summaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD22
-rw-r--r--main/linux-grsec/grsecurity-3.0-3.14.8-201406191347.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch)649
-rw-r--r--main/linux-grsec/ping_init_sock.patch13
3 files changed, 374 insertions, 310 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index b8655eede..c6bc0e621 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,12 +2,12 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.14.6
+pkgver=3.14.8
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
-pkgrel=2
+pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -17,8 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-3.14.6-201406101411.patch
- ping_init_sock.patch
+ grsecurity-3.0-3.14.8-201406191347.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
@@ -166,27 +165,24 @@ dev() {
}
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
-068b814830b45c232340db534bc06e04 patch-3.14.6.xz
-b4bca0946e46ae371b8456f96bb8f979 grsecurity-3.0-3.14.6-201406101411.patch
-a09e75ec5f3cd0b5e6909364aa0fb0b0 ping_init_sock.patch
+f612535d2c5d954b5e885757c387ae54 patch-3.14.8.xz
+f97092de8a6fa522ab9c8c510299274a grsecurity-3.0-3.14.8-201406191347.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
83f0e1b1d2413bcb2dddcf87a10dc42b kernelconfig.x86
0b07cc6ece6232c631e2d55f2dd860d6 kernelconfig.x86_64
887980f603af6a1ac6f67edeae2e0d07 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
-b8de86f64a62ec1f5d62ef7b0caf302546be0d397e7c7d29e4b1e260220462d7 patch-3.14.6.xz
-abefdcbacb2c78c0de1168915dc26d16e35ec0e6158e0bbbc84fad819b234404 grsecurity-3.0-3.14.6-201406101411.patch
-d3f5a8d24d44d0268c68b0bf0705d046758c445bf0efb9c0022bec113a1f4f71 ping_init_sock.patch
+0edab0f772836162e5e57ef294d83e88153c15a12f394914c6a25b49e408e8f1 patch-3.14.8.xz
+aa9d8c11e1c1790e71088ae0a6494b8e44b0734f8e5d4fdeb9b98e0c77427406 grsecurity-3.0-3.14.8-201406191347.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
5431d66b9c1af413b4dc6f91de00a6e830e3d780a79c5f85d2d8b013b151c169 kernelconfig.x86
9f420cee74896fd3578c3b342188438ac5d6b0f327586c108367abcfc3f1e6ff kernelconfig.x86_64
ab3e07f85f4dd090b2d22b485881031bd479a1c34fc9a2e9707cb8cdebfcfda4 kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
-ba8784eb4968b639704e225cbd0455768a3d381ade19d37e0cc06cc00606cc9706163b27441f32b1de4a6f71d44b14004e931ea3f9a2d86c20e35dc881e6d451 patch-3.14.6.xz
-ff19d88212682a8a2d3b244313fd54a37728de477038ebac3e118de7a61c122283f44d5bd700f440e3edd597a9f5f1dbd5bb58b57fe8631357b9ce1ceacbb681 grsecurity-3.0-3.14.6-201406101411.patch
-0d607c6ddbc741933d84777d216794c8eeffa6614b1fe0a1f1e0d15dbab84d53ffbbf4ca92af175db3b8e1e1d50142785372d8ed0df3cd127e70190b6298a6aa ping_init_sock.patch
+a71fdb5391d664ecccef6602df638588e6202992415a788ad85fab9878ec6b76034c37de824069cfc6d6d502a1fab0eba98c69170f410d28951335e19d94db72 patch-3.14.8.xz
+4e9c3e5e6be903cf523160d161633fbe0cbc17d0cb4c67284a5c8c82ca999c46b84bcade802425e25c572256fc016169679507f1ca0cd801c2197cc7b6caa2e6 grsecurity-3.0-3.14.8-201406191347.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
03f817222bf5812fa8363542e4ab108767212c67efe3994ea8fe9d0751215d9c3f166ce41de41f9070c855db6c04606828dc61265a1738920b984a24077347c4 kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch b/main/linux-grsec/grsecurity-3.0-3.14.8-201406191347.patch
index 274a809e2..cf0e6f364 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.6-201406101411.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.8-201406191347.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 0d499e6..2318683 100644
+index ef1d59b..7030652 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -2170,7 +2170,7 @@ index 71a06b2..8bb9ae1 100644
/*
* Change these and you break ASM code in entry-common.S
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
-index 72abdc5..35acac1 100644
+index 7f3f3cc..bdf0665 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -18,6 +18,7 @@
@@ -2235,7 +2235,7 @@ index 72abdc5..35acac1 100644
})
extern int __put_user_1(void *, unsigned int);
-@@ -195,8 +227,12 @@ extern int __put_user_8(void *, unsigned long long);
+@@ -196,8 +228,12 @@ extern int __put_user_8(void *, unsigned long long);
#define put_user(x,p) \
({ \
@@ -2249,7 +2249,7 @@ index 72abdc5..35acac1 100644
})
#else /* CONFIG_MMU */
-@@ -220,6 +256,7 @@ static inline void set_fs(mm_segment_t fs)
+@@ -221,6 +257,7 @@ static inline void set_fs(mm_segment_t fs)
#endif /* CONFIG_MMU */
@@ -2257,7 +2257,7 @@ index 72abdc5..35acac1 100644
#define access_ok(type,addr,size) (__range_ok(addr,size) == 0)
#define user_addr_max() \
-@@ -237,13 +274,17 @@ static inline void set_fs(mm_segment_t fs)
+@@ -238,13 +275,17 @@ static inline void set_fs(mm_segment_t fs)
#define __get_user(x,ptr) \
({ \
long __gu_err = 0; \
@@ -2275,7 +2275,7 @@ index 72abdc5..35acac1 100644
(void) 0; \
})
-@@ -319,13 +360,17 @@ do { \
+@@ -320,13 +361,17 @@ do { \
#define __put_user(x,ptr) \
({ \
long __pu_err = 0; \
@@ -2293,7 +2293,7 @@ index 72abdc5..35acac1 100644
(void) 0; \
})
-@@ -425,11 +470,44 @@ do { \
+@@ -426,11 +471,44 @@ do { \
#ifdef CONFIG_MMU
@@ -2341,7 +2341,7 @@ index 72abdc5..35acac1 100644
#else
#define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0)
#define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0)
-@@ -438,6 +516,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
+@@ -439,6 +517,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
{
@@ -2351,7 +2351,7 @@ index 72abdc5..35acac1 100644
if (access_ok(VERIFY_READ, from, n))
n = __copy_from_user(to, from, n);
else /* security hole - plug it */
-@@ -447,6 +528,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
+@@ -448,6 +529,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
{
@@ -2665,10 +2665,10 @@ index a2dcafd..1048b5a 100644
#if defined(CONFIG_OABI_COMPAT)
diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
-index 39f89fb..d612bd9 100644
+index 88c6bab..652981b 100644
--- a/arch/arm/kernel/entry-header.S
+++ b/arch/arm/kernel/entry-header.S
-@@ -184,6 +184,60 @@
+@@ -188,6 +188,60 @@
msr cpsr_c, \rtemp @ switch back to the SVC mode
.endm
@@ -2729,7 +2729,7 @@ index 39f89fb..d612bd9 100644
#ifndef CONFIG_THUMB2_KERNEL
.macro svc_exit, rpsr, irq = 0
.if \irq != 0
-@@ -203,6 +257,9 @@
+@@ -207,6 +261,9 @@
blne trace_hardirqs_off
#endif
.endif
@@ -2739,7 +2739,7 @@ index 39f89fb..d612bd9 100644
msr spsr_cxsf, \rpsr
#if defined(CONFIG_CPU_V6)
ldr r0, [sp]
-@@ -266,6 +323,9 @@
+@@ -270,6 +327,9 @@
blne trace_hardirqs_off
#endif
.endif
@@ -6739,7 +6739,7 @@ index 25da651..ae2a259 100644
#endif /* __ASM_SMTC_PROC_H */
diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
-index 24846f9..61c49f0 100644
+index e80ae50..4404147 100644
--- a/arch/mips/include/asm/thread_info.h
+++ b/arch/mips/include/asm/thread_info.h
@@ -116,6 +116,8 @@ static inline struct thread_info *current_thread_info(void)
@@ -6751,15 +6751,16 @@ index 24846f9..61c49f0 100644
#define TIF_SYSCALL_TRACE 31 /* syscall trace active */
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
-@@ -134,13 +136,14 @@ static inline struct thread_info *current_thread_info(void)
+@@ -134,14 +136,15 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH)
#define _TIF_32BIT_FPREGS (1<<TIF_32BIT_FPREGS)
#define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
+#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
#define _TIF_WORK_SYSCALL_ENTRY (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \
-- _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT)
-+ _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID)
+ _TIF_SYSCALL_AUDIT | \
+- _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP)
++ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID)
/* work to do in syscall_trace_leave() */
#define _TIF_WORK_SYSCALL_EXIT (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \
@@ -6768,7 +6769,7 @@ index 24846f9..61c49f0 100644
/* work to do on interrupt/exception return */
#define _TIF_WORK_MASK \
-@@ -148,7 +151,7 @@ static inline struct thread_info *current_thread_info(void)
+@@ -149,7 +152,7 @@ static inline struct thread_info *current_thread_info(void)
/* work to do on any return to u-space */
#define _TIF_ALLWORK_MASK (_TIF_NOHZ | _TIF_WORK_MASK | \
_TIF_WORK_SYSCALL_EXIT | \
@@ -7088,7 +7089,7 @@ index c24ad5f..9983ab2 100644
}
/* Arrange for an interrupt in a short while */
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
-index e0b4996..6b43ce7 100644
+index 81e6ae0..6ab6e79 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -691,7 +691,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
@@ -36699,7 +36700,7 @@ index 36605ab..6ef6d4b 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index bb26636..09cbdb4 100644
+index 62fda16..8063873 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
@@ -39505,7 +39506,7 @@ index 199b52b..e3503bb 100644
ret = cpufreq_sysfs_create_file(&boost.attr);
if (ret) {
diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c
-index ba43991..23858ffb 100644
+index e1c6433..31203ae 100644
--- a/drivers/cpufreq/cpufreq_governor.c
+++ b/drivers/cpufreq/cpufreq_governor.c
@@ -191,7 +191,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy,
@@ -39592,10 +39593,10 @@ index 18d4091..434be15 100644
}
EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
-index 9ac3783..652b033 100644
+index de9ef4a..0b29fc9 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
-@@ -126,10 +126,10 @@ struct pstate_funcs {
+@@ -125,10 +125,10 @@ struct pstate_funcs {
struct cpu_defaults {
struct pstate_adjust_policy pid_policy;
struct pstate_funcs funcs;
@@ -39608,7 +39609,7 @@ index 9ac3783..652b033 100644
struct perf_limits {
int no_turbo;
-@@ -527,7 +527,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
+@@ -529,7 +529,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
cpu->pstate.current_pstate = pstate;
@@ -39617,7 +39618,7 @@ index 9ac3783..652b033 100644
}
static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps)
-@@ -549,12 +549,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
+@@ -551,12 +551,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
{
sprintf(cpu->name, "Intel 2nd generation core");
@@ -39635,7 +39636,7 @@ index 9ac3783..652b033 100644
intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
}
-@@ -830,9 +830,9 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void)
rdmsrl(MSR_IA32_APERF, aperf);
rdmsrl(MSR_IA32_MPERF, mperf);
@@ -39648,7 +39649,7 @@ index 9ac3783..652b033 100644
return -ENODEV;
rdmsrl(MSR_IA32_APERF, tmp);
-@@ -846,7 +846,7 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void)
return 0;
}
@@ -39657,7 +39658,7 @@ index 9ac3783..652b033 100644
{
pid_params.sample_rate_ms = policy->sample_rate_ms;
pid_params.p_gain_pct = policy->p_gain_pct;
-@@ -858,11 +858,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
+@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
static void copy_cpu_funcs(struct pstate_funcs *funcs)
{
@@ -40176,7 +40177,7 @@ index eb6935c..3cc2bfa 100644
#include <asm/byteorder.h>
diff --git a/drivers/firewire/core.h b/drivers/firewire/core.h
-index c98764a..551b520 100644
+index f477308..2795f24 100644
--- a/drivers/firewire/core.h
+++ b/drivers/firewire/core.h
@@ -111,6 +111,7 @@ struct fw_card_driver {
@@ -40188,7 +40189,7 @@ index c98764a..551b520 100644
void fw_card_initialize(struct fw_card *card,
const struct fw_card_driver *driver, struct device *device);
diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c
-index 8db6632..9bbc8ca 100644
+index 586f2f7..3545ad2 100644
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -2049,10 +2049,12 @@ static void bus_reset_work(struct work_struct *work)
@@ -40680,7 +40681,7 @@ index 15a74f9..4278889 100644
return can_switch;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index 697f215..6f89b7f 100644
+index 4677af9..cd79971 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -1362,7 +1362,7 @@ typedef struct drm_i915_private {
@@ -40693,7 +40694,7 @@ index 697f215..6f89b7f 100644
/* protects the irq masks */
spinlock_t irq_lock;
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index d269ecf..6d857bc 100644
+index 768e666..68cf44d 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -860,9 +860,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
@@ -40865,7 +40866,7 @@ index 4050450..f67c5c1 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 9d4d837..6836e22 100644
+index b6fb3eb..e0fa1e1 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -10798,13 +10798,13 @@ struct intel_quirk {
@@ -41462,7 +41463,7 @@ index 4a85bb6..aaea819 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 7f370b3..4e92ca6 100644
+index 0bf6f4a..18e2437 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -1128,7 +1128,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
@@ -44516,7 +44517,7 @@ index 8c53b09..f1fb2b0 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 51c431c..be0fbd6 100644
+index 8b013f8..93eed41 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
@@ -44773,10 +44774,33 @@ index cb882aa..9bd076e 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 16f5c21..4df20dc 100644
+index 16f5c21..522b82e 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
-@@ -1991,21 +1991,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
+ return 1;
+ }
+
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++static atomic_unchecked_t raid5_cache_id = ATOMIC_INIT(0);
++#endif
++
+ static int grow_stripes(struct r5conf *conf, int num)
+ {
+ struct kmem_cache *sc;
+@@ -1718,7 +1722,11 @@ static int grow_stripes(struct r5conf *conf, int num)
+ "raid%d-%s", conf->level, mdname(conf->mddev));
+ else
+ sprintf(conf->cache_name[0],
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++ "raid%d-%08lx", conf->level, atomic_inc_return_unchecked(&raid5_cache_id));
++#else
+ "raid%d-%p", conf->level, conf->mddev);
++#endif
+ sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]);
+
+ conf->active_name = 0;
+@@ -1991,21 +1999,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev), STRIPE_SECTORS,
(unsigned long long)s,
bdevname(rdev->bdev, b));
@@ -44802,7 +44826,7 @@ index 16f5c21..4df20dc 100644
if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
printk_ratelimited(
KERN_WARNING
-@@ -2033,7 +2033,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -2033,7 +2041,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev),
(unsigned long long)s,
bdn);
@@ -48190,7 +48214,7 @@ index 53b58de..4479896 100644
int retval = -ENOMEM;
diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
-index 955ab79..d1df9c7 100644
+index fb02fc2..83dc2c3 100644
--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -524,8 +524,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev)
@@ -52475,7 +52499,7 @@ index 2518c32..1c201bb 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index d498d03..e26f959 100644
+index 3baa51b..92907cf 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
@@ -52486,7 +52510,7 @@ index d498d03..e26f959 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -4472,6 +4473,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -4483,6 +4484,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
goto done;
return;
}
@@ -56472,7 +56496,7 @@ index 04cd768..25949c1 100644
file = aio_private_file(ctx, nr_pages);
diff --git a/fs/attr.c b/fs/attr.c
-index 5d4e59d..fd02418 100644
+index 6530ced..4a827e2 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
@@ -58847,7 +58871,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 31e46b1..f5c70a3 100644
+index 31e46b1..88754df 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,8 +55,20 @@
@@ -59595,8 +59619,8 @@ index 31e46b1..f5c70a3 100644
+#ifndef CONFIG_STACK_GROWSUP
+ unsigned long stackstart = (unsigned long)task_stack_page(current);
+ unsigned long currentsp = (unsigned long)&stackstart;
-+ if (unlikely(currentsp < stackstart + 512 ||
-+ currentsp >= stackstart + THREAD_SIZE))
++ if (unlikely((currentsp < stackstart + 512 ||
++ currentsp >= stackstart + THREAD_SIZE) && !in_interrupt()))
+ BUG();
+#endif
+
@@ -59978,10 +60002,18 @@ index ef68665..5deacdc 100644
return 0;
}
diff --git a/fs/fhandle.c b/fs/fhandle.c
-index 999ff5c..41f4109 100644
+index 999ff5c..ac037c9 100644
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
-@@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path,
+@@ -8,6 +8,7 @@
+ #include <linux/fs_struct.h>
+ #include <linux/fsnotify.h>
+ #include <linux/personality.h>
++#include <linux/grsecurity.h>
+ #include <asm/uaccess.h>
+ #include "internal.h"
+ #include "mount.h"
+@@ -67,8 +68,7 @@ static long do_sys_name_to_handle(struct path *path,
} else
retval = 0;
/* copy the mount id */
@@ -59991,6 +60023,15 @@ index 999ff5c..41f4109 100644
copy_to_user(ufh, handle,
sizeof(struct file_handle) + handle_bytes))
retval = -EFAULT;
+@@ -175,7 +175,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
+ * the directory. Ideally we would like CAP_DAC_SEARCH.
+ * But we don't have that
+ */
+- if (!capable(CAP_DAC_READ_SEARCH)) {
++ if (!capable(CAP_DAC_READ_SEARCH) || !gr_chroot_fhandle()) {
+ retval = -EPERM;
+ goto out_err;
+ }
diff --git a/fs/file.c b/fs/file.c
index eb56a13..ccee850 100644
--- a/fs/file.c
@@ -61655,7 +61696,7 @@ index d19b30a..ef89c36 100644
static int can_do_hugetlb_shm(void)
{
diff --git a/fs/inode.c b/fs/inode.c
-index 4bcdad3..1883822 100644
+index e846a32..6b22e15 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -841,8 +841,8 @@ unsigned int get_next_ino(void)
@@ -61904,10 +61945,10 @@ index b29e42f..5ea7fdf 100644
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index 4a3c105..0d718f4 100644
+index 8274c8d..922e189 100644
--- a/fs/namei.c
+++ b/fs/namei.c
-@@ -330,16 +330,32 @@ int generic_permission(struct inode *inode, int mask)
+@@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask)
if (ret != -EACCES)
return ret;
@@ -61919,14 +61960,16 @@ index 4a3c105..0d718f4 100644
+
if (S_ISDIR(inode->i_mode)) {
/* DACs are overridable for directories */
-- if (inode_capable(inode, CAP_DAC_OVERRIDE))
+- if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
- return 0;
if (!(mask & MAY_WRITE))
-- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
-+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) ||
-+ inode_capable(inode, CAP_DAC_READ_SEARCH))
+- if (capable_wrt_inode_uidgid(inode,
++ if (capable_wrt_inode_uidgid_nolog(inode,
++ CAP_DAC_OVERRIDE) ||
++ capable_wrt_inode_uidgid(inode,
+ CAP_DAC_READ_SEARCH))
return 0;
-+ if (inode_capable(inode, CAP_DAC_OVERRIDE))
++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
+ return 0;
return -EACCES;
}
@@ -61935,16 +61978,16 @@ index 4a3c105..0d718f4 100644
+ */
+ mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
+ if (mask == MAY_READ)
-+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) ||
-+ inode_capable(inode, CAP_DAC_READ_SEARCH))
++ if (capable_wrt_inode_uidgid_nolog(inode, CAP_DAC_OVERRIDE) ||
++ capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
+ return 0;
+
+ /*
* Read/write DACs are always overridable.
* Executable DACs are overridable when there is
* at least one exec bit set.
-@@ -348,14 +364,6 @@ int generic_permission(struct inode *inode, int mask)
- if (inode_capable(inode, CAP_DAC_OVERRIDE))
+@@ -349,14 +366,6 @@ int generic_permission(struct inode *inode, int mask)
+ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
return 0;
- /*
@@ -61952,13 +61995,13 @@ index 4a3c105..0d718f4 100644
- */
- mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
- if (mask == MAY_READ)
-- if (inode_capable(inode, CAP_DAC_READ_SEARCH))
+- if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
- return 0;
-
return -EACCES;
}
-@@ -821,7 +829,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -822,7 +831,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
{
struct dentry *dentry = link->dentry;
int error;
@@ -61967,7 +62010,7 @@ index 4a3c105..0d718f4 100644
BUG_ON(nd->flags & LOOKUP_RCU);
-@@ -842,6 +850,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -843,6 +852,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
if (error)
goto out_put_nd_path;
@@ -61980,7 +62023,7 @@ index 4a3c105..0d718f4 100644
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = PTR_ERR(*p);
-@@ -1590,6 +1604,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
+@@ -1591,6 +1606,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
if (res)
break;
res = walk_component(nd, path, LOOKUP_FOLLOW);
@@ -61989,7 +62032,7 @@ index 4a3c105..0d718f4 100644
put_link(nd, &link, cookie);
} while (res > 0);
-@@ -1663,7 +1679,7 @@ EXPORT_SYMBOL(full_name_hash);
+@@ -1664,7 +1681,7 @@ EXPORT_SYMBOL(full_name_hash);
static inline unsigned long hash_name(const char *name, unsigned int *hashp)
{
unsigned long a, b, adata, bdata, mask, hash, len;
@@ -61998,7 +62041,7 @@ index 4a3c105..0d718f4 100644
hash = a = 0;
len = -sizeof(unsigned long);
-@@ -1947,6 +1963,8 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1948,6 +1965,8 @@ static int path_lookupat(int dfd, const char *name,
if (err)
break;
err = lookup_last(nd, &path);
@@ -62007,7 +62050,7 @@ index 4a3c105..0d718f4 100644
put_link(nd, &link, cookie);
}
}
-@@ -1954,6 +1972,13 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1955,6 +1974,13 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
@@ -62021,7 +62064,7 @@ index 4a3c105..0d718f4 100644
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!d_is_directory(nd->path.dentry)) {
path_put(&nd->path);
-@@ -1981,8 +2006,15 @@ static int filename_lookup(int dfd, struct filename *name,
+@@ -1982,8 +2008,15 @@ static int filename_lookup(int dfd, struct filename *name,
retval = path_lookupat(dfd, name->name,
flags | LOOKUP_REVAL, nd);
@@ -62038,7 +62081,7 @@ index 4a3c105..0d718f4 100644
return retval;
}
-@@ -2556,6 +2588,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
+@@ -2557,6 +2590,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
@@ -62052,7 +62095,7 @@ index 4a3c105..0d718f4 100644
return 0;
}
-@@ -2787,7 +2826,7 @@ looked_up:
+@@ -2788,7 +2828,7 @@ looked_up:
* cleared otherwise prior to returning.
*/
static int lookup_open(struct nameidata *nd, struct path *path,
@@ -62061,7 +62104,7 @@ index 4a3c105..0d718f4 100644
const struct open_flags *op,
bool got_write, int *opened)
{
-@@ -2822,6 +2861,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2823,6 +2863,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
@@ -62079,7 +62122,7 @@ index 4a3c105..0d718f4 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2843,6 +2893,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2844,6 +2895,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
nd->flags & LOOKUP_EXCL);
if (error)
goto out_dput;
@@ -62088,7 +62131,7 @@ index 4a3c105..0d718f4 100644
}
out_no_open:
path->dentry = dentry;
-@@ -2857,7 +2909,7 @@ out_dput:
+@@ -2858,7 +2911,7 @@ out_dput:
/*
* Handle the last step of open()
*/
@@ -62097,7 +62140,7 @@ index 4a3c105..0d718f4 100644
struct file *file, const struct open_flags *op,
int *opened, struct filename *name)
{
-@@ -2907,6 +2959,15 @@ static int do_last(struct nameidata *nd, struct path *path,
+@@ -2908,6 +2961,15 @@ static int do_last(struct nameidata *nd, struct path *path,
if (error)
return error;
@@ -62113,7 +62156,7 @@ index 4a3c105..0d718f4 100644
audit_inode(name, dir, LOOKUP_PARENT);
error = -EISDIR;
/* trailing slashes? */
-@@ -2926,7 +2987,7 @@ retry_lookup:
+@@ -2927,7 +2989,7 @@ retry_lookup:
*/
}
mutex_lock(&dir->d_inode->i_mutex);
@@ -62122,7 +62165,7 @@ index 4a3c105..0d718f4 100644
mutex_unlock(&dir->d_inode->i_mutex);
if (error <= 0) {
-@@ -2950,11 +3011,28 @@ retry_lookup:
+@@ -2951,11 +3013,28 @@ retry_lookup:
goto finish_open_created;
}
@@ -62152,7 +62195,7 @@ index 4a3c105..0d718f4 100644
/*
* If atomic_open() acquired write access it is dropped now due to
-@@ -2995,6 +3073,11 @@ finish_lookup:
+@@ -2996,6 +3075,11 @@ finish_lookup:
}
}
BUG_ON(inode != path->dentry->d_inode);
@@ -62164,7 +62207,7 @@ index 4a3c105..0d718f4 100644
return 1;
}
-@@ -3004,7 +3087,6 @@ finish_lookup:
+@@ -3005,7 +3089,6 @@ finish_lookup:
save_parent.dentry = nd->path.dentry;
save_parent.mnt = mntget(path->mnt);
nd->path.dentry = path->dentry;
@@ -62172,7 +62215,7 @@ index 4a3c105..0d718f4 100644
}
nd->inode = inode;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -3014,7 +3096,18 @@ finish_open:
+@@ -3015,7 +3098,18 @@ finish_open:
path_put(&save_parent);
return error;
}
@@ -62191,7 +62234,7 @@ index 4a3c105..0d718f4 100644
error = -EISDIR;
if ((open_flag & O_CREAT) &&
(d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry)))
-@@ -3178,7 +3271,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
if (unlikely(error))
goto out;
@@ -62200,7 +62243,7 @@ index 4a3c105..0d718f4 100644
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -3196,7 +3289,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
break;
@@ -62209,7 +62252,7 @@ index 4a3c105..0d718f4 100644
put_link(nd, &link, cookie);
}
out:
-@@ -3296,9 +3389,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
+@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
goto unlock;
error = -EEXIST;
@@ -62223,7 +62266,7 @@ index 4a3c105..0d718f4 100644
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3350,6 +3445,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
+@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
}
EXPORT_SYMBOL(user_path_create);
@@ -62244,7 +62287,7 @@ index 4a3c105..0d718f4 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -3412,6 +3521,17 @@ retry:
+@@ -3413,6 +3523,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -62262,7 +62305,7 @@ index 4a3c105..0d718f4 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3428,6 +3548,8 @@ retry:
+@@ -3429,6 +3550,8 @@ retry:
break;
}
out:
@@ -62271,7 +62314,7 @@ index 4a3c105..0d718f4 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3480,9 +3602,16 @@ retry:
+@@ -3481,9 +3604,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -62288,7 +62331,7 @@ index 4a3c105..0d718f4 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3563,6 +3692,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
@@ -62297,7 +62340,7 @@ index 4a3c105..0d718f4 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3595,10 +3726,21 @@ retry:
+@@ -3596,10 +3728,21 @@ retry:
error = -ENOENT;
goto exit3;
}
@@ -62319,7 +62362,7 @@ index 4a3c105..0d718f4 100644
exit3:
dput(dentry);
exit2:
-@@ -3688,6 +3830,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct nameidata nd;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
@@ -62328,7 +62371,7 @@ index 4a3c105..0d718f4 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3714,10 +3858,22 @@ retry_deleg:
+@@ -3715,10 +3860,22 @@ retry_deleg:
if (d_is_negative(dentry))
goto slashes;
ihold(inode);
@@ -62351,7 +62394,7 @@ index 4a3c105..0d718f4 100644
exit2:
dput(dentry);
}
-@@ -3805,9 +3961,17 @@ retry:
+@@ -3806,9 +3963,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
@@ -62369,7 +62412,7 @@ index 4a3c105..0d718f4 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3910,6 +4074,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
struct dentry *new_dentry;
struct path old_path, new_path;
struct inode *delegated_inode = NULL;
@@ -62377,7 +62420,7 @@ index 4a3c105..0d718f4 100644
int how = 0;
int error;
-@@ -3933,7 +4098,7 @@ retry:
+@@ -3934,7 +4100,7 @@ retry:
if (error)
return error;
@@ -62386,7 +62429,7 @@ index 4a3c105..0d718f4 100644
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
-@@ -3945,11 +4110,28 @@ retry:
+@@ -3946,11 +4112,28 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
@@ -62415,7 +62458,7 @@ index 4a3c105..0d718f4 100644
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4236,6 +4418,12 @@ retry_deleg:
+@@ -4237,6 +4420,12 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
@@ -62428,7 +62471,7 @@ index 4a3c105..0d718f4 100644
error = security_path_rename(&oldnd.path, old_dentry,
&newnd.path, new_dentry);
if (error)
-@@ -4243,6 +4431,9 @@ retry_deleg:
+@@ -4244,6 +4433,9 @@ retry_deleg:
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry,
&delegated_inode);
@@ -62438,7 +62481,7 @@ index 4a3c105..0d718f4 100644
exit5:
dput(new_dentry);
exit4:
-@@ -4279,6 +4470,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -62447,7 +62490,7 @@ index 4a3c105..0d718f4 100644
int len;
len = PTR_ERR(link);
-@@ -4288,7 +4481,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -64809,7 +64852,7 @@ index 6f599c6..bd00271 100644
seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index fb52b54..5fc7c14 100644
+index 8f78819..ba6c272 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -12,12 +12,19 @@
@@ -65965,7 +66008,7 @@ index aead369..0dfecfd 100644
return 0;
sfep = dp->d_ops->sf_nextentry(sfp, sfep);
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
-index bcfe612..aa399c0 100644
+index 78e62cc..eec3706 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -122,7 +122,7 @@ xfs_find_handle(
@@ -65979,10 +66022,10 @@ index bcfe612..aa399c0 100644
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..a14eb52
+index 0000000..bfd482c
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1174 @@
+@@ -0,0 +1,1176 @@
+#
+# grecurity configuration
+#
@@ -66544,14 +66587,16 @@ index 0000000..a14eb52
+ created.
+
+config GRKERNSEC_CHROOT_FCHDIR
-+ bool "Deny fchdir out of chroot"
++ bool "Deny fchdir and fhandle out of chroot"
+ default y if GRKERNSEC_CONFIG_AUTO
+ depends on GRKERNSEC_CHROOT
+ help
+ If you say Y here, a well-known method of breaking chroots by fchdir'ing
+ to a file descriptor of the chrooting process that points to a directory
-+ outside the filesystem will be stopped. If the sysctl option
-+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
++ outside the filesystem will be stopped. Additionally, this option prevents
++ use of the recently-created syscall for opening files by a guessable "file
++ handle" inside a chroot. If the sysctl option is enabled, a sysctl option
++ with name "chroot_deny_fchdir" is created.
+
+config GRKERNSEC_CHROOT_MKNOD
+ bool "Deny mknod"
@@ -73707,10 +73752,10 @@ index 0000000..bc0be01
+}
diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
new file mode 100644
-index 0000000..651d6c2
+index 0000000..baa635c
--- /dev/null
+++ b/grsecurity/grsec_chroot.c
-@@ -0,0 +1,370 @@
+@@ -0,0 +1,387 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -73885,6 +73930,23 @@ index 0000000..651d6c2
+}
+
+int
++gr_chroot_fhandle(void)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
++ if (!grsec_enable_chroot_fchdir)
++ return 1;
++
++ if (!proc_is_chrooted(current))
++ return 1;
++ else {
++ gr_log_noargs(GR_DONT_AUDIT, GR_CHROOT_FHANDLE_MSG);
++ return 0;
++ }
++#endif
++ return 1;
++}
++
++int
+gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
+ const time_t shm_createtime)
+{
@@ -77916,16 +77978,16 @@ index 17e7e82..1d7da26 100644
#define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
#endif
diff --git a/include/linux/capability.h b/include/linux/capability.h
-index a6ee1f9..e1ca49d 100644
+index 84b13ad..d7b6550 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -212,8 +212,13 @@ extern bool capable(int cap);
extern bool ns_capable(struct user_namespace *ns, int cap);
- extern bool inode_capable(const struct inode *inode, int cap);
+ extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
+extern bool capable_nolog(int cap);
+extern bool ns_capable_nolog(struct user_namespace *ns, int cap);
-+extern bool inode_capable_nolog(const struct inode *inode, int cap);
++extern bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap);
/* audit system wants to get cap info from files as well */
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
@@ -79749,10 +79811,10 @@ index 0000000..d25522e
+#endif
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
new file mode 100644
-index 0000000..ba93581
+index 0000000..b02ba9d
--- /dev/null
+++ b/include/linux/grmsg.h
-@@ -0,0 +1,116 @@
+@@ -0,0 +1,117 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -79799,6 +79861,7 @@ index 0000000..ba93581
+#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
++#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
+#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
+#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
+#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
@@ -79871,10 +79934,10 @@ index 0000000..ba93581
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..f2d8c6c
+index 0000000..5c4bdee
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,249 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -79920,6 +79983,7 @@ index 0000000..f2d8c6c
+int gr_handle_chroot_setpriority(struct task_struct *p,
+ const int niceval);
+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
++int gr_chroot_fhandle(void);
+int gr_handle_chroot_chroot(const struct dentry *dentry,
+ const struct vfsmount *mnt);
+void gr_handle_chroot_chdir(const struct path *path);
@@ -81565,37 +81629,6 @@ index 5f2e559..7d59314 100644
/**
* struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
-diff --git a/include/linux/percpu-refcount.h b/include/linux/percpu-refcount.h
-index 95961f0..0afb48f 100644
---- a/include/linux/percpu-refcount.h
-+++ b/include/linux/percpu-refcount.h
-@@ -110,7 +110,7 @@ static inline void percpu_ref_get(struct percpu_ref *ref)
- pcpu_count = ACCESS_ONCE(ref->pcpu_count);
-
- if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR))
-- __this_cpu_inc(*pcpu_count);
-+ this_cpu_inc(*pcpu_count);
- else
- atomic_inc(&ref->count);
-
-@@ -139,7 +139,7 @@ static inline bool percpu_ref_tryget(struct percpu_ref *ref)
- pcpu_count = ACCESS_ONCE(ref->pcpu_count);
-
- if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) {
-- __this_cpu_inc(*pcpu_count);
-+ this_cpu_inc(*pcpu_count);
- ret = true;
- }
-
-@@ -164,7 +164,7 @@ static inline void percpu_ref_put(struct percpu_ref *ref)
- pcpu_count = ACCESS_ONCE(ref->pcpu_count);
-
- if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR))
-- __this_cpu_dec(*pcpu_count);
-+ this_cpu_dec(*pcpu_count);
- else if (unlikely(atomic_dec_and_test(&ref->count)))
- ref->release(ref);
-
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
index e56b07f..aef789b 100644
--- a/include/linux/perf_event.h
@@ -85752,68 +85785,10 @@ index d5f31c1..06646e1 100644
s.version = AUDIT_VERSION_LATEST;
s.backlog_wait_time = audit_backlog_wait_time;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 3b29605..3604797 100644
+index 37e6216..3604797 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -720,6 +720,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
- return AUDIT_BUILD_CONTEXT;
- }
-
-+static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
-+{
-+ int word, bit;
-+
-+ if (val > 0xffffffff)
-+ return false;
-+
-+ word = AUDIT_WORD(val);
-+ if (word >= AUDIT_BITMASK_SIZE)
-+ return false;
-+
-+ bit = AUDIT_BIT(val);
-+
-+ return rule->mask[word] & bit;
-+}
-+
- /* At syscall entry and exit time, this filter is called if the
- * audit_state is not low enough that auditing cannot take place, but is
- * also not high enough that we already know we have to write an audit
-@@ -737,11 +753,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
-
- rcu_read_lock();
- if (!list_empty(list)) {
-- int word = AUDIT_WORD(ctx->major);
-- int bit = AUDIT_BIT(ctx->major);
--
- list_for_each_entry_rcu(e, list, list) {
-- if ((e->rule.mask[word] & bit) == bit &&
-+ if (audit_in_mask(&e->rule, ctx->major) &&
- audit_filter_rules(tsk, &e->rule, ctx, NULL,
- &state, false)) {
- rcu_read_unlock();
-@@ -761,20 +774,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
- static int audit_filter_inode_name(struct task_struct *tsk,
- struct audit_names *n,
- struct audit_context *ctx) {
-- int word, bit;
- int h = audit_hash_ino((u32)n->ino);
- struct list_head *list = &audit_inode_hash[h];
- struct audit_entry *e;
- enum audit_state state;
-
-- word = AUDIT_WORD(ctx->major);
-- bit = AUDIT_BIT(ctx->major);
--
- if (list_empty(list))
- return 0;
-
- list_for_each_entry_rcu(e, list, list) {
-- if ((e->rule.mask[word] & bit) == bit &&
-+ if (audit_in_mask(&e->rule, ctx->major) &&
- audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
- ctx->current_state = state;
- return 1;
-@@ -1945,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
+@@ -1954,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
}
/* global counter which is incremented every time something logs in */
@@ -85822,7 +85797,7 @@ index 3b29605..3604797 100644
static int audit_set_loginuid_perm(kuid_t loginuid)
{
-@@ -2014,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid)
+@@ -2023,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid)
/* are we setting or clearing? */
if (uid_valid(loginuid))
@@ -85832,7 +85807,7 @@ index 3b29605..3604797 100644
task->sessionid = sessionid;
task->loginuid = loginuid;
diff --git a/kernel/capability.c b/kernel/capability.c
-index 34019c5..363f279 100644
+index 1191a44..7c81292 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
@@ -85914,20 +85889,21 @@ index 34019c5..363f279 100644
+EXPORT_SYMBOL(capable_nolog);
+
/**
- * inode_capable - Check superior capability over inode
+ * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
* @inode: The inode in question
-@@ -453,3 +478,11 @@ bool inode_capable(const struct inode *inode, int cap)
- return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+@@ -449,3 +474,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
+ kgid_has_mapping(ns, inode->i_gid);
}
- EXPORT_SYMBOL(inode_capable);
+ EXPORT_SYMBOL(capable_wrt_inode_uidgid);
+
-+bool inode_capable_nolog(const struct inode *inode, int cap)
++bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap)
+{
+ struct user_namespace *ns = current_user_ns();
+
-+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
++ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
++ kgid_has_mapping(ns, inode->i_gid);
+}
-+EXPORT_SYMBOL(inode_capable_nolog);
++EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 0c753dd..dd7d3d6 100644
--- a/kernel/cgroup.c
@@ -86358,7 +86334,7 @@ index 0b097c8..11dd5c5 100644
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index fa0b2d4..67a1c7a 100644
+index 0e7fea7..f869fde 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu;
@@ -86396,7 +86372,7 @@ index fa0b2d4..67a1c7a 100644
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -2986,7 +2993,7 @@ static void __perf_event_read(void *info)
+@@ -3000,7 +3007,7 @@ static void __perf_event_read(void *info)
static inline u64 perf_event_count(struct perf_event *event)
{
@@ -86405,7 +86381,7 @@ index fa0b2d4..67a1c7a 100644
}
static u64 perf_event_read(struct perf_event *event)
-@@ -3354,9 +3361,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3365,9 +3372,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
mutex_lock(&event->child_mutex);
total += perf_event_read(event);
*enabled += event->total_time_enabled +
@@ -86417,7 +86393,7 @@ index fa0b2d4..67a1c7a 100644
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -3785,10 +3792,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3796,10 +3803,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
@@ -86430,7 +86406,7 @@ index fa0b2d4..67a1c7a 100644
arch_perf_update_userpage(userpg, now);
-@@ -4339,7 +4346,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -4350,7 +4357,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
/* Data. */
sp = perf_user_stack_pointer(regs);
@@ -86439,7 +86415,7 @@ index fa0b2d4..67a1c7a 100644
dyn_size = dump_size - rem;
perf_output_skip(handle, rem);
-@@ -4430,11 +4437,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -4441,11 +4448,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
@@ -86453,7 +86429,7 @@ index fa0b2d4..67a1c7a 100644
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -6704,7 +6711,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -6724,7 +6731,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
event->ns = get_pid_ns(task_active_pid_ns(current));
@@ -86462,7 +86438,7 @@ index fa0b2d4..67a1c7a 100644
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -7004,6 +7011,11 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -7024,6 +7031,11 @@ SYSCALL_DEFINE5(perf_event_open,
if (flags & ~PERF_FLAG_ALL)
return -EINVAL;
@@ -86474,7 +86450,7 @@ index fa0b2d4..67a1c7a 100644
err = perf_copy_attr(attr_uptr, &attr);
if (err)
return err;
-@@ -7339,10 +7351,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -7362,10 +7374,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
@@ -90051,7 +90027,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index f5c6635..7133356 100644
+index 0aae0fc..2ba2b81 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
@@ -90094,7 +90070,7 @@ index f5c6635..7133356 100644
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -3332,6 +3337,7 @@ recheck:
+@@ -3355,6 +3360,7 @@ recheck:
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
@@ -90102,7 +90078,7 @@ index f5c6635..7133356 100644
/* can't increase priority */
if (attr->sched_priority > p->rt_priority &&
attr->sched_priority > rlim_rtprio)
-@@ -4702,8 +4708,10 @@ void idle_task_exit(void)
+@@ -4726,8 +4732,10 @@ void idle_task_exit(void)
BUG_ON(cpu_online(smp_processor_id()));
@@ -90114,7 +90090,7 @@ index f5c6635..7133356 100644
mmdrop(mm);
}
-@@ -4781,7 +4789,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4805,7 +4813,7 @@ static void migrate_tasks(unsigned int dead_cpu)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
@@ -90123,7 +90099,7 @@ index f5c6635..7133356 100644
{
.procname = "sched_domain",
.mode = 0555,
-@@ -4798,17 +4806,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -4822,17 +4830,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
@@ -90145,7 +90121,7 @@ index f5c6635..7133356 100644
/*
* In the intermediate directories, both the child directory and
-@@ -4816,22 +4824,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -4840,22 +4848,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
@@ -90177,7 +90153,7 @@ index f5c6635..7133356 100644
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -4851,7 +4862,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -4875,7 +4886,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
@@ -90186,7 +90162,7 @@ index f5c6635..7133356 100644
if (table == NULL)
return NULL;
-@@ -4886,9 +4897,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -4910,9 +4921,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
@@ -90198,7 +90174,7 @@ index f5c6635..7133356 100644
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -4915,11 +4926,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -4939,11 +4950,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
@@ -90213,7 +90189,7 @@ index f5c6635..7133356 100644
if (entry == NULL)
return;
-@@ -4942,8 +4955,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -4966,8 +4979,12 @@ static void unregister_sched_domain_sysctl(void)
if (sd_sysctl_header)
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
@@ -92905,7 +92881,7 @@ index 539eeb9..e24a987 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 66586bb..73ab487 100644
+index e346fa9..5d32f0a 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -92953,7 +92929,15 @@ index 66586bb..73ab487 100644
unlock_page(hpage);
return 0;
}
-@@ -1162,7 +1162,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1157,14 +1157,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+ */
+ if (!PageHWPoison(p)) {
+ printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn);
+- atomic_long_sub(nr_pages, &num_poisoned_pages);
++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
+ put_page(hpage);
+ res = 0;
+ goto out;
}
if (hwpoison_filter(p)) {
if (TestClearPageHWPoison(p))
@@ -92962,7 +92946,7 @@ index 66586bb..73ab487 100644
unlock_page(hpage);
put_page(hpage);
return 0;
-@@ -1384,7 +1384,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1386,7 +1386,7 @@ int unpoison_memory(unsigned long pfn)
return 0;
}
if (TestClearPageHWPoison(p))
@@ -92971,7 +92955,7 @@ index 66586bb..73ab487 100644
pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
return 0;
}
-@@ -1398,7 +1398,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1400,7 +1400,7 @@ int unpoison_memory(unsigned long pfn)
*/
if (TestClearPageHWPoison(page)) {
pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
@@ -92980,7 +92964,7 @@ index 66586bb..73ab487 100644
freeit = 1;
if (PageHuge(page))
clear_page_hwpoison_huge_page(page);
-@@ -1523,11 +1523,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+@@ -1525,11 +1525,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -92994,7 +92978,7 @@ index 66586bb..73ab487 100644
}
}
return ret;
-@@ -1566,7 +1566,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1568,7 +1568,7 @@ static int __soft_offline_page(struct page *page, int flags)
put_page(page);
pr_info("soft_offline: %#lx: invalidated\n", pfn);
SetPageHWPoison(page);
@@ -93003,7 +92987,7 @@ index 66586bb..73ab487 100644
return 0;
}
-@@ -1617,7 +1617,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1619,7 +1619,7 @@ static int __soft_offline_page(struct page *page, int flags)
if (!is_free_buddy_page(page))
pr_info("soft offline: %#lx: page leaked\n",
pfn);
@@ -93012,7 +92996,7 @@ index 66586bb..73ab487 100644
}
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1691,11 +1691,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1693,11 +1693,11 @@ int soft_offline_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -93722,10 +93706,10 @@ index 49e930f..90d7ec5 100644
mm = get_task_mm(tsk);
if (!mm)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index ae3c8f3..fa4ee8e 100644
+index 56224d9..a74c77e 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
-@@ -746,6 +746,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -750,6 +750,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
unsigned long vmstart;
unsigned long vmend;
@@ -93736,7 +93720,7 @@ index ae3c8f3..fa4ee8e 100644
vma = find_vma(mm, start);
if (!vma || vma->vm_start > start)
return -EFAULT;
-@@ -789,6 +793,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -793,6 +797,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
err = vma_replace_policy(vma, new_pol);
if (err)
goto out;
@@ -93753,7 +93737,7 @@ index ae3c8f3..fa4ee8e 100644
}
out:
-@@ -1252,6 +1266,17 @@ static long do_mbind(unsigned long start, unsigned long len,
+@@ -1256,6 +1270,17 @@ static long do_mbind(unsigned long start, unsigned long len,
if (end < start)
return -EINVAL;
@@ -93771,7 +93755,7 @@ index ae3c8f3..fa4ee8e 100644
if (end == start)
return 0;
-@@ -1480,8 +1505,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1484,8 +1509,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -93781,7 +93765,7 @@ index ae3c8f3..fa4ee8e 100644
rcu_read_unlock();
err = -EPERM;
goto out_put;
-@@ -1512,6 +1536,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1516,6 +1540,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
goto out;
}
@@ -95742,7 +95726,7 @@ index fd26d04..0cea1b0 100644
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index d3cbac5..3784601 100644
+index 5d91bb7..3784601 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
@@ -95844,20 +95828,8 @@ index d3cbac5..3784601 100644
}
/*
-@@ -1554,10 +1590,9 @@ void __put_anon_vma(struct anon_vma *anon_vma)
- {
- struct anon_vma *root = anon_vma->root;
-
-+ anon_vma_free(anon_vma);
- if (root != anon_vma && atomic_dec_and_test(&root->refcount))
- anon_vma_free(root);
--
-- anon_vma_free(anon_vma);
- }
-
- static struct anon_vma *rmap_walk_anon_lock(struct page *page,
diff --git a/mm/shmem.c b/mm/shmem.c
-index 1f18c9d..3e03d33 100644
+index 1f18c9d..b550bab 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -33,7 +33,7 @@
@@ -95869,7 +95841,7 @@ index 1f18c9d..3e03d33 100644
#ifdef CONFIG_SHMEM
/*
-@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt;
+@@ -77,14 +77,15 @@ static struct vfsmount *shm_mnt;
#define BOGO_DIRENT_SIZE 20
/* Symlink up to this size is kmalloc'ed instead of using a swappable page */
@@ -95877,8 +95849,99 @@ index 1f18c9d..3e03d33 100644
+#define SHORT_SYMLINK_LEN 64
/*
- * shmem_fallocate and shmem_writepage communicate via inode->i_private
-@@ -2218,6 +2218,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
+- * shmem_fallocate and shmem_writepage communicate via inode->i_private
+- * (with i_mutex making sure that it has only one user at a time):
+- * we would prefer not to enlarge the shmem inode just for that.
++ * shmem_fallocate communicates with shmem_fault or shmem_writepage via
++ * inode->i_private (with i_mutex making sure that it has only one user at
++ * a time): we would prefer not to enlarge the shmem inode just for that.
+ */
+ struct shmem_falloc {
++ int mode; /* FALLOC_FL mode currently operating */
+ pgoff_t start; /* start of range currently being fallocated */
+ pgoff_t next; /* the next page offset to be fallocated */
+ pgoff_t nr_falloced; /* how many new pages have been fallocated */
+@@ -824,6 +825,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
+ spin_lock(&inode->i_lock);
+ shmem_falloc = inode->i_private;
+ if (shmem_falloc &&
++ !shmem_falloc->mode &&
+ index >= shmem_falloc->start &&
+ index < shmem_falloc->next)
+ shmem_falloc->nr_unswapped++;
+@@ -1298,6 +1300,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+ int error;
+ int ret = VM_FAULT_LOCKED;
+
++ /*
++ * Trinity finds that probing a hole which tmpfs is punching can
++ * prevent the hole-punch from ever completing: which in turn
++ * locks writers out with its hold on i_mutex. So refrain from
++ * faulting pages into the hole while it's being punched, and
++ * wait on i_mutex to be released if vmf->flags permits,
++ */
++ if (unlikely(inode->i_private)) {
++ struct shmem_falloc *shmem_falloc;
++ spin_lock(&inode->i_lock);
++ shmem_falloc = inode->i_private;
++ if (!shmem_falloc ||
++ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE ||
++ vmf->pgoff < shmem_falloc->start ||
++ vmf->pgoff >= shmem_falloc->next)
++ shmem_falloc = NULL;
++ spin_unlock(&inode->i_lock);
++ /*
++ * i_lock has protected us from taking shmem_falloc seriously
++ * once return from shmem_fallocate() went back up that stack.
++ * i_lock does not serialize with i_mutex at all, but it does
++ * not matter if sometimes we wait unnecessarily, or sometimes
++ * miss out on waiting: we just need to make those cases rare.
++ */
++ if (shmem_falloc) {
++ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
++ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
++ up_read(&vma->vm_mm->mmap_sem);
++ mutex_lock(&inode->i_mutex);
++ mutex_unlock(&inode->i_mutex);
++ return VM_FAULT_RETRY;
++ }
++ /* cond_resched? Leave that to GUP or return to user */
++ return VM_FAULT_NOPAGE;
++ }
++ }
++
+ error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
+ if (error)
+ return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
+@@ -1813,18 +1852,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
+
+ mutex_lock(&inode->i_mutex);
+
++ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE;
++
+ if (mode & FALLOC_FL_PUNCH_HOLE) {
+ struct address_space *mapping = file->f_mapping;
+ loff_t unmap_start = round_up(offset, PAGE_SIZE);
+ loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
+
++ shmem_falloc.start = unmap_start >> PAGE_SHIFT;
++ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
++ spin_lock(&inode->i_lock);
++ inode->i_private = &shmem_falloc;
++ spin_unlock(&inode->i_lock);
++
+ if ((u64)unmap_end > (u64)unmap_start)
+ unmap_mapping_range(mapping, unmap_start,
+ 1 + unmap_end - unmap_start, 0);
+ shmem_truncate_range(inode, offset, offset + len - 1);
+ /* No need to unmap again: hole-punching leaves COWed pages */
+ error = 0;
+- goto out;
++ goto undone;
+ }
+
+ /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
+@@ -2218,6 +2265,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -95890,7 +95953,7 @@ index 1f18c9d..3e03d33 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -2273,6 +2278,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
+@@ -2273,6 +2325,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
if (err)
return err;
@@ -95906,7 +95969,7 @@ index 1f18c9d..3e03d33 100644
return simple_xattr_set(&info->xattrs, name, value, size, flags);
}
-@@ -2585,8 +2599,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
+@@ -2585,8 +2646,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -97743,7 +97806,7 @@ index 7552f9e..074ce29 100644
err = -EFAULT;
break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index b0ad2c7..96f6a5e 100644
+index 6afa3b4..7a14180 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3740,8 +3740,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
@@ -99470,7 +99533,7 @@ index 2510c02..cfb34fa 100644
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index e21934b..16f52a6 100644
+index e21934b..3ae545c 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -59,7 +59,7 @@ struct ping_table {
@@ -99482,15 +99545,6 @@ index e21934b..16f52a6 100644
EXPORT_SYMBOL_GPL(pingv6_ops);
static u16 ping_port_rover;
-@@ -259,7 +259,7 @@ int ping_init_sock(struct sock *sk)
-
- inet_get_ping_group_range_net(net, &low, &high);
- if (gid_lte(low, group) && gid_lte(group, high))
-- return 0;
-+ goto out_release_group;
-
- group_info = get_current_groups();
- count = group_info->ngroups;
@@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
return -ENODEV;
}
@@ -104111,26 +104165,53 @@ index 078fe1d..fbdb363 100644
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..edcbc3a
+index 0000000..3fd3699
--- /dev/null
+++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,16 @@
+@@ -0,0 +1,43 @@
+#!/bin/bash
+srctree=$(dirname "$0")
+gccplugins_dir=$($3 -print-file-name=plugin)
-+plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
+#include "gcc-common.h"
+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
-+#warning $2
++#warning $2 CXX
+#else
-+#warning $1
++#warning $1 CC
+#endif
+EOF
+)
++
++if [ $? -ne 0 ]
++then
++ exit 1
++fi
++
++if [[ "$plugincc" =~ "$1 CC" ]]
++then
++ echo "$1"
++ exit 0
++fi
++
++if [[ "$plugincc" =~ "$2 CXX" ]]
++then
++plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
++#include "gcc-common.h"
++class test {
++public:
++ int test;
++} test = {
++ .test = 1
++};
++EOF
++)
+if [ $? -eq 0 ]
+then
-+ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" )
++ echo "$2"
++ exit 0
++fi
+fi
++exit 1
diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
index 5de5660..d3deb89 100644
--- a/scripts/headers_install.sh
@@ -104414,7 +104495,7 @@ index 8fac3fd..32ff38d 100644
unsigned int secindex_strings;
diff --git a/security/Kconfig b/security/Kconfig
-index beb86b5..1776e5eb7 100644
+index beb86b5..40b1edb 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -4,6 +4,957 @@
@@ -104727,13 +104808,13 @@ index beb86b5..1776e5eb7 100644
+ bool 'Use filesystem extended attributes marking'
+ default y if GRKERNSEC_CONFIG_AUTO
+ select CIFS_XATTR if CIFS
++ select F2FS_FS_XATTR if F2FS_FS
+ select EXT2_FS_XATTR if EXT2_FS
+ select EXT3_FS_XATTR if EXT3_FS
+ select JFFS2_FS_XATTR if JFFS2_FS
+ select REISERFS_FS_XATTR if REISERFS_FS
+ select SQUASHFS_XATTR if SQUASHFS
+ select TMPFS_XATTR if TMPFS
-+ select UBIFS_FS_XATTR if UBIFS_FS
+ help
+ Enabling this option will allow you to control PaX features on
+ a per executable basis via the 'setfattr' utility. The control
diff --git a/main/linux-grsec/ping_init_sock.patch b/main/linux-grsec/ping_init_sock.patch
deleted file mode 100644
index 38b0c811b..000000000
--- a/main/linux-grsec/ping_init_sock.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-http://forums.grsecurity.net/viewtopic.php?f=3&t=3982
-
---- ./net/ipv4/ping.c.orig
-+++ ./net/ipv4/ping.c
-@@ -259,7 +259,7 @@
-
- inet_get_ping_group_range_net(net, &low, &high);
- if (gid_lte(low, group) && gid_lte(group, high))
-- goto out_release_group;
-+ return 0;
-
- group_info = get_current_groups();
- count = group_info->ngroups;