main/linux-virtgrsec: upgrade to 3.18.7

author: Timo Teräs <timo.teras@iki.fi> 2015-02-23 08:21:43 +0000
committer: Timo Teräs <timo.teras@iki.fi> 2015-02-23 08:21:43 +0000
commit: 48c5c10b176753ab2654bbe22ad017c6b18af450 (patch)
tree: e4fa0893d46e91e817c0ae992139f49c9f2e0070 /main
parent: 7bc5e97911bdbfc3180312591c76ec63c94b08b8 (diff)
download: aports-48c5c10b176753ab2654bbe22ad017c6b18af450.tar.bz2
aports-48c5c10b176753ab2654bbe22ad017c6b18af450.tar.xz
2 files changed, 331 insertions, 222 deletions
diff --git a/main/linux-virtgrsec/APKBUILD b/main/linux-virtgrsec/APKBUILD
index e8a890215a..b44d672d4c 100644
--- a/main/linux-virtgrsec/APKBUILD
+++ b/main/linux-virtgrsec/APKBUILD
@@ -3,7 +3,7 @@
 
 _flavor=virtgrsec
 pkgname=linux-${_flavor}
-pkgver=3.18.6
+pkgver=3.18.7
 case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
@@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-	grsecurity-3.0-3.18.6-201502062100.patch
+	grsecurity-3.1-3.18.7-201502222138.patch
 	fix-memory-map-for-PIE-applications.patch
 	imx6q-no-unclocked-sleep.patch
 
@@ -146,22 +146,22 @@ dev() {
 }
 
 md5sums="9e854df51ca3fef8bfe566dbd7b89241  linux-3.18.tar.xz
-30aa769974e64fd17a01724d1577a913  patch-3.18.6.xz
-1bb44c0a509107101392b4d5e1c1bd10  grsecurity-3.0-3.18.6-201502062100.patch
+9db3178b87ddf7c05e6191bf57645610  patch-3.18.7.xz
+7e76bc2553a45e1d97d37c33dcf3411b  grsecurity-3.1-3.18.7-201502222138.patch
 c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
 1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
 4938a7329976fd579206cb814ee75ef6  kernelconfig.x86
 54daab617c2eab14d08afed2c8321620  kernelconfig.x86_64"
 sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd  linux-3.18.tar.xz
-84046931be1a0024eb7d2817480efe62e6b5e651257f4ed4114ddcbce92a23bb  patch-3.18.6.xz
-060c24087ed82d984ba8a956c5719857f9fcf425f99858e110a34135313e9e85  grsecurity-3.0-3.18.6-201502062100.patch
+2267eee27227c85c6c7aee1ed6a14e1d7f11d70c3048c96bcb1e848fc5ab31ca  patch-3.18.7.xz
+2bfe1b3e6b3eeb10eeca68735e796f98e4856a2014feb2447510239dfce4d636  grsecurity-3.1-3.18.7-201502222138.patch
 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
 baa8e42965fb7e4ab66f99eca6d5959c13919cdc67d31d949da4831b9a4addfa  kernelconfig.x86
 9bfda1dcffa2401e515d57991f105632bd20d316acc4807388f3a04e4879688e  kernelconfig.x86_64"
 sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009  linux-3.18.tar.xz
-e8755c0a88192a658a2c55b325caa4242978db546b505db6d0feb4c3dc41d3ccafe814b230513867ed915e58bf63faa31544b196066e6222f133d75c48fc8bc1  patch-3.18.6.xz
-c2377f4ec78b168d8bffab089dee1e5e60b9a453766a9bce9900bb42435bb705d8f94573c1f3f5e53d523fd10cd29a523410161ca27583566603371bbb4140ba  grsecurity-3.0-3.18.6-201502062100.patch
+a63f56818a3d16f7e39b9967ed751fd6f49837668d533e32ae5bbad7f834e0f3641d9829c27acaf7e65b10581dd1e7d15a05127550627edcd7f9ec7fb5780600  patch-3.18.7.xz
+06cf7a7a77eb7f3601d96fefad98ae993680612cc945d53c2c70ae523af5fe30585818a6246309c65b47ec90a825a45e20b6e78413c725c7bac072add3f92ddf  grsecurity-3.1-3.18.7-201502222138.patch
 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
 b0f57415a3b29a6e8d414fd2701cabd789d33e1a8ce9278d8e6653acbcf8fe199bf75c3bfb61330f1c1c50d2480d24b74615b65f4bc1300bfcf0a517fa05989f  kernelconfig.x86
diff --git a/main/linux-virtgrsec/grsecurity-3.0-3.18.6-201502062100.patch b/main/linux-virtgrsec/grsecurity-3.1-3.18.7-201502222138.patch
index 7f1798fea0..1db1bc35e1 100644
--- a/main/linux-virtgrsec/grsecurity-3.0-3.18.6-201502062100.patch
+++ b/main/linux-virtgrsec/grsecurity-3.1-3.18.7-201502222138.patch
@@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index d2bff2d..e505117 100644
+index 0efae22..380e711 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3894,7 +3894,7 @@ index 5e65ca8..879e7b3 100644
  #define CACHE_LINE_SIZE		32
  
 diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c
-index 6eb97b3..e77848e 100644
+index 4370933..e77848e 100644
 --- a/arch/arm/mm/context.c
 +++ b/arch/arm/mm/context.c
 @@ -43,7 +43,7 @@
@@ -3906,40 +3906,7 @@ index 6eb97b3..e77848e 100644
  static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS);
  
  static DEFINE_PER_CPU(atomic64_t, active_asids);
-@@ -144,21 +144,17 @@ static void flush_context(unsigned int cpu)
- 	/* Update the list of reserved ASIDs and the ASID bitmap. */
- 	bitmap_clear(asid_map, 0, NUM_USER_ASIDS);
- 	for_each_possible_cpu(i) {
--		if (i == cpu) {
--			asid = 0;
--		} else {
--			asid = atomic64_xchg(&per_cpu(active_asids, i), 0);
--			/*
--			 * If this CPU has already been through a
--			 * rollover, but hasn't run another task in
--			 * the meantime, we must preserve its reserved
--			 * ASID, as this is the only trace we have of
--			 * the process it is still running.
--			 */
--			if (asid == 0)
--				asid = per_cpu(reserved_asids, i);
--			__set_bit(asid & ~ASID_MASK, asid_map);
--		}
-+		asid = atomic64_xchg(&per_cpu(active_asids, i), 0);
-+		/*
-+		 * If this CPU has already been through a
-+		 * rollover, but hasn't run another task in
-+		 * the meantime, we must preserve its reserved
-+		 * ASID, as this is the only trace we have of
-+		 * the process it is still running.
-+		 */
-+		if (asid == 0)
-+			asid = per_cpu(reserved_asids, i);
-+		__set_bit(asid & ~ASID_MASK, asid_map);
- 		per_cpu(reserved_asids, i) = asid;
- 	}
- 
-@@ -182,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -178,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
  {
  	static u32 cur_idx = 1;
  	u64 asid = atomic64_read(&mm->context.id);
@@ -3948,7 +3915,7 @@ index 6eb97b3..e77848e 100644
  
  	if (asid != 0 && is_reserved_asid(asid)) {
  		/*
-@@ -203,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -199,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
  		 */
  		asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
  		if (asid == NUM_USER_ASIDS) {
@@ -3957,7 +3924,7 @@ index 6eb97b3..e77848e 100644
  							 &asid_generation);
  			flush_context(cpu);
  			asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1);
-@@ -234,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
+@@ -230,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
  	cpu_set_reserved_ttbr0();
  
  	asid = atomic64_read(&mm->context.id);
@@ -6878,7 +6845,7 @@ index 2242bdd..b284048 100644
  	}
  	/* Arrange for an interrupt in a short while */
 diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
-index 22b19c2..c5cc8c4 100644
+index d255a2a..916271c 100644
 --- a/arch/mips/kernel/traps.c
 +++ b/arch/mips/kernel/traps.c
 @@ -688,7 +688,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
@@ -21666,7 +21633,7 @@ index 7dc5564..1273569 100644
  	wmb();
  
 diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
-index 15c2909..2cef20c 100644
+index 36a8361..e7058c2 100644
 --- a/arch/x86/kernel/cpu/microcode/core.c
 +++ b/arch/x86/kernel/cpu/microcode/core.c
 @@ -518,7 +518,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
@@ -28204,7 +28171,7 @@ index e8edcf5..27f9344 100644
  		goto cannot_handle;
  	if ((segoffs >> 16) == BIOSSEG)
 diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 49edf2d..c0d1362 100644
+index 49edf2d..df596b1 100644
 --- a/arch/x86/kernel/vmlinux.lds.S
 +++ b/arch/x86/kernel/vmlinux.lds.S
 @@ -26,6 +26,13 @@
@@ -28385,7 +28352,6 @@ index 49edf2d..c0d1362 100644
 +	.init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
 +		VMLINUX_SYMBOL(_sinittext) = .;
 +		INIT_TEXT
-+		VMLINUX_SYMBOL(_einittext) = .;
 +		. = ALIGN(PAGE_SIZE);
 +	} :text.init
  
@@ -28396,6 +28362,7 @@ index 49edf2d..c0d1362 100644
 +	 */
 +	.exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
 +		EXIT_TEXT
++		VMLINUX_SYMBOL(_einittext) = .;
 +		. = ALIGN(16);
 +	} :text.exit
 +	. = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
@@ -31745,7 +31712,7 @@ index 903ec1e..c4166b2 100644
  }
  
 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index a8612aa..5f91cf4 100644
+index 4d8ee82..ffc1011 100644
 --- a/arch/x86/mm/fault.c
 +++ b/arch/x86/mm/fault.c
 @@ -13,12 +13,19 @@
@@ -32001,7 +31968,7 @@ index a8612aa..5f91cf4 100644
  		/* Kernel addresses are always protection faults: */
  		if (address >= TASK_SIZE)
  			error_code |= PF_PROT;
-@@ -867,7 +979,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+@@ -864,7 +976,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
  	if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
  		printk(KERN_ERR
  	"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
@@ -32010,7 +31977,7 @@ index a8612aa..5f91cf4 100644
  		code = BUS_MCEERR_AR;
  	}
  #endif
-@@ -923,6 +1035,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -916,6 +1028,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
  	return 1;
  }
  
@@ -32110,7 +32077,7 @@ index a8612aa..5f91cf4 100644
  /*
   * Handle a spurious fault caused by a stale TLB entry.
   *
-@@ -1008,6 +1213,9 @@ int show_unhandled_signals = 1;
+@@ -1001,6 +1206,9 @@ int show_unhandled_signals = 1;
  static inline int
  access_error(unsigned long error_code, struct vm_area_struct *vma)
  {
@@ -32120,7 +32087,7 @@ index a8612aa..5f91cf4 100644
  	if (error_code & PF_WRITE) {
  		/* write, present and write, not present: */
  		if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -1042,7 +1250,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
+@@ -1035,7 +1243,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
  	if (error_code & PF_USER)
  		return false;
  
@@ -32129,7 +32096,7 @@ index a8612aa..5f91cf4 100644
  		return false;
  
  	return true;
-@@ -1070,6 +1278,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
+@@ -1063,6 +1271,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
  	tsk = current;
  	mm = tsk->mm;
  
@@ -32152,7 +32119,7 @@ index a8612aa..5f91cf4 100644
  	/*
  	 * Detect and handle instructions that would cause a page fault for
  	 * both a tracked kernel page and a userspace page.
-@@ -1147,7 +1371,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
+@@ -1140,7 +1364,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
  	 * User-mode registers count as a user access even for any
  	 * potential system fault or CPU buglet:
  	 */
@@ -32161,7 +32128,7 @@ index a8612aa..5f91cf4 100644
  		local_irq_enable();
  		error_code |= PF_USER;
  		flags |= FAULT_FLAG_USER;
-@@ -1194,6 +1418,11 @@ retry:
+@@ -1187,6 +1411,11 @@ retry:
  		might_sleep();
  	}
  
@@ -32173,7 +32140,7 @@ index a8612aa..5f91cf4 100644
  	vma = find_vma(mm, address);
  	if (unlikely(!vma)) {
  		bad_area(regs, error_code, address);
-@@ -1205,18 +1434,24 @@ retry:
+@@ -1198,18 +1427,24 @@ retry:
  		bad_area(regs, error_code, address);
  		return;
  	}
@@ -32209,7 +32176,7 @@ index a8612aa..5f91cf4 100644
  	if (unlikely(expand_stack(vma, address))) {
  		bad_area(regs, error_code, address);
  		return;
-@@ -1333,3 +1568,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1327,3 +1562,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
  }
  NOKPROBE_SYMBOL(trace_do_page_fault);
  #endif /* CONFIG_TRACING */
@@ -33259,7 +33226,7 @@ index 7b179b49..6bd17777 100644
  
  	return (void *)vaddr;
 diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index af78e50..0790b03 100644
+index af78e50..4f1fe56 100644
 --- a/arch/x86/mm/ioremap.c
 +++ b/arch/x86/mm/ioremap.c
 @@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
@@ -33282,17 +33249,29 @@ index af78e50..0790b03 100644
  {
  	struct vm_struct *p, *o;
  
-@@ -334,6 +334,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
- 
+@@ -329,30 +329,29 @@ EXPORT_SYMBOL(iounmap);
+  */
+ void *xlate_dev_mem_ptr(unsigned long phys)
+ {
+-	void *addr;
+-	unsigned long start = phys & PAGE_MASK;
+-
  	/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
- 	if (page_is_ram(start >> PAGE_SHIFT))
+-	if (page_is_ram(start >> PAGE_SHIFT))
++	if (page_is_ram(phys >> PAGE_SHIFT))
 +#ifdef CONFIG_HIGHMEM
-+	if ((start >> PAGE_SHIFT) < max_low_pfn)
++	if ((phys >> PAGE_SHIFT) < max_low_pfn)
 +#endif
  		return __va(phys);
  
- 	addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
-@@ -346,13 +349,16 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+-	addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
+-	if (addr)
+-		addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK));
+-
+-	return addr;
++	return (void __force *)ioremap_cache(phys, PAGE_SIZE);
+ }
+ 
  void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
  {
  	if (page_is_ram(phys >> PAGE_SHIFT))
@@ -33310,7 +33289,7 @@ index af78e50..0790b03 100644
  
  static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
  {
-@@ -388,8 +394,7 @@ void __init early_ioremap_init(void)
+@@ -388,8 +387,7 @@ void __init early_ioremap_init(void)
  	early_ioremap_setup();
  
  	pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
@@ -38706,7 +38685,7 @@ index 5c4e1f6..0ea58f9 100644
  	new_smi->interrupt_disabled = true;
  	atomic_set(&new_smi->stop_operation, 0);
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 524b707..29d07c1 100644
+index 524b707..62a3d70 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
 @@ -18,6 +18,7 @@
@@ -38754,15 +38733,17 @@ index 524b707..29d07c1 100644
  #else
  static inline int range_is_allowed(unsigned long pfn, unsigned long size)
  {
-@@ -122,6 +136,7 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -121,7 +135,8 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+ #endif
  
  	while (count > 0) {
- 		unsigned long remaining;
+-		unsigned long remaining;
++		unsigned long remaining = 0;
 +		char *temp;
  
  		sz = size_inside_page(p, count);
  
-@@ -137,7 +152,23 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -137,7 +152,24 @@ static ssize_t read_mem(struct file *file, char __user *buf,
  		if (!ptr)
  			return -EFAULT;
  
@@ -38773,12 +38754,13 @@ index 524b707..29d07c1 100644
 +			unxlate_dev_mem_ptr(p, ptr);
 +			return -ENOMEM;
 +		}
-+		memcpy(temp, ptr, sz);
++		remaining = probe_kernel_read(temp, ptr, sz);
 +#else
 +		temp = ptr;
 +#endif
 +
-+		remaining = copy_to_user(buf, temp, sz);
++		if (!remaining)
++			remaining = copy_to_user(buf, temp, sz);
 +
 +#ifdef CONFIG_PAX_USERCOPY
 +		kfree(temp);
@@ -38787,7 +38769,7 @@ index 524b707..29d07c1 100644
  		unxlate_dev_mem_ptr(p, ptr);
  		if (remaining)
  			return -EFAULT;
-@@ -369,9 +400,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -369,9 +401,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
  			 size_t count, loff_t *ppos)
  {
  	unsigned long p = *ppos;
@@ -38798,7 +38780,7 @@ index 524b707..29d07c1 100644
  
  	read = 0;
  	if (p < (unsigned long) high_memory) {
-@@ -393,6 +423,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -393,6 +424,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
  		}
  #endif
  		while (low_count > 0) {
@@ -38807,7 +38789,7 @@ index 524b707..29d07c1 100644
  			sz = size_inside_page(p, low_count);
  
  			/*
-@@ -402,7 +434,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -402,7 +435,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
  			 */
  			kbuf = xlate_dev_kmem_ptr((char *)p);
  
@@ -38816,12 +38798,13 @@ index 524b707..29d07c1 100644
 +			temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY);
 +			if (!temp)
 +				return -ENOMEM;
-+			memcpy(temp, kbuf, sz);
++			err = probe_kernel_read(temp, kbuf, sz);
 +#else
 +			temp = kbuf;
 +#endif
 +
-+			err = copy_to_user(buf, temp, sz);
++			if (!err)
++				err = copy_to_user(buf, temp, sz);
 +
 +#ifdef CONFIG_PAX_USERCOPY
 +			kfree(temp);
@@ -38831,7 +38814,7 @@ index 524b707..29d07c1 100644
  				return -EFAULT;
  			buf += sz;
  			p += sz;
-@@ -797,6 +844,9 @@ static const struct memdev {
+@@ -797,6 +846,9 @@ static const struct memdev {
  #ifdef CONFIG_PRINTK
  	[11] = { "kmsg", 0644, &kmsg_fops, NULL },
  #endif
@@ -38841,7 +38824,7 @@ index 524b707..29d07c1 100644
  };
  
  static int memory_open(struct inode *inode, struct file *filp)
-@@ -868,7 +918,7 @@ static int __init chr_dev_init(void)
+@@ -868,7 +920,7 @@ static int __init chr_dev_init(void)
  			continue;
  
  		device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
@@ -38936,7 +38919,7 @@ index 0ea9986..e7b07e4 100644
  
  	if (cmd != SIOCWANDEV)
 diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 04645c0..560e350 100644
+index 04645c0..6416f00 100644
 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
 @@ -289,9 +289,6 @@
@@ -38962,6 +38945,30 @@ index 04645c0..560e350 100644
  
  static struct entropy_store input_pool = {
  	.poolinfo = &poolinfo_table[0],
+@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f)
+ 	__u32 c = f->pool[2],	d = f->pool[3];
+ 
+ 	a += b;			c += d;
+-	b = rol32(a, 6);	d = rol32(c, 27);
++	b = rol32(b, 6);	d = rol32(d, 27);
+ 	d ^= a;			b ^= c;
+ 
+ 	a += b;			c += d;
+-	b = rol32(a, 16);	d = rol32(c, 14);
++	b = rol32(b, 16);	d = rol32(d, 14);
+ 	d ^= a;			b ^= c;
+ 
+ 	a += b;			c += d;
+-	b = rol32(a, 6);	d = rol32(c, 27);
++	b = rol32(b, 6);	d = rol32(d, 27);
+ 	d ^= a;			b ^= c;
+ 
+ 	a += b;			c += d;
+-	b = rol32(a, 16);	d = rol32(c, 14);
++	b = rol32(b, 16);	d = rol32(d, 14);
+ 	d ^= a;			b ^= c;
+ 
+ 	f->pool[0] = a;  f->pool[1] = b;
 @@ -635,7 +632,7 @@ retry:
  		/* The +2 corresponds to the /4 in the denominator */
  
@@ -44925,7 +44932,7 @@ index 32e282f..5cec803 100644
  
  			rdev_dec_pending(rdev, mddev);
 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index c1b0d52..07a0a5d 100644
+index b98765f..09e86d5 100644
 --- a/drivers/md/raid5.c
 +++ b/drivers/md/raid5.c
 @@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
@@ -50765,7 +50772,7 @@ index 302e626..12579af 100644
  		da->attr.name = info->pin_config[i].name;
  		da->attr.mode = 0644;
 diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
-index fc6fb54..b8c794b 100644
+index fc6fb54..b8c794ba 100644
 --- a/drivers/regulator/core.c
 +++ b/drivers/regulator/core.c
 @@ -3569,7 +3569,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
@@ -50823,15 +50830,16 @@ index dbedf17..18ff6b7 100644
  
  	if (pdata) {
 diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 793b662..85f74cd 100644
+index 793b662..01c20fc 100644
 --- a/drivers/regulator/mc13892-regulator.c
 +++ b/drivers/regulator/mc13892-regulator.c
 @@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
  	mc13xxx_unlock(mc13892);
  
  	/* update mc13892_vcam ops */
+-	memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
 +	pax_open_kernel();
- 	memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
++	memcpy((void *)&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops,
  						sizeof(struct regulator_ops));
 -	mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode,
 -	mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode,
@@ -52058,24 +52066,10 @@ index ae45bd9..c32a586 100644
  
  	transport_setup_device(&rport->dev);
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index cfba74c..4cdf6a1 100644
+index dd8c8d6..4cdf6a1 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
-@@ -2818,9 +2818,11 @@ static int sd_revalidate_disk(struct gendisk *disk)
- 	 */
- 	sd_set_flush_flag(sdkp);
- 
--	max_xfer = min_not_zero(queue_max_hw_sectors(sdkp->disk->queue),
--				sdkp->max_xfer_blocks);
-+	max_xfer = sdkp->max_xfer_blocks;
- 	max_xfer <<= ilog2(sdp->sector_size) - 9;
-+
-+	max_xfer = min_not_zero(queue_max_hw_sectors(sdkp->disk->queue),
-+				max_xfer);
- 	blk_queue_max_hw_sectors(sdkp->disk->queue, max_xfer);
- 	set_capacity(disk, sdkp->capacity);
- 	sd_config_write_same(sdkp);
-@@ -3022,7 +3024,7 @@ static int sd_probe(struct device *dev)
+@@ -3024,7 +3024,7 @@ static int sd_probe(struct device *dev)
  	sdkp->disk = gd;
  	sdkp->index = index;
  	atomic_set(&sdkp->openers, 0);
@@ -60073,37 +60067,10 @@ index 02a33e5..3a28b5a 100644
  GLOBAL_EXTERN atomic_t smBufAllocCount;
  GLOBAL_EXTERN atomic_t midCount;
 diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index 3e4d00a..4132187 100644
+index 9a7b6947..4132187 100644
 --- a/fs/cifs/file.c
 +++ b/fs/cifs/file.c
-@@ -366,6 +366,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
- 	struct cifsLockInfo *li, *tmp;
- 	struct cifs_fid fid;
- 	struct cifs_pending_open open;
-+	bool oplock_break_cancelled;
- 
- 	spin_lock(&cifs_file_list_lock);
- 	if (--cifs_file->count > 0) {
-@@ -397,7 +398,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
- 	}
- 	spin_unlock(&cifs_file_list_lock);
- 
--	cancel_work_sync(&cifs_file->oplock_break);
-+	oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break);
- 
- 	if (!tcon->need_reconnect && !cifs_file->invalidHandle) {
- 		struct TCP_Server_Info *server = tcon->ses->server;
-@@ -409,6 +410,9 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
- 		_free_xid(xid);
- 	}
- 
-+	if (oplock_break_cancelled)
-+		cifs_done_oplock_break(cifsi);
-+
- 	cifs_del_pending_open(&open);
- 
- 	/*
-@@ -2056,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping,
+@@ -2060,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping,
  		index = mapping->writeback_index; /* Start from prev offset */
  		end = -1;
  	} else {
@@ -62280,7 +62247,7 @@ index 5797d45..7d7d79a 100644
  
  	if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {
 diff --git a/fs/fs_struct.c b/fs/fs_struct.c
-index 7dca743..f5e007d 100644
+index 7dca743..2f2786d 100644
 --- a/fs/fs_struct.c
 +++ b/fs/fs_struct.c
 @@ -4,6 +4,7 @@
@@ -62305,7 +62272,7 @@ index 7dca743..f5e007d 100644
  	spin_unlock(&fs->lock);
 -	if (old_root.dentry)
 +	if (old_root.dentry) {
-+		gr_inc_chroot_refcnts(old_root.dentry, old_root.mnt);
++		gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt);
  		path_put(&old_root);
 +	}
  }
@@ -64168,7 +64135,7 @@ index f82c628..9492b99 100644
  #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
  
 diff --git a/fs/namei.c b/fs/namei.c
-index db5fe86..ac769e4 100644
+index db5fe86..8bce5f0 100644
 --- a/fs/namei.c
 +++ b/fs/namei.c
 @@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -64549,7 +64516,7 @@ index db5fe86..ac769e4 100644
  	struct filename *name;
  	struct dentry *dentry;
  	struct nameidata nd;
-+	ino_t saved_ino = 0;
++	u64 saved_ino = 0;
 +	dev_t saved_dev = 0;
  	unsigned int lookup_flags = 0;
  retry:
@@ -64559,7 +64526,7 @@ index db5fe86..ac769e4 100644
  		goto exit3;
  	}
 +
-+	saved_ino = dentry->d_inode->i_ino;
++	saved_ino = gr_get_ino_from_dentry(dentry);
 +	saved_dev = gr_get_dev_from_dentry(dentry);
 +
 +	if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) {
@@ -64580,7 +64547,7 @@ index db5fe86..ac769e4 100644
  	struct nameidata nd;
  	struct inode *inode = NULL;
  	struct inode *delegated_inode = NULL;
-+	ino_t saved_ino = 0;
++	u64 saved_ino = 0;
 +	dev_t saved_dev = 0;
  	unsigned int lookup_flags = 0;
  retry:
@@ -64591,7 +64558,7 @@ index db5fe86..ac769e4 100644
  		ihold(inode);
 +
 +		if (inode->i_nlink <= 1) {
-+			saved_ino = inode->i_ino;
++			saved_ino = gr_get_ino_from_dentry(dentry);
 +			saved_dev = gr_get_dev_from_dentry(dentry);
 +		}
 +		if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) {
@@ -69545,10 +69512,10 @@ index 0000000..30ababb
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..9c2d930
+index 0000000..6c1e154
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,2721 @@
+@@ -0,0 +1,2749 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -69656,11 +69623,26 @@ index 0000000..9c2d930
 +		return dentry->d_sb->s_dev;
 +}
 +
++static inline u64 __get_ino(const struct dentry *dentry)
++{
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return btrfs_ino(dentry->d_inode);
++	else
++#endif
++		return dentry->d_inode->i_ino;
++}
++
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
 +{
 +	return __get_dev(dentry);
 +}
 +
++u64 gr_get_ino_from_dentry(struct dentry *dentry)
++{
++	return __get_ino(dentry);
++}
++
 +static char gr_task_roletype_to_char(struct task_struct *task)
 +{
 +	switch (task->role->roletype &
@@ -69999,7 +69981,7 @@ index 0000000..9c2d930
 +}
 +
 +struct acl_subject_label *
-+lookup_acl_subj_label(const ino_t ino, const dev_t dev,
++lookup_acl_subj_label(const u64 ino, const dev_t dev,
 +		      const struct acl_role_label *role)
 +{
 +	unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
@@ -70019,7 +70001,7 @@ index 0000000..9c2d930
 +}
 +
 +struct acl_subject_label *
-+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
++lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev,
 +			  const struct acl_role_label *role)
 +{
 +	unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
@@ -70039,7 +70021,7 @@ index 0000000..9c2d930
 +}
 +
 +static struct acl_object_label *
-+lookup_acl_obj_label(const ino_t ino, const dev_t dev,
++lookup_acl_obj_label(const u64 ino, const dev_t dev,
 +		     const struct acl_subject_label *subj)
 +{
 +	unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
@@ -70059,7 +70041,7 @@ index 0000000..9c2d930
 +}
 +
 +static struct acl_object_label *
-+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
++lookup_acl_obj_label_create(const u64 ino, const dev_t dev,
 +		     const struct acl_subject_label *subj)
 +{
 +	unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
@@ -70140,7 +70122,7 @@ index 0000000..9c2d930
 +}
 +
 +static struct inodev_entry *
-+lookup_inodev_entry(const ino_t ino, const dev_t dev)
++lookup_inodev_entry(const u64 ino, const dev_t dev)
 +{
 +	unsigned int index = gr_fhash(ino, dev, running_polstate.inodev_set.i_size);
 +	struct inodev_entry *match;
@@ -70365,7 +70347,7 @@ index 0000000..9c2d930
 +
 +static struct acl_object_label *
 +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
-+	    const ino_t curr_ino, const dev_t curr_dev,
++	    const u64 curr_ino, const dev_t curr_dev,
 +	    const struct acl_subject_label *subj, char **path, const int checkglob)
 +{
 +	struct acl_subject_label *tmpsubj;
@@ -70396,7 +70378,7 @@ index 0000000..9c2d930
 +	    const struct acl_subject_label *subj, char **path, const int checkglob)
 +{
 +	int newglob = checkglob;
-+	ino_t inode;
++	u64 inode;
 +	dev_t device;
 +
 +	/* if we aren't checking a subdirectory of the original path yet, don't do glob checking
@@ -70408,7 +70390,7 @@ index 0000000..9c2d930
 +		newglob = GR_NO_GLOB;
 +
 +	spin_lock(&curr_dentry->d_lock);
-+	inode = curr_dentry->d_inode->i_ino;
++	inode = __get_ino(curr_dentry);
 +	device = __get_dev(curr_dentry);
 +	spin_unlock(&curr_dentry->d_lock);
 +
@@ -70541,7 +70523,7 @@ index 0000000..9c2d930
 +			spin_lock(&dentry->d_lock);
 +			read_lock(&gr_inode_lock);
 +			retval =
-+				lookup_acl_subj_label(dentry->d_inode->i_ino,
++				lookup_acl_subj_label(__get_ino(dentry),
 +						__get_dev(dentry), role);
 +			read_unlock(&gr_inode_lock);
 +			spin_unlock(&dentry->d_lock);
@@ -70556,7 +70538,7 @@ index 0000000..9c2d930
 +
 +		spin_lock(&dentry->d_lock);
 +		read_lock(&gr_inode_lock);
-+		retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
++		retval = lookup_acl_subj_label(__get_ino(dentry),
 +					  __get_dev(dentry), role);
 +		read_unlock(&gr_inode_lock);
 +		parent = dentry->d_parent;
@@ -70570,7 +70552,7 @@ index 0000000..9c2d930
 +
 +	spin_lock(&dentry->d_lock);
 +	read_lock(&gr_inode_lock);
-+	retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
++	retval = lookup_acl_subj_label(__get_ino(dentry),
 +				  __get_dev(dentry), role);
 +	read_unlock(&gr_inode_lock);
 +	spin_unlock(&dentry->d_lock);
@@ -70578,7 +70560,7 @@ index 0000000..9c2d930
 +	if (unlikely(retval == NULL)) {
 +		/* gr_real_root is pinned, we don't need to hold a reference */
 +		read_lock(&gr_inode_lock);
-+		retval = lookup_acl_subj_label(gr_real_root.dentry->d_inode->i_ino,
++		retval = lookup_acl_subj_label(__get_ino(gr_real_root.dentry),
 +					  __get_dev(gr_real_root.dentry), role);
 +		read_unlock(&gr_inode_lock);
 +	}
@@ -70705,14 +70687,27 @@ index 0000000..9c2d930
 +		return;
 +
 +	for (i = 0; i < RLIM_NLIMITS; i++) {
++		unsigned long rlim_cur, rlim_max;
++
 +		if (!(proc->resmask & (1U << i)))
 +			continue;
 +
-+		task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
-+		task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
++		rlim_cur = proc->res[i].rlim_cur;
++		rlim_max = proc->res[i].rlim_max;
++
++		if (i == RLIMIT_NOFILE) {
++			unsigned long saved_sysctl_nr_open = sysctl_nr_open;
++			if (rlim_cur > saved_sysctl_nr_open)
++				rlim_cur = saved_sysctl_nr_open;
++			if (rlim_max > saved_sysctl_nr_open)
++				rlim_max = saved_sysctl_nr_open;
++		}
++
++		task->signal->rlim[i].rlim_cur = rlim_cur;
++		task->signal->rlim[i].rlim_max = rlim_max;
 +
 +		if (i == RLIMIT_CPU)
-+			update_rlimit_cpu(task, proc->res[i].rlim_cur);
++			update_rlimit_cpu(task, rlim_cur);
 +	}
 +
 +	return;
@@ -71415,7 +71410,7 @@ index 0000000..9c2d930
 +
 +/* always called with valid inodev ptr */
 +static void
-+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
++do_handle_delete(struct inodev_entry *inodev, const u64 ino, const dev_t dev)
 +{
 +	struct acl_object_label *matchpo;
 +	struct acl_subject_label *matchps;
@@ -71443,7 +71438,7 @@ index 0000000..9c2d930
 +}
 +
 +void
-+gr_handle_delete(const ino_t ino, const dev_t dev)
++gr_handle_delete(const u64 ino, const dev_t dev)
 +{
 +	struct inodev_entry *inodev;
 +
@@ -71460,8 +71455,8 @@ index 0000000..9c2d930
 +}
 +
 +static void
-+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
-+		     const ino_t newinode, const dev_t newdevice,
++update_acl_obj_label(const u64 oldinode, const dev_t olddevice,
++		     const u64 newinode, const dev_t newdevice,
 +		     struct acl_subject_label *subj)
 +{
 +	unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
@@ -71499,8 +71494,8 @@ index 0000000..9c2d930
 +}
 +
 +static void
-+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
-+		      const ino_t newinode, const dev_t newdevice,
++update_acl_subj_label(const u64 oldinode, const dev_t olddevice,
++		      const u64 newinode, const dev_t newdevice,
 +		      struct acl_role_label *role)
 +{
 +	unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
@@ -71538,8 +71533,8 @@ index 0000000..9c2d930
 +}
 +
 +static void
-+update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
-+		    const ino_t newinode, const dev_t newdevice)
++update_inodev_entry(const u64 oldinode, const dev_t olddevice,
++		    const u64 newinode, const dev_t newdevice)
 +{
 +	unsigned int index = gr_fhash(oldinode, olddevice, running_polstate.inodev_set.i_size);
 +	struct inodev_entry *match;
@@ -71575,7 +71570,7 @@ index 0000000..9c2d930
 +}
 +
 +static void
-+__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev)
++__do_handle_create(const struct name_entry *matchn, u64 ino, dev_t dev)
 +{
 +	struct acl_subject_label *subj;
 +	struct acl_role_label *role;
@@ -71608,7 +71603,7 @@ index 0000000..9c2d930
 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
 +		 const struct vfsmount *mnt)
 +{
-+	ino_t ino = dentry->d_inode->i_ino;
++	u64 ino = __get_ino(dentry);
 +	dev_t dev = __get_dev(dentry);
 +
 +	__do_handle_create(matchn, ino, dev);	
@@ -71668,7 +71663,7 @@ index 0000000..9c2d930
 +	struct name_entry *matchn2 = NULL;
 +	struct inodev_entry *inodev;
 +	struct inode *inode = new_dentry->d_inode;
-+	ino_t old_ino = old_dentry->d_inode->i_ino;
++	u64 old_ino = __get_ino(old_dentry);
 +	dev_t old_dev = __get_dev(old_dentry);
 +	unsigned int exchange = flags & RENAME_EXCHANGE;
 +
@@ -71710,7 +71705,7 @@ index 0000000..9c2d930
 +
 +	write_lock(&gr_inode_lock);
 +	if (unlikely((replace || exchange) && inode)) {
-+		ino_t new_ino = inode->i_ino;
++		u64 new_ino = __get_ino(new_dentry);
 +		dev_t new_dev = __get_dev(new_dentry);
 +
 +		inodev = lookup_inodev_entry(new_ino, new_dev);
@@ -72171,7 +72166,7 @@ index 0000000..9c2d930
 +	return 0;
 +}
 +	
-+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
++int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const u64 ino)
 +{
 +	struct task_struct *task = current;
 +	struct dentry *dentry = file->f_path.dentry;
@@ -72516,10 +72511,10 @@ index 0000000..1a94c11
 +
 diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
 new file mode 100644
-index 0000000..ca25605
+index 0000000..a43dd06
 --- /dev/null
 +++ b/grsecurity/gracl_compat.c
-@@ -0,0 +1,270 @@
+@@ -0,0 +1,269 @@
 +#include <linux/kernel.h>
 +#include <linux/gracl.h>
 +#include <linux/compat.h>
@@ -72534,8 +72529,7 @@ index 0000000..ca25605
 +        if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
 +                return -EFAULT;
 +
-+        if (((uwrapcompat.version != GRSECURITY_VERSION) &&
-+	     (uwrapcompat.version != 0x2901)) ||
++        if ((uwrapcompat.version != GRSECURITY_VERSION) ||
 +	    (uwrapcompat.size != sizeof(struct gr_arg_compat)))  
 +                return -EINVAL;
 +
@@ -73850,10 +73844,10 @@ index 0000000..25f54ef
 +};
 diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
 new file mode 100644
-index 0000000..7949dcd
+index 0000000..fd26052
 --- /dev/null
 +++ b/grsecurity/gracl_policy.c
-@@ -0,0 +1,1782 @@
+@@ -0,0 +1,1781 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -73933,8 +73927,8 @@ index 0000000..7949dcd
 +extern void insert_acl_subj_label(struct acl_subject_label *obj, struct acl_role_label *role);
 +extern struct name_entry * __lookup_name_entry(const struct gr_policy_state *state, const char *name);
 +extern char *gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt);
-+extern struct acl_subject_label *lookup_acl_subj_label(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
-+extern struct acl_subject_label *lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, const struct acl_role_label *role);
++extern struct acl_subject_label *lookup_acl_subj_label(const u64 ino, const dev_t dev, const struct acl_role_label *role);
++extern struct acl_subject_label *lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev, const struct acl_role_label *role);
 +extern void assign_special_role(const char *rolename);
 +extern struct acl_subject_label *chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, const struct acl_role_label *role);
 +extern int gr_rbac_disable(void *unused);
@@ -74017,8 +74011,7 @@ index 0000000..7949dcd
 +	if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
 +		return -EFAULT;
 +
-+	if (((uwrap->version != GRSECURITY_VERSION) &&
-+	     (uwrap->version != 0x2901)) ||
++	if ((uwrap->version != GRSECURITY_VERSION) ||
 +	    (uwrap->size != sizeof(struct gr_arg)))
 +		return -EINVAL;
 +
@@ -74203,7 +74196,7 @@ index 0000000..7949dcd
 +}
 +					
 +static int
-+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
++insert_name_entry(char *name, const u64 inode, const dev_t device, __u8 deleted)
 +{
 +	struct name_entry **curr, *nentry;
 +	struct inodev_entry *ientry;
@@ -75712,10 +75705,10 @@ index 0000000..39645c9
 +}
 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
 new file mode 100644
-index 0000000..2040e61
+index 0000000..218b66b
 --- /dev/null
 +++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,313 @@
+@@ -0,0 +1,324 @@
 +#include <linux/kernel.h>
 +#include <linux/mm.h>
 +#include <asm/uaccess.h>
@@ -75746,7 +75739,7 @@ index 0000000..2040e61
 +static DEFINE_SPINLOCK(gr_uid_lock);
 +extern rwlock_t gr_inode_lock;
 +extern struct acl_subject_label *
-+	lookup_acl_subj_label(const ino_t inode, const dev_t dev,
++	lookup_acl_subj_label(const u64 inode, const dev_t dev,
 +			      struct acl_role_label *role);
 +
 +static inline dev_t __get_dev(const struct dentry *dentry)
@@ -75759,6 +75752,16 @@ index 0000000..2040e61
 +		return dentry->d_sb->s_dev;
 +}
 +
++static inline u64 __get_ino(const struct dentry *dentry)
++{
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return btrfs_ino(dentry->d_inode);
++	else
++#endif
++		return dentry->d_inode->i_ino;
++}
++
 +int
 +gr_init_uidset(void)
 +{
@@ -75979,13 +75982,14 @@ index 0000000..2040e61
 +gr_check_crash_exec(const struct file *filp)
 +{
 +	struct acl_subject_label *curr;
++	struct dentry *dentry;
 +
 +	if (unlikely(!gr_acl_is_enabled()))
 +		return 0;
 +
 +	read_lock(&gr_inode_lock);
-+	curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
-+				     __get_dev(filp->f_path.dentry),
++	dentry = filp->f_path.dentry;
++	curr = lookup_acl_subj_label(__get_ino(dentry), __get_dev(dentry),
 +				     current->role);
 +	read_unlock(&gr_inode_lock);
 +
@@ -76575,10 +76579,10 @@ index 0000000..114ea4f
 +}
 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
 new file mode 100644
-index 0000000..0f9ac91
+index 0000000..946f750
 --- /dev/null
 +++ b/grsecurity/grsec_disabled.c
-@@ -0,0 +1,440 @@
+@@ -0,0 +1,445 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -76700,7 +76704,7 @@ index 0000000..0f9ac91
 +}
 +
 +void
-+gr_handle_delete(const ino_t ino, const dev_t dev)
++gr_handle_delete(const u64 ino, const dev_t dev)
 +{
 +	return;
 +}
@@ -76901,7 +76905,7 @@ index 0000000..0f9ac91
 +
 +int
 +gr_acl_handle_filldir(const struct file *file, const char *name,
-+		      const int namelen, const ino_t ino)
++		      const int namelen, const u64 ino)
 +{
 +	return 1;
 +}
@@ -77010,6 +77014,11 @@ index 0000000..0f9ac91
 +	return dentry->d_sb->s_dev;
 +}
 +
++u64 gr_get_ino_from_dentry(struct dentry *dentry)
++{
++	return dentry->d_inode->i_ino;
++}
++
 +void gr_put_exec_file(struct task_struct *task)
 +{
 +	return;
@@ -80575,6 +80584,39 @@ index d1a5582..4424efa 100644
  /*
   * Mark a position in code as unreachable.  This can be used to
   * suppress control flow warnings after asm blocks that transfer
+diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
+index c8c5659..d09f2ad 100644
+--- a/include/linux/compiler-gcc5.h
++++ b/include/linux/compiler-gcc5.h
+@@ -28,6 +28,28 @@
+ # define __compiletime_error(message) __attribute__((error(message)))
+ #endif /* __CHECKER__ */
+ 
++#define __alloc_size(...)	__attribute((alloc_size(__VA_ARGS__)))
++#define __bos(ptr, arg)		__builtin_object_size((ptr), (arg))
++#define __bos0(ptr)		__bos((ptr), 0)
++#define __bos1(ptr)		__bos((ptr), 1)
++
++#ifdef CONSTIFY_PLUGIN
++#error not yet
++#define __no_const __attribute__((no_const))
++#define __do_const __attribute__((do_const))
++#endif
++
++#ifdef SIZE_OVERFLOW_PLUGIN
++#error not yet
++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__)))
++#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__)))
++#endif
++
++#ifdef LATENT_ENTROPY_PLUGIN
++#error not yet
++#define __latent_entropy __attribute__((latent_entropy))
++#endif
++
+ /*
+  * Mark a position in code as unreachable.  This can be used to
+  * suppress control flow warnings after asm blocks that transfer
 diff --git a/include/linux/compiler.h b/include/linux/compiler.h
 index d5ad7b1..3b74638 100644
 --- a/include/linux/compiler.h
@@ -81399,10 +81441,10 @@ index 41b30fd..a3718cf 100644
  {
 diff --git a/include/linux/gracl.h b/include/linux/gracl.h
 new file mode 100644
-index 0000000..edb2cb6
+index 0000000..91858e4
 --- /dev/null
 +++ b/include/linux/gracl.h
-@@ -0,0 +1,340 @@
+@@ -0,0 +1,342 @@
 +#ifndef GR_ACL_H
 +#define GR_ACL_H
 +
@@ -81414,8 +81456,8 @@ index 0000000..edb2cb6
 +
 +/* Major status information */
 +
-+#define GR_VERSION  "grsecurity 3.0"
-+#define GRSECURITY_VERSION 0x3000
++#define GR_VERSION  "grsecurity 3.1"
++#define GRSECURITY_VERSION 0x3100
 +
 +enum {
 +	GR_SHUTDOWN = 0,
@@ -81460,7 +81502,7 @@ index 0000000..edb2cb6
 +
 +struct name_entry {
 +	__u32 key;
-+	ino_t inode;
++	u64 inode;
 +	dev_t device;
 +	char *name;
 +	__u16 len;
@@ -81508,7 +81550,7 @@ index 0000000..edb2cb6
 +
 +struct acl_subject_label {
 +	char *filename;
-+	ino_t inode;
++	u64 inode;
 +	dev_t device;
 +	__u32 mode;
 +	kernel_cap_t cap_mask;
@@ -81596,7 +81638,7 @@ index 0000000..edb2cb6
 +
 +struct acl_object_label {
 +	char *filename;
-+	ino_t inode;
++	u64 inode;
 +	dev_t device;
 +	__u32 mode;
 +
@@ -81632,7 +81674,7 @@ index 0000000..edb2cb6
 +	unsigned char sp_role[GR_SPROLE_LEN];
 +	struct sprole_pw *sprole_pws;
 +	dev_t segv_device;
-+	ino_t segv_inode;
++	u64 segv_inode;
 +	uid_t segv_uid;
 +	__u16 num_sprole_pws;
 +	__u16 mode;
@@ -81704,9 +81746,11 @@ index 0000000..edb2cb6
 +}
 +
 +static __inline__ unsigned int
-+gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
++gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz)
 +{
-+	return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
++	unsigned int rem;
++	div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem);
++	return rem;
 +}
 +
 +static __inline__ unsigned int
@@ -81745,7 +81789,7 @@ index 0000000..edb2cb6
 +
 diff --git a/include/linux/gracl_compat.h b/include/linux/gracl_compat.h
 new file mode 100644
-index 0000000..33ebd1f
+index 0000000..af64092
 --- /dev/null
 +++ b/include/linux/gracl_compat.h
 @@ -0,0 +1,156 @@
@@ -81772,7 +81816,7 @@ index 0000000..33ebd1f
 +
 +struct acl_subject_label_compat {
 +	compat_uptr_t filename;
-+	compat_ino_t inode;
++	compat_u64 inode;
 +	__u32 device;
 +	__u32 mode;
 +	kernel_cap_t cap_mask;
@@ -81860,7 +81904,7 @@ index 0000000..33ebd1f
 +
 +struct acl_object_label_compat {
 +	compat_uptr_t filename;
-+	compat_ino_t inode;
++	compat_u64 inode;
 +	__u32 device;
 +	__u32 mode;
 +
@@ -81892,7 +81936,7 @@ index 0000000..33ebd1f
 +	unsigned char sp_role[GR_SPROLE_LEN];
 +	compat_uptr_t sprole_pws;
 +	__u32 segv_device;
-+	compat_ino_t segv_inode;
++	compat_u64 segv_inode;
 +	uid_t segv_uid;
 +	__u16 num_sprole_pws;
 +	__u16 mode;
@@ -82428,10 +82472,10 @@ index 0000000..26ef560
 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
 new file mode 100644
-index 0000000..6c76fcb
+index 0000000..63c1850
 --- /dev/null
 +++ b/include/linux/grsecurity.h
-@@ -0,0 +1,249 @@
+@@ -0,0 +1,250 @@
 +#ifndef GR_SECURITY_H
 +#define GR_SECURITY_H
 +#include <linux/fs.h>
@@ -82599,7 +82643,7 @@ index 0000000..6c76fcb
 +				 const struct vfsmount *parent_mnt);
 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
 +				 const struct vfsmount *mnt);
-+void gr_handle_delete(const ino_t ino, const dev_t dev);
++void gr_handle_delete(const u64 ino, const dev_t dev);
 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
 +				  const struct vfsmount *mnt);
 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
@@ -82628,7 +82672,7 @@ index 0000000..6c76fcb
 +			   const struct dentry *old_dentry,
 +			   const struct vfsmount *old_mnt);
 +int gr_acl_handle_filldir(const struct file *file, const char *name,
-+				 const unsigned int namelen, const ino_t ino);
++				 const unsigned int namelen, const u64 ino);
 +
 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
 +				const struct vfsmount *mnt);
@@ -82639,6 +82683,7 @@ index 0000000..6c76fcb
 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
 +void gr_audit_ptrace(struct task_struct *task);
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry);
++u64 gr_get_ino_from_dentry(struct dentry *dentry);
 +void gr_put_exec_file(struct task_struct *task);
 +
 +int gr_ptrace_readexec(struct file *file, int unsafe_flags);
@@ -92932,6 +92977,21 @@ index 2df8ef0..aae070f 100644
  
  static inline void put_prev_task(struct rq *rq, struct task_struct *prev)
  {
+diff --git a/kernel/seccomp.c b/kernel/seccomp.c
+index 4ef9687..4f44028 100644
+--- a/kernel/seccomp.c
++++ b/kernel/seccomp.c
+@@ -629,7 +629,9 @@ static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd)
+ 
+ 	switch (action) {
+ 	case SECCOMP_RET_ERRNO:
+-		/* Set the low-order 16-bits as a errno. */
++		/* Set low-order bits as an errno, capped at MAX_ERRNO. */
++		if (data > MAX_ERRNO)
++			data = MAX_ERRNO;
+ 		syscall_set_return_value(current, task_pt_regs(current),
+ 					 -data, 0);
+ 		goto skip;
 diff --git a/kernel/signal.c b/kernel/signal.c
 index 8f0876f..1153a5a 100644
 --- a/kernel/signal.c
@@ -93071,10 +93131,10 @@ index 8f0876f..1153a5a 100644
  	set_fs(seg);
  	if (ret >= 0 && uoss_ptr)  {
 diff --git a/kernel/smpboot.c b/kernel/smpboot.c
-index eb89e18..a4e6792 100644
+index 60d35ac5..59d289f 100644
 --- a/kernel/smpboot.c
 +++ b/kernel/smpboot.c
-@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread)
+@@ -289,7 +289,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread)
  		}
  		smpboot_unpark_thread(plug_thread, cpu);
  	}
@@ -93082,8 +93142,8 @@ index eb89e18..a4e6792 100644
 +	pax_list_add(&plug_thread->list, &hotplug_threads);
  out:
  	mutex_unlock(&smpboot_threads_lock);
- 	return ret;
-@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
+ 	put_online_cpus();
+@@ -307,7 +307,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
  {
  	get_online_cpus();
  	mutex_lock(&smpboot_threads_lock);
@@ -93617,7 +93677,7 @@ index a7077d3..dd48a49 100644
  		.clock_get	= alarm_clock_get,
  		.timer_create	= alarm_timer_create,
 diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
-index 37e50aa..57a9501 100644
+index d8c724c..6b331a4 100644
 --- a/kernel/time/hrtimer.c
 +++ b/kernel/time/hrtimer.c
 @@ -1399,7 +1399,7 @@ void hrtimer_peek_ahead_timers(void)
@@ -96913,7 +96973,7 @@ index 73cf098..ab547c7 100644
  	    capable(CAP_IPC_LOCK))
  		ret = do_mlockall(flags);
 diff --git a/mm/mmap.c b/mm/mmap.c
-index 1620adb..348da48 100644
+index 1620adb..6b35ac8 100644
 --- a/mm/mmap.c
 +++ b/mm/mmap.c
 @@ -41,6 +41,7 @@
@@ -96978,6 +97038,24 @@ index 1620adb..348da48 100644
  /*
   * Make sure vm_committed_as in one cacheline and not cacheline shared with
   * other variables. It can be updated by several CPUs frequently.
+@@ -152,7 +173,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed);
+  */
+ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ {
+-	unsigned long free, allowed, reserve;
++	long free, allowed, reserve;
+ 
+ 	VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) <
+ 			-(s64)vm_committed_as_batch * num_online_cpus(),
+@@ -220,7 +241,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ 	 */
+ 	if (mm) {
+ 		reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
+-		allowed -= min(mm->total_vm / 32, reserve);
++		allowed -= min_t(long, mm->total_vm / 32, reserve);
+ 	}
+ 
+ 	if (percpu_counter_read_positive(&vm_committed_as) < allowed)
 @@ -274,6 +295,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
  	struct vm_area_struct *next = vma->vm_next;
  
@@ -98505,7 +98583,7 @@ index b147f66..98a695ab 100644
  out:
  	if (ret & ~PAGE_MASK)
 diff --git a/mm/nommu.c b/mm/nommu.c
-index bd1808e..b63d87c 100644
+index bd1808e..22cbc6a 100644
 --- a/mm/nommu.c
 +++ b/mm/nommu.c
 @@ -70,7 +70,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
@@ -98540,6 +98618,24 @@ index bd1808e..b63d87c 100644
  	*region = *vma->vm_region;
  	new->vm_region = region;
  
+@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range);
+  */
+ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ {
+-	unsigned long free, allowed, reserve;
++	long free, allowed, reserve;
+ 
+ 	vm_acct_memory(pages);
+ 
+@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
+ 	 */
+ 	if (mm) {
+ 		reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
+-		allowed -= min(mm->total_vm / 32, reserve);
++		allowed -= min_t(long, mm->total_vm / 32, reserve);
+ 	}
+ 
+ 	if (percpu_counter_read_positive(&vm_committed_as) < allowed)
 @@ -2002,8 +1993,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
  }
  EXPORT_SYMBOL(generic_file_remap_pages);
@@ -98876,7 +98972,7 @@ index 3e4c721..a5e3e39 100644
  
  /*
 diff --git a/mm/shmem.c b/mm/shmem.c
-index 185836b..d7255a1 100644
+index 0b4ba55..bcef4ae 100644
 --- a/mm/shmem.c
 +++ b/mm/shmem.c
 @@ -33,7 +33,7 @@
@@ -107762,14 +107858,14 @@ index b304068..462d24e 100644
  		fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
 new file mode 100644
-index 0000000..42018ed
+index 0000000..822fa9e
 --- /dev/null
 +++ b/scripts/gcc-plugin.sh
 @@ -0,0 +1,51 @@
 +#!/bin/sh
 +srctree=$(dirname "$0")
 +gccplugins_dir=$($3 -print-file-name=plugin)
-+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++plugincc=$($1 -E - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
 +#include "gcc-common.h"
 +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
 +#warning $2 CXX
@@ -107800,7 +107896,7 @@ index 0000000..42018ed
 +esac
 +
 +# we need a c++ compiler that supports the designated initializer GNU extension
-+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
 +#include "gcc-common.h"
 +class test {
 +public:
@@ -109467,6 +109563,18 @@ index 4743d71..170a185 100644
  err:
  	if (iov != iovstack)
  		kfree(iov);
+diff --git a/security/keys/request_key.c b/security/keys/request_key.c
+index 0c7aea4..486ef6f 100644
+--- a/security/keys/request_key.c
++++ b/security/keys/request_key.c
+@@ -414,6 +414,7 @@ link_check_failed:
+ 
+ link_prealloc_failed:
+ 	mutex_unlock(&user->cons_lock);
++	key_put(key);
+ 	kleave(" = %d [prelink]", ret);
+ 	return ret;
+ 
 diff --git a/security/min_addr.c b/security/min_addr.c
 index f728728..6457a0c 100644
 --- a/security/min_addr.c
@@ -110967,10 +111075,10 @@ index 0000000..54461af
 +}
 diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
 new file mode 100644
-index 0000000..82bc5a8
+index 0000000..3b5af59
 --- /dev/null
 +++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,557 @@
+@@ -0,0 +1,558 @@
 +/*
 + * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
 + * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu>
@@ -111404,7 +111512,8 @@ index 0000000..82bc5a8
 +#if BUILDING_GCC_VERSION >= 4008
 +		.optinfo_flags		= OPTGROUP_NONE,
 +#endif
-+#if BUILDING_GCC_VERSION >= 4009
++#if BUILDING_GCC_VERSION >= 5000
++#elif BUILDING_GCC_VERSION >= 4009
 +		.has_gate		= false,
 +		.has_execute		= true,
 +#else
@@ -111512,8 +111621,8 @@ index 0000000..82bc5a8
 +		error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
 +	}
 +
-+	if (strcmp(lang_hooks.name, "GNU C")) {
-+		inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name);
++	if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
++		inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
 +		constify = false;
 +	}
 +
author	Timo Teräs <timo.teras@iki.fi>	2015-02-23 08:21:43 +0000
committer	Timo Teräs <timo.teras@iki.fi>	2015-02-23 08:21:43 +0000
commit	48c5c10b176753ab2654bbe22ad017c6b18af450 (patch)
tree	e4fa0893d46e91e817c0ae992139f49c9f2e0070 /main
parent	7bc5e97911bdbfc3180312591c76ec63c94b08b8 (diff)
download	aports-48c5c10b176753ab2654bbe22ad017c6b18af450.tar.bz2 aports-48c5c10b176753ab2654bbe22ad017c6b18af450.tar.xz