hardware"
3121 ++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
3122 ++ help
3123 ++
3124 ++config GRKERNSEC_CONFIG_VIRT_EPT
3125 ++ bool "EPT/RVI Processor Support"
3126 ++ depends on X86
3127 ++ help
3128 ++ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen
3129 ++ hardware virtualization. This allows for additional kernel hardening protections
3130 ++ to operate without additional performance impact.
3131 ++
3132 ++ To see if your Intel processor supports EPT, see:
3133 ++ http://ark.intel.com/Products/VirtualizationTechnology
3134 ++ (Most Core i3/5/7 support EPT)
3135 ++
3136 ++ To see if your AMD processor supports RVI, see:
3137 ++ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx
3138 ++
3139 ++config GRKERNSEC_CONFIG_VIRT_SOFT
3140 ++ bool "First-gen/No Hardware Virtualization"
3141 ++ help
3142 ++ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't
3143 ++ support hardware virtualization or doesn't support the EPT/RVI extensions.
3144 ++
3145 ++endchoice
3146 ++
3147 ++choice
3148 ++ prompt "Virtualization Software"
3149 ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
3150 ++ help
3151 ++
3152 ++config GRKERNSEC_CONFIG_VIRT_XEN
3153 ++ bool "Xen"
3154 ++ help
3155 ++ Choose this option if this kernel is running as a Xen guest or host.
3156 ++
3157 ++config GRKERNSEC_CONFIG_VIRT_VMWARE
3158 ++ bool "VMWare"
3159 ++ help
3160 ++ Choose this option if this kernel is running as a VMWare guest or host.
3161 ++
3162 ++config GRKERNSEC_CONFIG_VIRT_KVM
3163 ++ bool "KVM"
3164 ++ help
3165 ++ Choose this option if this kernel is running as a KVM guest or host.
3166 ++
3167 ++config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX
3168 ++ bool "VirtualBox"
3169 ++ help
3170 ++ Choose this option if this kernel is running as a VirtualBox guest or host.
3171 ++
3172 ++endchoice
3173 ++
3174 ++choice
3175 ++ prompt "Required Priorities"
3176 ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
3177 ++ default GRKERNSEC_CONFIG_PRIORITY_PERF
3178 ++ help
3179 ++
3180 ++config GRKERNSEC_CONFIG_PRIORITY_PERF
3181 ++ bool "Performance"
3182 ++ help
3183 ++ Choose this option if performance is of highest priority for this deployment
3184 ++ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing,
3185 ++ and freed memory sanitizing will be disabled.
3186 ++
3187 ++config GRKERNSEC_CONFIG_PRIORITY_SECURITY
3188 ++ bool "Security"
3189 ++ help
3190 ++ Choose this option if security is of highest priority for this deployment of
3191 ++ grsecurity. UDEREF, kernel stack clearing, and freed memory sanitizing will
3192 ++ be enabled for this kernel. In a worst-case scenario, these features can
3193 ++ introduce a 20% performance hit (UDEREF on x64 contributing half of this hit).
3194 ++
3195 ++endchoice
3196 ++
3197 ++menu "Default Special Groups"
3198 ++depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
3199 ++
3200 ++config GRKERNSEC_PROC_GID
3201 ++ int "GID exempted from /proc restrictions"
3202 ++ default 1001
3203 ++ help
3204 ++ Setting this GID determines which group will be exempted from
3205 ++ grsecurity's /proc restrictions, allowing users of the specified
3206 ++ group to view network statistics and the existence of other users'
3207 ++ processes on the system.
3208 ++
3209 ++config GRKERNSEC_TPE_GID
3210 ++ int "GID for untrusted users"
3211 ++ depends on GRKERNSEC_CONFIG_SERVER
3212 ++ default 1005
3213 ++ help
3214 ++ Setting this GID determines which group untrusted users should
3215 ++ be added to. These users will be placed under grsecurity's Trusted Path
3216 ++ Execution mechanism, preventing them from executing their own binaries.
3217 ++ The users will only be able to execute binaries in directories owned and
3218 ++ writable only by the root user.
3219 ++
3220 ++config GRKERNSEC_SYMLINKOWN_GID
3221 ++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
3222 ++ depends on GRKERNSEC_CONFIG_SERVER
3223 ++ default 1006
3224 ++ help
3225 ++ Setting this GID determines what group kernel-enforced
3226 ++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option
3227 ++ is enabled, a sysctl option with name "symlinkown_gid" is created.
3228 ++
3229 ++
3230 ++endmenu
3231 ++
3232 ++menu "Customize Configuration"
3233 ++depends on GRKERNSEC
3234 ++
3235 ++menu "PaX"
3236 ++
3237 +config PAX
3238 + bool "Enable various PaX features"
3239 ++ default y if GRKERNSEC_CONFIG_AUTO
3240 + depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
3241 + help
3242 + This allows you to enable various PaX features. PaX adds
3243 @@ -104886,6 +106438,7 @@ index fb363cd..c2c0a96 100644
3244 +
3245 +config PAX_EI_PAX
3246 + bool 'Use legacy ELF header marking'
3247 ++ default y if GRKERNSEC_CONFIG_AUTO
3248 + help
3249 + Enabling this option will allow you to control PaX features on
3250 + a per executable basis via the 'chpax' utility available at
3251 @@ -104905,6 +106458,7 @@ index fb363cd..c2c0a96 100644
3252 +
3253 +config PAX_PT_PAX_FLAGS
3254 + bool 'Use ELF program header marking'
3255 ++ default y if GRKERNSEC_CONFIG_AUTO
3256 + help
3257 + Enabling this option will allow you to control PaX features on
3258 + a per executable basis via the 'paxctl' utility available at
3259 @@ -104926,6 +106480,7 @@ index fb363cd..c2c0a96 100644
3260 +
3261 +config PAX_XATTR_PAX_FLAGS
3262 + bool 'Use filesystem extended attributes marking'
3263 ++ default y if GRKERNSEC_CONFIG_AUTO
3264 + select CIFS_XATTR if CIFS
3265 + select EXT2_FS_XATTR if EXT2_FS
3266 + select EXT3_FS_XATTR if EXT3_FS
3267 @@ -104985,6 +106540,7 @@ index fb363cd..c2c0a96 100644
3268 +
3269 +config PAX_NOEXEC
3270 + bool "Enforce non-executable pages"
3271 ++ default y if GRKERNSEC_CONFIG_AUTO
3272 + depends on ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86
3273 + help
3274 + By design some architectures do not allow for protecting memory
3275 @@ -105013,6 +106569,7 @@ index fb363cd..c2c0a96 100644
3276 +
3277 +config PAX_PAGEEXEC
3278 + bool "Paging based non-executable pages"
3279 ++ default y if GRKERNSEC_CONFIG_AUTO
3280 + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
3281 + select S390_SWITCH_AMODE if S390
3282 + select S390_EXEC_PROTECT if S390
3283 @@ -105035,6 +106592,7 @@ index fb363cd..c2c0a96 100644
3284 +
3285 +config PAX_SEGMEXEC
3286 + bool "Segmentation based non-executable pages"
3287 ++ default y if GRKERNSEC_CONFIG_AUTO
3288 + depends on PAX_NOEXEC && X86_32
3289 + help
3290 + This implementation is based on the segmentation feature of the
3291 @@ -105101,6 +106659,7 @@ index fb363cd..c2c0a96 100644
3292 +
3293 +config PAX_MPROTECT
3294 + bool "Restrict mprotect()"
3295 ++ default y if GRKERNSEC_CONFIG_AUTO
3296 + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
3297 + help
3298 + Enabling this option will prevent programs from
3299 @@ -105118,8 +106677,8 @@ index fb363cd..c2c0a96 100644
3300 +
3301 +config PAX_MPROTECT_COMPAT
3302 + bool "Use legacy/compat protection demoting (read help)"
3303 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
3304 + depends on PAX_MPROTECT
3305 -+ default n
3306 + help
3307 + The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
3308 + by sending the proper error code to the application. For some broken
3309 @@ -105194,6 +106753,7 @@ index fb363cd..c2c0a96 100644
3310 +
3311 +config PAX_KERNEXEC
3312 + bool "Enforce non-executable kernel pages"
3313 ++ default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM))
3314 + depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
3315 + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
3316 + select PAX_KERNEXEC_PLUGIN if X86_64
3317 @@ -105235,7 +106795,8 @@ index fb363cd..c2c0a96 100644
3318 +
3319 +config PAX_KERNEXEC_MODULE_TEXT
3320 + int "Minimum amount of memory reserved for module code"
3321 -+ default "4"
3322 ++ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
3323 ++ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
3324 + depends on PAX_KERNEXEC && X86_32 && MODULES
3325 + help
3326 + Due to implementation details the kernel must reserve a fixed
3327 @@ -105260,6 +106821,7 @@ index fb363cd..c2c0a96 100644
3328 +
3329 +config PAX_ASLR
3330 + bool "Address Space Layout Randomization"
3331 ++ default y if GRKERNSEC_CONFIG_AUTO
3332 + help
3333 + Many if not most exploit techniques rely on the knowledge of
3334 + certain addresses in the attacked program. The following options
3335 @@ -105289,6 +106851,7 @@ index fb363cd..c2c0a96 100644
3336 +
3337 +config PAX_RANDKSTACK
3338 + bool "Randomize kernel stack base"
3339 ++ default y if GRKERNSEC_CONFIG_AUTO
3340 + depends on X86_TSC && X86
3341 + help
3342 + By saying Y here the kernel will randomize every task's kernel
3343 @@ -105303,6 +106866,7 @@ index fb363cd..c2c0a96 100644
3344 +
3345 +config PAX_RANDUSTACK
3346 + bool "Randomize user stack base"
3347 ++ default y if GRKERNSEC_CONFIG_AUTO
3348 + depends on PAX_ASLR
3349 + help
3350 + By saying Y here the kernel will randomize every task's userland
3351 @@ -105315,6 +106879,7 @@ index fb363cd..c2c0a96 100644
3352 +
3353 +config PAX_RANDMMAP
3354 + bool "Randomize mmap() base"
3355 ++ default y if GRKERNSEC_CONFIG_AUTO
3356 + depends on PAX_ASLR
3357 + help
3358 + By saying Y here the kernel will use a randomized base address for
3359 @@ -105341,6 +106906,7 @@ index fb363cd..c2c0a96 100644
3360 +
3361 +config PAX_MEMORY_SANITIZE
3362 + bool "Sanitize all freed memory"
3363 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
3364 + depends on !HIBERNATION
3365 + help
3366 + By saying Y here the kernel will erase memory pages as soon as they
3367 @@ -105363,6 +106929,7 @@ index fb363cd..c2c0a96 100644
3368 +
3369 +config PAX_MEMORY_STACKLEAK
3370 + bool "Sanitize kernel stack"
3371 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
3372 + depends on X86
3373 + help
3374 + By saying Y here the kernel will erase the kernel stack before it
3375 @@ -105387,6 +106954,7 @@ index fb363cd..c2c0a96 100644
3376 +
3377 +config PAX_MEMORY_UDEREF
3378 + bool "Prevent invalid userland pointer dereference"
3379 ++ default y if GRKERNSEC_CONFIG_AUTO && (X86_32 || (X86_64 && GRKERNSEC_CONFIG_PRIORITY_SECURITY)) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT)
3380 + depends on X86 && !UML_X86 && !XEN
3381 + select PAX_PER_CPU_PGD if X86_64
3382 + help
3383 @@ -105406,6 +106974,7 @@ index fb363cd..c2c0a96 100644
3384 +
3385 +config PAX_REFCOUNT
3386 + bool "Prevent various kernel object reference counter overflows"
3387 ++ default y if GRKERNSEC_CONFIG_AUTO
3388 + depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86)
3389 + help
3390 + By saying Y here the kernel will detect and prevent overflowing
3391 @@ -105425,6 +106994,7 @@ index fb363cd..c2c0a96 100644
3392 +
3393 +config PAX_USERCOPY
3394 + bool "Harden heap object copies between kernel and userland"
3395 ++ default y if GRKERNSEC_CONFIG_AUTO
3396 + depends on X86 || PPC || SPARC || ARM
3397 + depends on GRKERNSEC && (SLAB || SLUB || SLOB)
3398 + help
3399 @@ -105450,6 +107020,7 @@ index fb363cd..c2c0a96 100644
3400 +
3401 +config PAX_SIZE_OVERFLOW
3402 + bool "Prevent various integer overflows in function size parameters"
3403 ++ default y if GRKERNSEC_CONFIG_AUTO
3404 + depends on X86
3405 + help
3406 + By saying Y here the kernel recomputes expressions of function
3407 @@ -105466,10 +107037,16 @@ index fb363cd..c2c0a96 100644
3408 +
3409 +endmenu
3410 +
3411 ++source grsecurity/Kconfig
3412 ++
3413 ++endmenu
3414 ++
3415 ++endmenu
3416 ++
3417 config KEYS
3418 bool "Enable access key retention support"
3419 help
3420 -@@ -146,7 +774,7 @@ config INTEL_TXT
3421 +@@ -146,7 +994,7 @@ config INTEL_TXT
3422 config LSM_MMAP_MIN_ADDR
3423 int "Low address space for LSM to protect from user allocation"
3424 depends on SECURITY && SECURITY_SELINUX
3425
3426 diff --git a/3.2.21/0000_README b/3.2.22/0000_README
3427 similarity index 97%
3428 rename from 3.2.21/0000_README
3429 rename to 3.2.22/0000_README
3430 index 7ab9ec3..b314927 100644
3431 --- a/3.2.21/0000_README
3432 +++ b/3.2.22/0000_README
3433 @@ -2,7 +2,7 @@ README
3434 -----------------------------------------------------------------------------
3435 Individual Patch Descriptions:
3436 -----------------------------------------------------------------------------
3437 -Patch: 4420_grsecurity-2.9.1-3.2.21-201207021920.patch
3438 +Patch: 4420_grsecurity-2.9.1-3.2.22-201207080924.patch
3439 From: http://www.grsecurity.net
3440 Desc: hardened-sources base patch from upstream grsecurity
3441
3442
3443 diff --git a/3.2.21/4420_grsecurity-2.9.1-3.2.21-201207021920.patch b/3.2.22/4420_grsecurity-2.9.1-3.2.22-201207080924.patch
3444 similarity index 99%
3445 rename from 3.2.21/4420_grsecurity-2.9.1-3.2.21-201207021920.patch
3446 rename to 3.2.22/4420_grsecurity-2.9.1-3.2.22-201207080924.patch
3447 index 094317f..166b633 100644
3448 --- a/3.2.21/4420_grsecurity-2.9.1-3.2.21-201207021920.patch
3449 +++ b/3.2.22/4420_grsecurity-2.9.1-3.2.22-201207080924.patch
3450 @@ -205,7 +205,7 @@ index 81c287f..d456d02 100644
3451
3452 pcd. [PARIDE]
3453 diff --git a/Makefile b/Makefile
3454 -index 7eb465e..90a703a 100644
3455 +index 9a7d921..c10f64e 100644
3456 --- a/Makefile
3457 +++ b/Makefile
3458 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
3459 @@ -10184,7 +10184,7 @@ index 5d3acdf..6447a02 100644
3460 +
3461 #endif /* ASM_X86_CMPXCHG_H */
3462 diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
3463 -index f3444f7..051a196 100644
3464 +index 0c3b775..0d7a608 100644
3465 --- a/arch/x86/include/asm/cpufeature.h
3466 +++ b/arch/x86/include/asm/cpufeature.h
3467 @@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
3468 @@ -11276,67 +11276,10 @@ index 98391db..8f6984e 100644
3469
3470 static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
3471 diff --git a/arch/x86/include/asm/pgtable-3level.h b/arch/x86/include/asm/pgtable-3level.h
3472 -index effff47..bbb8295 100644
3473 +index cb00ccc..17e9054 100644
3474 --- a/arch/x86/include/asm/pgtable-3level.h
3475 +++ b/arch/x86/include/asm/pgtable-3level.h
3476 -@@ -31,6 +31,56 @@ static inline void native_set_pte(pte_t *ptep, pte_t pte)
3477 - ptep->pte_low = pte.pte_low;
3478 - }
3479 -
3480 -+#define __HAVE_ARCH_READ_PMD_ATOMIC
3481 -+/*
3482 -+ * pte_offset_map_lock on 32bit PAE kernels was reading the pmd_t with
3483 -+ * a "*pmdp" dereference done by gcc. Problem is, in certain places
3484 -+ * where pte_offset_map_lock is called, concurrent page faults are
3485 -+ * allowed, if the mmap_sem is hold for reading. An example is mincore
3486 -+ * vs page faults vs MADV_DONTNEED. On the page fault side
3487 -+ * pmd_populate rightfully does a set_64bit, but if we're reading the
3488 -+ * pmd_t with a "*pmdp" on the mincore side, a SMP race can happen
3489 -+ * because gcc will not read the 64bit of the pmd atomically. To fix
3490 -+ * this all places running pmd_offset_map_lock() while holding the
3491 -+ * mmap_sem in read mode, shall read the pmdp pointer using this
3492 -+ * function to know if the pmd is null nor not, and in turn to know if
3493 -+ * they can run pmd_offset_map_lock or pmd_trans_huge or other pmd
3494 -+ * operations.
3495 -+ *
3496 -+ * Without THP if the mmap_sem is hold for reading, the
3497 -+ * pmd can only transition from null to not null while read_pmd_atomic runs.
3498 -+ * So there's no need of literally reading it atomically.
3499 -+ *
3500 -+ * With THP if the mmap_sem is hold for reading, the pmd can become
3501 -+ * THP or null or point to a pte (and in turn become "stable") at any
3502 -+ * time under read_pmd_atomic, so it's mandatory to read it atomically
3503 -+ * with cmpxchg8b.
3504 -+ */
3505 -+#ifndef CONFIG_TRANSPARENT_HUGEPAGE
3506 -+static inline pmd_t read_pmd_atomic(pmd_t *pmdp)
3507 -+{
3508 -+ pmdval_t ret;
3509 -+ u32 *tmp = (u32 *)pmdp;
3510 -+
3511 -+ ret = (pmdval_t) (*tmp);
3512 -+ if (ret) {
3513 -+ /*
3514 -+ * If the low part is null, we must not read the high part
3515 -+ * or we can end up with a partial pmd.
3516 -+ */
3517 -+ smp_rmb();
3518 -+ ret |= ((pmdval_t)*(tmp + 1)) << 32;
3519 -+ }
3520 -+
3521 -+ return __pmd(ret);
3522 -+}
3523 -+#else /* CONFIG_TRANSPARENT_HUGEPAGE */
3524 -+static inline pmd_t read_pmd_atomic(pmd_t *pmdp)
3525 -+{
3526 -+ return __pmd(atomic64_read((atomic64_t *)pmdp));
3527 -+}
3528 -+#endif /* CONFIG_TRANSPARENT_HUGEPAGE */
3529 -+
3530 - static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
3531 - {
3532 - set_64bit((unsigned long long *)(ptep), native_pte_val(pte));
3533 -@@ -38,12 +88,16 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
3534 +@@ -92,12 +92,16 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
3535
3536 static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
3537 {
3538 @@ -30195,7 +30138,7 @@ index 6104dba..e7ea8e1 100644
3539 {0,} /* 0 terminated list. */
3540 };
3541 diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c
3542 -index 70ad892..178943c 100644
3543 +index b3ccefa..d39303b 100644
3544 --- a/drivers/edac/i7core_edac.c
3545 +++ b/drivers/edac/i7core_edac.c
3546 @@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = {
3547 @@ -30286,7 +30229,7 @@ index b153674..ad2ba9b 100644
3548 PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID)
3549 },
3550 diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
3551 -index 7a402bf..af0b211 100644
3552 +index 18a1293..58a5c6b4c 100644
3553 --- a/drivers/edac/sb_edac.c
3554 +++ b/drivers/edac/sb_edac.c
3555 @@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbridge_table[] = {
3556 @@ -30888,10 +30831,10 @@ index a6c2f7a..0eea25d 100644
3557 for (i = 0; i < count; i++) {
3558 char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr;
3559 diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
3560 -index d3820c2..23c575f 100644
3561 +index 578ddfc..86ac0d0 100644
3562 --- a/drivers/gpu/drm/i915/i915_irq.c
3563 +++ b/drivers/gpu/drm/i915/i915_irq.c
3564 -@@ -472,7 +472,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS)
3565 +@@ -496,7 +496,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS)
3566 u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir;
3567 struct drm_i915_master_private *master_priv;
3568
3569 @@ -30900,7 +30843,7 @@ index d3820c2..23c575f 100644
3570
3571 /* disable master interrupt before clearing iir */
3572 de_ier = I915_READ(DEIER);
3573 -@@ -563,7 +563,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS)
3574 +@@ -579,7 +579,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS)
3575 struct drm_i915_master_private *master_priv;
3576 u32 bsd_usr_interrupt = GT_BSD_USER_INTERRUPT;
3577
3578 @@ -30909,7 +30852,7 @@ index d3820c2..23c575f 100644
3579
3580 if (IS_GEN6(dev))
3581 bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT;
3582 -@@ -1228,7 +1228,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS)
3583 +@@ -1227,7 +1227,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS)
3584 int ret = IRQ_NONE, pipe;
3585 bool blc_event = false;
3586
3587 @@ -30918,7 +30861,7 @@ index d3820c2..23c575f 100644
3588
3589 iir = I915_READ(IIR);
3590
3591 -@@ -1747,7 +1747,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
3592 +@@ -1746,7 +1746,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
3593 {
3594 drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
3595
3596 @@ -30927,7 +30870,7 @@ index d3820c2..23c575f 100644
3597
3598 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
3599 INIT_WORK(&dev_priv->error_work, i915_error_work_func);
3600 -@@ -1935,7 +1935,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev)
3601 +@@ -1934,7 +1934,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev)
3602 drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
3603 int pipe;
3604
3605 @@ -30937,19 +30880,19 @@ index d3820c2..23c575f 100644
3606 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
3607 INIT_WORK(&dev_priv->error_work, i915_error_work_func);
3608 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
3609 -index 5c1cdb8..317de24 100644
3610 +index 6aa7716..8e5a304 100644
3611 --- a/drivers/gpu/drm/i915/intel_display.c
3612 +++ b/drivers/gpu/drm/i915/intel_display.c
3613 -@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y,
3614 +@@ -2196,7 +2196,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb)
3615
3616 - wait_event(dev_priv->pending_flip_queue,
3617 - atomic_read(&dev_priv->mm.wedged) ||
3618 -- atomic_read(&obj->pending_flip) == 0);
3619 -+ atomic_read_unchecked(&obj->pending_flip) == 0);
3620 + wait_event(dev_priv->pending_flip_queue,
3621 + atomic_read(&dev_priv->mm.wedged) ||
3622 +- atomic_read(&obj->pending_flip) == 0);
3623 ++ atomic_read_unchecked(&obj->pending_flip) == 0);
3624
3625 - /* Big Hammer, we also need to ensure that any pending
3626 - * MI_WAIT_FOR_EVENT inside a user batch buffer on the
3627 -@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc)
3628 + /* Big Hammer, we also need to ensure that any pending
3629 + * MI_WAIT_FOR_EVENT inside a user batch buffer on the
3630 +@@ -2861,7 +2861,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc)
3631 obj = to_intel_framebuffer(crtc->fb)->obj;
3632 dev_priv = crtc->dev->dev_private;
3633 wait_event(dev_priv->pending_flip_queue,
3634 @@ -30958,7 +30901,7 @@ index 5c1cdb8..317de24 100644
3635 }
3636
3637 static bool intel_crtc_driving_pch(struct drm_crtc *crtc)
3638 -@@ -6955,7 +6955,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
3639 +@@ -6982,7 +6982,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
3640
3641 atomic_clear_mask(1 << intel_crtc->plane,
3642 &obj->pending_flip.counter);
3643 @@ -30967,7 +30910,7 @@ index 5c1cdb8..317de24 100644
3644 wake_up(&dev_priv->pending_flip_queue);
3645
3646 schedule_work(&work->work);
3647 -@@ -7150,7 +7150,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev,
3648 +@@ -7177,7 +7177,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev,
3649 OUT_RING(fb->pitch | obj->tiling_mode);
3650 OUT_RING(obj->gtt_offset);
3651
3652 @@ -30982,7 +30925,7 @@ index 5c1cdb8..317de24 100644
3653 pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff;
3654 OUT_RING(pf | pipesrc);
3655 ADVANCE_LP_RING();
3656 -@@ -7282,7 +7288,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
3657 +@@ -7309,7 +7315,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
3658 /* Block clients from rendering to the new back buffer until
3659 * the flip occurs and the object is no longer visible.
3660 */
3661 @@ -30991,7 +30934,7 @@ index 5c1cdb8..317de24 100644
3662
3663 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj);
3664 if (ret)
3665 -@@ -7296,7 +7302,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
3666 +@@ -7323,7 +7329,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
3667 return 0;
3668
3669 cleanup_pending:
3670 @@ -35064,6 +35007,19 @@ index a3f7a27..234016e 100644
3671 return -EINVAL;
3672
3673 /* Don't allow a single read to cross a 512-byte block boundary */
3674 +diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
3675 +index 72d3f23..68ecf48 100644
3676 +--- a/drivers/mtd/nand/cafe_nand.c
3677 ++++ b/drivers/mtd/nand/cafe_nand.c
3678 +@@ -102,7 +102,7 @@ static const char *part_probes[] = { "cmdlinepart", "RedBoot", NULL };
3679 + static int cafe_device_ready(struct mtd_info *mtd)
3680 + {
3681 + struct cafe_priv *cafe = mtd->priv;
3682 +- int result = !!(cafe_readl(cafe, NAND_STATUS) | 0x40000000);
3683 ++ int result = !!(cafe_readl(cafe, NAND_STATUS) & 0x40000000);
3684 + uint32_t irqs = cafe_readl(cafe, NAND_IRQ);
3685 +
3686 + cafe_writel(cafe, irqs, NAND_IRQ);
3687 diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c
3688 index 3984d48..28aa897 100644
3689 --- a/drivers/mtd/nand/denali.c
3690 @@ -35266,7 +35222,7 @@ index e1159e5..e18684d 100644
3691 /* Set media type */
3692 switch (adapter->pdev->device) {
3693 diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c
3694 -index a3e65fd..f451444 100644
3695 +index e556fc3..fa9199d 100644
3696 --- a/drivers/net/ethernet/intel/e1000e/82571.c
3697 +++ b/drivers/net/ethernet/intel/e1000e/82571.c
3698 @@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(struct e1000_adapter *adapter)
3699 @@ -44427,6 +44383,22 @@ index 608c1c3..7d040a8 100644
3700 set_fs(fs_save);
3701 return rc;
3702 }
3703 +diff --git a/fs/eventpoll.c b/fs/eventpoll.c
3704 +index 4d9d3a4..a6f3763 100644
3705 +--- a/fs/eventpoll.c
3706 ++++ b/fs/eventpoll.c
3707 +@@ -1629,8 +1629,10 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd,
3708 + if (op == EPOLL_CTL_ADD) {
3709 + if (is_file_epoll(tfile)) {
3710 + error = -ELOOP;
3711 +- if (ep_loop_check(ep, tfile) != 0)
3712 ++ if (ep_loop_check(ep, tfile) != 0) {
3713 ++ clear_tfile_check_list();
3714 + goto error_tgt_fput;
3715 ++ }
3716 + } else
3717 + list_add(&tfile->f_tfile_llink, &tfile_check_list);
3718 + }
3719 diff --git a/fs/exec.c b/fs/exec.c
3720 index 160cd2f..52c1678 100644
3721 --- a/fs/exec.c
3722 @@ -47228,7 +47200,7 @@ index 0d68f1f..f216b79 100644
3723
3724 lock_flocks();
3725 diff --git a/fs/namei.c b/fs/namei.c
3726 -index 9680cef..a19f203 100644
3727 +index 9680cef..2f81108 100644
3728 --- a/fs/namei.c
3729 +++ b/fs/namei.c
3730 @@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask)
3731 @@ -47303,7 +47275,27 @@ index 9680cef..a19f203 100644
3732 error = 0;
3733 if (s)
3734 error = __vfs_follow_link(nd, s);
3735 -@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *name,
3736 +@@ -1345,6 +1361,9 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
3737 + if (!res)
3738 + res = walk_component(nd, path, &nd->last,
3739 + nd->last_type, LOOKUP_FOLLOW);
3740 ++ if (res >= 0 && gr_handle_symlink_owner(&link, nd->inode)) {
3741 ++ res = -EACCES;
3742 ++ }
3743 + put_link(nd, &link, cookie);
3744 + } while (res > 0);
3745 +
3746 +@@ -1617,6 +1636,9 @@ static int path_lookupat(int dfd, const char *name,
3747 + err = follow_link(&link, nd, &cookie);
3748 + if (!err)
3749 + err = lookup_last(nd, &path);
3750 ++ if (!err && gr_handle_symlink_owner(&link, nd->inode)) {
3751 ++ err = -EACCES;
3752 ++ }
3753 + put_link(nd, &link, cookie);
3754 + }
3755 + }
3756 +@@ -1624,6 +1646,21 @@ static int path_lookupat(int dfd, const char *name,
3757 if (!err)
3758 err = complete_walk(nd);
3759
3760 @@ -47325,7 +47317,7 @@ index 9680cef..a19f203 100644
3761 if (!err && nd->flags & LOOKUP_DIRECTORY) {
3762 if (!nd->inode->i_op->lookup) {
3763 path_put(&nd->path);
3764 -@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *name,
3765 +@@ -1651,6 +1688,15 @@ static int do_path_lookup(int dfd, const char *name,
3766 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
3767
3768 if (likely(!retval)) {
3769 @@ -47341,7 +47333,7 @@ index 9680cef..a19f203 100644
3770 if (unlikely(!audit_dummy_context())) {
3771 if (nd->path.dentry && nd->inode)
3772 audit_inode(name, nd->path.dentry);
3773 -@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
3774 +@@ -2048,6 +2094,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
3775 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
3776 return -EPERM;
3777
3778 @@ -47355,7 +47347,7 @@ index 9680cef..a19f203 100644
3779 return 0;
3780 }
3781
3782 -@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3783 +@@ -2109,6 +2162,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3784 error = complete_walk(nd);
3785 if (error)
3786 return ERR_PTR(error);
3787 @@ -47372,7 +47364,7 @@ index 9680cef..a19f203 100644
3788 audit_inode(pathname, nd->path.dentry);
3789 if (open_flag & O_CREAT) {
3790 error = -EISDIR;
3791 -@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3792 +@@ -2119,6 +2182,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3793 error = complete_walk(nd);
3794 if (error)
3795 return ERR_PTR(error);
3796 @@ -47389,7 +47381,7 @@ index 9680cef..a19f203 100644
3797 audit_inode(pathname, dir);
3798 goto ok;
3799 }
3800 -@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3801 +@@ -2140,6 +2213,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3802 error = complete_walk(nd);
3803 if (error)
3804 return ERR_PTR(error);
3805 @@ -47406,7 +47398,7 @@ index 9680cef..a19f203 100644
3806
3807 error = -ENOTDIR;
3808 if (nd->flags & LOOKUP_DIRECTORY) {
3809 -@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3810 +@@ -2180,6 +2263,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3811 /* Negative dentry, just create the file */
3812 if (!dentry->d_inode) {
3813 int mode = op->mode;
3814 @@ -47419,7 +47411,7 @@ index 9680cef..a19f203 100644
3815 if (!IS_POSIXACL(dir->d_inode))
3816 mode &= ~current_umask();
3817 /*
3818 -@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3819 +@@ -2203,6 +2292,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3820 error = vfs_create(dir->d_inode, dentry, mode, nd);
3821 if (error)
3822 goto exit_mutex_unlock;
3823 @@ -47428,7 +47420,7 @@ index 9680cef..a19f203 100644
3824 mutex_unlock(&dir->d_inode->i_mutex);
3825 dput(nd->path.dentry);
3826 nd->path.dentry = dentry;
3827 -@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3828 +@@ -2212,6 +2303,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
3829 /*
3830 * It already exists.
3831 */
3832 @@ -47448,7 +47440,23 @@ index 9680cef..a19f203 100644
3833 mutex_unlock(&dir->d_inode->i_mutex);
3834 audit_inode(pathname, path->dentry);
3835
3836 -@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
3837 +@@ -2329,8 +2433,14 @@ static struct file *path_openat(int dfd, const char *pathname,
3838 + error = follow_link(&link, nd, &cookie);
3839 + if (unlikely(error))
3840 + filp = ERR_PTR(error);
3841 +- else
3842 ++ else {
3843 + filp = do_last(nd, &path, op, pathname);
3844 ++ if (!IS_ERR(filp) && gr_handle_symlink_owner(&link, nd->inode)) {
3845 ++ if (filp)
3846 ++ fput(filp);
3847 ++ filp = ERR_PTR(-EACCES);
3848 ++ }
3849 ++ }
3850 + put_link(nd, &link, cookie);
3851 + }
3852 + out:
3853 +@@ -2424,6 +2534,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
3854 *path = nd.path;
3855 return dentry;
3856 eexist:
3857 @@ -47460,7 +47468,7 @@ index 9680cef..a19f203 100644
3858 dput(dentry);
3859 dentry = ERR_PTR(-EEXIST);
3860 fail:
3861 -@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
3862 +@@ -2446,6 +2561,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
3863 }
3864 EXPORT_SYMBOL(user_path_create);
3865
3866 @@ -47481,7 +47489,7 @@ index 9680cef..a19f203 100644
3867 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
3868 {
3869 int error = may_create(dir, dentry);
3870 -@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
3871 +@@ -2513,6 +2642,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
3872 error = mnt_want_write(path.mnt);
3873 if (error)
3874 goto out_dput;
3875 @@ -47499,7 +47507,7 @@ index 9680cef..a19f203 100644
3876 error = security_path_mknod(&path, dentry, mode, dev);
3877 if (error)
3878 goto out_drop_write;
3879 -@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
3880 +@@ -2530,6 +2670,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
3881 }
3882 out_drop_write:
3883 mnt_drop_write(path.mnt);
3884 @@ -47509,7 +47517,7 @@ index 9680cef..a19f203 100644
3885 out_dput:
3886 dput(dentry);
3887 mutex_unlock(&path.dentry->d_inode->i_mutex);
3888 -@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
3889 +@@ -2579,12 +2722,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
3890 error = mnt_want_write(path.mnt);
3891 if (error)
3892 goto out_dput;
3893 @@ -47531,7 +47539,7 @@ index 9680cef..a19f203 100644
3894 out_dput:
3895 dput(dentry);
3896 mutex_unlock(&path.dentry->d_inode->i_mutex);
3897 -@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
3898 +@@ -2664,6 +2816,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
3899 char * name;
3900 struct dentry *dentry;
3901 struct nameidata nd;
3902 @@ -47540,7 +47548,7 @@ index 9680cef..a19f203 100644
3903
3904 error = user_path_parent(dfd, pathname, &nd, &name);
3905 if (error)
3906 -@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
3907 +@@ -2692,6 +2846,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
3908 error = -ENOENT;
3909 goto exit3;
3910 }
3911 @@ -47556,7 +47564,7 @@ index 9680cef..a19f203 100644
3912 error = mnt_want_write(nd.path.mnt);
3913 if (error)
3914 goto exit3;
3915 -@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
3916 +@@ -2699,6 +2862,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
3917 if (error)
3918 goto exit4;
3919 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
3920 @@ -47565,7 +47573,7 @@ index 9680cef..a19f203 100644
3921 exit4:
3922 mnt_drop_write(nd.path.mnt);
3923 exit3:
3924 -@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
3925 +@@ -2761,6 +2926,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
3926 struct dentry *dentry;
3927 struct nameidata nd;
3928 struct inode *inode = NULL;
3929 @@ -47574,7 +47582,7 @@ index 9680cef..a19f203 100644
3930
3931 error = user_path_parent(dfd, pathname, &nd, &name);
3932 if (error)
3933 -@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
3934 +@@ -2783,6 +2950,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
3935 if (!inode)
3936 goto slashes;
3937 ihold(inode);
3938 @@ -47591,7 +47599,7 @@ index 9680cef..a19f203 100644
3939 error = mnt_want_write(nd.path.mnt);
3940 if (error)
3941 goto exit2;
3942 -@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
3943 +@@ -2790,6 +2967,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
3944 if (error)
3945 goto exit3;
3946 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
3947 @@ -47600,7 +47608,7 @@ index 9680cef..a19f203 100644
3948 exit3:
3949 mnt_drop_write(nd.path.mnt);
3950 exit2:
3951 -@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
3952 +@@ -2865,10 +3044,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
3953 error = mnt_want_write(path.mnt);
3954 if (error)
3955 goto out_dput;
3956 @@ -47619,7 +47627,7 @@ index 9680cef..a19f203 100644
3957 out_drop_write:
3958 mnt_drop_write(path.mnt);
3959 out_dput:
3960 -@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
3961 +@@ -2940,6 +3127,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
3962 {
3963 struct dentry *new_dentry;
3964 struct path old_path, new_path;
3965 @@ -47627,7 +47635,7 @@ index 9680cef..a19f203 100644
3966 int how = 0;
3967 int error;
3968
3969 -@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
3970 +@@ -2963,7 +3151,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
3971 if (error)
3972 return error;
3973
3974 @@ -47636,7 +47644,7 @@ index 9680cef..a19f203 100644
3975 error = PTR_ERR(new_dentry);
3976 if (IS_ERR(new_dentry))
3977 goto out;
3978 -@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
3979 +@@ -2974,13 +3162,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
3980 error = mnt_want_write(new_path.mnt);
3981 if (error)
3982 goto out_dput;
3983 @@ -47667,7 +47675,7 @@ index 9680cef..a19f203 100644
3984 dput(new_dentry);
3985 mutex_unlock(&new_path.dentry->d_inode->i_mutex);
3986 path_put(&new_path);
3987 -@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3988 +@@ -3208,6 +3413,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3989 if (new_dentry == trap)
3990 goto exit5;
3991
3992 @@ -47680,7 +47688,7 @@ index 9680cef..a19f203 100644
3993 error = mnt_want_write(oldnd.path.mnt);
3994 if (error)
3995 goto exit5;
3996 -@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3997 +@@ -3217,6 +3428,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3998 goto exit6;
3999 error = vfs_rename(old_dir->d_inode, old_dentry,
4000 new_dir->d_inode, new_dentry);
4001 @@ -47690,7 +47698,7 @@ index 9680cef..a19f203 100644
4002 exit6:
4003 mnt_drop_write(oldnd.path.mnt);
4004 exit5:
4005 -@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
4006 +@@ -3242,6 +3456,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
4007
4008 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
4009 {
4010 @@ -47699,7 +47707,7 @@ index 9680cef..a19f203 100644
4011 int len;
4012
4013 len = PTR_ERR(link);
4014 -@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
4015 +@@ -3251,7 +3467,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
4016 len = strlen(link);
4017 if (len > (unsigned) buflen)
4018 len = buflen;
4019 @@ -49981,6 +49989,150 @@ index c175b4d..8f36a16 100644
4020 u8 checksum = 0;
4021 int i;
4022 for (i = 0; i < sizeof(struct tag); ++i)
4023 +diff --git a/fs/udf/super.c b/fs/udf/super.c
4024 +index 87cb24a..ce8efeb 100644
4025 +--- a/fs/udf/super.c
4026 ++++ b/fs/udf/super.c
4027 +@@ -56,6 +56,7 @@
4028 + #include <linux/seq_file.h>
4029 + #include <linux/bitmap.h>
4030 + #include <linux/crc-itu-t.h>
4031 ++#include <linux/log2.h>
4032 + #include <asm/byteorder.h>
4033 +
4034 + #include "udf_sb.h"
4035 +@@ -1217,16 +1218,65 @@ out_bh:
4036 + return ret;
4037 + }
4038 +
4039 ++static int udf_load_sparable_map(struct super_block *sb,
4040 ++ struct udf_part_map *map,
4041 ++ struct sparablePartitionMap *spm)
4042 ++{
4043 ++ uint32_t loc;
4044 ++ uint16_t ident;
4045 ++ struct sparingTable *st;
4046 ++ struct udf_sparing_data *sdata = &map->s_type_specific.s_sparing;
4047 ++ int i;
4048 ++ struct buffer_head *bh;
4049 ++
4050 ++ map->s_partition_type = UDF_SPARABLE_MAP15;
4051 ++ sdata->s_packet_len = le16_to_cpu(spm->packetLength);
4052 ++ if (!is_power_of_2(sdata->s_packet_len)) {
4053 ++ udf_err(sb, "error loading logical volume descriptor: "
4054 ++ "Invalid packet length %u\n",
4055 ++ (unsigned)sdata->s_packet_len);
4056 ++ return -EIO;
4057 ++ }
4058 ++ if (spm->numSparingTables > 4) {
4059 ++ udf_err(sb, "error loading logical volume descriptor: "
4060 ++ "Too many sparing tables (%d)\n",
4061 ++ (int)spm->numSparingTables);
4062 ++ return -EIO;
4063 ++ }
4064 ++
4065 ++ for (i = 0; i < spm->numSparingTables; i++) {
4066 ++ loc = le32_to_cpu(spm->locSparingTable[i]);
4067 ++ bh = udf_read_tagged(sb, loc, loc, &ident);
4068 ++ if (!bh)
4069 ++ continue;
4070 ++
4071 ++ st = (struct sparingTable *)bh->b_data;
4072 ++ if (ident != 0 ||
4073 ++ strncmp(st->sparingIdent.ident, UDF_ID_SPARING,
4074 ++ strlen(UDF_ID_SPARING)) ||
4075 ++ sizeof(*st) + le16_to_cpu(st->reallocationTableLen) >
4076 ++ sb->s_blocksize) {
4077 ++ brelse(bh);
4078 ++ continue;
4079 ++ }
4080 ++
4081 ++ sdata->s_spar_map[i] = bh;
4082 ++ }
4083 ++ map->s_partition_func = udf_get_pblock_spar15;
4084 ++ return 0;
4085 ++}
4086 ++
4087 + static int udf_load_logicalvol(struct super_block *sb, sector_t block,
4088 + struct kernel_lb_addr *fileset)
4089 + {
4090 + struct logicalVolDesc *lvd;
4091 +- int i, j, offset;
4092 ++ int i, offset;
4093 + uint8_t type;
4094 + struct udf_sb_info *sbi = UDF_SB(sb);
4095 + struct genericPartitionMap *gpm;
4096 + uint16_t ident;
4097 + struct buffer_head *bh;
4098 ++ unsigned int table_len;
4099 + int ret = 0;
4100 +
4101 + bh = udf_read_tagged(sb, block, block, &ident);
4102 +@@ -1234,6 +1284,13 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
4103 + return 1;
4104 + BUG_ON(ident != TAG_IDENT_LVD);
4105 + lvd = (struct logicalVolDesc *)bh->b_data;
4106 ++ table_len = le32_to_cpu(lvd->mapTableLength);
4107 ++ if (sizeof(*lvd) + table_len > sb->s_blocksize) {
4108 ++ udf_err(sb, "error loading logical volume descriptor: "
4109 ++ "Partition table too long (%u > %lu)\n", table_len,
4110 ++ sb->s_blocksize - sizeof(*lvd));
4111 ++ goto out_bh;
4112 ++ }
4113 +
4114 + i = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps));
4115 + if (i != 0) {
4116 +@@ -1242,7 +1299,7 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
4117 + }
4118 +
4119 + for (i = 0, offset = 0;
4120 +- i < sbi->s_partitions && offset < le32_to_cpu(lvd->mapTableLength);
4121 ++ i < sbi->s_partitions && offset < table_len;
4122 + i++, offset += gpm->partitionMapLength) {
4123 + struct udf_part_map *map = &sbi->s_partmaps[i];
4124 + gpm = (struct genericPartitionMap *)
4125 +@@ -1277,38 +1334,9 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block,
4126 + } else if (!strncmp(upm2->partIdent.ident,
4127 + UDF_ID_SPARABLE,
4128 + strlen(UDF_ID_SPARABLE))) {
4129 +- uint32_t loc;
4130 +- struct sparingTable *st;
4131 +- struct sparablePartitionMap *spm =
4132 +- (struct sparablePartitionMap *)gpm;
4133 +-
4134 +- map->s_partition_type = UDF_SPARABLE_MAP15;
4135 +- map->s_type_specific.s_sparing.s_packet_len =
4136 +- le16_to_cpu(spm->packetLength);
4137 +- for (j = 0; j < spm->numSparingTables; j++) {
4138 +- struct buffer_head *bh2;
4139 +-
4140 +- loc = le32_to_cpu(
4141 +- spm->locSparingTable[j]);
4142 +- bh2 = udf_read_tagged(sb, loc, loc,
4143 +- &ident);
4144 +- map->s_type_specific.s_sparing.
4145 +- s_spar_map[j] = bh2;
4146 +-
4147 +- if (bh2 == NULL)
4148 +- continue;
4149 +-
4150 +- st = (struct sparingTable *)bh2->b_data;
4151 +- if (ident != 0 || strncmp(
4152 +- st->sparingIdent.ident,
4153 +- UDF_ID_SPARING,
4154 +- strlen(UDF_ID_SPARING))) {
4155 +- brelse(bh2);
4156 +- map->s_type_specific.s_sparing.
4157 +- s_spar_map[j] = NULL;
4158 +- }
4159 +- }
4160 +- map->s_partition_func = udf_get_pblock_spar15;
4161 ++ if (udf_load_sparable_map(sb, map,
4162 ++ (struct sparablePartitionMap *)gpm) < 0)
4163 ++ goto out_bh;
4164 + } else if (!strncmp(upm2->partIdent.ident,
4165 + UDF_ID_METADATA,
4166 + strlen(UDF_ID_METADATA))) {
4167 diff --git a/fs/utimes.c b/fs/utimes.c
4168 index ba653f3..06ea4b1 100644
4169 --- a/fs/utimes.c
4170 @@ -50149,221 +50301,19 @@ index 23ce927..e274cc1 100644
4171 kfree(s);
4172 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
4173 new file mode 100644
4174 -index 0000000..2645296
4175 +index 0000000..b9e7d6f
4176 --- /dev/null
4177 +++ b/grsecurity/Kconfig
4178 -@@ -0,0 +1,1079 @@
4179 +@@ -0,0 +1,940 @@
4180 +#
4181 +# grecurity configuration
4182 +#
4183 -+
4184 -+menu "Grsecurity"
4185 -+
4186 -+config GRKERNSEC
4187 -+ bool "Grsecurity"
4188 -+ select CRYPTO
4189 -+ select CRYPTO_SHA256
4190 -+ help
4191 -+ If you say Y here, you will be able to configure many features
4192 -+ that will enhance the security of your system. It is highly
4193 -+ recommended that you say Y here and read through the help
4194 -+ for each option so that you fully understand the features and
4195 -+ can evaluate their usefulness for your machine.
4196 -+
4197 -+choice
4198 -+ prompt "Security Level"
4199 -+ depends on GRKERNSEC
4200 -+ default GRKERNSEC_CUSTOM
4201 -+
4202 -+config GRKERNSEC_LOW
4203 -+ bool "Low"
4204 -+ select GRKERNSEC_LINK
4205 -+ select GRKERNSEC_FIFO
4206 -+ select GRKERNSEC_RANDNET
4207 -+ select GRKERNSEC_DMESG
4208 -+ select GRKERNSEC_CHROOT
4209 -+ select GRKERNSEC_CHROOT_CHDIR
4210 -+
4211 -+ help
4212 -+ If you choose this option, several of the grsecurity options will
4213 -+ be enabled that will give you greater protection against a number
4214 -+ of attacks, while assuring that none of your software will have any
4215 -+ conflicts with the additional security measures. If you run a lot
4216 -+ of unusual software, or you are having problems with the higher
4217 -+ security levels, you should say Y here. With this option, the
4218 -+ following features are enabled:
4219 -+
4220 -+ - Linking restrictions
4221 -+ - FIFO restrictions
4222 -+ - Restricted dmesg
4223 -+ - Enforced chdir("/") on chroot
4224 -+ - Runtime module disabling
4225 -+
4226 -+config GRKERNSEC_MEDIUM
4227 -+ bool "Medium"
4228 -+ select PAX
4229 -+ select PAX_EI_PAX
4230 -+ select PAX_PT_PAX_FLAGS
4231 -+ select PAX_HAVE_ACL_FLAGS
4232 -+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
4233 -+ select GRKERNSEC_CHROOT
4234 -+ select GRKERNSEC_CHROOT_SYSCTL
4235 -+ select GRKERNSEC_LINK
4236 -+ select GRKERNSEC_FIFO
4237 -+ select GRKERNSEC_DMESG
4238 -+ select GRKERNSEC_RANDNET
4239 -+ select GRKERNSEC_FORKFAIL
4240 -+ select GRKERNSEC_TIME
4241 -+ select GRKERNSEC_SIGNAL
4242 -+ select GRKERNSEC_CHROOT
4243 -+ select GRKERNSEC_CHROOT_UNIX
4244 -+ select GRKERNSEC_CHROOT_MOUNT
4245 -+ select GRKERNSEC_CHROOT_PIVOT
4246 -+ select GRKERNSEC_CHROOT_DOUBLE
4247 -+ select GRKERNSEC_CHROOT_CHDIR
4248 -+ select GRKERNSEC_CHROOT_MKNOD
4249 -+ select GRKERNSEC_PROC
4250 -+ select GRKERNSEC_PROC_USERGROUP
4251 -+ select PAX_RANDUSTACK
4252 -+ select PAX_ASLR
4253 -+ select PAX_RANDMMAP
4254 -+ select PAX_REFCOUNT if (X86 || SPARC64)
4255 -+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB))
4256 -+
4257 -+ help
4258 -+ If you say Y here, several features in addition to those included
4259 -+ in the low additional security level will be enabled. These
4260 -+ features provide even more security to your system, though in rare
4261 -+ cases they may be incompatible with very old or poorly written
4262 -+ software. If you enable this option, make sure that your auth
4263 -+ service (identd) is running as gid 1001. With this option,
4264 -+ the following features (in addition to those provided in the
4265 -+ low additional security level) will be enabled:
4266 -+
4267 -+ - Failed fork logging
4268 -+ - Time change logging
4269 -+ - Signal logging
4270 -+ - Deny mounts in chroot
4271 -+ - Deny double chrooting
4272 -+ - Deny sysctl writes in chroot
4273 -+ - Deny mknod in chroot
4274 -+ - Deny access to abstract AF_UNIX sockets out of chroot
4275 -+ - Deny pivot_root in chroot
4276 -+ - Denied reads/writes of /dev/kmem, /dev/mem, and /dev/port
4277 -+ - /proc restrictions with special GID set to 10 (usually wheel)
4278 -+ - Address Space Layout Randomization (ASLR)
4279 -+ - Prevent exploitation of most refcount overflows
4280 -+ - Bounds checking of copying between the kernel and userland
4281 -+
4282 -+config GRKERNSEC_HIGH
4283 -+ bool "High"
4284 -+ select GRKERNSEC_LINK
4285 -+ select GRKERNSEC_FIFO
4286 -+ select GRKERNSEC_DMESG
4287 -+ select GRKERNSEC_FORKFAIL
4288 -+ select GRKERNSEC_TIME
4289 -+ select GRKERNSEC_SIGNAL
4290 -+ select GRKERNSEC_CHROOT
4291 -+ select GRKERNSEC_CHROOT_SHMAT
4292 -+ select GRKERNSEC_CHROOT_UNIX
4293 -+ select GRKERNSEC_CHROOT_MOUNT
4294 -+ select GRKERNSEC_CHROOT_FCHDIR
4295 -+ select GRKERNSEC_CHROOT_PIVOT
4296 -+ select GRKERNSEC_CHROOT_DOUBLE
4297 -+ select GRKERNSEC_CHROOT_CHDIR
4298 -+ select GRKERNSEC_CHROOT_MKNOD
4299 -+ select GRKERNSEC_CHROOT_CAPS
4300 -+ select GRKERNSEC_CHROOT_SYSCTL
4301 -+ select GRKERNSEC_CHROOT_FINDTASK
4302 -+ select GRKERNSEC_SYSFS_RESTRICT
4303 -+ select GRKERNSEC_PROC
4304 -+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
4305 -+ select GRKERNSEC_HIDESYM
4306 -+ select GRKERNSEC_BRUTE
4307 -+ select GRKERNSEC_PROC_USERGROUP
4308 -+ select GRKERNSEC_KMEM
4309 -+ select GRKERNSEC_RESLOG
4310 -+ select GRKERNSEC_RANDNET
4311 -+ select GRKERNSEC_PROC_ADD
4312 -+ select GRKERNSEC_CHROOT_CHMOD
4313 -+ select GRKERNSEC_CHROOT_NICE
4314 -+ select GRKERNSEC_SETXID if (X86 || SPARC64 || PPC || ARM || MIPS)
4315 -+ select GRKERNSEC_AUDIT_MOUNT
4316 -+ select GRKERNSEC_MODHARDEN if (MODULES)
4317 -+ select GRKERNSEC_HARDEN_PTRACE
4318 -+ select GRKERNSEC_PTRACE_READEXEC
4319 -+ select GRKERNSEC_VM86 if (X86_32)
4320 -+ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC)
4321 -+ select PAX
4322 -+ select PAX_RANDUSTACK
4323 -+ select PAX_ASLR
4324 -+ select PAX_RANDMMAP
4325 -+ select PAX_NOEXEC
4326 -+ select PAX_MPROTECT
4327 -+ select PAX_EI_PAX
4328 -+ select PAX_PT_PAX_FLAGS
4329 -+ select PAX_HAVE_ACL_FLAGS
4330 -+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN)
4331 -+ select PAX_MEMORY_UDEREF if (X86 && !XEN)
4332 -+ select PAX_RANDKSTACK if (X86_TSC && X86)
4333 -+ select PAX_SEGMEXEC if (X86_32)
4334 -+ select PAX_PAGEEXEC
4335 -+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC)
4336 -+ select PAX_EMUTRAMP if (PARISC)
4337 -+ select PAX_EMUSIGRT if (PARISC)
4338 -+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
4339 -+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86))
4340 -+ select PAX_REFCOUNT if (X86 || SPARC64)
4341 -+ select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB))
4342 -+ help
4343 -+ If you say Y here, many of the features of grsecurity will be
4344 -+ enabled, which will protect you against many kinds of attacks
4345 -+ against your system. The heightened security comes at a cost
4346 -+ of an increased chance of incompatibilities with rare software
4347 -+ on your machine. Since this security level enables PaX, you should
4348 -+ view <http://pax.grsecurity.net> and read about the PaX
4349 -+ project. While you are there, download chpax and run it on
4350 -+ binaries that cause problems with PaX. Also remember that
4351 -+ since the /proc restrictions are enabled, you must run your
4352 -+ identd as gid 1001. This security level enables the following
4353 -+ features in addition to those listed in the low and medium
4354 -+ security levels:
4355 -+
4356 -+ - Additional /proc restrictions
4357 -+ - Chmod restrictions in chroot
4358 -+ - No signals, ptrace, or viewing of processes outside of chroot
4359 -+ - Capability restrictions in chroot
4360 -+ - Deny fchdir out of chroot
4361 -+ - Priority restrictions in chroot
4362 -+ - Segmentation-based implementation of PaX
4363 -+ - Mprotect restrictions
4364 -+ - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
4365 -+ - Kernel stack randomization
4366 -+ - Mount/unmount/remount logging
4367 -+ - Kernel symbol hiding
4368 -+ - Hardening of module auto-loading
4369 -+ - Ptrace restrictions
4370 -+ - Restricted vm86 mode
4371 -+ - Restricted sysfs/debugfs
4372 -+ - Active kernel exploit response
4373 -+
4374 -+config GRKERNSEC_CUSTOM
4375 -+ bool "Custom"
4376 -+ help
4377 -+ If you say Y here, you will be able to configure every grsecurity
4378 -+ option, which allows you to enable many more features that aren't
4379 -+ covered in the basic security levels. These additional features
4380 -+ include TPE, socket restrictions, and the sysctl system for
4381 -+ grsecurity. It is advised that you read through the help for
4382 -+ each option to determine its usefulness in your situation.
4383 -+
4384 -+endchoice
4385 -+
4386 +menu "Memory Protections"
4387 +depends on GRKERNSEC
4388 +
4389 +config GRKERNSEC_KMEM
4390 + bool "Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port"
4391 ++ default y if GRKERNSEC_CONFIG_AUTO
4392 + select STRICT_DEVMEM if (X86 || ARM || TILE || S390)
4393 + help
4394 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
4395 @@ -50385,6 +50335,7 @@ index 0000000..2645296
4396 +
4397 +config GRKERNSEC_VM86
4398 + bool "Restrict VM86 mode"
4399 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
4400 + depends on X86_32
4401 +
4402 + help
4403 @@ -50398,6 +50349,7 @@ index 0000000..2645296
4404 +
4405 +config GRKERNSEC_IO
4406 + bool "Disable privileged I/O"
4407 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
4408 + depends on X86
4409 + select RTC_CLASS
4410 + select RTC_INTF_DEV
4411 @@ -50417,7 +50369,7 @@ index 0000000..2645296
4412 +
4413 +config GRKERNSEC_PROC_MEMMAP
4414 + bool "Harden ASLR against information leaks and entropy reduction"
4415 -+ default y if (PAX_NOEXEC || PAX_ASLR)
4416 ++ default y if (GRKERNSEC_CONFIG_AUTO || PAX_NOEXEC || PAX_ASLR)
4417 + depends on PAX_NOEXEC || PAX_ASLR
4418 + help
4419 + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
4420 @@ -50437,6 +50389,7 @@ index 0000000..2645296
4421 +
4422 +config GRKERNSEC_BRUTE
4423 + bool "Deter exploit bruteforcing"
4424 ++ default y if GRKERNSEC_CONFIG_AUTO
4425 + help
4426 + If you say Y here, attempts to bruteforce exploits against forking
4427 + daemons such as apache or sshd, as well as against suid/sgid binaries
4428 @@ -50457,6 +50410,7 @@ index 0000000..2645296
4429 +
4430 +config GRKERNSEC_MODHARDEN
4431 + bool "Harden module auto-loading"
4432 ++ default y if GRKERNSEC_CONFIG_AUTO
4433 + depends on MODULES
4434 + help
4435 + If you say Y here, module auto-loading in response to use of some
4436 @@ -50478,6 +50432,7 @@ index 0000000..2645296
4437 +
4438 +config GRKERNSEC_HIDESYM
4439 + bool "Hide kernel symbols"
4440 ++ default y if GRKERNSEC_CONFIG_AUTO
4441 + help
4442 + If you say Y here, getting information on loaded modules, and
4443 + displaying all kernel symbols through a syscall will be restricted
4444 @@ -50503,11 +50458,12 @@ index 0000000..2645296
4445 +
4446 +config GRKERNSEC_KERN_LOCKOUT
4447 + bool "Active kernel exploit response"
4448 ++ default y if GRKERNSEC_CONFIG_AUTO
4449 + depends on X86 || ARM || PPC || SPARC
4450 + help
4451 + If you say Y here, when a PaX alert is triggered due to suspicious
4452 + activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
4453 -+ or an OOPs occurs due to bad memory accesses, instead of just
4454 ++ or an OOPS occurs due to bad memory accesses, instead of just
4455 + terminating the offending process (and potentially allowing
4456 + a subsequent exploit from the same user), we will take one of two
4457 + actions:
4458 @@ -50566,6 +50522,7 @@ index 0000000..2645296
4459 +
4460 +config GRKERNSEC_PROC
4461 + bool "Proc restrictions"
4462 ++ default y if GRKERNSEC_CONFIG_AUTO
4463 + help
4464 + If you say Y here, the permissions of the /proc filesystem
4465 + will be altered to enhance system security and privacy. You MUST
4466 @@ -50587,6 +50544,7 @@ index 0000000..2645296
4467 +
4468 +config GRKERNSEC_PROC_USERGROUP
4469 + bool "Allow special group"
4470 ++ default y if GRKERNSEC_CONFIG_AUTO
4471 + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
4472 + help
4473 + If you say Y here, you will be able to select a group that will be
4474 @@ -50602,6 +50560,7 @@ index 0000000..2645296
4475 +
4476 +config GRKERNSEC_PROC_ADD
4477 + bool "Additional restrictions"
4478 ++ default y if GRKERNSEC_CONFIG_AUTO
4479 + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
4480 + help
4481 + If you say Y here, additional restrictions will be placed on
4482 @@ -50610,6 +50569,7 @@ index 0000000..2645296
4483 +
4484 +config GRKERNSEC_LINK
4485 + bool "Linking restrictions"
4486 ++ default y if GRKERNSEC_CONFIG_AUTO
4487 + help
4488 + If you say Y here, /tmp race exploits will be prevented, since users
4489 + will no longer be able to follow symlinks owned by other users in
4490 @@ -50618,8 +50578,34 @@ index 0000000..2645296
4491 + able to hardlink to files they do not own. If the sysctl option is
4492 + enabled, a sysctl option with name "linking_restrictions" is created.
4493 +
4494 ++config GRKERNSEC_SYMLINKOWN
4495 ++ bool "Kernel-enforced SymlinksIfOwnerMatch"
4496 ++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER
4497 ++ help
4498 ++ Apache's SymlinksIfOwnerMatch option has an inherent race condition
4499 ++ that prevents it from being used as a security feature. As Apache
4500 ++ verifies the symlink by performing a stat() against the target of
4501 ++ the symlink before it is followed, an attacker can setup a symlink
4502 ++ to point to a same-owned file, then replace the symlink with one
4503 ++ that targets another user's file just after Apache "validates" the
4504 ++ symlink -- a classic TOCTOU race. If you say Y here, a complete,
4505 ++ race-free replacement for Apache's "SymlinksIfOwnerMatch" option
4506 ++ will be in place for the group you specify. If the sysctl option
4507 ++ is enabled, a sysctl option with name "enforce_symlinksifowner" is
4508 ++ created.
4509 ++
4510 ++config GRKERNSEC_SYMLINKOWN_GID
4511 ++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
4512 ++ depends on GRKERNSEC_SYMLINKOWN
4513 ++ default 1006
4514 ++ help
4515 ++ Setting this GID determines what group kernel-enforced
4516 ++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option
4517 ++ is enabled, a sysctl option with name "symlinkown_gid" is created.
4518 ++
4519 +config GRKERNSEC_FIFO
4520 + bool "FIFO restrictions"
4521 ++ default y if GRKERNSEC_CONFIG_AUTO
4522 + help
4523 + If you say Y here, users will not be able to write to FIFOs they don't
4524 + own in world-writable +t directories (e.g. /tmp), unless the owner of
4525 @@ -50629,6 +50615,7 @@ index 0000000..2645296
4526 +
4527 +config GRKERNSEC_SYSFS_RESTRICT
4528 + bool "Sysfs/debugfs restriction"
4529 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER)
4530 + depends on SYSFS
4531 + help
4532 + If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and
4533 @@ -50662,6 +50649,7 @@ index 0000000..2645296
4534 +
4535 +config GRKERNSEC_CHROOT
4536 + bool "Chroot jail restrictions"
4537 ++ default y if GRKERNSEC_CONFIG_AUTO
4538 + help
4539 + If you say Y here, you will be able to choose several options that will
4540 + make breaking out of a chrooted jail much more difficult. If you
4541 @@ -50670,6 +50658,7 @@ index 0000000..2645296
4542 +
4543 +config GRKERNSEC_CHROOT_MOUNT
4544 + bool "Deny mounts"
4545 ++ default y if GRKERNSEC_CONFIG_AUTO
4546 + depends on GRKERNSEC_CHROOT
4547 + help
4548 + If you say Y here, processes inside a chroot will not be able to
4549 @@ -50678,6 +50667,7 @@ index 0000000..2645296
4550 +
4551 +config GRKERNSEC_CHROOT_DOUBLE
4552 + bool "Deny double-chroots"
4553 ++ default y if GRKERNSEC_CONFIG_AUTO
4554 + depends on GRKERNSEC_CHROOT
4555 + help
4556 + If you say Y here, processes inside a chroot will not be able to chroot
4557 @@ -50688,6 +50678,7 @@ index 0000000..2645296
4558 +
4559 +config GRKERNSEC_CHROOT_PIVOT
4560 + bool "Deny pivot_root in chroot"
4561 ++ default y if GRKERNSEC_CONFIG_AUTO
4562 + depends on GRKERNSEC_CHROOT
4563 + help
4564 + If you say Y here, processes inside a chroot will not be able to use
4565 @@ -50700,6 +50691,7 @@ index 0000000..2645296
4566 +
4567 +config GRKERNSEC_CHROOT_CHDIR
4568 + bool "Enforce chdir(\"/\") on all chroots"
4569 ++ default y if GRKERNSEC_CONFIG_AUTO
4570 + depends on GRKERNSEC_CHROOT
4571 + help
4572 + If you say Y here, the current working directory of all newly-chrooted
4573 @@ -50716,6 +50708,7 @@ index 0000000..2645296
4574 +
4575 +config GRKERNSEC_CHROOT_CHMOD
4576 + bool "Deny (f)chmod +s"
4577 ++ default y if GRKERNSEC_CONFIG_AUTO
4578 + depends on GRKERNSEC_CHROOT
4579 + help
4580 + If you say Y here, processes inside a chroot will not be able to chmod
4581 @@ -50726,6 +50719,7 @@ index 0000000..2645296
4582 +
4583 +config GRKERNSEC_CHROOT_FCHDIR
4584 + bool "Deny fchdir out of chroot"
4585 ++ default y if GRKERNSEC_CONFIG_AUTO
4586 + depends on GRKERNSEC_CHROOT
4587 + help
4588 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
4589 @@ -50735,6 +50729,7 @@ index 0000000..2645296
4590 +
4591 +config GRKERNSEC_CHROOT_MKNOD
4592 + bool "Deny mknod"
4593 ++ default y if GRKERNSEC_CONFIG_AUTO
4594 + depends on GRKERNSEC_CHROOT
4595 + help
4596 + If you say Y here, processes inside a chroot will not be allowed to
4597 @@ -50749,6 +50744,7 @@ index 0000000..2645296
4598 +
4599 +config GRKERNSEC_CHROOT_SHMAT
4600 + bool "Deny shmat() out of chroot"
4601 ++ default y if GRKERNSEC_CONFIG_AUTO
4602 + depends on GRKERNSEC_CHROOT
4603 + help
4604 + If you say Y here, processes inside a chroot will not be able to attach
4605 @@ -50758,6 +50754,7 @@ index 0000000..2645296
4606 +
4607 +config GRKERNSEC_CHROOT_UNIX
4608 + bool "Deny access to abstract AF_UNIX sockets out of chroot"
4609 ++ default y if GRKERNSEC_CONFIG_AUTO
4610 + depends on GRKERNSEC_CHROOT
4611 + help
4612 + If you say Y here, processes inside a chroot will not be able to
4613 @@ -50768,6 +50765,7 @@ index 0000000..2645296
4614 +
4615 +config GRKERNSEC_CHROOT_FINDTASK
4616 + bool "Protect outside processes"
4617 ++ default y if GRKERNSEC_CONFIG_AUTO
4618 + depends on GRKERNSEC_CHROOT
4619 + help
4620 + If you say Y here, processes inside a chroot will not be able to
4621 @@ -50778,6 +50776,7 @@ index 0000000..2645296
4622 +
4623 +config GRKERNSEC_CHROOT_NICE
4624 + bool "Restrict priority changes"
4625 ++ default y if GRKERNSEC_CONFIG_AUTO
4626 + depends on GRKERNSEC_CHROOT
4627 + help
4628 + If you say Y here, processes inside a chroot will not be able to raise
4629 @@ -50789,6 +50788,7 @@ index 0000000..2645296
4630 +
4631 +config GRKERNSEC_CHROOT_SYSCTL
4632 + bool "Deny sysctl writes"
4633 ++ default y if GRKERNSEC_CONFIG_AUTO
4634 + depends on GRKERNSEC_CHROOT
4635 + help
4636 + If you say Y here, an attacker in a chroot will not be able to
4637 @@ -50799,6 +50799,7 @@ index 0000000..2645296
4638 +
4639 +config GRKERNSEC_CHROOT_CAPS
4640 + bool "Capability restrictions"
4641 ++ default y if GRKERNSEC_CONFIG_AUTO
4642 + depends on GRKERNSEC_CHROOT
4643 + help
4644 + If you say Y here, the capabilities on all processes within a
4645 @@ -50841,6 +50842,7 @@ index 0000000..2645296
4646 +
4647 +config GRKERNSEC_RESLOG
4648 + bool "Resource logging"
4649 ++ default y if GRKERNSEC_CONFIG_AUTO
4650 + help
4651 + If you say Y here, all attempts to overstep resource limits will
4652 + be logged with the resource name, the requested size, and the current
4653 @@ -50879,6 +50881,7 @@ index 0000000..2645296
4654 +
4655 +config GRKERNSEC_SIGNAL
4656 + bool "Signal logging"
4657 ++ default y if GRKERNSEC_CONFIG_AUTO
4658 + help
4659 + If you say Y here, certain important signals will be logged, such as
4660 + SIGSEGV, which will as a result inform you of when a error in a program
4661 @@ -50896,6 +50899,7 @@ index 0000000..2645296
4662 +
4663 +config GRKERNSEC_TIME
4664 + bool "Time change logging"
4665 ++ default y if GRKERNSEC_CONFIG_AUTO
4666 + help
4667 + If you say Y here, any changes of the system clock will be logged.
4668 + If the sysctl option is enabled, a sysctl option with name
4669 @@ -50903,6 +50907,7 @@ index 0000000..2645296
4670 +
4671 +config GRKERNSEC_PROC_IPADDR
4672 + bool "/proc/<pid>/ipaddr support"
4673 ++ default y if GRKERNSEC_CONFIG_AUTO
4674 + help
4675 + If you say Y here, a new entry will be added to each /proc/<pid>
4676 + directory that contains the IP address of the person using the task.
4677 @@ -50914,6 +50919,7 @@ index 0000000..2645296
4678 +
4679 +config GRKERNSEC_RWXMAP_LOG
4680 + bool 'Denied RWX mmap/mprotect logging'
4681 ++ default y if GRKERNSEC_CONFIG_AUTO
4682 + depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT
4683 + help
4684 + If you say Y here, calls to mmap() and mprotect() with explicit
4685 @@ -50942,6 +50948,7 @@ index 0000000..2645296
4686 +
4687 +config GRKERNSEC_DMESG
4688 + bool "Dmesg(8) restriction"
4689 ++ default y if GRKERNSEC_CONFIG_AUTO
4690 + help
4691 + If you say Y here, non-root users will not be able to use dmesg(8)
4692 + to view up to the last 4kb of messages in the kernel's log buffer.
4693 @@ -50953,6 +50960,7 @@ index 0000000..2645296
4694 +
4695 +config GRKERNSEC_HARDEN_PTRACE
4696 + bool "Deter ptrace-based process snooping"
4697 ++ default y if GRKERNSEC_CONFIG_AUTO
4698 + help
4699 + If you say Y here, TTY sniffers and other malicious monitoring
4700 + programs implemented through ptrace will be defeated. If you
4701 @@ -50969,6 +50977,7 @@ index 0000000..2645296
4702 +
4703 +config GRKERNSEC_PTRACE_READEXEC
4704 + bool "Require read access to ptrace sensitive binaries"
4705 ++ default y if GRKERNSEC_CONFIG_AUTO
4706 + help
4707 + If you say Y here, unprivileged users will not be able to ptrace unreadable
4708 + binaries. This option is useful in environments that
4709 @@ -50982,6 +50991,7 @@ index 0000000..2645296
4710 +
4711 +config GRKERNSEC_SETXID
4712 + bool "Enforce consistent multithreaded privileges"
4713 ++ default y if GRKERNSEC_CONFIG_AUTO
4714 + depends on (X86 || SPARC64 || PPC || ARM || MIPS)
4715 + help
4716 + If you say Y here, a change from a root uid to a non-root uid
4717 @@ -50996,6 +51006,7 @@ index 0000000..2645296
4718 +
4719 +config GRKERNSEC_TPE
4720 + bool "Trusted Path Execution (TPE)"
4721 ++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER
4722 + help
4723 + If you say Y here, you will be able to choose a gid to add to the
4724 + supplementary groups of users you want to mark as "untrusted."
4725 @@ -51052,6 +51063,7 @@ index 0000000..2645296
4726 +
4727 +config GRKERNSEC_RANDNET
4728 + bool "Larger entropy pools"
4729 ++ default y if GRKERNSEC_CONFIG_AUTO
4730 + help
4731 + If you say Y here, the entropy pools used for many features of Linux
4732 + and grsecurity will be doubled in size. Since several grsecurity
4733 @@ -51061,6 +51073,7 @@ index 0000000..2645296
4734 +
4735 +config GRKERNSEC_BLACKHOLE
4736 + bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
4737 ++ default y if GRKERNSEC_CONFIG_AUTO
4738 + depends on NET
4739 + help
4740 + If you say Y here, neither TCP resets nor ICMP
4741 @@ -51160,11 +51173,12 @@ index 0000000..2645296
4742 + option with name "socket_server_gid" is created.
4743 +
4744 +endmenu
4745 -+menu "Sysctl support"
4746 ++menu "Sysctl Support"
4747 +depends on GRKERNSEC && SYSCTL
4748 +
4749 +config GRKERNSEC_SYSCTL
4750 + bool "Sysctl support"
4751 ++ default y if GRKERNSEC_CONFIG_AUTO
4752 + help
4753 + If you say Y here, you will be able to change the options that
4754 + grsecurity runs with at bootup, without having to recompile your
4755 @@ -51195,6 +51209,7 @@ index 0000000..2645296
4756 +
4757 +config GRKERNSEC_SYSCTL_ON
4758 + bool "Turn on features by default"
4759 ++ default y if GRKERNSEC_CONFIG_AUTO
4760 + depends on GRKERNSEC_SYSCTL
4761 + help
4762 + If you say Y here, instead of having all features enabled in the
4763 @@ -51230,8 +51245,6 @@ index 0000000..2645296
4764 + raise this value.
4765 +
4766 +endmenu
4767 -+
4768 -+endmenu
4769 diff --git a/grsecurity/Makefile b/grsecurity/Makefile
4770 new file mode 100644
4771 index 0000000..1b9afa9
4772 @@ -58197,10 +58210,10 @@ index 0000000..8ca18bf
4773 +}
4774 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
4775 new file mode 100644
4776 -index 0000000..01ddde4
4777 +index 0000000..05a6015
4778 --- /dev/null
4779 +++ b/grsecurity/grsec_init.c
4780 -@@ -0,0 +1,277 @@
4781 +@@ -0,0 +1,283 @@
4782 +#include <linux/kernel.h>
4783 +#include <linux/sched.h>
4784 +#include <linux/mm.h>
4785 @@ -58212,6 +58225,8 @@ index 0000000..01ddde4
4786 +
4787 +int grsec_enable_ptrace_readexec;
4788 +int grsec_enable_setxid;
4789 ++int grsec_enable_symlinkown;
4790 ++int grsec_symlinkown_gid;
4791 +int grsec_enable_brute;
4792 +int grsec_enable_link;
4793 +int grsec_enable_dmesg;
4794 @@ -58455,6 +58470,10 @@ index 0000000..01ddde4
4795 +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
4796 + grsec_enable_chroot_sysctl = 1;
4797 +#endif
4798 ++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
4799 ++ grsec_enable_symlinkown = 1;
4800 ++ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID;
4801 ++#endif
4802 +#ifdef CONFIG_GRKERNSEC_TPE
4803 + grsec_enable_tpe = 1;
4804 + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
4805 @@ -58480,16 +58499,32 @@ index 0000000..01ddde4
4806 +}
4807 diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c
4808 new file mode 100644
4809 -index 0000000..3efe141
4810 +index 0000000..35a96d1
4811 --- /dev/null
4812 +++ b/grsecurity/grsec_link.c
4813 -@@ -0,0 +1,43 @@
4814 +@@ -0,0 +1,59 @@
4815 +#include <linux/kernel.h>
4816 +#include <linux/sched.h>
4817 +#include <linux/fs.h>
4818 +#include <linux/file.h>
4819 +#include <linux/grinternal.h>
4820 +
4821 ++int gr_handle_symlink_owner(const struct path *link, const struct inode *target)
4822 ++{
4823 ++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
4824 ++ const struct inode *link_inode = link->dentry->d_inode;
4825 ++
4826 ++ if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) &&
4827 ++ /* ignore root-owned links, e.g. /proc/self */
4828 ++ link_inode->i_uid &&
4829 ++ link_inode->i_uid != target->i_uid) {
4830 ++ gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid);
4831 ++ return 1;
4832 ++ }
4833 ++#endif
4834 ++ return 0;
4835 ++}
4836 ++
4837 +int
4838 +gr_handle_follow_link(const struct inode *parent,
4839 + const struct inode *inode,
4840 @@ -59512,10 +59547,10 @@ index 0000000..4030d57
4841 +}
4842 diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c
4843 new file mode 100644
4844 -index 0000000..a1aedd7
4845 +index 0000000..bce198e
4846 --- /dev/null
4847 +++ b/grsecurity/grsec_sysctl.c
4848 -@@ -0,0 +1,451 @@
4849 +@@ -0,0 +1,467 @@
4850 +#include <linux/kernel.h>
4851 +#include <linux/sched.h>
4852 +#include <linux/sysctl.h>
4853 @@ -59561,6 +59596,22 @@ index 0000000..a1aedd7
4854 + .proc_handler = &proc_dointvec,
4855 + },
4856 +#endif
4857 ++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
4858 ++ {
4859 ++ .procname = "enforce_symlinksifowner",
4860 ++ .data = &grsec_enable_symlinkown,
4861 ++ .maxlen = sizeof(int),
4862 ++ .mode = 0600,
4863 ++ .proc_handler = &proc_dointvec,
4864 ++ },
4865 ++ {
4866 ++ .procname = "symlinkown_gid",
4867 ++ .data = &grsec_symlinkown_gid,
4868 ++ .maxlen = sizeof(int),
4869 ++ .mode = 0600,
4870 ++ .proc_handler = &proc_dointvec,
4871 ++ },
4872 ++#endif
4873 +#ifdef CONFIG_GRKERNSEC_BRUTE
4874 + {
4875 + .procname = "deter_bruteforce",
4876 @@ -60619,49 +60670,10 @@ index 810431d..0ec4804f 100644
4877 * (puds are folded into pgds so this doesn't get actually called,
4878 * but the define is needed for a generic inline function.)
4879 diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
4880 -index a03c098..19751cf 100644
4881 +index bc00876..5aee0d9 100644
4882 --- a/include/asm-generic/pgtable.h
4883 +++ b/include/asm-generic/pgtable.h
4884 -@@ -445,6 +445,18 @@ static inline int pmd_write(pmd_t pmd)
4885 - #endif /* __HAVE_ARCH_PMD_WRITE */
4886 - #endif /* CONFIG_TRANSPARENT_HUGEPAGE */
4887 -
4888 -+#ifndef __HAVE_ARCH_READ_PMD_ATOMIC
4889 -+static inline pmd_t read_pmd_atomic(pmd_t *pmdp)
4890 -+{
4891 -+ /*
4892 -+ * Depend on compiler for an atomic pmd read. NOTE: this is
4893 -+ * only going to work, if the pmdval_t isn't larger than
4894 -+ * an unsigned long.
4895 -+ */
4896 -+ return *pmdp;
4897 -+}
4898 -+#endif /* __HAVE_ARCH_READ_PMD_ATOMIC */
4899 -+
4900 - /*
4901 - * This function is meant to be used by sites walking pagetables with
4902 - * the mmap_sem hold in read mode to protect against MADV_DONTNEED and
4903 -@@ -458,11 +470,17 @@ static inline int pmd_write(pmd_t pmd)
4904 - * undefined so behaving like if the pmd was none is safe (because it
4905 - * can return none anyway). The compiler level barrier() is critically
4906 - * important to compute the two checks atomically on the same pmdval.
4907 -+ *
4908 -+ * For 32bit kernels with a 64bit large pmd_t this automatically takes
4909 -+ * care of reading the pmd atomically to avoid SMP race conditions
4910 -+ * against pmd_populate() when the mmap_sem is hold for reading by the
4911 -+ * caller (a special atomic read not done by "gcc" as in the generic
4912 -+ * version above, is also needed when THP is disabled because the page
4913 -+ * fault can populate the pmd from under us).
4914 - */
4915 - static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t *pmd)
4916 - {
4917 -- /* depend on compiler for an atomic pmd read */
4918 -- pmd_t pmdval = *pmd;
4919 -+ pmd_t pmdval = read_pmd_atomic(pmd);
4920 - /*
4921 - * The barrier will stabilize the pmdval in a register or on
4922 - * the stack so that it will stop changing under the code.
4923 -@@ -502,6 +520,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd)
4924 +@@ -530,6 +530,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd)
4925 #endif
4926 }
4927
4928 @@ -61948,10 +61960,10 @@ index 0000000..b30e9bc
4929 +#endif
4930 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
4931 new file mode 100644
4932 -index 0000000..da390f1
4933 +index 0000000..c9292f7
4934 --- /dev/null
4935 +++ b/include/linux/grinternal.h
4936 -@@ -0,0 +1,221 @@
4937 +@@ -0,0 +1,223 @@
4938 +#ifndef __GRINTERNAL_H
4939 +#define __GRINTERNAL_H
4940 +
4941 @@ -62013,6 +62025,8 @@ index 0000000..da390f1
4942 +extern int grsec_enable_chroot_caps;
4943 +extern int grsec_enable_chroot_sysctl;
4944 +extern int grsec_enable_chroot_unix;
4945 ++extern int grsec_enable_symlinkown;
4946 ++extern int grsec_symlinkown_gid;
4947 +extern int grsec_enable_tpe;
4948 +extern int grsec_tpe_gid;
4949 +extern int grsec_enable_tpe_all;
4950 @@ -62175,10 +62189,10 @@ index 0000000..da390f1
4951 +#endif
4952 diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
4953 new file mode 100644
4954 -index 0000000..ae576a1
4955 +index 0000000..54f4e85
4956 --- /dev/null
4957 +++ b/include/linux/grmsg.h
4958 -@@ -0,0 +1,109 @@
4959 +@@ -0,0 +1,110 @@
4960 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
4961 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
4962 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
4963 @@ -62288,12 +62302,13 @@ index 0000000..ae576a1
4964 +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
4965 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
4966 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
4967 ++#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
4968 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
4969 new file mode 100644
4970 -index 0000000..2ccf677
4971 +index 0000000..12bf493
4972 --- /dev/null
4973 +++ b/include/linux/grsecurity.h
4974 -@@ -0,0 +1,229 @@
4975 +@@ -0,0 +1,230 @@
4976 +#ifndef GR_SECURITY_H
4977 +#define GR_SECURITY_H
4978 +#include <linux/fs.h>
4979 @@ -62475,6 +62490,7 @@ index 0000000..2ccf677
4980 + const struct vfsmount *parent_mnt,
4981 + const struct dentry *old_dentry,
4982 + const struct vfsmount *old_mnt, const char *to);
4983 ++int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
4984 +int gr_acl_handle_rename(struct dentry *new_dentry,
4985 + struct dentry *parent_dentry,
4986 + const struct vfsmount *parent_mnt,
4987 @@ -71280,10 +71296,19 @@ index d53adf9..03a24bf 100644
4988 set_fs(old_fs);
4989
4990 diff --git a/mm/madvise.c b/mm/madvise.c
4991 -index 74bf193..feb6fd3 100644
4992 +index 74bf193..4041aaa 100644
4993 --- a/mm/madvise.c
4994 +++ b/mm/madvise.c
4995 -@@ -45,6 +45,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
4996 +@@ -13,6 +13,8 @@
4997 + #include <linux/hugetlb.h>
4998 + #include <linux/sched.h>
4999 + #include <linux/ksm.h>
5000 ++#include <linux/fs.h>
5001 ++#include <linux/file.h>
5002 +
5003 + /*
5004 + * Any behaviour which results in changes to the vma->vm_flags needs to
5005 +@@ -45,6 +47,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
5006 pgoff_t pgoff;
5007 unsigned long new_flags = vma->vm_flags;
5008
5009 @@ -71294,7 +71319,7 @@ index 74bf193..feb6fd3 100644
5010 switch (behavior) {
5011 case MADV_NORMAL:
5012 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
5013 -@@ -110,6 +114,13 @@ success:
5014 +@@ -110,6 +116,13 @@ success:
5015 /*
5016 * vm_flags is protected by the mmap_sem held in write mode.
5017 */
5018 @@ -71308,7 +71333,7 @@ index 74bf193..feb6fd3 100644
5019 vma->vm_flags = new_flags;
5020
5021 out:
5022 -@@ -168,6 +179,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5023 +@@ -168,6 +181,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5024 struct vm_area_struct ** prev,
5025 unsigned long start, unsigned long end)
5026 {
5027 @@ -71320,7 +71345,7 @@ index 74bf193..feb6fd3 100644
5028 *prev = vma;
5029 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
5030 return -EINVAL;
5031 -@@ -180,6 +196,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5032 +@@ -180,6 +198,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5033 zap_page_range(vma, start, end - start, &details);
5034 } else
5035 zap_page_range(vma, start, end - start, NULL);
5036 @@ -71342,7 +71367,47 @@ index 74bf193..feb6fd3 100644
5037 return 0;
5038 }
5039
5040 -@@ -376,6 +407,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
5041 +@@ -197,16 +230,17 @@ static long madvise_remove(struct vm_area_struct *vma,
5042 + struct address_space *mapping;
5043 + loff_t offset, endoff;
5044 + int error;
5045 ++ struct file *f;
5046 +
5047 + *prev = NULL; /* tell sys_madvise we drop mmap_sem */
5048 +
5049 + if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
5050 + return -EINVAL;
5051 +
5052 +- if (!vma->vm_file || !vma->vm_file->f_mapping
5053 +- || !vma->vm_file->f_mapping->host) {
5054 +- return -EINVAL;
5055 +- }
5056 ++ f = vma->vm_file;
5057 ++
5058 ++ if (!f || !f->f_mapping || !f->f_mapping->host)
5059 ++ return -EINVAL;
5060 +
5061 + if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
5062 + return -EACCES;
5063 +@@ -218,10 +252,16 @@ static long madvise_remove(struct vm_area_struct *vma,
5064 + endoff = (loff_t)(end - vma->vm_start - 1)
5065 + + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
5066 +
5067 +- /* vmtruncate_range needs to take i_mutex */
5068 ++ /* vmtruncate_range needs to take i_mutex. We need to
5069 ++ * explicitly grab a reference because the vma (and hence the
5070 ++ * vma's reference to the file) can go away as soon as we drop
5071 ++ * mmap_sem.
5072 ++ */
5073 ++ get_file(f);
5074 + up_read(&current->mm->mmap_sem);
5075 + error = vmtruncate_range(mapping->host, offset, endoff);
5076 + down_read(&current->mm->mmap_sem);
5077 ++ fput(f);
5078 + return error;
5079 + }
5080 +
5081 +@@ -376,6 +416,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
5082 if (end < start)
5083 goto out;
5084
5085 @@ -79694,16 +79759,14 @@ index 38f6617..e70b72b 100755
5086
5087 exuberant()
5088 diff --git a/security/Kconfig b/security/Kconfig
5089 -index 51bd5a0..c37f5e6 100644
5090 +index 51bd5a0..5a02ed0 100644
5091 --- a/security/Kconfig
5092 +++ b/security/Kconfig
5093 -@@ -4,6 +4,640 @@
5094 +@@ -4,6 +4,860 @@
5095
5096 menu "Security options"
5097
5098 -+source grsecurity/Kconfig
5099 -+
5100 -+menu "PaX"
5101 ++menu "Grsecurity"
5102 +
5103 + config ARCH_TRACK_EXEC_LIMIT
5104 + bool
5105 @@ -79724,8 +79787,205 @@ index 51bd5a0..c37f5e6 100644
5106 + bool
5107 + default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM))
5108 +
5109 ++config GRKERNSEC
5110 ++ bool "Grsecurity"
5111 ++ select CRYPTO
5112 ++ select CRYPTO_SHA256
5113 ++ help
5114 ++ If you say Y here, you will be able to configure many features
5115 ++ that will enhance the security of your system. It is highly
5116 ++ recommended that you say Y here and read through the help
5117 ++ for each option so that you fully understand the features and
5118 ++ can evaluate their usefulness for your machine.
5119 ++
5120 ++choice
5121 ++ prompt "Configuration Method"
5122 ++ depends on GRKERNSEC
5123 ++ default GRKERNSEC_CONFIG_CUSTOM
5124 ++ help
5125 ++
5126 ++config GRKERNSEC_CONFIG_AUTO
5127 ++ bool "Automatic"
5128 ++ help
5129 ++ If you choose this configuration method, you'll be able to answer a small
5130 ++ number of simple questions about how you plan to use this kernel.
5131 ++ The settings of grsecurity and PaX will be automatically configured for
5132 ++ the highest commonly-used settings within the provided constraints.
5133 ++
5134 ++ If you require additional configuration, custom changes can still be made
5135 ++ from the "custom configuration" menu.
5136 ++
5137 ++config GRKERNSEC_CONFIG_CUSTOM
5138 ++ bool "Custom"
5139 ++ help
5140 ++ If you choose this configuration method, you'll be able to configure all
5141 ++ grsecurity and PaX settings manually. Via this method, no options are
5142 ++ automatically enabled.
5143 ++
5144 ++endchoice
5145 ++
5146 ++choice
5147 ++ prompt "Usage Type"
5148 ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
5149 ++ default GRKERNSEC_CONFIG_SERVER
5150 ++ help
5151 ++
5152 ++config GRKERNSEC_CONFIG_SERVER
5153 ++ bool "Server"
5154 ++ help
5155 ++ Choose this option if you plan to use this kernel on a server.
5156 ++
5157 ++config GRKERNSEC_CONFIG_DESKTOP
5158 ++ bool "Desktop"
5159 ++ help
5160 ++ Choose this option if you plan to use this kernel on a desktop.
5161 ++
5162 ++endchoice
5163 ++
5164 ++choice
5165 ++ prompt "Virtualization Type"
5166 ++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO)
5167 ++ default GRKERNSEC_CONFIG_VIRT_NONE
5168 ++ help
5169 ++
5170 ++config GRKERNSEC_CONFIG_VIRT_NONE
5171 ++ bool "None"
5172 ++ help
5173 ++ Choose this option if this kernel will be run on bare metal.
5174 ++
5175 ++config GRKERNSEC_CONFIG_VIRT_GUEST
5176 ++ bool "Guest"
5177 ++ help
5178 ++ Choose this option if this kernel will be run as a VM guest.
5179 ++
5180 ++config GRKERNSEC_CONFIG_VIRT_HOST
5181 ++ bool "Host"
5182 ++ help
5183 ++ Choose this option if this kernel will be run as a VM host.
5184 ++
5185 ++endchoice
5186 ++
5187 ++choice
5188 ++ prompt "Virtualization Hardware"
5189 ++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
5190 ++ help
5191 ++
5192 ++config GRKERNSEC_CONFIG_VIRT_EPT
5193 ++ bool "EPT/RVI Processor Support"
5194 ++ depends on X86
5195 ++ help
5196 ++ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen
5197 ++ hardware virtualization. This allows for additional kernel hardening protections
5198 ++ to operate without additional performance impact.
5199 ++
5200 ++ To see if your Intel processor supports EPT, see:
5201 ++ http://ark.intel.com/Products/VirtualizationTechnology
5202 ++ (Most Core i3/5/7 support EPT)
5203 ++
5204 ++ To see if your AMD processor supports RVI, see:
5205 ++ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx
5206 ++
5207 ++config GRKERNSEC_CONFIG_VIRT_SOFT
5208 ++ bool "First-gen/No Hardware Virtualization"
5209 ++ help
5210 ++ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't
5211 ++ support hardware virtualization or doesn't support the EPT/RVI extensions.
5212 ++
5213 ++endchoice
5214 ++
5215 ++choice
5216 ++ prompt "Virtualization Software"
5217 ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
5218 ++ help
5219 ++
5220 ++config GRKERNSEC_CONFIG_VIRT_XEN
5221 ++ bool "Xen"
5222 ++ help
5223 ++ Choose this option if this kernel is running as a Xen guest or host.
5224 ++
5225 ++config GRKERNSEC_CONFIG_VIRT_VMWARE
5226 ++ bool "VMWare"
5227 ++ help
5228 ++ Choose this option if this kernel is running as a VMWare guest or host.
5229 ++
5230 ++config GRKERNSEC_CONFIG_VIRT_KVM
5231 ++ bool "KVM"
5232 ++ help
5233 ++ Choose this option if this kernel is running as a KVM guest or host.
5234 ++
5235 ++config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX
5236 ++ bool "VirtualBox"
5237 ++ help
5238 ++ Choose this option if this kernel is running as a VirtualBox guest or host.
5239 ++
5240 ++endchoice
5241 ++
5242 ++choice
5243 ++ prompt "Required Priorities"
5244 ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
5245 ++ default GRKERNSEC_CONFIG_PRIORITY_PERF
5246 ++ help
5247 ++
5248 ++config GRKERNSEC_CONFIG_PRIORITY_PERF
5249 ++ bool "Performance"
5250 ++ help
5251 ++ Choose this option if performance is of highest priority for this deployment
5252 ++ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing,
5253 ++ and freed memory sanitizing will be disabled.
5254 ++
5255 ++config GRKERNSEC_CONFIG_PRIORITY_SECURITY
5256 ++ bool "Security"
5257 ++ help
5258 ++ Choose this option if security is of highest priority for this deployment of
5259 ++ grsecurity. UDEREF, kernel stack clearing, and freed memory sanitizing will
5260 ++ be enabled for this kernel. In a worst-case scenario, these features can
5261 ++ introduce a 20% performance hit (UDEREF on x64 contributing half of this hit).
5262 ++
5263 ++endchoice
5264 ++
5265 ++menu "Default Special Groups"
5266 ++depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
5267 ++
5268 ++config GRKERNSEC_PROC_GID
5269 ++ int "GID exempted from /proc restrictions"
5270 ++ default 1001
5271 ++ help
5272 ++ Setting this GID determines which group will be exempted from
5273 ++ grsecurity's /proc restrictions, allowing users of the specified
5274 ++ group to view network statistics and the existence of other users'
5275 ++ processes on the system.
5276 ++
5277 ++config GRKERNSEC_TPE_GID
5278 ++ int "GID for untrusted users"
5279 ++ depends on GRKERNSEC_CONFIG_SERVER
5280 ++ default 1005
5281 ++ help
5282 ++ Setting this GID determines which group untrusted users should
5283 ++ be added to. These users will be placed under grsecurity's Trusted Path
5284 ++ Execution mechanism, preventing them from executing their own binaries.
5285 ++ The users will only be able to execute binaries in directories owned and
5286 ++ writable only by the root user.
5287 ++
5288 ++config GRKERNSEC_SYMLINKOWN_GID
5289 ++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
5290 ++ depends on GRKERNSEC_CONFIG_SERVER
5291 ++ default 1006
5292 ++ help
5293 ++ Setting this GID determines what group kernel-enforced
5294 ++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option
5295 ++ is enabled, a sysctl option with name "symlinkown_gid" is created.
5296 ++
5297 ++
5298 ++endmenu
5299 ++
5300 ++menu "Customize Configuration"
5301 ++depends on GRKERNSEC
5302 ++
5303 ++menu "PaX"
5304 ++
5305 +config PAX
5306 + bool "Enable various PaX features"
5307 ++ default y if GRKERNSEC_CONFIG_AUTO
5308 + depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
5309 + help
5310 + This allows you to enable various PaX features. PaX adds
5311 @@ -79749,6 +80009,7 @@ index 51bd5a0..c37f5e6 100644
5312 +
5313 +config PAX_EI_PAX
5314 + bool 'Use legacy ELF header marking'
5315 ++ default y if GRKERNSEC_CONFIG_AUTO
5316 + help
5317 + Enabling this option will allow you to control PaX features on
5318 + a per executable basis via the 'chpax' utility available at
5319 @@ -79768,6 +80029,7 @@ index 51bd5a0..c37f5e6 100644
5320 +
5321 +config PAX_PT_PAX_FLAGS
5322 + bool 'Use ELF program header marking'
5323 ++ default y if GRKERNSEC_CONFIG_AUTO
5324 + help
5325 + Enabling this option will allow you to control PaX features on
5326 + a per executable basis via the 'paxctl' utility available at
5327 @@ -79789,6 +80051,7 @@ index 51bd5a0..c37f5e6 100644
5328 +
5329 +config PAX_XATTR_PAX_FLAGS
5330 + bool 'Use filesystem extended attributes marking'
5331 ++ default y if GRKERNSEC_CONFIG_AUTO
5332 + select CIFS_XATTR if CIFS
5333 + select EXT2_FS_XATTR if EXT2_FS
5334 + select EXT3_FS_XATTR if EXT3_FS
5335 @@ -79850,6 +80113,7 @@ index 51bd5a0..c37f5e6 100644
5336 +
5337 +config PAX_NOEXEC
5338 + bool "Enforce non-executable pages"
5339 ++ default y if GRKERNSEC_CONFIG_AUTO
5340 + depends on ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86
5341 + help
5342 + By design some architectures do not allow for protecting memory
5343 @@ -79878,6 +80142,7 @@ index 51bd5a0..c37f5e6 100644
5344 +
5345 +config PAX_PAGEEXEC
5346 + bool "Paging based non-executable pages"
5347 ++ default y if GRKERNSEC_CONFIG_AUTO
5348 + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
5349 + select S390_SWITCH_AMODE if S390
5350 + select S390_EXEC_PROTECT if S390
5351 @@ -79900,6 +80165,7 @@ index 51bd5a0..c37f5e6 100644
5352 +
5353 +config PAX_SEGMEXEC
5354 + bool "Segmentation based non-executable pages"
5355 ++ default y if GRKERNSEC_CONFIG_AUTO
5356 + depends on PAX_NOEXEC && X86_32
5357 + help
5358 + This implementation is based on the segmentation feature of the
5359 @@ -79966,6 +80232,7 @@ index 51bd5a0..c37f5e6 100644
5360 +
5361 +config PAX_MPROTECT
5362 + bool "Restrict mprotect()"
5363 ++ default y if GRKERNSEC_CONFIG_AUTO
5364 + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
5365 + help
5366 + Enabling this option will prevent programs from
5367 @@ -79983,8 +80250,8 @@ index 51bd5a0..c37f5e6 100644
5368 +
5369 +config PAX_MPROTECT_COMPAT
5370 + bool "Use legacy/compat protection demoting (read help)"
5371 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
5372 + depends on PAX_MPROTECT
5373 -+ default n
5374 + help
5375 + The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
5376 + by sending the proper error code to the application. For some broken
5377 @@ -80059,6 +80326,7 @@ index 51bd5a0..c37f5e6 100644
5378 +
5379 +config PAX_KERNEXEC
5380 + bool "Enforce non-executable kernel pages"
5381 ++ default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM))
5382 + depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
5383 + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
5384 + select PAX_KERNEXEC_PLUGIN if X86_64
5385 @@ -80100,7 +80368,8 @@ index 51bd5a0..c37f5e6 100644
5386 +
5387 +config PAX_KERNEXEC_MODULE_TEXT
5388 + int "Minimum amount of memory reserved for module code"
5389 -+ default "4"
5390 ++ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
5391 ++ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
5392 + depends on PAX_KERNEXEC && X86_32 && MODULES
5393 + help
5394 + Due to implementation details the kernel must reserve a fixed
5395 @@ -80125,6 +80394,7 @@ index 51bd5a0..c37f5e6 100644
5396 +
5397 +config PAX_ASLR
5398 + bool "Address Space Layout Randomization"
5399 ++ default y if GRKERNSEC_CONFIG_AUTO
5400 + help
5401 + Many if not most exploit techniques rely on the knowledge of
5402 + certain addresses in the attacked program. The following options
5403 @@ -80154,6 +80424,7 @@ index 51bd5a0..c37f5e6 100644
5404 +
5405 +config PAX_RANDKSTACK
5406 + bool "Randomize kernel stack base"
5407 ++ default y if GRKERNSEC_CONFIG_AUTO
5408 + depends on X86_TSC && X86
5409 + help
5410 + By saying Y here the kernel will randomize every task's kernel
5411 @@ -80168,6 +80439,7 @@ index 51bd5a0..c37f5e6 100644
5412 +
5413 +config PAX_RANDUSTACK
5414 + bool "Randomize user stack base"
5415 ++ default y if GRKERNSEC_CONFIG_AUTO
5416 + depends on PAX_ASLR
5417 + help
5418 + By saying Y here the kernel will randomize every task's userland
5419 @@ -80180,6 +80452,7 @@ index 51bd5a0..c37f5e6 100644
5420 +
5421 +config PAX_RANDMMAP
5422 + bool "Randomize mmap() base"
5423 ++ default y if GRKERNSEC_CONFIG_AUTO
5424 + depends on PAX_ASLR
5425 + help
5426 + By saying Y here the kernel will use a randomized base address for
5427 @@ -80206,6 +80479,7 @@ index 51bd5a0..c37f5e6 100644
5428 +
5429 +config PAX_MEMORY_SANITIZE
5430 + bool "Sanitize all freed memory"
5431 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
5432 + depends on !HIBERNATION
5433 + help
5434 + By saying Y here the kernel will erase memory pages as soon as they
5435 @@ -80228,6 +80502,7 @@ index 51bd5a0..c37f5e6 100644
5436 +
5437 +config PAX_MEMORY_STACKLEAK
5438 + bool "Sanitize kernel stack"
5439 ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
5440 + depends on X86
5441 + help
5442 + By saying Y here the kernel will erase the kernel stack before it
5443 @@ -80252,6 +80527,7 @@ index 51bd5a0..c37f5e6 100644
5444 +
5445 +config PAX_MEMORY_UDEREF
5446 + bool "Prevent invalid userland pointer dereference"
5447 ++ default y if GRKERNSEC_CONFIG_AUTO && (X86_32 || (X86_64 && GRKERNSEC_CONFIG_PRIORITY_SECURITY)) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT)
5448 + depends on X86 && !UML_X86 && !XEN
5449 + select PAX_PER_CPU_PGD if X86_64
5450 + help
5451 @@ -80271,6 +80547,7 @@ index 51bd5a0..c37f5e6 100644
5452 +
5453 +config PAX_REFCOUNT
5454 + bool "Prevent various kernel object reference counter overflows"
5455 ++ default y if GRKERNSEC_CONFIG_AUTO
5456 + depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86)
5457 + help
5458 + By saying Y here the kernel will detect and prevent overflowing
5459 @@ -80290,6 +80567,7 @@ index 51bd5a0..c37f5e6 100644
5460 +
5461 +config PAX_USERCOPY
5462 + bool "Harden heap object copies between kernel and userland"
5463 ++ default y if GRKERNSEC_CONFIG_AUTO
5464 + depends on X86 || PPC || SPARC || ARM
5465 + depends on GRKERNSEC && (SLAB || SLUB || SLOB)
5466 + help
5467 @@ -80319,6 +80597,7 @@ index 51bd5a0..c37f5e6 100644
5468 +
5469 +config PAX_SIZE_OVERFLOW
5470 + bool "Prevent various integer overflows in function size parameters"
5471 ++ default y if GRKERNSEC_CONFIG_AUTO
5472 + depends on X86
5473 + help
5474 + By saying Y here the kernel recomputes expressions of function
5475 @@ -80335,10 +80614,16 @@ index 51bd5a0..c37f5e6 100644
5476 +
5477 +endmenu
5478 +
5479 ++source grsecurity/Kconfig
5480 ++
5481 ++endmenu
5482 ++
5483 ++endmenu
5484 ++
5485 config KEYS
5486 bool "Enable access key retention support"
5487 help
5488 -@@ -169,7 +803,7 @@ config INTEL_TXT
5489 +@@ -169,7 +1023,7 @@ config INTEL_TXT
5490 config LSM_MMAP_MIN_ADDR
5491 int "Low address space for LSM to protect from user allocation"
5492 depends on SECURITY && SECURITY_SELINUX
5493
5494 diff --git a/3.2.21/4430_grsec-remove-localversion-grsec.patch b/3.2.22/4430_grsec-remove-localversion-grsec.patch
5495 similarity index 100%
5496 rename from 3.2.21/4430_grsec-remove-localversion-grsec.patch
5497 rename to 3.2.22/4430_grsec-remove-localversion-grsec.patch
5498
5499 diff --git a/3.2.21/4435_grsec-mute-warnings.patch b/3.2.22/4435_grsec-mute-warnings.patch
5500 similarity index 100%
5501 rename from 3.2.21/4435_grsec-mute-warnings.patch
5502 rename to 3.2.22/4435_grsec-mute-warnings.patch
5503
5504 diff --git a/3.2.21/4440_grsec-remove-protected-paths.patch b/3.2.22/4440_grsec-remove-protected-paths.patch
5505 similarity index 100%
5506 rename from 3.2.21/4440_grsec-remove-protected-paths.patch
5507 rename to 3.2.22/4440_grsec-remove-protected-paths.patch
5508
5509 diff --git a/3.2.21/4445_grsec-pax-without-grsec.patch b/3.2.22/4445_grsec-pax-without-grsec.patch
5510 similarity index 100%
5511 rename from 3.2.21/4445_grsec-pax-without-grsec.patch
5512 rename to 3.2.22/4445_grsec-pax-without-grsec.patch
5513
5514 diff --git a/3.2.21/4450_grsec-kconfig-default-gids.patch b/3.2.22/4450_grsec-kconfig-default-gids.patch
5515 similarity index 100%
5516 rename from 3.2.21/4450_grsec-kconfig-default-gids.patch
5517 rename to 3.2.22/4450_grsec-kconfig-default-gids.patch
5518
5519 diff --git a/3.2.21/4455_grsec-kconfig-gentoo.patch b/3.2.22/4455_grsec-kconfig-gentoo.patch
5520 similarity index 100%
5521 rename from 3.2.21/4455_grsec-kconfig-gentoo.patch
5522 rename to 3.2.22/4455_grsec-kconfig-gentoo.patch
5523
5524 diff --git a/3.2.21/4460-grsec-kconfig-proc-user.patch b/3.2.22/4460-grsec-kconfig-proc-user.patch
5525 similarity index 100%
5526 rename from 3.2.21/4460-grsec-kconfig-proc-user.patch
5527 rename to 3.2.22/4460-grsec-kconfig-proc-user.patch
5528
5529 diff --git a/3.2.21/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.22/4465_selinux-avc_audit-log-curr_ip.patch
5530 similarity index 100%
5531 rename from 3.2.21/4465_selinux-avc_audit-log-curr_ip.patch
5532 rename to 3.2.22/4465_selinux-avc_audit-log-curr_ip.patch
5533
5534 diff --git a/3.2.21/4470_disable-compat_vdso.patch b/3.2.22/4470_disable-compat_vdso.patch
5535 similarity index 100%
5536 rename from 3.2.21/4470_disable-compat_vdso.patch
5537 rename to 3.2.22/4470_disable-compat_vdso.patch
5538
5539 diff --git a/3.4.4/0000_README b/3.4.4/0000_README
5540 index 0d09685..be72568 100644
5541 --- a/3.4.4/0000_README
5542 +++ b/3.4.4/0000_README
5543 @@ -2,7 +2,7 @@ README
5544 -----------------------------------------------------------------------------
5545 Individual Patch Descriptions:
5546 -----------------------------------------------------------------------------
5547 -Patch: 4420_grsecurity-2.9.1-3.4.4-201207021921.patch
5548 +Patch: 4420_grsecurity-2.9.1-3.4.4-201207080925.patch
5549 From: http://www.grsecurity.net
5550 Desc: hardened-sources base patch from upstream grsecurity
5551
5552
5553 diff --git a/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207021921.patch b/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207080925.patch
5554 similarity index 99%
5555 rename from 3.4.4/4420_grsecurity-2.9.1-3.4.4-201207021921.patch
5556 rename to 3.4.4/4420_grsecurity-2.9.1-3.4.4-201207080925.patch
5557 index 8901db2..1035f85 100644
5558 --- a/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207021921.patch
5559 +++ b/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207080925.patch
5560 @@ -69694,10 +69694,19 @@ index d53adf9..03a24bf 100644
5561 set_fs(old_fs);
5562
5563 diff --git a/mm/madvise.c b/mm/madvise.c
5564 -index 1ccbba5..79e16f9 100644
5565 +index 1ccbba5..819f7d5 100644
5566 --- a/mm/madvise.c
5567 +++ b/mm/madvise.c
5568 -@@ -45,6 +45,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
5569 +@@ -13,6 +13,8 @@
5570 + #include <linux/hugetlb.h>
5571 + #include <linux/sched.h>
5572 + #include <linux/ksm.h>
5573 ++#include <linux/fs.h>
5574 ++#include <linux/file.h>
5575 +
5576 + /*
5577 + * Any behaviour which results in changes to the vma->vm_flags needs to
5578 +@@ -45,6 +47,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
5579 pgoff_t pgoff;
5580 unsigned long new_flags = vma->vm_flags;
5581
5582 @@ -69708,7 +69717,7 @@ index 1ccbba5..79e16f9 100644
5583 switch (behavior) {
5584 case MADV_NORMAL:
5585 new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
5586 -@@ -116,6 +120,13 @@ success:
5587 +@@ -116,6 +122,13 @@ success:
5588 /*
5589 * vm_flags is protected by the mmap_sem held in write mode.
5590 */
5591 @@ -69722,7 +69731,7 @@ index 1ccbba5..79e16f9 100644
5592 vma->vm_flags = new_flags;
5593
5594 out:
5595 -@@ -174,6 +185,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5596 +@@ -174,6 +187,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5597 struct vm_area_struct ** prev,
5598 unsigned long start, unsigned long end)
5599 {
5600 @@ -69734,7 +69743,7 @@ index 1ccbba5..79e16f9 100644
5601 *prev = vma;
5602 if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
5603 return -EINVAL;
5604 -@@ -186,6 +202,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5605 +@@ -186,6 +204,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
5606 zap_page_range(vma, start, end - start, &details);
5607 } else
5608 zap_page_range(vma, start, end - start, NULL);
5609 @@ -69756,7 +69765,47 @@ index 1ccbba5..79e16f9 100644
5610 return 0;
5611 }
5612
5613 -@@ -384,6 +415,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
5614 +@@ -203,16 +236,17 @@ static long madvise_remove(struct vm_area_struct *vma,
5615 + struct address_space *mapping;
5616 + loff_t offset, endoff;
5617 + int error;
5618 ++ struct file *f;
5619 +
5620 + *prev = NULL; /* tell sys_madvise we drop mmap_sem */
5621 +
5622 + if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
5623 + return -EINVAL;
5624 +
5625 +- if (!vma->vm_file || !vma->vm_file->f_mapping
5626 +- || !vma->vm_file->f_mapping->host) {
5627 +- return -EINVAL;
5628 +- }
5629 ++ f = vma->vm_file;
5630 ++
5631 ++ if (!f || !f->f_mapping || !f->f_mapping->host)
5632 ++ return -EINVAL;
5633 +
5634 + if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
5635 + return -EACCES;
5636 +@@ -224,10 +258,16 @@ static long madvise_remove(struct vm_area_struct *vma,
5637 + endoff = (loff_t)(end - vma->vm_start - 1)
5638 + + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
5639 +
5640 +- /* vmtruncate_range needs to take i_mutex */
5641 ++ /* vmtruncate_range needs to take i_mutex. We need to
5642 ++ * explicitly grab a reference because the vma (and hence the
5643 ++ * vma's reference to the file) can go away as soon as we drop
5644 ++ * mmap_sem.
5645 ++ */
5646 ++ get_file(f);
5647 + up_read(&current->mm->mmap_sem);
5648 + error = vmtruncate_range(mapping->host, offset, endoff);
5649 + down_read(&current->mm->mmap_sem);
5650 ++ fput(f);
5651 + return error;
5652 + }
5653 +
5654 +@@ -384,6 +424,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
5655 if (end < start)
5656 goto out;
5657
5658 @@ -77707,7 +77756,7 @@ index 5c11312..72742b5 100644
5659 write_hex_cnt = 0;
5660 for (i = 0; i < logo_clutsize; i++) {
5661 diff --git a/security/Kconfig b/security/Kconfig
5662 -index ccc61f8..d0e12f0 100644
5663 +index ccc61f8..bac65f2 100644
5664 --- a/security/Kconfig
5665 +++ b/security/Kconfig
5666 @@ -4,6 +4,860 @@
5667 @@ -77716,6 +77765,25 @@ index ccc61f8..d0e12f0 100644
5668
5669 +menu "Grsecurity"
5670 +
5671 ++ config ARCH_TRACK_EXEC_LIMIT
5672 ++ bool
5673 ++
5674 ++ config PAX_KERNEXEC_PLUGIN
5675 ++ bool
5676 ++
5677 ++ config PAX_PER_CPU_PGD
5678 ++ bool
5679 ++
5680 ++ config TASK_SIZE_MAX_SHIFT
5681 ++ int
5682 ++ depends on X86_64
5683 ++ default 47 if !PAX_PER_CPU_PGD
5684 ++ default 42 if PAX_PER_CPU_PGD
5685 ++
5686 ++ config PAX_ENABLE_PAE
5687 ++ bool
5688 ++ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM))
5689 ++
5690 +config GRKERNSEC
5691 + bool "Grsecurity"
5692 + select CRYPTO
5693 @@ -77912,25 +77980,6 @@ index ccc61f8..d0e12f0 100644
5694 +
5695 +menu "PaX"
5696 +
5697 -+ config ARCH_TRACK_EXEC_LIMIT
5698 -+ bool
5699 -+
5700 -+ config PAX_KERNEXEC_PLUGIN
5701 -+ bool
5702 -+
5703 -+ config PAX_PER_CPU_PGD
5704 -+ bool
5705 -+
5706 -+ config TASK_SIZE_MAX_SHIFT
5707 -+ int
5708 -+ depends on X86_64
5709 -+ default 47 if !PAX_PER_CPU_PGD
5710 -+ default 42 if PAX_PER_CPU_PGD
5711 -+
5712 -+ config PAX_ENABLE_PAE
5713 -+ bool
5714 -+ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM))
5715 -+
5716 +config PAX
5717 + bool "Enable various PaX features"
5718 + default y if GRKERNSEC_CONFIG_AUTO
5719
5720 diff --git a/scripts/just_fetch.pl b/scripts/just_fetch.pl
5721 index 80e95ef..370be36 100755
5722 --- a/scripts/just_fetch.pl
5723 +++ b/scripts/just_fetch.pl
5724 @@ -6,8 +6,8 @@ use HTML::LinkExtor ;
5725
5726 my @upstream_url =
5727 (
5728 - "http://grsecurity.net/test.php",
5729 - "http://grsecurity.net/download_stable.php"
5730 + "http://grsecurity.net/download_stable.php",
5731 + "http://grsecurity.net/test.php"
5732 ) ;
5733
5734 my $file_pattern = "grsecurity-";
Report Message
Find on MARC Find on Google Groups