main/linux-grsec: upgrade to 2.2.2-3.2.2-201201290115

Fixes rx_dropped overflow problem http://forums.grsecurity.net/viewtopic.php?f=3&t=2933
author: Natanael Copa <ncopa@alpinelinux.org> 2012-01-30 14:53:17 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2012-01-30 15:00:25 +0000
commit: 7e0f5e1f0efdfec7d09919a6f19b259132b7b5bb (patch)
tree: ac5b0979e677e3cf45093f08e12fd86e484e86e3 /main/linux-grsec
parent: a5ebc4e938bff146f881f09edd4beddffdb54468 (diff)
download: aports-7e0f5e1f0efdfec7d09919a6f19b259132b7b5bb.tar.bz2
aports-7e0f5e1f0efdfec7d09919a6f19b259132b7b5bb.tar.xz
2 files changed, 559 insertions, 61 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index c846f07ee1..f5bc959faa 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=3.2.2
 _kernver=3.2
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
 	ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
-	grsecurity-2.2.2-3.2.2-201201252117.patch
+	grsecurity-2.2.2-3.2.2-201201290115.patch
 	
 	0004-arp-flush-arp-cache-on-device-change.patch
 
@@ -141,7 +141,7 @@ dev() {
 
 md5sums="7ceb61f87c097fc17509844b71268935  linux-3.2.tar.bz2
 e9e53fba37c5e2afa4cdecab234120bd  patch-3.2.2.bz2
-c50a77c1b3a7317fad080e64569ad8dd  grsecurity-2.2.2-3.2.2-201201252117.patch
+55e85afceade7adcc216f26996549f1f  grsecurity-2.2.2-3.2.2-201201290115.patch
 776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
 f3eda7112ef074a4121ec6de943c63ee  x86-centaur-enable-cx8-for-via-eden-too.patch
 62cc7d7b5ba7ef05b72ff91c0411c189  linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201252117.patch b/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201290115.patch
index 4d4d52eccf..407965667a 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201252117.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201290115.patch
@@ -12223,9 +12223,18 @@ index 2af127d..8ff7ac0 100644
  	atomic_set(&mce_callin, 0);
  	atomic_set(&global_nwo, 0);
 diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
-index 5c0e653..1e82c7c 100644
+index 5c0e653..51ddf2c 100644
 --- a/arch/x86/kernel/cpu/mcheck/p5.c
 +++ b/arch/x86/kernel/cpu/mcheck/p5.c
+@@ -11,7 +11,7 @@
+ #include <asm/processor.h>
+ #include <asm/system.h>
+ #include <asm/mce.h>
+-#include <asm/msr.h>
++#include <asm/pgtable.h>
+ 
+ /* By default disabled */
+ int mce_p5_enabled __read_mostly;
 @@ -50,7 +50,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
  	if (!cpu_has(c, X86_FEATURE_MCE))
  		return;
@@ -12237,10 +12246,18 @@ index 5c0e653..1e82c7c 100644
  	wmb();
  
 diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
-index 54060f5..e6ba93d 100644
+index 54060f5..c1a7577 100644
 --- a/arch/x86/kernel/cpu/mcheck/winchip.c
 +++ b/arch/x86/kernel/cpu/mcheck/winchip.c
-@@ -24,7 +24,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c)
+@@ -11,6 +11,7 @@
+ #include <asm/system.h>
+ #include <asm/mce.h>
+ #include <asm/msr.h>
++#include <asm/pgtable.h>
+ 
+ /* Machine check handler for WinChip C6: */
+ static void winchip_machine_check(struct pt_regs *regs, long error_code)
+@@ -24,7 +25,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c)
  {
  	u32 lo, hi;
  
@@ -15883,7 +15900,7 @@ index 3ca42d0..7cff8cc 100644
  
  static void microcode_fini_cpu(int cpu)
 diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
-index 925179f..85bec6c 100644
+index 925179f..267ac7a 100644
 --- a/arch/x86/kernel/module.c
 +++ b/arch/x86/kernel/module.c
 @@ -36,15 +36,60 @@
@@ -15893,7 +15910,8 @@ index 925179f..85bec6c 100644
 -void *module_alloc(unsigned long size)
 +static inline void *__module_alloc(unsigned long size, pgprot_t prot)
  {
- 	if (PAGE_ALIGN(size) > MODULES_LEN)
+-	if (PAGE_ALIGN(size) > MODULES_LEN)
++	if (size == 0 || PAGE_ALIGN(size) > MODULES_LEN)
  		return NULL;
  	return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END,
 -				GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
@@ -24976,6 +24994,109 @@ index 671d4d6..5f24030 100644
  
  static void cryptd_queue_worker(struct work_struct *work);
  
+diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
+index 9ed9f60..88f160b 100644
+--- a/crypto/sha512_generic.c
++++ b/crypto/sha512_generic.c
+@@ -21,8 +21,6 @@
+ #include <linux/percpu.h>
+ #include <asm/byteorder.h>
+ 
+-static DEFINE_PER_CPU(u64[80], msg_schedule);
+-
+ static inline u64 Ch(u64 x, u64 y, u64 z)
+ {
+         return z ^ (x & (y ^ z));
+@@ -80,7 +78,7 @@ static inline void LOAD_OP(int I, u64 *W, const u8 *input)
+ 
+ static inline void BLEND_OP(int I, u64 *W)
+ {
+-	W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
++	W[I % 16] += s1(W[(I-2) % 16]) + W[(I-7) % 16] + s0(W[(I-15) % 16]);
+ }
+ 
+ static void
+@@ -89,38 +87,48 @@ sha512_transform(u64 *state, const u8 *input)
+ 	u64 a, b, c, d, e, f, g, h, t1, t2;
+ 
+ 	int i;
+-	u64 *W = get_cpu_var(msg_schedule);
++	u64 W[16];
+ 
+ 	/* load the input */
+         for (i = 0; i < 16; i++)
+                 LOAD_OP(i, W, input);
+ 
+-        for (i = 16; i < 80; i++) {
+-                BLEND_OP(i, W);
+-        }
+-
+ 	/* load the state into our registers */
+ 	a=state[0];   b=state[1];   c=state[2];   d=state[3];
+ 	e=state[4];   f=state[5];   g=state[6];   h=state[7];
+ 
+-	/* now iterate */
+-	for (i=0; i<80; i+=8) {
+-		t1 = h + e1(e) + Ch(e,f,g) + sha512_K[i  ] + W[i  ];
+-		t2 = e0(a) + Maj(a,b,c);    d+=t1;    h=t1+t2;
+-		t1 = g + e1(d) + Ch(d,e,f) + sha512_K[i+1] + W[i+1];
+-		t2 = e0(h) + Maj(h,a,b);    c+=t1;    g=t1+t2;
+-		t1 = f + e1(c) + Ch(c,d,e) + sha512_K[i+2] + W[i+2];
+-		t2 = e0(g) + Maj(g,h,a);    b+=t1;    f=t1+t2;
+-		t1 = e + e1(b) + Ch(b,c,d) + sha512_K[i+3] + W[i+3];
+-		t2 = e0(f) + Maj(f,g,h);    a+=t1;    e=t1+t2;
+-		t1 = d + e1(a) + Ch(a,b,c) + sha512_K[i+4] + W[i+4];
+-		t2 = e0(e) + Maj(e,f,g);    h+=t1;    d=t1+t2;
+-		t1 = c + e1(h) + Ch(h,a,b) + sha512_K[i+5] + W[i+5];
+-		t2 = e0(d) + Maj(d,e,f);    g+=t1;    c=t1+t2;
+-		t1 = b + e1(g) + Ch(g,h,a) + sha512_K[i+6] + W[i+6];
+-		t2 = e0(c) + Maj(c,d,e);    f+=t1;    b=t1+t2;
+-		t1 = a + e1(f) + Ch(f,g,h) + sha512_K[i+7] + W[i+7];
+-		t2 = e0(b) + Maj(b,c,d);    e+=t1;    a=t1+t2;
++#define SHA512_0_15(i, a, b, c, d, e, f, g, h)			\
++	t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i];	\
++	t2 = e0(a) + Maj(a, b, c);				\
++	d += t1;						\
++	h = t1 + t2
++
++#define SHA512_16_79(i, a, b, c, d, e, f, g, h)			\
++	BLEND_OP(i, W);						\
++	t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i)%16];	\
++	t2 = e0(a) + Maj(a, b, c);				\
++	d += t1;						\
++	h = t1 + t2
++
++	for (i = 0; i < 16; i += 8) {
++		SHA512_0_15(i, a, b, c, d, e, f, g, h);
++		SHA512_0_15(i + 1, h, a, b, c, d, e, f, g);
++		SHA512_0_15(i + 2, g, h, a, b, c, d, e, f);
++		SHA512_0_15(i + 3, f, g, h, a, b, c, d, e);
++		SHA512_0_15(i + 4, e, f, g, h, a, b, c, d);
++		SHA512_0_15(i + 5, d, e, f, g, h, a, b, c);
++		SHA512_0_15(i + 6, c, d, e, f, g, h, a, b);
++		SHA512_0_15(i + 7, b, c, d, e, f, g, h, a);
++	}
++	for (i = 16; i < 80; i += 8) {
++		SHA512_16_79(i, a, b, c, d, e, f, g, h);
++		SHA512_16_79(i + 1, h, a, b, c, d, e, f, g);
++		SHA512_16_79(i + 2, g, h, a, b, c, d, e, f);
++		SHA512_16_79(i + 3, f, g, h, a, b, c, d, e);
++		SHA512_16_79(i + 4, e, f, g, h, a, b, c, d);
++		SHA512_16_79(i + 5, d, e, f, g, h, a, b, c);
++		SHA512_16_79(i + 6, c, d, e, f, g, h, a, b);
++		SHA512_16_79(i + 7, b, c, d, e, f, g, h, a);
+ 	}
+ 
+ 	state[0] += a; state[1] += b; state[2] += c; state[3] += d;
+@@ -128,8 +136,6 @@ sha512_transform(u64 *state, const u8 *input)
+ 
+ 	/* erase our data */
+ 	a = b = c = d = e = f = g = h = t1 = t2 = 0;
+-	memset(W, 0, sizeof(__get_cpu_var(msg_schedule)));
+-	put_cpu_var(msg_schedule);
+ }
+ 
+ static int
 diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c
 index 5d41894..22021e4 100644
 --- a/drivers/acpi/apei/cper.c
@@ -41282,8 +41403,80 @@ index f7908ae..920a680 100644
  
  	dcache_init();
  	inode_init();
+diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
+index 2a83425..b082cec 100644
+--- a/fs/ecryptfs/crypto.c
++++ b/fs/ecryptfs/crypto.c
+@@ -417,17 +417,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
+ 			(unsigned long long)(extent_base + extent_offset), rc);
+ 		goto out;
+ 	}
+-	if (unlikely(ecryptfs_verbosity > 0)) {
+-		ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
+-				"with iv:\n");
+-		ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
+-		ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
+-				"encryption:\n");
+-		ecryptfs_dump_hex((char *)
+-				  (page_address(page)
+-				   + (extent_offset * crypt_stat->extent_size)),
+-				  8);
+-	}
+ 	rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
+ 					  page, (extent_offset
+ 						 * crypt_stat->extent_size),
+@@ -440,14 +429,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
+ 		goto out;
+ 	}
+ 	rc = 0;
+-	if (unlikely(ecryptfs_verbosity > 0)) {
+-		ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; "
+-			"rc = [%d]\n",
+-			(unsigned long long)(extent_base + extent_offset), rc);
+-		ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
+-				"encryption:\n");
+-		ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
+-	}
+ out:
+ 	return rc;
+ }
+@@ -543,17 +524,6 @@ static int ecryptfs_decrypt_extent(struct page *page,
+ 			(unsigned long long)(extent_base + extent_offset), rc);
+ 		goto out;
+ 	}
+-	if (unlikely(ecryptfs_verbosity > 0)) {
+-		ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
+-				"with iv:\n");
+-		ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
+-		ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
+-				"decryption:\n");
+-		ecryptfs_dump_hex((char *)
+-				  (page_address(enc_extent_page)
+-				   + (extent_offset * crypt_stat->extent_size)),
+-				  8);
+-	}
+ 	rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
+ 					  (extent_offset
+ 					   * crypt_stat->extent_size),
+@@ -567,16 +537,6 @@ static int ecryptfs_decrypt_extent(struct page *page,
+ 		goto out;
+ 	}
+ 	rc = 0;
+-	if (unlikely(ecryptfs_verbosity > 0)) {
+-		ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; "
+-			"rc = [%d]\n",
+-			(unsigned long long)(extent_base + extent_offset), rc);
+-		ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
+-				"decryption:\n");
+-		ecryptfs_dump_hex((char *)(page_address(page)
+-					   + (extent_offset
+-					      * crypt_stat->extent_size)), 8);
+-	}
+ out:
+ 	return rc;
+ }
 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
-index 32f90a3..0be89e0 100644
+index 32f90a3..a766407 100644
 --- a/fs/ecryptfs/inode.c
 +++ b/fs/ecryptfs/inode.c
 @@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
@@ -41313,8 +41506,84 @@ index 32f90a3..0be89e0 100644
  	if (!IS_ERR(buf)) {
  		/* Free the char* */
  		kfree(buf);
+@@ -841,18 +841,6 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia,
+ 		size_t num_zeros = (PAGE_CACHE_SIZE
+ 				    - (ia->ia_size & ~PAGE_CACHE_MASK));
+ 
+-
+-		/*
+-		 * XXX(truncate) this should really happen at the begginning
+-		 * of ->setattr.  But the code is too messy to that as part
+-		 * of a larger patch.  ecryptfs is also totally missing out
+-		 * on the inode_change_ok check at the beginning of
+-		 * ->setattr while would include this.
+-		 */
+-		rc = inode_newsize_ok(inode, ia->ia_size);
+-		if (rc)
+-			goto out;
+-
+ 		if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
+ 			truncate_setsize(inode, ia->ia_size);
+ 			lower_ia->ia_size = ia->ia_size;
+@@ -902,6 +890,28 @@ out:
+ 	return rc;
+ }
+ 
++static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset)
++{
++	struct ecryptfs_crypt_stat *crypt_stat;
++	loff_t lower_oldsize, lower_newsize;
++
++	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
++	lower_oldsize = upper_size_to_lower_size(crypt_stat,
++						 i_size_read(inode));
++	lower_newsize = upper_size_to_lower_size(crypt_stat, offset);
++	if (lower_newsize > lower_oldsize) {
++		/*
++		 * The eCryptfs inode and the new *lower* size are mixed here
++		 * because we may not have the lower i_mutex held and/or it may
++		 * not be appropriate to call inode_newsize_ok() with inodes
++		 * from other filesystems.
++		 */
++		return inode_newsize_ok(inode, lower_newsize);
++	}
++
++	return 0;
++}
++
+ /**
+  * ecryptfs_truncate
+  * @dentry: The ecryptfs layer dentry
+@@ -918,6 +928,10 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
+ 	struct iattr lower_ia = { .ia_valid = 0 };
+ 	int rc;
+ 
++	rc = ecryptfs_inode_newsize_ok(dentry->d_inode, new_length);
++	if (rc)
++		return rc;
++
+ 	rc = truncate_upper(dentry, &ia, &lower_ia);
+ 	if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
+ 		struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
+@@ -997,6 +1011,16 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
+ 		}
+ 	}
+ 	mutex_unlock(&crypt_stat->cs_mutex);
++
++	rc = inode_change_ok(inode, ia);
++	if (rc)
++		goto out;
++	if (ia->ia_valid & ATTR_SIZE) {
++		rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size);
++		if (rc)
++			goto out;
++	}
++
+ 	if (S_ISREG(inode->i_mode)) {
+ 		rc = filemap_write_and_wait(inode->i_mapping);
+ 		if (rc)
 diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
-index 940a82e..63af89e 100644
+index 940a82e..d3cdeea 100644
 --- a/fs/ecryptfs/miscdev.c
 +++ b/fs/ecryptfs/miscdev.c
 @@ -328,7 +328,7 @@ check_list:
@@ -41326,8 +41595,82 @@ index 940a82e..63af89e 100644
  			goto out_unlock_msg_ctx;
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
+@@ -409,11 +409,47 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
+ 	ssize_t sz = 0;
+ 	char *data;
+ 	uid_t euid = current_euid();
++	unsigned char packet_size_peek[3];
+ 	int rc;
+ 
+-	if (count == 0)
++	if (count == 0) {
+ 		goto out;
++	} else if (count == (1 + 4)) {
++		/* Likely a harmless MSG_HELO or MSG_QUIT - no packet length */
++		goto memdup;
++	} else if (count < (1 + 4 + 1)
++		   || count > (1 + 4 + 2 + sizeof(struct ecryptfs_message) + 4
++			       + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES)) {
++		printk(KERN_WARNING "%s: Acceptable packet size range is "
++		       "[%d-%lu], but amount of data written is [%zu].",
++		       __func__, (1 + 4 + 1),
++		       (1 + 4 + 2 + sizeof(struct ecryptfs_message) + 4
++			+ ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES), count);
++		return -EINVAL;
++	}
+ 
++	if (copy_from_user(packet_size_peek, (buf + 1 + 4),
++			   sizeof(packet_size_peek))) {
++		printk(KERN_WARNING "%s: Error while inspecting packet size\n",
++		       __func__);
++		return -EFAULT;
++	}
++
++	rc = ecryptfs_parse_packet_length(packet_size_peek, &packet_size,
++					  &packet_size_length);
++	if (rc) {
++		printk(KERN_WARNING "%s: Error parsing packet length; "
++		       "rc = [%d]\n", __func__, rc);
++		return rc;
++	}
++
++	if ((1 + 4 + packet_size_length + packet_size) != count) {
++		printk(KERN_WARNING "%s: Invalid packet size [%zu]\n", __func__,
++		       packet_size);
++		return -EINVAL;
++	}
++
++memdup:
+ 	data = memdup_user(buf, count);
+ 	if (IS_ERR(data)) {
+ 		printk(KERN_ERR "%s: memdup_user returned error [%ld]\n",
+@@ -435,23 +471,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
+ 		}
+ 		memcpy(&counter_nbo, &data[i], 4);
+ 		seq = be32_to_cpu(counter_nbo);
+-		i += 4;
+-		rc = ecryptfs_parse_packet_length(&data[i], &packet_size,
+-						  &packet_size_length);
+-		if (rc) {
+-			printk(KERN_WARNING "%s: Error parsing packet length; "
+-			       "rc = [%d]\n", __func__, rc);
+-			goto out_free;
+-		}
+-		i += packet_size_length;
+-		if ((1 + 4 + packet_size_length + packet_size) != count) {
+-			printk(KERN_WARNING "%s: (1 + packet_size_length([%zd])"
+-			       " + packet_size([%zd]))([%zd]) != "
+-			       "count([%zd]). Invalid packet format.\n",
+-			       __func__, packet_size_length, packet_size,
+-			       (1 + packet_size_length + packet_size), count);
+-			goto out_free;
+-		}
++		i += 4 + packet_size_length;
+ 		rc = ecryptfs_miscdev_response(&data[i], packet_size,
+ 					       euid, current_user_ns(),
+ 					       task_pid(current), seq);
 diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
-index 3745f7c..89cc7a3 100644
+index 3745f7c..7d040a8 100644
 --- a/fs/ecryptfs/read_write.c
 +++ b/fs/ecryptfs/read_write.c
 @@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
@@ -41339,7 +41682,53 @@ index 3745f7c..89cc7a3 100644
  	set_fs(fs_save);
  	mark_inode_dirty_sync(ecryptfs_inode);
  	return rc;
-@@ -235,7 +235,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
+@@ -130,13 +130,18 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset,
+ 		pgoff_t ecryptfs_page_idx = (pos >> PAGE_CACHE_SHIFT);
+ 		size_t start_offset_in_page = (pos & ~PAGE_CACHE_MASK);
+ 		size_t num_bytes = (PAGE_CACHE_SIZE - start_offset_in_page);
+-		size_t total_remaining_bytes = ((offset + size) - pos);
++		loff_t total_remaining_bytes = ((offset + size) - pos);
++
++		if (fatal_signal_pending(current)) {
++			rc = -EINTR;
++			break;
++		}
+ 
+ 		if (num_bytes > total_remaining_bytes)
+ 			num_bytes = total_remaining_bytes;
+ 		if (pos < offset) {
+ 			/* remaining zeros to write, up to destination offset */
+-			size_t total_remaining_zeros = (offset - pos);
++			loff_t total_remaining_zeros = (offset - pos);
+ 
+ 			if (num_bytes > total_remaining_zeros)
+ 				num_bytes = total_remaining_zeros;
+@@ -193,15 +198,19 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset,
+ 		}
+ 		pos += num_bytes;
+ 	}
+-	if ((offset + size) > ecryptfs_file_size) {
+-		i_size_write(ecryptfs_inode, (offset + size));
++	if (pos > ecryptfs_file_size) {
++		i_size_write(ecryptfs_inode, pos);
+ 		if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
+-			rc = ecryptfs_write_inode_size_to_metadata(
++			int rc2;
++
++			rc2 = ecryptfs_write_inode_size_to_metadata(
+ 								ecryptfs_inode);
+-			if (rc) {
++			if (rc2) {
+ 				printk(KERN_ERR	"Problem with "
+ 				       "ecryptfs_write_inode_size_to_metadata; "
+-				       "rc = [%d]\n", rc);
++				       "rc = [%d]\n", rc2);
++				if (!rc)
++					rc = rc2;
+ 				goto out;
+ 			}
+ 		}
+@@ -235,7 +244,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
  		return -EIO;
  	fs_save = get_fs();
  	set_fs(get_ds());
@@ -41349,7 +41738,7 @@ index 3745f7c..89cc7a3 100644
  	return rc;
  }
 diff --git a/fs/exec.c b/fs/exec.c
-index 3625464..d08b205 100644
+index 3625464..fac01f4 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -55,12 +55,28 @@
@@ -41671,7 +42060,7 @@ index 3625464..d08b205 100644
 +#endif
 +
 +	retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
-+					bprm->unsafe & LSM_UNSAFE_SHARE);
++					bprm->unsafe);
 +	if (retval < 0)
 +		goto out_fail;
 +
@@ -46762,12 +47151,26 @@ index 23ce927..e274cc1 100644
  
  	if (!IS_ERR(s))
  		kfree(s);
+diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
+index ce9268a..ee98d0b 100644
+--- a/fs/xfs/xfs_vnodeops.c
++++ b/fs/xfs/xfs_vnodeops.c
+@@ -131,7 +131,8 @@ xfs_readlink(
+ 			 __func__, (unsigned long long) ip->i_ino,
+ 			 (long long) pathlen);
+ 		ASSERT(0);
+-		return XFS_ERROR(EFSCORRUPTED);
++		error = XFS_ERROR(EFSCORRUPTED);
++		goto out;
+ 	}
+ 
+ 
 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
-index 0000000..fbe6950d9
+index 0000000..ab77366
 --- /dev/null
 +++ b/grsecurity/Kconfig
-@@ -0,0 +1,1067 @@
+@@ -0,0 +1,1065 @@
 +#
 +# grecurity configuration
 +#
@@ -47572,13 +47975,11 @@ index 0000000..fbe6950d9
 +config GRKERNSEC_PTRACE_READEXEC
 +	bool "Require read access to ptrace sensitive binaries"
 +	help
-+	  If you say Y here, read permission will be required by any unprivileged
-+	  process to ptrace suid/sgid binaries.  Note that the ability to
-+	  ptrace privileged binaries and retain that binary's privilege is
-+	  already not possible.  This option is useful in environments that
++	  If you say Y here, unprivileged users will not be able to ptrace unreadable
++	  binaries.  This option is useful in environments that
 +	  remove the read bits (e.g. file mode 4711) from suid binaries to
-+	  prevent infoleaking of their contents.  What this option adds
-+	  is consistency to the use of that file mode, as the binary could normally
++	  prevent infoleaking of their contents.  This option adds
++	  consistency to the use of that file mode, as the binary could normally
 +	  be read out when run without privileges while ptracing.
 +
 +	  If the sysctl option is enabled, a sysctl option with name "ptrace_readexec"
@@ -47879,10 +48280,10 @@ index 0000000..be9ae3a
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..09258e0
+index 0000000..d3b423d
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4156 @@
+@@ -0,0 +1,4155 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -47902,7 +48303,7 @@ index 0000000..09258e0
 +#include <linux/ptrace.h>
 +#include <linux/gracl.h>
 +#include <linux/gralloc.h>
-+#include <linux/grsecurity.h>
++#include <linux/security.h>
 +#include <linux/grinternal.h>
 +#include <linux/pid_namespace.h>
 +#include <linux/fdtable.h>
@@ -50411,7 +50812,7 @@ index 0000000..09258e0
 +
 +int
 +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
-+		  const int unsafe_share)
++		  const int unsafe_flags)
 +{
 +	struct task_struct *task = current;
 +	struct acl_subject_label *newacl;
@@ -50424,13 +50825,12 @@ index 0000000..09258e0
 +	newacl = chk_subj_label(dentry, mnt, task->role);
 +
 +	task_lock(task);
-+	if ((((task->ptrace & PT_PTRACED) || unsafe_share) &&
-+	     !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
++	if (unsafe_flags && !(task->acl->mode & GR_POVERRIDE) && (task->acl != newacl) &&
 +	     !(task->role->roletype & GR_ROLE_GOD) &&
 +	     !gr_search_file(dentry, GR_PTRACERD, mnt) &&
-+	     !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) {
++	     !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) {
 +                task_unlock(task);
-+		if (unsafe_share)
++		if (unsafe_flags & LSM_UNSAFE_SHARE)
 +			gr_log_fs_generic(GR_DONT_AUDIT, GR_UNSAFESHARE_EXEC_ACL_MSG, dentry, mnt);
 +		else
 +			gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
@@ -56548,10 +56948,10 @@ index 0000000..0dc13c3
 +EXPORT_SYMBOL(gr_log_timechange);
 diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
 new file mode 100644
-index 0000000..4a78774
+index 0000000..a35ba33
 --- /dev/null
 +++ b/grsecurity/grsec_tpe.c
-@@ -0,0 +1,39 @@
+@@ -0,0 +1,73 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/file.h>
@@ -56566,25 +56966,59 @@ index 0000000..4a78774
 +#ifdef CONFIG_GRKERNSEC
 +	struct inode *inode = file->f_path.dentry->d_parent->d_inode;
 +	const struct cred *cred = current_cred();
++	char *msg = NULL;
++	char *msg2 = NULL;
 +
-+	if (cred->uid && ((grsec_enable_tpe &&
++	// never restrict root
++	if (!cred->uid)
++		return 1;
++
++	if (grsec_enable_tpe) {
 +#ifdef CONFIG_GRKERNSEC_TPE_INVERT
-+	    ((grsec_enable_tpe_invert && !in_group_p(grsec_tpe_gid)) ||
-+	     (!grsec_enable_tpe_invert && in_group_p(grsec_tpe_gid)))
++		if (grsec_enable_tpe_invert && !in_group_p(grsec_tpe_gid))
++			msg = "not being in trusted group";
++		else if (!grsec_enable_tpe_invert && in_group_p(grsec_tpe_gid))
++			msg = "being in untrusted group";
 +#else
-+	    in_group_p(grsec_tpe_gid)
++		if (in_group_p(grsec_tpe_gid))
++			msg = "being in untrusted group";
 +#endif
-+	    ) || gr_acl_tpe_check()) &&
-+	    (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
-+						(inode->i_mode & S_IWOTH))))) {
-+		gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
++	}
++	if (!msg && gr_acl_tpe_check())
++		msg = "being in untrusted role";
++
++	// not in any affected group/role
++	if (!msg)
++		goto next_check;
++
++	if (inode->i_uid)
++		msg2 = "file in non-root-owned directory";
++	else if (inode->i_mode & S_IWOTH)
++		msg2 = "file in world-writable directory";
++	else if (inode->i_mode & S_IWGRP)
++		msg2 = "file in group-writable directory";
++
++	if (msg && msg2) {
++		char fullmsg[64] = {0};
++		snprintf(fullmsg, sizeof(fullmsg)-1, "%s and %s", msg, msg2);
++		gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, fullmsg, file->f_path.dentry, file->f_path.mnt);
 +		return 0;
 +	}
++	msg = NULL;
++next_check:
 +#ifdef CONFIG_GRKERNSEC_TPE_ALL
-+	if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
-+	    ((inode->i_uid && (inode->i_uid != cred->uid)) ||
-+	     (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
-+		gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
++	if (!grsec_enable_tpe || !grsec_enable_tpe_all)
++		return 1;
++
++	if (inode->i_uid && (inode->i_uid != cred->uid))
++		msg = "directory not owned by user";
++	else if (inode->i_mode & S_IWOTH)
++		msg = "file in world-writable directory";
++	else if (inode->i_mode & S_IWGRP)
++		msg = "file in group-writable directory";
++
++	if (msg) {
++		gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, msg, file->f_path.dentry, file->f_path.mnt);
 +		return 0;
 +	}
 +#endif
@@ -58614,7 +59048,7 @@ index 0000000..da390f1
 +#endif
 diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
 new file mode 100644
-index 0000000..cf49370
+index 0000000..b3347e2
 --- /dev/null
 +++ b/include/linux/grmsg.h
 @@ -0,0 +1,109 @@
@@ -58652,7 +59086,7 @@ index 0000000..cf49370
 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
-+#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
++#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.64s) of %.950s by "
 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
@@ -58725,11 +59159,11 @@ index 0000000..cf49370
 +#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
 +#define GR_VM86_MSG "denied use of vm86 by "
 +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
-+#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable suid/sgid binary %.950s by "
++#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
 new file mode 100644
-index 0000000..1ca3931
+index 0000000..eb4885f
 --- /dev/null
 +++ b/include/linux/grsecurity.h
 @@ -0,0 +1,233 @@
@@ -58886,7 +59320,7 @@ index 0000000..1ca3931
 +			      const gid_t gid);
 +int gr_set_proc_label(const struct dentry *dentry,
 +			const struct vfsmount *mnt,
-+			const int unsafe_share);
++			const int unsafe_flags);
 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
 +				const struct vfsmount *mnt);
 +__u32 gr_acl_handle_open(const struct dentry *dentry,
@@ -59680,7 +60114,7 @@ index ffc0213..2c1f2cb 100644
  	return nd->saved_names[nd->depth];
  }
 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index a82ad4d..be68b4b 100644
+index a82ad4d..90d15b7 100644
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
 @@ -949,6 +949,7 @@ struct net_device_ops {
@@ -59691,6 +60125,15 @@ index a82ad4d..be68b4b 100644
  
  /*
   *	The DEVICE structure.
+@@ -1088,7 +1089,7 @@ struct net_device {
+ 	int			iflink;
+ 
+ 	struct net_device_stats	stats;
+-	atomic_long_t		rx_dropped; /* dropped packets by core network
++	atomic_long_unchecked_t	rx_dropped; /* dropped packets by core network
+ 					     * Do not use this in drivers.
+ 					     */
+ 
 diff --git a/include/linux/netfilter/xt_gradm.h b/include/linux/netfilter/xt_gradm.h
 new file mode 100644
 index 0000000..33f4af8
@@ -60026,7 +60469,7 @@ index 2148b12..519b820 100644
  
  static inline void anon_vma_merge(struct vm_area_struct *vma,
 diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 1c4f3e9..e96dced 100644
+index 1c4f3e9..c5b241a 100644
 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
 @@ -101,6 +101,7 @@ struct bio_list;
@@ -60135,14 +60578,16 @@ index 1c4f3e9..e96dced 100644
  #ifdef CONFIG_DEBUG_MUTEXES
  	/* mutex deadlock detection */
  	struct mutex_waiter *blocked_on;
-@@ -1540,6 +1566,22 @@ struct task_struct {
+@@ -1540,6 +1566,24 @@ struct task_struct {
  	unsigned long default_timer_slack_ns;
  
  	struct list_head	*scm_work_list;
 +
 +#ifdef CONFIG_GRKERNSEC
 +	/* grsecurity */
++#ifdef CONFIG_GRKERNSEC_SETXID
 +	const struct cred *delayed_cred;
++#endif
 +	struct dentry *gr_chroot_dentry;
 +	struct acl_subject_label *acl;
 +	struct acl_role_label *role;
@@ -60158,7 +60603,7 @@ index 1c4f3e9..e96dced 100644
  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
  	/* Index of current stored address in ret_stack */
  	int curr_ret_stack;
-@@ -1574,6 +1616,51 @@ struct task_struct {
+@@ -1574,6 +1618,51 @@ struct task_struct {
  #endif
  };
  
@@ -60210,7 +60655,7 @@ index 1c4f3e9..e96dced 100644
  /* Future-safe accessor for struct task_struct's cpus_allowed. */
  #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
  
-@@ -2081,7 +2168,9 @@ void yield(void);
+@@ -2081,7 +2170,9 @@ void yield(void);
  extern struct exec_domain	default_exec_domain;
  
  union thread_union {
@@ -60220,7 +60665,7 @@ index 1c4f3e9..e96dced 100644
  	unsigned long stack[THREAD_SIZE/sizeof(long)];
  };
  
-@@ -2114,6 +2203,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2114,6 +2205,7 @@ extern struct pid_namespace init_pid_ns;
   */
  
  extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -60228,7 +60673,7 @@ index 1c4f3e9..e96dced 100644
  extern struct task_struct *find_task_by_pid_ns(pid_t nr,
  		struct pid_namespace *ns);
  
-@@ -2251,7 +2341,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2251,7 +2343,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
  extern void exit_itimers(struct signal_struct *);
  extern void flush_itimer_signals(void);
  
@@ -60237,7 +60682,7 @@ index 1c4f3e9..e96dced 100644
  
  extern void daemonize(const char *, ...);
  extern int allow_signal(int);
-@@ -2416,13 +2506,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2416,13 +2508,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
  
  #endif
  
@@ -69949,7 +70394,7 @@ index 716eb4a..8d10419 100644
  
  static const int *pcpu_unit_map __read_mostly;		/* cpu -> unit */
 diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
-index e920aa3..c19184f0 100644
+index e920aa3..78fe584 100644
 --- a/mm/process_vm_access.c
 +++ b/mm/process_vm_access.c
 @@ -13,6 +13,7 @@
@@ -69960,7 +70405,15 @@ index e920aa3..c19184f0 100644
  #include <linux/ptrace.h>
  #include <linux/slab.h>
  #include <linux/syscalls.h>
-@@ -264,13 +265,11 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
+@@ -258,19 +259,19 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
+ 	size_t iov_l_curr_offset = 0;
+ 	ssize_t iov_len;
+ 
++	return -ENOSYS; // PaX: until properly audited
++
+ 	/*
+ 	 * Work out how many pages of struct pages we're going to need
+ 	 * when eventually calling get_user_pages
  	 */
  	for (i = 0; i < riovcnt; i++) {
  		iov_len = rvec[i].iov_len;
@@ -69979,7 +70432,7 @@ index e920aa3..c19184f0 100644
  	}
  
  	if (nr_pages == 0)
-@@ -298,8 +297,13 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
+@@ -298,8 +299,13 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
  		goto free_proc_pages;
  	}
  
@@ -71914,7 +72367,7 @@ index 68bbf9f..5ef0d12 100644
  
  	return err;
 diff --git a/net/core/dev.c b/net/core/dev.c
-index 5a13edf..1bc016b 100644
+index 5a13edf..a6f2bd2 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
 @@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name)
@@ -71932,6 +72385,24 @@ index 5a13edf..1bc016b 100644
  	}
  }
  EXPORT_SYMBOL(dev_load);
+@@ -1573,7 +1577,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+ {
+ 	if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
+ 		if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
+-			atomic_long_inc(&dev->rx_dropped);
++			atomic_long_inc_unchecked(&dev->rx_dropped);
+ 			kfree_skb(skb);
+ 			return NET_RX_DROP;
+ 		}
+@@ -1583,7 +1587,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+ 	nf_reset(skb);
+ 
+ 	if (unlikely(!is_skb_forwardable(dev, skb))) {
+-		atomic_long_inc(&dev->rx_dropped);
++		atomic_long_inc_unchecked(&dev->rx_dropped);
+ 		kfree_skb(skb);
+ 		return NET_RX_DROP;
+ 	}
 @@ -2036,7 +2040,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
  
  struct dev_gso_cb {
@@ -71941,6 +72412,15 @@ index 5a13edf..1bc016b 100644
  
  #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
  
+@@ -2970,7 +2974,7 @@ enqueue:
+ 
+ 	local_irq_restore(flags);
+ 
+-	atomic_long_inc(&skb->dev->rx_dropped);
++	atomic_long_inc_unchecked(&skb->dev->rx_dropped);
+ 	kfree_skb(skb);
+ 	return NET_RX_DROP;
+ }
 @@ -3044,7 +3048,7 @@ int netif_rx_ni(struct sk_buff *skb)
  }
  EXPORT_SYMBOL(netif_rx_ni);
@@ -71950,6 +72430,15 @@ index 5a13edf..1bc016b 100644
  {
  	struct softnet_data *sd = &__get_cpu_var(softnet_data);
  
+@@ -3333,7 +3337,7 @@ ncls:
+ 	if (pt_prev) {
+ 		ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
+ 	} else {
+-		atomic_long_inc(&skb->dev->rx_dropped);
++		atomic_long_inc_unchecked(&skb->dev->rx_dropped);
+ 		kfree_skb(skb);
+ 		/* Jamal, now you will not able to escape explaining
+ 		 * me how you were going to use this. :-)
 @@ -3891,7 +3895,7 @@ void netif_napi_del(struct napi_struct *napi)
  }
  EXPORT_SYMBOL(netif_napi_del);
@@ -71959,6 +72448,15 @@ index 5a13edf..1bc016b 100644
  {
  	struct softnet_data *sd = &__get_cpu_var(softnet_data);
  	unsigned long time_limit = jiffies + 2;
+@@ -5949,7 +5953,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+ 	} else {
+ 		netdev_stats_to_stats64(storage, &dev->stats);
+ 	}
+-	storage->rx_dropped += atomic_long_read(&dev->rx_dropped);
++	storage->rx_dropped += atomic_long_read_unchecked(&dev->rx_dropped);
+ 	return storage;
+ }
+ EXPORT_SYMBOL(dev_get_stats);
 diff --git a/net/core/flow.c b/net/core/flow.c
 index e318c7e..168b1d0 100644
 --- a/net/core/flow.c
author	Natanael Copa <ncopa@alpinelinux.org>	2012-01-30 14:53:17 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2012-01-30 15:00:25 +0000
commit	7e0f5e1f0efdfec7d09919a6f19b259132b7b5bb (patch)
tree	ac5b0979e677e3cf45093f08e12fd86e484e86e3 /main/linux-grsec
parent	a5ebc4e938bff146f881f09edd4beddffdb54468 (diff)
download	aports-7e0f5e1f0efdfec7d09919a6f19b259132b7b5bb.tar.bz2 aports-7e0f5e1f0efdfec7d09919a6f19b259132b7b5bb.tar.xz