Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.8/, 3.14.6/, 3.2.60/
Date: Sat, 21 Jun 2014 00:55:52
Message-Id: 1403312146.03a14056c44091c6c4d1a75e9145a62a3b6531a8.blueness@gentoo
1 commit: 03a14056c44091c6c4d1a75e9145a62a3b6531a8
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Jun 21 00:55:46 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Jun 21 00:55:46 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=03a14056
7
8 Grsec/PaX: 3.0-{3.2.60,3.14.8}-201406191347
9
10 ---
11 {3.14.6 => 3.14.8}/0000_README | 2 +-
12 .../4420_grsecurity-3.0-3.14.8-201406191347.patch | 649 ++++++++++++---------
13 {3.14.6 => 3.14.8}/4425_grsec_remove_EI_PAX.patch | 0
14 .../4427_force_XATTR_PAX_tmpfs.patch | 4 +-
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 {3.14.6 => 3.14.8}/4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 12 +-
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
20 {3.14.6 => 3.14.8}/4470_disable-compat_vdso.patch | 0
21 {3.14.6 => 3.14.8}/4475_emutramp_default_on.patch | 0
22 3.2.60/0000_README | 2 +-
23 ... 4420_grsecurity-3.0-3.2.60-201406191345.patch} | 231 +++++---
24 3.2.60/4450_grsec-kconfig-default-gids.patch | 12 +-
25 3.2.60/4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
26 15 files changed, 549 insertions(+), 367 deletions(-)
27
28 diff --git a/3.14.6/0000_README b/3.14.8/0000_README
29 similarity index 96%
30 rename from 3.14.6/0000_README
31 rename to 3.14.8/0000_README
32 index 982ffca..d9d0e9a 100644
33 --- a/3.14.6/0000_README
34 +++ b/3.14.8/0000_README
35 @@ -2,7 +2,7 @@ README
36 -----------------------------------------------------------------------------
37 Individual Patch Descriptions:
38 -----------------------------------------------------------------------------
39 -Patch: 4420_grsecurity-3.0-3.14.6-201406101411.patch
40 +Patch: 4420_grsecurity-3.0-3.14.8-201406191347.patch
41 From: http://www.grsecurity.net
42 Desc: hardened-sources base patch from upstream grsecurity
43
44
45 diff --git a/3.14.6/4420_grsecurity-3.0-3.14.6-201406101411.patch b/3.14.8/4420_grsecurity-3.0-3.14.8-201406191347.patch
46 similarity index 99%
47 rename from 3.14.6/4420_grsecurity-3.0-3.14.6-201406101411.patch
48 rename to 3.14.8/4420_grsecurity-3.0-3.14.8-201406191347.patch
49 index 274a809..cf0e6f3 100644
50 --- a/3.14.6/4420_grsecurity-3.0-3.14.6-201406101411.patch
51 +++ b/3.14.8/4420_grsecurity-3.0-3.14.8-201406191347.patch
52 @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
53
54 pcd. [PARIDE]
55 diff --git a/Makefile b/Makefile
56 -index 0d499e6..2318683 100644
57 +index ef1d59b..7030652 100644
58 --- a/Makefile
59 +++ b/Makefile
60 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
61 @@ -2170,7 +2170,7 @@ index 71a06b2..8bb9ae1 100644
62 /*
63 * Change these and you break ASM code in entry-common.S
64 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
65 -index 72abdc5..35acac1 100644
66 +index 7f3f3cc..bdf0665 100644
67 --- a/arch/arm/include/asm/uaccess.h
68 +++ b/arch/arm/include/asm/uaccess.h
69 @@ -18,6 +18,7 @@
70 @@ -2235,7 +2235,7 @@ index 72abdc5..35acac1 100644
71 })
72
73 extern int __put_user_1(void *, unsigned int);
74 -@@ -195,8 +227,12 @@ extern int __put_user_8(void *, unsigned long long);
75 +@@ -196,8 +228,12 @@ extern int __put_user_8(void *, unsigned long long);
76
77 #define put_user(x,p) \
78 ({ \
79 @@ -2249,7 +2249,7 @@ index 72abdc5..35acac1 100644
80 })
81
82 #else /* CONFIG_MMU */
83 -@@ -220,6 +256,7 @@ static inline void set_fs(mm_segment_t fs)
84 +@@ -221,6 +257,7 @@ static inline void set_fs(mm_segment_t fs)
85
86 #endif /* CONFIG_MMU */
87
88 @@ -2257,7 +2257,7 @@ index 72abdc5..35acac1 100644
89 #define access_ok(type,addr,size) (__range_ok(addr,size) == 0)
90
91 #define user_addr_max() \
92 -@@ -237,13 +274,17 @@ static inline void set_fs(mm_segment_t fs)
93 +@@ -238,13 +275,17 @@ static inline void set_fs(mm_segment_t fs)
94 #define __get_user(x,ptr) \
95 ({ \
96 long __gu_err = 0; \
97 @@ -2275,7 +2275,7 @@ index 72abdc5..35acac1 100644
98 (void) 0; \
99 })
100
101 -@@ -319,13 +360,17 @@ do { \
102 +@@ -320,13 +361,17 @@ do { \
103 #define __put_user(x,ptr) \
104 ({ \
105 long __pu_err = 0; \
106 @@ -2293,7 +2293,7 @@ index 72abdc5..35acac1 100644
107 (void) 0; \
108 })
109
110 -@@ -425,11 +470,44 @@ do { \
111 +@@ -426,11 +471,44 @@ do { \
112
113
114 #ifdef CONFIG_MMU
115 @@ -2341,7 +2341,7 @@ index 72abdc5..35acac1 100644
116 #else
117 #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0)
118 #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0)
119 -@@ -438,6 +516,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
120 +@@ -439,6 +517,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
121
122 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
123 {
124 @@ -2351,7 +2351,7 @@ index 72abdc5..35acac1 100644
125 if (access_ok(VERIFY_READ, from, n))
126 n = __copy_from_user(to, from, n);
127 else /* security hole - plug it */
128 -@@ -447,6 +528,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
129 +@@ -448,6 +529,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
130
131 static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
132 {
133 @@ -2665,10 +2665,10 @@ index a2dcafd..1048b5a 100644
134
135 #if defined(CONFIG_OABI_COMPAT)
136 diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
137 -index 39f89fb..d612bd9 100644
138 +index 88c6bab..652981b 100644
139 --- a/arch/arm/kernel/entry-header.S
140 +++ b/arch/arm/kernel/entry-header.S
141 -@@ -184,6 +184,60 @@
142 +@@ -188,6 +188,60 @@
143 msr cpsr_c, \rtemp @ switch back to the SVC mode
144 .endm
145
146 @@ -2729,7 +2729,7 @@ index 39f89fb..d612bd9 100644
147 #ifndef CONFIG_THUMB2_KERNEL
148 .macro svc_exit, rpsr, irq = 0
149 .if \irq != 0
150 -@@ -203,6 +257,9 @@
151 +@@ -207,6 +261,9 @@
152 blne trace_hardirqs_off
153 #endif
154 .endif
155 @@ -2739,7 +2739,7 @@ index 39f89fb..d612bd9 100644
156 msr spsr_cxsf, \rpsr
157 #if defined(CONFIG_CPU_V6)
158 ldr r0, [sp]
159 -@@ -266,6 +323,9 @@
160 +@@ -270,6 +327,9 @@
161 blne trace_hardirqs_off
162 #endif
163 .endif
164 @@ -6739,7 +6739,7 @@ index 25da651..ae2a259 100644
165
166 #endif /* __ASM_SMTC_PROC_H */
167 diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
168 -index 24846f9..61c49f0 100644
169 +index e80ae50..4404147 100644
170 --- a/arch/mips/include/asm/thread_info.h
171 +++ b/arch/mips/include/asm/thread_info.h
172 @@ -116,6 +116,8 @@ static inline struct thread_info *current_thread_info(void)
173 @@ -6751,15 +6751,16 @@ index 24846f9..61c49f0 100644
174 #define TIF_SYSCALL_TRACE 31 /* syscall trace active */
175
176 #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
177 -@@ -134,13 +136,14 @@ static inline struct thread_info *current_thread_info(void)
178 +@@ -134,14 +136,15 @@ static inline struct thread_info *current_thread_info(void)
179 #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH)
180 #define _TIF_32BIT_FPREGS (1<<TIF_32BIT_FPREGS)
181 #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
182 +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
183
184 #define _TIF_WORK_SYSCALL_ENTRY (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \
185 -- _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT)
186 -+ _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID)
187 + _TIF_SYSCALL_AUDIT | \
188 +- _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP)
189 ++ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID)
190
191 /* work to do in syscall_trace_leave() */
192 #define _TIF_WORK_SYSCALL_EXIT (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \
193 @@ -6768,7 +6769,7 @@ index 24846f9..61c49f0 100644
194
195 /* work to do on interrupt/exception return */
196 #define _TIF_WORK_MASK \
197 -@@ -148,7 +151,7 @@ static inline struct thread_info *current_thread_info(void)
198 +@@ -149,7 +152,7 @@ static inline struct thread_info *current_thread_info(void)
199 /* work to do on any return to u-space */
200 #define _TIF_ALLWORK_MASK (_TIF_NOHZ | _TIF_WORK_MASK | \
201 _TIF_WORK_SYSCALL_EXIT | \
202 @@ -7088,7 +7089,7 @@ index c24ad5f..9983ab2 100644
203 }
204 /* Arrange for an interrupt in a short while */
205 diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
206 -index e0b4996..6b43ce7 100644
207 +index 81e6ae0..6ab6e79 100644
208 --- a/arch/mips/kernel/traps.c
209 +++ b/arch/mips/kernel/traps.c
210 @@ -691,7 +691,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
211 @@ -36699,7 +36700,7 @@ index 36605ab..6ef6d4b 100644
212 unsigned long timeout_msec)
213 {
214 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
215 -index bb26636..09cbdb4 100644
216 +index 62fda16..8063873 100644
217 --- a/drivers/ata/libata-core.c
218 +++ b/drivers/ata/libata-core.c
219 @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
220 @@ -39505,7 +39506,7 @@ index 199b52b..e3503bb 100644
221 ret = cpufreq_sysfs_create_file(&boost.attr);
222 if (ret) {
223 diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c
224 -index ba43991..23858ffb 100644
225 +index e1c6433..31203ae 100644
226 --- a/drivers/cpufreq/cpufreq_governor.c
227 +++ b/drivers/cpufreq/cpufreq_governor.c
228 @@ -191,7 +191,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy,
229 @@ -39592,10 +39593,10 @@ index 18d4091..434be15 100644
230 }
231 EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
232 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
233 -index 9ac3783..652b033 100644
234 +index de9ef4a..0b29fc9 100644
235 --- a/drivers/cpufreq/intel_pstate.c
236 +++ b/drivers/cpufreq/intel_pstate.c
237 -@@ -126,10 +126,10 @@ struct pstate_funcs {
238 +@@ -125,10 +125,10 @@ struct pstate_funcs {
239 struct cpu_defaults {
240 struct pstate_adjust_policy pid_policy;
241 struct pstate_funcs funcs;
242 @@ -39608,7 +39609,7 @@ index 9ac3783..652b033 100644
243
244 struct perf_limits {
245 int no_turbo;
246 -@@ -527,7 +527,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
247 +@@ -529,7 +529,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
248
249 cpu->pstate.current_pstate = pstate;
250
251 @@ -39617,7 +39618,7 @@ index 9ac3783..652b033 100644
252 }
253
254 static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps)
255 -@@ -549,12 +549,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
256 +@@ -551,12 +551,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
257 {
258 sprintf(cpu->name, "Intel 2nd generation core");
259
260 @@ -39635,7 +39636,7 @@ index 9ac3783..652b033 100644
261 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
262 }
263
264 -@@ -830,9 +830,9 @@ static int intel_pstate_msrs_not_valid(void)
265 +@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void)
266 rdmsrl(MSR_IA32_APERF, aperf);
267 rdmsrl(MSR_IA32_MPERF, mperf);
268
269 @@ -39648,7 +39649,7 @@ index 9ac3783..652b033 100644
270 return -ENODEV;
271
272 rdmsrl(MSR_IA32_APERF, tmp);
273 -@@ -846,7 +846,7 @@ static int intel_pstate_msrs_not_valid(void)
274 +@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void)
275 return 0;
276 }
277
278 @@ -39657,7 +39658,7 @@ index 9ac3783..652b033 100644
279 {
280 pid_params.sample_rate_ms = policy->sample_rate_ms;
281 pid_params.p_gain_pct = policy->p_gain_pct;
282 -@@ -858,11 +858,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
283 +@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
284
285 static void copy_cpu_funcs(struct pstate_funcs *funcs)
286 {
287 @@ -40176,7 +40177,7 @@ index eb6935c..3cc2bfa 100644
288 #include <asm/byteorder.h>
289
290 diff --git a/drivers/firewire/core.h b/drivers/firewire/core.h
291 -index c98764a..551b520 100644
292 +index f477308..2795f24 100644
293 --- a/drivers/firewire/core.h
294 +++ b/drivers/firewire/core.h
295 @@ -111,6 +111,7 @@ struct fw_card_driver {
296 @@ -40188,7 +40189,7 @@ index c98764a..551b520 100644
297 void fw_card_initialize(struct fw_card *card,
298 const struct fw_card_driver *driver, struct device *device);
299 diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c
300 -index 8db6632..9bbc8ca 100644
301 +index 586f2f7..3545ad2 100644
302 --- a/drivers/firewire/ohci.c
303 +++ b/drivers/firewire/ohci.c
304 @@ -2049,10 +2049,12 @@ static void bus_reset_work(struct work_struct *work)
305 @@ -40680,7 +40681,7 @@ index 15a74f9..4278889 100644
306 return can_switch;
307 }
308 diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
309 -index 697f215..6f89b7f 100644
310 +index 4677af9..cd79971 100644
311 --- a/drivers/gpu/drm/i915/i915_drv.h
312 +++ b/drivers/gpu/drm/i915/i915_drv.h
313 @@ -1362,7 +1362,7 @@ typedef struct drm_i915_private {
314 @@ -40693,7 +40694,7 @@ index 697f215..6f89b7f 100644
315 /* protects the irq masks */
316 spinlock_t irq_lock;
317 diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
318 -index d269ecf..6d857bc 100644
319 +index 768e666..68cf44d 100644
320 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
321 +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
322 @@ -860,9 +860,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
323 @@ -40865,7 +40866,7 @@ index 4050450..f67c5c1 100644
324 iir = I915_READ(IIR);
325
326 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
327 -index 9d4d837..6836e22 100644
328 +index b6fb3eb..e0fa1e1 100644
329 --- a/drivers/gpu/drm/i915/intel_display.c
330 +++ b/drivers/gpu/drm/i915/intel_display.c
331 @@ -10798,13 +10798,13 @@ struct intel_quirk {
332 @@ -41462,7 +41463,7 @@ index 4a85bb6..aaea819 100644
333 if (regcomp
334 (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
335 diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
336 -index 7f370b3..4e92ca6 100644
337 +index 0bf6f4a..18e2437 100644
338 --- a/drivers/gpu/drm/radeon/radeon_device.c
339 +++ b/drivers/gpu/drm/radeon/radeon_device.c
340 @@ -1128,7 +1128,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
341 @@ -44516,7 +44517,7 @@ index 8c53b09..f1fb2b0 100644
342
343 void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
344 diff --git a/drivers/md/md.c b/drivers/md/md.c
345 -index 51c431c..be0fbd6 100644
346 +index 8b013f8..93eed41 100644
347 --- a/drivers/md/md.c
348 +++ b/drivers/md/md.c
349 @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
350 @@ -44773,10 +44774,33 @@ index cb882aa..9bd076e 100644
351
352 rdev_dec_pending(rdev, mddev);
353 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
354 -index 16f5c21..4df20dc 100644
355 +index 16f5c21..522b82e 100644
356 --- a/drivers/md/raid5.c
357 +++ b/drivers/md/raid5.c
358 -@@ -1991,21 +1991,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
359 +@@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
360 + return 1;
361 + }
362 +
363 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
364 ++static atomic_unchecked_t raid5_cache_id = ATOMIC_INIT(0);
365 ++#endif
366 ++
367 + static int grow_stripes(struct r5conf *conf, int num)
368 + {
369 + struct kmem_cache *sc;
370 +@@ -1718,7 +1722,11 @@ static int grow_stripes(struct r5conf *conf, int num)
371 + "raid%d-%s", conf->level, mdname(conf->mddev));
372 + else
373 + sprintf(conf->cache_name[0],
374 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
375 ++ "raid%d-%08lx", conf->level, atomic_inc_return_unchecked(&raid5_cache_id));
376 ++#else
377 + "raid%d-%p", conf->level, conf->mddev);
378 ++#endif
379 + sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
380 +
381 + conf->active_name = 0;
382 +@@ -1991,21 +1999,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
383 mdname(conf->mddev), STRIPE_SECTORS,
384 (unsigned long long)s,
385 bdevname(rdev->bdev, b));
386 @@ -44802,7 +44826,7 @@ index 16f5c21..4df20dc 100644
387 if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
388 printk_ratelimited(
389 KERN_WARNING
390 -@@ -2033,7 +2033,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
391 +@@ -2033,7 +2041,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
392 mdname(conf->mddev),
393 (unsigned long long)s,
394 bdn);
395 @@ -48190,7 +48214,7 @@ index 53b58de..4479896 100644
396 int retval = -ENOMEM;
397
398 diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
399 -index 955ab79..d1df9c7 100644
400 +index fb02fc2..83dc2c3 100644
401 --- a/drivers/pci/msi.c
402 +++ b/drivers/pci/msi.c
403 @@ -524,8 +524,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev)
404 @@ -52475,7 +52499,7 @@ index 2518c32..1c201bb 100644
405 wake_up(&usb_kill_urb_queue);
406 usb_put_urb(urb);
407 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
408 -index d498d03..e26f959 100644
409 +index 3baa51b..92907cf 100644
410 --- a/drivers/usb/core/hub.c
411 +++ b/drivers/usb/core/hub.c
412 @@ -27,6 +27,7 @@
413 @@ -52486,7 +52510,7 @@ index d498d03..e26f959 100644
414
415 #include <asm/uaccess.h>
416 #include <asm/byteorder.h>
417 -@@ -4472,6 +4473,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
418 +@@ -4483,6 +4484,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
419 goto done;
420 return;
421 }
422 @@ -56472,7 +56496,7 @@ index 04cd768..25949c1 100644
423
424 file = aio_private_file(ctx, nr_pages);
425 diff --git a/fs/attr.c b/fs/attr.c
426 -index 5d4e59d..fd02418 100644
427 +index 6530ced..4a827e2 100644
428 --- a/fs/attr.c
429 +++ b/fs/attr.c
430 @@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
431 @@ -58847,7 +58871,7 @@ index e4141f2..d8263e8 100644
432 i += packet_length_size;
433 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
434 diff --git a/fs/exec.c b/fs/exec.c
435 -index 31e46b1..f5c70a3 100644
436 +index 31e46b1..88754df 100644
437 --- a/fs/exec.c
438 +++ b/fs/exec.c
439 @@ -55,8 +55,20 @@
440 @@ -59595,8 +59619,8 @@ index 31e46b1..f5c70a3 100644
441 +#ifndef CONFIG_STACK_GROWSUP
442 + unsigned long stackstart = (unsigned long)task_stack_page(current);
443 + unsigned long currentsp = (unsigned long)&stackstart;
444 -+ if (unlikely(currentsp < stackstart + 512 ||
445 -+ currentsp >= stackstart + THREAD_SIZE))
446 ++ if (unlikely((currentsp < stackstart + 512 ||
447 ++ currentsp >= stackstart + THREAD_SIZE) && !in_interrupt()))
448 + BUG();
449 +#endif
450 +
451 @@ -59978,10 +60002,18 @@ index ef68665..5deacdc 100644
452 return 0;
453 }
454 diff --git a/fs/fhandle.c b/fs/fhandle.c
455 -index 999ff5c..41f4109 100644
456 +index 999ff5c..ac037c9 100644
457 --- a/fs/fhandle.c
458 +++ b/fs/fhandle.c
459 -@@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path,
460 +@@ -8,6 +8,7 @@
461 + #include <linux/fs_struct.h>
462 + #include <linux/fsnotify.h>
463 + #include <linux/personality.h>
464 ++#include <linux/grsecurity.h>
465 + #include <asm/uaccess.h>
466 + #include "internal.h"
467 + #include "mount.h"
468 +@@ -67,8 +68,7 @@ static long do_sys_name_to_handle(struct path *path,
469 } else
470 retval = 0;
471 /* copy the mount id */
472 @@ -59991,6 +60023,15 @@ index 999ff5c..41f4109 100644
473 copy_to_user(ufh, handle,
474 sizeof(struct file_handle) + handle_bytes))
475 retval = -EFAULT;
476 +@@ -175,7 +175,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
477 + * the directory. Ideally we would like CAP_DAC_SEARCH.
478 + * But we don't have that
479 + */
480 +- if (!capable(CAP_DAC_READ_SEARCH)) {
481 ++ if (!capable(CAP_DAC_READ_SEARCH) || !gr_chroot_fhandle()) {
482 + retval = -EPERM;
483 + goto out_err;
484 + }
485 diff --git a/fs/file.c b/fs/file.c
486 index eb56a13..ccee850 100644
487 --- a/fs/file.c
488 @@ -61655,7 +61696,7 @@ index d19b30a..ef89c36 100644
489 static int can_do_hugetlb_shm(void)
490 {
491 diff --git a/fs/inode.c b/fs/inode.c
492 -index 4bcdad3..1883822 100644
493 +index e846a32..6b22e15 100644
494 --- a/fs/inode.c
495 +++ b/fs/inode.c
496 @@ -841,8 +841,8 @@ unsigned int get_next_ino(void)
497 @@ -61904,10 +61945,10 @@ index b29e42f..5ea7fdf 100644
498 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
499
500 diff --git a/fs/namei.c b/fs/namei.c
501 -index 4a3c105..0d718f4 100644
502 +index 8274c8d..922e189 100644
503 --- a/fs/namei.c
504 +++ b/fs/namei.c
505 -@@ -330,16 +330,32 @@ int generic_permission(struct inode *inode, int mask)
506 +@@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask)
507 if (ret != -EACCES)
508 return ret;
509
510 @@ -61919,14 +61960,16 @@ index 4a3c105..0d718f4 100644
511 +
512 if (S_ISDIR(inode->i_mode)) {
513 /* DACs are overridable for directories */
514 -- if (inode_capable(inode, CAP_DAC_OVERRIDE))
515 +- if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
516 - return 0;
517 if (!(mask & MAY_WRITE))
518 -- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
519 -+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) ||
520 -+ inode_capable(inode, CAP_DAC_READ_SEARCH))
521 +- if (capable_wrt_inode_uidgid(inode,
522 ++ if (capable_wrt_inode_uidgid_nolog(inode,
523 ++ CAP_DAC_OVERRIDE) ||
524 ++ capable_wrt_inode_uidgid(inode,
525 + CAP_DAC_READ_SEARCH))
526 return 0;
527 -+ if (inode_capable(inode, CAP_DAC_OVERRIDE))
528 ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
529 + return 0;
530 return -EACCES;
531 }
532 @@ -61935,16 +61978,16 @@ index 4a3c105..0d718f4 100644
533 + */
534 + mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
535 + if (mask == MAY_READ)
536 -+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) ||
537 -+ inode_capable(inode, CAP_DAC_READ_SEARCH))
538 ++ if (capable_wrt_inode_uidgid_nolog(inode, CAP_DAC_OVERRIDE) ||
539 ++ capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
540 + return 0;
541 +
542 + /*
543 * Read/write DACs are always overridable.
544 * Executable DACs are overridable when there is
545 * at least one exec bit set.
546 -@@ -348,14 +364,6 @@ int generic_permission(struct inode *inode, int mask)
547 - if (inode_capable(inode, CAP_DAC_OVERRIDE))
548 +@@ -349,14 +366,6 @@ int generic_permission(struct inode *inode, int mask)
549 + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
550 return 0;
551
552 - /*
553 @@ -61952,13 +61995,13 @@ index 4a3c105..0d718f4 100644
554 - */
555 - mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
556 - if (mask == MAY_READ)
557 -- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
558 +- if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
559 - return 0;
560 -
561 return -EACCES;
562 }
563
564 -@@ -821,7 +829,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
565 +@@ -822,7 +831,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
566 {
567 struct dentry *dentry = link->dentry;
568 int error;
569 @@ -61967,7 +62010,7 @@ index 4a3c105..0d718f4 100644
570
571 BUG_ON(nd->flags & LOOKUP_RCU);
572
573 -@@ -842,6 +850,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
574 +@@ -843,6 +852,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
575 if (error)
576 goto out_put_nd_path;
577
578 @@ -61980,7 +62023,7 @@ index 4a3c105..0d718f4 100644
579 nd->last_type = LAST_BIND;
580 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
581 error = PTR_ERR(*p);
582 -@@ -1590,6 +1604,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
583 +@@ -1591,6 +1606,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
584 if (res)
585 break;
586 res = walk_component(nd, path, LOOKUP_FOLLOW);
587 @@ -61989,7 +62032,7 @@ index 4a3c105..0d718f4 100644
588 put_link(nd, &link, cookie);
589 } while (res > 0);
590
591 -@@ -1663,7 +1679,7 @@ EXPORT_SYMBOL(full_name_hash);
592 +@@ -1664,7 +1681,7 @@ EXPORT_SYMBOL(full_name_hash);
593 static inline unsigned long hash_name(const char *name, unsigned int *hashp)
594 {
595 unsigned long a, b, adata, bdata, mask, hash, len;
596 @@ -61998,7 +62041,7 @@ index 4a3c105..0d718f4 100644
597
598 hash = a = 0;
599 len = -sizeof(unsigned long);
600 -@@ -1947,6 +1963,8 @@ static int path_lookupat(int dfd, const char *name,
601 +@@ -1948,6 +1965,8 @@ static int path_lookupat(int dfd, const char *name,
602 if (err)
603 break;
604 err = lookup_last(nd, &path);
605 @@ -62007,7 +62050,7 @@ index 4a3c105..0d718f4 100644
606 put_link(nd, &link, cookie);
607 }
608 }
609 -@@ -1954,6 +1972,13 @@ static int path_lookupat(int dfd, const char *name,
610 +@@ -1955,6 +1974,13 @@ static int path_lookupat(int dfd, const char *name,
611 if (!err)
612 err = complete_walk(nd);
613
614 @@ -62021,7 +62064,7 @@ index 4a3c105..0d718f4 100644
615 if (!err && nd->flags & LOOKUP_DIRECTORY) {
616 if (!d_is_directory(nd->path.dentry)) {
617 path_put(&nd->path);
618 -@@ -1981,8 +2006,15 @@ static int filename_lookup(int dfd, struct filename *name,
619 +@@ -1982,8 +2008,15 @@ static int filename_lookup(int dfd, struct filename *name,
620 retval = path_lookupat(dfd, name->name,
621 flags | LOOKUP_REVAL, nd);
622
623 @@ -62038,7 +62081,7 @@ index 4a3c105..0d718f4 100644
624 return retval;
625 }
626
627 -@@ -2556,6 +2588,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
628 +@@ -2557,6 +2590,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
629 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
630 return -EPERM;
631
632 @@ -62052,7 +62095,7 @@ index 4a3c105..0d718f4 100644
633 return 0;
634 }
635
636 -@@ -2787,7 +2826,7 @@ looked_up:
637 +@@ -2788,7 +2828,7 @@ looked_up:
638 * cleared otherwise prior to returning.
639 */
640 static int lookup_open(struct nameidata *nd, struct path *path,
641 @@ -62061,7 +62104,7 @@ index 4a3c105..0d718f4 100644
642 const struct open_flags *op,
643 bool got_write, int *opened)
644 {
645 -@@ -2822,6 +2861,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
646 +@@ -2823,6 +2863,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
647 /* Negative dentry, just create the file */
648 if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
649 umode_t mode = op->mode;
650 @@ -62079,7 +62122,7 @@ index 4a3c105..0d718f4 100644
651 if (!IS_POSIXACL(dir->d_inode))
652 mode &= ~current_umask();
653 /*
654 -@@ -2843,6 +2893,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
655 +@@ -2844,6 +2895,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
656 nd->flags & LOOKUP_EXCL);
657 if (error)
658 goto out_dput;
659 @@ -62088,7 +62131,7 @@ index 4a3c105..0d718f4 100644
660 }
661 out_no_open:
662 path->dentry = dentry;
663 -@@ -2857,7 +2909,7 @@ out_dput:
664 +@@ -2858,7 +2911,7 @@ out_dput:
665 /*
666 * Handle the last step of open()
667 */
668 @@ -62097,7 +62140,7 @@ index 4a3c105..0d718f4 100644
669 struct file *file, const struct open_flags *op,
670 int *opened, struct filename *name)
671 {
672 -@@ -2907,6 +2959,15 @@ static int do_last(struct nameidata *nd, struct path *path,
673 +@@ -2908,6 +2961,15 @@ static int do_last(struct nameidata *nd, struct path *path,
674 if (error)
675 return error;
676
677 @@ -62113,7 +62156,7 @@ index 4a3c105..0d718f4 100644
678 audit_inode(name, dir, LOOKUP_PARENT);
679 error = -EISDIR;
680 /* trailing slashes? */
681 -@@ -2926,7 +2987,7 @@ retry_lookup:
682 +@@ -2927,7 +2989,7 @@ retry_lookup:
683 */
684 }
685 mutex_lock(&dir->d_inode->i_mutex);
686 @@ -62122,7 +62165,7 @@ index 4a3c105..0d718f4 100644
687 mutex_unlock(&dir->d_inode->i_mutex);
688
689 if (error <= 0) {
690 -@@ -2950,11 +3011,28 @@ retry_lookup:
691 +@@ -2951,11 +3013,28 @@ retry_lookup:
692 goto finish_open_created;
693 }
694
695 @@ -62152,7 +62195,7 @@ index 4a3c105..0d718f4 100644
696
697 /*
698 * If atomic_open() acquired write access it is dropped now due to
699 -@@ -2995,6 +3073,11 @@ finish_lookup:
700 +@@ -2996,6 +3075,11 @@ finish_lookup:
701 }
702 }
703 BUG_ON(inode != path->dentry->d_inode);
704 @@ -62164,7 +62207,7 @@ index 4a3c105..0d718f4 100644
705 return 1;
706 }
707
708 -@@ -3004,7 +3087,6 @@ finish_lookup:
709 +@@ -3005,7 +3089,6 @@ finish_lookup:
710 save_parent.dentry = nd->path.dentry;
711 save_parent.mnt = mntget(path->mnt);
712 nd->path.dentry = path->dentry;
713 @@ -62172,7 +62215,7 @@ index 4a3c105..0d718f4 100644
714 }
715 nd->inode = inode;
716 /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
717 -@@ -3014,7 +3096,18 @@ finish_open:
718 +@@ -3015,7 +3098,18 @@ finish_open:
719 path_put(&save_parent);
720 return error;
721 }
722 @@ -62191,7 +62234,7 @@ index 4a3c105..0d718f4 100644
723 error = -EISDIR;
724 if ((open_flag & O_CREAT) &&
725 (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry)))
726 -@@ -3178,7 +3271,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
727 +@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
728 if (unlikely(error))
729 goto out;
730
731 @@ -62200,7 +62243,7 @@ index 4a3c105..0d718f4 100644
732 while (unlikely(error > 0)) { /* trailing symlink */
733 struct path link = path;
734 void *cookie;
735 -@@ -3196,7 +3289,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
736 +@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
737 error = follow_link(&link, nd, &cookie);
738 if (unlikely(error))
739 break;
740 @@ -62209,7 +62252,7 @@ index 4a3c105..0d718f4 100644
741 put_link(nd, &link, cookie);
742 }
743 out:
744 -@@ -3296,9 +3389,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
745 +@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
746 goto unlock;
747
748 error = -EEXIST;
749 @@ -62223,7 +62266,7 @@ index 4a3c105..0d718f4 100644
750 /*
751 * Special case - lookup gave negative, but... we had foo/bar/
752 * From the vfs_mknod() POV we just have a negative dentry -
753 -@@ -3350,6 +3445,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
754 +@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
755 }
756 EXPORT_SYMBOL(user_path_create);
757
758 @@ -62244,7 +62287,7 @@ index 4a3c105..0d718f4 100644
759 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
760 {
761 int error = may_create(dir, dentry);
762 -@@ -3412,6 +3521,17 @@ retry:
763 +@@ -3413,6 +3523,17 @@ retry:
764
765 if (!IS_POSIXACL(path.dentry->d_inode))
766 mode &= ~current_umask();
767 @@ -62262,7 +62305,7 @@ index 4a3c105..0d718f4 100644
768 error = security_path_mknod(&path, dentry, mode, dev);
769 if (error)
770 goto out;
771 -@@ -3428,6 +3548,8 @@ retry:
772 +@@ -3429,6 +3550,8 @@ retry:
773 break;
774 }
775 out:
776 @@ -62271,7 +62314,7 @@ index 4a3c105..0d718f4 100644
777 done_path_create(&path, dentry);
778 if (retry_estale(error, lookup_flags)) {
779 lookup_flags |= LOOKUP_REVAL;
780 -@@ -3480,9 +3602,16 @@ retry:
781 +@@ -3481,9 +3604,16 @@ retry:
782
783 if (!IS_POSIXACL(path.dentry->d_inode))
784 mode &= ~current_umask();
785 @@ -62288,7 +62331,7 @@ index 4a3c105..0d718f4 100644
786 done_path_create(&path, dentry);
787 if (retry_estale(error, lookup_flags)) {
788 lookup_flags |= LOOKUP_REVAL;
789 -@@ -3563,6 +3692,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
790 +@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
791 struct filename *name;
792 struct dentry *dentry;
793 struct nameidata nd;
794 @@ -62297,7 +62340,7 @@ index 4a3c105..0d718f4 100644
795 unsigned int lookup_flags = 0;
796 retry:
797 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
798 -@@ -3595,10 +3726,21 @@ retry:
799 +@@ -3596,10 +3728,21 @@ retry:
800 error = -ENOENT;
801 goto exit3;
802 }
803 @@ -62319,7 +62362,7 @@ index 4a3c105..0d718f4 100644
804 exit3:
805 dput(dentry);
806 exit2:
807 -@@ -3688,6 +3830,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
808 +@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
809 struct nameidata nd;
810 struct inode *inode = NULL;
811 struct inode *delegated_inode = NULL;
812 @@ -62328,7 +62371,7 @@ index 4a3c105..0d718f4 100644
813 unsigned int lookup_flags = 0;
814 retry:
815 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
816 -@@ -3714,10 +3858,22 @@ retry_deleg:
817 +@@ -3715,10 +3860,22 @@ retry_deleg:
818 if (d_is_negative(dentry))
819 goto slashes;
820 ihold(inode);
821 @@ -62351,7 +62394,7 @@ index 4a3c105..0d718f4 100644
822 exit2:
823 dput(dentry);
824 }
825 -@@ -3805,9 +3961,17 @@ retry:
826 +@@ -3806,9 +3963,17 @@ retry:
827 if (IS_ERR(dentry))
828 goto out_putname;
829
830 @@ -62369,7 +62412,7 @@ index 4a3c105..0d718f4 100644
831 done_path_create(&path, dentry);
832 if (retry_estale(error, lookup_flags)) {
833 lookup_flags |= LOOKUP_REVAL;
834 -@@ -3910,6 +4074,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
835 +@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
836 struct dentry *new_dentry;
837 struct path old_path, new_path;
838 struct inode *delegated_inode = NULL;
839 @@ -62377,7 +62420,7 @@ index 4a3c105..0d718f4 100644
840 int how = 0;
841 int error;
842
843 -@@ -3933,7 +4098,7 @@ retry:
844 +@@ -3934,7 +4100,7 @@ retry:
845 if (error)
846 return error;
847
848 @@ -62386,7 +62429,7 @@ index 4a3c105..0d718f4 100644
849 (how & LOOKUP_REVAL));
850 error = PTR_ERR(new_dentry);
851 if (IS_ERR(new_dentry))
852 -@@ -3945,11 +4110,28 @@ retry:
853 +@@ -3946,11 +4112,28 @@ retry:
854 error = may_linkat(&old_path);
855 if (unlikely(error))
856 goto out_dput;
857 @@ -62415,7 +62458,7 @@ index 4a3c105..0d718f4 100644
858 done_path_create(&new_path, new_dentry);
859 if (delegated_inode) {
860 error = break_deleg_wait(&delegated_inode);
861 -@@ -4236,6 +4418,12 @@ retry_deleg:
862 +@@ -4237,6 +4420,12 @@ retry_deleg:
863 if (new_dentry == trap)
864 goto exit5;
865
866 @@ -62428,7 +62471,7 @@ index 4a3c105..0d718f4 100644
867 error = security_path_rename(&oldnd.path, old_dentry,
868 &newnd.path, new_dentry);
869 if (error)
870 -@@ -4243,6 +4431,9 @@ retry_deleg:
871 +@@ -4244,6 +4433,9 @@ retry_deleg:
872 error = vfs_rename(old_dir->d_inode, old_dentry,
873 new_dir->d_inode, new_dentry,
874 &delegated_inode);
875 @@ -62438,7 +62481,7 @@ index 4a3c105..0d718f4 100644
876 exit5:
877 dput(new_dentry);
878 exit4:
879 -@@ -4279,6 +4470,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
880 +@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
881
882 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
883 {
884 @@ -62447,7 +62490,7 @@ index 4a3c105..0d718f4 100644
885 int len;
886
887 len = PTR_ERR(link);
888 -@@ -4288,7 +4481,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
889 +@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
890 len = strlen(link);
891 if (len > (unsigned) buflen)
892 len = buflen;
893 @@ -64809,7 +64852,7 @@ index 6f599c6..bd00271 100644
894 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
895
896 diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
897 -index fb52b54..5fc7c14 100644
898 +index 8f78819..ba6c272 100644
899 --- a/fs/proc/task_mmu.c
900 +++ b/fs/proc/task_mmu.c
901 @@ -12,12 +12,19 @@
902 @@ -65965,7 +66008,7 @@ index aead369..0dfecfd 100644
903 return 0;
904 sfep = dp->d_ops->sf_nextentry(sfp, sfep);
905 diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
906 -index bcfe612..aa399c0 100644
907 +index 78e62cc..eec3706 100644
908 --- a/fs/xfs/xfs_ioctl.c
909 +++ b/fs/xfs/xfs_ioctl.c
910 @@ -122,7 +122,7 @@ xfs_find_handle(
911 @@ -65979,10 +66022,10 @@ index bcfe612..aa399c0 100644
912
913 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
914 new file mode 100644
915 -index 0000000..a14eb52
916 +index 0000000..bfd482c
917 --- /dev/null
918 +++ b/grsecurity/Kconfig
919 -@@ -0,0 +1,1174 @@
920 +@@ -0,0 +1,1176 @@
921 +#
922 +# grecurity configuration
923 +#
924 @@ -66544,14 +66587,16 @@ index 0000000..a14eb52
925 + created.
926 +
927 +config GRKERNSEC_CHROOT_FCHDIR
928 -+ bool "Deny fchdir out of chroot"
929 ++ bool "Deny fchdir and fhandle out of chroot"
930 + default y if GRKERNSEC_CONFIG_AUTO
931 + depends on GRKERNSEC_CHROOT
932 + help
933 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
934 + to a file descriptor of the chrooting process that points to a directory
935 -+ outside the filesystem will be stopped. If the sysctl option
936 -+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
937 ++ outside the filesystem will be stopped. Additionally, this option prevents
938 ++ use of the recently-created syscall for opening files by a guessable "file
939 ++ handle" inside a chroot. If the sysctl option is enabled, a sysctl option
940 ++ with name "chroot_deny_fchdir" is created.
941 +
942 +config GRKERNSEC_CHROOT_MKNOD
943 + bool "Deny mknod"
944 @@ -73707,10 +73752,10 @@ index 0000000..bc0be01
945 +}
946 diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
947 new file mode 100644
948 -index 0000000..651d6c2
949 +index 0000000..baa635c
950 --- /dev/null
951 +++ b/grsecurity/grsec_chroot.c
952 -@@ -0,0 +1,370 @@
953 +@@ -0,0 +1,387 @@
954 +#include <linux/kernel.h>
955 +#include <linux/module.h>
956 +#include <linux/sched.h>
957 @@ -73885,6 +73930,23 @@ index 0000000..651d6c2
958 +}
959 +
960 +int
961 ++gr_chroot_fhandle(void)
962 ++{
963 ++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
964 ++ if (!grsec_enable_chroot_fchdir)
965 ++ return 1;
966 ++
967 ++ if (!proc_is_chrooted(current))
968 ++ return 1;
969 ++ else {
970 ++ gr_log_noargs(GR_DONT_AUDIT, GR_CHROOT_FHANDLE_MSG);
971 ++ return 0;
972 ++ }
973 ++#endif
974 ++ return 1;
975 ++}
976 ++
977 ++int
978 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
979 + const time_t shm_createtime)
980 +{
981 @@ -77916,16 +77978,16 @@ index 17e7e82..1d7da26 100644
982 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
983 #endif
984 diff --git a/include/linux/capability.h b/include/linux/capability.h
985 -index a6ee1f9..e1ca49d 100644
986 +index 84b13ad..d7b6550 100644
987 --- a/include/linux/capability.h
988 +++ b/include/linux/capability.h
989 @@ -212,8 +212,13 @@ extern bool capable(int cap);
990 extern bool ns_capable(struct user_namespace *ns, int cap);
991 - extern bool inode_capable(const struct inode *inode, int cap);
992 + extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
993 extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
994 +extern bool capable_nolog(int cap);
995 +extern bool ns_capable_nolog(struct user_namespace *ns, int cap);
996 -+extern bool inode_capable_nolog(const struct inode *inode, int cap);
997 ++extern bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap);
998
999 /* audit system wants to get cap info from files as well */
1000 extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
1001 @@ -79749,10 +79811,10 @@ index 0000000..d25522e
1002 +#endif
1003 diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
1004 new file mode 100644
1005 -index 0000000..ba93581
1006 +index 0000000..b02ba9d
1007 --- /dev/null
1008 +++ b/include/linux/grmsg.h
1009 -@@ -0,0 +1,116 @@
1010 +@@ -0,0 +1,117 @@
1011 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
1012 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
1013 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
1014 @@ -79799,6 +79861,7 @@ index 0000000..ba93581
1015 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
1016 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
1017 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
1018 ++#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
1019 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
1020 +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
1021 +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
1022 @@ -79871,10 +79934,10 @@ index 0000000..ba93581
1023 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
1024 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
1025 new file mode 100644
1026 -index 0000000..f2d8c6c
1027 +index 0000000..5c4bdee
1028 --- /dev/null
1029 +++ b/include/linux/grsecurity.h
1030 -@@ -0,0 +1,248 @@
1031 +@@ -0,0 +1,249 @@
1032 +#ifndef GR_SECURITY_H
1033 +#define GR_SECURITY_H
1034 +#include <linux/fs.h>
1035 @@ -79920,6 +79983,7 @@ index 0000000..f2d8c6c
1036 +int gr_handle_chroot_setpriority(struct task_struct *p,
1037 + const int niceval);
1038 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
1039 ++int gr_chroot_fhandle(void);
1040 +int gr_handle_chroot_chroot(const struct dentry *dentry,
1041 + const struct vfsmount *mnt);
1042 +void gr_handle_chroot_chdir(const struct path *path);
1043 @@ -81565,37 +81629,6 @@ index 5f2e559..7d59314 100644
1044
1045 /**
1046 * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
1047 -diff --git a/include/linux/percpu-refcount.h b/include/linux/percpu-refcount.h
1048 -index 95961f0..0afb48f 100644
1049 ---- a/include/linux/percpu-refcount.h
1050 -+++ b/include/linux/percpu-refcount.h
1051 -@@ -110,7 +110,7 @@ static inline void percpu_ref_get(struct percpu_ref *ref)
1052 - pcpu_count = ACCESS_ONCE(ref->pcpu_count);
1053 -
1054 - if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR))
1055 -- __this_cpu_inc(*pcpu_count);
1056 -+ this_cpu_inc(*pcpu_count);
1057 - else
1058 - atomic_inc(&ref->count);
1059 -
1060 -@@ -139,7 +139,7 @@ static inline bool percpu_ref_tryget(struct percpu_ref *ref)
1061 - pcpu_count = ACCESS_ONCE(ref->pcpu_count);
1062 -
1063 - if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) {
1064 -- __this_cpu_inc(*pcpu_count);
1065 -+ this_cpu_inc(*pcpu_count);
1066 - ret = true;
1067 - }
1068 -
1069 -@@ -164,7 +164,7 @@ static inline void percpu_ref_put(struct percpu_ref *ref)
1070 - pcpu_count = ACCESS_ONCE(ref->pcpu_count);
1071 -
1072 - if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR))
1073 -- __this_cpu_dec(*pcpu_count);
1074 -+ this_cpu_dec(*pcpu_count);
1075 - else if (unlikely(atomic_dec_and_test(&ref->count)))
1076 - ref->release(ref);
1077 -
1078 diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
1079 index e56b07f..aef789b 100644
1080 --- a/include/linux/perf_event.h
1081 @@ -85752,68 +85785,10 @@ index d5f31c1..06646e1 100644
1082 s.version = AUDIT_VERSION_LATEST;
1083 s.backlog_wait_time = audit_backlog_wait_time;
1084 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
1085 -index 3b29605..3604797 100644
1086 +index 37e6216..3604797 100644
1087 --- a/kernel/auditsc.c
1088 +++ b/kernel/auditsc.c
1089 -@@ -720,6 +720,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
1090 - return AUDIT_BUILD_CONTEXT;
1091 - }
1092 -
1093 -+static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
1094 -+{
1095 -+ int word, bit;
1096 -+
1097 -+ if (val > 0xffffffff)
1098 -+ return false;
1099 -+
1100 -+ word = AUDIT_WORD(val);
1101 -+ if (word >= AUDIT_BITMASK_SIZE)
1102 -+ return false;
1103 -+
1104 -+ bit = AUDIT_BIT(val);
1105 -+
1106 -+ return rule->mask[word] & bit;
1107 -+}
1108 -+
1109 - /* At syscall entry and exit time, this filter is called if the
1110 - * audit_state is not low enough that auditing cannot take place, but is
1111 - * also not high enough that we already know we have to write an audit
1112 -@@ -737,11 +753,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
1113 -
1114 - rcu_read_lock();
1115 - if (!list_empty(list)) {
1116 -- int word = AUDIT_WORD(ctx->major);
1117 -- int bit = AUDIT_BIT(ctx->major);
1118 --
1119 - list_for_each_entry_rcu(e, list, list) {
1120 -- if ((e->rule.mask[word] & bit) == bit &&
1121 -+ if (audit_in_mask(&e->rule, ctx->major) &&
1122 - audit_filter_rules(tsk, &e->rule, ctx, NULL,
1123 - &state, false)) {
1124 - rcu_read_unlock();
1125 -@@ -761,20 +774,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
1126 - static int audit_filter_inode_name(struct task_struct *tsk,
1127 - struct audit_names *n,
1128 - struct audit_context *ctx) {
1129 -- int word, bit;
1130 - int h = audit_hash_ino((u32)n->ino);
1131 - struct list_head *list = &audit_inode_hash[h];
1132 - struct audit_entry *e;
1133 - enum audit_state state;
1134 -
1135 -- word = AUDIT_WORD(ctx->major);
1136 -- bit = AUDIT_BIT(ctx->major);
1137 --
1138 - if (list_empty(list))
1139 - return 0;
1140 -
1141 - list_for_each_entry_rcu(e, list, list) {
1142 -- if ((e->rule.mask[word] & bit) == bit &&
1143 -+ if (audit_in_mask(&e->rule, ctx->major) &&
1144 - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
1145 - ctx->current_state = state;
1146 - return 1;
1147 -@@ -1945,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
1148 +@@ -1954,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
1149 }
1150
1151 /* global counter which is incremented every time something logs in */
1152 @@ -85822,7 +85797,7 @@ index 3b29605..3604797 100644
1153
1154 static int audit_set_loginuid_perm(kuid_t loginuid)
1155 {
1156 -@@ -2014,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid)
1157 +@@ -2023,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid)
1158
1159 /* are we setting or clearing? */
1160 if (uid_valid(loginuid))
1161 @@ -85832,7 +85807,7 @@ index 3b29605..3604797 100644
1162 task->sessionid = sessionid;
1163 task->loginuid = loginuid;
1164 diff --git a/kernel/capability.c b/kernel/capability.c
1165 -index 34019c5..363f279 100644
1166 +index 1191a44..7c81292 100644
1167 --- a/kernel/capability.c
1168 +++ b/kernel/capability.c
1169 @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
1170 @@ -85914,20 +85889,21 @@ index 34019c5..363f279 100644
1171 +EXPORT_SYMBOL(capable_nolog);
1172 +
1173 /**
1174 - * inode_capable - Check superior capability over inode
1175 + * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
1176 * @inode: The inode in question
1177 -@@ -453,3 +478,11 @@ bool inode_capable(const struct inode *inode, int cap)
1178 - return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
1179 +@@ -449,3 +474,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
1180 + kgid_has_mapping(ns, inode->i_gid);
1181 }
1182 - EXPORT_SYMBOL(inode_capable);
1183 + EXPORT_SYMBOL(capable_wrt_inode_uidgid);
1184 +
1185 -+bool inode_capable_nolog(const struct inode *inode, int cap)
1186 ++bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap)
1187 +{
1188 + struct user_namespace *ns = current_user_ns();
1189 +
1190 -+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
1191 ++ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
1192 ++ kgid_has_mapping(ns, inode->i_gid);
1193 +}
1194 -+EXPORT_SYMBOL(inode_capable_nolog);
1195 ++EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
1196 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
1197 index 0c753dd..dd7d3d6 100644
1198 --- a/kernel/cgroup.c
1199 @@ -86358,7 +86334,7 @@ index 0b097c8..11dd5c5 100644
1200 #ifdef CONFIG_MODULE_UNLOAD
1201 {
1202 diff --git a/kernel/events/core.c b/kernel/events/core.c
1203 -index fa0b2d4..67a1c7a 100644
1204 +index 0e7fea7..f869fde 100644
1205 --- a/kernel/events/core.c
1206 +++ b/kernel/events/core.c
1207 @@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu;
1208 @@ -86396,7 +86372,7 @@ index fa0b2d4..67a1c7a 100644
1209
1210 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
1211 enum event_type_t event_type);
1212 -@@ -2986,7 +2993,7 @@ static void __perf_event_read(void *info)
1213 +@@ -3000,7 +3007,7 @@ static void __perf_event_read(void *info)
1214
1215 static inline u64 perf_event_count(struct perf_event *event)
1216 {
1217 @@ -86405,7 +86381,7 @@ index fa0b2d4..67a1c7a 100644
1218 }
1219
1220 static u64 perf_event_read(struct perf_event *event)
1221 -@@ -3354,9 +3361,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
1222 +@@ -3365,9 +3372,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
1223 mutex_lock(&event->child_mutex);
1224 total += perf_event_read(event);
1225 *enabled += event->total_time_enabled +
1226 @@ -86417,7 +86393,7 @@ index fa0b2d4..67a1c7a 100644
1227
1228 list_for_each_entry(child, &event->child_list, child_list) {
1229 total += perf_event_read(child);
1230 -@@ -3785,10 +3792,10 @@ void perf_event_update_userpage(struct perf_event *event)
1231 +@@ -3796,10 +3803,10 @@ void perf_event_update_userpage(struct perf_event *event)
1232 userpg->offset -= local64_read(&event->hw.prev_count);
1233
1234 userpg->time_enabled = enabled +
1235 @@ -86430,7 +86406,7 @@ index fa0b2d4..67a1c7a 100644
1236
1237 arch_perf_update_userpage(userpg, now);
1238
1239 -@@ -4339,7 +4346,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
1240 +@@ -4350,7 +4357,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
1241
1242 /* Data. */
1243 sp = perf_user_stack_pointer(regs);
1244 @@ -86439,7 +86415,7 @@ index fa0b2d4..67a1c7a 100644
1245 dyn_size = dump_size - rem;
1246
1247 perf_output_skip(handle, rem);
1248 -@@ -4430,11 +4437,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
1249 +@@ -4441,11 +4448,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
1250 values[n++] = perf_event_count(event);
1251 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
1252 values[n++] = enabled +
1253 @@ -86453,7 +86429,7 @@ index fa0b2d4..67a1c7a 100644
1254 }
1255 if (read_format & PERF_FORMAT_ID)
1256 values[n++] = primary_event_id(event);
1257 -@@ -6704,7 +6711,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
1258 +@@ -6724,7 +6731,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
1259 event->parent = parent_event;
1260
1261 event->ns = get_pid_ns(task_active_pid_ns(current));
1262 @@ -86462,7 +86438,7 @@ index fa0b2d4..67a1c7a 100644
1263
1264 event->state = PERF_EVENT_STATE_INACTIVE;
1265
1266 -@@ -7004,6 +7011,11 @@ SYSCALL_DEFINE5(perf_event_open,
1267 +@@ -7024,6 +7031,11 @@ SYSCALL_DEFINE5(perf_event_open,
1268 if (flags & ~PERF_FLAG_ALL)
1269 return -EINVAL;
1270
1271 @@ -86474,7 +86450,7 @@ index fa0b2d4..67a1c7a 100644
1272 err = perf_copy_attr(attr_uptr, &attr);
1273 if (err)
1274 return err;
1275 -@@ -7339,10 +7351,10 @@ static void sync_child_event(struct perf_event *child_event,
1276 +@@ -7362,10 +7374,10 @@ static void sync_child_event(struct perf_event *child_event,
1277 /*
1278 * Add back the child's count to the parent's count:
1279 */
1280 @@ -90051,7 +90027,7 @@ index a63f4dc..349bbb0 100644
1281 unsigned long timeout)
1282 {
1283 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
1284 -index f5c6635..7133356 100644
1285 +index 0aae0fc..2ba2b81 100644
1286 --- a/kernel/sched/core.c
1287 +++ b/kernel/sched/core.c
1288 @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
1289 @@ -90094,7 +90070,7 @@ index f5c6635..7133356 100644
1290 return -EPERM;
1291
1292 retval = security_task_setnice(current, nice);
1293 -@@ -3332,6 +3337,7 @@ recheck:
1294 +@@ -3355,6 +3360,7 @@ recheck:
1295 if (policy != p->policy && !rlim_rtprio)
1296 return -EPERM;
1297
1298 @@ -90102,7 +90078,7 @@ index f5c6635..7133356 100644
1299 /* can't increase priority */
1300 if (attr->sched_priority > p->rt_priority &&
1301 attr->sched_priority > rlim_rtprio)
1302 -@@ -4702,8 +4708,10 @@ void idle_task_exit(void)
1303 +@@ -4726,8 +4732,10 @@ void idle_task_exit(void)
1304
1305 BUG_ON(cpu_online(smp_processor_id()));
1306
1307 @@ -90114,7 +90090,7 @@ index f5c6635..7133356 100644
1308 mmdrop(mm);
1309 }
1310
1311 -@@ -4781,7 +4789,7 @@ static void migrate_tasks(unsigned int dead_cpu)
1312 +@@ -4805,7 +4813,7 @@ static void migrate_tasks(unsigned int dead_cpu)
1313
1314 #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
1315
1316 @@ -90123,7 +90099,7 @@ index f5c6635..7133356 100644
1317 {
1318 .procname = "sched_domain",
1319 .mode = 0555,
1320 -@@ -4798,17 +4806,17 @@ static struct ctl_table sd_ctl_root[] = {
1321 +@@ -4822,17 +4830,17 @@ static struct ctl_table sd_ctl_root[] = {
1322 {}
1323 };
1324
1325 @@ -90145,7 +90121,7 @@ index f5c6635..7133356 100644
1326
1327 /*
1328 * In the intermediate directories, both the child directory and
1329 -@@ -4816,22 +4824,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
1330 +@@ -4840,22 +4848,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
1331 * will always be set. In the lowest directory the names are
1332 * static strings and all have proc handlers.
1333 */
1334 @@ -90177,7 +90153,7 @@ index f5c6635..7133356 100644
1335 const char *procname, void *data, int maxlen,
1336 umode_t mode, proc_handler *proc_handler,
1337 bool load_idx)
1338 -@@ -4851,7 +4862,7 @@ set_table_entry(struct ctl_table *entry,
1339 +@@ -4875,7 +4886,7 @@ set_table_entry(struct ctl_table *entry,
1340 static struct ctl_table *
1341 sd_alloc_ctl_domain_table(struct sched_domain *sd)
1342 {
1343 @@ -90186,7 +90162,7 @@ index f5c6635..7133356 100644
1344
1345 if (table == NULL)
1346 return NULL;
1347 -@@ -4886,9 +4897,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
1348 +@@ -4910,9 +4921,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
1349 return table;
1350 }
1351
1352 @@ -90198,7 +90174,7 @@ index f5c6635..7133356 100644
1353 struct sched_domain *sd;
1354 int domain_num = 0, i;
1355 char buf[32];
1356 -@@ -4915,11 +4926,13 @@ static struct ctl_table_header *sd_sysctl_header;
1357 +@@ -4939,11 +4950,13 @@ static struct ctl_table_header *sd_sysctl_header;
1358 static void register_sched_domain_sysctl(void)
1359 {
1360 int i, cpu_num = num_possible_cpus();
1361 @@ -90213,7 +90189,7 @@ index f5c6635..7133356 100644
1362
1363 if (entry == NULL)
1364 return;
1365 -@@ -4942,8 +4955,12 @@ static void unregister_sched_domain_sysctl(void)
1366 +@@ -4966,8 +4979,12 @@ static void unregister_sched_domain_sysctl(void)
1367 if (sd_sysctl_header)
1368 unregister_sysctl_table(sd_sysctl_header);
1369 sd_sysctl_header = NULL;
1370 @@ -92905,7 +92881,7 @@ index 539eeb9..e24a987 100644
1371 if (end == start)
1372 return error;
1373 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
1374 -index 66586bb..73ab487 100644
1375 +index e346fa9..5d32f0a 100644
1376 --- a/mm/memory-failure.c
1377 +++ b/mm/memory-failure.c
1378 @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
1379 @@ -92953,7 +92929,15 @@ index 66586bb..73ab487 100644
1380 unlock_page(hpage);
1381 return 0;
1382 }
1383 -@@ -1162,7 +1162,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
1384 +@@ -1157,14 +1157,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
1385 + */
1386 + if (!PageHWPoison(p)) {
1387 + printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn);
1388 +- atomic_long_sub(nr_pages, &num_poisoned_pages);
1389 ++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
1390 + put_page(hpage);
1391 + res = 0;
1392 + goto out;
1393 }
1394 if (hwpoison_filter(p)) {
1395 if (TestClearPageHWPoison(p))
1396 @@ -92962,7 +92946,7 @@ index 66586bb..73ab487 100644
1397 unlock_page(hpage);
1398 put_page(hpage);
1399 return 0;
1400 -@@ -1384,7 +1384,7 @@ int unpoison_memory(unsigned long pfn)
1401 +@@ -1386,7 +1386,7 @@ int unpoison_memory(unsigned long pfn)
1402 return 0;
1403 }
1404 if (TestClearPageHWPoison(p))
1405 @@ -92971,7 +92955,7 @@ index 66586bb..73ab487 100644
1406 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
1407 return 0;
1408 }
1409 -@@ -1398,7 +1398,7 @@ int unpoison_memory(unsigned long pfn)
1410 +@@ -1400,7 +1400,7 @@ int unpoison_memory(unsigned long pfn)
1411 */
1412 if (TestClearPageHWPoison(page)) {
1413 pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
1414 @@ -92980,7 +92964,7 @@ index 66586bb..73ab487 100644
1415 freeit = 1;
1416 if (PageHuge(page))
1417 clear_page_hwpoison_huge_page(page);
1418 -@@ -1523,11 +1523,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
1419 +@@ -1525,11 +1525,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
1420 if (PageHuge(page)) {
1421 set_page_hwpoison_huge_page(hpage);
1422 dequeue_hwpoisoned_huge_page(hpage);
1423 @@ -92994,7 +92978,7 @@ index 66586bb..73ab487 100644
1424 }
1425 }
1426 return ret;
1427 -@@ -1566,7 +1566,7 @@ static int __soft_offline_page(struct page *page, int flags)
1428 +@@ -1568,7 +1568,7 @@ static int __soft_offline_page(struct page *page, int flags)
1429 put_page(page);
1430 pr_info("soft_offline: %#lx: invalidated\n", pfn);
1431 SetPageHWPoison(page);
1432 @@ -93003,7 +92987,7 @@ index 66586bb..73ab487 100644
1433 return 0;
1434 }
1435
1436 -@@ -1617,7 +1617,7 @@ static int __soft_offline_page(struct page *page, int flags)
1437 +@@ -1619,7 +1619,7 @@ static int __soft_offline_page(struct page *page, int flags)
1438 if (!is_free_buddy_page(page))
1439 pr_info("soft offline: %#lx: page leaked\n",
1440 pfn);
1441 @@ -93012,7 +92996,7 @@ index 66586bb..73ab487 100644
1442 }
1443 } else {
1444 pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
1445 -@@ -1691,11 +1691,11 @@ int soft_offline_page(struct page *page, int flags)
1446 +@@ -1693,11 +1693,11 @@ int soft_offline_page(struct page *page, int flags)
1447 if (PageHuge(page)) {
1448 set_page_hwpoison_huge_page(hpage);
1449 dequeue_hwpoisoned_huge_page(hpage);
1450 @@ -93722,10 +93706,10 @@ index 49e930f..90d7ec5 100644
1451 mm = get_task_mm(tsk);
1452 if (!mm)
1453 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
1454 -index ae3c8f3..fa4ee8e 100644
1455 +index 56224d9..a74c77e 100644
1456 --- a/mm/mempolicy.c
1457 +++ b/mm/mempolicy.c
1458 -@@ -746,6 +746,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
1459 +@@ -750,6 +750,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
1460 unsigned long vmstart;
1461 unsigned long vmend;
1462
1463 @@ -93736,7 +93720,7 @@ index ae3c8f3..fa4ee8e 100644
1464 vma = find_vma(mm, start);
1465 if (!vma || vma->vm_start > start)
1466 return -EFAULT;
1467 -@@ -789,6 +793,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
1468 +@@ -793,6 +797,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
1469 err = vma_replace_policy(vma, new_pol);
1470 if (err)
1471 goto out;
1472 @@ -93753,7 +93737,7 @@ index ae3c8f3..fa4ee8e 100644
1473 }
1474
1475 out:
1476 -@@ -1252,6 +1266,17 @@ static long do_mbind(unsigned long start, unsigned long len,
1477 +@@ -1256,6 +1270,17 @@ static long do_mbind(unsigned long start, unsigned long len,
1478
1479 if (end < start)
1480 return -EINVAL;
1481 @@ -93771,7 +93755,7 @@ index ae3c8f3..fa4ee8e 100644
1482 if (end == start)
1483 return 0;
1484
1485 -@@ -1480,8 +1505,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
1486 +@@ -1484,8 +1509,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
1487 */
1488 tcred = __task_cred(task);
1489 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
1490 @@ -93781,7 +93765,7 @@ index ae3c8f3..fa4ee8e 100644
1491 rcu_read_unlock();
1492 err = -EPERM;
1493 goto out_put;
1494 -@@ -1512,6 +1536,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
1495 +@@ -1516,6 +1540,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
1496 goto out;
1497 }
1498
1499 @@ -95742,7 +95726,7 @@ index fd26d04..0cea1b0 100644
1500 if (!mm || IS_ERR(mm)) {
1501 rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
1502 diff --git a/mm/rmap.c b/mm/rmap.c
1503 -index d3cbac5..3784601 100644
1504 +index 5d91bb7..3784601 100644
1505 --- a/mm/rmap.c
1506 +++ b/mm/rmap.c
1507 @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
1508 @@ -95844,20 +95828,8 @@ index d3cbac5..3784601 100644
1509 }
1510
1511 /*
1512 -@@ -1554,10 +1590,9 @@ void __put_anon_vma(struct anon_vma *anon_vma)
1513 - {
1514 - struct anon_vma *root = anon_vma->root;
1515 -
1516 -+ anon_vma_free(anon_vma);
1517 - if (root != anon_vma && atomic_dec_and_test(&root->refcount))
1518 - anon_vma_free(root);
1519 --
1520 -- anon_vma_free(anon_vma);
1521 - }
1522 -
1523 - static struct anon_vma *rmap_walk_anon_lock(struct page *page,
1524 diff --git a/mm/shmem.c b/mm/shmem.c
1525 -index 1f18c9d..3e03d33 100644
1526 +index 1f18c9d..b550bab 100644
1527 --- a/mm/shmem.c
1528 +++ b/mm/shmem.c
1529 @@ -33,7 +33,7 @@
1530 @@ -95869,7 +95841,7 @@ index 1f18c9d..3e03d33 100644
1531
1532 #ifdef CONFIG_SHMEM
1533 /*
1534 -@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt;
1535 +@@ -77,14 +77,15 @@ static struct vfsmount *shm_mnt;
1536 #define BOGO_DIRENT_SIZE 20
1537
1538 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */
1539 @@ -95877,8 +95849,99 @@ index 1f18c9d..3e03d33 100644
1540 +#define SHORT_SYMLINK_LEN 64
1541
1542 /*
1543 - * shmem_fallocate and shmem_writepage communicate via inode->i_private
1544 -@@ -2218,6 +2218,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
1545 +- * shmem_fallocate and shmem_writepage communicate via inode->i_private
1546 +- * (with i_mutex making sure that it has only one user at a time):
1547 +- * we would prefer not to enlarge the shmem inode just for that.
1548 ++ * shmem_fallocate communicates with shmem_fault or shmem_writepage via
1549 ++ * inode->i_private (with i_mutex making sure that it has only one user at
1550 ++ * a time): we would prefer not to enlarge the shmem inode just for that.
1551 + */
1552 + struct shmem_falloc {
1553 ++ int mode; /* FALLOC_FL mode currently operating */
1554 + pgoff_t start; /* start of range currently being fallocated */
1555 + pgoff_t next; /* the next page offset to be fallocated */
1556 + pgoff_t nr_falloced; /* how many new pages have been fallocated */
1557 +@@ -824,6 +825,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
1558 + spin_lock(&inode->i_lock);
1559 + shmem_falloc = inode->i_private;
1560 + if (shmem_falloc &&
1561 ++ !shmem_falloc->mode &&
1562 + index >= shmem_falloc->start &&
1563 + index < shmem_falloc->next)
1564 + shmem_falloc->nr_unswapped++;
1565 +@@ -1298,6 +1300,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1566 + int error;
1567 + int ret = VM_FAULT_LOCKED;
1568 +
1569 ++ /*
1570 ++ * Trinity finds that probing a hole which tmpfs is punching can
1571 ++ * prevent the hole-punch from ever completing: which in turn
1572 ++ * locks writers out with its hold on i_mutex. So refrain from
1573 ++ * faulting pages into the hole while it's being punched, and
1574 ++ * wait on i_mutex to be released if vmf->flags permits,
1575 ++ */
1576 ++ if (unlikely(inode->i_private)) {
1577 ++ struct shmem_falloc *shmem_falloc;
1578 ++ spin_lock(&inode->i_lock);
1579 ++ shmem_falloc = inode->i_private;
1580 ++ if (!shmem_falloc ||
1581 ++ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE ||
1582 ++ vmf->pgoff < shmem_falloc->start ||
1583 ++ vmf->pgoff >= shmem_falloc->next)
1584 ++ shmem_falloc = NULL;
1585 ++ spin_unlock(&inode->i_lock);
1586 ++ /*
1587 ++ * i_lock has protected us from taking shmem_falloc seriously
1588 ++ * once return from shmem_fallocate() went back up that stack.
1589 ++ * i_lock does not serialize with i_mutex at all, but it does
1590 ++ * not matter if sometimes we wait unnecessarily, or sometimes
1591 ++ * miss out on waiting: we just need to make those cases rare.
1592 ++ */
1593 ++ if (shmem_falloc) {
1594 ++ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
1595 ++ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
1596 ++ up_read(&vma->vm_mm->mmap_sem);
1597 ++ mutex_lock(&inode->i_mutex);
1598 ++ mutex_unlock(&inode->i_mutex);
1599 ++ return VM_FAULT_RETRY;
1600 ++ }
1601 ++ /* cond_resched? Leave that to GUP or return to user */
1602 ++ return VM_FAULT_NOPAGE;
1603 ++ }
1604 ++ }
1605 ++
1606 + error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
1607 + if (error)
1608 + return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
1609 +@@ -1813,18 +1852,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
1610 +
1611 + mutex_lock(&inode->i_mutex);
1612 +
1613 ++ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE;
1614 ++
1615 + if (mode & FALLOC_FL_PUNCH_HOLE) {
1616 + struct address_space *mapping = file->f_mapping;
1617 + loff_t unmap_start = round_up(offset, PAGE_SIZE);
1618 + loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
1619 +
1620 ++ shmem_falloc.start = unmap_start >> PAGE_SHIFT;
1621 ++ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
1622 ++ spin_lock(&inode->i_lock);
1623 ++ inode->i_private = &shmem_falloc;
1624 ++ spin_unlock(&inode->i_lock);
1625 ++
1626 + if ((u64)unmap_end > (u64)unmap_start)
1627 + unmap_mapping_range(mapping, unmap_start,
1628 + 1 + unmap_end - unmap_start, 0);
1629 + shmem_truncate_range(inode, offset, offset + len - 1);
1630 + /* No need to unmap again: hole-punching leaves COWed pages */
1631 + error = 0;
1632 +- goto out;
1633 ++ goto undone;
1634 + }
1635 +
1636 + /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
1637 +@@ -2218,6 +2265,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
1638 static int shmem_xattr_validate(const char *name)
1639 {
1640 struct { const char *prefix; size_t len; } arr[] = {
1641 @@ -95890,7 +95953,7 @@ index 1f18c9d..3e03d33 100644
1642 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
1643 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
1644 };
1645 -@@ -2273,6 +2278,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
1646 +@@ -2273,6 +2325,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
1647 if (err)
1648 return err;
1649
1650 @@ -95906,7 +95969,7 @@ index 1f18c9d..3e03d33 100644
1651 return simple_xattr_set(&info->xattrs, name, value, size, flags);
1652 }
1653
1654 -@@ -2585,8 +2599,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
1655 +@@ -2585,8 +2646,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
1656 int err = -ENOMEM;
1657
1658 /* Round up to L1_CACHE_BYTES to resist false sharing */
1659 @@ -97743,7 +97806,7 @@ index 7552f9e..074ce29 100644
1660 err = -EFAULT;
1661 break;
1662 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
1663 -index b0ad2c7..96f6a5e 100644
1664 +index 6afa3b4..7a14180 100644
1665 --- a/net/bluetooth/l2cap_core.c
1666 +++ b/net/bluetooth/l2cap_core.c
1667 @@ -3740,8 +3740,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
1668 @@ -99470,7 +99533,7 @@ index 2510c02..cfb34fa 100644
1669 pr_err("Unable to proc dir entry\n");
1670 return -ENOMEM;
1671 diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
1672 -index e21934b..16f52a6 100644
1673 +index e21934b..3ae545c 100644
1674 --- a/net/ipv4/ping.c
1675 +++ b/net/ipv4/ping.c
1676 @@ -59,7 +59,7 @@ struct ping_table {
1677 @@ -99482,15 +99545,6 @@ index e21934b..16f52a6 100644
1678 EXPORT_SYMBOL_GPL(pingv6_ops);
1679
1680 static u16 ping_port_rover;
1681 -@@ -259,7 +259,7 @@ int ping_init_sock(struct sock *sk)
1682 -
1683 - inet_get_ping_group_range_net(net, &low, &high);
1684 - if (gid_lte(low, group) && gid_lte(group, high))
1685 -- return 0;
1686 -+ goto out_release_group;
1687 -
1688 - group_info = get_current_groups();
1689 - count = group_info->ngroups;
1690 @@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
1691 return -ENODEV;
1692 }
1693 @@ -104111,26 +104165,53 @@ index 078fe1d..fbdb363 100644
1694 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
1695 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
1696 new file mode 100644
1697 -index 0000000..edcbc3a
1698 +index 0000000..3fd3699
1699 --- /dev/null
1700 +++ b/scripts/gcc-plugin.sh
1701 -@@ -0,0 +1,16 @@
1702 +@@ -0,0 +1,43 @@
1703 +#!/bin/bash
1704 +srctree=$(dirname "$0")
1705 +gccplugins_dir=$($3 -print-file-name=plugin)
1706 -+plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
1707 ++plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
1708 +#include "gcc-common.h"
1709 +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
1710 -+#warning $2
1711 ++#warning $2 CXX
1712 +#else
1713 -+#warning $1
1714 ++#warning $1 CC
1715 +#endif
1716 +EOF
1717 +)
1718 ++
1719 ++if [ $? -ne 0 ]
1720 ++then
1721 ++ exit 1
1722 ++fi
1723 ++
1724 ++if [[ "$plugincc" =~ "$1 CC" ]]
1725 ++then
1726 ++ echo "$1"
1727 ++ exit 0
1728 ++fi
1729 ++
1730 ++if [[ "$plugincc" =~ "$2 CXX" ]]
1731 ++then
1732 ++plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
1733 ++#include "gcc-common.h"
1734 ++class test {
1735 ++public:
1736 ++ int test;
1737 ++} test = {
1738 ++ .test = 1
1739 ++};
1740 ++EOF
1741 ++)
1742 +if [ $? -eq 0 ]
1743 +then
1744 -+ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" )
1745 ++ echo "$2"
1746 ++ exit 0
1747 ++fi
1748 +fi
1749 ++exit 1
1750 diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
1751 index 5de5660..d3deb89 100644
1752 --- a/scripts/headers_install.sh
1753 @@ -104414,7 +104495,7 @@ index 8fac3fd..32ff38d 100644
1754 unsigned int secindex_strings;
1755
1756 diff --git a/security/Kconfig b/security/Kconfig
1757 -index beb86b5..1776e5eb7 100644
1758 +index beb86b5..40b1edb 100644
1759 --- a/security/Kconfig
1760 +++ b/security/Kconfig
1761 @@ -4,6 +4,957 @@
1762 @@ -104727,13 +104808,13 @@ index beb86b5..1776e5eb7 100644
1763 + bool 'Use filesystem extended attributes marking'
1764 + default y if GRKERNSEC_CONFIG_AUTO
1765 + select CIFS_XATTR if CIFS
1766 ++ select F2FS_FS_XATTR if F2FS_FS
1767 + select EXT2_FS_XATTR if EXT2_FS
1768 + select EXT3_FS_XATTR if EXT3_FS
1769 + select JFFS2_FS_XATTR if JFFS2_FS
1770 + select REISERFS_FS_XATTR if REISERFS_FS
1771 + select SQUASHFS_XATTR if SQUASHFS
1772 + select TMPFS_XATTR if TMPFS
1773 -+ select UBIFS_FS_XATTR if UBIFS_FS
1774 + help
1775 + Enabling this option will allow you to control PaX features on
1776 + a per executable basis via the 'setfattr' utility. The control
1777
1778 diff --git a/3.14.6/4425_grsec_remove_EI_PAX.patch b/3.14.8/4425_grsec_remove_EI_PAX.patch
1779 similarity index 100%
1780 rename from 3.14.6/4425_grsec_remove_EI_PAX.patch
1781 rename to 3.14.8/4425_grsec_remove_EI_PAX.patch
1782
1783 diff --git a/3.14.6/4427_force_XATTR_PAX_tmpfs.patch b/3.14.8/4427_force_XATTR_PAX_tmpfs.patch
1784 similarity index 95%
1785 rename from 3.14.6/4427_force_XATTR_PAX_tmpfs.patch
1786 rename to 3.14.8/4427_force_XATTR_PAX_tmpfs.patch
1787 index bbcef41..3db2112 100644
1788 --- a/3.14.6/4427_force_XATTR_PAX_tmpfs.patch
1789 +++ b/3.14.8/4427_force_XATTR_PAX_tmpfs.patch
1790 @@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge.
1791 diff -Naur a/mm/shmem.c b/mm/shmem.c
1792 --- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400
1793 +++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400
1794 -@@ -2218,11 +2218,7 @@
1795 +@@ -2265,11 +2265,7 @@
1796 static int shmem_xattr_validate(const char *name)
1797 {
1798 struct { const char *prefix; size_t len; } arr[] = {
1799 @@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c
1800 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
1801 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
1802 };
1803 -@@ -2278,14 +2274,12 @@
1804 +@@ -2325,14 +2321,12 @@
1805 if (err)
1806 return err;
1807
1808
1809 diff --git a/3.14.6/4430_grsec-remove-localversion-grsec.patch b/3.14.8/4430_grsec-remove-localversion-grsec.patch
1810 similarity index 100%
1811 rename from 3.14.6/4430_grsec-remove-localversion-grsec.patch
1812 rename to 3.14.8/4430_grsec-remove-localversion-grsec.patch
1813
1814 diff --git a/3.14.6/4435_grsec-mute-warnings.patch b/3.14.8/4435_grsec-mute-warnings.patch
1815 similarity index 100%
1816 rename from 3.14.6/4435_grsec-mute-warnings.patch
1817 rename to 3.14.8/4435_grsec-mute-warnings.patch
1818
1819 diff --git a/3.14.6/4440_grsec-remove-protected-paths.patch b/3.14.8/4440_grsec-remove-protected-paths.patch
1820 similarity index 100%
1821 rename from 3.14.6/4440_grsec-remove-protected-paths.patch
1822 rename to 3.14.8/4440_grsec-remove-protected-paths.patch
1823
1824 diff --git a/3.14.6/4450_grsec-kconfig-default-gids.patch b/3.14.8/4450_grsec-kconfig-default-gids.patch
1825 similarity index 96%
1826 rename from 3.14.6/4450_grsec-kconfig-default-gids.patch
1827 rename to 3.14.8/4450_grsec-kconfig-default-gids.patch
1828 index 19a4285..af218a8 100644
1829 --- a/3.14.6/4450_grsec-kconfig-default-gids.patch
1830 +++ b/3.14.8/4450_grsec-kconfig-default-gids.patch
1831 @@ -16,7 +16,7 @@ from shooting themselves in the foot.
1832 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1833 --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400
1834 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400
1835 -@@ -678,7 +678,7 @@
1836 +@@ -680,7 +680,7 @@
1837 config GRKERNSEC_AUDIT_GID
1838 int "GID for auditing"
1839 depends on GRKERNSEC_AUDIT_GROUP
1840 @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1841
1842 config GRKERNSEC_EXECLOG
1843 bool "Exec logging"
1844 -@@ -909,7 +909,7 @@
1845 +@@ -911,7 +911,7 @@
1846 config GRKERNSEC_TPE_UNTRUSTED_GID
1847 int "GID for TPE-untrusted users"
1848 depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
1849 @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1850 help
1851 Setting this GID determines what group TPE restrictions will be
1852 *enabled* for. If the sysctl option is enabled, a sysctl option
1853 -@@ -918,7 +918,7 @@
1854 +@@ -920,7 +920,7 @@
1855 config GRKERNSEC_TPE_TRUSTED_GID
1856 int "GID for TPE-trusted users"
1857 depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
1858 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1859 help
1860 Setting this GID determines what group TPE restrictions will be
1861 *disabled* for. If the sysctl option is enabled, a sysctl option
1862 -@@ -1011,7 +1011,7 @@
1863 +@@ -1013,7 +1013,7 @@
1864 config GRKERNSEC_SOCKET_ALL_GID
1865 int "GID to deny all sockets for"
1866 depends on GRKERNSEC_SOCKET_ALL
1867 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1868 help
1869 Here you can choose the GID to disable socket access for. Remember to
1870 add the users you want socket access disabled for to the GID
1871 -@@ -1032,7 +1032,7 @@
1872 +@@ -1034,7 +1034,7 @@
1873 config GRKERNSEC_SOCKET_CLIENT_GID
1874 int "GID to deny client sockets for"
1875 depends on GRKERNSEC_SOCKET_CLIENT
1876 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1877 help
1878 Here you can choose the GID to disable client socket access for.
1879 Remember to add the users you want client socket access disabled for to
1880 -@@ -1050,7 +1050,7 @@
1881 +@@ -1052,7 +1052,7 @@
1882 config GRKERNSEC_SOCKET_SERVER_GID
1883 int "GID to deny server sockets for"
1884 depends on GRKERNSEC_SOCKET_SERVER
1885
1886 diff --git a/3.14.6/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.8/4465_selinux-avc_audit-log-curr_ip.patch
1887 similarity index 99%
1888 rename from 3.14.6/4465_selinux-avc_audit-log-curr_ip.patch
1889 rename to 3.14.8/4465_selinux-avc_audit-log-curr_ip.patch
1890 index 2765cdc..fb528d0 100644
1891 --- a/3.14.6/4465_selinux-avc_audit-log-curr_ip.patch
1892 +++ b/3.14.8/4465_selinux-avc_audit-log-curr_ip.patch
1893 @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
1894 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1895 --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
1896 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
1897 -@@ -1145,6 +1145,27 @@
1898 +@@ -1147,6 +1147,27 @@
1899 menu "Logging Options"
1900 depends on GRKERNSEC
1901
1902
1903 diff --git a/3.14.6/4470_disable-compat_vdso.patch b/3.14.8/4470_disable-compat_vdso.patch
1904 similarity index 100%
1905 rename from 3.14.6/4470_disable-compat_vdso.patch
1906 rename to 3.14.8/4470_disable-compat_vdso.patch
1907
1908 diff --git a/3.14.6/4475_emutramp_default_on.patch b/3.14.8/4475_emutramp_default_on.patch
1909 similarity index 100%
1910 rename from 3.14.6/4475_emutramp_default_on.patch
1911 rename to 3.14.8/4475_emutramp_default_on.patch
1912
1913 diff --git a/3.2.60/0000_README b/3.2.60/0000_README
1914 index daa1871..b5b1f29 100644
1915 --- a/3.2.60/0000_README
1916 +++ b/3.2.60/0000_README
1917 @@ -158,7 +158,7 @@ Patch: 1059_linux-3.2.60.patch
1918 From: http://www.kernel.org
1919 Desc: Linux 3.2.60
1920
1921 -Patch: 4420_grsecurity-3.0-3.2.60-201406101410.patch
1922 +Patch: 4420_grsecurity-3.0-3.2.60-201406191345.patch
1923 From: http://www.grsecurity.net
1924 Desc: hardened-sources base patch from upstream grsecurity
1925
1926
1927 diff --git a/3.2.60/4420_grsecurity-3.0-3.2.60-201406101410.patch b/3.2.60/4420_grsecurity-3.0-3.2.60-201406191345.patch
1928 similarity index 99%
1929 rename from 3.2.60/4420_grsecurity-3.0-3.2.60-201406101410.patch
1930 rename to 3.2.60/4420_grsecurity-3.0-3.2.60-201406191345.patch
1931 index c00f5cd..9f3ccfb 100644
1932 --- a/3.2.60/4420_grsecurity-3.0-3.2.60-201406101410.patch
1933 +++ b/3.2.60/4420_grsecurity-3.0-3.2.60-201406191345.patch
1934 @@ -3951,7 +3951,7 @@ index 6018c80..7c37203 100644
1935
1936 #endif /* _ASM_SYSTEM_H */
1937 diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
1938 -index adda036..e0f33bb 100644
1939 +index adda036..d4f1f45 100644
1940 --- a/arch/mips/include/asm/thread_info.h
1941 +++ b/arch/mips/include/asm/thread_info.h
1942 @@ -124,6 +124,8 @@ register struct thread_info *__current_thread_info __asm__("$28");
1943 @@ -3969,7 +3969,7 @@ index adda036..e0f33bb 100644
1944 #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH)
1945 +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
1946 +
1947 -+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_GRSEC_SETXID)
1948 ++#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SECCOMP | _TIF_GRSEC_SETXID)
1949
1950 /* work to do in syscall_trace_leave() */
1951 -#define _TIF_WORK_SYSCALL_EXIT (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT)
1952 @@ -15936,7 +15936,7 @@ index d7ef849..b1b009a 100644
1953 #endif
1954 #endif /* _ASM_X86_THREAD_INFO_H */
1955 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
1956 -index 36361bf..be257d9 100644
1957 +index 36361bf..9efdc12 100644
1958 --- a/arch/x86/include/asm/uaccess.h
1959 +++ b/arch/x86/include/asm/uaccess.h
1960 @@ -7,6 +7,7 @@
1961 @@ -15960,6 +15960,15 @@ index 36361bf..be257d9 100644
1962
1963 #define segment_eq(a, b) ((a).seg == (b).seg)
1964
1965 +@@ -52,7 +58,7 @@
1966 + __chk_user_ptr(addr); \
1967 + asm("add %3,%1 ; sbb %0,%0 ; cmp %1,%4 ; sbb $0,%0" \
1968 + : "=&r" (flag), "=r" (roksum) \
1969 +- : "1" (addr), "g" ((long)(size)), \
1970 ++ : "1" (addr), "rm" ((long)(size)), \
1971 + "rm" (current_thread_info()->addr_limit.seg)); \
1972 + flag; \
1973 + })
1974 @@ -76,7 +82,35 @@
1975 * checks that the pointer is in the user space range - after calling
1976 * this function, memory access functions may still return -EFAULT.
1977 @@ -34901,7 +34910,7 @@ index da3cfee..a5a6606 100644
1978
1979 *ppos = i;
1980 diff --git a/drivers/char/random.c b/drivers/char/random.c
1981 -index c244f0e..0fa19d6 100644
1982 +index c244f0e..8b3452f 100644
1983 --- a/drivers/char/random.c
1984 +++ b/drivers/char/random.c
1985 @@ -255,10 +255,8 @@
1986 @@ -35639,7 +35648,7 @@ index c244f0e..0fa19d6 100644
1987 }
1988 #endif
1989
1990 -@@ -835,104 +915,130 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1991 +@@ -835,104 +915,131 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1992 * from the primary pool to the secondary extraction pool. We make
1993 * sure we pull enough for a 'catastrophic reseed'.
1994 */
1995 @@ -35733,7 +35742,6 @@ index c244f0e..0fa19d6 100644
1996 int reserved)
1997 {
1998 - unsigned long flags;
1999 -+ int have_bytes;
2000 + int entropy_count, orig;
2001 + size_t ibytes;
2002
2003 @@ -35756,17 +35764,10 @@ index c244f0e..0fa19d6 100644
2004 - if (r->limit && nbytes + reserved >= entropy_count / 8)
2005 - nbytes = entropy_count/8 - reserved;
2006 + entropy_count = orig = ACCESS_ONCE(r->entropy_count);
2007 -+ have_bytes = entropy_count >> (ENTROPY_SHIFT + 3);
2008 + ibytes = nbytes;
2009 + /* If limited, never pull more than available */
2010 -+ if (r->limit)
2011 -+ ibytes = min_t(size_t, ibytes, max(0, have_bytes - reserved));
2012 -+ if (ibytes < min)
2013 -+ ibytes = 0;
2014 -+ if (have_bytes >= ibytes + reserved)
2015 -+ entropy_count -= ibytes << (ENTROPY_SHIFT + 3);
2016 -+ else
2017 -+ entropy_count = reserved << (ENTROPY_SHIFT + 3);
2018 ++ if (r->limit) {
2019 ++ int have_bytes = entropy_count >> (ENTROPY_SHIFT + 3);
2020
2021 - if (entropy_count / 8 >= nbytes + reserved) {
2022 - entropy_count -= nbytes*8;
2023 @@ -35777,25 +35778,33 @@ index c244f0e..0fa19d6 100644
2024 - if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
2025 - goto retry;
2026 - }
2027 -+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
2028 -+ goto retry;
2029 -
2030 +-
2031 - if (entropy_count < random_write_wakeup_thresh) {
2032 - wake_up_interruptible(&random_write_wait);
2033 - kill_fasync(&fasync, SIGIO, POLL_OUT);
2034 - }
2035 ++ if ((have_bytes -= reserved) < 0)
2036 ++ have_bytes = 0;
2037 ++ ibytes = min_t(size_t, ibytes, have_bytes);
2038 + }
2039 ++ if (ibytes < min)
2040 ++ ibytes = 0;
2041 ++ if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0)
2042 ++ entropy_count = 0;
2043 +
2044 +- DEBUG_ENT("debiting %d entropy credits from %s%s\n",
2045 +- nbytes * 8, r->name, r->limit ? "" : " (unlimited)");
2046 ++ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
2047 ++ goto retry;
2048 +
2049 +- spin_unlock_irqrestore(&r->lock, flags);
2050 + trace_debit_entropy(r->name, 8 * ibytes);
2051 + if (ibytes &&
2052 + (r->entropy_count >> ENTROPY_SHIFT) < random_write_wakeup_bits) {
2053 + wake_up_interruptible(&random_write_wait);
2054 + kill_fasync(&fasync, SIGIO, POLL_OUT);
2055 - }
2056 ++ }
2057
2058 -- DEBUG_ENT("debiting %d entropy credits from %s%s\n",
2059 -- nbytes * 8, r->name, r->limit ? "" : " (unlimited)");
2060 --
2061 -- spin_unlock_irqrestore(&r->lock, flags);
2062 --
2063 - return nbytes;
2064 + return ibytes;
2065 }
2066 @@ -35835,7 +35844,7 @@ index c244f0e..0fa19d6 100644
2067 spin_lock_irqsave(&r->lock, flags);
2068 for (i = 0; i < r->poolinfo->poolwords; i += 16)
2069 sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
2070 -@@ -966,27 +1072,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
2071 +@@ -966,27 +1073,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
2072 hash.w[1] ^= hash.w[4];
2073 hash.w[2] ^= rol32(hash.w[2], 16);
2074
2075 @@ -35890,7 +35899,7 @@ index c244f0e..0fa19d6 100644
2076 xfer_secondary_pool(r, nbytes);
2077 nbytes = account(r, nbytes, min, reserved);
2078
2079 -@@ -994,8 +1116,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
2080 +@@ -994,8 +1117,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
2081 extract_buf(r, tmp);
2082
2083 if (fips_enabled) {
2084 @@ -35899,7 +35908,7 @@ index c244f0e..0fa19d6 100644
2085 spin_lock_irqsave(&r->lock, flags);
2086 if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
2087 panic("Hardware RNG duplicated output!\n");
2088 -@@ -1015,12 +1135,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
2089 +@@ -1015,12 +1136,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
2090 return ret;
2091 }
2092
2093 @@ -35917,7 +35926,7 @@ index c244f0e..0fa19d6 100644
2094 xfer_secondary_pool(r, nbytes);
2095 nbytes = account(r, nbytes, 0, 0);
2096
2097 -@@ -1036,7 +1161,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
2098 +@@ -1036,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
2099
2100 extract_buf(r, tmp);
2101 i = min_t(int, nbytes, EXTRACT_SIZE);
2102 @@ -35926,7 +35935,7 @@ index c244f0e..0fa19d6 100644
2103 ret = -EFAULT;
2104 break;
2105 }
2106 -@@ -1055,11 +1180,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
2107 +@@ -1055,11 +1181,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
2108 /*
2109 * This function is the exported kernel interface. It returns some
2110 * number of good random numbers, suitable for key generation, seeding
2111 @@ -35949,7 +35958,7 @@ index c244f0e..0fa19d6 100644
2112 extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
2113 }
2114 EXPORT_SYMBOL(get_random_bytes);
2115 -@@ -1078,6 +1212,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
2116 +@@ -1078,6 +1213,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
2117 {
2118 char *p = buf;
2119
2120 @@ -35957,7 +35966,7 @@ index c244f0e..0fa19d6 100644
2121 while (nbytes) {
2122 unsigned long v;
2123 int chunk = min(nbytes, (int)sizeof(unsigned long));
2124 -@@ -1111,12 +1246,11 @@ static void init_std_data(struct entropy_store *r)
2125 +@@ -1111,12 +1247,11 @@ static void init_std_data(struct entropy_store *r)
2126 ktime_t now = ktime_get_real();
2127 unsigned long rv;
2128
2129 @@ -35973,7 +35982,7 @@ index c244f0e..0fa19d6 100644
2130 mix_pool_bytes(r, &rv, sizeof(rv), NULL);
2131 }
2132 mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL);
2133 -@@ -1139,25 +1273,7 @@ static int rand_initialize(void)
2134 +@@ -1139,25 +1274,7 @@ static int rand_initialize(void)
2135 init_std_data(&nonblocking_pool);
2136 return 0;
2137 }
2138 @@ -36000,7 +36009,7 @@ index c244f0e..0fa19d6 100644
2139
2140 #ifdef CONFIG_BLOCK
2141 void rand_initialize_disk(struct gendisk *disk)
2142 -@@ -1169,71 +1285,59 @@ void rand_initialize_disk(struct gendisk *disk)
2143 +@@ -1169,71 +1286,59 @@ void rand_initialize_disk(struct gendisk *disk)
2144 * source.
2145 */
2146 state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
2147 @@ -36108,7 +36117,7 @@ index c244f0e..0fa19d6 100644
2148 }
2149
2150 static unsigned int
2151 -@@ -1244,9 +1348,9 @@ random_poll(struct file *file, poll_table * wait)
2152 +@@ -1244,9 +1349,9 @@ random_poll(struct file *file, poll_table * wait)
2153 poll_wait(file, &random_read_wait, wait);
2154 poll_wait(file, &random_write_wait, wait);
2155 mask = 0;
2156 @@ -36120,7 +36129,7 @@ index c244f0e..0fa19d6 100644
2157 mask |= POLLOUT | POLLWRNORM;
2158 return mask;
2159 }
2160 -@@ -1297,7 +1401,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2161 +@@ -1297,7 +1402,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2162 switch (cmd) {
2163 case RNDGETENTCNT:
2164 /* inherently racy, no point locking */
2165 @@ -36130,7 +36139,7 @@ index c244f0e..0fa19d6 100644
2166 return -EFAULT;
2167 return 0;
2168 case RNDADDTOENTCNT:
2169 -@@ -1305,7 +1410,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2170 +@@ -1305,7 +1411,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2171 return -EPERM;
2172 if (get_user(ent_count, p))
2173 return -EFAULT;
2174 @@ -36139,7 +36148,7 @@ index c244f0e..0fa19d6 100644
2175 return 0;
2176 case RNDADDENTROPY:
2177 if (!capable(CAP_SYS_ADMIN))
2178 -@@ -1320,14 +1425,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2179 +@@ -1320,14 +1426,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2180 size);
2181 if (retval < 0)
2182 return retval;
2183 @@ -36162,7 +36171,7 @@ index c244f0e..0fa19d6 100644
2184 return 0;
2185 default:
2186 return -EINVAL;
2187 -@@ -1387,23 +1497,23 @@ EXPORT_SYMBOL(generate_random_uuid);
2188 +@@ -1387,23 +1498,23 @@ EXPORT_SYMBOL(generate_random_uuid);
2189 #include <linux/sysctl.h>
2190
2191 static int min_read_thresh = 8, min_write_thresh;
2192 @@ -36193,7 +36202,7 @@ index c244f0e..0fa19d6 100644
2193 unsigned char buf[64], tmp_uuid[16], *uuid;
2194
2195 uuid = table->data;
2196 -@@ -1427,8 +1537,26 @@ static int proc_do_uuid(ctl_table *table, int write,
2197 +@@ -1427,8 +1538,26 @@ static int proc_do_uuid(ctl_table *table, int write,
2198 return proc_dostring(&fake_table, write, buffer, lenp, ppos);
2199 }
2200
2201 @@ -36221,7 +36230,7 @@ index c244f0e..0fa19d6 100644
2202 {
2203 .procname = "poolsize",
2204 .data = &sysctl_poolsize,
2205 -@@ -1440,12 +1568,12 @@ ctl_table random_table[] = {
2206 +@@ -1440,12 +1569,12 @@ ctl_table random_table[] = {
2207 .procname = "entropy_avail",
2208 .maxlen = sizeof(int),
2209 .mode = 0444,
2210 @@ -36236,7 +36245,7 @@ index c244f0e..0fa19d6 100644
2211 .maxlen = sizeof(int),
2212 .mode = 0644,
2213 .proc_handler = proc_dointvec_minmax,
2214 -@@ -1454,7 +1582,7 @@ ctl_table random_table[] = {
2215 +@@ -1454,7 +1583,7 @@ ctl_table random_table[] = {
2216 },
2217 {
2218 .procname = "write_wakeup_threshold",
2219 @@ -36245,7 +36254,7 @@ index c244f0e..0fa19d6 100644
2220 .maxlen = sizeof(int),
2221 .mode = 0644,
2222 .proc_handler = proc_dointvec_minmax,
2223 -@@ -1462,6 +1590,13 @@ ctl_table random_table[] = {
2224 +@@ -1462,6 +1591,13 @@ ctl_table random_table[] = {
2225 .extra2 = &max_write_thresh,
2226 },
2227 {
2228 @@ -36259,7 +36268,7 @@ index c244f0e..0fa19d6 100644
2229 .procname = "boot_id",
2230 .data = &sysctl_bootid,
2231 .maxlen = 16,
2232 -@@ -1492,7 +1627,7 @@ int random_int_secret_init(void)
2233 +@@ -1492,7 +1628,7 @@ int random_int_secret_init(void)
2234 * value is not cryptographically secure but for several uses the cost of
2235 * depleting entropy is too high
2236 */
2237 @@ -36268,7 +36277,7 @@ index c244f0e..0fa19d6 100644
2238 unsigned int get_random_int(void)
2239 {
2240 __u32 *hash;
2241 -@@ -1510,6 +1645,7 @@ unsigned int get_random_int(void)
2242 +@@ -1510,6 +1646,7 @@ unsigned int get_random_int(void)
2243
2244 return ret;
2245 }
2246 @@ -42173,10 +42182,33 @@ index 6d05e26..a579e8c 100644
2247
2248 rdev_dec_pending(rdev, mddev);
2249 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
2250 -index 7c963c4..1204886 100644
2251 +index 7c963c4..8d07287e 100644
2252 --- a/drivers/md/raid5.c
2253 +++ b/drivers/md/raid5.c
2254 -@@ -1618,19 +1618,19 @@ static void raid5_end_read_request(struct bio * bi, int error)
2255 +@@ -1364,6 +1364,10 @@ static int grow_one_stripe(struct r5conf *conf)
2256 + return 1;
2257 + }
2258 +
2259 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
2260 ++static atomic_unchecked_t raid5_cache_id = ATOMIC_INIT(0);
2261 ++#endif
2262 ++
2263 + static int grow_stripes(struct r5conf *conf, int num)
2264 + {
2265 + struct kmem_cache *sc;
2266 +@@ -1374,7 +1378,11 @@ static int grow_stripes(struct r5conf *conf, int num)
2267 + "raid%d-%s", conf->level, mdname(conf->mddev));
2268 + else
2269 + sprintf(conf->cache_name[0],
2270 ++#ifdef CONFIG_GRKERNSEC_HIDESYM
2271 ++ "raid%d-%08lx", conf->level, atomic_inc_return_unchecked(&raid5_cache_id));
2272 ++#else
2273 + "raid%d-%p", conf->level, conf->mddev);
2274 ++#endif
2275 + sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
2276 +
2277 + conf->active_name = 0;
2278 +@@ -1618,19 +1626,19 @@ static void raid5_end_read_request(struct bio * bi, int error)
2279 (unsigned long long)(sh->sector
2280 + rdev->data_offset),
2281 bdevname(rdev->bdev, b));
2282 @@ -42200,7 +42232,7 @@ index 7c963c4..1204886 100644
2283 if (conf->mddev->degraded >= conf->max_degraded)
2284 printk_ratelimited(
2285 KERN_WARNING
2286 -@@ -1650,7 +1650,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
2287 +@@ -1650,7 +1658,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
2288 (unsigned long long)(sh->sector
2289 + rdev->data_offset),
2290 bdn);
2291 @@ -58189,6 +58221,27 @@ index 22764c7..86372c9 100644
2292 if (arg >= rlimit(RLIMIT_NOFILE))
2293 break;
2294 err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0);
2295 +diff --git a/fs/fhandle.c b/fs/fhandle.c
2296 +index 6b08864..4b42b2d 100644
2297 +--- a/fs/fhandle.c
2298 ++++ b/fs/fhandle.c
2299 +@@ -8,6 +8,7 @@
2300 + #include <linux/fs_struct.h>
2301 + #include <linux/fsnotify.h>
2302 + #include <linux/personality.h>
2303 ++#include <linux/grsecurity.h>
2304 + #include <asm/uaccess.h>
2305 + #include "internal.h"
2306 +
2307 +@@ -176,7 +177,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
2308 + * the directory. Ideally we would like CAP_DAC_SEARCH.
2309 + * But we don't have that
2310 + */
2311 +- if (!capable(CAP_DAC_READ_SEARCH)) {
2312 ++ if (!capable(CAP_DAC_READ_SEARCH) || !gr_chroot_fhandle()) {
2313 + retval = -EPERM;
2314 + goto out_err;
2315 + }
2316 diff --git a/fs/fifo.c b/fs/fifo.c
2317 index cf6f434..3d7942c 100644
2318 --- a/fs/fifo.c
2319 @@ -64823,10 +64876,10 @@ index 8a89949..6776861 100644
2320 xfs_init_zones(void)
2321 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
2322 new file mode 100644
2323 -index 0000000..ddeec00
2324 +index 0000000..155d9f5
2325 --- /dev/null
2326 +++ b/grsecurity/Kconfig
2327 -@@ -0,0 +1,1160 @@
2328 +@@ -0,0 +1,1162 @@
2329 +#
2330 +# grecurity configuration
2331 +#
2332 @@ -65374,14 +65427,16 @@ index 0000000..ddeec00
2333 + created.
2334 +
2335 +config GRKERNSEC_CHROOT_FCHDIR
2336 -+ bool "Deny fchdir out of chroot"
2337 ++ bool "Deny fchdir and fhandle out of chroot"
2338 + default y if GRKERNSEC_CONFIG_AUTO
2339 + depends on GRKERNSEC_CHROOT
2340 + help
2341 + If you say Y here, a well-known method of breaking chroots by fchdir'ing
2342 + to a file descriptor of the chrooting process that points to a directory
2343 -+ outside the filesystem will be stopped. If the sysctl option
2344 -+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
2345 ++ outside the filesystem will be stopped. Additionally, this option prevents
2346 ++ use of the recently-created syscall for opening files by a guessable "file
2347 ++ handle" inside a chroot. If the sysctl option is enabled, a sysctl option
2348 ++ with name "chroot_deny_fchdir" is created.
2349 +
2350 +config GRKERNSEC_CHROOT_MKNOD
2351 + bool "Deny mknod"
2352 @@ -72671,10 +72726,10 @@ index 0000000..bc0be01
2353 +}
2354 diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
2355 new file mode 100644
2356 -index 0000000..12eb2bd
2357 +index 0000000..60b786f
2358 --- /dev/null
2359 +++ b/grsecurity/grsec_chroot.c
2360 -@@ -0,0 +1,353 @@
2361 +@@ -0,0 +1,370 @@
2362 +#include <linux/kernel.h>
2363 +#include <linux/module.h>
2364 +#include <linux/sched.h>
2365 @@ -72849,6 +72904,23 @@ index 0000000..12eb2bd
2366 +}
2367 +
2368 +int
2369 ++gr_chroot_fhandle(void)
2370 ++{
2371 ++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
2372 ++ if (!grsec_enable_chroot_fchdir)
2373 ++ return 1;
2374 ++
2375 ++ if (!proc_is_chrooted(current))
2376 ++ return 1;
2377 ++ else {
2378 ++ gr_log_noargs(GR_DONT_AUDIT, GR_CHROOT_FHANDLE_MSG);
2379 ++ return 0;
2380 ++ }
2381 ++#endif
2382 ++ return 1;
2383 ++}
2384 ++
2385 ++int
2386 +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
2387 + const time_t shm_createtime)
2388 +{
2389 @@ -78952,10 +79024,10 @@ index 0000000..7dc4203
2390 +#endif
2391 diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
2392 new file mode 100644
2393 -index 0000000..ba93581
2394 +index 0000000..b02ba9d
2395 --- /dev/null
2396 +++ b/include/linux/grmsg.h
2397 -@@ -0,0 +1,116 @@
2398 +@@ -0,0 +1,117 @@
2399 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
2400 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
2401 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
2402 @@ -79002,6 +79074,7 @@ index 0000000..ba93581
2403 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
2404 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
2405 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
2406 ++#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
2407 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
2408 +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
2409 +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
2410 @@ -79074,10 +79147,10 @@ index 0000000..ba93581
2411 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
2412 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
2413 new file mode 100644
2414 -index 0000000..053a2fa
2415 +index 0000000..2a0fe35
2416 --- /dev/null
2417 +++ b/include/linux/grsecurity.h
2418 -@@ -0,0 +1,227 @@
2419 +@@ -0,0 +1,228 @@
2420 +#ifndef GR_SECURITY_H
2421 +#define GR_SECURITY_H
2422 +#include <linux/fs.h>
2423 @@ -79121,6 +79194,7 @@ index 0000000..053a2fa
2424 +int gr_handle_chroot_setpriority(struct task_struct *p,
2425 + const int niceval);
2426 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
2427 ++int gr_chroot_fhandle(void);
2428 +int gr_handle_chroot_chroot(const struct dentry *dentry,
2429 + const struct vfsmount *mnt);
2430 +void gr_handle_chroot_chdir(struct path *path);
2431 @@ -106609,7 +106683,7 @@ index 3626666..4d873cd 100644
2432 +
2433 +clean-files := randstruct.seed
2434 diff --git a/scripts/Makefile.build b/scripts/Makefile.build
2435 -index d2b366c..2d5a6f8 100644
2436 +index d2b366c1..2d5a6f8 100644
2437 --- a/scripts/Makefile.build
2438 +++ b/scripts/Makefile.build
2439 @@ -109,7 +109,7 @@ endif
2440 @@ -106797,26 +106871,53 @@ index cb1f50c..cef2a7c 100644
2441 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
2442 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
2443 new file mode 100644
2444 -index 0000000..edcbc3a
2445 +index 0000000..3fd3699
2446 --- /dev/null
2447 +++ b/scripts/gcc-plugin.sh
2448 -@@ -0,0 +1,16 @@
2449 +@@ -0,0 +1,43 @@
2450 +#!/bin/bash
2451 +srctree=$(dirname "$0")
2452 +gccplugins_dir=$($3 -print-file-name=plugin)
2453 -+plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
2454 ++plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
2455 +#include "gcc-common.h"
2456 +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
2457 -+#warning $2
2458 ++#warning $2 CXX
2459 +#else
2460 -+#warning $1
2461 ++#warning $1 CC
2462 +#endif
2463 +EOF
2464 +)
2465 ++
2466 ++if [ $? -ne 0 ]
2467 ++then
2468 ++ exit 1
2469 ++fi
2470 ++
2471 ++if [[ "$plugincc" =~ "$1 CC" ]]
2472 ++then
2473 ++ echo "$1"
2474 ++ exit 0
2475 ++fi
2476 ++
2477 ++if [[ "$plugincc" =~ "$2 CXX" ]]
2478 ++then
2479 ++plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
2480 ++#include "gcc-common.h"
2481 ++class test {
2482 ++public:
2483 ++ int test;
2484 ++} test = {
2485 ++ .test = 1
2486 ++};
2487 ++EOF
2488 ++)
2489 +if [ $? -eq 0 ]
2490 +then
2491 -+ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" )
2492 ++ echo "$2"
2493 ++ exit 0
2494 ++fi
2495 +fi
2496 ++exit 1
2497 diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl
2498 index 48462be..3e08f94 100644
2499 --- a/scripts/headers_install.pl
2500
2501 diff --git a/3.2.60/4450_grsec-kconfig-default-gids.patch b/3.2.60/4450_grsec-kconfig-default-gids.patch
2502 index f3f6f14..e3c7c72 100644
2503 --- a/3.2.60/4450_grsec-kconfig-default-gids.patch
2504 +++ b/3.2.60/4450_grsec-kconfig-default-gids.patch
2505 @@ -16,7 +16,7 @@ from shooting themselves in the foot.
2506 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2507 --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400
2508 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400
2509 -@@ -664,7 +664,7 @@
2510 +@@ -666,7 +666,7 @@
2511 config GRKERNSEC_AUDIT_GID
2512 int "GID for auditing"
2513 depends on GRKERNSEC_AUDIT_GROUP
2514 @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2515
2516 config GRKERNSEC_EXECLOG
2517 bool "Exec logging"
2518 -@@ -895,7 +895,7 @@
2519 +@@ -897,7 +897,7 @@
2520 config GRKERNSEC_TPE_UNTRUSTED_GID
2521 int "GID for TPE-untrusted users"
2522 depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
2523 @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2524 help
2525 Setting this GID determines what group TPE restrictions will be
2526 *enabled* for. If the sysctl option is enabled, a sysctl option
2527 -@@ -904,7 +904,7 @@
2528 +@@ -906,7 +906,7 @@
2529 config GRKERNSEC_TPE_TRUSTED_GID
2530 int "GID for TPE-trusted users"
2531 depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
2532 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2533 help
2534 Setting this GID determines what group TPE restrictions will be
2535 *disabled* for. If the sysctl option is enabled, a sysctl option
2536 -@@ -997,7 +997,7 @@
2537 +@@ -999,7 +999,7 @@
2538 config GRKERNSEC_SOCKET_ALL_GID
2539 int "GID to deny all sockets for"
2540 depends on GRKERNSEC_SOCKET_ALL
2541 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2542 help
2543 Here you can choose the GID to disable socket access for. Remember to
2544 add the users you want socket access disabled for to the GID
2545 -@@ -1018,7 +1018,7 @@
2546 +@@ -1020,7 +1020,7 @@
2547 config GRKERNSEC_SOCKET_CLIENT_GID
2548 int "GID to deny client sockets for"
2549 depends on GRKERNSEC_SOCKET_CLIENT
2550 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2551 help
2552 Here you can choose the GID to disable client socket access for.
2553 Remember to add the users you want client socket access disabled for to
2554 -@@ -1036,7 +1036,7 @@
2555 +@@ -1038,7 +1038,7 @@
2556 config GRKERNSEC_SOCKET_SERVER_GID
2557 int "GID to deny server sockets for"
2558 depends on GRKERNSEC_SOCKET_SERVER
2559
2560 diff --git a/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch
2561 index e10ec6d..035fe2d 100644
2562 --- a/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch
2563 +++ b/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch
2564 @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
2565 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2566 --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
2567 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
2568 -@@ -1131,6 +1131,27 @@
2569 +@@ -1133,6 +1133,27 @@
2570 menu "Logging Options"
2571 depends on GRKERNSEC
Report Message
Find on MARC Find on Google Groups