Grsec/PaX: 2.9.1-{3.2.50.3.10.7}-20130818220320130818

author: Anthony G. Basile <blueness@gentoo.org> 2013-08-19 09:03:59 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2013-08-19 09:03:59 -0400
commit: 5780f1157ede8697b5ca74b0aa3e14295e36496c (patch)
tree: ae68b37fc3ef33aa98ad0ef37c0e6c5165daf223
parent: Grsec/PaX: 2.9.1-{2.6.32.61,3.2.50.3.10.7}-201308171249 (diff)
download: hardened-patchset-5780f1157ede8697b5ca74b0aa3e14295e36496c.tar.gz
hardened-patchset-5780f1157ede8697b5ca74b0aa3e14295e36496c.tar.bz2
hardened-patchset-5780f1157ede8697b5ca74b0aa3e14295e36496c.zip
14 files changed, 280 insertions, 154 deletions
diff --git a/3.10.7/0000_README b/3.10.7/0000_README
index a11d231..9ec844e 100644
--- a/3.10.7/0000_README
+++ b/3.10.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.9.1-3.10.7-201308171249.patch
+Patch:	4420_grsecurity-2.9.1-3.10.7-201308182203.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308171249.patch b/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308182203.patch
index 9a72c3e..18163ce 100644
--- a/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308171249.patch
+++ b/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308182203.patch
@@ -16960,31 +16960,31 @@ index a1df6e8..e002940 100644
  #endif
  #endif /* _ASM_X86_THREAD_INFO_H */
 diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index 50a7fc0..d00c622 100644
+index 50a7fc0..7c437a7 100644
 --- a/arch/x86/include/asm/tlbflush.h
 +++ b/arch/x86/include/asm/tlbflush.h
-@@ -17,18 +17,39 @@
+@@ -17,18 +17,40 @@
  
  static inline void __native_flush_tlb(void)
  {
--	native_write_cr3(native_read_cr3());
++	if (static_cpu_has(X86_FEATURE_INVPCID)) {
++		unsigned long descriptor[2];
++		asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory");
++		return;
++	}
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
 +	if (static_cpu_has(X86_FEATURE_PCID)) {
 +		unsigned int cpu = raw_get_cpu();
 +
-+		if (static_cpu_has(X86_FEATURE_INVPCID)) {
-+			unsigned long descriptor[2];
-+			asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory");
-+		} else {
-+			native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
-+			native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
-+		}
++		native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
++		native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
 +		raw_put_cpu_no_resched();
-+	} else
++		return;
++	}
 +#endif
 +
-+		native_write_cr3(native_read_cr3());
+ 	native_write_cr3(native_read_cr3());
  }
  
  static inline void __native_flush_tlb_global_irq_disabled(void)
@@ -17010,41 +17010,49 @@ index 50a7fc0..d00c622 100644
  }
  
  static inline void __native_flush_tlb_global(void)
-@@ -49,7 +70,33 @@ static inline void __native_flush_tlb_global(void)
+@@ -49,6 +71,42 @@ static inline void __native_flush_tlb_global(void)
  
  static inline void __native_flush_tlb_single(unsigned long addr)
  {
--	asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
 +
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	if (static_cpu_has(X86_FEATURE_PCID) && addr < TASK_SIZE_MAX) {
-+		unsigned int cpu = raw_get_cpu();
++	if (static_cpu_has(X86_FEATURE_INVPCID)) {
++		unsigned long descriptor[2];
 +
-+		if (static_cpu_has(X86_FEATURE_INVPCID)) {
-+			unsigned long descriptor[2];
-+			descriptor[0] = PCID_USER;
-+			descriptor[1] = addr;
++		descriptor[0] = PCID_KERNEL;
++		descriptor[1] = addr;
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++		if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) {
++			if (addr < TASK_SIZE_MAX)
++				descriptor[1] += pax_user_shadow_base;
 +			asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
-+			if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) {
-+				descriptor[0] = PCID_KERNEL;
-+				descriptor[1] = addr + pax_user_shadow_base;
-+				asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
-+			}
-+		} else {
-+			native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
-+			asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
-+			native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
-+			if (!static_cpu_has(X86_FEATURE_STRONGUDEREF))
-+				asm volatile("invlpg (%0)" ::"r" (addr + pax_user_shadow_base) : "memory");
 +		}
-+		raw_put_cpu_no_resched();
-+	} else
++
++		descriptor[0] = PCID_USER;
++		descriptor[1] = addr;
 +#endif
 +
++		asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
++		return;
++	}
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++	if (static_cpu_has(X86_FEATURE_PCID)) {
++		unsigned int cpu = raw_get_cpu();
++
++		native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
 +		asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
++		native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
++		raw_put_cpu_no_resched();
++
++		if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) && addr < TASK_SIZE_MAX)
++			addr += pax_user_shadow_base;
++	}
++#endif
++
+ 	asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
  }
  
- static inline void __flush_tlb_all(void)
 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
 index 5ee2687..74590b9 100644
 --- a/arch/x86/include/asm/uaccess.h
@@ -18604,7 +18612,7 @@ index 5013a48..0782c53 100644
  		if (c->x86_model == 3 && c->x86_mask == 0)
  			size = 64;
 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 22018f7..a5883af 100644
+index 22018f7..2ae0e75 100644
 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
 @@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
@@ -18668,48 +18676,61 @@ index 22018f7..a5883af 100644
  static int __init x86_xsave_setup(char *s)
  {
  	setup_clear_cpu_cap(X86_FEATURE_XSAVE);
-@@ -288,6 +234,40 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+@@ -288,6 +234,53 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
  		set_in_cr4(X86_CR4_SMAP);
  }
  
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#ifdef CONFIG_X86_64
 +static __init int setup_disable_pcid(char *arg)
 +{
 +	setup_clear_cpu_cap(X86_FEATURE_PCID);
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	if (clone_pgd_mask != ~(pgdval_t)0UL)
 +		pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
++#endif
++
 +	return 1;
 +}
 +__setup("nopcid", setup_disable_pcid);
 +
 +static void setup_pcid(struct cpuinfo_x86 *c)
 +{
-+	if (cpu_has(c, X86_FEATURE_PCID))
-+		printk("PAX: PCID detected\n");
++	if (!cpu_has(c, X86_FEATURE_PCID)) {
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++		if (clone_pgd_mask != ~(pgdval_t)0UL) {
++			pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
++			printk("PAX: slow and weak UDEREF enabled\n");
++		} else
++			printk("PAX: UDEREF disabled\n");
++#endif
++
++		return;
++	}
++
++	printk("PAX: PCID detected\n");
++	set_in_cr4(X86_CR4_PCIDE);
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	clone_pgd_mask = ~(pgdval_t)0UL;
++	if (pax_user_shadow_base)
++		printk("PAX: weak UDEREF enabled\n");
++	else {
++		set_cpu_cap(c, X86_FEATURE_STRONGUDEREF);
++		printk("PAX: strong UDEREF enabled\n");
++	}
++#endif
 +
 +	if (cpu_has(c, X86_FEATURE_INVPCID))
 +		printk("PAX: INVPCID detected\n");
-+
-+	if (cpu_has(c, X86_FEATURE_PCID)) {
-+		set_in_cr4(X86_CR4_PCIDE);
-+		clone_pgd_mask = ~(pgdval_t)0UL;
-+		if (pax_user_shadow_base)
-+			printk("PAX: weak UDEREF enabled\n");
-+		else {
-+			set_cpu_cap(c, X86_FEATURE_STRONGUDEREF);
-+			printk("PAX: strong UDEREF enabled\n");
-+		}
-+	} else if (pax_user_shadow_base)
-+		printk("PAX: slow and weak UDEREF enabled\n");
-+	else
-+		printk("PAX: UDEREF disabled\n");
 +}
 +#endif
 +
  /*
   * Some CPU features depend on higher CPUID levels, which may not always
   * be available due to CPUID level capping or broken virtualization
-@@ -386,7 +366,7 @@ void switch_to_new_gdt(int cpu)
+@@ -386,7 +379,7 @@ void switch_to_new_gdt(int cpu)
  {
  	struct desc_ptr gdt_descr;
  
@@ -18718,18 +18739,18 @@ index 22018f7..a5883af 100644
  	gdt_descr.size = GDT_SIZE - 1;
  	load_gdt(&gdt_descr);
  	/* Reload the per-cpu base */
-@@ -874,6 +854,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -874,6 +867,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
  	setup_smep(c);
  	setup_smap(c);
  
-+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#ifdef CONFIG_X86_64
 +	setup_pcid(c);
 +#endif
 +
  	/*
  	 * The vendor-specific functions might have changed features.
  	 * Now we do "generic changes."
-@@ -882,6 +866,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -882,6 +879,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
  	/* Filter out anything that depends on CPUID levels we don't have */
  	filter_cpuid_features(c, true);
  
@@ -18740,7 +18761,7 @@ index 22018f7..a5883af 100644
  	/* If the model name is still unset, do table lookup. */
  	if (!c->x86_model_id[0]) {
  		const char *p;
-@@ -1069,10 +1057,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1069,10 +1070,12 @@ static __init int setup_disablecpuid(char *arg)
  }
  __setup("clearcpuid=", setup_disablecpuid);
  
@@ -18755,7 +18776,7 @@ index 22018f7..a5883af 100644
  
  DEFINE_PER_CPU_FIRST(union irq_stack_union,
  		     irq_stack_union) __aligned(PAGE_SIZE);
-@@ -1086,7 +1076,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+@@ -1086,7 +1089,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
  EXPORT_PER_CPU_SYMBOL(current_task);
  
  DEFINE_PER_CPU(unsigned long, kernel_stack) =
@@ -18764,7 +18785,7 @@ index 22018f7..a5883af 100644
  EXPORT_PER_CPU_SYMBOL(kernel_stack);
  
  DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1231,7 +1221,7 @@ void __cpuinit cpu_init(void)
+@@ -1231,7 +1234,7 @@ void __cpuinit cpu_init(void)
  	load_ucode_ap();
  
  	cpu = stack_smp_processor_id();
@@ -18773,7 +18794,7 @@ index 22018f7..a5883af 100644
  	oist = &per_cpu(orig_ist, cpu);
  
  #ifdef CONFIG_NUMA
-@@ -1257,7 +1247,7 @@ void __cpuinit cpu_init(void)
+@@ -1257,7 +1260,7 @@ void __cpuinit cpu_init(void)
  	switch_to_new_gdt(cpu);
  	loadsegment(fs, 0);
  
@@ -18782,7 +18803,7 @@ index 22018f7..a5883af 100644
  
  	memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
  	syscall_init();
-@@ -1266,7 +1256,6 @@ void __cpuinit cpu_init(void)
+@@ -1266,7 +1269,6 @@ void __cpuinit cpu_init(void)
  	wrmsrl(MSR_KERNEL_GS_BASE, 0);
  	barrier();
  
@@ -18790,7 +18811,7 @@ index 22018f7..a5883af 100644
  	enable_x2apic();
  
  	/*
-@@ -1318,7 +1307,7 @@ void __cpuinit cpu_init(void)
+@@ -1318,7 +1320,7 @@ void __cpuinit cpu_init(void)
  {
  	int cpu = smp_processor_id();
  	struct task_struct *curr = current;
@@ -20461,7 +20482,7 @@ index 8f3e2de..6b71e39 100644
  
  /*
 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 7272089..833fdf8 100644
+index 7272089..ee191c7 100644
 --- a/arch/x86/kernel/entry_64.S
 +++ b/arch/x86/kernel/entry_64.S
 @@ -59,6 +59,8 @@
@@ -20548,7 +20569,7 @@ index 7272089..833fdf8 100644
  #endif
  
  
-@@ -284,6 +293,427 @@ ENTRY(native_usergs_sysret64)
+@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64)
  ENDPROC(native_usergs_sysret64)
  #endif /* CONFIG_PARAVIRT */
  
@@ -20738,10 +20759,11 @@ index 7272089..833fdf8 100644
 +	.popsection
 +	GET_CR3_INTO_RDI
 +	cmp $1,%dil
-+	jnz 3f
++	jnz 4f
 +	sub $4097,%rdi
 +	bts $63,%rdi
-+	jmp 2f
++	SET_RDI_INTO_CR3
++	jmp 3f
 +111:
 +
 +	GET_CR3_INTO_RDI
@@ -20772,13 +20794,15 @@ index 7272089..833fdf8 100644
 +	i = i + 1
 +	.endr
 +
++2:	SET_RDI_INTO_CR3
++
 +#ifdef CONFIG_PAX_KERNEXEC
 +	GET_CR0_INTO_RDI
 +	bts $16,%rdi
 +	SET_RDI_INTO_CR0
 +#endif
 +
-+2:	SET_RDI_INTO_CR3
++3:
 +
 +#ifdef CONFIG_PARAVIRT
 +	PV_RESTORE_REGS(CLBR_RDI)
@@ -20788,7 +20812,7 @@ index 7272089..833fdf8 100644
 +	popq %rdi
 +	pax_force_retaddr
 +	retq
-+3:	ud2
++4:	ud2
 +ENDPROC(pax_enter_kernel_user)
 +
 +ENTRY(pax_exit_kernel_user)
@@ -20976,7 +21000,7 @@ index 7272089..833fdf8 100644
  
  .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
  #ifdef CONFIG_TRACE_IRQFLAGS
-@@ -375,8 +805,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -375,8 +808,8 @@ ENDPROC(native_usergs_sysret64)
  	.endm
  
  	.macro UNFAKE_STACK_FRAME
@@ -20987,7 +21011,7 @@ index 7272089..833fdf8 100644
  	.endm
  
  /*
-@@ -463,7 +893,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -463,7 +896,7 @@ ENDPROC(native_usergs_sysret64)
  	movq %rsp, %rsi
  
  	leaq -RBP(%rsp),%rdi	/* arg1 for handler */
@@ -20996,7 +21020,7 @@ index 7272089..833fdf8 100644
  	je 1f
  	SWAPGS
  	/*
-@@ -498,9 +928,10 @@ ENTRY(save_rest)
+@@ -498,9 +931,10 @@ ENTRY(save_rest)
  	movq_cfi r15, R15+16
  	movq %r11, 8(%rsp)	/* return address */
  	FIXUP_TOP_OF_STACK %r11, 16
@@ -21008,7 +21032,7 @@ index 7272089..833fdf8 100644
  
  /* save complete stack frame */
  	.pushsection .kprobes.text, "ax"
-@@ -529,9 +960,10 @@ ENTRY(save_paranoid)
+@@ -529,9 +963,10 @@ ENTRY(save_paranoid)
  	js 1f	/* negative -> in kernel */
  	SWAPGS
  	xorl %ebx,%ebx
@@ -21021,7 +21045,7 @@ index 7272089..833fdf8 100644
  	.popsection
  
  /*
-@@ -553,7 +985,7 @@ ENTRY(ret_from_fork)
+@@ -553,7 +988,7 @@ ENTRY(ret_from_fork)
  
  	RESTORE_REST
  
@@ -21030,7 +21054,7 @@ index 7272089..833fdf8 100644
  	jz   1f
  
  	testl $_TIF_IA32, TI_flags(%rcx)	# 32-bit compat task needs IRET
-@@ -571,7 +1003,7 @@ ENTRY(ret_from_fork)
+@@ -571,7 +1006,7 @@ ENTRY(ret_from_fork)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -21039,7 +21063,7 @@ index 7272089..833fdf8 100644
  
  /*
   * System call entry. Up to 6 arguments in registers are supported.
-@@ -608,7 +1040,7 @@ END(ret_from_fork)
+@@ -608,7 +1043,7 @@ END(ret_from_fork)
  ENTRY(system_call)
  	CFI_STARTPROC	simple
  	CFI_SIGNAL_FRAME
@@ -21048,7 +21072,7 @@ index 7272089..833fdf8 100644
  	CFI_REGISTER	rip,rcx
  	/*CFI_REGISTER	rflags,r11*/
  	SWAPGS_UNSAFE_STACK
-@@ -621,16 +1053,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -621,16 +1056,23 @@ GLOBAL(system_call_after_swapgs)
  
  	movq	%rsp,PER_CPU_VAR(old_rsp)
  	movq	PER_CPU_VAR(kernel_stack),%rsp
@@ -21074,7 +21098,7 @@ index 7272089..833fdf8 100644
  	jnz tracesys
  system_call_fastpath:
  #if __SYSCALL_MASK == ~0
-@@ -640,7 +1079,7 @@ system_call_fastpath:
+@@ -640,7 +1082,7 @@ system_call_fastpath:
  	cmpl $__NR_syscall_max,%eax
  #endif
  	ja badsys
@@ -21083,7 +21107,7 @@ index 7272089..833fdf8 100644
  	call *sys_call_table(,%rax,8)  # XXX:	 rip relative
  	movq %rax,RAX-ARGOFFSET(%rsp)
  /*
-@@ -654,10 +1093,13 @@ sysret_check:
+@@ -654,10 +1096,13 @@ sysret_check:
  	LOCKDEP_SYS_EXIT
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF
@@ -21098,7 +21122,7 @@ index 7272089..833fdf8 100644
  	/*
  	 * sysretq will re-enable interrupts:
  	 */
-@@ -709,14 +1151,18 @@ badsys:
+@@ -709,14 +1154,18 @@ badsys:
  	 * jump back to the normal fast path.
  	 */
  auditsys:
@@ -21118,7 +21142,7 @@ index 7272089..833fdf8 100644
  	jmp system_call_fastpath
  
  	/*
-@@ -737,7 +1183,7 @@ sysret_audit:
+@@ -737,7 +1186,7 @@ sysret_audit:
  	/* Do syscall tracing */
  tracesys:
  #ifdef CONFIG_AUDITSYSCALL
@@ -21127,7 +21151,7 @@ index 7272089..833fdf8 100644
  	jz auditsys
  #endif
  	SAVE_REST
-@@ -745,12 +1191,16 @@ tracesys:
+@@ -745,12 +1194,16 @@ tracesys:
  	FIXUP_TOP_OF_STACK %rdi
  	movq %rsp,%rdi
  	call syscall_trace_enter
@@ -21144,7 +21168,7 @@ index 7272089..833fdf8 100644
  	RESTORE_REST
  #if __SYSCALL_MASK == ~0
  	cmpq $__NR_syscall_max,%rax
-@@ -759,7 +1209,7 @@ tracesys:
+@@ -759,7 +1212,7 @@ tracesys:
  	cmpl $__NR_syscall_max,%eax
  #endif
  	ja   int_ret_from_sys_call	/* RAX(%rsp) set to -ENOSYS above */
@@ -21153,7 +21177,7 @@ index 7272089..833fdf8 100644
  	call *sys_call_table(,%rax,8)
  	movq %rax,RAX-ARGOFFSET(%rsp)
  	/* Use IRET because user could have changed frame */
-@@ -780,7 +1230,9 @@ GLOBAL(int_with_check)
+@@ -780,7 +1233,9 @@ GLOBAL(int_with_check)
  	andl %edi,%edx
  	jnz   int_careful
  	andl    $~TS_COMPAT,TI_status(%rcx)
@@ -21164,7 +21188,7 @@ index 7272089..833fdf8 100644
  
  	/* Either reschedule or signal or syscall exit tracking needed. */
  	/* First do a reschedule test. */
-@@ -826,7 +1278,7 @@ int_restore_rest:
+@@ -826,7 +1281,7 @@ int_restore_rest:
  	TRACE_IRQS_OFF
  	jmp int_with_check
  	CFI_ENDPROC
@@ -21173,7 +21197,7 @@ index 7272089..833fdf8 100644
  
  	.macro FORK_LIKE func
  ENTRY(stub_\func)
-@@ -839,9 +1291,10 @@ ENTRY(stub_\func)
+@@ -839,9 +1294,10 @@ ENTRY(stub_\func)
  	DEFAULT_FRAME 0 8		/* offset 8: return address */
  	call sys_\func
  	RESTORE_TOP_OF_STACK %r11, 8
@@ -21185,7 +21209,7 @@ index 7272089..833fdf8 100644
  	.endm
  
  	.macro FIXED_FRAME label,func
-@@ -851,9 +1304,10 @@ ENTRY(\label)
+@@ -851,9 +1307,10 @@ ENTRY(\label)
  	FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
  	call \func
  	RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -21197,7 +21221,7 @@ index 7272089..833fdf8 100644
  	.endm
  
  	FORK_LIKE  clone
-@@ -870,9 +1324,10 @@ ENTRY(ptregscall_common)
+@@ -870,9 +1327,10 @@ ENTRY(ptregscall_common)
  	movq_cfi_restore R12+8, r12
  	movq_cfi_restore RBP+8, rbp
  	movq_cfi_restore RBX+8, rbx
@@ -21209,7 +21233,7 @@ index 7272089..833fdf8 100644
  
  ENTRY(stub_execve)
  	CFI_STARTPROC
-@@ -885,7 +1340,7 @@ ENTRY(stub_execve)
+@@ -885,7 +1343,7 @@ ENTRY(stub_execve)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -21218,7 +21242,7 @@ index 7272089..833fdf8 100644
  
  /*
   * sigreturn is special because it needs to restore all registers on return.
-@@ -902,7 +1357,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -902,7 +1360,7 @@ ENTRY(stub_rt_sigreturn)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -21227,7 +21251,7 @@ index 7272089..833fdf8 100644
  
  #ifdef CONFIG_X86_X32_ABI
  ENTRY(stub_x32_rt_sigreturn)
-@@ -916,7 +1371,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -916,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -21236,7 +21260,7 @@ index 7272089..833fdf8 100644
  
  ENTRY(stub_x32_execve)
  	CFI_STARTPROC
-@@ -930,7 +1385,7 @@ ENTRY(stub_x32_execve)
+@@ -930,7 +1388,7 @@ ENTRY(stub_x32_execve)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -21245,7 +21269,7 @@ index 7272089..833fdf8 100644
  
  #endif
  
-@@ -967,7 +1422,7 @@ vector=vector+1
+@@ -967,7 +1425,7 @@ vector=vector+1
  2:	jmp common_interrupt
  .endr
  	CFI_ENDPROC
@@ -21254,7 +21278,7 @@ index 7272089..833fdf8 100644
  
  .previous
  END(interrupt)
-@@ -987,6 +1442,16 @@ END(interrupt)
+@@ -987,6 +1445,16 @@ END(interrupt)
  	subq $ORIG_RAX-RBP, %rsp
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
  	SAVE_ARGS_IRQ
@@ -21271,7 +21295,7 @@ index 7272089..833fdf8 100644
  	call \func
  	.endm
  
-@@ -1019,7 +1484,7 @@ ret_from_intr:
+@@ -1019,7 +1487,7 @@ ret_from_intr:
  
  exit_intr:
  	GET_THREAD_INFO(%rcx)
@@ -21280,7 +21304,7 @@ index 7272089..833fdf8 100644
  	je retint_kernel
  
  	/* Interrupt came from user space */
-@@ -1041,12 +1506,16 @@ retint_swapgs:		/* return to user-space */
+@@ -1041,12 +1509,16 @@ retint_swapgs:		/* return to user-space */
  	 * The iretq could re-enable interrupts:
  	 */
  	DISABLE_INTERRUPTS(CLBR_ANY)
@@ -21297,7 +21321,7 @@ index 7272089..833fdf8 100644
  	/*
  	 * The iretq could re-enable interrupts:
  	 */
-@@ -1129,7 +1598,7 @@ ENTRY(retint_kernel)
+@@ -1129,7 +1601,7 @@ ENTRY(retint_kernel)
  #endif
  
  	CFI_ENDPROC
@@ -21306,7 +21330,7 @@ index 7272089..833fdf8 100644
  /*
   * End of kprobes section
   */
-@@ -1147,7 +1616,7 @@ ENTRY(\sym)
+@@ -1147,7 +1619,7 @@ ENTRY(\sym)
  	interrupt \do_sym
  	jmp ret_from_intr
  	CFI_ENDPROC
@@ -21315,7 +21339,7 @@ index 7272089..833fdf8 100644
  .endm
  
  #ifdef CONFIG_SMP
-@@ -1208,12 +1677,22 @@ ENTRY(\sym)
+@@ -1208,12 +1680,22 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -21339,7 +21363,7 @@ index 7272089..833fdf8 100644
  .endm
  
  .macro paranoidzeroentry sym do_sym
-@@ -1226,15 +1705,25 @@ ENTRY(\sym)
+@@ -1226,15 +1708,25 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -21367,7 +21391,7 @@ index 7272089..833fdf8 100644
  .macro paranoidzeroentry_ist sym do_sym ist
  ENTRY(\sym)
  	INTR_FRAME
-@@ -1245,14 +1734,30 @@ ENTRY(\sym)
+@@ -1245,14 +1737,30 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF_DEBUG
@@ -21399,7 +21423,7 @@ index 7272089..833fdf8 100644
  .endm
  
  .macro errorentry sym do_sym
-@@ -1264,13 +1769,23 @@ ENTRY(\sym)
+@@ -1264,13 +1772,23 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -21424,7 +21448,7 @@ index 7272089..833fdf8 100644
  .endm
  
  	/* error code is on the stack already */
-@@ -1284,13 +1799,23 @@ ENTRY(\sym)
+@@ -1284,13 +1802,23 @@ ENTRY(\sym)
  	call save_paranoid
  	DEFAULT_FRAME 0
  	TRACE_IRQS_OFF
@@ -21449,7 +21473,7 @@ index 7272089..833fdf8 100644
  .endm
  
  zeroentry divide_error do_divide_error
-@@ -1320,9 +1845,10 @@ gs_change:
+@@ -1320,9 +1848,10 @@ gs_change:
  2:	mfence		/* workaround */
  	SWAPGS
  	popfq_cfi
@@ -21461,7 +21485,7 @@ index 7272089..833fdf8 100644
  
  	_ASM_EXTABLE(gs_change,bad_gs)
  	.section .fixup,"ax"
-@@ -1350,9 +1876,10 @@ ENTRY(call_softirq)
+@@ -1350,9 +1879,10 @@ ENTRY(call_softirq)
  	CFI_DEF_CFA_REGISTER	rsp
  	CFI_ADJUST_CFA_OFFSET   -8
  	decl PER_CPU_VAR(irq_count)
@@ -21473,7 +21497,7 @@ index 7272089..833fdf8 100644
  
  #ifdef CONFIG_XEN
  zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1390,7 +1917,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
+@@ -1390,7 +1920,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
  	decl PER_CPU_VAR(irq_count)
  	jmp  error_exit
  	CFI_ENDPROC
@@ -21482,7 +21506,7 @@ index 7272089..833fdf8 100644
  
  /*
   * Hypervisor uses this for application faults while it executes.
-@@ -1449,7 +1976,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1449,7 +1979,7 @@ ENTRY(xen_failsafe_callback)
  	SAVE_ALL
  	jmp error_exit
  	CFI_ENDPROC
@@ -21491,7 +21515,7 @@ index 7272089..833fdf8 100644
  
  apicinterrupt HYPERVISOR_CALLBACK_VECTOR \
  	xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1501,18 +2028,33 @@ ENTRY(paranoid_exit)
+@@ -1501,18 +2031,33 @@ ENTRY(paranoid_exit)
  	DEFAULT_FRAME
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF_DEBUG
@@ -21527,7 +21551,7 @@ index 7272089..833fdf8 100644
  	jmp irq_return
  paranoid_userspace:
  	GET_THREAD_INFO(%rcx)
-@@ -1541,7 +2083,7 @@ paranoid_schedule:
+@@ -1541,7 +2086,7 @@ paranoid_schedule:
  	TRACE_IRQS_OFF
  	jmp paranoid_userspace
  	CFI_ENDPROC
@@ -21536,7 +21560,7 @@ index 7272089..833fdf8 100644
  
  /*
   * Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1568,12 +2110,13 @@ ENTRY(error_entry)
+@@ -1568,12 +2113,13 @@ ENTRY(error_entry)
  	movq_cfi r14, R14+8
  	movq_cfi r15, R15+8
  	xorl %ebx,%ebx
@@ -21551,7 +21575,7 @@ index 7272089..833fdf8 100644
  	ret
  
  /*
-@@ -1600,7 +2143,7 @@ bstep_iret:
+@@ -1600,7 +2146,7 @@ bstep_iret:
  	movq %rcx,RIP+8(%rsp)
  	jmp error_swapgs
  	CFI_ENDPROC
@@ -21560,7 +21584,7 @@ index 7272089..833fdf8 100644
  
  
  /* ebx:	no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1611,7 +2154,7 @@ ENTRY(error_exit)
+@@ -1611,7 +2157,7 @@ ENTRY(error_exit)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF
  	GET_THREAD_INFO(%rcx)
@@ -21569,7 +21593,7 @@ index 7272089..833fdf8 100644
  	jne retint_kernel
  	LOCKDEP_SYS_EXIT_IRQ
  	movl TI_flags(%rcx),%edx
-@@ -1620,7 +2163,7 @@ ENTRY(error_exit)
+@@ -1620,7 +2166,7 @@ ENTRY(error_exit)
  	jnz retint_careful
  	jmp retint_swapgs
  	CFI_ENDPROC
@@ -21578,7 +21602,7 @@ index 7272089..833fdf8 100644
  
  /*
   * Test if a given stack is an NMI stack or not.
-@@ -1678,9 +2221,11 @@ ENTRY(nmi)
+@@ -1678,9 +2224,11 @@ ENTRY(nmi)
  	 * If %cs was not the kernel segment, then the NMI triggered in user
  	 * space, which means it is definitely not nested.
  	 */
@@ -21591,7 +21615,7 @@ index 7272089..833fdf8 100644
  	/*
  	 * Check the special variable on the stack to see if NMIs are
  	 * executing.
-@@ -1714,8 +2259,7 @@ nested_nmi:
+@@ -1714,8 +2262,7 @@ nested_nmi:
  
  1:
  	/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -21601,7 +21625,7 @@ index 7272089..833fdf8 100644
  	CFI_ADJUST_CFA_OFFSET 1*8
  	leaq -10*8(%rsp), %rdx
  	pushq_cfi $__KERNEL_DS
-@@ -1733,6 +2277,7 @@ nested_nmi_out:
+@@ -1733,6 +2280,7 @@ nested_nmi_out:
  	CFI_RESTORE rdx
  
  	/* No need to check faults here */
@@ -21609,7 +21633,7 @@ index 7272089..833fdf8 100644
  	INTERRUPT_RETURN
  
  	CFI_RESTORE_STATE
-@@ -1849,6 +2394,8 @@ end_repeat_nmi:
+@@ -1849,6 +2397,8 @@ end_repeat_nmi:
  	 */
  	movq %cr2, %r12
  
@@ -21618,7 +21642,7 @@ index 7272089..833fdf8 100644
  	/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
  	movq %rsp,%rdi
  	movq $-1,%rsi
-@@ -1861,26 +2408,31 @@ end_repeat_nmi:
+@@ -1861,26 +2411,31 @@ end_repeat_nmi:
  	movq %r12, %cr2
  1:
  	
@@ -51934,6 +51958,28 @@ index f02d82b..2632cf86 100644
  	int err;
  	u32 ftype;
  	struct ceph_mds_reply_info_parsed *rinfo;
+diff --git a/fs/ceph/super.c b/fs/ceph/super.c
+index 7d377c9..3fb6559 100644
+--- a/fs/ceph/super.c
++++ b/fs/ceph/super.c
+@@ -839,7 +839,7 @@ static int ceph_compare_super(struct super_block *sb, void *data)
+ /*
+  * construct our own bdi so we can control readahead, etc.
+  */
+-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0);
++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0);
+ 
+ static int ceph_register_bdi(struct super_block *sb,
+ 			     struct ceph_fs_client *fsc)
+@@ -856,7 +856,7 @@ static int ceph_register_bdi(struct super_block *sb,
+ 			default_backing_dev_info.ra_pages;
+ 
+ 	err = bdi_register(&fsc->backing_dev_info, NULL, "ceph-%ld",
+-			   atomic_long_inc_return(&bdi_seq));
++			   atomic_long_inc_return_unchecked(&bdi_seq));
+ 	if (!err)
+ 		sb->s_bdi = &fsc->backing_dev_info;
+ 	return err;
 diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
 index d597483..747901b 100644
 --- a/fs/cifs/cifs_debug.c
@@ -80739,7 +80785,7 @@ index 42670e9..8719c2f 100644
  		.clock_get	= thread_cpu_clock_get,
  		.timer_create	= thread_cpu_timer_create,
 diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
-index 424c2d4..a9194f7 100644
+index 424c2d4..679242f 100644
 --- a/kernel/posix-timers.c
 +++ b/kernel/posix-timers.c
 @@ -43,6 +43,7 @@
@@ -80831,6 +80877,15 @@ index 424c2d4..a9194f7 100644
  }
  
  static int common_timer_create(struct k_itimer *new_timer)
+@@ -597,7 +598,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock,
+ 	struct k_clock *kc = clockid_to_kclock(which_clock);
+ 	struct k_itimer *new_timer;
+ 	int error, new_timer_id;
+-	sigevent_t event;
++	sigevent_t event = { };
+ 	int it_id_set = IT_ID_NOT_SET;
+ 
+ 	if (!kc)
 @@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
  	if (copy_from_user(&new_tp, tp, sizeof (*tp)))
  		return -EFAULT;
@@ -84318,9 +84373,18 @@ index e742d06..c56fdd8 100644
  
  config NOMMU_INITIAL_TRIM_EXCESS
 diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index 5025174..9fc1c5c 100644
+index 5025174..9d67dcd 100644
 --- a/mm/backing-dev.c
 +++ b/mm/backing-dev.c
+@@ -12,7 +12,7 @@
+ #include <linux/device.h>
+ #include <trace/events/writeback.h>
+ 
+-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0);
++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0);
+ 
+ struct backing_dev_info default_backing_dev_info = {
+ 	.name		= "default",
 @@ -515,7 +515,6 @@ EXPORT_SYMBOL(bdi_destroy);
  int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
  			   unsigned int cap)
@@ -84335,7 +84399,7 @@ index 5025174..9fc1c5c 100644
  
 -	sprintf(tmp, "%.28s%s", name, "-%d");
 -	err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq));
-+	err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq));
++	err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return_unchecked(&bdi_seq));
  	if (err) {
  		bdi_destroy(bdi);
  		return err;
diff --git a/3.10.7/4427_force_XATTR_PAX_tmpfs.patch b/3.10.7/4427_force_XATTR_PAX_tmpfs.patch
index e2a9551..3090b07 100644
--- a/3.10.7/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.10.7/4427_force_XATTR_PAX_tmpfs.patch
@@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge.
 diff -Naur a/mm/shmem.c b/mm/shmem.c
 --- a/mm/shmem.c	2013-06-11 21:00:18.000000000 -0400
 +++ b/mm/shmem.c	2013-06-11 21:08:18.000000000 -0400
-@@ -2201,11 +2201,7 @@
+@@ -2203,11 +2203,7 @@
  static int shmem_xattr_validate(const char *name)
  {
  	struct { const char *prefix; size_t len; } arr[] = {
@@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c
  		{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
  		{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
  	};
-@@ -2261,14 +2257,12 @@
+@@ -2263,14 +2259,12 @@
  	if (err)
  		return err;
  
diff --git a/3.10.7/4440_grsec-remove-protected-paths.patch b/3.10.7/4440_grsec-remove-protected-paths.patch
index 637934a..e2c2dc9 100644
--- a/3.10.7/4440_grsec-remove-protected-paths.patch
+++ b/3.10.7/4440_grsec-remove-protected-paths.patch
@@ -6,7 +6,7 @@ the filesystem.
 diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
 --- a/grsecurity/Makefile	2011-10-19 20:42:50.000000000 -0400
 +++ b/grsecurity/Makefile	2011-10-19 20:45:08.000000000 -0400
-@@ -29,10 +29,4 @@
+@@ -33,10 +33,4 @@
  ifdef CONFIG_GRKERNSEC_HIDESYM
  extra-y := grsec_hidesym.o
  $(obj)/grsec_hidesym.o:
diff --git a/3.10.7/4450_grsec-kconfig-default-gids.patch b/3.10.7/4450_grsec-kconfig-default-gids.patch
index f144c0e..7a1010d 100644
--- a/3.10.7/4450_grsec-kconfig-default-gids.patch
+++ b/3.10.7/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2012-10-13 09:51:35.000000000 -0400
 +++ b/grsecurity/Kconfig	2012-10-13 09:52:32.000000000 -0400
-@@ -610,7 +610,7 @@
+@@ -611,7 +611,7 @@
  config GRKERNSEC_AUDIT_GID
  	int "GID for auditing"
  	depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_EXECLOG
  	bool "Exec logging"
-@@ -830,7 +830,7 @@
+@@ -820,7 +820,7 @@
  config GRKERNSEC_TPE_UNTRUSTED_GID
  	int "GID for TPE-untrusted users"
  	depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *enabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -839,7 +839,7 @@
+@@ -829,7 +829,7 @@
  config GRKERNSEC_TPE_TRUSTED_GID
  	int "GID for TPE-trusted users"
  	depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *disabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -932,7 +932,7 @@
+@@ -922,7 +922,7 @@
  config GRKERNSEC_SOCKET_ALL_GID
  	int "GID to deny all sockets for"
  	depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable socket access for. Remember to
  	  add the users you want socket access disabled for to the GID
-@@ -953,7 +953,7 @@
+@@ -943,7 +943,7 @@
  config GRKERNSEC_SOCKET_CLIENT_GID
  	int "GID to deny client sockets for"
  	depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable client socket access for.
  	  Remember to add the users you want client socket access disabled for to
-@@ -971,7 +971,7 @@
+@@ -961,7 +961,7 @@
  config GRKERNSEC_SOCKET_SERVER_GID
  	int "GID to deny server sockets for"
  	depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch b/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch
index b0786d4..042c034 100644
--- a/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 19:32:53.000000000 -0400
-@@ -1030,6 +1030,27 @@
+@@ -1020,6 +1020,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
  
diff --git a/3.10.7/4470_disable-compat_vdso.patch b/3.10.7/4470_disable-compat_vdso.patch
index 424d91f..a2d6ed9 100644
--- a/3.10.7/4470_disable-compat_vdso.patch
+++ b/3.10.7/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
 --- a/arch/x86/Kconfig	2009-07-31 01:36:57.323857684 +0100
 +++ b/arch/x86/Kconfig	2009-07-31 01:51:39.395749681 +0100
-@@ -1786,17 +1786,8 @@
+@@ -1783,17 +1783,8 @@
  
  config COMPAT_VDSO
  	def_bool n
diff --git a/3.10.7/4475_emutramp_default_on.patch b/3.10.7/4475_emutramp_default_on.patch
index 27bfc2d..cfde6f8 100644
--- a/3.10.7/4475_emutramp_default_on.patch
+++ b/3.10.7/4475_emutramp_default_on.patch
@@ -10,7 +10,7 @@ See bug:
 diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
 --- linux-3.9.2-hardened.orig/security/Kconfig	2013-05-18 08:53:41.000000000 -0400
 +++ linux-3.9.2-hardened/security/Kconfig	2013-05-18 09:17:57.000000000 -0400
-@@ -429,7 +429,7 @@
+@@ -427,7 +427,7 @@
  
  config PAX_EMUTRAMP
  	bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
diff --git a/3.2.50/0000_README b/3.2.50/0000_README
index 574e6bc..df20efb 100644
--- a/3.2.50/0000_README
+++ b/3.2.50/0000_README
@@ -118,7 +118,7 @@ Patch:	1049_linux-3.2.50.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.50
 
-Patch:	4420_grsecurity-2.9.1-3.2.50-201308171247.patch
+Patch:	4420_grsecurity-2.9.1-3.2.50-201308181813.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308171247.patch b/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308181813.patch
index a0281fe..d8e4449 100644
--- a/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308171247.patch
+++ b/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308181813.patch
@@ -54513,7 +54513,7 @@ index 516f337..82a82df 100644
  		ret = PTR_ERR(cb_info->task);
  		svc_exit_thread(cb_info->rqst);
 diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
-index 168cb93..20486571 100644
+index 168cb93..de27202 100644
 --- a/fs/nfs/callback_xdr.c
 +++ b/fs/nfs/callback_xdr.c
 @@ -50,7 +50,7 @@ struct callback_op {
@@ -54525,6 +54525,19 @@ index 168cb93..20486571 100644
  
  static struct callback_op callback_ops[];
  
+@@ -451,9 +451,9 @@ static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp,
+ 	args->csa_nrclists = ntohl(*p++);
+ 	args->csa_rclists = NULL;
+ 	if (args->csa_nrclists) {
+-		args->csa_rclists = kmalloc(args->csa_nrclists *
+-					    sizeof(*args->csa_rclists),
+-					    GFP_KERNEL);
++		args->csa_rclists = kmalloc_array(args->csa_nrclists,
++						  sizeof(*args->csa_rclists),
++						  GFP_KERNEL);
+ 		if (unlikely(args->csa_rclists == NULL))
+ 			goto out;
+ 
 diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
 index 756f4df..8bd49ca 100644
 --- a/fs/nfs/dir.c
@@ -73541,7 +73554,7 @@ index efe50af..0d0b145 100644
  
  static inline void nf_reset_trace(struct sk_buff *skb)
 diff --git a/include/linux/slab.h b/include/linux/slab.h
-index 573c809..d82a501 100644
+index 573c809..36fe1a8 100644
 --- a/include/linux/slab.h
 +++ b/include/linux/slab.h
 @@ -11,14 +11,29 @@
@@ -73609,16 +73622,42 @@ index 573c809..d82a501 100644
  
  /*
   * Allocator specific definitions. These are mainly used to establish optimized
-@@ -242,7 +271,7 @@ size_t ksize(const void *);
+@@ -190,7 +219,7 @@ size_t ksize(const void *);
+ #endif
+ 
+ /**
+- * kcalloc - allocate memory for an array. The memory is set to zero.
++ * kmalloc_array - allocate memory for an array.
+  * @n: number of elements.
+  * @size: element size.
+  * @flags: the type of memory to allocate.
+@@ -240,11 +269,22 @@ size_t ksize(const void *);
+  * for general use, and so are not documented here. For a full list of
+  * potential flags, always refer to linux/gfp.h.
   */
- static inline void *kcalloc(size_t n, size_t size, gfp_t flags)
+-static inline void *kcalloc(size_t n, size_t size, gfp_t flags)
++static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
  {
 -	if (size != 0 && n > ULONG_MAX / size)
 +	if (size != 0 && n > SIZE_MAX / size)
  		return NULL;
- 	return __kmalloc(n * size, flags | __GFP_ZERO);
+-	return __kmalloc(n * size, flags | __GFP_ZERO);
++	return __kmalloc(n * size, flags);
++}
++
++/**
++ * kcalloc - allocate memory for an array. The memory is set to zero.
++ * @n: number of elements.
++ * @size: element size.
++ * @flags: the type of memory to allocate (see kmalloc).
++ */
++static inline void *kcalloc(size_t n, size_t size, gfp_t flags)
++{
++	return kmalloc_array(n, size, flags | __GFP_ZERO);
  }
-@@ -287,7 +316,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
+ 
+ #if !defined(CONFIG_NUMA) && !defined(CONFIG_SLOB)
+@@ -287,7 +327,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
   */
  #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
  	(defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
@@ -73627,7 +73666,7 @@ index 573c809..d82a501 100644
  #define kmalloc_track_caller(size, flags) \
  	__kmalloc_track_caller(size, flags, _RET_IP_)
  #else
-@@ -306,7 +335,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
+@@ -306,7 +346,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
   */
  #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
  	(defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
@@ -91195,10 +91234,20 @@ index 403be43..87f09da 100644
  };
  
 diff --git a/net/key/af_key.c b/net/key/af_key.c
-index 6fefdfc..b603137 100644
+index 6fefdfc..454598b 100644
 --- a/net/key/af_key.c
 +++ b/net/key/af_key.c
-@@ -3018,10 +3018,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
+@@ -1924,6 +1924,9 @@ parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
+ 	int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy);
+ 	struct sadb_x_ipsecrequest *rq = (void*)(pol+1);
+ 
++	if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy))
++		return -EINVAL;
++
+ 	while (len >= sizeof(struct sadb_x_ipsecrequest)) {
+ 		if ((err = parse_ipsecrequest(xp, rq)) < 0)
+ 			return err;
+@@ -3018,10 +3021,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
  static u32 get_acqseq(void)
  {
  	u32 res;
@@ -97679,6 +97728,19 @@ index cd094ec..eca1277 100644
  		break;
  	default:
  		return -EINVAL;
+diff --git a/sound/i2c/other/ak4xxx-adda.c b/sound/i2c/other/ak4xxx-adda.c
+index cef813d..ed726d1 100644
+--- a/sound/i2c/other/ak4xxx-adda.c
++++ b/sound/i2c/other/ak4xxx-adda.c
+@@ -571,7 +571,7 @@ static int ak4xxx_capture_source_info(struct snd_kcontrol *kcontrol,
+ 	struct snd_akm4xxx *ak = snd_kcontrol_chip(kcontrol);
+ 	int mixer_ch = AK_GET_SHIFT(kcontrol->private_value);
+ 	const char **input_names;
+-	int  num_names, idx;
++	unsigned int num_names, idx;
+ 
+ 	num_names = ak4xxx_capture_num_inputs(ak, mixer_ch);
+ 	if (!num_names)
 diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c
 index 733b014..56ce96f 100644
 --- a/sound/oss/sb_audio.c
diff --git a/3.2.50/4440_grsec-remove-protected-paths.patch b/3.2.50/4440_grsec-remove-protected-paths.patch
index 637934a..e2c2dc9 100644
--- a/3.2.50/4440_grsec-remove-protected-paths.patch
+++ b/3.2.50/4440_grsec-remove-protected-paths.patch
@@ -6,7 +6,7 @@ the filesystem.
 diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
 --- a/grsecurity/Makefile	2011-10-19 20:42:50.000000000 -0400
 +++ b/grsecurity/Makefile	2011-10-19 20:45:08.000000000 -0400
-@@ -29,10 +29,4 @@
+@@ -33,10 +33,4 @@
  ifdef CONFIG_GRKERNSEC_HIDESYM
  extra-y := grsec_hidesym.o
  $(obj)/grsec_hidesym.o:
diff --git a/3.2.50/4450_grsec-kconfig-default-gids.patch b/3.2.50/4450_grsec-kconfig-default-gids.patch
index c882e28..bb13fd4 100644
--- a/3.2.50/4450_grsec-kconfig-default-gids.patch
+++ b/3.2.50/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2012-10-13 09:51:35.000000000 -0400
 +++ b/grsecurity/Kconfig	2012-10-13 09:52:32.000000000 -0400
-@@ -610,7 +610,7 @@
+@@ -611,7 +611,7 @@
  config GRKERNSEC_AUDIT_GID
  	int "GID for auditing"
  	depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_EXECLOG
  	bool "Exec logging"
-@@ -830,7 +830,7 @@
+@@ -820,7 +820,7 @@
  config GRKERNSEC_TPE_UNTRUSTED_GID
  	int "GID for TPE-untrusted users"
  	depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *enabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -839,7 +839,7 @@
+@@ -829,7 +829,7 @@
  config GRKERNSEC_TPE_TRUSTED_GID
  	int "GID for TPE-trusted users"
  	depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *disabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -932,7 +932,7 @@
+@@ -922,7 +922,7 @@
  config GRKERNSEC_SOCKET_ALL_GID
  	int "GID to deny all sockets for"
  	depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable socket access for. Remember to
  	  add the users you want socket access disabled for to the GID
-@@ -953,7 +953,7 @@
+@@ -943,7 +943,7 @@
  config GRKERNSEC_SOCKET_CLIENT_GID
  	int "GID to deny client sockets for"
  	depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable client socket access for.
  	  Remember to add the users you want client socket access disabled for to
-@@ -971,7 +971,7 @@
+@@ -961,7 +961,7 @@
  config GRKERNSEC_SOCKET_SERVER_GID
  	int "GID to deny server sockets for"
  	depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch
index 5607ab4..28ec979 100644
--- a/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 19:32:53.000000000 -0400
-@@ -1030,6 +1030,27 @@
+@@ -1020,6 +1020,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
  
diff --git a/3.2.50/4475_emutramp_default_on.patch b/3.2.50/4475_emutramp_default_on.patch
index 30f6978..df700e6 100644
--- a/3.2.50/4475_emutramp_default_on.patch
+++ b/3.2.50/4475_emutramp_default_on.patch
@@ -10,7 +10,7 @@ See bug:
 diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
 --- linux-3.9.2-hardened.orig/security/Kconfig	2013-05-18 08:53:41.000000000 -0400
 +++ linux-3.9.2-hardened/security/Kconfig	2013-05-18 09:17:57.000000000 -0400
-@@ -428,7 +428,7 @@
+@@ -426,7 +426,7 @@
  
  config PAX_EMUTRAMP
  	bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
author	Anthony G. Basile <blueness@gentoo.org>	2013-08-19 09:03:59 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2013-08-19 09:03:59 -0400
commit	5780f1157ede8697b5ca74b0aa3e14295e36496c (patch)
tree	ae68b37fc3ef33aa98ad0ef37c0e6c5165daf223
parent	Grsec/PaX: 2.9.1-{2.6.32.61,3.2.50.3.10.7}-201308171249 (diff)
download	hardened-patchset-5780f1157ede8697b5ca74b0aa3e14295e36496c.tar.gz hardened-patchset-5780f1157ede8697b5ca74b0aa3e14295e36496c.tar.bz2 hardened-patchset-5780f1157ede8697b5ca74b0aa3e14295e36496c.zip