Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.17/, 3.15.10/, 3.2.62/
Date: Sun, 24 Aug 2014 14:46:42
Message-Id: 1408891715.afb00ac527c9a3d645742ea4bf120f2d3bd2b23b.blueness@gentoo
1 commit: afb00ac527c9a3d645742ea4bf120f2d3bd2b23b
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sun Aug 24 14:48:35 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Aug 24 14:48:35 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=afb00ac5
7
8 Grsec/PaX: 3.0-{3.2.62,3.14.17,3.15.10}-201408212335
9
10 ---
11 3.14.17/0000_README | 2 +-
12 ...4420_grsecurity-3.0-3.14.17-201408212334.patch} | 426 ++++++++++++++++---
13 3.14.17/4450_grsec-kconfig-default-gids.patch | 6 +-
14 3.15.10/0000_README | 2 +-
15 ...4420_grsecurity-3.0-3.15.10-201408212335.patch} | 433 ++++++++++++++++---
16 3.15.10/4450_grsec-kconfig-default-gids.patch | 6 +-
17 3.2.62/0000_README | 2 +-
18 ... 4420_grsecurity-3.0-3.2.62-201408212331.patch} | 465 +++++++++++++++++----
19 3.2.62/4450_grsec-kconfig-default-gids.patch | 6 +-
20 3.2.62/4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
21 10 files changed, 1134 insertions(+), 216 deletions(-)
22
23 diff --git a/3.14.17/0000_README b/3.14.17/0000_README
24 index ce3685e..2ab1642 100644
25 --- a/3.14.17/0000_README
26 +++ b/3.14.17/0000_README
27 @@ -2,7 +2,7 @@ README
28 -----------------------------------------------------------------------------
29 Individual Patch Descriptions:
30 -----------------------------------------------------------------------------
31 -Patch: 4420_grsecurity-3.0-3.14.17-201408192019.patch
32 +Patch: 4420_grsecurity-3.0-3.14.17-201408212334.patch
33 From: http://www.grsecurity.net
34 Desc: hardened-sources base patch from upstream grsecurity
35
36
37 diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch b/3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
38 similarity index 99%
39 rename from 3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
40 rename to 3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
41 index 73749ef..bf6a578 100644
42 --- a/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
43 +++ b/3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
44 @@ -38844,28 +38844,10 @@ index 8320abd..ec48108 100644
45
46 if (cmd != SIOCWANDEV)
47 diff --git a/drivers/char/random.c b/drivers/char/random.c
48 -index 429b75b..a7f4145 100644
49 +index 429b75b..de805d0 100644
50 --- a/drivers/char/random.c
51 +++ b/drivers/char/random.c
52 -@@ -270,10 +270,17 @@
53 - /*
54 - * Configuration information
55 - */
56 -+#ifdef CONFIG_GRKERNSEC_RANDNET
57 -+#define INPUT_POOL_SHIFT 14
58 -+#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
59 -+#define OUTPUT_POOL_SHIFT 12
60 -+#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
61 -+#else
62 - #define INPUT_POOL_SHIFT 12
63 - #define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
64 - #define OUTPUT_POOL_SHIFT 10
65 - #define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
66 -+#endif
67 - #define SEC_XFER_SIZE 512
68 - #define EXTRACT_SIZE 10
69 -
70 -@@ -284,9 +291,6 @@
71 +@@ -284,9 +284,6 @@
72 /*
73 * To allow fractional bits to be tracked, the entropy_count field is
74 * denominated in units of 1/8th bits.
75 @@ -38875,27 +38857,7 @@ index 429b75b..a7f4145 100644
76 */
77 #define ENTROPY_SHIFT 3
78 #define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
79 -@@ -361,12 +365,19 @@ static struct poolinfo {
80 - #define S(x) ilog2(x)+5, (x), (x)*4, (x)*32, (x) << (ENTROPY_SHIFT+5)
81 - int tap1, tap2, tap3, tap4, tap5;
82 - } poolinfo_table[] = {
83 -+#ifdef CONFIG_GRKERNSEC_RANDNET
84 -+ /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
85 -+ { S(512), 411, 308, 208, 104, 1 },
86 -+ /* x^128 + x^104 + x^76 + x^51 + x^25 + x + 1 -- 105 */
87 -+ { S(128), 104, 76, 51, 25, 1 },
88 -+#else
89 - /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
90 - /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
91 - { S(128), 104, 76, 51, 25, 1 },
92 - /* was: x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 */
93 - /* x^32 + x^26 + x^19 + x^14 + x^7 + x + 1 */
94 - { S(32), 26, 19, 14, 7, 1 },
95 -+#endif
96 - #if 0
97 - /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
98 - { S(2048), 1638, 1231, 819, 411, 1 },
99 -@@ -433,9 +444,9 @@ struct entropy_store {
100 +@@ -433,9 +430,9 @@ struct entropy_store {
101 };
102
103 static void push_to_pool(struct work_struct *work);
104 @@ -38908,7 +38870,7 @@ index 429b75b..a7f4145 100644
105
106 static struct entropy_store input_pool = {
107 .poolinfo = &poolinfo_table[0],
108 -@@ -524,8 +535,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
109 +@@ -524,8 +521,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
110 input_rotate = (input_rotate + (i ? 7 : 14)) & 31;
111 }
112
113 @@ -38919,7 +38881,7 @@ index 429b75b..a7f4145 100644
114 smp_wmb();
115
116 if (out)
117 -@@ -632,7 +643,7 @@ retry:
118 +@@ -632,7 +629,7 @@ retry:
119 /* The +2 corresponds to the /4 in the denominator */
120
121 do {
122 @@ -38928,7 +38890,7 @@ index 429b75b..a7f4145 100644
123 unsigned int add =
124 ((pool_size - entropy_count)*anfrac*3) >> s;
125
126 -@@ -1151,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
127 +@@ -1151,7 +1148,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
128
129 extract_buf(r, tmp);
130 i = min_t(int, nbytes, EXTRACT_SIZE);
131 @@ -38937,7 +38899,7 @@ index 429b75b..a7f4145 100644
132 ret = -EFAULT;
133 break;
134 }
135 -@@ -1507,7 +1518,7 @@ EXPORT_SYMBOL(generate_random_uuid);
136 +@@ -1507,7 +1504,7 @@ EXPORT_SYMBOL(generate_random_uuid);
137 #include <linux/sysctl.h>
138
139 static int min_read_thresh = 8, min_write_thresh;
140 @@ -38946,7 +38908,7 @@ index 429b75b..a7f4145 100644
141 static int max_write_thresh = INPUT_POOL_WORDS * 32;
142 static char sysctl_bootid[16];
143
144 -@@ -1523,7 +1534,7 @@ static char sysctl_bootid[16];
145 +@@ -1523,7 +1520,7 @@ static char sysctl_bootid[16];
146 static int proc_do_uuid(struct ctl_table *table, int write,
147 void __user *buffer, size_t *lenp, loff_t *ppos)
148 {
149 @@ -38955,7 +38917,7 @@ index 429b75b..a7f4145 100644
150 unsigned char buf[64], tmp_uuid[16], *uuid;
151
152 uuid = table->data;
153 -@@ -1553,7 +1564,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
154 +@@ -1553,7 +1550,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
155 static int proc_do_entropy(ctl_table *table, int write,
156 void __user *buffer, size_t *lenp, loff_t *ppos)
157 {
158 @@ -41703,6 +41665,19 @@ index 6866448..2ad2b34 100644
159 {
160 /* copy over all the bus versions */
161 if (dev->bus && dev->bus->pm) {
162 +diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
163 +index 1bdcccc..f745d2c 100644
164 +--- a/drivers/hid/hid-cherry.c
165 ++++ b/drivers/hid/hid-cherry.c
166 +@@ -28,7 +28,7 @@
167 + static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
168 + unsigned int *rsize)
169 + {
170 +- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
171 ++ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
172 + hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
173 + rdesc[11] = rdesc[16] = 0xff;
174 + rdesc[12] = rdesc[17] = 0x03;
175 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
176 index 7cd42ea..a367c48 100644
177 --- a/drivers/hid/hid-core.c
178 @@ -41725,6 +41700,110 @@ index 7cd42ea..a367c48 100644
179
180 hid_debug_register(hdev, dev_name(&hdev->dev));
181 ret = device_add(&hdev->dev);
182 +diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
183 +index e776963..b92bf01 100644
184 +--- a/drivers/hid/hid-kye.c
185 ++++ b/drivers/hid/hid-kye.c
186 +@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
187 + * - change the button usage range to 4-7 for the extra
188 + * buttons
189 + */
190 +- if (*rsize >= 74 &&
191 ++ if (*rsize >= 75 &&
192 + rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
193 + rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
194 + rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
195 +diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
196 +index 9fe9d4a..b8207e0 100644
197 +--- a/drivers/hid/hid-lg.c
198 ++++ b/drivers/hid/hid-lg.c
199 +@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
200 + struct usb_device_descriptor *udesc;
201 + __u16 bcdDevice, rev_maj, rev_min;
202 +
203 +- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
204 ++ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
205 + rdesc[84] == 0x8c && rdesc[85] == 0x02) {
206 + hid_info(hdev,
207 + "fixing up Logitech keyboard report descriptor\n");
208 + rdesc[84] = rdesc[89] = 0x4d;
209 + rdesc[85] = rdesc[90] = 0x10;
210 + }
211 +- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
212 ++ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
213 + rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
214 + rdesc[49] == 0x81 && rdesc[50] == 0x06) {
215 + hid_info(hdev,
216 +diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
217 +index f45279c..0b14d32 100644
218 +--- a/drivers/hid/hid-logitech-dj.c
219 ++++ b/drivers/hid/hid-logitech-dj.c
220 +@@ -237,13 +237,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
221 + return;
222 + }
223 +
224 +- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
225 +- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
226 +- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
227 +- __func__, dj_report->device_index);
228 +- return;
229 +- }
230 +-
231 + if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
232 + /* The device is already known. No need to reallocate it. */
233 + dbg_hid("%s: device is already known\n", __func__);
234 +@@ -721,6 +714,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
235 + * device (via hid_input_report() ) and return 1 so hid-core does not do
236 + * anything else with it.
237 + */
238 ++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
239 ++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
240 ++ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
241 ++ __func__, dj_report->device_index);
242 ++ return false;
243 ++ }
244 +
245 + spin_lock_irqsave(&djrcv_dev->lock, flags);
246 + if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
247 +diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
248 +index 9e14c00..25daf28 100644
249 +--- a/drivers/hid/hid-monterey.c
250 ++++ b/drivers/hid/hid-monterey.c
251 +@@ -24,7 +24,7 @@
252 + static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
253 + unsigned int *rsize)
254 + {
255 +- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
256 ++ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
257 + hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
258 + rdesc[30] = 0x0c;
259 + }
260 +diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
261 +index 736b250..6aca4f2 100644
262 +--- a/drivers/hid/hid-petalynx.c
263 ++++ b/drivers/hid/hid-petalynx.c
264 +@@ -25,7 +25,7 @@
265 + static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
266 + unsigned int *rsize)
267 + {
268 +- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
269 ++ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
270 + rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
271 + rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
272 + hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
273 +diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
274 +index 87fc91e..91072fa 100644
275 +--- a/drivers/hid/hid-sunplus.c
276 ++++ b/drivers/hid/hid-sunplus.c
277 +@@ -24,7 +24,7 @@
278 + static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
279 + unsigned int *rsize)
280 + {
281 +- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
282 ++ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
283 + rdesc[106] == 0x03) {
284 + hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
285 + rdesc[105] = rdesc[110] = 0x03;
286 diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
287 index c13fb5b..55a3802 100644
288 --- a/drivers/hid/hid-wiimote-debug.c
289 @@ -61813,6 +61892,185 @@ index e846a32..bb06bd0 100644
290 put_cpu_var(last_ino);
291 return res;
292 }
293 +diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
294 +index 4a9e10e..a9daccb 100644
295 +--- a/fs/isofs/inode.c
296 ++++ b/fs/isofs/inode.c
297 +@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
298 + return;
299 + }
300 +
301 +-static int isofs_read_inode(struct inode *);
302 ++static int isofs_read_inode(struct inode *, int relocated);
303 + static int isofs_statfs (struct dentry *, struct kstatfs *);
304 +
305 + static struct kmem_cache *isofs_inode_cachep;
306 +@@ -1258,7 +1258,7 @@ out_toomany:
307 + goto out;
308 + }
309 +
310 +-static int isofs_read_inode(struct inode *inode)
311 ++static int isofs_read_inode(struct inode *inode, int relocated)
312 + {
313 + struct super_block *sb = inode->i_sb;
314 + struct isofs_sb_info *sbi = ISOFS_SB(sb);
315 +@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode)
316 + */
317 +
318 + if (!high_sierra) {
319 +- parse_rock_ridge_inode(de, inode);
320 ++ parse_rock_ridge_inode(de, inode, relocated);
321 + /* if we want uid/gid set, override the rock ridge setting */
322 + if (sbi->s_uid_set)
323 + inode->i_uid = sbi->s_uid;
324 +@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
325 + * offset that point to the underlying meta-data for the inode. The
326 + * code below is otherwise similar to the iget() code in
327 + * include/linux/fs.h */
328 +-struct inode *isofs_iget(struct super_block *sb,
329 +- unsigned long block,
330 +- unsigned long offset)
331 ++struct inode *__isofs_iget(struct super_block *sb,
332 ++ unsigned long block,
333 ++ unsigned long offset,
334 ++ int relocated)
335 + {
336 + unsigned long hashval;
337 + struct inode *inode;
338 +@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb,
339 + return ERR_PTR(-ENOMEM);
340 +
341 + if (inode->i_state & I_NEW) {
342 +- ret = isofs_read_inode(inode);
343 ++ ret = isofs_read_inode(inode, relocated);
344 + if (ret < 0) {
345 + iget_failed(inode);
346 + inode = ERR_PTR(ret);
347 +diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
348 +index 9916723..0ac4c1f 100644
349 +--- a/fs/isofs/isofs.h
350 ++++ b/fs/isofs/isofs.h
351 +@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
352 +
353 + struct inode; /* To make gcc happy */
354 +
355 +-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
356 ++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
357 + extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
358 + extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
359 +
360 +@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
361 + extern struct buffer_head *isofs_bread(struct inode *, sector_t);
362 + extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
363 +
364 +-extern struct inode *isofs_iget(struct super_block *sb,
365 +- unsigned long block,
366 +- unsigned long offset);
367 ++struct inode *__isofs_iget(struct super_block *sb,
368 ++ unsigned long block,
369 ++ unsigned long offset,
370 ++ int relocated);
371 ++
372 ++static inline struct inode *isofs_iget(struct super_block *sb,
373 ++ unsigned long block,
374 ++ unsigned long offset)
375 ++{
376 ++ return __isofs_iget(sb, block, offset, 0);
377 ++}
378 ++
379 ++static inline struct inode *isofs_iget_reloc(struct super_block *sb,
380 ++ unsigned long block,
381 ++ unsigned long offset)
382 ++{
383 ++ return __isofs_iget(sb, block, offset, 1);
384 ++}
385 +
386 + /* Because the inode number is no longer relevant to finding the
387 + * underlying meta-data for an inode, we are free to choose a more
388 +diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
389 +index c0bf424..f488bba 100644
390 +--- a/fs/isofs/rock.c
391 ++++ b/fs/isofs/rock.c
392 +@@ -288,12 +288,16 @@ eio:
393 + goto out;
394 + }
395 +
396 ++#define RR_REGARD_XA 1
397 ++#define RR_RELOC_DE 2
398 ++
399 + static int
400 + parse_rock_ridge_inode_internal(struct iso_directory_record *de,
401 +- struct inode *inode, int regard_xa)
402 ++ struct inode *inode, int flags)
403 + {
404 + int symlink_len = 0;
405 + int cnt, sig;
406 ++ unsigned int reloc_block;
407 + struct inode *reloc;
408 + struct rock_ridge *rr;
409 + int rootflag;
410 +@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
411 +
412 + init_rock_state(&rs, inode);
413 + setup_rock_ridge(de, inode, &rs);
414 +- if (regard_xa) {
415 ++ if (flags & RR_REGARD_XA) {
416 + rs.chr += 14;
417 + rs.len -= 14;
418 + if (rs.len < 0)
419 +@@ -485,12 +489,22 @@ repeat:
420 + "relocated directory\n");
421 + goto out;
422 + case SIG('C', 'L'):
423 +- ISOFS_I(inode)->i_first_extent =
424 +- isonum_733(rr->u.CL.location);
425 +- reloc =
426 +- isofs_iget(inode->i_sb,
427 +- ISOFS_I(inode)->i_first_extent,
428 +- 0);
429 ++ if (flags & RR_RELOC_DE) {
430 ++ printk(KERN_ERR
431 ++ "ISOFS: Recursive directory relocation "
432 ++ "is not supported\n");
433 ++ goto eio;
434 ++ }
435 ++ reloc_block = isonum_733(rr->u.CL.location);
436 ++ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
437 ++ ISOFS_I(inode)->i_iget5_offset == 0) {
438 ++ printk(KERN_ERR
439 ++ "ISOFS: Directory relocation points to "
440 ++ "itself\n");
441 ++ goto eio;
442 ++ }
443 ++ ISOFS_I(inode)->i_first_extent = reloc_block;
444 ++ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
445 + if (IS_ERR(reloc)) {
446 + ret = PTR_ERR(reloc);
447 + goto out;
448 +@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
449 + return rpnt;
450 + }
451 +
452 +-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
453 ++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
454 ++ int relocated)
455 + {
456 +- int result = parse_rock_ridge_inode_internal(de, inode, 0);
457 ++ int flags = relocated ? RR_RELOC_DE : 0;
458 ++ int result = parse_rock_ridge_inode_internal(de, inode, flags);
459 +
460 + /*
461 + * if rockridge flag was reset and we didn't look for attributes
462 +@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
463 + */
464 + if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
465 + && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
466 +- result = parse_rock_ridge_inode_internal(de, inode, 14);
467 ++ result = parse_rock_ridge_inode_internal(de, inode,
468 ++ flags | RR_REGARD_XA);
469 + }
470 + return result;
471 + }
472 diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
473 index 4a6cf28..d3a29d3 100644
474 --- a/fs/jffs2/erase.c
475 @@ -66162,10 +66420,10 @@ index 78e62cc..eec3706 100644
476
477 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
478 new file mode 100644
479 -index 0000000..bfd482c
480 +index 0000000..27cec32
481 --- /dev/null
482 +++ b/grsecurity/Kconfig
483 -@@ -0,0 +1,1176 @@
484 +@@ -0,0 +1,1166 @@
485 +#
486 +# grecurity configuration
487 +#
488 @@ -67098,16 +67356,6 @@ index 0000000..bfd482c
489 +menu "Network Protections"
490 +depends on GRKERNSEC
491 +
492 -+config GRKERNSEC_RANDNET
493 -+ bool "Larger entropy pools"
494 -+ default y if GRKERNSEC_CONFIG_AUTO
495 -+ help
496 -+ If you say Y here, the entropy pools used for many features of Linux
497 -+ and grsecurity will be doubled in size. Since several grsecurity
498 -+ features use additional randomness, it is recommended that you say Y
499 -+ here. Saying Y here has a similar effect as modifying
500 -+ /proc/sys/kernel/random/poolsize.
501 -+
502 +config GRKERNSEC_BLACKHOLE
503 + bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
504 + default y if GRKERNSEC_CONFIG_AUTO
505 @@ -102180,10 +102428,18 @@ index b74aa07..d41926e 100644
506 *uaddr_len = sizeof(struct sockaddr_ax25);
507 }
508 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
509 -index 48a6a93..0b0496e 100644
510 +index 48a6a93..d2c096b 100644
511 --- a/net/packet/af_packet.c
512 +++ b/net/packet/af_packet.c
513 -@@ -1845,7 +1845,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
514 +@@ -635,6 +635,7 @@ static void init_prb_bdqc(struct packet_sock *po,
515 + p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
516 + p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
517 +
518 ++ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
519 + prb_init_ft_ops(p1, req_u);
520 + prb_setup_retire_blk_timer(po, tx_ring);
521 + prb_open_block(p1, pbd);
522 +@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
523
524 spin_lock(&sk->sk_receive_queue.lock);
525 po->stats.stats1.tp_packets++;
526 @@ -102192,7 +102448,7 @@ index 48a6a93..0b0496e 100644
527 __skb_queue_tail(&sk->sk_receive_queue, skb);
528 spin_unlock(&sk->sk_receive_queue.lock);
529 sk->sk_data_ready(sk, skb->len);
530 -@@ -1854,7 +1854,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
531 +@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
532 drop_n_acct:
533 spin_lock(&sk->sk_receive_queue.lock);
534 po->stats.stats1.tp_drops++;
535 @@ -102201,7 +102457,26 @@ index 48a6a93..0b0496e 100644
536 spin_unlock(&sk->sk_receive_queue.lock);
537
538 drop_n_restore:
539 -@@ -3449,7 +3449,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
540 +@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
541 + if ((int)snaplen < 0)
542 + snaplen = 0;
543 + }
544 ++ } else if (unlikely(macoff + snaplen >
545 ++ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
546 ++ u32 nval;
547 ++
548 ++ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
549 ++ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
550 ++ snaplen, nval, macoff);
551 ++ snaplen = nval;
552 ++ if (unlikely((int)snaplen < 0)) {
553 ++ snaplen = 0;
554 ++ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
555 ++ }
556 + }
557 + spin_lock(&sk->sk_receive_queue.lock);
558 + h.raw = packet_current_rx_frame(po, skb,
559 +@@ -3449,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
560 case PACKET_HDRLEN:
561 if (len > sizeof(int))
562 len = sizeof(int);
563 @@ -102210,7 +102485,7 @@ index 48a6a93..0b0496e 100644
564 return -EFAULT;
565 switch (val) {
566 case TPACKET_V1:
567 -@@ -3495,7 +3495,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
568 +@@ -3495,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
569 len = lv;
570 if (put_user(len, optlen))
571 return -EFAULT;
572 @@ -102219,6 +102494,29 @@ index 48a6a93..0b0496e 100644
573 return -EFAULT;
574 return 0;
575 }
576 +@@ -3779,6 +3792,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
577 + goto out;
578 + if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
579 + goto out;
580 ++ if (po->tp_version >= TPACKET_V3 &&
581 ++ (int)(req->tp_block_size -
582 ++ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
583 ++ goto out;
584 + if (unlikely(req->tp_frame_size < po->tp_hdrlen +
585 + po->tp_reserve))
586 + goto out;
587 +diff --git a/net/packet/internal.h b/net/packet/internal.h
588 +index eb9580a..cdddf6a 100644
589 +--- a/net/packet/internal.h
590 ++++ b/net/packet/internal.h
591 +@@ -29,6 +29,7 @@ struct tpacket_kbdq_core {
592 + char *pkblk_start;
593 + char *pkblk_end;
594 + int kblk_size;
595 ++ unsigned int max_frame_len;
596 + unsigned int knum_blocks;
597 + uint64_t knxt_seq_num;
598 + char *prev;
599 diff --git a/net/phonet/pep.c b/net/phonet/pep.c
600 index e774117..900b8b7 100644
601 --- a/net/phonet/pep.c
602
603 diff --git a/3.14.17/4450_grsec-kconfig-default-gids.patch b/3.14.17/4450_grsec-kconfig-default-gids.patch
604 index af218a8..0451e5a 100644
605 --- a/3.14.17/4450_grsec-kconfig-default-gids.patch
606 +++ b/3.14.17/4450_grsec-kconfig-default-gids.patch
607 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
608 help
609 Setting this GID determines what group TPE restrictions will be
610 *disabled* for. If the sysctl option is enabled, a sysctl option
611 -@@ -1013,7 +1013,7 @@
612 +@@ -1003,7 +1003,7 @@
613 config GRKERNSEC_SOCKET_ALL_GID
614 int "GID to deny all sockets for"
615 depends on GRKERNSEC_SOCKET_ALL
616 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
617 help
618 Here you can choose the GID to disable socket access for. Remember to
619 add the users you want socket access disabled for to the GID
620 -@@ -1034,7 +1034,7 @@
621 +@@ -1024,7 +1024,7 @@
622 config GRKERNSEC_SOCKET_CLIENT_GID
623 int "GID to deny client sockets for"
624 depends on GRKERNSEC_SOCKET_CLIENT
625 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
626 help
627 Here you can choose the GID to disable client socket access for.
628 Remember to add the users you want client socket access disabled for to
629 -@@ -1052,7 +1052,7 @@
630 +@@ -1042,7 +1042,7 @@
631 config GRKERNSEC_SOCKET_SERVER_GID
632 int "GID to deny server sockets for"
633 depends on GRKERNSEC_SOCKET_SERVER
634
635 diff --git a/3.15.10/0000_README b/3.15.10/0000_README
636 index 70556f5..53bdf83 100644
637 --- a/3.15.10/0000_README
638 +++ b/3.15.10/0000_README
639 @@ -2,7 +2,7 @@ README
640 -----------------------------------------------------------------------------
641 Individual Patch Descriptions:
642 -----------------------------------------------------------------------------
643 -Patch: 4420_grsecurity-3.0-3.15.10-201408192020.patch
644 +Patch: 4420_grsecurity-3.0-3.15.10-201408212335.patch
645 From: http://www.grsecurity.net
646 Desc: hardened-sources base patch from upstream grsecurity
647
648
649 diff --git a/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch b/3.15.10/4420_grsecurity-3.0-3.15.10-201408212335.patch
650 similarity index 99%
651 rename from 3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
652 rename to 3.15.10/4420_grsecurity-3.0-3.15.10-201408212335.patch
653 index 08568e5..a41c140 100644
654 --- a/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
655 +++ b/3.15.10/4420_grsecurity-3.0-3.15.10-201408212335.patch
656 @@ -38749,28 +38749,10 @@ index 8320abd..ec48108 100644
657
658 if (cmd != SIOCWANDEV)
659 diff --git a/drivers/char/random.c b/drivers/char/random.c
660 -index 18ec404..32033f3 100644
661 +index 18ec404..f2438cb 100644
662 --- a/drivers/char/random.c
663 +++ b/drivers/char/random.c
664 -@@ -270,10 +270,17 @@
665 - /*
666 - * Configuration information
667 - */
668 -+#ifdef CONFIG_GRKERNSEC_RANDNET
669 -+#define INPUT_POOL_SHIFT 14
670 -+#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
671 -+#define OUTPUT_POOL_SHIFT 12
672 -+#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
673 -+#else
674 - #define INPUT_POOL_SHIFT 12
675 - #define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
676 - #define OUTPUT_POOL_SHIFT 10
677 - #define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
678 -+#endif
679 - #define SEC_XFER_SIZE 512
680 - #define EXTRACT_SIZE 10
681 -
682 -@@ -284,9 +291,6 @@
683 +@@ -284,9 +284,6 @@
684 /*
685 * To allow fractional bits to be tracked, the entropy_count field is
686 * denominated in units of 1/8th bits.
687 @@ -38780,27 +38762,7 @@ index 18ec404..32033f3 100644
688 */
689 #define ENTROPY_SHIFT 3
690 #define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
691 -@@ -361,12 +365,19 @@ static struct poolinfo {
692 - #define S(x) ilog2(x)+5, (x), (x)*4, (x)*32, (x) << (ENTROPY_SHIFT+5)
693 - int tap1, tap2, tap3, tap4, tap5;
694 - } poolinfo_table[] = {
695 -+#ifdef CONFIG_GRKERNSEC_RANDNET
696 -+ /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
697 -+ { S(512), 411, 308, 208, 104, 1 },
698 -+ /* x^128 + x^104 + x^76 + x^51 + x^25 + x + 1 -- 105 */
699 -+ { S(128), 104, 76, 51, 25, 1 },
700 -+#else
701 - /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
702 - /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
703 - { S(128), 104, 76, 51, 25, 1 },
704 - /* was: x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 */
705 - /* x^32 + x^26 + x^19 + x^14 + x^7 + x + 1 */
706 - { S(32), 26, 19, 14, 7, 1 },
707 -+#endif
708 - #if 0
709 - /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
710 - { S(2048), 1638, 1231, 819, 411, 1 },
711 -@@ -433,9 +444,9 @@ struct entropy_store {
712 +@@ -433,9 +430,9 @@ struct entropy_store {
713 };
714
715 static void push_to_pool(struct work_struct *work);
716 @@ -38813,7 +38775,7 @@ index 18ec404..32033f3 100644
717
718 static struct entropy_store input_pool = {
719 .poolinfo = &poolinfo_table[0],
720 -@@ -524,8 +535,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
721 +@@ -524,8 +521,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
722 input_rotate = (input_rotate + (i ? 7 : 14)) & 31;
723 }
724
725 @@ -38824,7 +38786,7 @@ index 18ec404..32033f3 100644
726 smp_wmb();
727
728 if (out)
729 -@@ -632,7 +643,7 @@ retry:
730 +@@ -632,7 +629,7 @@ retry:
731 /* The +2 corresponds to the /4 in the denominator */
732
733 do {
734 @@ -38833,7 +38795,7 @@ index 18ec404..32033f3 100644
735 unsigned int add =
736 ((pool_size - entropy_count)*anfrac*3) >> s;
737
738 -@@ -1176,7 +1187,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
739 +@@ -1176,7 +1173,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
740
741 extract_buf(r, tmp);
742 i = min_t(int, nbytes, EXTRACT_SIZE);
743 @@ -38842,7 +38804,7 @@ index 18ec404..32033f3 100644
744 ret = -EFAULT;
745 break;
746 }
747 -@@ -1566,7 +1577,7 @@ static char sysctl_bootid[16];
748 +@@ -1566,7 +1563,7 @@ static char sysctl_bootid[16];
749 static int proc_do_uuid(struct ctl_table *table, int write,
750 void __user *buffer, size_t *lenp, loff_t *ppos)
751 {
752 @@ -38851,7 +38813,7 @@ index 18ec404..32033f3 100644
753 unsigned char buf[64], tmp_uuid[16], *uuid;
754
755 uuid = table->data;
756 -@@ -1596,7 +1607,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
757 +@@ -1596,7 +1593,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
758 static int proc_do_entropy(ctl_table *table, int write,
759 void __user *buffer, size_t *lenp, loff_t *ppos)
760 {
761 @@ -41503,6 +41465,19 @@ index 6866448..2ad2b34 100644
762 {
763 /* copy over all the bus versions */
764 if (dev->bus && dev->bus->pm) {
765 +diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
766 +index 1bdcccc..f745d2c 100644
767 +--- a/drivers/hid/hid-cherry.c
768 ++++ b/drivers/hid/hid-cherry.c
769 +@@ -28,7 +28,7 @@
770 + static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
771 + unsigned int *rsize)
772 + {
773 +- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
774 ++ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
775 + hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
776 + rdesc[11] = rdesc[16] = 0xff;
777 + rdesc[12] = rdesc[17] = 0x03;
778 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
779 index a5c7927..025a2b4 100644
780 --- a/drivers/hid/hid-core.c
781 @@ -41525,6 +41500,119 @@ index a5c7927..025a2b4 100644
782
783 hid_debug_register(hdev, dev_name(&hdev->dev));
784 ret = device_add(&hdev->dev);
785 +diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
786 +index e776963..b92bf01 100644
787 +--- a/drivers/hid/hid-kye.c
788 ++++ b/drivers/hid/hid-kye.c
789 +@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
790 + * - change the button usage range to 4-7 for the extra
791 + * buttons
792 + */
793 +- if (*rsize >= 74 &&
794 ++ if (*rsize >= 75 &&
795 + rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
796 + rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
797 + rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
798 +diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
799 +index a976f48..f91ff14 100644
800 +--- a/drivers/hid/hid-lg.c
801 ++++ b/drivers/hid/hid-lg.c
802 +@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
803 + struct usb_device_descriptor *udesc;
804 + __u16 bcdDevice, rev_maj, rev_min;
805 +
806 +- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
807 ++ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
808 + rdesc[84] == 0x8c && rdesc[85] == 0x02) {
809 + hid_info(hdev,
810 + "fixing up Logitech keyboard report descriptor\n");
811 + rdesc[84] = rdesc[89] = 0x4d;
812 + rdesc[85] = rdesc[90] = 0x10;
813 + }
814 +- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
815 ++ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
816 + rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
817 + rdesc[49] == 0x81 && rdesc[50] == 0x06) {
818 + hid_info(hdev,
819 +diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
820 +index 486dbde..b7ba829 100644
821 +--- a/drivers/hid/hid-logitech-dj.c
822 ++++ b/drivers/hid/hid-logitech-dj.c
823 +@@ -238,13 +238,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
824 + return;
825 + }
826 +
827 +- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
828 +- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
829 +- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
830 +- __func__, dj_report->device_index);
831 +- return;
832 +- }
833 +-
834 + if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
835 + /* The device is already known. No need to reallocate it. */
836 + dbg_hid("%s: device is already known\n", __func__);
837 +@@ -557,7 +550,7 @@ static int logi_dj_ll_raw_request(struct hid_device *hid,
838 + if (!out_buf)
839 + return -ENOMEM;
840 +
841 +- if (count < DJREPORT_SHORT_LENGTH - 2)
842 ++ if (count > DJREPORT_SHORT_LENGTH - 2)
843 + count = DJREPORT_SHORT_LENGTH - 2;
844 +
845 + out_buf[0] = REPORT_ID_DJ_SHORT;
846 +@@ -690,6 +683,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
847 + * device (via hid_input_report() ) and return 1 so hid-core does not do
848 + * anything else with it.
849 + */
850 ++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
851 ++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
852 ++ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
853 ++ __func__, dj_report->device_index);
854 ++ return false;
855 ++ }
856 +
857 + spin_lock_irqsave(&djrcv_dev->lock, flags);
858 + if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
859 +diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
860 +index 9e14c00..25daf28 100644
861 +--- a/drivers/hid/hid-monterey.c
862 ++++ b/drivers/hid/hid-monterey.c
863 +@@ -24,7 +24,7 @@
864 + static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
865 + unsigned int *rsize)
866 + {
867 +- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
868 ++ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
869 + hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
870 + rdesc[30] = 0x0c;
871 + }
872 +diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
873 +index 736b250..6aca4f2 100644
874 +--- a/drivers/hid/hid-petalynx.c
875 ++++ b/drivers/hid/hid-petalynx.c
876 +@@ -25,7 +25,7 @@
877 + static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
878 + unsigned int *rsize)
879 + {
880 +- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
881 ++ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
882 + rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
883 + rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
884 + hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
885 +diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
886 +index 87fc91e..91072fa 100644
887 +--- a/drivers/hid/hid-sunplus.c
888 ++++ b/drivers/hid/hid-sunplus.c
889 +@@ -24,7 +24,7 @@
890 + static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
891 + unsigned int *rsize)
892 + {
893 +- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
894 ++ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
895 + rdesc[106] == 0x03) {
896 + hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
897 + rdesc[105] = rdesc[110] = 0x03;
898 diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
899 index c13fb5b..55a3802 100644
900 --- a/drivers/hid/hid-wiimote-debug.c
901 @@ -61657,6 +61745,185 @@ index d2fb2f2..a6444b0 100644
902 put_cpu_var(last_ino);
903 return res;
904 }
905 +diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
906 +index 4556ce1..5ddaf86 100644
907 +--- a/fs/isofs/inode.c
908 ++++ b/fs/isofs/inode.c
909 +@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
910 + return;
911 + }
912 +
913 +-static int isofs_read_inode(struct inode *);
914 ++static int isofs_read_inode(struct inode *, int relocated);
915 + static int isofs_statfs (struct dentry *, struct kstatfs *);
916 +
917 + static struct kmem_cache *isofs_inode_cachep;
918 +@@ -1259,7 +1259,7 @@ out_toomany:
919 + goto out;
920 + }
921 +
922 +-static int isofs_read_inode(struct inode *inode)
923 ++static int isofs_read_inode(struct inode *inode, int relocated)
924 + {
925 + struct super_block *sb = inode->i_sb;
926 + struct isofs_sb_info *sbi = ISOFS_SB(sb);
927 +@@ -1404,7 +1404,7 @@ static int isofs_read_inode(struct inode *inode)
928 + */
929 +
930 + if (!high_sierra) {
931 +- parse_rock_ridge_inode(de, inode);
932 ++ parse_rock_ridge_inode(de, inode, relocated);
933 + /* if we want uid/gid set, override the rock ridge setting */
934 + if (sbi->s_uid_set)
935 + inode->i_uid = sbi->s_uid;
936 +@@ -1483,9 +1483,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
937 + * offset that point to the underlying meta-data for the inode. The
938 + * code below is otherwise similar to the iget() code in
939 + * include/linux/fs.h */
940 +-struct inode *isofs_iget(struct super_block *sb,
941 +- unsigned long block,
942 +- unsigned long offset)
943 ++struct inode *__isofs_iget(struct super_block *sb,
944 ++ unsigned long block,
945 ++ unsigned long offset,
946 ++ int relocated)
947 + {
948 + unsigned long hashval;
949 + struct inode *inode;
950 +@@ -1507,7 +1508,7 @@ struct inode *isofs_iget(struct super_block *sb,
951 + return ERR_PTR(-ENOMEM);
952 +
953 + if (inode->i_state & I_NEW) {
954 +- ret = isofs_read_inode(inode);
955 ++ ret = isofs_read_inode(inode, relocated);
956 + if (ret < 0) {
957 + iget_failed(inode);
958 + inode = ERR_PTR(ret);
959 +diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
960 +index 9916723..0ac4c1f 100644
961 +--- a/fs/isofs/isofs.h
962 ++++ b/fs/isofs/isofs.h
963 +@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
964 +
965 + struct inode; /* To make gcc happy */
966 +
967 +-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
968 ++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
969 + extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
970 + extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
971 +
972 +@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
973 + extern struct buffer_head *isofs_bread(struct inode *, sector_t);
974 + extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
975 +
976 +-extern struct inode *isofs_iget(struct super_block *sb,
977 +- unsigned long block,
978 +- unsigned long offset);
979 ++struct inode *__isofs_iget(struct super_block *sb,
980 ++ unsigned long block,
981 ++ unsigned long offset,
982 ++ int relocated);
983 ++
984 ++static inline struct inode *isofs_iget(struct super_block *sb,
985 ++ unsigned long block,
986 ++ unsigned long offset)
987 ++{
988 ++ return __isofs_iget(sb, block, offset, 0);
989 ++}
990 ++
991 ++static inline struct inode *isofs_iget_reloc(struct super_block *sb,
992 ++ unsigned long block,
993 ++ unsigned long offset)
994 ++{
995 ++ return __isofs_iget(sb, block, offset, 1);
996 ++}
997 +
998 + /* Because the inode number is no longer relevant to finding the
999 + * underlying meta-data for an inode, we are free to choose a more
1000 +diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
1001 +index c0bf424..f488bba 100644
1002 +--- a/fs/isofs/rock.c
1003 ++++ b/fs/isofs/rock.c
1004 +@@ -288,12 +288,16 @@ eio:
1005 + goto out;
1006 + }
1007 +
1008 ++#define RR_REGARD_XA 1
1009 ++#define RR_RELOC_DE 2
1010 ++
1011 + static int
1012 + parse_rock_ridge_inode_internal(struct iso_directory_record *de,
1013 +- struct inode *inode, int regard_xa)
1014 ++ struct inode *inode, int flags)
1015 + {
1016 + int symlink_len = 0;
1017 + int cnt, sig;
1018 ++ unsigned int reloc_block;
1019 + struct inode *reloc;
1020 + struct rock_ridge *rr;
1021 + int rootflag;
1022 +@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
1023 +
1024 + init_rock_state(&rs, inode);
1025 + setup_rock_ridge(de, inode, &rs);
1026 +- if (regard_xa) {
1027 ++ if (flags & RR_REGARD_XA) {
1028 + rs.chr += 14;
1029 + rs.len -= 14;
1030 + if (rs.len < 0)
1031 +@@ -485,12 +489,22 @@ repeat:
1032 + "relocated directory\n");
1033 + goto out;
1034 + case SIG('C', 'L'):
1035 +- ISOFS_I(inode)->i_first_extent =
1036 +- isonum_733(rr->u.CL.location);
1037 +- reloc =
1038 +- isofs_iget(inode->i_sb,
1039 +- ISOFS_I(inode)->i_first_extent,
1040 +- 0);
1041 ++ if (flags & RR_RELOC_DE) {
1042 ++ printk(KERN_ERR
1043 ++ "ISOFS: Recursive directory relocation "
1044 ++ "is not supported\n");
1045 ++ goto eio;
1046 ++ }
1047 ++ reloc_block = isonum_733(rr->u.CL.location);
1048 ++ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
1049 ++ ISOFS_I(inode)->i_iget5_offset == 0) {
1050 ++ printk(KERN_ERR
1051 ++ "ISOFS: Directory relocation points to "
1052 ++ "itself\n");
1053 ++ goto eio;
1054 ++ }
1055 ++ ISOFS_I(inode)->i_first_extent = reloc_block;
1056 ++ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
1057 + if (IS_ERR(reloc)) {
1058 + ret = PTR_ERR(reloc);
1059 + goto out;
1060 +@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
1061 + return rpnt;
1062 + }
1063 +
1064 +-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
1065 ++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
1066 ++ int relocated)
1067 + {
1068 +- int result = parse_rock_ridge_inode_internal(de, inode, 0);
1069 ++ int flags = relocated ? RR_RELOC_DE : 0;
1070 ++ int result = parse_rock_ridge_inode_internal(de, inode, flags);
1071 +
1072 + /*
1073 + * if rockridge flag was reset and we didn't look for attributes
1074 +@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
1075 + */
1076 + if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
1077 + && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
1078 +- result = parse_rock_ridge_inode_internal(de, inode, 14);
1079 ++ result = parse_rock_ridge_inode_internal(de, inode,
1080 ++ flags | RR_REGARD_XA);
1081 + }
1082 + return result;
1083 + }
1084 diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
1085 index 4a6cf28..d3a29d3 100644
1086 --- a/fs/jffs2/erase.c
1087 @@ -65987,10 +66254,10 @@ index 6152cbe..f0f9eaa 100644
1088
1089 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
1090 new file mode 100644
1091 -index 0000000..bfd482c
1092 +index 0000000..27cec32
1093 --- /dev/null
1094 +++ b/grsecurity/Kconfig
1095 -@@ -0,0 +1,1176 @@
1096 +@@ -0,0 +1,1166 @@
1097 +#
1098 +# grecurity configuration
1099 +#
1100 @@ -66923,16 +67190,6 @@ index 0000000..bfd482c
1101 +menu "Network Protections"
1102 +depends on GRKERNSEC
1103 +
1104 -+config GRKERNSEC_RANDNET
1105 -+ bool "Larger entropy pools"
1106 -+ default y if GRKERNSEC_CONFIG_AUTO
1107 -+ help
1108 -+ If you say Y here, the entropy pools used for many features of Linux
1109 -+ and grsecurity will be doubled in size. Since several grsecurity
1110 -+ features use additional randomness, it is recommended that you say Y
1111 -+ here. Saying Y here has a similar effect as modifying
1112 -+ /proc/sys/kernel/random/poolsize.
1113 -+
1114 +config GRKERNSEC_BLACKHOLE
1115 + bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
1116 + default y if GRKERNSEC_CONFIG_AUTO
1117 @@ -102378,7 +102635,7 @@ index ede50d1..d2468e6 100644
1118 *uaddr_len = sizeof(struct sockaddr_ax25);
1119 }
1120 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
1121 -index b85c67c..27c3368 100644
1122 +index b85c67c..09705b7 100644
1123 --- a/net/packet/af_packet.c
1124 +++ b/net/packet/af_packet.c
1125 @@ -275,7 +275,7 @@ static int packet_direct_xmit(struct sk_buff *skb)
1126 @@ -102390,7 +102647,15 @@ index b85c67c..27c3368 100644
1127 kfree_skb(skb);
1128 return NET_XMIT_DROP;
1129 }
1130 -@@ -1845,7 +1845,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1131 +@@ -636,6 +636,7 @@ static void init_prb_bdqc(struct packet_sock *po,
1132 + p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
1133 + p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
1134 +
1135 ++ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
1136 + prb_init_ft_ops(p1, req_u);
1137 + prb_setup_retire_blk_timer(po, tx_ring);
1138 + prb_open_block(p1, pbd);
1139 +@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1140
1141 spin_lock(&sk->sk_receive_queue.lock);
1142 po->stats.stats1.tp_packets++;
1143 @@ -102399,7 +102664,7 @@ index b85c67c..27c3368 100644
1144 __skb_queue_tail(&sk->sk_receive_queue, skb);
1145 spin_unlock(&sk->sk_receive_queue.lock);
1146 sk->sk_data_ready(sk);
1147 -@@ -1854,7 +1854,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1148 +@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1149 drop_n_acct:
1150 spin_lock(&sk->sk_receive_queue.lock);
1151 po->stats.stats1.tp_drops++;
1152 @@ -102408,7 +102673,26 @@ index b85c67c..27c3368 100644
1153 spin_unlock(&sk->sk_receive_queue.lock);
1154
1155 drop_n_restore:
1156 -@@ -3459,7 +3459,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1157 +@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
1158 + if ((int)snaplen < 0)
1159 + snaplen = 0;
1160 + }
1161 ++ } else if (unlikely(macoff + snaplen >
1162 ++ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
1163 ++ u32 nval;
1164 ++
1165 ++ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
1166 ++ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
1167 ++ snaplen, nval, macoff);
1168 ++ snaplen = nval;
1169 ++ if (unlikely((int)snaplen < 0)) {
1170 ++ snaplen = 0;
1171 ++ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
1172 ++ }
1173 + }
1174 + spin_lock(&sk->sk_receive_queue.lock);
1175 + h.raw = packet_current_rx_frame(po, skb,
1176 +@@ -3459,7 +3472,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1177 case PACKET_HDRLEN:
1178 if (len > sizeof(int))
1179 len = sizeof(int);
1180 @@ -102417,7 +102701,7 @@ index b85c67c..27c3368 100644
1181 return -EFAULT;
1182 switch (val) {
1183 case TPACKET_V1:
1184 -@@ -3505,7 +3505,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1185 +@@ -3505,7 +3518,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1186 len = lv;
1187 if (put_user(len, optlen))
1188 return -EFAULT;
1189 @@ -102426,6 +102710,29 @@ index b85c67c..27c3368 100644
1190 return -EFAULT;
1191 return 0;
1192 }
1193 +@@ -3789,6 +3802,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
1194 + goto out;
1195 + if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
1196 + goto out;
1197 ++ if (po->tp_version >= TPACKET_V3 &&
1198 ++ (int)(req->tp_block_size -
1199 ++ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
1200 ++ goto out;
1201 + if (unlikely(req->tp_frame_size < po->tp_hdrlen +
1202 + po->tp_reserve))
1203 + goto out;
1204 +diff --git a/net/packet/internal.h b/net/packet/internal.h
1205 +index eb9580a..cdddf6a 100644
1206 +--- a/net/packet/internal.h
1207 ++++ b/net/packet/internal.h
1208 +@@ -29,6 +29,7 @@ struct tpacket_kbdq_core {
1209 + char *pkblk_start;
1210 + char *pkblk_end;
1211 + int kblk_size;
1212 ++ unsigned int max_frame_len;
1213 + unsigned int knum_blocks;
1214 + uint64_t knxt_seq_num;
1215 + char *prev;
1216 diff --git a/net/phonet/pep.c b/net/phonet/pep.c
1217 index 70a547e..23477fe 100644
1218 --- a/net/phonet/pep.c
1219
1220 diff --git a/3.15.10/4450_grsec-kconfig-default-gids.patch b/3.15.10/4450_grsec-kconfig-default-gids.patch
1221 index af218a8..0451e5a 100644
1222 --- a/3.15.10/4450_grsec-kconfig-default-gids.patch
1223 +++ b/3.15.10/4450_grsec-kconfig-default-gids.patch
1224 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1225 help
1226 Setting this GID determines what group TPE restrictions will be
1227 *disabled* for. If the sysctl option is enabled, a sysctl option
1228 -@@ -1013,7 +1013,7 @@
1229 +@@ -1003,7 +1003,7 @@
1230 config GRKERNSEC_SOCKET_ALL_GID
1231 int "GID to deny all sockets for"
1232 depends on GRKERNSEC_SOCKET_ALL
1233 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1234 help
1235 Here you can choose the GID to disable socket access for. Remember to
1236 add the users you want socket access disabled for to the GID
1237 -@@ -1034,7 +1034,7 @@
1238 +@@ -1024,7 +1024,7 @@
1239 config GRKERNSEC_SOCKET_CLIENT_GID
1240 int "GID to deny client sockets for"
1241 depends on GRKERNSEC_SOCKET_CLIENT
1242 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
1243 help
1244 Here you can choose the GID to disable client socket access for.
1245 Remember to add the users you want client socket access disabled for to
1246 -@@ -1052,7 +1052,7 @@
1247 +@@ -1042,7 +1042,7 @@
1248 config GRKERNSEC_SOCKET_SERVER_GID
1249 int "GID to deny server sockets for"
1250 depends on GRKERNSEC_SOCKET_SERVER
1251
1252 diff --git a/3.2.62/0000_README b/3.2.62/0000_README
1253 index 9bf751a..67a218f 100644
1254 --- a/3.2.62/0000_README
1255 +++ b/3.2.62/0000_README
1256 @@ -166,7 +166,7 @@ Patch: 1061_linux-3.2.62.patch
1257 From: http://www.kernel.org
1258 Desc: Linux 3.2.62
1259
1260 -Patch: 4420_grsecurity-3.0-3.2.62-201408191950.patch
1261 +Patch: 4420_grsecurity-3.0-3.2.62-201408212331.patch
1262 From: http://www.grsecurity.net
1263 Desc: hardened-sources base patch from upstream grsecurity
1264
1265
1266 diff --git a/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
1267 similarity index 99%
1268 rename from 3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
1269 rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
1270 index 0e00b6a..0039dfe 100644
1271 --- a/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
1272 +++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
1273 @@ -34960,7 +34960,7 @@ index da3cfee..a5a6606 100644
1274
1275 *ppos = i;
1276 diff --git a/drivers/char/random.c b/drivers/char/random.c
1277 -index c244f0e..59b5e6c 100644
1278 +index c244f0e..a86bc96 100644
1279 --- a/drivers/char/random.c
1280 +++ b/drivers/char/random.c
1281 @@ -255,10 +255,8 @@
1282 @@ -34976,7 +34976,7 @@ index c244f0e..59b5e6c 100644
1283
1284 #include <asm/processor.h>
1285 #include <asm/uaccess.h>
1286 -@@ -266,129 +264,150 @@
1287 +@@ -266,129 +264,135 @@
1288 #include <asm/irq_regs.h>
1289 #include <asm/io.h>
1290
1291 @@ -34990,17 +34990,10 @@ index c244f0e..59b5e6c 100644
1292 -#define OUTPUT_POOL_WORDS 32
1293 -#define SEC_XFER_SIZE 512
1294 -#define EXTRACT_SIZE 10
1295 -+#ifdef CONFIG_GRKERNSEC_RANDNET
1296 -+#define INPUT_POOL_SHIFT 14
1297 -+#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
1298 -+#define OUTPUT_POOL_SHIFT 12
1299 -+#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
1300 -+#else
1301 +#define INPUT_POOL_SHIFT 12
1302 +#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
1303 +#define OUTPUT_POOL_SHIFT 10
1304 +#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
1305 -+#endif
1306 +#define SEC_XFER_SIZE 512
1307 +#define EXTRACT_SIZE 10
1308 +
1309 @@ -35104,20 +35097,12 @@ index c244f0e..59b5e6c 100644
1310 - { 128, 103, 76, 51, 25, 1 },
1311 - /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
1312 - { 32, 26, 20, 14, 7, 1 },
1313 -+#ifdef CONFIG_GRKERNSEC_RANDNET
1314 -+ /* x^512 + x^411 + x^308 + x^208 + x^104 + x + 1 -- 225 */
1315 -+ { S(512), 411, 308, 208, 104, 1 },
1316 -+ /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
1317 -+ /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
1318 -+ { S(128), 104, 76, 51, 25, 1 },
1319 -+#else
1320 + /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
1321 + /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
1322 + { S(128), 104, 76, 51, 25, 1 },
1323 + /* was: x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 */
1324 + /* x^32 + x^26 + x^19 + x^14 + x^7 + x + 1 */
1325 + { S(32), 26, 19, 14, 7, 1 },
1326 -+#endif
1327 #if 0
1328 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
1329 - { 2048, 1638, 1231, 819, 411, 1 },
1330 @@ -35205,7 +35190,7 @@ index c244f0e..59b5e6c 100644
1331 /*
1332 * Static global variables
1333 */
1334 -@@ -396,21 +415,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
1335 +@@ -396,21 +400,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
1336 static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);
1337 static struct fasync_struct *fasync;
1338
1339 @@ -35227,7 +35212,7 @@ index c244f0e..59b5e6c 100644
1340 /**********************************************************************
1341 *
1342 * OS independent entropy store. Here are the functions which handle
1343 -@@ -421,31 +425,35 @@ module_param(debug, bool, 0644);
1344 +@@ -421,31 +410,35 @@ module_param(debug, bool, 0644);
1345 struct entropy_store;
1346 struct entropy_store {
1347 /* read-only data: */
1348 @@ -35271,7 +35256,7 @@ index c244f0e..59b5e6c 100644
1349 .pool = input_pool_data
1350 };
1351
1352 -@@ -454,16 +462,20 @@ static struct entropy_store blocking_pool = {
1353 +@@ -454,16 +447,20 @@ static struct entropy_store blocking_pool = {
1354 .name = "blocking",
1355 .limit = 1,
1356 .pull = &input_pool,
1357 @@ -35296,7 +35281,7 @@ index c244f0e..59b5e6c 100644
1358 };
1359
1360 static __u32 const twist_table[8] = {
1361 -@@ -480,8 +492,8 @@ static __u32 const twist_table[8] = {
1362 +@@ -480,8 +477,8 @@ static __u32 const twist_table[8] = {
1363 * it's cheap to do so and helps slightly in the expected case where
1364 * the entropy is concentrated in the low-order bits.
1365 */
1366 @@ -35307,7 +35292,7 @@ index c244f0e..59b5e6c 100644
1367 {
1368 unsigned long i, j, tap1, tap2, tap3, tap4, tap5;
1369 int input_rotate;
1370 -@@ -501,7 +513,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
1371 +@@ -501,7 +498,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
1372
1373 /* mix one byte at a time to simplify size handling and churn faster */
1374 while (nbytes--) {
1375 @@ -35316,7 +35301,7 @@ index c244f0e..59b5e6c 100644
1376 i = (i - 1) & wordmask;
1377
1378 /* XOR in the various taps */
1379 -@@ -521,11 +533,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
1380 +@@ -521,11 +518,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
1381 * rotation, so that successive passes spread the
1382 * input bits across the pool evenly.
1383 */
1384 @@ -35331,7 +35316,7 @@ index c244f0e..59b5e6c 100644
1385 smp_wmb();
1386
1387 if (out)
1388 -@@ -533,13 +545,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
1389 +@@ -533,13 +530,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
1390 ((__u32 *)out)[j] = r->pool[(i - j) & wordmask];
1391 }
1392
1393 @@ -35355,7 +35340,7 @@ index c244f0e..59b5e6c 100644
1394 spin_unlock_irqrestore(&r->lock, flags);
1395 }
1396
1397 -@@ -556,58 +576,151 @@ struct fast_pool {
1398 +@@ -556,58 +561,151 @@ struct fast_pool {
1399 * collector. It's hardcoded for an 128 bit pool and assumes that any
1400 * locks that might be needed are taken by the caller.
1401 */
1402 @@ -35532,7 +35517,7 @@ index c244f0e..59b5e6c 100644
1403 /*********************************************************************
1404 *
1405 * Entropy input management
1406 -@@ -621,42 +734,7 @@ struct timer_rand_state {
1407 +@@ -621,42 +719,7 @@ struct timer_rand_state {
1408 unsigned dont_count_entropy:1;
1409 };
1410
1411 @@ -35576,7 +35561,7 @@ index c244f0e..59b5e6c 100644
1412
1413 /*
1414 * Add device- or boot-specific data to the input and nonblocking
1415 -@@ -669,15 +747,22 @@ static void set_timer_rand_state(unsigned int irq,
1416 +@@ -669,15 +732,22 @@ static void set_timer_rand_state(unsigned int irq,
1417 void add_device_randomness(const void *buf, unsigned int size)
1418 {
1419 unsigned long time = random_get_entropy() ^ jiffies;
1420 @@ -35604,7 +35589,7 @@ index c244f0e..59b5e6c 100644
1421
1422 /*
1423 * This function adds entropy to the entropy "pool" by using timing
1424 -@@ -691,6 +776,7 @@ static struct timer_rand_state input_timer_state;
1425 +@@ -691,6 +761,7 @@ static struct timer_rand_state input_timer_state;
1426 */
1427 static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
1428 {
1429 @@ -35612,7 +35597,7 @@ index c244f0e..59b5e6c 100644
1430 struct {
1431 long jiffies;
1432 unsigned cycles;
1433 -@@ -699,15 +785,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
1434 +@@ -699,15 +770,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
1435 long delta, delta2, delta3;
1436
1437 preempt_disable();
1438 @@ -35630,7 +35615,7 @@ index c244f0e..59b5e6c 100644
1439
1440 /*
1441 * Calculate number of bits of randomness we probably added.
1442 -@@ -741,10 +824,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
1443 +@@ -741,10 +809,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
1444 * Round down by 1 bit on general principles,
1445 * and limit entropy entimate to 12 bits.
1446 */
1447 @@ -35642,7 +35627,7 @@ index c244f0e..59b5e6c 100644
1448 preempt_enable();
1449 }
1450
1451 -@@ -757,10 +838,10 @@ void add_input_randomness(unsigned int type, unsigned int code,
1452 +@@ -757,10 +823,10 @@ void add_input_randomness(unsigned int type, unsigned int code,
1453 if (value == last_value)
1454 return;
1455
1456 @@ -35654,7 +35639,7 @@ index c244f0e..59b5e6c 100644
1457 }
1458 EXPORT_SYMBOL_GPL(add_input_randomness);
1459
1460 -@@ -772,20 +853,21 @@ void add_interrupt_randomness(int irq, int irq_flags)
1461 +@@ -772,20 +838,21 @@ void add_interrupt_randomness(int irq, int irq_flags)
1462 struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness);
1463 struct pt_regs *regs = get_irq_regs();
1464 unsigned long now = jiffies;
1465 @@ -35687,7 +35672,7 @@ index c244f0e..59b5e6c 100644
1466 return;
1467
1468 fast_pool->last = now;
1469 -@@ -814,10 +896,8 @@ void add_disk_randomness(struct gendisk *disk)
1470 +@@ -814,10 +881,8 @@ void add_disk_randomness(struct gendisk *disk)
1471 if (!disk || !disk->random)
1472 return;
1473 /* first major is 1, so we get >= 0x200 here */
1474 @@ -35699,7 +35684,7 @@ index c244f0e..59b5e6c 100644
1475 }
1476 #endif
1477
1478 -@@ -835,104 +915,141 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1479 +@@ -835,104 +900,141 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1480 * from the primary pool to the secondary extraction pool. We make
1481 * sure we pull enough for a 'catastrophic reseed'.
1482 */
1483 @@ -35904,7 +35889,7 @@ index c244f0e..59b5e6c 100644
1484 spin_lock_irqsave(&r->lock, flags);
1485 for (i = 0; i < r->poolinfo->poolwords; i += 16)
1486 sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
1487 -@@ -966,27 +1083,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
1488 +@@ -966,27 +1068,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
1489 hash.w[1] ^= hash.w[4];
1490 hash.w[2] ^= rol32(hash.w[2], 16);
1491
1492 @@ -35959,7 +35944,7 @@ index c244f0e..59b5e6c 100644
1493 xfer_secondary_pool(r, nbytes);
1494 nbytes = account(r, nbytes, min, reserved);
1495
1496 -@@ -994,8 +1127,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1497 +@@ -994,8 +1112,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1498 extract_buf(r, tmp);
1499
1500 if (fips_enabled) {
1501 @@ -35968,7 +35953,7 @@ index c244f0e..59b5e6c 100644
1502 spin_lock_irqsave(&r->lock, flags);
1503 if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
1504 panic("Hardware RNG duplicated output!\n");
1505 -@@ -1015,12 +1146,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1506 +@@ -1015,12 +1131,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1507 return ret;
1508 }
1509
1510 @@ -35986,7 +35971,7 @@ index c244f0e..59b5e6c 100644
1511 xfer_secondary_pool(r, nbytes);
1512 nbytes = account(r, nbytes, 0, 0);
1513
1514 -@@ -1036,7 +1172,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1515 +@@ -1036,7 +1157,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1516
1517 extract_buf(r, tmp);
1518 i = min_t(int, nbytes, EXTRACT_SIZE);
1519 @@ -35995,7 +35980,7 @@ index c244f0e..59b5e6c 100644
1520 ret = -EFAULT;
1521 break;
1522 }
1523 -@@ -1055,11 +1191,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1524 +@@ -1055,11 +1176,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1525 /*
1526 * This function is the exported kernel interface. It returns some
1527 * number of good random numbers, suitable for key generation, seeding
1528 @@ -36018,7 +36003,7 @@ index c244f0e..59b5e6c 100644
1529 extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
1530 }
1531 EXPORT_SYMBOL(get_random_bytes);
1532 -@@ -1078,6 +1223,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
1533 +@@ -1078,6 +1208,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
1534 {
1535 char *p = buf;
1536
1537 @@ -36026,7 +36011,7 @@ index c244f0e..59b5e6c 100644
1538 while (nbytes) {
1539 unsigned long v;
1540 int chunk = min(nbytes, (int)sizeof(unsigned long));
1541 -@@ -1111,12 +1257,11 @@ static void init_std_data(struct entropy_store *r)
1542 +@@ -1111,12 +1242,11 @@ static void init_std_data(struct entropy_store *r)
1543 ktime_t now = ktime_get_real();
1544 unsigned long rv;
1545
1546 @@ -36042,7 +36027,7 @@ index c244f0e..59b5e6c 100644
1547 mix_pool_bytes(r, &rv, sizeof(rv), NULL);
1548 }
1549 mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL);
1550 -@@ -1139,25 +1284,7 @@ static int rand_initialize(void)
1551 +@@ -1139,25 +1269,7 @@ static int rand_initialize(void)
1552 init_std_data(&nonblocking_pool);
1553 return 0;
1554 }
1555 @@ -36069,7 +36054,7 @@ index c244f0e..59b5e6c 100644
1556
1557 #ifdef CONFIG_BLOCK
1558 void rand_initialize_disk(struct gendisk *disk)
1559 -@@ -1169,71 +1296,60 @@ void rand_initialize_disk(struct gendisk *disk)
1560 +@@ -1169,71 +1281,60 @@ void rand_initialize_disk(struct gendisk *disk)
1561 * source.
1562 */
1563 state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
1564 @@ -36178,7 +36163,7 @@ index c244f0e..59b5e6c 100644
1565 }
1566
1567 static unsigned int
1568 -@@ -1244,9 +1360,9 @@ random_poll(struct file *file, poll_table * wait)
1569 +@@ -1244,9 +1345,9 @@ random_poll(struct file *file, poll_table * wait)
1570 poll_wait(file, &random_read_wait, wait);
1571 poll_wait(file, &random_write_wait, wait);
1572 mask = 0;
1573 @@ -36190,7 +36175,7 @@ index c244f0e..59b5e6c 100644
1574 mask |= POLLOUT | POLLWRNORM;
1575 return mask;
1576 }
1577 -@@ -1297,7 +1413,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1578 +@@ -1297,7 +1398,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1579 switch (cmd) {
1580 case RNDGETENTCNT:
1581 /* inherently racy, no point locking */
1582 @@ -36200,7 +36185,7 @@ index c244f0e..59b5e6c 100644
1583 return -EFAULT;
1584 return 0;
1585 case RNDADDTOENTCNT:
1586 -@@ -1305,7 +1422,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1587 +@@ -1305,7 +1407,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1588 return -EPERM;
1589 if (get_user(ent_count, p))
1590 return -EFAULT;
1591 @@ -36209,7 +36194,7 @@ index c244f0e..59b5e6c 100644
1592 return 0;
1593 case RNDADDENTROPY:
1594 if (!capable(CAP_SYS_ADMIN))
1595 -@@ -1320,14 +1437,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1596 +@@ -1320,14 +1422,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
1597 size);
1598 if (retval < 0)
1599 return retval;
1600 @@ -36232,7 +36217,7 @@ index c244f0e..59b5e6c 100644
1601 return 0;
1602 default:
1603 return -EINVAL;
1604 -@@ -1387,23 +1509,23 @@ EXPORT_SYMBOL(generate_random_uuid);
1605 +@@ -1387,23 +1494,23 @@ EXPORT_SYMBOL(generate_random_uuid);
1606 #include <linux/sysctl.h>
1607
1608 static int min_read_thresh = 8, min_write_thresh;
1609 @@ -36263,7 +36248,7 @@ index c244f0e..59b5e6c 100644
1610 unsigned char buf[64], tmp_uuid[16], *uuid;
1611
1612 uuid = table->data;
1613 -@@ -1427,8 +1549,26 @@ static int proc_do_uuid(ctl_table *table, int write,
1614 +@@ -1427,8 +1534,26 @@ static int proc_do_uuid(ctl_table *table, int write,
1615 return proc_dostring(&fake_table, write, buffer, lenp, ppos);
1616 }
1617
1618 @@ -36291,7 +36276,7 @@ index c244f0e..59b5e6c 100644
1619 {
1620 .procname = "poolsize",
1621 .data = &sysctl_poolsize,
1622 -@@ -1440,12 +1580,12 @@ ctl_table random_table[] = {
1623 +@@ -1440,12 +1565,12 @@ ctl_table random_table[] = {
1624 .procname = "entropy_avail",
1625 .maxlen = sizeof(int),
1626 .mode = 0444,
1627 @@ -36306,7 +36291,7 @@ index c244f0e..59b5e6c 100644
1628 .maxlen = sizeof(int),
1629 .mode = 0644,
1630 .proc_handler = proc_dointvec_minmax,
1631 -@@ -1454,7 +1594,7 @@ ctl_table random_table[] = {
1632 +@@ -1454,7 +1579,7 @@ ctl_table random_table[] = {
1633 },
1634 {
1635 .procname = "write_wakeup_threshold",
1636 @@ -36315,7 +36300,7 @@ index c244f0e..59b5e6c 100644
1637 .maxlen = sizeof(int),
1638 .mode = 0644,
1639 .proc_handler = proc_dointvec_minmax,
1640 -@@ -1462,6 +1602,13 @@ ctl_table random_table[] = {
1641 +@@ -1462,6 +1587,13 @@ ctl_table random_table[] = {
1642 .extra2 = &max_write_thresh,
1643 },
1644 {
1645 @@ -36329,7 +36314,7 @@ index c244f0e..59b5e6c 100644
1646 .procname = "boot_id",
1647 .data = &sysctl_bootid,
1648 .maxlen = 16,
1649 -@@ -1492,7 +1639,7 @@ int random_int_secret_init(void)
1650 +@@ -1492,7 +1624,7 @@ int random_int_secret_init(void)
1651 * value is not cryptographically secure but for several uses the cost of
1652 * depleting entropy is too high
1653 */
1654 @@ -36338,7 +36323,7 @@ index c244f0e..59b5e6c 100644
1655 unsigned int get_random_int(void)
1656 {
1657 __u32 *hash;
1658 -@@ -1510,6 +1657,7 @@ unsigned int get_random_int(void)
1659 +@@ -1510,6 +1642,7 @@ unsigned int get_random_int(void)
1660
1661 return ret;
1662 }
1663 @@ -39126,6 +39111,19 @@ index 8a8725c2..afed796 100644
1664 else {
1665 marker = list_first_entry(&queue->head,
1666 struct vmw_marker, head);
1667 +diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
1668 +index 888ece6..f870bb3 100644
1669 +--- a/drivers/hid/hid-cherry.c
1670 ++++ b/drivers/hid/hid-cherry.c
1671 +@@ -29,7 +29,7 @@
1672 + static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1673 + unsigned int *rsize)
1674 + {
1675 +- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
1676 ++ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
1677 + hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
1678 + rdesc[11] = rdesc[16] = 0xff;
1679 + rdesc[12] = rdesc[17] = 0x03;
1680 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
1681 index 64d79d2..6c83020 100644
1682 --- a/drivers/hid/hid-core.c
1683 @@ -39148,6 +39146,84 @@ index 64d79d2..6c83020 100644
1684
1685 hid_debug_register(hdev, dev_name(&hdev->dev));
1686 ret = device_add(&hdev->dev);
1687 +diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
1688 +index f2ba9ef..25dfb5f 100644
1689 +--- a/drivers/hid/hid-kye.c
1690 ++++ b/drivers/hid/hid-kye.c
1691 +@@ -26,7 +26,7 @@
1692 + static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1693 + unsigned int *rsize)
1694 + {
1695 +- if (*rsize >= 74 &&
1696 ++ if (*rsize >= 75 &&
1697 + rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
1698 + rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
1699 + rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
1700 +diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
1701 +index e7a7bd1..3ad6cd4 100644
1702 +--- a/drivers/hid/hid-lg.c
1703 ++++ b/drivers/hid/hid-lg.c
1704 +@@ -111,14 +111,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1705 + {
1706 + unsigned long quirks = (unsigned long)hid_get_drvdata(hdev);
1707 +
1708 +- if ((quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
1709 ++ if ((quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
1710 + rdesc[84] == 0x8c && rdesc[85] == 0x02) {
1711 + hid_info(hdev,
1712 + "fixing up Logitech keyboard report descriptor\n");
1713 + rdesc[84] = rdesc[89] = 0x4d;
1714 + rdesc[85] = rdesc[90] = 0x10;
1715 + }
1716 +- if ((quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
1717 ++ if ((quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
1718 + rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
1719 + rdesc[49] == 0x81 && rdesc[50] == 0x06) {
1720 + hid_info(hdev,
1721 +diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
1722 +index 828a0dd..6efc0ea 100644
1723 +--- a/drivers/hid/hid-logitech-dj.c
1724 ++++ b/drivers/hid/hid-logitech-dj.c
1725 +@@ -230,13 +230,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
1726 + return;
1727 + }
1728 +
1729 +- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
1730 +- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
1731 +- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
1732 +- __func__, dj_report->device_index);
1733 +- return;
1734 +- }
1735 +-
1736 + if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
1737 + /* The device is already known. No need to reallocate it. */
1738 + dbg_hid("%s: device is already known\n", __func__);
1739 +@@ -713,6 +706,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
1740 + * device (via hid_input_report() ) and return 1 so hid-core does not do
1741 + * anything else with it.
1742 + */
1743 ++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
1744 ++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
1745 ++ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
1746 ++ __func__, dj_report->device_index);
1747 ++ return false;
1748 ++ }
1749 +
1750 + spin_lock_irqsave(&djrcv_dev->lock, flags);
1751 + if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
1752 +diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
1753 +index dedf757..eb0271e 100644
1754 +--- a/drivers/hid/hid-monterey.c
1755 ++++ b/drivers/hid/hid-monterey.c
1756 +@@ -25,7 +25,7 @@
1757 + static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1758 + unsigned int *rsize)
1759 + {
1760 +- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
1761 ++ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
1762 + hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
1763 + rdesc[30] = 0x0c;
1764 + }
1765 diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
1766 index a605ba1..fb91952 100644
1767 --- a/drivers/hid/hid-multitouch.c
1768 @@ -39170,6 +39246,32 @@ index a605ba1..fb91952 100644
1769 }
1770
1771 /* we have handled the hidinput part, now remains hiddev */
1772 +diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
1773 +index f1ea3ff..99f317a 100644
1774 +--- a/drivers/hid/hid-petalynx.c
1775 ++++ b/drivers/hid/hid-petalynx.c
1776 +@@ -26,7 +26,7 @@
1777 + static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1778 + unsigned int *rsize)
1779 + {
1780 +- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
1781 ++ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
1782 + rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
1783 + rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
1784 + hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
1785 +diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
1786 +index d484a00..3d6ae7b 100644
1787 +--- a/drivers/hid/hid-sunplus.c
1788 ++++ b/drivers/hid/hid-sunplus.c
1789 +@@ -25,7 +25,7 @@
1790 + static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1791 + unsigned int *rsize)
1792 + {
1793 +- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
1794 ++ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
1795 + rdesc[106] == 0x03) {
1796 + hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
1797 + rdesc[105] = rdesc[110] = 0x03;
1798 diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
1799 index 4ef02b2..8a96831 100644
1800 --- a/drivers/hid/usbhid/hiddev.c
1801 @@ -60322,10 +60424,60 @@ index e2d3633..da449b7 100644
1802 spin_unlock(&inode->i_lock);
1803 }
1804 diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
1805 -index a5f25a7..8ac9cc8 100644
1806 +index a5f25a7..e2f03bf 100644
1807 --- a/fs/isofs/inode.c
1808 +++ b/fs/isofs/inode.c
1809 -@@ -1539,6 +1539,8 @@ static struct file_system_type iso9660_fs_type = {
1810 +@@ -68,7 +68,7 @@ static void isofs_put_super(struct super_block *sb)
1811 + return;
1812 + }
1813 +
1814 +-static int isofs_read_inode(struct inode *);
1815 ++static int isofs_read_inode(struct inode *, int relocated);
1816 + static int isofs_statfs (struct dentry *, struct kstatfs *);
1817 +
1818 + static struct kmem_cache *isofs_inode_cachep;
1819 +@@ -1263,7 +1263,7 @@ out_toomany:
1820 + goto out;
1821 + }
1822 +
1823 +-static int isofs_read_inode(struct inode *inode)
1824 ++static int isofs_read_inode(struct inode *inode, int relocated)
1825 + {
1826 + struct super_block *sb = inode->i_sb;
1827 + struct isofs_sb_info *sbi = ISOFS_SB(sb);
1828 +@@ -1408,7 +1408,7 @@ static int isofs_read_inode(struct inode *inode)
1829 + */
1830 +
1831 + if (!high_sierra) {
1832 +- parse_rock_ridge_inode(de, inode);
1833 ++ parse_rock_ridge_inode(de, inode, relocated);
1834 + /* if we want uid/gid set, override the rock ridge setting */
1835 + if (sbi->s_uid_set)
1836 + inode->i_uid = sbi->s_uid;
1837 +@@ -1487,9 +1487,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
1838 + * offset that point to the underlying meta-data for the inode. The
1839 + * code below is otherwise similar to the iget() code in
1840 + * include/linux/fs.h */
1841 +-struct inode *isofs_iget(struct super_block *sb,
1842 +- unsigned long block,
1843 +- unsigned long offset)
1844 ++struct inode *__isofs_iget(struct super_block *sb,
1845 ++ unsigned long block,
1846 ++ unsigned long offset,
1847 ++ int relocated)
1848 + {
1849 + unsigned long hashval;
1850 + struct inode *inode;
1851 +@@ -1511,7 +1512,7 @@ struct inode *isofs_iget(struct super_block *sb,
1852 + return ERR_PTR(-ENOMEM);
1853 +
1854 + if (inode->i_state & I_NEW) {
1855 +- ret = isofs_read_inode(inode);
1856 ++ ret = isofs_read_inode(inode, relocated);
1857 + if (ret < 0) {
1858 + iget_failed(inode);
1859 + inode = ERR_PTR(ret);
1860 +@@ -1539,6 +1540,8 @@ static struct file_system_type iso9660_fs_type = {
1861 .kill_sb = kill_block_super,
1862 .fs_flags = FS_REQUIRES_DEV,
1863 };
1864 @@ -60334,12 +60486,137 @@ index a5f25a7..8ac9cc8 100644
1865
1866 static int __init init_iso9660_fs(void)
1867 {
1868 -@@ -1576,5 +1578,3 @@ static void __exit exit_iso9660_fs(void)
1869 +@@ -1576,5 +1579,3 @@ static void __exit exit_iso9660_fs(void)
1870 module_init(init_iso9660_fs)
1871 module_exit(exit_iso9660_fs)
1872 MODULE_LICENSE("GPL");
1873 -/* Actual filesystem name is iso9660, as requested in filesystems.c */
1874 -MODULE_ALIAS("iso9660");
1875 +diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
1876 +index 7d33de8..f9c9793 100644
1877 +--- a/fs/isofs/isofs.h
1878 ++++ b/fs/isofs/isofs.h
1879 +@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
1880 +
1881 + struct inode; /* To make gcc happy */
1882 +
1883 +-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
1884 ++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
1885 + extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
1886 + extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
1887 +
1888 +@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, struct namei
1889 + extern struct buffer_head *isofs_bread(struct inode *, sector_t);
1890 + extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
1891 +
1892 +-extern struct inode *isofs_iget(struct super_block *sb,
1893 +- unsigned long block,
1894 +- unsigned long offset);
1895 ++struct inode *__isofs_iget(struct super_block *sb,
1896 ++ unsigned long block,
1897 ++ unsigned long offset,
1898 ++ int relocated);
1899 ++
1900 ++static inline struct inode *isofs_iget(struct super_block *sb,
1901 ++ unsigned long block,
1902 ++ unsigned long offset)
1903 ++{
1904 ++ return __isofs_iget(sb, block, offset, 0);
1905 ++}
1906 ++
1907 ++static inline struct inode *isofs_iget_reloc(struct super_block *sb,
1908 ++ unsigned long block,
1909 ++ unsigned long offset)
1910 ++{
1911 ++ return __isofs_iget(sb, block, offset, 1);
1912 ++}
1913 +
1914 + /* Because the inode number is no longer relevant to finding the
1915 + * underlying meta-data for an inode, we are free to choose a more
1916 +diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
1917 +index 70e79d0..ee62cc0 100644
1918 +--- a/fs/isofs/rock.c
1919 ++++ b/fs/isofs/rock.c
1920 +@@ -288,12 +288,16 @@ eio:
1921 + goto out;
1922 + }
1923 +
1924 ++#define RR_REGARD_XA 1
1925 ++#define RR_RELOC_DE 2
1926 ++
1927 + static int
1928 + parse_rock_ridge_inode_internal(struct iso_directory_record *de,
1929 +- struct inode *inode, int regard_xa)
1930 ++ struct inode *inode, int flags)
1931 + {
1932 + int symlink_len = 0;
1933 + int cnt, sig;
1934 ++ unsigned int reloc_block;
1935 + struct inode *reloc;
1936 + struct rock_ridge *rr;
1937 + int rootflag;
1938 +@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
1939 +
1940 + init_rock_state(&rs, inode);
1941 + setup_rock_ridge(de, inode, &rs);
1942 +- if (regard_xa) {
1943 ++ if (flags & RR_REGARD_XA) {
1944 + rs.chr += 14;
1945 + rs.len -= 14;
1946 + if (rs.len < 0)
1947 +@@ -485,12 +489,22 @@ repeat:
1948 + "relocated directory\n");
1949 + goto out;
1950 + case SIG('C', 'L'):
1951 +- ISOFS_I(inode)->i_first_extent =
1952 +- isonum_733(rr->u.CL.location);
1953 +- reloc =
1954 +- isofs_iget(inode->i_sb,
1955 +- ISOFS_I(inode)->i_first_extent,
1956 +- 0);
1957 ++ if (flags & RR_RELOC_DE) {
1958 ++ printk(KERN_ERR
1959 ++ "ISOFS: Recursive directory relocation "
1960 ++ "is not supported\n");
1961 ++ goto eio;
1962 ++ }
1963 ++ reloc_block = isonum_733(rr->u.CL.location);
1964 ++ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
1965 ++ ISOFS_I(inode)->i_iget5_offset == 0) {
1966 ++ printk(KERN_ERR
1967 ++ "ISOFS: Directory relocation points to "
1968 ++ "itself\n");
1969 ++ goto eio;
1970 ++ }
1971 ++ ISOFS_I(inode)->i_first_extent = reloc_block;
1972 ++ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
1973 + if (IS_ERR(reloc)) {
1974 + ret = PTR_ERR(reloc);
1975 + goto out;
1976 +@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
1977 + return rpnt;
1978 + }
1979 +
1980 +-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
1981 ++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
1982 ++ int relocated)
1983 + {
1984 +- int result = parse_rock_ridge_inode_internal(de, inode, 0);
1985 ++ int flags = relocated ? RR_RELOC_DE : 0;
1986 ++ int result = parse_rock_ridge_inode_internal(de, inode, flags);
1987 +
1988 + /*
1989 + * if rockridge flag was reset and we didn't look for attributes
1990 +@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
1991 + */
1992 + if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
1993 + && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
1994 +- result = parse_rock_ridge_inode_internal(de, inode, 14);
1995 ++ result = parse_rock_ridge_inode_internal(de, inode,
1996 ++ flags | RR_REGARD_XA);
1997 + }
1998 + return result;
1999 + }
2000 diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
2001 index e513f19..2ab1351 100644
2002 --- a/fs/jffs2/erase.c
2003 @@ -65123,10 +65400,10 @@ index 8a89949..6776861 100644
2004 xfs_init_zones(void)
2005 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
2006 new file mode 100644
2007 -index 0000000..155d9f5
2008 +index 0000000..5200d7b
2009 --- /dev/null
2010 +++ b/grsecurity/Kconfig
2011 -@@ -0,0 +1,1162 @@
2012 +@@ -0,0 +1,1152 @@
2013 +#
2014 +# grecurity configuration
2015 +#
2016 @@ -66045,16 +66322,6 @@ index 0000000..155d9f5
2017 +menu "Network Protections"
2018 +depends on GRKERNSEC
2019 +
2020 -+config GRKERNSEC_RANDNET
2021 -+ bool "Larger entropy pools"
2022 -+ default y if GRKERNSEC_CONFIG_AUTO
2023 -+ help
2024 -+ If you say Y here, the entropy pools used for many features of Linux
2025 -+ and grsecurity will be doubled in size. Since several grsecurity
2026 -+ features use additional randomness, it is recommended that you say Y
2027 -+ here. Saying Y here has a similar effect as modifying
2028 -+ /proc/sys/kernel/random/poolsize.
2029 -+
2030 +config GRKERNSEC_BLACKHOLE
2031 + bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
2032 + default y if GRKERNSEC_CONFIG_AUTO
2033 @@ -104538,10 +104805,26 @@ index b4d889b..bb33240 100644
2034 *uaddr_len = sizeof(struct sockaddr_ax25);
2035 }
2036 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
2037 -index 4f19bf2..5770069 100644
2038 +index 4f19bf2..e3a2b51 100644
2039 --- a/net/packet/af_packet.c
2040 +++ b/net/packet/af_packet.c
2041 -@@ -1678,7 +1678,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
2042 +@@ -195,6 +195,7 @@ struct tpacket_kbdq_core {
2043 + char *pkblk_start;
2044 + char *pkblk_end;
2045 + int kblk_size;
2046 ++ unsigned int max_frame_len;
2047 + unsigned int knum_blocks;
2048 + uint64_t knxt_seq_num;
2049 + char *prev;
2050 +@@ -616,6 +617,7 @@ static void init_prb_bdqc(struct packet_sock *po,
2051 + p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
2052 + p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
2053 +
2054 ++ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
2055 + prb_init_ft_ops(p1, req_u);
2056 + prb_setup_retire_blk_timer(po, tx_ring);
2057 + prb_open_block(p1, pbd);
2058 +@@ -1678,7 +1680,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
2059
2060 spin_lock(&sk->sk_receive_queue.lock);
2061 po->stats.tp_packets++;
2062 @@ -104550,7 +104833,7 @@ index 4f19bf2..5770069 100644
2063 __skb_queue_tail(&sk->sk_receive_queue, skb);
2064 spin_unlock(&sk->sk_receive_queue.lock);
2065 sk->sk_data_ready(sk, skb->len);
2066 -@@ -1687,7 +1687,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
2067 +@@ -1687,7 +1689,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
2068 drop_n_acct:
2069 spin_lock(&sk->sk_receive_queue.lock);
2070 po->stats.tp_drops++;
2071 @@ -104559,7 +104842,26 @@ index 4f19bf2..5770069 100644
2072 spin_unlock(&sk->sk_receive_queue.lock);
2073
2074 drop_n_restore:
2075 -@@ -2623,6 +2623,7 @@ out:
2076 +@@ -1778,6 +1780,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
2077 + if ((int)snaplen < 0)
2078 + snaplen = 0;
2079 + }
2080 ++ } else if (unlikely(macoff + snaplen >
2081 ++ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
2082 ++ u32 nval;
2083 ++
2084 ++ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
2085 ++ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
2086 ++ snaplen, nval, macoff);
2087 ++ snaplen = nval;
2088 ++ if (unlikely((int)snaplen < 0)) {
2089 ++ snaplen = 0;
2090 ++ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
2091 ++ }
2092 + }
2093 + spin_lock(&sk->sk_receive_queue.lock);
2094 + h.raw = packet_current_rx_frame(po, skb,
2095 +@@ -2623,6 +2637,7 @@ out:
2096
2097 static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
2098 {
2099 @@ -104567,7 +104869,7 @@ index 4f19bf2..5770069 100644
2100 struct sock_exterr_skb *serr;
2101 struct sk_buff *skb, *skb2;
2102 int copied, err;
2103 -@@ -2644,8 +2645,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
2104 +@@ -2644,8 +2659,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
2105 sock_recv_timestamp(msg, sk, skb);
2106
2107 serr = SKB_EXT_ERR(skb);
2108 @@ -104578,7 +104880,7 @@ index 4f19bf2..5770069 100644
2109
2110 msg->msg_flags |= MSG_ERRQUEUE;
2111 err = copied;
2112 -@@ -3273,7 +3275,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
2113 +@@ -3273,7 +3289,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
2114 case PACKET_HDRLEN:
2115 if (len > sizeof(int))
2116 len = sizeof(int);
2117 @@ -104587,7 +104889,7 @@ index 4f19bf2..5770069 100644
2118 return -EFAULT;
2119 switch (val) {
2120 case TPACKET_V1:
2121 -@@ -3323,7 +3325,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
2122 +@@ -3323,7 +3339,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
2123
2124 if (put_user(len, optlen))
2125 return -EFAULT;
2126 @@ -104600,6 +104902,17 @@ index 4f19bf2..5770069 100644
2127 return -EFAULT;
2128 return 0;
2129 }
2130 +@@ -3614,6 +3634,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
2131 + goto out;
2132 + if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
2133 + goto out;
2134 ++ if (po->tp_version >= TPACKET_V3 &&
2135 ++ (int)(req->tp_block_size -
2136 ++ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
2137 ++ goto out;
2138 + if (unlikely(req->tp_frame_size < po->tp_hdrlen +
2139 + po->tp_reserve))
2140 + goto out;
2141 diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
2142 index d65f699..855d175 100644
2143 --- a/net/phonet/af_phonet.c
2144
2145 diff --git a/3.2.62/4450_grsec-kconfig-default-gids.patch b/3.2.62/4450_grsec-kconfig-default-gids.patch
2146 index e3c7c72..363dc64 100644
2147 --- a/3.2.62/4450_grsec-kconfig-default-gids.patch
2148 +++ b/3.2.62/4450_grsec-kconfig-default-gids.patch
2149 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2150 help
2151 Setting this GID determines what group TPE restrictions will be
2152 *disabled* for. If the sysctl option is enabled, a sysctl option
2153 -@@ -999,7 +999,7 @@
2154 +@@ -989,7 +989,7 @@
2155 config GRKERNSEC_SOCKET_ALL_GID
2156 int "GID to deny all sockets for"
2157 depends on GRKERNSEC_SOCKET_ALL
2158 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2159 help
2160 Here you can choose the GID to disable socket access for. Remember to
2161 add the users you want socket access disabled for to the GID
2162 -@@ -1020,7 +1020,7 @@
2163 +@@ -1010,7 +1010,7 @@
2164 config GRKERNSEC_SOCKET_CLIENT_GID
2165 int "GID to deny client sockets for"
2166 depends on GRKERNSEC_SOCKET_CLIENT
2167 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2168 help
2169 Here you can choose the GID to disable client socket access for.
2170 Remember to add the users you want client socket access disabled for to
2171 -@@ -1038,7 +1038,7 @@
2172 +@@ -1028,7 +1028,7 @@
2173 config GRKERNSEC_SOCKET_SERVER_GID
2174 int "GID to deny server sockets for"
2175 depends on GRKERNSEC_SOCKET_SERVER
2176
2177 diff --git a/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
2178 index 035fe2d..3b873e1 100644
2179 --- a/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
2180 +++ b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
2181 @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
2182 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2183 --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
2184 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
2185 -@@ -1133,6 +1133,27 @@
2186 +@@ -1123,6 +1123,27 @@
2187 menu "Logging Options"
2188 depends on GRKERNSEC
Report Message
Find on MARC Find on Google Groups