Grsec/PaX: 2.9.1-{3.2.48,3.10.2}-201307212241

14 files changed, 79 insertions, 54 deletions

diff --git a/3.10.1/0000_README b/3.10.2/0000_README
index 67be42e..9f9962b 100644
--- a/3.10.1/0000_README
+++ b/3.10.2/0000_README
@@ -6,7 +6,7 @@ Patch:	1000_linux-3.10.1.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.10.1
 
-Patch:	4420_grsecurity-2.9.1-3.10.1-201307181236.patch
+Patch:	4420_grsecurity-2.9.1-3.10.2-201307212247.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.10.1/1000_linux-3.10.1.patch b/3.10.2/1000_linux-3.10.1.patch
index 5dd0002..5dd0002 100644
--- a/3.10.1/1000_linux-3.10.1.patch
+++ b/3.10.2/1000_linux-3.10.1.patch
diff --git a/3.10.1/4420_grsecurity-2.9.1-3.10.1-201307181236.patch b/3.10.2/4420_grsecurity-2.9.1-3.10.2-201307212247.patch
index 522a936..0a1f292 100644
--- a/3.10.1/4420_grsecurity-2.9.1-3.10.1-201307181236.patch
+++ b/3.10.2/4420_grsecurity-2.9.1-3.10.2-201307212247.patch
@@ -263,7 +263,7 @@ index 2fe6e76..3dd8184 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index b75cc30..6abd111 100644
+index 4336730..cb79194 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3795,7 +3795,7 @@ index cf08bdf..772656c 100644
  unsigned long search_exception_table(unsigned long addr);
  
 diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
-index 9a5cdc0..a1182cf 100644
+index 0ecc43f..190b956 100644
 --- a/arch/arm/mm/init.c
 +++ b/arch/arm/mm/init.c
 @@ -30,6 +30,8 @@
@@ -10437,7 +10437,7 @@ index 5ef205c..342191d 100644
  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
  GCOV_PROFILE := n
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index c205035..5853587 100644
+index d606463..b887794 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -150,7 +150,6 @@ again:
@@ -32042,7 +32042,7 @@ index fcae5fa..e9f71ea 100644
  static void delete_gpe_attr_array(void)
  {
 diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
-index a70ff15..f1ff44e 100644
+index 7b9bdd8..37638ca 100644
 --- a/drivers/ata/libahci.c
 +++ b/drivers/ata/libahci.c
 @@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap)
@@ -36668,11 +36668,24 @@ index 8a8725c2..afed796 100644
  		else {
  			marker = list_first_entry(&queue->head,
  						 struct vmw_marker, head);
+diff --git a/drivers/gpu/host1x/drm/dc.c b/drivers/gpu/host1x/drm/dc.c
+index 8c04943..4370ed9 100644
+--- a/drivers/gpu/host1x/drm/dc.c
++++ b/drivers/gpu/host1x/drm/dc.c
+@@ -999,7 +999,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor)
+ 	}
+ 
+ 	for (i = 0; i < ARRAY_SIZE(debugfs_files); i++)
+-		dc->debugfs_files[i].data = dc;
++		*(void **)&dc->debugfs_files[i].data = dc;
+ 
+ 	err = drm_debugfs_create_files(dc->debugfs_files,
+ 				       ARRAY_SIZE(debugfs_files),
 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index 264f550..f92dd8c 100644
+index 402f486..f862d7e 100644
 --- a/drivers/hid/hid-core.c
 +++ b/drivers/hid/hid-core.c
-@@ -2269,7 +2269,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2275,7 +2275,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
  
  int hid_add_device(struct hid_device *hdev)
  {
@@ -36681,7 +36694,7 @@ index 264f550..f92dd8c 100644
  	int ret;
  
  	if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2303,7 +2303,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2309,7 +2309,7 @@ int hid_add_device(struct hid_device *hdev)
  	/* XXX hack, any other cleaner solution after the driver core
  	 * is converted to allow more than 20 bytes as the device name? */
  	dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -36745,7 +36758,7 @@ index 12f2f9e..679603c 100644
  	/*
  	 * Represents channel interrupts. Each bit position represents a
 diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
-index bf421e0..ce2c897 100644
+index 4004e54..c2de226 100644
 --- a/drivers/hv/vmbus_drv.c
 +++ b/drivers/hv/vmbus_drv.c
 @@ -668,10 +668,10 @@ int vmbus_device_register(struct hv_device *child_device_obj)
@@ -41570,7 +41583,7 @@ index d320df6..ca9a8f6 100644
  #define ASPM_STATE_ALL		(ASPM_STATE_L0S | ASPM_STATE_L1)
  
 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index 70f10fa..cb5e917 100644
+index ea37072..10e58e56 100644
 --- a/drivers/pci/probe.c
 +++ b/drivers/pci/probe.c
 @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
@@ -49586,7 +49599,7 @@ index 2091db8..81dafe9 100644
  	else if (whole->bd_holder != NULL)
  		return false;	 /* is a partition of a held device */
 diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index 02fae7f..48da375 100644
+index 7fb054b..ad36c67 100644
 --- a/fs/btrfs/ctree.c
 +++ b/fs/btrfs/ctree.c
 @@ -1076,9 +1076,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -51502,7 +51515,7 @@ index 22548f5..41521d8 100644
  	}
  	return 1;
 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index d0f13ea..4b2dadd 100644
+index 3742e4c..69a797f 100644
 --- a/fs/ext4/balloc.c
 +++ b/fs/ext4/balloc.c
 @@ -528,8 +528,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
@@ -51551,7 +51564,7 @@ index 5aae3d1..b5da7f8 100644
  
  	/* locality groups */
 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index def8408..8253d11 100644
+index 59c6750..a549154 100644
 --- a/fs/ext4/mballoc.c
 +++ b/fs/ext4/mballoc.c
 @@ -1865,7 +1865,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
@@ -51681,7 +51694,7 @@ index 214461e..3614c89 100644
  		       "MMP failure info: last update time: %llu, last update "
  		       "node: %s, last update device: %s\n",
 diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
-index b27c96d..6ed4df2 100644
+index 49d3c01..9579efd 100644
 --- a/fs/ext4/resize.c
 +++ b/fs/ext4/resize.c
 @@ -79,12 +79,20 @@ static int verify_group_input(struct super_block *sb,
@@ -51720,7 +51733,7 @@ index b27c96d..6ed4df2 100644
  	else if (input->reserved_blocks > input->blocks_count / 5)
  		ext4_warning(sb, "Reserved blocks too high (%u)",
 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 94cc84d..2490974 100644
+index 6681c03..d88cd33 100644
 --- a/fs/ext4/super.c
 +++ b/fs/ext4/super.c
 @@ -1236,7 +1236,7 @@ static ext4_fsblk_t get_sb_block(void **data)
@@ -51732,7 +51745,7 @@ index 94cc84d..2490974 100644
  	"Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
  
  #ifdef CONFIG_QUOTA
-@@ -2378,7 +2378,7 @@ struct ext4_attr {
+@@ -2372,7 +2372,7 @@ struct ext4_attr {
  	ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
  			 const char *, size_t);
  	int offset;
@@ -74968,10 +74981,10 @@ index f6c2ce5..982c0f9 100644
 +	return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
 +}
 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index a7c9e6d..a16aa75 100644
+index c6e77ef..af531a0 100644
 --- a/kernel/cgroup.c
 +++ b/kernel/cgroup.c
-@@ -5378,7 +5378,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
+@@ -5391,7 +5391,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
  		struct css_set *cg = link->cg;
  		struct task_struct *task;
  		int count = 0;
@@ -79871,10 +79884,10 @@ index 0b537f2..40d6c20 100644
  		return -ENOMEM;
  	return 0;
 diff --git a/kernel/timer.c b/kernel/timer.c
-index 15ffdb3..62d885c 100644
+index 15bc1b4..32da49c 100644
 --- a/kernel/timer.c
 +++ b/kernel/timer.c
-@@ -1364,7 +1364,7 @@ void update_process_times(int user_tick)
+@@ -1366,7 +1366,7 @@ void update_process_times(int user_tick)
  /*
   * This function runs timers and the timer-tq in bottom half context.
   */
@@ -79883,7 +79896,7 @@ index 15ffdb3..62d885c 100644
  {
  	struct tvec_base *base = __this_cpu_read(tvec_bases);
  
-@@ -1427,7 +1427,7 @@ static void process_timeout(unsigned long __data)
+@@ -1429,7 +1429,7 @@ static void process_timeout(unsigned long __data)
   *
   * In all cases the return value is guaranteed to be non-negative.
   */
@@ -79892,7 +79905,7 @@ index 15ffdb3..62d885c 100644
  {
  	struct timer_list timer;
  	unsigned long expire;
-@@ -1633,7 +1633,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self,
+@@ -1635,7 +1635,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -81524,25 +81537,6 @@ index 7055883..aafb1ed 100644
  	error = 0;
  	if (end == start)
  		return error;
-diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index fd79df5..15b0409 100644
---- a/mm/memcontrol.c
-+++ b/mm/memcontrol.c
-@@ -6296,14 +6296,6 @@ mem_cgroup_css_online(struct cgroup *cont)
- 
- 	error = memcg_init_kmem(memcg, &mem_cgroup_subsys);
- 	mutex_unlock(&memcg_create_mutex);
--	if (error) {
--		/*
--		 * We call put now because our (and parent's) refcnts
--		 * are already in place. mem_cgroup_put() will internally
--		 * call __mem_cgroup_free, so return directly
--		 */
--		mem_cgroup_put(memcg);
--	}
- 	return error;
- }
- 
 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
 index ceb0c7f..b2b8e94 100644
 --- a/mm/memory-failure.c
@@ -84245,7 +84239,7 @@ index 4514ad7..92eaa1c 100644
  	.next		= NULL,
  };
 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index c3edb62..2d60097 100644
+index 2ee0fd3..6e2edfb 100644
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
 @@ -60,6 +60,7 @@
@@ -84568,7 +84562,7 @@ index 5e6a842..b41916e 100644
  		return -ENOMEM;
  
 diff --git a/mm/slab.c b/mm/slab.c
-index 8ccd296..012fe4e 100644
+index bd88411..8371a16 100644
 --- a/mm/slab.c
 +++ b/mm/slab.c
 @@ -366,10 +366,10 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
diff --git a/3.10.1/4425_grsec_remove_EI_PAX.patch b/3.10.2/4425_grsec_remove_EI_PAX.patch
index 415fda5..415fda5 100644
--- a/3.10.1/4425_grsec_remove_EI_PAX.patch
+++ b/3.10.2/4425_grsec_remove_EI_PAX.patch
diff --git a/3.10.1/4427_force_XATTR_PAX_tmpfs.patch b/3.10.2/4427_force_XATTR_PAX_tmpfs.patch
index e2a9551..e2a9551 100644
--- a/3.10.1/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.10.2/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.10.1/4430_grsec-remove-localversion-grsec.patch b/3.10.2/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.10.1/4430_grsec-remove-localversion-grsec.patch
+++ b/3.10.2/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.10.1/4435_grsec-mute-warnings.patch b/3.10.2/4435_grsec-mute-warnings.patch
index ed941d5..ed941d5 100644
--- a/3.10.1/4435_grsec-mute-warnings.patch
+++ b/3.10.2/4435_grsec-mute-warnings.patch
diff --git a/3.10.1/4440_grsec-remove-protected-paths.patch b/3.10.2/4440_grsec-remove-protected-paths.patch
index 637934a..637934a 100644
--- a/3.10.1/4440_grsec-remove-protected-paths.patch
+++ b/3.10.2/4440_grsec-remove-protected-paths.patch
diff --git a/3.10.1/4450_grsec-kconfig-default-gids.patch b/3.10.2/4450_grsec-kconfig-default-gids.patch
index f144c0e..f144c0e 100644
--- a/3.10.1/4450_grsec-kconfig-default-gids.patch
+++ b/3.10.2/4450_grsec-kconfig-default-gids.patch
diff --git a/3.10.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.10.2/4465_selinux-avc_audit-log-curr_ip.patch
index b0786d4..b0786d4 100644
--- a/3.10.1/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.10.2/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.10.1/4470_disable-compat_vdso.patch b/3.10.2/4470_disable-compat_vdso.patch
index 424d91f..424d91f 100644
--- a/3.10.1/4470_disable-compat_vdso.patch
+++ b/3.10.2/4470_disable-compat_vdso.patch
diff --git a/3.10.1/4475_emutramp_default_on.patch b/3.10.2/4475_emutramp_default_on.patch
index 27bfc2d..27bfc2d 100644
--- a/3.10.1/4475_emutramp_default_on.patch
+++ b/3.10.2/4475_emutramp_default_on.patch
diff --git a/3.2.48/0000_README b/3.2.48/0000_README
index 89dc967..5e1d7bc 100644
--- a/3.2.48/0000_README
+++ b/3.2.48/0000_README
@@ -110,7 +110,7 @@ Patch:	1047_linux-3.2.48.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.48
 
-Patch:	4420_grsecurity-2.9.1-3.2.48-201307181235.patch
+Patch:	4420_grsecurity-2.9.1-3.2.48-201307212241.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307181235.patch b/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307212241.patch
index e2d1e33..d9a4f00 100644
--- a/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307181235.patch
+++ b/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307212241.patch
@@ -68536,6 +68536,28 @@ index 73b0712..2e581af 100644
  
  struct drm_connector_helper_funcs {
  	int (*get_modes)(struct drm_connector *connector);
+diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h
+index 6bd325f..19a2404 100644
+--- a/include/drm/drm_mem_util.h
++++ b/include/drm/drm_mem_util.h
+@@ -31,7 +31,7 @@
+ 
+ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
+ {
+-	if (size != 0 && nmemb > ULONG_MAX / size)
++	if (size != 0 && nmemb > SIZE_MAX / size)
+ 		return NULL;
+ 
+ 	if (size * nmemb <= PAGE_SIZE)
+@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
+ /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */
+ static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size)
+ {
+-	if (size != 0 && nmemb > ULONG_MAX / size)
++	if (size != 0 && nmemb > SIZE_MAX / size)
+ 		return NULL;
+ 
+ 	if (size * nmemb <= PAGE_SIZE)
 diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h
 index 26c1f78..6722682 100644
 --- a/include/drm/ttm/ttm_memory.h
@@ -70948,10 +70970,18 @@ index 3875719..4cd454c 100644
  /* This macro allows us to keep printk typechecking */
  static __printf(1, 2)
 diff --git a/include/linux/kernel.h b/include/linux/kernel.h
-index a70783d..77f7750 100644
+index a70783d..bf1dd28 100644
 --- a/include/linux/kernel.h
 +++ b/include/linux/kernel.h
-@@ -696,24 +696,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
+@@ -34,6 +34,7 @@
+ #define LLONG_MAX	((long long)(~0ULL>>1))
+ #define LLONG_MIN	(-LLONG_MAX - 1)
+ #define ULLONG_MAX	(~0ULL)
++#define SIZE_MAX	(~(size_t)0)
+ 
+ #define STACK_MAGIC	0xdeadbeef
+ 
+@@ -696,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
   * @condition: the condition which the compiler should know is false.
   *
   * If you have some code which relies on certain constants being equal, or
@@ -72816,7 +72846,7 @@ index efe50af..0d0b145 100644
  
  static inline void nf_reset_trace(struct sk_buff *skb)
 diff --git a/include/linux/slab.h b/include/linux/slab.h
-index 573c809..59fadfb 100644
+index 573c809..c643b82 100644
 --- a/include/linux/slab.h
 +++ b/include/linux/slab.h
 @@ -11,12 +11,20 @@
@@ -72866,15 +72896,16 @@ index 573c809..59fadfb 100644
  
  /*
   * Allocator specific definitions. These are mainly used to establish optimized
-@@ -240,6 +253,7 @@ size_t ksize(const void *);
-  * for general use, and so are not documented here. For a full list of
-  * potential flags, always refer to linux/gfp.h.
+@@ -242,7 +255,7 @@ size_t ksize(const void *);
   */
-+
  static inline void *kcalloc(size_t n, size_t size, gfp_t flags)
  {
- 	if (size != 0 && n > ULONG_MAX / size)
-@@ -287,7 +301,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
+-	if (size != 0 && n > ULONG_MAX / size)
++	if (size != 0 && n > SIZE_MAX / size)
+ 		return NULL;
+ 	return __kmalloc(n * size, flags | __GFP_ZERO);
+ }
+@@ -287,7 +300,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
   */
  #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
  	(defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
@@ -72883,7 +72914,7 @@ index 573c809..59fadfb 100644
  #define kmalloc_track_caller(size, flags) \
  	__kmalloc_track_caller(size, flags, _RET_IP_)
  #else
-@@ -306,7 +320,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
+@@ -306,7 +319,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
   */
  #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
  	(defined(CONFIG_SLAB) && defined(CONFIG_TRACING))