aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-02-06 16:10:42 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-02-06 16:10:42 +0000
commit0c443ee17c8acf05596f06b1d098bf8149de2f64 (patch)
tree5859272c560666f6074f33fc037b1cc77a484b3e /main/linux-grsec
parentccfb2bd320e6b91399acf24f713f4b8a67cbc6fe (diff)
downloadaports-0c443ee17c8acf05596f06b1d098bf8149de2f64.tar.bz2
aports-0c443ee17c8acf05596f06b1d098bf8149de2f64.tar.xz
main/linux-grsec: upgrade to grsecurity-2.2.2-3.2.4-201202051927
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD10
-rw-r--r--main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.2.2-201201302345.patch)919
2 files changed, 430 insertions, 499 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 3726f6cd39..500e8b4c42 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,9 +2,9 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.2.2
+pkgver=3.2.4
_kernver=3.2
-pkgrel=3
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
- grsecurity-2.2.2-3.2.2-201201302345.patch
+ grsecurity-2.2.2-3.2.4-201202051927.patch
0004-arp-flush-arp-cache-on-device-change.patch
@@ -140,8 +140,8 @@ dev() {
}
md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2
-e9e53fba37c5e2afa4cdecab234120bd patch-3.2.2.bz2
-54c66601d38283f4561acd7cf48f7a0a grsecurity-2.2.2-3.2.2-201201302345.patch
+02adf3e0450969dec6219ca52ff2a68a patch-3.2.4.bz2
+87a8ebc1d936b51263e09f0ba95ca0ad grsecurity-2.2.2-3.2.4-201202051927.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch
62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201302345.patch b/main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch
index 5a35b2ea25..b2dcf41b69 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201302345.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch
@@ -186,7 +186,7 @@ index 81c287f..d456d02 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 2f684da..bf21f8d 100644
+index c8e187e..c445af7 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -12223,19 +12223,18 @@ index 2af127d..8ff7ac0 100644
atomic_set(&mce_callin, 0);
atomic_set(&global_nwo, 0);
diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
-index 5c0e653..51ddf2c 100644
+index 5c0e653..0882b0a 100644
--- a/arch/x86/kernel/cpu/mcheck/p5.c
+++ b/arch/x86/kernel/cpu/mcheck/p5.c
-@@ -11,7 +11,7 @@
- #include <asm/processor.h>
+@@ -12,6 +12,7 @@
#include <asm/system.h>
#include <asm/mce.h>
--#include <asm/msr.h>
+ #include <asm/msr.h>
+#include <asm/pgtable.h>
/* By default disabled */
int mce_p5_enabled __read_mostly;
-@@ -50,7 +50,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
+@@ -50,7 +51,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
if (!cpu_has(c, X86_FEATURE_MCE))
return;
@@ -22963,7 +22962,7 @@ index 7b179b4..6bd1777 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index be1ef57..9680edc 100644
+index be1ef57..55f0160 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
@@ -22975,7 +22974,17 @@ index be1ef57..9680edc 100644
return NULL;
WARN_ON_ONCE(is_ram);
}
-@@ -344,7 +344,7 @@ static int __init early_ioremap_debug_setup(char *str)
+@@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+
+ /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
+ if (page_is_ram(start >> PAGE_SHIFT))
++#ifdef CONFIG_HIGHMEM
++ if ((start >> PAGE_SHIFT) < max_low_pfn)
++#endif
+ return __va(phys);
+
+ addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
+@@ -344,7 +347,7 @@ static int __init early_ioremap_debug_setup(char *str)
early_param("early_ioremap_debug", early_ioremap_debug_setup);
static __initdata int after_paging_init;
@@ -22984,7 +22993,7 @@ index be1ef57..9680edc 100644
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
{
-@@ -381,8 +381,7 @@ void __init early_ioremap_init(void)
+@@ -381,8 +384,7 @@ void __init early_ioremap_init(void)
slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
@@ -23725,7 +23734,7 @@ index 6687022..ceabcfa 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 7b65f75..63097f6 100644
+index 7c1b765..180e3b2 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end)
@@ -23750,7 +23759,7 @@ index 7b65f75..63097f6 100644
/* Before first pass, make a rough estimation of addrs[]
* each bpf instruction is translated to less than 64 bytes
*/
-@@ -585,11 +593,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -592,11 +600,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
if (image) {
if (unlikely(proglen + ilen > oldproglen)) {
pr_err("bpb_jit_compile fatal error\n");
@@ -23766,7 +23775,7 @@ index 7b65f75..63097f6 100644
}
proglen += ilen;
addrs[i] = proglen;
-@@ -609,7 +618,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -617,7 +626,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
break;
}
if (proglen == oldproglen) {
@@ -23775,7 +23784,7 @@ index 7b65f75..63097f6 100644
proglen,
sizeof(struct work_struct)));
if (!image)
-@@ -631,24 +640,27 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -639,24 +648,27 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
fp->bpf_func = (void *)image;
}
out:
@@ -24994,109 +25003,6 @@ index 671d4d6..5f24030 100644
static void cryptd_queue_worker(struct work_struct *work);
-diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
-index 9ed9f60..88f160b 100644
---- a/crypto/sha512_generic.c
-+++ b/crypto/sha512_generic.c
-@@ -21,8 +21,6 @@
- #include <linux/percpu.h>
- #include <asm/byteorder.h>
-
--static DEFINE_PER_CPU(u64[80], msg_schedule);
--
- static inline u64 Ch(u64 x, u64 y, u64 z)
- {
- return z ^ (x & (y ^ z));
-@@ -80,7 +78,7 @@ static inline void LOAD_OP(int I, u64 *W, const u8 *input)
-
- static inline void BLEND_OP(int I, u64 *W)
- {
-- W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
-+ W[I % 16] += s1(W[(I-2) % 16]) + W[(I-7) % 16] + s0(W[(I-15) % 16]);
- }
-
- static void
-@@ -89,38 +87,48 @@ sha512_transform(u64 *state, const u8 *input)
- u64 a, b, c, d, e, f, g, h, t1, t2;
-
- int i;
-- u64 *W = get_cpu_var(msg_schedule);
-+ u64 W[16];
-
- /* load the input */
- for (i = 0; i < 16; i++)
- LOAD_OP(i, W, input);
-
-- for (i = 16; i < 80; i++) {
-- BLEND_OP(i, W);
-- }
--
- /* load the state into our registers */
- a=state[0]; b=state[1]; c=state[2]; d=state[3];
- e=state[4]; f=state[5]; g=state[6]; h=state[7];
-
-- /* now iterate */
-- for (i=0; i<80; i+=8) {
-- t1 = h + e1(e) + Ch(e,f,g) + sha512_K[i ] + W[i ];
-- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
-- t1 = g + e1(d) + Ch(d,e,f) + sha512_K[i+1] + W[i+1];
-- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
-- t1 = f + e1(c) + Ch(c,d,e) + sha512_K[i+2] + W[i+2];
-- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
-- t1 = e + e1(b) + Ch(b,c,d) + sha512_K[i+3] + W[i+3];
-- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
-- t1 = d + e1(a) + Ch(a,b,c) + sha512_K[i+4] + W[i+4];
-- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
-- t1 = c + e1(h) + Ch(h,a,b) + sha512_K[i+5] + W[i+5];
-- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
-- t1 = b + e1(g) + Ch(g,h,a) + sha512_K[i+6] + W[i+6];
-- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
-- t1 = a + e1(f) + Ch(f,g,h) + sha512_K[i+7] + W[i+7];
-- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-+#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \
-+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \
-+ t2 = e0(a) + Maj(a, b, c); \
-+ d += t1; \
-+ h = t1 + t2
-+
-+#define SHA512_16_79(i, a, b, c, d, e, f, g, h) \
-+ BLEND_OP(i, W); \
-+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i)%16]; \
-+ t2 = e0(a) + Maj(a, b, c); \
-+ d += t1; \
-+ h = t1 + t2
-+
-+ for (i = 0; i < 16; i += 8) {
-+ SHA512_0_15(i, a, b, c, d, e, f, g, h);
-+ SHA512_0_15(i + 1, h, a, b, c, d, e, f, g);
-+ SHA512_0_15(i + 2, g, h, a, b, c, d, e, f);
-+ SHA512_0_15(i + 3, f, g, h, a, b, c, d, e);
-+ SHA512_0_15(i + 4, e, f, g, h, a, b, c, d);
-+ SHA512_0_15(i + 5, d, e, f, g, h, a, b, c);
-+ SHA512_0_15(i + 6, c, d, e, f, g, h, a, b);
-+ SHA512_0_15(i + 7, b, c, d, e, f, g, h, a);
-+ }
-+ for (i = 16; i < 80; i += 8) {
-+ SHA512_16_79(i, a, b, c, d, e, f, g, h);
-+ SHA512_16_79(i + 1, h, a, b, c, d, e, f, g);
-+ SHA512_16_79(i + 2, g, h, a, b, c, d, e, f);
-+ SHA512_16_79(i + 3, f, g, h, a, b, c, d, e);
-+ SHA512_16_79(i + 4, e, f, g, h, a, b, c, d);
-+ SHA512_16_79(i + 5, d, e, f, g, h, a, b, c);
-+ SHA512_16_79(i + 6, c, d, e, f, g, h, a, b);
-+ SHA512_16_79(i + 7, b, c, d, e, f, g, h, a);
- }
-
- state[0] += a; state[1] += b; state[2] += c; state[3] += d;
-@@ -128,8 +136,6 @@ sha512_transform(u64 *state, const u8 *input)
-
- /* erase our data */
- a = b = c = d = e = f = g = h = t1 = t2 = 0;
-- memset(W, 0, sizeof(__get_cpu_var(msg_schedule)));
-- put_cpu_var(msg_schedule);
- }
-
- static int
diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c
index 5d41894..22021e4 100644
--- a/drivers/acpi/apei/cper.c
@@ -27943,7 +27849,7 @@ index 40c187c..5746164 100644
DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
-index 4911e1d..484c8a3 100644
+index 828bf65..cdaa0e9 100644
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
@@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev)
@@ -27982,9 +27888,9 @@ index 4911e1d..484c8a3 100644
- dev->open_count);
+ local_read(&dev->open_count));
- /* if the master has gone away we can't do anything with the lock */
- if (file_priv->minor->master)
-@@ -566,8 +566,8 @@ int drm_release(struct inode *inode, struct file *filp)
+ /* Release any auth tokens that might point to this file_priv,
+ (do that under the drm_global_mutex) */
+@@ -571,8 +571,8 @@ int drm_release(struct inode *inode, struct file *filp)
* End inline drm_release
*/
@@ -29164,7 +29070,7 @@ index 66f6729..2d6de0a 100644
mutex_lock(&resource->lock);
resource->trip[attr->index - 7] = temp;
diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c
-index fe4104c..346febb 100644
+index 5357925..6cf0418 100644
--- a/drivers/hwmon/sht15.c
+++ b/drivers/hwmon/sht15.c
@@ -166,7 +166,7 @@ struct sht15_data {
@@ -41419,80 +41325,8 @@ index f3a257d..715ac0f 100644
parent, NULL, NULL);
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
-diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
-index 2a83425..b082cec 100644
---- a/fs/ecryptfs/crypto.c
-+++ b/fs/ecryptfs/crypto.c
-@@ -417,17 +417,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
- (unsigned long long)(extent_base + extent_offset), rc);
- goto out;
- }
-- if (unlikely(ecryptfs_verbosity > 0)) {
-- ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
-- "with iv:\n");
-- ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
-- ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
-- "encryption:\n");
-- ecryptfs_dump_hex((char *)
-- (page_address(page)
-- + (extent_offset * crypt_stat->extent_size)),
-- 8);
-- }
- rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
- page, (extent_offset
- * crypt_stat->extent_size),
-@@ -440,14 +429,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
- goto out;
- }
- rc = 0;
-- if (unlikely(ecryptfs_verbosity > 0)) {
-- ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; "
-- "rc = [%d]\n",
-- (unsigned long long)(extent_base + extent_offset), rc);
-- ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
-- "encryption:\n");
-- ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
-- }
- out:
- return rc;
- }
-@@ -543,17 +524,6 @@ static int ecryptfs_decrypt_extent(struct page *page,
- (unsigned long long)(extent_base + extent_offset), rc);
- goto out;
- }
-- if (unlikely(ecryptfs_verbosity > 0)) {
-- ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
-- "with iv:\n");
-- ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
-- ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
-- "decryption:\n");
-- ecryptfs_dump_hex((char *)
-- (page_address(enc_extent_page)
-- + (extent_offset * crypt_stat->extent_size)),
-- 8);
-- }
- rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
- (extent_offset
- * crypt_stat->extent_size),
-@@ -567,16 +537,6 @@ static int ecryptfs_decrypt_extent(struct page *page,
- goto out;
- }
- rc = 0;
-- if (unlikely(ecryptfs_verbosity > 0)) {
-- ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; "
-- "rc = [%d]\n",
-- (unsigned long long)(extent_base + extent_offset), rc);
-- ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
-- "decryption:\n");
-- ecryptfs_dump_hex((char *)(page_address(page)
-- + (extent_offset
-- * crypt_stat->extent_size)), 8);
-- }
- out:
- return rc;
- }
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
-index 32f90a3..a766407 100644
+index d2039ca..a766407 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
@@ -41522,84 +41356,8 @@ index 32f90a3..a766407 100644
if (!IS_ERR(buf)) {
/* Free the char* */
kfree(buf);
-@@ -841,18 +841,6 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia,
- size_t num_zeros = (PAGE_CACHE_SIZE
- - (ia->ia_size & ~PAGE_CACHE_MASK));
-
--
-- /*
-- * XXX(truncate) this should really happen at the begginning
-- * of ->setattr. But the code is too messy to that as part
-- * of a larger patch. ecryptfs is also totally missing out
-- * on the inode_change_ok check at the beginning of
-- * ->setattr while would include this.
-- */
-- rc = inode_newsize_ok(inode, ia->ia_size);
-- if (rc)
-- goto out;
--
- if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
- truncate_setsize(inode, ia->ia_size);
- lower_ia->ia_size = ia->ia_size;
-@@ -902,6 +890,28 @@ out:
- return rc;
- }
-
-+static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset)
-+{
-+ struct ecryptfs_crypt_stat *crypt_stat;
-+ loff_t lower_oldsize, lower_newsize;
-+
-+ crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
-+ lower_oldsize = upper_size_to_lower_size(crypt_stat,
-+ i_size_read(inode));
-+ lower_newsize = upper_size_to_lower_size(crypt_stat, offset);
-+ if (lower_newsize > lower_oldsize) {
-+ /*
-+ * The eCryptfs inode and the new *lower* size are mixed here
-+ * because we may not have the lower i_mutex held and/or it may
-+ * not be appropriate to call inode_newsize_ok() with inodes
-+ * from other filesystems.
-+ */
-+ return inode_newsize_ok(inode, lower_newsize);
-+ }
-+
-+ return 0;
-+}
-+
- /**
- * ecryptfs_truncate
- * @dentry: The ecryptfs layer dentry
-@@ -918,6 +928,10 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
- struct iattr lower_ia = { .ia_valid = 0 };
- int rc;
-
-+ rc = ecryptfs_inode_newsize_ok(dentry->d_inode, new_length);
-+ if (rc)
-+ return rc;
-+
- rc = truncate_upper(dentry, &ia, &lower_ia);
- if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
- struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
-@@ -997,6 +1011,16 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
- }
- }
- mutex_unlock(&crypt_stat->cs_mutex);
-+
-+ rc = inode_change_ok(inode, ia);
-+ if (rc)
-+ goto out;
-+ if (ia->ia_valid & ATTR_SIZE) {
-+ rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size);
-+ if (rc)
-+ goto out;
-+ }
-+
- if (S_ISREG(inode->i_mode)) {
- rc = filemap_write_and_wait(inode->i_mapping);
- if (rc)
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
-index 940a82e..d3cdeea 100644
+index 0dc5a3d..d3cdeea 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
@@ -328,7 +328,7 @@ check_list:
@@ -41611,82 +41369,8 @@ index 940a82e..d3cdeea 100644
goto out_unlock_msg_ctx;
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
-@@ -409,11 +409,47 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
- ssize_t sz = 0;
- char *data;
- uid_t euid = current_euid();
-+ unsigned char packet_size_peek[3];
- int rc;
-
-- if (count == 0)
-+ if (count == 0) {
- goto out;
-+ } else if (count == (1 + 4)) {
-+ /* Likely a harmless MSG_HELO or MSG_QUIT - no packet length */
-+ goto memdup;
-+ } else if (count < (1 + 4 + 1)
-+ || count > (1 + 4 + 2 + sizeof(struct ecryptfs_message) + 4
-+ + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES)) {
-+ printk(KERN_WARNING "%s: Acceptable packet size range is "
-+ "[%d-%lu], but amount of data written is [%zu].",
-+ __func__, (1 + 4 + 1),
-+ (1 + 4 + 2 + sizeof(struct ecryptfs_message) + 4
-+ + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES), count);
-+ return -EINVAL;
-+ }
-
-+ if (copy_from_user(packet_size_peek, (buf + 1 + 4),
-+ sizeof(packet_size_peek))) {
-+ printk(KERN_WARNING "%s: Error while inspecting packet size\n",
-+ __func__);
-+ return -EFAULT;
-+ }
-+
-+ rc = ecryptfs_parse_packet_length(packet_size_peek, &packet_size,
-+ &packet_size_length);
-+ if (rc) {
-+ printk(KERN_WARNING "%s: Error parsing packet length; "
-+ "rc = [%d]\n", __func__, rc);
-+ return rc;
-+ }
-+
-+ if ((1 + 4 + packet_size_length + packet_size) != count) {
-+ printk(KERN_WARNING "%s: Invalid packet size [%zu]\n", __func__,
-+ packet_size);
-+ return -EINVAL;
-+ }
-+
-+memdup:
- data = memdup_user(buf, count);
- if (IS_ERR(data)) {
- printk(KERN_ERR "%s: memdup_user returned error [%ld]\n",
-@@ -435,23 +471,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf,
- }
- memcpy(&counter_nbo, &data[i], 4);
- seq = be32_to_cpu(counter_nbo);
-- i += 4;
-- rc = ecryptfs_parse_packet_length(&data[i], &packet_size,
-- &packet_size_length);
-- if (rc) {
-- printk(KERN_WARNING "%s: Error parsing packet length; "
-- "rc = [%d]\n", __func__, rc);
-- goto out_free;
-- }
-- i += packet_size_length;
-- if ((1 + 4 + packet_size_length + packet_size) != count) {
-- printk(KERN_WARNING "%s: (1 + packet_size_length([%zd])"
-- " + packet_size([%zd]))([%zd]) != "
-- "count([%zd]). Invalid packet format.\n",
-- __func__, packet_size_length, packet_size,
-- (1 + packet_size_length + packet_size), count);
-- goto out_free;
-- }
-+ i += 4 + packet_size_length;
- rc = ecryptfs_miscdev_response(&data[i], packet_size,
- euid, current_user_ns(),
- task_pid(current), seq);
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
-index 3745f7c..7d040a8 100644
+index 54eb14c..e51b453 100644
--- a/fs/ecryptfs/read_write.c
+++ b/fs/ecryptfs/read_write.c
@@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
@@ -41698,7 +41382,7 @@ index 3745f7c..7d040a8 100644
set_fs(fs_save);
mark_inode_dirty_sync(ecryptfs_inode);
return rc;
-@@ -130,13 +130,18 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset,
+@@ -130,7 +130,12 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset,
pgoff_t ecryptfs_page_idx = (pos >> PAGE_CACHE_SHIFT);
size_t start_offset_in_page = (pos & ~PAGE_CACHE_MASK);
size_t num_bytes = (PAGE_CACHE_SIZE - start_offset_in_page);
@@ -41710,7 +41394,9 @@ index 3745f7c..7d040a8 100644
+ break;
+ }
- if (num_bytes > total_remaining_bytes)
+ if (fatal_signal_pending(current)) {
+ rc = -EINTR;
+@@ -141,7 +146,7 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset,
num_bytes = total_remaining_bytes;
if (pos < offset) {
/* remaining zeros to write, up to destination offset */
@@ -41719,32 +41405,7 @@ index 3745f7c..7d040a8 100644
if (num_bytes > total_remaining_zeros)
num_bytes = total_remaining_zeros;
-@@ -193,15 +198,19 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset,
- }
- pos += num_bytes;
- }
-- if ((offset + size) > ecryptfs_file_size) {
-- i_size_write(ecryptfs_inode, (offset + size));
-+ if (pos > ecryptfs_file_size) {
-+ i_size_write(ecryptfs_inode, pos);
- if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
-- rc = ecryptfs_write_inode_size_to_metadata(
-+ int rc2;
-+
-+ rc2 = ecryptfs_write_inode_size_to_metadata(
- ecryptfs_inode);
-- if (rc) {
-+ if (rc2) {
- printk(KERN_ERR "Problem with "
- "ecryptfs_write_inode_size_to_metadata; "
-- "rc = [%d]\n", rc);
-+ "rc = [%d]\n", rc2);
-+ if (!rc)
-+ rc = rc2;
- goto out;
- }
- }
-@@ -235,7 +244,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
+@@ -244,7 +249,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
return -EIO;
fs_save = get_fs();
set_fs(get_ds());
@@ -45601,7 +45262,7 @@ index 3a1dafd..d41fc37 100644
+}
+#endif
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 1fc1dca..813fd0b 100644
+index 1fc1dca..357b933 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -107,6 +107,22 @@ struct pid_entry {
@@ -45627,24 +45288,34 @@ index 1fc1dca..813fd0b 100644
#define NOD(NAME, MODE, IOP, FOP, OP) { \
.name = (NAME), \
.len = sizeof(NAME) - 1, \
-@@ -204,10 +220,12 @@ static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
- return ERR_PTR(err);
+@@ -194,26 +210,6 @@ static int proc_root_link(struct inode *inode, struct path *path)
+ return result;
+ }
- mm = get_task_mm(task);
+-static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+-{
+- struct mm_struct *mm;
+- int err;
+-
+- err = mutex_lock_killable(&task->signal->cred_guard_mutex);
+- if (err)
+- return ERR_PTR(err);
+-
+- mm = get_task_mm(task);
- if (mm && mm != current->mm &&
- !ptrace_may_access(task, mode)) {
- mmput(mm);
- mm = ERR_PTR(-EACCES);
-+ if (mm) {
-+ if ((mm != current->mm && !ptrace_may_access(task, mode)) ||
-+ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task)))) {
-+ mmput(mm);
-+ mm = ERR_PTR(-EACCES);
-+ }
- }
- mutex_unlock(&task->signal->cred_guard_mutex);
-
-@@ -229,6 +247,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
+- }
+- mutex_unlock(&task->signal->cred_guard_mutex);
+-
+- return mm;
+-}
+-
+ struct mm_struct *mm_for_maps(struct task_struct *task)
+ {
+ return mm_access(task, PTRACE_MODE_READ);
+@@ -229,6 +225,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
if (!mm->arg_end)
goto out_mm; /* Shh! No looking before we're done */
@@ -45654,7 +45325,7 @@ index 1fc1dca..813fd0b 100644
len = mm->arg_end - mm->arg_start;
if (len > PAGE_SIZE)
-@@ -256,12 +277,28 @@ out:
+@@ -256,12 +255,28 @@ out:
return res;
}
@@ -45683,7 +45354,7 @@ index 1fc1dca..813fd0b 100644
do {
nwords += 2;
} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
-@@ -275,7 +312,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
+@@ -275,7 +290,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
}
@@ -45692,7 +45363,7 @@ index 1fc1dca..813fd0b 100644
/*
* Provides a wchan file via kallsyms in a proper one-value-per-file format.
* Returns the resolved symbol. If that fails, simply return the address.
-@@ -314,7 +351,7 @@ static void unlock_trace(struct task_struct *task)
+@@ -314,7 +329,7 @@ static void unlock_trace(struct task_struct *task)
mutex_unlock(&task->signal->cred_guard_mutex);
}
@@ -45701,7 +45372,7 @@ index 1fc1dca..813fd0b 100644
#define MAX_STACK_TRACE_DEPTH 64
-@@ -505,7 +542,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
+@@ -505,7 +520,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
return count;
}
@@ -45710,7 +45381,7 @@ index 1fc1dca..813fd0b 100644
static int proc_pid_syscall(struct task_struct *task, char *buffer)
{
long nr;
-@@ -534,7 +571,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
+@@ -534,7 +549,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
/************************************************************************/
/* permission checks */
@@ -45719,7 +45390,7 @@ index 1fc1dca..813fd0b 100644
{
struct task_struct *task;
int allowed = 0;
-@@ -544,7 +581,10 @@ static int proc_fd_access_allowed(struct inode *inode)
+@@ -544,7 +559,10 @@ static int proc_fd_access_allowed(struct inode *inode)
*/
task = get_proc_task(inode);
if (task) {
@@ -45731,26 +45402,164 @@ index 1fc1dca..813fd0b 100644
put_task_struct(task);
}
return allowed;
-@@ -826,6 +866,10 @@ static ssize_t mem_read(struct file * file, char __user * buf,
- return ret;
- }
+@@ -775,6 +793,13 @@ static int mem_open(struct inode* inode, struct file* file)
+ if (IS_ERR(mm))
+ return PTR_ERR(mm);
-+#define mem_write NULL
++ if (mm) {
++ /* ensure this mm_struct can't be freed */
++ atomic_inc(&mm->mm_count);
++ /* but do not pin its memory */
++ mmput(mm);
++ }
+
-+#ifndef mem_write
-+/* They were right the first time */
- static ssize_t mem_write(struct file * file, const char __user *buf,
- size_t count, loff_t *ppos)
+ /* OK to pass negative loff_t, we can catch out-of-range */
+ file->f_mode |= FMODE_UNSIGNED_OFFSET;
+ file->private_data = mm;
+@@ -782,57 +807,18 @@ static int mem_open(struct inode* inode, struct file* file)
+ return 0;
+ }
+
+-static ssize_t mem_read(struct file * file, char __user * buf,
+- size_t count, loff_t *ppos)
++static ssize_t mem_rw(struct file *file, char __user *buf,
++ size_t count, loff_t *ppos, int write)
{
-@@ -866,6 +910,7 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
+- int ret;
+- char *page;
+- unsigned long src = *ppos;
+ struct mm_struct *mm = file->private_data;
+-
+- if (!mm)
+- return 0;
+-
+- page = (char *)__get_free_page(GFP_TEMPORARY);
+- if (!page)
+- return -ENOMEM;
+-
+- ret = 0;
+-
+- while (count > 0) {
+- int this_len, retval;
+-
+- this_len = (count > PAGE_SIZE) ? PAGE_SIZE : count;
+- retval = access_remote_vm(mm, src, page, this_len, 0);
+- if (!retval) {
+- if (!ret)
+- ret = -EIO;
+- break;
+- }
+-
+- if (copy_to_user(buf, page, retval)) {
+- ret = -EFAULT;
+- break;
+- }
+-
+- ret += retval;
+- src += retval;
+- buf += retval;
+- count -= retval;
+- }
+- *ppos = src;
+-
+- free_page((unsigned long) page);
+- return ret;
+-}
+-
+-static ssize_t mem_write(struct file * file, const char __user *buf,
+- size_t count, loff_t *ppos)
+-{
+- int copied;
++ unsigned long addr = *ppos;
++ ssize_t copied;
+ char *page;
+- unsigned long dst = *ppos;
+- struct mm_struct *mm = file->private_data;
++
++#ifdef CONFIG_GRKERNSEC
++ if (write)
++ return -EPERM;
++#endif
+
+ if (!mm)
+ return 0;
+@@ -842,31 +828,54 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
+ return -ENOMEM;
+
+ copied = 0;
++ if (!atomic_inc_not_zero(&mm->mm_users))
++ goto free;
++
+ while (count > 0) {
+- int this_len, retval;
++ int this_len = min_t(int, count, PAGE_SIZE);
+
+- this_len = (count > PAGE_SIZE) ? PAGE_SIZE : count;
+- if (copy_from_user(page, buf, this_len)) {
++ if (write && copy_from_user(page, buf, this_len)) {
+ copied = -EFAULT;
+ break;
+ }
+- retval = access_remote_vm(mm, dst, page, this_len, 1);
+- if (!retval) {
++
++ this_len = access_remote_vm(mm, addr, page, this_len, write);
++ if (!this_len) {
+ if (!copied)
+ copied = -EIO;
+ break;
+ }
+- copied += retval;
+- buf += retval;
+- dst += retval;
+- count -= retval;
++
++ if (!write && copy_to_user(buf, page, this_len)) {
++ copied = -EFAULT;
++ break;
++ }
++
++ buf += this_len;
++ addr += this_len;
++ copied += this_len;
++ count -= this_len;
+ }
+- *ppos = dst;
++ *ppos = addr;
+
++ mmput(mm);
++free:
free_page((unsigned long) page);
return copied;
}
-+#endif
++static ssize_t mem_read(struct file *file, char __user *buf,
++ size_t count, loff_t *ppos)
++{
++ return mem_rw(file, buf, count, ppos, 0);
++}
++
++static ssize_t mem_write(struct file *file, const char __user *buf,
++ size_t count, loff_t *ppos)
++{
++ return mem_rw(file, (char __user*)buf, count, ppos, 1);
++}
++
loff_t mem_lseek(struct file *file, loff_t offset, int orig)
{
-@@ -911,6 +956,9 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+ switch (orig) {
+@@ -886,8 +895,8 @@ loff_t mem_lseek(struct file *file, loff_t offset, int orig)
+ static int mem_release(struct inode *inode, struct file *file)
+ {
+ struct mm_struct *mm = file->private_data;
+-
+- mmput(mm);
++ if (mm)
++ mmdrop(mm);
+ return 0;
+ }
+
+@@ -911,6 +920,9 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!task)
goto out_no_task;
@@ -45760,7 +45569,7 @@ index 1fc1dca..813fd0b 100644
ret = -ENOMEM;
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
-@@ -1533,7 +1581,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1533,7 +1545,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
path_put(&nd->path);
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -45769,7 +45578,7 @@ index 1fc1dca..813fd0b 100644
goto out;
error = PROC_I(inode)->op.proc_get_link(inode, &nd->path);
-@@ -1572,8 +1620,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1572,8 +1584,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -45790,7 +45599,7 @@ index 1fc1dca..813fd0b 100644
error = PROC_I(inode)->op.proc_get_link(inode, &path);
if (error)
-@@ -1638,7 +1696,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1638,7 +1660,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
@@ -45802,7 +45611,7 @@ index 1fc1dca..813fd0b 100644
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1656,6 +1718,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1656,6 +1682,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
struct inode *inode = dentry->d_inode;
struct task_struct *task;
const struct cred *cred;
@@ -45812,7 +45621,7 @@ index 1fc1dca..813fd0b 100644
generic_fillattr(inode, stat);
-@@ -1663,13 +1728,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1663,13 +1692,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
stat->uid = 0;
stat->gid = 0;
task = pid_task(proc_pid(inode), PIDTYPE_PID);
@@ -45855,7 +45664,7 @@ index 1fc1dca..813fd0b 100644
}
rcu_read_unlock();
return 0;
-@@ -1706,11 +1799,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
+@@ -1706,11 +1763,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -45876,7 +45685,7 @@ index 1fc1dca..813fd0b 100644
rcu_read_unlock();
} else {
inode->i_uid = 0;
-@@ -1828,7 +1930,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info)
+@@ -1828,7 +1894,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info)
int fd = proc_fd(inode);
if (task) {
@@ -45886,7 +45695,7 @@ index 1fc1dca..813fd0b 100644
put_task_struct(task);
}
if (files) {
-@@ -2096,11 +2199,21 @@ static const struct file_operations proc_fd_operations = {
+@@ -2096,11 +2163,21 @@ static const struct file_operations proc_fd_operations = {
*/
static int proc_fd_permission(struct inode *inode, int mask)
{
@@ -45910,7 +45719,7 @@ index 1fc1dca..813fd0b 100644
return rv;
}
-@@ -2210,6 +2323,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2210,6 +2287,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
@@ -45920,7 +45729,7 @@ index 1fc1dca..813fd0b 100644
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2254,6 +2370,9 @@ static int proc_pident_readdir(struct file *filp,
+@@ -2254,6 +2334,9 @@ static int proc_pident_readdir(struct file *filp,
if (!task)
goto out_no_task;
@@ -45930,7 +45739,7 @@ index 1fc1dca..813fd0b 100644
ret = 0;
i = filp->f_pos;
switch (i) {
-@@ -2524,7 +2643,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -2524,7 +2607,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd,
void *cookie)
{
@@ -45939,7 +45748,7 @@ index 1fc1dca..813fd0b 100644
if (!IS_ERR(s))
__putname(s);
}
-@@ -2722,7 +2841,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2722,7 +2805,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -45948,7 +45757,7 @@ index 1fc1dca..813fd0b 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2747,10 +2866,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2747,10 +2830,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -45961,7 +45770,7 @@ index 1fc1dca..813fd0b 100644
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2784,6 +2903,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2784,6 +2867,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
@@ -45971,7 +45780,7 @@ index 1fc1dca..813fd0b 100644
};
static int proc_tgid_base_readdir(struct file * filp,
-@@ -2909,7 +3031,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
+@@ -2909,7 +2995,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
@@ -45986,7 +45795,7 @@ index 1fc1dca..813fd0b 100644
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2951,7 +3080,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct
+@@ -2951,7 +3044,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct
if (!task)
goto out;
@@ -45998,7 +45807,7 @@ index 1fc1dca..813fd0b 100644
put_task_struct(task);
out:
return result;
-@@ -3016,6 +3149,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
+@@ -3016,6 +3113,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
{
unsigned int nr;
struct task_struct *reaper;
@@ -46010,7 +45819,7 @@ index 1fc1dca..813fd0b 100644
struct tgid_iter iter;
struct pid_namespace *ns;
-@@ -3039,8 +3177,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
+@@ -3039,8 +3141,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
for (iter = next_tgid(ns, iter);
iter.task;
iter.tgid += 1, iter = next_tgid(ns, iter)) {
@@ -46039,7 +45848,7 @@ index 1fc1dca..813fd0b 100644
put_task_struct(iter.task);
goto out;
}
-@@ -3068,7 +3225,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3068,7 +3189,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -46048,7 +45857,7 @@ index 1fc1dca..813fd0b 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -3092,10 +3249,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3092,10 +3213,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -46934,7 +46743,7 @@ index 7fdf6a7..e6cd8ad 100644
sd = sysfs_new_dirent(name, mode, SYSFS_DIR);
if (!sd)
diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
-index d4e6080b..0e58b99 100644
+index 779789a..f58193c 100644
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock);
@@ -47174,20 +46983,6 @@ index 23ce927..e274cc1 100644
if (!IS_ERR(s))
kfree(s);
-diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
-index ce9268a..ee98d0b 100644
---- a/fs/xfs/xfs_vnodeops.c
-+++ b/fs/xfs/xfs_vnodeops.c
-@@ -131,7 +131,8 @@ xfs_readlink(
- __func__, (unsigned long long) ip->i_ino,
- (long long) pathlen);
- ASSERT(0);
-- return XFS_ERROR(EFSCORRUPTED);
-+ error = XFS_ERROR(EFSCORRUPTED);
-+ goto out;
- }
-
-
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
index 0000000..dfd3d34
@@ -56975,7 +56770,7 @@ index 0000000..0dc13c3
+EXPORT_SYMBOL(gr_log_timechange);
diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
new file mode 100644
-index 0000000..a35ba33
+index 0000000..07e0dc0
--- /dev/null
+++ b/grsecurity/grsec_tpe.c
@@ -0,0 +1,73 @@
@@ -57026,7 +56821,7 @@ index 0000000..a35ba33
+ msg2 = "file in group-writable directory";
+
+ if (msg && msg2) {
-+ char fullmsg[64] = {0};
++ char fullmsg[70] = {0};
+ snprintf(fullmsg, sizeof(fullmsg)-1, "%s and %s", msg, msg2);
+ gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, fullmsg, file->f_path.dentry, file->f_path.mnt);
+ return 0;
@@ -57650,7 +57445,7 @@ index b5e2e4c..6a5373e 100644
/**
* PERCPU_SECTION - define output section for percpu area, simple version
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
-index 1f9e951..14ef517 100644
+index bf4b2dc..2d0762f 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -72,6 +72,7 @@
@@ -59075,7 +58870,7 @@ index 0000000..da390f1
+#endif
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
new file mode 100644
-index 0000000..b3347e2
+index 0000000..7f62b30
--- /dev/null
+++ b/include/linux/grmsg.h
@@ -0,0 +1,109 @@
@@ -59113,7 +58908,7 @@ index 0000000..b3347e2
+#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
+#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
+#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
-+#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.64s) of %.950s by "
++#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by "
+#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
+#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
+#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
@@ -59190,10 +58985,10 @@ index 0000000..b3347e2
+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..eb4885f
+index 0000000..cb9f1c1
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,233 @@
+@@ -0,0 +1,227 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -59208,12 +59003,6 @@ index 0000000..eb4885f
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
-+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
-+#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
-+#endif
-+#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
-+#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
-+#endif
+#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
+#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
+#endif
@@ -60496,7 +60285,7 @@ index 2148b12..519b820 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 1c4f3e9..c5b241a 100644
+index 1c4f3e9..f29cbeb 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -101,6 +101,7 @@ struct bio_list;
@@ -60700,7 +60489,20 @@ index 1c4f3e9..c5b241a 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2251,7 +2343,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2235,6 +2327,12 @@ static inline void mmdrop(struct mm_struct * mm)
+ extern void mmput(struct mm_struct *);
+ /* Grab a reference to a task's mm, if it is not already going away */
+ extern struct mm_struct *get_task_mm(struct task_struct *task);
++/*
++ * Grab a reference to a task's mm, if it is not already going away
++ * and ptrace_may_access with the mode parameter passed to it
++ * succeeds.
++ */
++extern struct mm_struct *mm_access(struct task_struct *task, unsigned int mode);
+ /* Remove the current tasks stale references to the old mm_struct */
+ extern void mm_release(struct task_struct *, struct mm_struct *);
+ /* Allocate a new mm structure and copy contents from tsk->mm */
+@@ -2251,7 +2349,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -60709,7 +60511,7 @@ index 1c4f3e9..c5b241a 100644
extern void daemonize(const char *, ...);
extern int allow_signal(int);
-@@ -2416,13 +2508,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2416,13 +2514,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -61087,6 +60889,44 @@ index 703cfa3..0b8ca72ac 100644
extern int proc_dointvec(struct ctl_table *, int,
void __user *, size_t *, loff_t *);
extern int proc_dointvec_minmax(struct ctl_table *, int,
+diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h
+index a71a292..51bd91d 100644
+--- a/include/linux/tracehook.h
++++ b/include/linux/tracehook.h
+@@ -54,12 +54,12 @@ struct linux_binprm;
+ /*
+ * ptrace report for syscall entry and exit looks identical.
+ */
+-static inline void ptrace_report_syscall(struct pt_regs *regs)
++static inline int ptrace_report_syscall(struct pt_regs *regs)
+ {
+ int ptrace = current->ptrace;
+
+ if (!(ptrace & PT_PTRACED))
+- return;
++ return 0;
+
+ ptrace_notify(SIGTRAP | ((ptrace & PT_TRACESYSGOOD) ? 0x80 : 0));
+
+@@ -72,6 +72,8 @@ static inline void ptrace_report_syscall(struct pt_regs *regs)
+ send_sig(current->exit_code, current, 1);
+ current->exit_code = 0;
+ }
++
++ return fatal_signal_pending(current);
+ }
+
+ /**
+@@ -96,8 +98,7 @@ static inline void ptrace_report_syscall(struct pt_regs *regs)
+ static inline __must_check int tracehook_report_syscall_entry(
+ struct pt_regs *regs)
+ {
+- ptrace_report_syscall(regs);
+- return 0;
++ return ptrace_report_syscall(regs);
+ }
+
+ /**
diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h
index ff7dc08..893e1bd 100644
--- a/include/linux/tty_ldisc.h
@@ -63380,7 +63220,7 @@ index e6e01b9..619f837 100644
if (group_dead)
diff --git a/kernel/fork.c b/kernel/fork.c
-index da4a6a1..c04943c 100644
+index da4a6a1..0973380 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -280,7 +280,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
@@ -63597,7 +63437,34 @@ index da4a6a1..c04943c 100644
}
static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -829,13 +866,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
+@@ -644,6 +681,26 @@ struct mm_struct *get_task_mm(struct task_struct *task)
+ }
+ EXPORT_SYMBOL_GPL(get_task_mm);
+
++struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
++{
++ struct mm_struct *mm;
++ int err;
++
++ err = mutex_lock_killable(&task->signal->cred_guard_mutex);
++ if (err)
++ return ERR_PTR(err);
++
++ mm = get_task_mm(task);
++ if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) ||
++ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
++ mmput(mm);
++ mm = ERR_PTR(-EACCES);
++ }
++ mutex_unlock(&task->signal->cred_guard_mutex);
++
++ return mm;
++}
++
+ /* Please note the differences between mmput and mm_release.
+ * mmput is called whenever we stop holding onto a mm_struct,
+ * error success whatever.
+@@ -829,13 +886,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
spin_unlock(&fs->lock);
return -EAGAIN;
}
@@ -63613,7 +63480,7 @@ index da4a6a1..c04943c 100644
return 0;
}
-@@ -1097,6 +1135,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1097,6 +1155,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
@@ -63623,7 +63490,7 @@ index da4a6a1..c04943c 100644
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-@@ -1256,6 +1297,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1256,6 +1317,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
if (clone_flags & CLONE_THREAD)
p->tgid = current->tgid;
@@ -63632,7 +63499,7 @@ index da4a6a1..c04943c 100644
p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
/*
* Clear TID on mm_release()?
-@@ -1418,6 +1461,8 @@ bad_fork_cleanup_count:
+@@ -1418,6 +1481,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -63641,7 +63508,7 @@ index da4a6a1..c04943c 100644
return ERR_PTR(retval);
}
-@@ -1518,6 +1563,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1518,6 +1583,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -63650,7 +63517,7 @@ index da4a6a1..c04943c 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1627,7 +1674,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1627,7 +1694,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -63659,7 +63526,7 @@ index da4a6a1..c04943c 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1716,7 +1763,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1716,7 +1783,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -66288,7 +66155,7 @@ index 2c71d91..1021f81 100644
struct tasklet_struct *list;
diff --git a/kernel/sys.c b/kernel/sys.c
-index 481611f..0754d86 100644
+index 481611f..4665125 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -66357,7 +66224,29 @@ index 481611f..0754d86 100644
if (nsown_capable(CAP_SETUID)) {
new->suid = new->uid = uid;
if (uid != old->uid) {
-@@ -786,6 +808,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
+@@ -775,9 +797,18 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
+
+ retval = -EPERM;
+ if (!nsown_capable(CAP_SETUID)) {
+- if (ruid != (uid_t) -1 && ruid != old->uid &&
+- ruid != old->euid && ruid != old->suid)
+- goto error;
++ // if RBAC is enabled, require CAP_SETUID to change
++ // uid to euid (from a suid binary, for instance)
++ // this is a hardening of normal permissions, not
++ // weakening
++ if (gr_acl_is_enabled()) {
++ if (ruid != (uid_t) -1 && ruid != old->uid)
++ goto error;
++ } else {
++ if (ruid != (uid_t) -1 && ruid != old->uid &&
++ ruid != old->euid && ruid != old->suid)
++ goto error;
++ }
+ if (euid != (uid_t) -1 && euid != old->uid &&
+ euid != old->euid && euid != old->suid)
+ goto error;
+@@ -786,6 +817,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
goto error;
}
@@ -66367,7 +66256,29 @@ index 481611f..0754d86 100644
if (ruid != (uid_t) -1) {
new->uid = ruid;
if (ruid != old->uid) {
-@@ -850,6 +875,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
+@@ -839,9 +873,18 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
+
+ retval = -EPERM;
+ if (!nsown_capable(CAP_SETGID)) {
+- if (rgid != (gid_t) -1 && rgid != old->gid &&
+- rgid != old->egid && rgid != old->sgid)
+- goto error;
++ // if RBAC is enabled, require CAP_SETGID to change
++ // gid to egid (from a sgid binary, for instance)
++ // this is a hardening of normal permissions, not
++ // weakening
++ if (gr_acl_is_enabled()) {
++ if (rgid != (gid_t) -1 && rgid != old->gid)
++ goto error;
++ } else {
++ if (rgid != (gid_t) -1 && rgid != old->gid &&
++ rgid != old->egid && rgid != old->sgid)
++ goto error;
++ }
+ if (egid != (gid_t) -1 && egid != old->gid &&
+ egid != old->egid && egid != old->sgid)
+ goto error;
+@@ -850,6 +893,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
goto error;
}
@@ -66377,7 +66288,7 @@ index 481611f..0754d86 100644
if (rgid != (gid_t) -1)
new->gid = rgid;
if (egid != (gid_t) -1)
-@@ -896,6 +924,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -896,6 +942,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
old = current_cred();
old_fsuid = old->fsuid;
@@ -66387,7 +66298,7 @@ index 481611f..0754d86 100644
if (uid == old->uid || uid == old->euid ||
uid == old->suid || uid == old->fsuid ||
nsown_capable(CAP_SETUID)) {
-@@ -906,6 +937,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -906,6 +955,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
}
}
@@ -66395,7 +66306,7 @@ index 481611f..0754d86 100644
abort_creds(new);
return old_fsuid;
-@@ -932,12 +964,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
+@@ -932,12 +982,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
if (gid == old->gid || gid == old->egid ||
gid == old->sgid || gid == old->fsgid ||
nsown_capable(CAP_SETGID)) {
@@ -66412,7 +66323,7 @@ index 481611f..0754d86 100644
abort_creds(new);
return old_fsgid;
-@@ -1189,7 +1225,10 @@ static int override_release(char __user *release, int len)
+@@ -1189,7 +1243,10 @@ static int override_release(char __user *release, int len)
}
v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
snprintf(buf, len, "2.6.%u%s", v, rest);
@@ -66424,7 +66335,7 @@ index 481611f..0754d86 100644
}
return ret;
}
-@@ -1243,19 +1282,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
+@@ -1243,19 +1300,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
return -EFAULT;
down_read(&uts_sem);
@@ -66449,7 +66360,7 @@ index 481611f..0754d86 100644
__OLD_UTS_LEN);
error |= __put_user(0, name->machine + __OLD_UTS_LEN);
up_read(&uts_sem);
-@@ -1720,7 +1759,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
+@@ -1720,7 +1777,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
error = get_dumpable(me->mm);
break;
case PR_SET_DUMPABLE:
@@ -70421,7 +70332,7 @@ index 716eb4a..8d10419 100644
static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
-index e920aa3..78fe584 100644
+index e920aa3..137702a 100644
--- a/mm/process_vm_access.c
+++ b/mm/process_vm_access.c
@@ -13,6 +13,7 @@
@@ -70459,21 +70370,40 @@ index e920aa3..78fe584 100644
}
if (nr_pages == 0)
-@@ -298,8 +299,13 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
+@@ -298,23 +299,23 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
goto free_proc_pages;
}
-+ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
-+ rc = -EPERM;
-+ goto put_task_struct;
-+ }
-+
- task_lock(task);
+- task_lock(task);
- if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) {
-+ if (ptrace_may_access_nolock(task, PTRACE_MODE_ATTACH)) {
- task_unlock(task);
+- task_unlock(task);
++ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
rc = -EPERM;
goto put_task_struct;
+ }
+- mm = task->mm;
+
+- if (!mm || (task->flags & PF_KTHREAD)) {
+- task_unlock(task);
+- rc = -EINVAL;
++ mm = mm_access(task, PTRACE_MODE_ATTACH);
++ if (!mm || IS_ERR(mm)) {
++ rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
++ /*
++ * Explicitly map EACCES to EPERM as EPERM is a more a
++ * appropriate error code for process_vw_readv/writev
++ */
++ if (rc == -EACCES)
++ rc = -EPERM;
+ goto put_task_struct;
+ }
+
+- atomic_inc(&mm->mm_users);
+- task_unlock(task);
+-
+ for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) {
+ rc = process_vm_rw_single_vec(
+ (unsigned long)rvec[i].iov_base, rvec[i].iov_len,
diff --git a/mm/rmap.c b/mm/rmap.c
index a4fd368..e0ffec7 100644
--- a/mm/rmap.c
@@ -73055,7 +72985,7 @@ index 94cdbc5..0cb0063 100644
ts = peer->tcp_ts;
tsage = get_seconds() - peer->tcp_ts_stamp;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index a9db4b1..3c03301 100644
+index c89e354..8bd55c8 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
@@ -73338,7 +73268,7 @@ index 5a65eea..bd913a1 100644
int udp4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 36806de..b86f74c 100644
+index 836c4ea..cbb74dc 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2149,7 +2149,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
@@ -73386,7 +73316,7 @@ index 26cb08c..8af9877 100644
msg.msg_flags = flags;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
-index 331af3b..7789844 100644
+index 361ebf3..d5628fb 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -73476,7 +73406,7 @@ index 331af3b..7789844 100644
static int raw6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 2dea4bb..dca8ac5 100644
+index b859e4a..f9d1589 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
@@ -74343,7 +74273,7 @@ index d9d4970..d5a6a68 100644
return 0;
}
diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
-index bf10ea8..aeb4c3e 100644
+index d65f699..05aa6ce 100644
--- a/net/phonet/af_phonet.c
+++ b/net/phonet/af_phonet.c
@@ -41,7 +41,7 @@ static struct phonet_protocol *phonet_proto_get(unsigned int protocol)
@@ -74396,7 +74326,7 @@ index 2ba6e9f..409573f 100644
break;
}
diff --git a/net/phonet/socket.c b/net/phonet/socket.c
-index 3f8d0b1..74635e0 100644
+index 4c7eff3..59c727f 100644
--- a/net/phonet/socket.c
+++ b/net/phonet/socket.c
@@ -613,8 +613,13 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v)
@@ -74856,7 +74786,7 @@ index 54a7cd2..944edae 100644
to += addrlen;
cnt++;
diff --git a/net/socket.c b/net/socket.c
-index 2877647..08e2fde 100644
+index 2dce67a..1e91168 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -75421,7 +75351,7 @@ index 1983717..4d6102c 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index b595a3d..b1cd354 100644
+index d99678a..3514a21 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -75912,10 +75842,10 @@ index 5c11312..72742b5 100644
write_hex_cnt = 0;
for (i = 0; i < logo_clutsize; i++) {
diff --git a/security/Kconfig b/security/Kconfig
-index 51bd5a0..8465ae6 100644
+index 51bd5a0..eeabc9f 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,626 @@
+@@ -4,6 +4,627 @@
menu "Security options"
@@ -76425,6 +76355,7 @@ index 51bd5a0..8465ae6 100644
+
+config PAX_MEMORY_SANITIZE
+ bool "Sanitize all freed memory"
++ depends on !HIBERNATION
+ help
+ By saying Y here the kernel will erase memory pages as soon as they
+ are freed. This in turn reduces the lifetime of data stored in the
@@ -76542,7 +76473,7 @@ index 51bd5a0..8465ae6 100644
config KEYS
bool "Enable access key retention support"
help
-@@ -169,7 +789,7 @@ config INTEL_TXT
+@@ -169,7 +790,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX