aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD39
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.9.5-201306102218.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.4-201306011536.patch)799
-rw-r--r--main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch44
-rw-r--r--main/linux-grsec/kernelconfig.x863
-rw-r--r--main/linux-grsec/kernelconfig.x86_643
-rw-r--r--main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch114
6 files changed, 386 insertions, 616 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index fc6b18a8da..997d1d4726 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.9.4
+pkgver=3.9.5
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=1
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,10 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.9.4-201306011536.patch
-
- leds-leds-gpio-reserve-gpio-before-using-it.patch
- ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+ grsecurity-2.9.1-3.9.5-201306102218.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
@@ -152,41 +149,35 @@ dev() {
}
md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
-922c4553299e6692a28761d3032fc012 patch-3.9.4.xz
-08c33c99cb779ebd296d2b274c2deeda grsecurity-2.9.1-3.9.4-201306011536.patch
-83db7136608d8101ae130728539dc376 leds-leds-gpio-reserve-gpio-before-using-it.patch
-ac9a50bdbe91ba6e5205e83f7e734ff5 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+aa22187ae5cd482a69097e9e59244491 patch-3.9.5.xz
+58dec4906c5abc6dc29355eb31816933 grsecurity-2.9.1-3.9.5-201306102218.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-fd6fd35309c0e8c1f05cb725df958f22 kernelconfig.x86
-fd61ff58d25155997c0d6f73e7ca7a7d kernelconfig.x86_64"
+3e219a1f25136b204d00865939532fe9 kernelconfig.x86
+1d057c89927a68e5f44896887ad3e379 kernelconfig.x86_64"
sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
-694ea0d527556c5a214597596f37cdb598d2a0652d6f5e86b8c0de718990ccec patch-3.9.4.xz
-3bf95754ba94f3dfa7a91d92726e83c9092feab9e990f70d31bc52974bff27b0 grsecurity-2.9.1-3.9.4-201306011536.patch
-13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4 leds-leds-gpio-reserve-gpio-before-using-it.patch
-ab0dcb52342990ad05af5ce21acd1e95fb65cc7e76ec98e45c7ece7433bc9f23 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+f25145ff6ddde7a633839aabfd97b0d8239e14c494fd16210871229a35c1c0de patch-3.9.5.xz
+196ee8f6b9fc368ac7c09dc6f929e947f4a02b7ef66c2f84f00fa7f682774604 grsecurity-2.9.1-3.9.5-201306102218.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-b44c6671b344ddae1da94e6c051a0e708af8609c1f2ff40d962301ed5023c83a kernelconfig.x86
-7a6700a6db89f8c2c7f8cce7d77f4ddb3fcad889d72c709c2833af795ef1bc79 kernelconfig.x86_64"
+cc3bd3d23f6a73ea6488c158de9d195ad5e3d87859ce02d92a04f0e08c9503d3 kernelconfig.x86
+b780ef646b3b30a5b0307102367e17d45bb3a0ab7e37cf92a1ce783c3149243a kernelconfig.x86_64"
sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
-2a2eb511a610e8e3ddbc38b8bce0b96e60875009b7981542c98f0de3a601632a205fa9f90c6912094196dbda6536083b3990b28204c243a406f5595c40df0965 patch-3.9.4.xz
-eb326ded756cbe086c7999c5a982b6b695ae8ee3c25523a22acd480d97de0603d86eeef5252fe957ed5ccd4e7736db271a253264108e757b23a9bd3e82b32529 grsecurity-2.9.1-3.9.4-201306011536.patch
-10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d leds-leds-gpio-reserve-gpio-before-using-it.patch
-769291e92f2f5ae5375d98b80bf8790b089c87437f1660cf8d5e9d45d7221280b6824bcb1d2564cbe12310a88df48443c56ecc9ce5468858829088221aa80327 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+8e9a064adadd062c7ca52c44de19dfd46b029e60f2832988a606e086b669ea699861ec57732d4abfb16e486f767d123fcfd66da7c2ddde380b7c13582bb44983 patch-3.9.5.xz
+704f65e048888c64aa02214e80103745f16f2ddebe9e8304331208436481ca6b1fcadc2e862203142ac98b6d5f7c409ba542b68c11775c4e7ba765a63b3ab2a6 grsecurity-2.9.1-3.9.5-201306102218.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-2516c47145f53cfa5624a9a8839b3590fd16a980aa4c8c48af4db025960d33abe855a5c698ee701a0d3704a96a9a3f93cd6c3cc8c9b8fdf73f230c15ad2f7611 kernelconfig.x86
-0a3739e5e1fe29fcce8c686d8ac223316467a2efaaa18cb3d1abf6c7a66dc86be12c26755dff1aef6d0f5a028ce4f6dfc5664ab42b484046949f401f3b9198f9 kernelconfig.x86_64"
+00fd8694455935f96e46b6624388b8c04af27ce4295040362da78c34bf9f08382bc69c1b8b273145573a59e3b4eecfa251119560da19ab390f171a8a6da18298 kernelconfig.x86
+6276f503f9dd7ea228b1661f9a36edcf18d2c4cfb6d9c4e3e1496a4f70709cc693fc8498186d86dd3f303c909c50e478cb95e08a05f50bda77c9cf165aca1ba1 kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.4-201306011536.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.5-201306102218.patch
index 9a1a55c812..49e438f1bb 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.9.4-201306011536.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.9.5-201306102218.patch
@@ -259,7 +259,7 @@ index 8ccbf27..afffeb4 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index bfbfaf9..d0b1bb8 100644
+index 8818c95..ced0bb1 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3390,7 +3390,7 @@ index 044c31d..2ee0861 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index a202a47..c430564 100644
+index 3a750de..4c9b88f 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -191,10 +191,10 @@ struct omap_hwmod_soc_ops {
@@ -5763,6 +5763,19 @@ index e0a8235..ce2f1e1 100644
ret = __copy_from_user(to, from, n);
else
copy_from_user_overflow();
+diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c
+index 5709c5e..14285ca 100644
+--- a/arch/parisc/kernel/drivers.c
++++ b/arch/parisc/kernel/drivers.c
+@@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath);
+ static void setup_bus_id(struct parisc_device *padev)
+ {
+ struct hardware_path path;
+- char name[20];
++ char name[28];
+ char *output = name;
+ int i;
+
diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
index 2a625fb..9908930 100644
--- a/arch/parisc/kernel/module.c
@@ -5866,6 +5879,20 @@ index 2a625fb..9908930 100644
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
me->arch.unwind_section, table, end, gp);
+diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c
+index a3328c2..3b812eb 100644
+--- a/arch/parisc/kernel/setup.c
++++ b/arch/parisc/kernel/setup.c
+@@ -69,7 +69,8 @@ void __init setup_cmdline(char **cmdline_p)
+ /* called from hpux boot loader */
+ boot_command_line[0] = '\0';
+ } else {
+- strcpy(boot_command_line, (char *)__va(boot_args[1]));
++ strlcpy(boot_command_line, (char *)__va(boot_args[1]),
++ COMMAND_LINE_SIZE);
+
+ #ifdef CONFIG_BLK_DEV_INITRD
+ if (boot_args[2] != 0) /* did palo pass us a ramdisk? */
diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
index 5dfd248..64914ac 100644
--- a/arch/parisc/kernel/sys_parisc.c
@@ -6353,10 +6380,10 @@ index 4aad413..85d86bf 100644
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index c9c67fc..e10c012 100644
+index 3b097a8..8f8c774 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
-@@ -245,6 +245,7 @@
+@@ -234,6 +234,7 @@
#define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
#define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
#define DSISR_NOHPTE 0x40000000 /* no translation found */
@@ -6790,10 +6817,10 @@ index f9b30c6..d72e7a3 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
-index 95068bf..9ba1814 100644
+index 201385c..0f01828 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
-@@ -982,7 +982,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
+@@ -976,7 +976,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
/* Save user registers on the stack */
frame = &rt_sf->uc.uc_mcontext;
addr = frame;
@@ -6803,10 +6830,10 @@ index 95068bf..9ba1814 100644
tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp;
} else {
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index c179428..58acdaa 100644
+index 3459473..2d40783 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
-@@ -758,7 +758,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
+@@ -749,7 +749,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
#endif
/* Set up to return from userspace. */
@@ -6829,10 +6856,10 @@ index 3ce1f86..c30e629 100644
};
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 83efa2f..6bb5839 100644
+index 1c22b2d..3b56e67 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
-@@ -141,6 +141,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
+@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
return flags;
}
@@ -6841,7 +6868,7 @@ index 83efa2f..6bb5839 100644
static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
int signr)
{
-@@ -190,6 +192,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+@@ -191,6 +193,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -20475,7 +20502,7 @@ index 73afd11..d1670f5 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index 08f7e80..40cbed5 100644
+index 321d65e..e9437f7 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -20516,7 +20543,7 @@ index 08f7e80..40cbed5 100644
/*
* Set up the identity mapping for the switchover. These
-@@ -175,8 +187,8 @@ ENTRY(secondary_startup_64)
+@@ -177,8 +189,8 @@ ENTRY(secondary_startup_64)
movq $(init_level4_pgt - __START_KERNEL_map), %rax
1:
@@ -20527,7 +20554,7 @@ index 08f7e80..40cbed5 100644
movq %rcx, %cr4
/* Setup early boot stage 4 level pagetables. */
-@@ -197,10 +209,18 @@ ENTRY(secondary_startup_64)
+@@ -199,10 +211,18 @@ ENTRY(secondary_startup_64)
movl $MSR_EFER, %ecx
rdmsr
btsl $_EFER_SCE, %eax /* Enable System Call */
@@ -20547,7 +20574,7 @@ index 08f7e80..40cbed5 100644
1: wrmsr /* Make changes effective */
/* Setup cr0 */
-@@ -280,6 +300,7 @@ ENTRY(secondary_startup_64)
+@@ -282,6 +302,7 @@ ENTRY(secondary_startup_64)
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
* address given in m16:64.
*/
@@ -20555,7 +20582,7 @@ index 08f7e80..40cbed5 100644
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
-@@ -386,7 +407,7 @@ ENTRY(early_idt_handler)
+@@ -388,7 +409,7 @@ ENTRY(early_idt_handler)
call dump_stack
#ifdef CONFIG_KALLSYMS
leaq early_idt_ripmsg(%rip),%rdi
@@ -20564,7 +20591,7 @@ index 08f7e80..40cbed5 100644
call __print_symbol
#endif
#endif /* EARLY_PRINTK */
-@@ -414,6 +435,7 @@ ENDPROC(early_idt_handler)
+@@ -416,6 +437,7 @@ ENDPROC(early_idt_handler)
early_recursion_flag:
.long 0
@@ -20572,7 +20599,7 @@ index 08f7e80..40cbed5 100644
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -443,27 +465,50 @@ NEXT_PAGE(early_dynamic_pgts)
+@@ -445,27 +467,50 @@ NEXT_PAGE(early_dynamic_pgts)
.data
@@ -20631,7 +20658,7 @@ index 08f7e80..40cbed5 100644
NEXT_PAGE(level3_kernel_pgt)
.fill L3_START_KERNEL,8,0
-@@ -471,6 +516,9 @@ NEXT_PAGE(level3_kernel_pgt)
+@@ -473,6 +518,9 @@ NEXT_PAGE(level3_kernel_pgt)
.quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
.quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
@@ -20641,7 +20668,7 @@ index 08f7e80..40cbed5 100644
NEXT_PAGE(level2_kernel_pgt)
/*
* 512 MB kernel mapping. We spend a full page on this pagetable
-@@ -486,38 +534,64 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -488,38 +536,64 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -20743,10 +20770,10 @@ index 0fa6912..37fce70 100644
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
-index 245a71d..89d9ce4 100644
+index cb33909..1163b40 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
-@@ -55,7 +55,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
+@@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
static inline bool interrupted_user_mode(void)
{
struct pt_regs *regs = get_irq_regs();
@@ -23943,7 +23970,7 @@ index a20ecb5..d0e2194 100644
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 59622c9..f338414 100644
+index 698eece..776b682 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -328,6 +328,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
@@ -31882,10 +31909,10 @@ index 34c8216..f56c828 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 63c743b..0422dc6 100644
+index cf15aee..e0b7078 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -4786,7 +4786,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4792,7 +4792,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -31894,7 +31921,7 @@ index 63c743b..0422dc6 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4802,7 +4802,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4808,7 +4808,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -31903,7 +31930,7 @@ index 63c743b..0422dc6 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5926,6 +5926,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -31911,7 +31938,7 @@ index 63c743b..0422dc6 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5939,8 +5940,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -31951,7 +31978,7 @@ index f9b983a..887b9d8 100644
return 0;
}
diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c
-index 77a7480..05cde58 100644
+index 77a7480d..05cde58 100644
--- a/drivers/atm/ambassador.c
+++ b/drivers/atm/ambassador.c
@@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) {
@@ -33220,7 +33247,7 @@ index 7fda30e..eb5dfe0 100644
/* queue and queue Info */
struct list_head reqQ;
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
-index 3f08713..56a586a 100644
+index 3f08713..87d4b4a 100644
--- a/drivers/block/cpqarray.c
+++ b/drivers/block/cpqarray.c
@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev)
@@ -33295,7 +33322,15 @@ index 3f08713..56a586a 100644
a1 = a; a &= ~3;
if ((c = h->cmpQ) == NULL)
{
-@@ -1449,11 +1449,11 @@ static int sendcmd(
+@@ -1195,6 +1195,7 @@ out_passthru:
+ ida_pci_info_struct pciinfo;
+
+ if (!arg) return -EINVAL;
++ memset(&pciinfo, 0, sizeof(pciinfo));
+ pciinfo.bus = host->pci_dev->bus->number;
+ pciinfo.dev_fn = host->pci_dev->devfn;
+ pciinfo.board_id = host->board_id;
+@@ -1449,11 +1450,11 @@ static int sendcmd(
/*
* Disable interrupt
*/
@@ -33309,7 +33344,7 @@ index 3f08713..56a586a 100644
if (temp != 0) {
break;
}
-@@ -1466,7 +1466,7 @@ DBG(
+@@ -1466,7 +1467,7 @@ DBG(
/*
* Send the cmd
*/
@@ -33318,7 +33353,7 @@ index 3f08713..56a586a 100644
complete = pollcomplete(ctlr);
pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr,
-@@ -1549,9 +1549,9 @@ static int revalidate_allvol(ctlr_info_t *host)
+@@ -1549,9 +1550,9 @@ static int revalidate_allvol(ctlr_info_t *host)
* we check the new geometry. Then turn interrupts back on when
* we're done.
*/
@@ -33330,7 +33365,7 @@ index 3f08713..56a586a 100644
for(i=0; i<NWD; i++) {
struct gendisk *disk = ida_gendisk[ctlr][i];
-@@ -1591,7 +1591,7 @@ static int pollcomplete(int ctlr)
+@@ -1591,7 +1592,7 @@ static int pollcomplete(int ctlr)
/* Wait (up to 2 seconds) for a command to complete */
for (i = 200000; i > 0; i--) {
@@ -33542,7 +33577,7 @@ index 2e7de7a..ed86dc0 100644
static DEFINE_MUTEX(pktcdvd_mutex);
static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index d620b44..587561e 100644
+index d620b44..e9abc80 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
@@ -33575,6 +33610,24 @@ index d620b44..587561e 100644
cdinfo(CD_REG_UNREG, "drive \"/dev/%s\" unregistered\n", cdi->name);
}
+@@ -2107,7 +2108,7 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf,
+ */
+ nr = nframes;
+ do {
+- cgc.buffer = kmalloc(CD_FRAMESIZE_RAW * nr, GFP_KERNEL);
++ cgc.buffer = kzalloc(CD_FRAMESIZE_RAW * nr, GFP_KERNEL);
+ if (cgc.buffer)
+ break;
+
+@@ -2882,7 +2883,7 @@ static noinline int mmc_ioctl_cdrom_read_data(struct cdrom_device_info *cdi,
+ if (lba < 0)
+ return -EINVAL;
+
+- cgc->buffer = kmalloc(blocksize, GFP_KERNEL);
++ cgc->buffer = kzalloc(blocksize, GFP_KERNEL);
+ if (cgc->buffer == NULL)
+ return -ENOMEM;
+
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index d59cdcb..11afddf 100644
--- a/drivers/cdrom/gdrom.c
@@ -33882,6 +33935,18 @@ index 2c644af..d4d7f17 100644
};
static int memory_open(struct inode *inode, struct file *filp)
+diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c
+index c689697..04e6d6a 100644
+--- a/drivers/char/mwave/tp3780i.c
++++ b/drivers/char/mwave/tp3780i.c
+@@ -479,6 +479,7 @@ int tp3780I_QueryAbilities(THINKPAD_BD_DATA * pBDData, MW_ABILITIES * pAbilities
+ PRINTK_2(TRACE_TP3780I,
+ "tp3780i::tp3780I_QueryAbilities entry pBDData %p\n", pBDData);
+
++ memset(pAbilities, 0, sizeof(*pAbilities));
+ /* fill out standard constant fields */
+ pAbilities->instr_per_sec = pBDData->rDspSettings.uIps;
+ pAbilities->data_size = pBDData->rDspSettings.uDStoreSize;
diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c
index 9df78e2..01ba9ae 100644
--- a/drivers/char/nvram.c
@@ -33971,7 +34036,7 @@ index 5c5cc00..ac9edb7 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 32a6c57..98038d5 100644
+index eccd7cc..98038d5 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -272,8 +272,13 @@
@@ -34017,85 +34082,7 @@ index 32a6c57..98038d5 100644
smp_wmb();
if (out)
-@@ -865,16 +877,24 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
- if (r->entropy_count / 8 < min + reserved) {
- nbytes = 0;
- } else {
-+ int entropy_count, orig;
-+retry:
-+ entropy_count = orig = ACCESS_ONCE(r->entropy_count);
- /* If limited, never pull more than available */
-- if (r->limit && nbytes + reserved >= r->entropy_count / 8)
-- nbytes = r->entropy_count/8 - reserved;
-+ if (r->limit && nbytes + reserved >= entropy_count / 8)
-+ nbytes = entropy_count/8 - reserved;
-
-- if (r->entropy_count / 8 >= nbytes + reserved)
-- r->entropy_count -= nbytes*8;
-- else
-- r->entropy_count = reserved;
-+ if (entropy_count / 8 >= nbytes + reserved) {
-+ entropy_count -= nbytes*8;
-+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
-+ goto retry;
-+ } else {
-+ entropy_count = reserved;
-+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
-+ goto retry;
-+ }
-
-- if (r->entropy_count < random_write_wakeup_thresh)
-+ if (entropy_count < random_write_wakeup_thresh)
- wakeup_write = 1;
- }
-
-@@ -957,10 +977,23 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
- {
- ssize_t ret = 0, i;
- __u8 tmp[EXTRACT_SIZE];
-+ unsigned long flags;
-
- /* if last_data isn't primed, we need EXTRACT_SIZE extra bytes */
-- if (fips_enabled && !r->last_data_init)
-- nbytes += EXTRACT_SIZE;
-+ if (fips_enabled) {
-+ spin_lock_irqsave(&r->lock, flags);
-+ if (!r->last_data_init) {
-+ r->last_data_init = true;
-+ spin_unlock_irqrestore(&r->lock, flags);
-+ trace_extract_entropy(r->name, EXTRACT_SIZE,
-+ r->entropy_count, _RET_IP_);
-+ xfer_secondary_pool(r, EXTRACT_SIZE);
-+ extract_buf(r, tmp);
-+ spin_lock_irqsave(&r->lock, flags);
-+ memcpy(r->last_data, tmp, EXTRACT_SIZE);
-+ }
-+ spin_unlock_irqrestore(&r->lock, flags);
-+ }
-
- trace_extract_entropy(r->name, nbytes, r->entropy_count, _RET_IP_);
- xfer_secondary_pool(r, nbytes);
-@@ -970,19 +1003,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
- extract_buf(r, tmp);
-
- if (fips_enabled) {
-- unsigned long flags;
--
--
-- /* prime last_data value if need be, per fips 140-2 */
-- if (!r->last_data_init) {
-- spin_lock_irqsave(&r->lock, flags);
-- memcpy(r->last_data, tmp, EXTRACT_SIZE);
-- r->last_data_init = true;
-- nbytes -= EXTRACT_SIZE;
-- spin_unlock_irqrestore(&r->lock, flags);
-- extract_buf(r, tmp);
-- }
--
- spin_lock_irqsave(&r->lock, flags);
- if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
- panic("Hardware RNG duplicated output!\n");
-@@ -1024,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1032,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -34104,7 +34091,7 @@ index 32a6c57..98038d5 100644
ret = -EFAULT;
break;
}
-@@ -1360,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1368,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -34113,7 +34100,7 @@ index 32a6c57..98038d5 100644
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
-@@ -1376,7 +1396,7 @@ static char sysctl_bootid[16];
+@@ -1384,7 +1396,7 @@ static char sysctl_bootid[16];
static int proc_do_uuid(ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -35743,10 +35730,10 @@ index 5a82b6b..9e69c73 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 44b8034..cc722fd 100644
+index 5073665..31d15a6 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -977,7 +977,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -976,7 +976,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
@@ -37505,6 +37492,37 @@ index 89562a8..218999b 100644
capimsg_setu32(skb->data, 8, mp->ncci); /* NCCI */
capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */
capimsg_setu16(skb->data, 16, len); /* Data length */
+diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c
+index 9b1b274..c123709 100644
+--- a/drivers/isdn/capi/kcapi.c
++++ b/drivers/isdn/capi/kcapi.c
+@@ -93,7 +93,7 @@ capi_ctr_put(struct capi_ctr *ctr)
+
+ static inline struct capi_ctr *get_capi_ctr_by_nr(u16 contr)
+ {
+- if (contr - 1 >= CAPI_MAXCONTR)
++ if (contr < 1 || contr - 1 >= CAPI_MAXCONTR)
+ return NULL;
+
+ return capi_controller[contr - 1];
+@@ -103,7 +103,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid)
+ {
+ lockdep_assert_held(&capi_controller_lock);
+
+- if (applid - 1 >= CAPI_MAXAPPL)
++ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL)
+ return NULL;
+
+ return capi_applications[applid - 1];
+@@ -111,7 +111,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid)
+
+ static inline struct capi20_appl *get_capi_appl_by_nr(u16 applid)
+ {
+- if (applid - 1 >= CAPI_MAXAPPL)
++ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL)
+ return NULL;
+
+ return rcu_dereference(capi_applications[applid - 1]);
diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c
index e2b5396..c5486dc 100644
--- a/drivers/isdn/gigaset/interface.c
@@ -39597,7 +39615,7 @@ index ff90760..08d8aed 100644
/**
* bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters.
diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
-index 8d7d4c2..95f7681 100644
+index 25309bf..fcfd54c 100644
--- a/drivers/net/ethernet/broadcom/tg3.h
+++ b/drivers/net/ethernet/broadcom/tg3.h
@@ -147,6 +147,7 @@
@@ -40506,10 +40524,10 @@ index 12c4f31..484d948 100644
memset(buf, 0, sizeof(buf));
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index cffdf4f..7cefb69 100644
+index 2b49f48..14fc244 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -2144,25 +2144,19 @@ static int __init init_mac80211_hwsim(void)
+@@ -2143,25 +2143,19 @@ static int __init init_mac80211_hwsim(void)
if (channels > 1) {
hwsim_if_comb.num_different_channels = channels;
@@ -42680,7 +42698,7 @@ index 5f13890..36a044b 100644
pDevice->apdev->type = ARPHRD_IEEE80211;
diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c
-index bc5e9da..dacd556 100644
+index a94e66f..31984d0 100644
--- a/drivers/staging/vt6656/hostap.c
+++ b/drivers/staging/vt6656/hostap.c
@@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO;
@@ -42751,48 +42769,6 @@ index adbe5a8..d387359 100644
extern void tmem_register_hostops(struct tmem_hostops *m);
/* core tmem accessor functions */
-diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c
-index ca2be40..93ae910 100644
---- a/drivers/target/iscsi/iscsi_target_parameters.c
-+++ b/drivers/target/iscsi/iscsi_target_parameters.c
-@@ -712,9 +712,9 @@ static int iscsi_add_notunderstood_response(
- }
- INIT_LIST_HEAD(&extra_response->er_list);
-
-- strncpy(extra_response->key, key, strlen(key) + 1);
-- strncpy(extra_response->value, NOTUNDERSTOOD,
-- strlen(NOTUNDERSTOOD) + 1);
-+ strlcpy(extra_response->key, key, sizeof(extra_response->key));
-+ strlcpy(extra_response->value, NOTUNDERSTOOD,
-+ sizeof(extra_response->value));
-
- list_add_tail(&extra_response->er_list,
- &param_list->extra_response_list);
-@@ -1583,8 +1583,6 @@ int iscsi_decode_text_input(
-
- if (phase & PHASE_SECURITY) {
- if (iscsi_check_for_auth_key(key) > 0) {
-- char *tmpptr = key + strlen(key);
-- *tmpptr = '=';
- kfree(tmpbuf);
- return 1;
- }
-diff --git a/drivers/target/iscsi/iscsi_target_parameters.h b/drivers/target/iscsi/iscsi_target_parameters.h
-index 1e1b750..2c536a0 100644
---- a/drivers/target/iscsi/iscsi_target_parameters.h
-+++ b/drivers/target/iscsi/iscsi_target_parameters.h
-@@ -1,8 +1,10 @@
- #ifndef ISCSI_PARAMETERS_H
- #define ISCSI_PARAMETERS_H
-
-+#include <scsi/iscsi_proto.h>
-+
- struct iscsi_extra_response {
-- char key[64];
-+ char key[KEY_MAXLEN];
- char value[32];
- struct list_head er_list;
- } ____cacheline_aligned;
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index 2e4d655..fd72e68 100644
--- a/drivers/target/target_core_device.c
@@ -42807,10 +42783,10 @@ index 2e4d655..fd72e68 100644
spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
INIT_LIST_HEAD(&dev->t10_pr.registration_list);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index 0d46276..f327cab5 100644
+index fc9a5a0..1d5975e 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
-@@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
+@@ -1081,7 +1081,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
* Used to determine when ORDERED commands should go from
* Dormant to Active status.
*/
@@ -43153,10 +43129,10 @@ index 4a43ef5d7..aa71f27 100644
dlci_get(dlci->gsm->dlci[0]);
mux_get(dlci->gsm);
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 05e72be..67f6a0f 100644
+index 1f8cba6..47b06c2 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
-@@ -2197,6 +2197,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2205,6 +2205,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
@@ -44078,7 +44054,7 @@ index c8b9262..7e824e6 100644
ret = uio_get_minor(idev);
if (ret)
diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
-index b7eb86a..c00402f 100644
+index 8a7eb77..c00402f 100644
--- a/drivers/usb/atm/cxacru.c
+++ b/drivers/usb/atm/cxacru.c
@@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev,
@@ -44090,16 +44066,6 @@ index b7eb86a..c00402f 100644
return -EINVAL;
pos += tmp;
-@@ -686,7 +686,8 @@ static int cxacru_cm_get_array(struct cxacru_data *instance, enum cxacru_cm_requ
- {
- int ret, len;
- __le32 *buf;
-- int offb, offd;
-+ int offb;
-+ unsigned int offd;
- const int stride = CMD_PACKET_SIZE / (4 * 2) - 1;
- int buflen = ((size - 1) / stride + 1 + size * 2) * 4;
-
diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
index 35f10bf..6a38a0b 100644
--- a/drivers/usb/atm/usbatm.c
@@ -51161,39 +51127,6 @@ index febbe0e..782c4fd 100644
static int parse_strtoul(const char *buf,
unsigned long max, unsigned long *value)
-diff --git a/fs/fat/inode.c b/fs/fat/inode.c
-index acf6e47..e7a7fde 100644
---- a/fs/fat/inode.c
-+++ b/fs/fat/inode.c
-@@ -1223,6 +1223,19 @@ static int fat_read_root(struct inode *inode)
- return 0;
- }
-
-+static unsigned long calc_fat_clusters(struct super_block *sb)
-+{
-+ struct msdos_sb_info *sbi = MSDOS_SB(sb);
-+
-+ /* Divide first to avoid overflow */
-+ if (sbi->fat_bits != 12) {
-+ unsigned long ent_per_sec = sb->s_blocksize * 8 / sbi->fat_bits;
-+ return ent_per_sec * sbi->fat_length;
-+ }
-+
-+ return sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits;
-+}
-+
- /*
- * Read the super block of an MS-DOS FS.
- */
-@@ -1427,7 +1440,7 @@ int fat_fill_super(struct super_block *sb, void *data, int silent, int isvfat,
- sbi->dirty = b->fat16.state & FAT_STATE_DIRTY;
-
- /* check that FAT table does not overflow */
-- fat_clusters = sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits;
-+ fat_clusters = calc_fat_clusters(sb);
- total_clusters = min(total_clusters, fat_clusters - FAT_START_ENT);
- if (total_clusters > MAX_FAT(sb)) {
- if (!silent)
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 6599222..e7bf0de 100644
--- a/fs/fcntl.c
@@ -52844,10 +52777,10 @@ index 11dfa0c..6f64416 100644
if (!ret)
ret = -EPIPE;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index ff15522..092a0f6 100644
+index 185c479..51b9986 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
-@@ -1409,7 +1409,7 @@ static char *read_link(struct dentry *dentry)
+@@ -1415,7 +1415,7 @@ static char *read_link(struct dentry *dentry)
return link;
}
@@ -53940,10 +53873,18 @@ index e7bc1d7..06bd4bb 100644
}
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index 5d84442..bf24453 100644
+index 5d84442..2c034ba 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
-@@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
+@@ -121,6 +121,7 @@ static int fill_event_metadata(struct fsnotify_group *group,
+ metadata->event_len = FAN_EVENT_METADATA_LEN;
+ metadata->metadata_len = FAN_EVENT_METADATA_LEN;
+ metadata->vers = FANOTIFY_METADATA_VERSION;
++ metadata->reserved = 0;
+ metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS;
+ metadata->pid = pid_vnr(event->tgid);
+ if (unlikely(event->mask & FAN_Q_OVERFLOW))
+@@ -251,8 +252,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
fd = fanotify_event_metadata.fd;
ret = -EFAULT;
@@ -56526,7 +56467,7 @@ index d681e34..2a3f5ab 100644
goto out_put;
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
-index d82efaa..0904a8e 100644
+index ca9ecaa..60100c7 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
@@ -395,7 +395,7 @@ xfs_vn_put_link(
@@ -56540,10 +56481,10 @@ index d82efaa..0904a8e 100644
kfree(s);
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..7174794
+index 0000000..ba9c5e3
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1031 @@
+@@ -0,0 +1,1053 @@
+#
+# grecurity configuration
+#
@@ -56629,6 +56570,25 @@ index 0000000..7174794
+ If you're using KERNEXEC, it's recommended that you enable this option
+ to supplement the hardening of the kernel.
+
++config GRKERNSEC_PERF_HARDEN
++ bool "Disable unprivileged PERF_EVENTS usage by default"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on PERF_EVENTS
++ help
++ If you say Y here, the range of acceptable values for the
++ /proc/sys/kernel/perf_event_paranoid sysctl will be expanded to allow and
++ default to a new value: 3. When the sysctl is set to this value, no
++ unprivileged use of the PERF_EVENTS syscall interface will be permitted.
++
++ Though PERF_EVENTS can be used legitimately for performance monitoring
++ and low-level application profiling, it is forced on regardless of
++ configuration, has been at fault for several vulnerabilities, and
++ creates new opportunities for side channels and other information leaks.
++
++ This feature puts PERF_EVENTS into a secure default state and permits
++ the administrator to change out of it temporarily if unprivileged
++ application profiling is needed.
++
+config GRKERNSEC_RAND_THREADSTACK
+ bool "Insert random gaps between thread stacks"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -56739,6 +56699,9 @@ index 0000000..7174794
+ useful protection against local kernel exploitation of overflows
+ and arbitrary read/write vulnerabilities.
+
++ It is highly recommended that you enable GRKERNSEC_PERF_HARDEN
++ in addition to this feature.
++
+config GRKERNSEC_KERN_LOCKOUT
+ bool "Active kernel exploit response"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -70441,7 +70404,7 @@ index 45fc162..01a4068 100644
/**
* struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index 1d795df..727aa7b 100644
+index 1d795df..b0a6449 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -333,8 +333,8 @@ struct perf_event {
@@ -70475,8 +70438,15 @@ index 1d795df..727aa7b 100644
extern int sysctl_perf_event_mlock;
extern int sysctl_perf_event_sample_rate;
-@@ -714,17 +714,17 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
+@@ -712,19 +712,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp,
+ loff_t *ppos);
++static inline bool perf_paranoid_any(void)
++{
++ return sysctl_perf_event_legitimately_concerned > 2;
++}
++
static inline bool perf_paranoid_tracepoint_raw(void)
{
- return sysctl_perf_event_paranoid > -1;
@@ -70496,7 +70466,7 @@ index 1d795df..727aa7b 100644
}
extern void perf_event_init(void);
-@@ -812,7 +812,7 @@ static inline void perf_restore_debug_store(void) { }
+@@ -812,7 +817,7 @@ static inline void perf_restore_debug_store(void) { }
*/
#define perf_cpu_notifier(fn) \
do { \
@@ -70505,7 +70475,7 @@ index 1d795df..727aa7b 100644
{ .notifier_call = fn, .priority = CPU_PRI_PERF }; \
unsigned long cpu = smp_processor_id(); \
unsigned long flags; \
-@@ -831,7 +831,7 @@ do { \
+@@ -831,7 +836,7 @@ do { \
struct perf_pmu_events_attr {
struct device_attribute attr;
u64 id;
@@ -72906,10 +72876,10 @@ index a6a059c..2243336 100644
struct snd_soc_platform {
const char *name;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index c4af592..20c52d2 100644
+index f8640f3..b72d113 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
-@@ -657,7 +657,7 @@ struct se_device {
+@@ -658,7 +658,7 @@ struct se_device {
spinlock_t stats_lock;
/* Active commands on this virtual SE device */
atomic_t simple_cmds;
@@ -74209,10 +74179,10 @@ index f6c2ce5..982c0f9 100644
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+}
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index ba1f977..f840d9c 100644
+index a48de6a..df24bfe 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5569,7 +5569,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
+@@ -5567,7 +5567,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
struct css_set *cg = link->cg;
struct task_struct *task;
int count = 0;
@@ -74632,15 +74602,19 @@ index 00eb8f7..d7e3244 100644
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 9fcb094..fd68c54 100644
+index 9fcb094..8370228 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
-@@ -155,7 +155,11 @@ static struct srcu_struct pmus_srcu;
+@@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu;
+ * 0 - disallow raw tracepoint access for unpriv
* 1 - disallow cpu events for unpriv
* 2 - disallow kernel profiling for unpriv
++ * 3 - disallow all unpriv perf event use
*/
-int sysctl_perf_event_paranoid __read_mostly = 1;
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
++int sysctl_perf_event_legitimately_concerned __read_mostly = 3;
++#elif CONFIG_GRKERNSEC_HIDESYM
+int sysctl_perf_event_legitimately_concerned __read_mostly = 2;
+#else
+int sysctl_perf_event_legitimately_concerned __read_mostly = 1;
@@ -74648,7 +74622,7 @@ index 9fcb094..fd68c54 100644
/* Minimum for 512 kiB + 1 user control page */
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -182,7 +186,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
+@@ -182,7 +189,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
return 0;
}
@@ -74657,7 +74631,7 @@ index 9fcb094..fd68c54 100644
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -2677,7 +2681,7 @@ static void __perf_event_read(void *info)
+@@ -2677,7 +2684,7 @@ static void __perf_event_read(void *info)
static inline u64 perf_event_count(struct perf_event *event)
{
@@ -74666,7 +74640,7 @@ index 9fcb094..fd68c54 100644
}
static u64 perf_event_read(struct perf_event *event)
-@@ -3007,9 +3011,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3007,9 +3014,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
mutex_lock(&event->child_mutex);
total += perf_event_read(event);
*enabled += event->total_time_enabled +
@@ -74678,7 +74652,7 @@ index 9fcb094..fd68c54 100644
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -3412,10 +3416,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3412,10 +3419,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
@@ -74691,7 +74665,7 @@ index 9fcb094..fd68c54 100644
arch_perf_update_userpage(userpg, now);
-@@ -3886,7 +3890,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -3886,7 +3893,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
/* Data. */
sp = perf_user_stack_pointer(regs);
@@ -74700,7 +74674,7 @@ index 9fcb094..fd68c54 100644
dyn_size = dump_size - rem;
perf_output_skip(handle, rem);
-@@ -3974,11 +3978,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -3974,11 +3981,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
@@ -74714,7 +74688,7 @@ index 9fcb094..fd68c54 100644
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -4726,12 +4730,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -4726,12 +4733,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
* need to add enough zero bytes after the string to handle
* the 64bit alignment we do later.
*/
@@ -74729,7 +74703,7 @@ index 9fcb094..fd68c54 100644
if (IS_ERR(name)) {
name = strncpy(tmp, "//toolong", sizeof(tmp));
goto got_name;
-@@ -6167,7 +6171,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -6167,7 +6174,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
event->ns = get_pid_ns(task_active_pid_ns(current));
@@ -74738,7 +74712,19 @@ index 9fcb094..fd68c54 100644
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -6795,10 +6799,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -6463,6 +6470,11 @@ SYSCALL_DEFINE5(perf_event_open,
+ if (flags & ~PERF_FLAG_ALL)
+ return -EINVAL;
+
++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
++ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN))
++ return -EACCES;
++#endif
++
+ err = perf_copy_attr(attr_uptr, &attr);
+ if (err)
+ return err;
+@@ -6795,10 +6807,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
@@ -75791,7 +75777,7 @@ index b2c71c5..7b88d63 100644
seq_printf(m, "%40s %14lu %29s %pS\n",
name, stats->contending_point[i],
diff --git a/kernel/module.c b/kernel/module.c
-index 0925c9a..6b044ac 100644
+index 97f202c..109575f 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -61,6 +61,7 @@
@@ -75956,7 +75942,7 @@ index 0925c9a..6b044ac 100644
set_memory_ro);
}
}
-@@ -1881,16 +1883,19 @@ static void free_module(struct module *mod)
+@@ -1886,16 +1888,19 @@ static void free_module(struct module *mod)
/* This may be NULL, but that's OK */
unset_module_init_ro_nx(mod);
@@ -75979,7 +75965,7 @@ index 0925c9a..6b044ac 100644
#ifdef CONFIG_MPU
update_protections(current->mm);
-@@ -1960,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1965,9 +1970,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
int ret = 0;
const struct kernel_symbol *ksym;
@@ -76011,7 +75997,7 @@ index 0925c9a..6b044ac 100644
switch (sym[i].st_shndx) {
case SHN_COMMON:
/* We compiled with -fno-common. These are not
-@@ -1983,7 +2010,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1988,7 +2015,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
ksym = resolve_symbol_wait(mod, info, name);
/* Ok if resolved. */
if (ksym && !IS_ERR(ksym)) {
@@ -76021,7 +76007,7 @@ index 0925c9a..6b044ac 100644
break;
}
-@@ -2002,11 +2031,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -2007,11 +2036,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
secbase = (unsigned long)mod_percpu(mod);
else
secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
@@ -76042,7 +76028,7 @@ index 0925c9a..6b044ac 100644
return ret;
}
-@@ -2090,22 +2128,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2095,22 +2133,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| strstarts(sname, ".init"))
continue;
@@ -76069,7 +76055,7 @@ index 0925c9a..6b044ac 100644
}
pr_debug("Init section allocation order:\n");
-@@ -2119,23 +2147,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2124,23 +2152,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| !strstarts(sname, ".init"))
continue;
@@ -76098,7 +76084,7 @@ index 0925c9a..6b044ac 100644
}
}
-@@ -2308,7 +2326,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2313,7 +2331,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
/* Put symbol section at end of init part of module. */
symsect->sh_flags |= SHF_ALLOC;
@@ -76107,7 +76093,7 @@ index 0925c9a..6b044ac 100644
info->index.sym) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
-@@ -2325,13 +2343,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2330,13 +2348,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
}
/* Append room for core symbols at end of core part. */
@@ -76125,7 +76111,7 @@ index 0925c9a..6b044ac 100644
info->index.str) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
-@@ -2349,12 +2367,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2354,12 +2372,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
/* Make sure we get permanent strtab: don't use info->strtab. */
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
@@ -76142,7 +76128,7 @@ index 0925c9a..6b044ac 100644
src = mod->symtab;
for (ndst = i = 0; i < mod->num_symtab; i++) {
if (i == 0 ||
-@@ -2366,6 +2386,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2371,6 +2391,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
}
}
mod->core_num_syms = ndst;
@@ -76151,7 +76137,7 @@ index 0925c9a..6b044ac 100644
}
#else
static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2399,17 +2421,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2404,17 +2426,33 @@ void * __weak module_alloc(unsigned long size)
return vmalloc_exec(size);
}
@@ -76190,7 +76176,7 @@ index 0925c9a..6b044ac 100644
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2685,8 +2723,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2690,8 +2728,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
const char *modmagic = get_modinfo(info, "vermagic");
@@ -76205,7 +76191,7 @@ index 0925c9a..6b044ac 100644
if (flags & MODULE_INIT_IGNORE_VERMAGIC)
modmagic = NULL;
-@@ -2712,7 +2756,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+@@ -2717,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
}
/* Set up license info based on the info section */
@@ -76214,7 +76200,7 @@ index 0925c9a..6b044ac 100644
return 0;
}
-@@ -2806,7 +2850,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2811,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
@@ -76223,7 +76209,7 @@ index 0925c9a..6b044ac 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2816,11 +2860,11 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2821,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
@@ -76239,7 +76225,7 @@ index 0925c9a..6b044ac 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. This block doesn't need to be
-@@ -2829,13 +2873,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2834,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info)
*/
kmemleak_ignore(ptr);
if (!ptr) {
@@ -76289,7 +76275,7 @@ index 0925c9a..6b044ac 100644
/* Transfer each section which specifies SHF_ALLOC */
pr_debug("final section addresses:\n");
-@@ -2846,16 +2922,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2851,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
@@ -76342,7 +76328,7 @@ index 0925c9a..6b044ac 100644
pr_debug("\t0x%lx %s\n",
(long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2912,12 +3017,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2917,12 +3022,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
@@ -76361,7 +76347,7 @@ index 0925c9a..6b044ac 100644
set_fs(old_fs);
}
-@@ -2987,8 +3092,10 @@ out:
+@@ -2992,8 +3097,10 @@ out:
static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
@@ -76374,7 +76360,7 @@ index 0925c9a..6b044ac 100644
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -3001,7 +3108,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -3006,7 +3113,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
static int post_relocation(struct module *mod, const struct load_info *info)
{
/* Sort exception table now relocations are done. */
@@ -76384,7 +76370,7 @@ index 0925c9a..6b044ac 100644
/* Copy relocated percpu area over. */
percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3055,16 +3164,16 @@ static int do_init_module(struct module *mod)
+@@ -3060,16 +3169,16 @@ static int do_init_module(struct module *mod)
MODULE_STATE_COMING, mod);
/* Set RO and NX regions for core */
@@ -76409,7 +76395,7 @@ index 0925c9a..6b044ac 100644
do_mod_ctors(mod);
/* Start the module */
-@@ -3126,11 +3235,12 @@ static int do_init_module(struct module *mod)
+@@ -3131,11 +3240,12 @@ static int do_init_module(struct module *mod)
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
@@ -76427,7 +76413,7 @@ index 0925c9a..6b044ac 100644
mutex_unlock(&module_mutex);
wake_up_all(&module_wq);
-@@ -3257,9 +3367,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3262,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
if (err)
goto free_unload;
@@ -76466,7 +76452,7 @@ index 0925c9a..6b044ac 100644
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, info);
if (err < 0)
-@@ -3275,13 +3414,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3280,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
flush_module_icache(mod);
@@ -76480,7 +76466,7 @@ index 0925c9a..6b044ac 100644
dynamic_debug_setup(info->debug, info->num_debug);
/* Finally it's fully formed, ready to start executing. */
-@@ -3316,11 +3448,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3321,11 +3453,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
ddebug_cleanup:
dynamic_debug_remove(info->debug);
synchronize_sched();
@@ -76493,7 +76479,7 @@ index 0925c9a..6b044ac 100644
free_unload:
module_unload_free(mod);
unlink_mod:
-@@ -3403,10 +3534,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3408,10 +3539,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
@@ -76513,7 +76499,7 @@ index 0925c9a..6b044ac 100644
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3659,7 +3796,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3664,7 +3801,7 @@ static int m_show(struct seq_file *m, void *p)
return 0;
seq_printf(m, "%s %u",
@@ -76522,7 +76508,7 @@ index 0925c9a..6b044ac 100644
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3668,7 +3805,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3673,7 +3810,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
@@ -76531,7 +76517,7 @@ index 0925c9a..6b044ac 100644
/* Taints info */
if (mod->taints)
-@@ -3704,7 +3841,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3709,7 +3846,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
@@ -76549,7 +76535,7 @@ index 0925c9a..6b044ac 100644
return 0;
}
module_init(proc_modules_init);
-@@ -3765,14 +3912,14 @@ struct module *__module_address(unsigned long addr)
+@@ -3770,14 +3917,14 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
@@ -76567,7 +76553,7 @@ index 0925c9a..6b044ac 100644
return mod;
}
return NULL;
-@@ -3807,11 +3954,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3812,11 +3959,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
@@ -78585,7 +78571,7 @@ index 0da73cf..5c2af3c 100644
if (!retval) {
if (old_rlim)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index afc1dc6..5e28bbf 100644
+index afc1dc6..f6cf355 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -93,7 +93,6 @@
@@ -78596,6 +78582,34 @@ index afc1dc6..5e28bbf 100644
/* External variables not in a header file. */
extern int sysctl_overcommit_memory;
extern int sysctl_overcommit_ratio;
+@@ -120,18 +119,18 @@ extern int blk_iopoll_enabled;
+
+ /* Constants used for minimum and maximum */
+ #ifdef CONFIG_LOCKUP_DETECTOR
+-static int sixty = 60;
+-static int neg_one = -1;
++static int sixty __read_only = 60;
+ #endif
+
+-static int zero;
+-static int __maybe_unused one = 1;
+-static int __maybe_unused two = 2;
+-static int __maybe_unused three = 3;
+-static unsigned long one_ul = 1;
+-static int one_hundred = 100;
++static int neg_one __read_only = -1;
++static int zero __read_only = 0;
++static int __maybe_unused one __read_only = 1;
++static int __maybe_unused two __read_only = 2;
++static int __maybe_unused three __read_only = 3;
++static unsigned long one_ul __read_only = 1;
++static int one_hundred __read_only = 100;
+ #ifdef CONFIG_PRINTK
+-static int ten_thousand = 10000;
++static int ten_thousand __read_only = 10000;
+ #endif
+
+ /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */
@@ -178,10 +177,8 @@ static int proc_taint(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
#endif
@@ -78691,7 +78705,7 @@ index afc1dc6..5e28bbf 100644
{
.procname = "ngroups_max",
.data = &ngroups_max,
-@@ -1026,8 +1059,8 @@ static struct ctl_table kern_table[] = {
+@@ -1026,10 +1059,17 @@ static struct ctl_table kern_table[] = {
*/
{
.procname = "perf_event_paranoid",
@@ -78700,9 +78714,19 @@ index afc1dc6..5e28bbf 100644
+ .data = &sysctl_perf_event_legitimately_concerned,
+ .maxlen = sizeof(sysctl_perf_event_legitimately_concerned),
.mode = 0644,
- .proc_handler = proc_dointvec,
+- .proc_handler = proc_dointvec,
++ /* go ahead, be a hero */
++ .proc_handler = proc_dointvec_minmax_sysadmin,
++ .extra1 = &neg_one,
++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN
++ .extra2 = &three,
++#else
++ .extra2 = &two,
++#endif
},
-@@ -1283,6 +1316,13 @@ static struct ctl_table vm_table[] = {
+ {
+ .procname = "perf_event_mlock_kb",
+@@ -1283,6 +1323,13 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
},
@@ -78716,7 +78740,7 @@ index afc1dc6..5e28bbf 100644
#else
{
.procname = "nr_trim_pages",
-@@ -1733,6 +1773,16 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -1733,6 +1780,16 @@ int proc_dostring(struct ctl_table *table, int write,
buffer, lenp, ppos);
}
@@ -78733,7 +78757,7 @@ index afc1dc6..5e28bbf 100644
static size_t proc_skip_spaces(char **buf)
{
size_t ret;
-@@ -1838,6 +1888,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
+@@ -1838,6 +1895,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
len = strlen(tmp);
if (len > *size)
len = *size;
@@ -78742,7 +78766,7 @@ index afc1dc6..5e28bbf 100644
if (copy_to_user(*buf, tmp, len))
return -EFAULT;
*size -= len;
-@@ -2002,7 +2054,7 @@ int proc_dointvec(struct ctl_table *table, int write,
+@@ -2002,7 +2061,7 @@ int proc_dointvec(struct ctl_table *table, int write,
static int proc_taint(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -78751,7 +78775,7 @@ index afc1dc6..5e28bbf 100644
unsigned long tmptaint = get_taint();
int err;
-@@ -2030,7 +2082,6 @@ static int proc_taint(struct ctl_table *table, int write,
+@@ -2030,7 +2089,6 @@ static int proc_taint(struct ctl_table *table, int write,
return err;
}
@@ -78759,7 +78783,7 @@ index afc1dc6..5e28bbf 100644
static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2039,7 +2090,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
+@@ -2039,7 +2097,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
}
@@ -78767,7 +78791,7 @@ index afc1dc6..5e28bbf 100644
struct do_proc_dointvec_minmax_conv_param {
int *min;
-@@ -2186,8 +2236,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
+@@ -2186,8 +2243,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
*i = val;
} else {
val = convdiv * (*i) / convmul;
@@ -78780,7 +78804,7 @@ index afc1dc6..5e28bbf 100644
err = proc_put_long(&buffer, &left, val, false);
if (err)
break;
-@@ -2579,6 +2632,12 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2579,6 +2639,12 @@ int proc_dostring(struct ctl_table *table, int write,
return -ENOSYS;
}
@@ -78793,7 +78817,7 @@ index afc1dc6..5e28bbf 100644
int proc_dointvec(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2635,5 +2694,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
+@@ -2635,5 +2701,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
EXPORT_SYMBOL(proc_dostring);
@@ -80367,24 +80391,6 @@ index b32b70c..e512eb0 100644
pkmap_count[last_pkmap_nr] = 1;
set_page_address(page, (void *)vaddr);
-diff --git a/mm/huge_memory.c b/mm/huge_memory.c
-index e2f7f5aa..a4510d4 100644
---- a/mm/huge_memory.c
-+++ b/mm/huge_memory.c
-@@ -2318,7 +2318,12 @@ static void collapse_huge_page(struct mm_struct *mm,
- pte_unmap(pte);
- spin_lock(&mm->page_table_lock);
- BUG_ON(!pmd_none(*pmd));
-- set_pmd_at(mm, address, pmd, _pmd);
-+ /*
-+ * We can only use set_pmd_at when establishing
-+ * hugepmds and never for establishing regular pmds that
-+ * points to regular pagetables. Use pmd_populate for that
-+ */
-+ pmd_populate(mm, pmd, pmd_pgtable(_pmd));
- spin_unlock(&mm->page_table_lock);
- anon_vma_unlock_write(vma->anon_vma);
- goto out;
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 1a12f5b..a85b8fc 100644
--- a/mm/hugetlb.c
@@ -81553,7 +81559,7 @@ index 7431001..0f8344e 100644
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index 3bbaf5d..299b0e9 100644
+index 22ed5c1..87c424c 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
@@ -82849,133 +82855,6 @@ index 0dceed8..671951c 100644
vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
-diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c
-index be04122..6725ff1 100644
---- a/mm/mmu_notifier.c
-+++ b/mm/mmu_notifier.c
-@@ -40,48 +40,44 @@ void __mmu_notifier_release(struct mm_struct *mm)
- int id;
-
- /*
-- * srcu_read_lock() here will block synchronize_srcu() in
-- * mmu_notifier_unregister() until all registered
-- * ->release() callouts this function makes have
-- * returned.
-+ * SRCU here will block mmu_notifier_unregister until
-+ * ->release returns.
- */
- id = srcu_read_lock(&srcu);
-+ hlist_for_each_entry_rcu(mn, &mm->mmu_notifier_mm->list, hlist)
-+ /*
-+ * If ->release runs before mmu_notifier_unregister it must be
-+ * handled, as it's the only way for the driver to flush all
-+ * existing sptes and stop the driver from establishing any more
-+ * sptes before all the pages in the mm are freed.
-+ */
-+ if (mn->ops->release)
-+ mn->ops->release(mn, mm);
-+ srcu_read_unlock(&srcu, id);
-+
- spin_lock(&mm->mmu_notifier_mm->lock);
- while (unlikely(!hlist_empty(&mm->mmu_notifier_mm->list))) {
- mn = hlist_entry(mm->mmu_notifier_mm->list.first,
- struct mmu_notifier,
- hlist);
--
- /*
-- * Unlink. This will prevent mmu_notifier_unregister()
-- * from also making the ->release() callout.
-+ * We arrived before mmu_notifier_unregister so
-+ * mmu_notifier_unregister will do nothing other than to wait
-+ * for ->release to finish and for mmu_notifier_unregister to
-+ * return.
- */
- hlist_del_init_rcu(&mn->hlist);
-- spin_unlock(&mm->mmu_notifier_mm->lock);
--
-- /*
-- * Clear sptes. (see 'release' description in mmu_notifier.h)
-- */
-- if (mn->ops->release)
-- mn->ops->release(mn, mm);
--
-- spin_lock(&mm->mmu_notifier_mm->lock);
- }
- spin_unlock(&mm->mmu_notifier_mm->lock);
-
- /*
-- * All callouts to ->release() which we have done are complete.
-- * Allow synchronize_srcu() in mmu_notifier_unregister() to complete
-- */
-- srcu_read_unlock(&srcu, id);
--
-- /*
-- * mmu_notifier_unregister() may have unlinked a notifier and may
-- * still be calling out to it. Additionally, other notifiers
-- * may have been active via vmtruncate() et. al. Block here
-- * to ensure that all notifier callouts for this mm have been
-- * completed and the sptes are really cleaned up before returning
-- * to exit_mmap().
-+ * synchronize_srcu here prevents mmu_notifier_release from returning to
-+ * exit_mmap (which would proceed with freeing all pages in the mm)
-+ * until the ->release method returns, if it was invoked by
-+ * mmu_notifier_unregister.
-+ *
-+ * The mmu_notifier_mm can't go away from under us because one mm_count
-+ * is held by exit_mmap.
- */
- synchronize_srcu(&srcu);
- }
-@@ -292,31 +288,34 @@ void mmu_notifier_unregister(struct mmu_notifier *mn, struct mm_struct *mm)
- {
- BUG_ON(atomic_read(&mm->mm_count) <= 0);
-
-- spin_lock(&mm->mmu_notifier_mm->lock);
- if (!hlist_unhashed(&mn->hlist)) {
-+ /*
-+ * SRCU here will force exit_mmap to wait for ->release to
-+ * finish before freeing the pages.
-+ */
- int id;
-
-- /*
-- * Ensure we synchronize up with __mmu_notifier_release().
-- */
- id = srcu_read_lock(&srcu);
--
-- hlist_del_rcu(&mn->hlist);
-- spin_unlock(&mm->mmu_notifier_mm->lock);
--
-- if (mn->ops->release)
-- mn->ops->release(mn, mm);
--
- /*
-- * Allow __mmu_notifier_release() to complete.
-+ * exit_mmap will block in mmu_notifier_release to guarantee
-+ * that ->release is called before freeing the pages.
- */
-+ if (mn->ops->release)
-+ mn->ops->release(mn, mm);
- srcu_read_unlock(&srcu, id);
-- } else
-+
-+ spin_lock(&mm->mmu_notifier_mm->lock);
-+ /*
-+ * Can not use list_del_rcu() since __mmu_notifier_release
-+ * can delete it before we hold the lock.
-+ */
-+ hlist_del_init_rcu(&mn->hlist);
- spin_unlock(&mm->mmu_notifier_mm->lock);
-+ }
-
- /*
-- * Wait for any running method to finish, including ->release() if it
-- * was run by __mmu_notifier_release() instead of us.
-+ * Wait for any running method to finish, of course including
-+ * ->release if it was run by mmu_notifier_relase instead of us.
- */
- synchronize_srcu(&srcu);
-
diff --git a/mm/mprotect.c b/mm/mprotect.c
index 94722a4..07d9926 100644
--- a/mm/mprotect.c
@@ -87120,6 +86999,24 @@ index 960fd29..d55bf64 100644
hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
if (hdr == NULL)
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
+index e220207..cdeb839 100644
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -3383,8 +3383,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
+
+ for (i = 0; i < shi->nr_frags; ++i) {
+ const struct skb_frag_struct *f = &shi->frags[i];
+- struct page *page = skb_frag_page(f);
+- sg_set_page(&sg, page, skb_frag_size(f), f->page_offset);
++ unsigned int offset = f->page_offset;
++ struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT);
++
++ sg_set_page(&sg, page, skb_frag_size(f),
++ offset_in_page(offset));
+ if (crypto_hash_update(desc, &sg, skb_frag_size(f)))
+ return 1;
+ }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 13b9c08..d33a8d0 100644
--- a/net/ipv4/tcp_input.c
@@ -87527,6 +87424,19 @@ index 95d13c7..791fe2f 100644
.kind = "ip6gretap",
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index 155eccf..851fdae 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -1147,7 +1147,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
+ if (WARN_ON(np->cork.opt))
+ return -EINVAL;
+
+- np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation);
++ np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation);
+ if (unlikely(np->cork.opt == NULL))
+ return -ENOBUFS;
+
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index fff83cb..82d49dd 100644
--- a/net/ipv6/ip6_tunnel.c
@@ -88061,6 +87971,19 @@ index 362ba47..66196f4 100644
seq_printf(m, "Max data size: %d\n", self->max_data_size);
seq_printf(m, "Max header size: %d\n", self->max_header_size);
+diff --git a/net/irda/irlap_frame.c b/net/irda/irlap_frame.c
+index 8c00416..9ea0c93 100644
+--- a/net/irda/irlap_frame.c
++++ b/net/irda/irlap_frame.c
+@@ -544,7 +544,7 @@ static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self,
+ /*
+ * We now have some discovery info to deliver!
+ */
+- discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC);
++ discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC);
+ if (!discovery) {
+ IRDA_WARNING("%s: unable to malloc!\n", __func__);
+ return;
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 206ce6d..cfb27cd 100644
--- a/net/iucv/af_iucv.c
@@ -88163,7 +88086,7 @@ index 5672533..6738c93 100644
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index d51ca9d..042c35f 100644
+index 9cbebc2..14879bb 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -495,7 +495,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
@@ -89949,7 +89872,7 @@ index d5f35f1..da2680b5 100644
task->tk_action = call_reserve;
}
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
-index f8529fc..ce8c643 100644
+index 5356b12..c0f4c29 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -261,9 +261,9 @@ static int rpc_wait_bit_killable(void *word)
@@ -90413,6 +90336,18 @@ index c8717c1..08539f5 100644
err = handler(dev, info, (union iwreq_data *) iwp, extra);
iwp->length += essid_compat;
+diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
+index bcfda89..0cf003d 100644
+--- a/net/xfrm/xfrm_output.c
++++ b/net/xfrm/xfrm_output.c
+@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
+
+ if (unlikely(x->km.state != XFRM_STATE_VALID)) {
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID);
++ err = -EINVAL;
+ goto error;
+ }
+
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 167c67d..3f2ae427 100644
--- a/net/xfrm/xfrm_policy.c
diff --git a/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch b/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
deleted file mode 100644
index 7cb0dade7c..0000000000
--- a/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From patchwork Wed May 22 11:40:47 2013
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 8bit
-Subject: [ipsec] xfrm: properly handle invalid states as an error
-Date: Wed, 22 May 2013 01:40:47 -0000
-From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi>
-X-Patchwork-Id: 245594
-Message-Id: <1369222847-8542-1-git-send-email-timo.teras@iki.fi>
-To: netdev@vger.kernel.org
-Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>,
- Li RongQing <roy.qing.li@gmail.com>,
- Steffen Klassert <steffen.klassert@secunet.com>
-
-The error exit path needs err explicitly set. Otherwise it
-returns success and the only caller, xfrm_output_resume(),
-would oops in skb_dst(skb)->ops derefence as skb_dst(skb) is
-NULL.
-
-Bug introduced in commit bb65a9cb (xfrm: removes a superfluous
-check and add a statistic).
-
-Signed-off-by: Timo Teräs <timo.teras@iki.fi>
-Cc: Li RongQing <roy.qing.li@gmail.com>
-Cc: Steffen Klassert <steffen.klassert@secunet.com>
-
----
-Should go also to 3.9-stable.
-
- net/xfrm/xfrm_output.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
-index bcfda89..0cf003d 100644
---- a/net/xfrm/xfrm_output.c
-+++ b/net/xfrm/xfrm_output.c
-@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
-
- if (unlikely(x->km.state != XFRM_STATE_VALID)) {
- XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID);
-+ err = -EINVAL;
- goto error;
- }
-
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index e7d4331a7f..5774d1f22d 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.3 Kernel Configuration
+# Linux/x86 3.9.5 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -5522,6 +5522,7 @@ CONFIG_PAX_USERCOPY=y
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_VM86 is not set
# CONFIG_GRKERNSEC_IO is not set
+CONFIG_GRKERNSEC_PERF_HARDEN=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
# CONFIG_GRKERNSEC_BRUTE is not set
# CONFIG_GRKERNSEC_MODHARDEN is not set
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index 561ab2088a..df9536d19f 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.3 Kernel Configuration
+# Linux/x86 3.9.5 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -5459,6 +5459,7 @@ CONFIG_PAX_USERCOPY=y
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_JIT_HARDEN=y
+CONFIG_GRKERNSEC_PERF_HARDEN=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
# CONFIG_GRKERNSEC_BRUTE is not set
# CONFIG_GRKERNSEC_MODHARDEN is not set
diff --git a/main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch b/main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch
deleted file mode 100644
index f7af3b2a07..0000000000
--- a/main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 37e3042c345024aa5e39a1a28a667a00b75fd6ce Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Fri, 17 May 2013 09:31:13 +0300
-Subject: [PATCH] leds: leds-gpio: reserve gpio before using it
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit a99d76f (leds: leds-gpio: use gpio_request_one)
-and commit 2d7c22f (leds: leds-gpio: set devm_gpio_request_one()
-flags param correctly) which was a fix of the first one.
-
-The conversion to devm_gpio_request in commit e3b1d44c (leds:
-leds-gpio: use devm_gpio_request_one) is not reverted.
-
-The problem is that gpio_cansleep() and gpio_get_value_cansleep()
-calls can crash if the gpio is not first reserved. Incidentally this
-same bug existed earlier and was fixed similarly in commit d95cbe61
-(leds: Fix potential leds-gpio oops). But the OOPS is real. It happens
-when GPIOs are provided by module which is not yet loaded.
-
-So this fixes the following BUG during my ALIX boot (3.9.2-vanilla):
-
-BUG: unable to handle kernel NULL pointer dereference at 0000004c
-IP: [<c11287d6>] __gpio_cansleep+0xe/0x1a
-*pde = 00000000
-Oops: 0000 [#1] SMP
-Modules linked in: leds_gpio(+) via_rhine mii cs5535_mfd mfd_core
-geode_rng rng_core geode_aes isofs nls_utf8 nls_cp437 vfat fat
-ata_generic pata_amd pata_cs5536 pata_acpi libata ehci_pci ehci_hcd
-ohci_hcd usb_storage usbcore usb_common sd_mod scsi_mod squashfs loop
-Pid: 881, comm: modprobe Not tainted 3.9.2 #1-Alpine
-EIP: 0060:[<c11287d6>] EFLAGS: 00010282 CPU: 0
-EIP is at __gpio_cansleep+0xe/0x1a
-EAX: 00000000 EBX: cf364018 ECX: c132b8b9 EDX: 00000000
-ESI: c13993a4 EDI: c1399370 EBP: cded9dbc ESP: cded9dbc
- DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
-CR0: 8005003b CR2: 0000004c CR3: 0f0c4000 CR4: 00000090
-DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
-DR6: ffff0ff0 DR7: 00000400
-Process modprobe (pid: 881, ti=cded8000 task=cf094aa0 task.ti=cded8000)
-Stack:
- cded9de0 d09471cb 00000000 c1399260 cf364014 00000000 c1399260 c1399254
- d0949014 cded9df4 c118cd59 c1399260 d0949014 d0949014 cded9e08 c118ba47
- c1399260 d0949014 c1399294 cded9e1c c118bb75 cded9e24 d0949014 00000000
-Call Trace:
- [<d09471cb>] gpio_led_probe+0xba/0x203 [leds_gpio]
- [<c118cd59>] platform_drv_probe+0x26/0x48
- [<c118ba47>] driver_probe_device+0x75/0x15c
- [<c118bb75>] __driver_attach+0x47/0x63
- [<c118a727>] bus_for_each_dev+0x3c/0x66
- [<c118b6f9>] driver_attach+0x14/0x16
- [<c118bb2e>] ? driver_probe_device+0x15c/0x15c
- [<c118b3d5>] bus_add_driver+0xbd/0x1bc
- [<d08b4000>] ? 0xd08b3fff
- [<d08b4000>] ? 0xd08b3fff
- [<c118bffc>] driver_register+0x74/0xec
- [<d08b4000>] ? 0xd08b3fff
- [<c118c8e8>] platform_driver_register+0x38/0x3a
- [<d08b400d>] gpio_led_driver_init+0xd/0x1000 [leds_gpio]
- [<c100116c>] do_one_initcall+0x6b/0x10f
- [<d08b4000>] ? 0xd08b3fff
- [<c105e918>] load_module+0x1631/0x1907
- [<c10975d6>] ? insert_vmalloc_vmlist+0x14/0x43
- [<c1098d5b>] ? __vmalloc_node_range+0x13e/0x15f
- [<c105ec50>] sys_init_module+0x62/0x77
- [<c1257888>] syscall_call+0x7/0xb
-EIP: [<c11287d6>] __gpio_cansleep+0xe/0x1a SS:ESP 0068:cded9dbc
-CR2: 000000000000004c
- ---[ end trace 5308fb20d2514822 ]---
-
-Signed-off-by: Timo Teräs <timo.teras@iki.f>
-Cc: Jingoo Han <jg1.han@samsung.com>
-Cc: Sachin Kamat <sachin.kamat@linaro.org>
-Cc: Raphael Assenat <raph@8d.com>
-Cc: Trent Piepho <tpiepho@freescale.com>
-Cc: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
-Cc: Arnaud Patard <arnaud.patard@rtp-net.org>
-Cc: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
----
- drivers/leds/leds-gpio.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/leds/leds-gpio.c b/drivers/leds/leds-gpio.c
-index a0d931b..b02b679 100644
---- a/drivers/leds/leds-gpio.c
-+++ b/drivers/leds/leds-gpio.c
-@@ -107,6 +107,10 @@ static int create_gpio_led(const struct gpio_led *template,
- return 0;
- }
-
-+ ret = devm_gpio_request(parent, template->gpio, template->name);
-+ if (ret < 0)
-+ return ret;
-+
- led_dat->cdev.name = template->name;
- led_dat->cdev.default_trigger = template->default_trigger;
- led_dat->gpio = template->gpio;
-@@ -126,10 +130,7 @@ static int create_gpio_led(const struct gpio_led *template,
- if (!template->retain_state_suspended)
- led_dat->cdev.flags |= LED_CORE_SUSPENDRESUME;
-
-- ret = devm_gpio_request_one(parent, template->gpio,
-- (led_dat->active_low ^ state) ?
-- GPIOF_OUT_INIT_HIGH : GPIOF_OUT_INIT_LOW,
-- template->name);
-+ ret = gpio_direction_output(led_dat->gpio, led_dat->active_low ^ state);
- if (ret < 0)
- return ret;
-
---
-1.8.2.3
-
-