Grsec/PaX: 2.2.2-2.6.32.52-201201031758 + 2.2.2-3.1.7-201201032037.patch

7 files changed, 406 insertions, 602 deletions

diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index c414b52..3fcd732 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,11 +3,11 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	1050_linux-2.6.32.51.patch
+Patch:	1051_linux-2.6.32.52.patch
 From:	http://www.kernel.org
-Desc:	Linux 2.6.32.51
+Desc:	Linux 2.6.32.52
 
-Patch:	4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch
+Patch:	4420_grsecurity-2.2.2-2.6.32.52-201201031758.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/1050_linux-2.6.32.51.patch b/2.6.32/1050_linux-2.6.32.51.patch
deleted file mode 100644
index 196ebde..0000000
--- a/2.6.32/1050_linux-2.6.32.51.patch
+++ /dev/null
@@ -1,575 +0,0 @@
-diff --git a/arch/arm/mach-davinci/board-dm646x-evm.c b/arch/arm/mach-davinci/board-dm646x-evm.c
-index 24e0e13..6b25227 100644
---- a/arch/arm/mach-davinci/board-dm646x-evm.c
-+++ b/arch/arm/mach-davinci/board-dm646x-evm.c
-@@ -502,7 +502,7 @@ static int setup_vpif_input_channel_mode(int mux_mode)
- 	int val;
- 	u32 value;
- 
--	if (!vpif_vsclkdis_reg || !cpld_client)
-+	if (!vpif_vidclkctl_reg || !cpld_client)
- 		return -ENXIO;
- 
- 	val = i2c_smbus_read_byte(cpld_client);
-@@ -510,7 +510,7 @@ static int setup_vpif_input_channel_mode(int mux_mode)
- 		return val;
- 
- 	spin_lock_irqsave(&vpif_reg_lock, flags);
--	value = __raw_readl(vpif_vsclkdis_reg);
-+	value = __raw_readl(vpif_vidclkctl_reg);
- 	if (mux_mode) {
- 		val &= VPIF_INPUT_TWO_CHANNEL;
- 		value |= VIDCH1CLK;
-@@ -518,7 +518,7 @@ static int setup_vpif_input_channel_mode(int mux_mode)
- 		val |= VPIF_INPUT_ONE_CHANNEL;
- 		value &= ~VIDCH1CLK;
- 	}
--	__raw_writel(value, vpif_vsclkdis_reg);
-+	__raw_writel(value, vpif_vidclkctl_reg);
- 	spin_unlock_irqrestore(&vpif_reg_lock, flags);
- 
- 	err = i2c_smbus_write_byte(cpld_client, val);
-diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
-index 044897b..829edf0 100644
---- a/arch/x86/oprofile/backtrace.c
-+++ b/arch/x86/oprofile/backtrace.c
-@@ -11,6 +11,8 @@
- #include <linux/oprofile.h>
- #include <linux/sched.h>
- #include <linux/mm.h>
-+#include <linux/highmem.h>
-+
- #include <asm/ptrace.h>
- #include <asm/uaccess.h>
- #include <asm/stacktrace.h>
-@@ -47,6 +49,42 @@ static struct stacktrace_ops backtrace_ops = {
- 	.address = backtrace_address,
- };
- 
-+/* from arch/x86/kernel/cpu/perf_event.c: */
-+
-+/*
-+ * best effort, GUP based copy_from_user() that assumes IRQ or NMI context
-+ */
-+static unsigned long
-+copy_from_user_nmi(void *to, const void __user *from, unsigned long n)
-+{
-+	unsigned long offset, addr = (unsigned long)from;
-+	unsigned long size, len = 0;
-+	struct page *page;
-+	void *map;
-+	int ret;
-+
-+	do {
-+		ret = __get_user_pages_fast(addr, 1, 0, &page);
-+		if (!ret)
-+			break;
-+
-+		offset = addr & (PAGE_SIZE - 1);
-+		size = min(PAGE_SIZE - offset, n - len);
-+
-+		map = kmap_atomic(page, KM_USER0);
-+		memcpy(to, map+offset, size);
-+		kunmap_atomic(map, KM_USER0);
-+		put_page(page);
-+
-+		len  += size;
-+		to   += size;
-+		addr += size;
-+
-+	} while (len < n);
-+
-+	return len;
-+}
-+
- struct frame_head {
- 	struct frame_head *bp;
- 	unsigned long ret;
-@@ -54,12 +92,12 @@ struct frame_head {
- 
- static struct frame_head *dump_user_backtrace(struct frame_head *head)
- {
-+	/* Also check accessibility of one struct frame_head beyond: */
- 	struct frame_head bufhead[2];
-+	unsigned long bytes;
- 
--	/* Also check accessibility of one struct frame_head beyond */
--	if (!access_ok(VERIFY_READ, head, sizeof(bufhead)))
--		return NULL;
--	if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead)))
-+	bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead));
-+	if (bytes != sizeof(bufhead))
- 		return NULL;
- 
- 	oprofile_add_trace(bufhead[0].ret);
-diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
-index ca6b336..8f0e49b 100644
---- a/arch/x86/oprofile/nmi_int.c
-+++ b/arch/x86/oprofile/nmi_int.c
-@@ -750,12 +750,12 @@ int __init op_nmi_init(struct oprofile_operations *ops)
- 
- void op_nmi_exit(void)
- {
--	if (using_nmi) {
--		exit_sysfs();
-+	if (!using_nmi)
-+		return;
-+	exit_sysfs();
- #ifdef CONFIG_SMP
--		unregister_cpu_notifier(&oprofile_cpu_nb);
-+	unregister_cpu_notifier(&oprofile_cpu_nb);
- #endif
--	}
- 	if (model->exit)
- 		model->exit();
- }
-diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c
-index 5c4df24..334ccd6 100644
---- a/drivers/oprofile/buffer_sync.c
-+++ b/drivers/oprofile/buffer_sync.c
-@@ -140,6 +140,13 @@ static struct notifier_block module_load_nb = {
- 	.notifier_call = module_load_notify,
- };
- 
-+static void free_all_tasks(void)
-+{
-+	/* make sure we don't leak task structs */
-+	process_task_mortuary();
-+	process_task_mortuary();
-+}
-+
- int sync_start(void)
- {
- 	int err;
-@@ -147,8 +154,6 @@ int sync_start(void)
- 	if (!zalloc_cpumask_var(&marked_cpus, GFP_KERNEL))
- 		return -ENOMEM;
- 
--	mutex_lock(&buffer_mutex);
--
- 	err = task_handoff_register(&task_free_nb);
- 	if (err)
- 		goto out1;
-@@ -165,7 +170,6 @@ int sync_start(void)
- 	start_cpu_work();
- 
- out:
--	mutex_unlock(&buffer_mutex);
- 	return err;
- out4:
- 	profile_event_unregister(PROFILE_MUNMAP, &munmap_nb);
-@@ -173,6 +177,7 @@ out3:
- 	profile_event_unregister(PROFILE_TASK_EXIT, &task_exit_nb);
- out2:
- 	task_handoff_unregister(&task_free_nb);
-+	free_all_tasks();
- out1:
- 	free_cpumask_var(marked_cpus);
- 	goto out;
-@@ -181,20 +186,16 @@ out1:
- 
- void sync_stop(void)
- {
--	/* flush buffers */
--	mutex_lock(&buffer_mutex);
- 	end_cpu_work();
- 	unregister_module_notifier(&module_load_nb);
- 	profile_event_unregister(PROFILE_MUNMAP, &munmap_nb);
- 	profile_event_unregister(PROFILE_TASK_EXIT, &task_exit_nb);
- 	task_handoff_unregister(&task_free_nb);
--	mutex_unlock(&buffer_mutex);
--	flush_scheduled_work();
-+	barrier();			/* do all of the above first */
- 
--	/* make sure we don't leak task structs */
--	process_task_mortuary();
--	process_task_mortuary();
-+	flush_scheduled_work();
- 
-+	free_all_tasks();
- 	free_cpumask_var(marked_cpus);
- }
- 
-diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
-index 9d3d8cf..cec9bff 100644
---- a/drivers/usb/class/cdc-acm.c
-+++ b/drivers/usb/class/cdc-acm.c
-@@ -1528,6 +1528,16 @@ static struct usb_device_id acm_ids[] = {
- 	},
- 	{ USB_DEVICE(0x22b8, 0x6425), /* Motorola MOTOMAGX phones */
- 	},
-+	/* Motorola H24 HSPA module: */
-+	{ USB_DEVICE(0x22b8, 0x2d91) }, /* modem                                */
-+	{ USB_DEVICE(0x22b8, 0x2d92) }, /* modem           + diagnostics        */
-+	{ USB_DEVICE(0x22b8, 0x2d93) }, /* modem + AT port                      */
-+	{ USB_DEVICE(0x22b8, 0x2d95) }, /* modem + AT port + diagnostics        */
-+	{ USB_DEVICE(0x22b8, 0x2d96) }, /* modem                         + NMEA */
-+	{ USB_DEVICE(0x22b8, 0x2d97) }, /* modem           + diagnostics + NMEA */
-+	{ USB_DEVICE(0x22b8, 0x2d99) }, /* modem + AT port               + NMEA */
-+	{ USB_DEVICE(0x22b8, 0x2d9a) }, /* modem + AT port + diagnostics + NMEA */
-+
- 	{ USB_DEVICE(0x0572, 0x1329), /* Hummingbird huc56s (Conexant) */
- 	.driver_info = NO_UNION_NORMAL, /* union descriptor misplaced on
- 					   data interface instead of
-diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
-index 8572c79..72ba88f 100644
---- a/fs/ext4/inode.c
-+++ b/fs/ext4/inode.c
-@@ -3228,7 +3228,7 @@ static int ext4_da_write_end(struct file *file,
- 	 */
- 
- 	new_i_size = pos + copied;
--	if (new_i_size > EXT4_I(inode)->i_disksize) {
-+	if (copied && new_i_size > EXT4_I(inode)->i_disksize) {
- 		if (ext4_da_should_update_i_disksize(page, end)) {
- 			down_write(&EXT4_I(inode)->i_data_sem);
- 			if (new_i_size > EXT4_I(inode)->i_disksize) {
-diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c
-index 052f214..0609e71 100644
---- a/fs/hfs/btree.c
-+++ b/fs/hfs/btree.c
-@@ -45,11 +45,26 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke
- 	case HFS_EXT_CNID:
- 		hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize,
- 				    mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz));
-+		if (HFS_I(tree->inode)->alloc_blocks >
-+					HFS_I(tree->inode)->first_blocks) {
-+			printk(KERN_ERR "hfs: invalid btree extent records\n");
-+			unlock_new_inode(tree->inode);
-+			goto free_inode;
-+		}
-+
- 		tree->inode->i_mapping->a_ops = &hfs_btree_aops;
- 		break;
- 	case HFS_CAT_CNID:
- 		hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize,
- 				    mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz));
-+
-+		if (!HFS_I(tree->inode)->first_blocks) {
-+			printk(KERN_ERR "hfs: invalid btree extent records "
-+								"(0 size).\n");
-+			unlock_new_inode(tree->inode);
-+			goto free_inode;
-+		}
-+
- 		tree->inode->i_mapping->a_ops = &hfs_btree_aops;
- 		break;
- 	default:
-@@ -58,11 +73,6 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke
- 	}
- 	unlock_new_inode(tree->inode);
- 
--	if (!HFS_I(tree->inode)->first_blocks) {
--		printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n");
--		goto free_inode;
--	}
--
- 	mapping = tree->inode->i_mapping;
- 	page = read_mapping_page(mapping, 0, NULL);
- 	if (IS_ERR(page))
-diff --git a/fs/jbd/journal.c b/fs/jbd/journal.c
-index 45905ff..70713d5 100644
---- a/fs/jbd/journal.c
-+++ b/fs/jbd/journal.c
-@@ -1070,6 +1070,14 @@ static int journal_get_superblock(journal_t *journal)
- 		goto out;
- 	}
- 
-+	if (be32_to_cpu(sb->s_first) == 0 ||
-+	    be32_to_cpu(sb->s_first) >= journal->j_maxlen) {
-+		printk(KERN_WARNING
-+			"JBD: Invalid start block of journal: %u\n",
-+			be32_to_cpu(sb->s_first));
-+		goto out;
-+	}
-+
- 	return 0;
- 
- out:
-diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
-index 17af879..c00de9c 100644
---- a/fs/jbd2/journal.c
-+++ b/fs/jbd2/journal.c
-@@ -1183,6 +1183,14 @@ static int journal_get_superblock(journal_t *journal)
- 		goto out;
- 	}
- 
-+	if (be32_to_cpu(sb->s_first) == 0 ||
-+	    be32_to_cpu(sb->s_first) >= journal->j_maxlen) {
-+		printk(KERN_WARNING
-+			"JBD2: Invalid start block of journal: %u\n",
-+			be32_to_cpu(sb->s_first));
-+		goto out;
-+	}
-+
- 	return 0;
- 
- out:
-diff --git a/include/linux/log2.h b/include/linux/log2.h
-index 25b8086..fd7ff3d 100644
---- a/include/linux/log2.h
-+++ b/include/linux/log2.h
-@@ -185,7 +185,6 @@ unsigned long __rounddown_pow_of_two(unsigned long n)
- #define rounddown_pow_of_two(n)			\
- (						\
- 	__builtin_constant_p(n) ? (		\
--		(n == 1) ? 0 :			\
- 		(1UL << ilog2(n))) :		\
- 	__rounddown_pow_of_two(n)		\
-  )
-diff --git a/kernel/taskstats.c b/kernel/taskstats.c
-index b080920..a4ef542 100644
---- a/kernel/taskstats.c
-+++ b/kernel/taskstats.c
-@@ -592,6 +592,7 @@ static struct genl_ops taskstats_ops = {
- 	.cmd		= TASKSTATS_CMD_GET,
- 	.doit		= taskstats_user_cmd,
- 	.policy		= taskstats_cmd_get_policy,
-+	.flags		= GENL_ADMIN_PERM,
- };
- 
- static struct genl_ops cgroupstats_ops = {
-diff --git a/mm/percpu.c b/mm/percpu.c
-index 3bfd6e2..c90614a 100644
---- a/mm/percpu.c
-+++ b/mm/percpu.c
-@@ -110,9 +110,9 @@ static int pcpu_atom_size __read_mostly;
- static int pcpu_nr_slots __read_mostly;
- static size_t pcpu_chunk_struct_size __read_mostly;
- 
--/* cpus with the lowest and highest unit numbers */
--static unsigned int pcpu_first_unit_cpu __read_mostly;
--static unsigned int pcpu_last_unit_cpu __read_mostly;
-+/* cpus with the lowest and highest unit addresses */
-+static unsigned int pcpu_low_unit_cpu __read_mostly;
-+static unsigned int pcpu_high_unit_cpu __read_mostly;
- 
- /* the address of the first chunk which starts with the kernel static area */
- void *pcpu_base_addr __read_mostly;
-@@ -746,8 +746,8 @@ static void pcpu_pre_unmap_flush(struct pcpu_chunk *chunk,
- 				 int page_start, int page_end)
- {
- 	flush_cache_vunmap(
--		pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start),
--		pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end));
-+		pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start),
-+		pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end));
- }
- 
- static void __pcpu_unmap_pages(unsigned long addr, int nr_pages)
-@@ -809,8 +809,8 @@ static void pcpu_post_unmap_tlb_flush(struct pcpu_chunk *chunk,
- 				      int page_start, int page_end)
- {
- 	flush_tlb_kernel_range(
--		pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start),
--		pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end));
-+		pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start),
-+		pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end));
- }
- 
- static int __pcpu_map_pages(unsigned long addr, struct page **pages,
-@@ -887,8 +887,8 @@ static void pcpu_post_map_flush(struct pcpu_chunk *chunk,
- 				int page_start, int page_end)
- {
- 	flush_cache_vmap(
--		pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start),
--		pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end));
-+		pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start),
-+		pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end));
- }
- 
- /**
-@@ -1680,7 +1680,9 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
- 
- 	for (cpu = 0; cpu < nr_cpu_ids; cpu++)
- 		unit_map[cpu] = UINT_MAX;
--	pcpu_first_unit_cpu = NR_CPUS;
-+
-+	pcpu_low_unit_cpu = NR_CPUS;
-+	pcpu_high_unit_cpu = NR_CPUS;
- 
- 	for (group = 0, unit = 0; group < ai->nr_groups; group++, unit += i) {
- 		const struct pcpu_group_info *gi = &ai->groups[group];
-@@ -1700,9 +1702,13 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
- 			unit_map[cpu] = unit + i;
- 			unit_off[cpu] = gi->base_offset + i * ai->unit_size;
- 
--			if (pcpu_first_unit_cpu == NR_CPUS)
--				pcpu_first_unit_cpu = cpu;
--			pcpu_last_unit_cpu = cpu;
-+			/* determine low/high unit_cpu */
-+			if (pcpu_low_unit_cpu == NR_CPUS ||
-+			    unit_off[cpu] < unit_off[pcpu_low_unit_cpu])
-+				pcpu_low_unit_cpu = cpu;
-+			if (pcpu_high_unit_cpu == NR_CPUS ||
-+			    unit_off[cpu] > unit_off[pcpu_high_unit_cpu])
-+				pcpu_high_unit_cpu = cpu;
- 		}
- 	}
- 	pcpu_nr_units = unit;
-diff --git a/mm/util.c b/mm/util.c
-index b377ce4..e48b493 100644
---- a/mm/util.c
-+++ b/mm/util.c
-@@ -233,6 +233,19 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
- }
- #endif
- 
-+/*
-+ * Like get_user_pages_fast() except its IRQ-safe in that it won't fall
-+ * back to the regular GUP.
-+ * If the architecture not support this fucntion, simply return with no
-+ * page pinned
-+ */
-+int __attribute__((weak)) __get_user_pages_fast(unsigned long start,
-+				 int nr_pages, int write, struct page **pages)
-+{
-+	return 0;
-+}
-+EXPORT_SYMBOL_GPL(__get_user_pages_fast);
-+
- /**
-  * get_user_pages_fast() - pin user pages in memory
-  * @start:	starting user address
-diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
-index faf54c6..9bd850a 100644
---- a/net/xfrm/xfrm_algo.c
-+++ b/net/xfrm/xfrm_algo.c
-@@ -411,8 +411,8 @@ static struct xfrm_algo_desc ealg_list[] = {
- 	.desc = {
- 		.sadb_alg_id = SADB_X_EALG_AESCTR,
- 		.sadb_alg_ivlen	= 8,
--		.sadb_alg_minbits = 128,
--		.sadb_alg_maxbits = 256
-+		.sadb_alg_minbits = 160,
-+		.sadb_alg_maxbits = 288
- 	}
- },
- };
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index ba44dc0..6419095 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -432,6 +432,8 @@ static int alc_mux_enum_put(struct snd_kcontrol *kcontrol,
- 	imux = &spec->input_mux[mux_idx];
- 	if (!imux->num_items && mux_idx > 0)
- 		imux = &spec->input_mux[0];
-+	if (!imux->num_items)
-+		return 0;
- 
- 	type = get_wcaps_type(get_wcaps(codec, nid));
- 	if (type == AC_WID_AUD_MIX) {
-diff --git a/sound/pci/sis7019.c b/sound/pci/sis7019.c
-index 1a5ff06..b11ee62 100644
---- a/sound/pci/sis7019.c
-+++ b/sound/pci/sis7019.c
-@@ -40,6 +40,7 @@ MODULE_SUPPORTED_DEVICE("{{SiS,SiS7019 Audio Accelerator}}");
- static int index = SNDRV_DEFAULT_IDX1;	/* Index 0-MAX */
- static char *id = SNDRV_DEFAULT_STR1;	/* ID for this card */
- static int enable = 1;
-+static int codecs = 1;
- 
- module_param(index, int, 0444);
- MODULE_PARM_DESC(index, "Index value for SiS7019 Audio Accelerator.");
-@@ -47,6 +48,8 @@ module_param(id, charp, 0444);
- MODULE_PARM_DESC(id, "ID string for SiS7019 Audio Accelerator.");
- module_param(enable, bool, 0444);
- MODULE_PARM_DESC(enable, "Enable SiS7019 Audio Accelerator.");
-+module_param(codecs, int, 0444);
-+MODULE_PARM_DESC(codecs, "Set bit to indicate that codec number is expected to be present (default 1)");
- 
- static struct pci_device_id snd_sis7019_ids[] = {
- 	{ PCI_DEVICE(PCI_VENDOR_ID_SI, 0x7019) },
-@@ -139,6 +142,9 @@ struct sis7019 {
- 	dma_addr_t silence_dma_addr;
- };
- 
-+/* These values are also used by the module param 'codecs' to indicate
-+ * which codecs should be present.
-+ */
- #define SIS_PRIMARY_CODEC_PRESENT	0x0001
- #define SIS_SECONDARY_CODEC_PRESENT	0x0002
- #define SIS_TERTIARY_CODEC_PRESENT	0x0004
-@@ -1075,6 +1081,7 @@ static int sis_chip_init(struct sis7019 *sis)
- {
- 	unsigned long io = sis->ioport;
- 	void __iomem *ioaddr = sis->ioaddr;
-+	unsigned long timeout;
- 	u16 status;
- 	int count;
- 	int i;
-@@ -1101,21 +1108,45 @@ static int sis_chip_init(struct sis7019 *sis)
- 	while ((inw(io + SIS_AC97_STATUS) & SIS_AC97_STATUS_BUSY) && --count)
- 		udelay(1);
- 
-+	/* Command complete, we can let go of the semaphore now.
-+	 */
-+	outl(SIS_AC97_SEMA_RELEASE, io + SIS_AC97_SEMA);
-+	if (!count)
-+		return -EIO;
-+
- 	/* Now that we've finished the reset, find out what's attached.
-+	 * There are some codec/board combinations that take an extremely
-+	 * long time to come up. 350+ ms has been observed in the field,
-+	 * so we'll give them up to 500ms.
- 	 */
--	status = inl(io + SIS_AC97_STATUS);
--	if (status & SIS_AC97_STATUS_CODEC_READY)
--		sis->codecs_present |= SIS_PRIMARY_CODEC_PRESENT;
--	if (status & SIS_AC97_STATUS_CODEC2_READY)
--		sis->codecs_present |= SIS_SECONDARY_CODEC_PRESENT;
--	if (status & SIS_AC97_STATUS_CODEC3_READY)
--		sis->codecs_present |= SIS_TERTIARY_CODEC_PRESENT;
--
--	/* All done, let go of the semaphore, and check for errors
-+	sis->codecs_present = 0;
-+	timeout = msecs_to_jiffies(500) + jiffies;
-+	while (time_before_eq(jiffies, timeout)) {
-+		status = inl(io + SIS_AC97_STATUS);
-+		if (status & SIS_AC97_STATUS_CODEC_READY)
-+			sis->codecs_present |= SIS_PRIMARY_CODEC_PRESENT;
-+		if (status & SIS_AC97_STATUS_CODEC2_READY)
-+			sis->codecs_present |= SIS_SECONDARY_CODEC_PRESENT;
-+		if (status & SIS_AC97_STATUS_CODEC3_READY)
-+			sis->codecs_present |= SIS_TERTIARY_CODEC_PRESENT;
-+
-+		if (sis->codecs_present == codecs)
-+			break;
-+
-+		msleep(1);
-+	}
-+
-+	/* All done, check for errors.
- 	 */
--	outl(SIS_AC97_SEMA_RELEASE, io + SIS_AC97_SEMA);
--	if (!sis->codecs_present || !count)
-+	if (!sis->codecs_present) {
-+		printk(KERN_ERR "sis7019: could not find any codecs\n");
- 		return -EIO;
-+	}
-+
-+	if (sis->codecs_present != codecs) {
-+		printk(KERN_WARNING "sis7019: missing codecs, found %0x, expected %0x\n",
-+		       sis->codecs_present, codecs);
-+	}
- 
- 	/* Let the hardware know that the audio driver is alive,
- 	 * and enable PCM slots on the AC-link for L/R playback (3 & 4) and
-@@ -1387,6 +1418,17 @@ static int __devinit snd_sis7019_probe(struct pci_dev *pci,
- 	if (!enable)
- 		goto error_out;
- 
-+	/* The user can specify which codecs should be present so that we
-+	 * can wait for them to show up if they are slow to recover from
-+	 * the AC97 cold reset. We default to a single codec, the primary.
-+	 *
-+	 * We assume that SIS_PRIMARY_*_PRESENT matches bits 0-2.
-+	 */
-+	codecs &= SIS_PRIMARY_CODEC_PRESENT | SIS_SECONDARY_CODEC_PRESENT |
-+		  SIS_TERTIARY_CODEC_PRESENT;
-+	if (!codecs)
-+		codecs = SIS_PRIMARY_CODEC_PRESENT;
-+
- 	rc = snd_card_create(index, id, THIS_MODULE, sizeof(*sis), &card);
- 	if (rc < 0)
- 		goto error_out;
diff --git a/2.6.32/1051_linux-2.6.32.52.patch b/2.6.32/1051_linux-2.6.32.52.patch
new file mode 100644
index 0000000..0f82a0c
--- /dev/null
+++ b/2.6.32/1051_linux-2.6.32.52.patch
@@ -0,0 +1,12 @@
+diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c
+index b38baff..0d809ae 100644
+--- a/kernel/time/clockevents.c
++++ b/kernel/time/clockevents.c
+@@ -221,7 +221,6 @@ void clockevents_exchange_device(struct clock_event_device *old,
+ 	 * released list and do a notify add later.
+ 	 */
+ 	if (old) {
+-		old->event_handler = clockevents_handle_noop;
+ 		clockevents_set_mode(old, CLOCK_EVT_MODE_UNUSED);
+ 		list_del(&old->list);
+ 		list_add(&old->list, &clockevents_released);
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.52-201201031758.patch
index 1a4e34c..40137ff 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.52-201201031758.patch
@@ -185,7 +185,7 @@ index c840e7d..f4c451c 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index 1c640ea..b545bdc 100644
+index 8f775f5..272691c 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -52923,6 +52923,55 @@ index b442dac..aab29cb 100644
  	if (!capable(CAP_SYS_RAWIO))
  		return -EPERM;
  	if (kcore_need_update)
+diff --git a/fs/proc/kmsg.c b/fs/proc/kmsg.c
+index 7ca7834..cfe90a4 100644
+--- a/fs/proc/kmsg.c
++++ b/fs/proc/kmsg.c
+@@ -12,37 +12,37 @@
+ #include <linux/poll.h>
+ #include <linux/proc_fs.h>
+ #include <linux/fs.h>
++#include <linux/syslog.h>
+ 
+ #include <asm/uaccess.h>
+ #include <asm/io.h>
+ 
+ extern wait_queue_head_t log_wait;
+ 
+-extern int do_syslog(int type, char __user *bug, int count);
+-
+ static int kmsg_open(struct inode * inode, struct file * file)
+ {
+-	return do_syslog(1,NULL,0);
++	return do_syslog(SYSLOG_ACTION_OPEN, NULL, 0, SYSLOG_FROM_FILE);
+ }
+ 
+ static int kmsg_release(struct inode * inode, struct file * file)
+ {
+-	(void) do_syslog(0,NULL,0);
++	(void) do_syslog(SYSLOG_ACTION_CLOSE, NULL, 0, SYSLOG_FROM_FILE);
+ 	return 0;
+ }
+ 
+ static ssize_t kmsg_read(struct file *file, char __user *buf,
+ 			 size_t count, loff_t *ppos)
+ {
+-	if ((file->f_flags & O_NONBLOCK) && !do_syslog(9, NULL, 0))
++	if ((file->f_flags & O_NONBLOCK) &&
++	    !do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE))
+ 		return -EAGAIN;
+-	return do_syslog(2, buf, count);
++	return do_syslog(SYSLOG_ACTION_READ, buf, count, SYSLOG_FROM_FILE);
+ }
+ 
+ static unsigned int kmsg_poll(struct file *file, poll_table *wait)
+ {
+ 	poll_wait(file, &log_wait, wait);
+-	if (do_syslog(9, NULL, 0))
++	if (do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE))
+ 		return POLLIN | POLLRDNORM;
+ 	return 0;
+ }
 diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
 index a65239c..ad1182a 100644
 --- a/fs/proc/meminfo.c
@@ -68248,7 +68297,7 @@ index 1ee2c05..81b7ec4 100644
  
  #define VIDEO_TYPE_MDA		0x10	/* Monochrome Text Display	*/
 diff --git a/include/linux/security.h b/include/linux/security.h
-index d40d23f..253bd14 100644
+index d40d23f..d739b08 100644
 --- a/include/linux/security.h
 +++ b/include/linux/security.h
 @@ -34,6 +34,7 @@
@@ -68259,6 +68308,53 @@ index d40d23f..253bd14 100644
  #include <net/flow.h>
  
  /* Maximum number of letters for an LSM name string */
+@@ -76,7 +77,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
+ extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
+ extern int cap_task_setioprio(struct task_struct *p, int ioprio);
+ extern int cap_task_setnice(struct task_struct *p, int nice);
+-extern int cap_syslog(int type);
++extern int cap_syslog(int type, bool from_file);
+ extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
+ 
+ struct msghdr;
+@@ -1331,6 +1332,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
+  *	logging to the console.
+  *	See the syslog(2) manual page for an explanation of the @type values.
+  *	@type contains the type of action.
++ *	@from_file indicates the context of action (if it came from /proc).
+  *	Return 0 if permission is granted.
+  * @settime:
+  *	Check permission to change the system time.
+@@ -1445,7 +1447,7 @@ struct security_operations {
+ 	int (*sysctl) (struct ctl_table *table, int op);
+ 	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
+ 	int (*quota_on) (struct dentry *dentry);
+-	int (*syslog) (int type);
++	int (*syslog) (int type, bool from_file);
+ 	int (*settime) (struct timespec *ts, struct timezone *tz);
+ 	int (*vm_enough_memory) (struct mm_struct *mm, long pages);
+ 
+@@ -1740,7 +1742,7 @@ int security_acct(struct file *file);
+ int security_sysctl(struct ctl_table *table, int op);
+ int security_quotactl(int cmds, int type, int id, struct super_block *sb);
+ int security_quota_on(struct dentry *dentry);
+-int security_syslog(int type);
++int security_syslog(int type, bool from_file);
+ int security_settime(struct timespec *ts, struct timezone *tz);
+ int security_vm_enough_memory(long pages);
+ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
+@@ -1986,9 +1988,9 @@ static inline int security_quota_on(struct dentry *dentry)
+ 	return 0;
+ }
+ 
+-static inline int security_syslog(int type)
++static inline int security_syslog(int type, bool from_file)
+ {
+-	return cap_syslog(type);
++	return cap_syslog(type, from_file);
+ }
+ 
+ static inline int security_settime(struct timespec *ts, struct timezone *tz)
 diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
 index 8366d8f..2307490 100644
 --- a/include/linux/seq_file.h
@@ -68693,6 +68789,64 @@ index 9d68fed..71f02cc 100644
  };
  
  struct sysfs_dirent;
+diff --git a/include/linux/syslog.h b/include/linux/syslog.h
+new file mode 100644
+index 0000000..3891139
+--- /dev/null
++++ b/include/linux/syslog.h
+@@ -0,0 +1,52 @@
++/*  Syslog internals
++ *
++ *  Copyright 2010 Canonical, Ltd.
++ *  Author: Kees Cook <kees.cook@canonical.com>
++ *
++ *  This program is free software; you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation; either version 2, or (at your option)
++ *  any later version.
++ *
++ *  This program is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with this program; see the file COPYING.  If not, write to
++ *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
++ */
++
++#ifndef _LINUX_SYSLOG_H
++#define _LINUX_SYSLOG_H
++
++/* Close the log.  Currently a NOP. */
++#define SYSLOG_ACTION_CLOSE          0
++/* Open the log. Currently a NOP. */
++#define SYSLOG_ACTION_OPEN           1
++/* Read from the log. */
++#define SYSLOG_ACTION_READ           2
++/* Read all messages remaining in the ring buffer. */
++#define SYSLOG_ACTION_READ_ALL       3
++/* Read and clear all messages remaining in the ring buffer */
++#define SYSLOG_ACTION_READ_CLEAR     4
++/* Clear ring buffer. */
++#define SYSLOG_ACTION_CLEAR          5
++/* Disable printk's to console */
++#define SYSLOG_ACTION_CONSOLE_OFF    6
++/* Enable printk's to console */
++#define SYSLOG_ACTION_CONSOLE_ON     7
++/* Set level of messages printed to console */
++#define SYSLOG_ACTION_CONSOLE_LEVEL  8
++/* Return number of unread characters in the log buffer */
++#define SYSLOG_ACTION_SIZE_UNREAD    9
++/* Return size of the log buffer */
++#define SYSLOG_ACTION_SIZE_BUFFER   10
++
++#define SYSLOG_FROM_CALL 0
++#define SYSLOG_FROM_FILE 1
++
++int do_syslog(int type, char __user *buf, int count, bool from_file);
++
++#endif /* _LINUX_SYSLOG_H */
 diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
 index a8cc4e1..98d3b85 100644
 --- a/include/linux/thread_info.h
@@ -72993,21 +73147,137 @@ index 40dd021..fb30ceb 100644
  	mutex_lock(&pm_mutex);
  	suspend_ops = ops;
 diff --git a/kernel/printk.c b/kernel/printk.c
-index 4cade47..637e78a 100644
+index 4cade47..4d17900 100644
 --- a/kernel/printk.c
 +++ b/kernel/printk.c
-@@ -278,6 +278,11 @@ int do_syslog(int type, char __user *buf, int len)
+@@ -33,6 +33,7 @@
+ #include <linux/bootmem.h>
+ #include <linux/syscalls.h>
+ #include <linux/kexec.h>
++#include <linux/syslog.h>
+ 
+ #include <asm/uaccess.h>
+ 
+@@ -256,38 +257,30 @@ static inline void boot_delay_msec(void)
+ }
+ #endif
+ 
+-/*
+- * Commands to do_syslog:
+- *
+- * 	0 -- Close the log.  Currently a NOP.
+- * 	1 -- Open the log. Currently a NOP.
+- * 	2 -- Read from the log.
+- * 	3 -- Read all messages remaining in the ring buffer.
+- * 	4 -- Read and clear all messages remaining in the ring buffer
+- * 	5 -- Clear ring buffer.
+- * 	6 -- Disable printk's to console
+- * 	7 -- Enable printk's to console
+- *	8 -- Set level of messages printed to console
+- *	9 -- Return number of unread characters in the log buffer
+- *     10 -- Return size of the log buffer
+- */
+-int do_syslog(int type, char __user *buf, int len)
++int do_syslog(int type, char __user *buf, int len, bool from_file)
+ {
+ 	unsigned i, j, limit, count;
+ 	int do_clear = 0;
  	char c;
  	int error = 0;
  
+-	error = security_syslog(type);
 +#ifdef CONFIG_GRKERNSEC_DMESG
-+	if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN))
++	if (grsec_enable_dmesg &&
++	    (!from_file || (from_file && type == SYSLOG_ACTION_OPEN)) &&
++	    !capable(CAP_SYS_ADMIN))
 +		return -EPERM;
 +#endif
 +
- 	error = security_syslog(type);
++	error = security_syslog(type, from_file);
  	if (error)
  		return error;
+ 
+ 	switch (type) {
+-	case 0:		/* Close log */
++	case SYSLOG_ACTION_CLOSE:	/* Close log */
+ 		break;
+-	case 1:		/* Open log */
++	case SYSLOG_ACTION_OPEN:	/* Open log */
+ 		break;
+-	case 2:		/* Read from log */
++	case SYSLOG_ACTION_READ:	/* Read from log */
+ 		error = -EINVAL;
+ 		if (!buf || len < 0)
+ 			goto out;
+@@ -318,10 +311,12 @@ int do_syslog(int type, char __user *buf, int len)
+ 		if (!error)
+ 			error = i;
+ 		break;
+-	case 4:		/* Read/clear last kernel messages */
++	/* Read/clear last kernel messages */
++	case SYSLOG_ACTION_READ_CLEAR:
+ 		do_clear = 1;
+ 		/* FALL THRU */
+-	case 3:		/* Read last kernel messages */
++	/* Read last kernel messages */
++	case SYSLOG_ACTION_READ_ALL:
+ 		error = -EINVAL;
+ 		if (!buf || len < 0)
+ 			goto out;
+@@ -374,21 +369,25 @@ int do_syslog(int type, char __user *buf, int len)
+ 			}
+ 		}
+ 		break;
+-	case 5:		/* Clear ring buffer */
++	/* Clear ring buffer */
++	case SYSLOG_ACTION_CLEAR:
+ 		logged_chars = 0;
+ 		break;
+-	case 6:		/* Disable logging to console */
++	/* Disable logging to console */
++	case SYSLOG_ACTION_CONSOLE_OFF:
+ 		if (saved_console_loglevel == -1)
+ 			saved_console_loglevel = console_loglevel;
+ 		console_loglevel = minimum_console_loglevel;
+ 		break;
+-	case 7:		/* Enable logging to console */
++	/* Enable logging to console */
++	case SYSLOG_ACTION_CONSOLE_ON:
+ 		if (saved_console_loglevel != -1) {
+ 			console_loglevel = saved_console_loglevel;
+ 			saved_console_loglevel = -1;
+ 		}
+ 		break;
+-	case 8:		/* Set level of messages printed to console */
++	/* Set level of messages printed to console */
++	case SYSLOG_ACTION_CONSOLE_LEVEL:
+ 		error = -EINVAL;
+ 		if (len < 1 || len > 8)
+ 			goto out;
+@@ -399,10 +398,12 @@ int do_syslog(int type, char __user *buf, int len)
+ 		saved_console_loglevel = -1;
+ 		error = 0;
+ 		break;
+-	case 9:		/* Number of chars in the log buffer */
++	/* Number of chars in the log buffer */
++	case SYSLOG_ACTION_SIZE_UNREAD:
+ 		error = log_end - log_start;
+ 		break;
+-	case 10:	/* Size of the log buffer */
++	/* Size of the log buffer */
++	case SYSLOG_ACTION_SIZE_BUFFER:
+ 		error = log_buf_len;
+ 		break;
+ 	default:
+@@ -415,7 +416,7 @@ out:
+ 
+ SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)
+ {
+-	return do_syslog(type, buf, len);
++	return do_syslog(type, buf, len, SYSLOG_FROM_CALL);
+ }
+ 
+ /*
 diff --git a/kernel/profile.c b/kernel/profile.c
 index dfadc5b..7f59404 100644
 --- a/kernel/profile.c
@@ -83894,19 +84164,19 @@ index fce07a7..5f12858 100644
  };
  
 diff --git a/security/commoncap.c b/security/commoncap.c
-index fe30751..cdc60e1 100644
+index fe30751..aaba312 100644
 --- a/security/commoncap.c
 +++ b/security/commoncap.c
-@@ -27,7 +27,7 @@
+@@ -27,6 +27,8 @@
  #include <linux/sched.h>
  #include <linux/prctl.h>
  #include <linux/securebits.h>
--
++#include <linux/syslog.h>
 +#include <net/sock.h>
+ 
  /*
   * If a non-root user executes a setuid-root binary in
-  * !secure(SECURE_NOROOT) mode, then we raise capabilities.
-@@ -50,9 +50,18 @@ static void warn_setuid_and_fcaps_mixed(char *fname)
+@@ -50,9 +52,18 @@ static void warn_setuid_and_fcaps_mixed(char *fname)
  	}
  }
  
@@ -83925,7 +84195,7 @@ index fe30751..cdc60e1 100644
  	return 0;
  }
  
-@@ -582,6 +591,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
+@@ -582,6 +593,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
  {
  	const struct cred *cred = current_cred();
  
@@ -83935,6 +84205,27 @@ index fe30751..cdc60e1 100644
  	if (cred->uid != 0) {
  		if (bprm->cap_effective)
  			return 1;
+@@ -956,13 +970,18 @@ error:
+ /**
+  * cap_syslog - Determine whether syslog function is permitted
+  * @type: Function requested
++ * @from_file: Whether this request came from an open file (i.e. /proc)
+  *
+  * Determine whether the current process is permitted to use a particular
+  * syslog function, returning 0 if permission is granted, -ve if not.
+  */
+-int cap_syslog(int type)
++int cap_syslog(int type, bool from_file)
+ {
+-	if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
++	/* /proc/kmsg can open be opened by CAP_SYS_ADMIN */
++	if (type != SYSLOG_ACTION_OPEN && from_file)
++		return 0;
++	if ((type != SYSLOG_ACTION_READ_ALL &&
++	     type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN))
+ 		return -EPERM;
+ 	return 0;
+ }
 diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
 index 165eb53..b1db4eb 100644
 --- a/security/integrity/ima/ima.h
@@ -84052,7 +84343,7 @@ index 2f7ffa6..0455400 100644
  };
  
 diff --git a/security/security.c b/security/security.c
-index c4c6732..3a3d821 100644
+index c4c6732..7abf13b 100644
 --- a/security/security.c
 +++ b/security/security.c
 @@ -24,7 +24,7 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
@@ -84073,11 +84364,31 @@ index c4c6732..3a3d821 100644
  {
  	if (verify(ops)) {
  		printk(KERN_DEBUG "%s could not verify "
+@@ -199,9 +199,9 @@ int security_quota_on(struct dentry *dentry)
+ 	return security_ops->quota_on(dentry);
+ }
+ 
+-int security_syslog(int type)
++int security_syslog(int type, bool from_file)
+ {
+-	return security_ops->syslog(type);
++	return security_ops->syslog(type, from_file);
+ }
+ 
+ int security_settime(struct timespec *ts, struct timezone *tz)
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index a106754..2805823 100644
+index a106754..ca3a589 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
-@@ -131,7 +131,7 @@ int selinux_enabled = 1;
+@@ -76,6 +76,7 @@
+ #include <linux/selinux.h>
+ #include <linux/mutex.h>
+ #include <linux/posix-timers.h>
++#include <linux/syslog.h>
+ 
+ #include "avc.h"
+ #include "objsec.h"
+@@ -131,7 +132,7 @@ int selinux_enabled = 1;
   * Minimal support for a secondary security module,
   * just to allow the use of the capability module.
   */
@@ -84086,7 +84397,50 @@ index a106754..2805823 100644
  
  /* Lists of inode and superblock security structures initialized
     before the policy was loaded. */
-@@ -5457,7 +5457,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -2050,29 +2051,30 @@ static int selinux_quota_on(struct dentry *dentry)
+ 	return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
+ }
+ 
+-static int selinux_syslog(int type)
++static int selinux_syslog(int type, bool from_file)
+ {
+ 	int rc;
+ 
+-	rc = cap_syslog(type);
++	rc = cap_syslog(type, from_file);
+ 	if (rc)
+ 		return rc;
+ 
+ 	switch (type) {
+-	case 3:		/* Read last kernel messages */
+-	case 10:	/* Return size of the log buffer */
++	case SYSLOG_ACTION_READ_ALL:	/* Read last kernel messages */
++	case SYSLOG_ACTION_SIZE_BUFFER:	/* Return size of the log buffer */
+ 		rc = task_has_system(current, SYSTEM__SYSLOG_READ);
+ 		break;
+-	case 6:		/* Disable logging to console */
+-	case 7:		/* Enable logging to console */
+-	case 8:		/* Set level of messages printed to console */
++	case SYSLOG_ACTION_CONSOLE_OFF:	/* Disable logging to console */
++	case SYSLOG_ACTION_CONSOLE_ON:	/* Enable logging to console */
++	/* Set level of messages printed to console */
++	case SYSLOG_ACTION_CONSOLE_LEVEL:
+ 		rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
+ 		break;
+-	case 0:		/* Close log */
+-	case 1:		/* Open log */
+-	case 2:		/* Read from log */
+-	case 4:		/* Read/clear last kernel messages */
+-	case 5:		/* Clear ring buffer */
++	case SYSLOG_ACTION_CLOSE:	/* Close log */
++	case SYSLOG_ACTION_OPEN:	/* Open log */
++	case SYSLOG_ACTION_READ:	/* Read from log */
++	case SYSLOG_ACTION_READ_CLEAR:	/* Read/clear last kernel messages */
++	case SYSLOG_ACTION_CLEAR:	/* Clear ring buffer */
+ 	default:
+ 		rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
+ 		break;
+@@ -5457,7 +5459,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
  
  #endif
  
@@ -84095,7 +84449,7 @@ index a106754..2805823 100644
  	.name =				"selinux",
  
  	.ptrace_access_check =		selinux_ptrace_access_check,
-@@ -5841,7 +5841,9 @@ int selinux_disable(void)
+@@ -5841,7 +5843,9 @@ int selinux_disable(void)
  	avc_disable();
  
  	/* Reset security_ops to the secondary module, dummy or capability. */
@@ -84132,9 +84486,24 @@ index ff17820..d68084c 100644
  		avtab_cache_init();
  		if (policydb_read(&policydb, fp)) {
 diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index c33b6bb..9651403 100644
+index c33b6bb..b51f19e 100644
 --- a/security/smack/smack_lsm.c
 +++ b/security/smack/smack_lsm.c
+@@ -157,12 +157,12 @@ static int smack_ptrace_traceme(struct task_struct *ptp)
+  *
+  * Returns 0 on success, error code otherwise.
+  */
+-static int smack_syslog(int type)
++static int smack_syslog(int type, bool from_file)
+ {
+ 	int rc;
+ 	char *sp = current_security();
+ 
+-	rc = cap_syslog(type);
++	rc = cap_syslog(type, from_file);
+ 	if (rc != 0)
+ 		return rc;
+ 
 @@ -3073,7 +3073,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
  	return 0;
  }
diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch
index 5f4693e..9097814 100644
--- a/2.6.32/4435_grsec-kconfig-gentoo.patch
+++ b/2.6.32/4435_grsec-kconfig-gentoo.patch
@@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_LOW
  	bool "Low"
-@@ -190,6 +190,261 @@
+@@ -190,6 +190,259 @@
  	  - Restricted sysfs/debugfs
  	  - Active kernel exploit response
  
@@ -138,7 +138,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_CHROOT_CAPS
 +	select GRKERNSEC_CHROOT_SYSCTL
 +	select GRKERNSEC_CHROOT_FINDTASK
-+	select GRKERNSEC_SYSFS_RESTRICT
 +	select GRKERNSEC_PROC
 +	select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
 +	select GRKERNSEC_HIDESYM
@@ -223,7 +222,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_CHROOT_CAPS
 +	select GRKERNSEC_CHROOT_SYSCTL
 +	select GRKERNSEC_CHROOT_FINDTASK
-+	select GRKERNSEC_SYSFS_RESTRICT
 +	select GRKERNSEC_PROC
 +	select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
 +	select GRKERNSEC_HIDESYM
diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch
index ca88ef7..d84eb57 100644
--- a/2.6.32/4437-grsec-kconfig-proc-user.patch
+++ b/2.6.32/4437-grsec-kconfig-proc-user.patch
@@ -6,7 +6,7 @@ in a different way to avoid bug #366019.  This patch should eventually go upstre
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-06-29 07:46:02.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-06-29 07:47:20.000000000 -0400
-@@ -667,7 +667,7 @@
+@@ -665,7 +665,7 @@
  
  config GRKERNSEC_PROC_USER
  	bool "Restrict /proc to user only"
@@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  If you say Y here, non-root users will only be able to view their own
  	  processes, and restricts them from viewing network-related information,
-@@ -675,7 +675,7 @@
+@@ -673,7 +673,7 @@
  
  config GRKERNSEC_PROC_USERGROUP
  	bool "Allow special group"
diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
index 34c78d5..5bbfa24 100644
--- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 18:47:02.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 18:51:15.000000000 -0400
-@@ -1266,6 +1266,27 @@
+@@ -1264,6 +1264,27 @@
  menu "Logging Options"
  depends on GRKERNSEC