Grsec/PaX: 3.0-{3.2.57,3.13.9}-201404111812

58 files changed, 1269 insertions, 95 deletions

diff --git a/3.13.8/4425_grsec_remove_EI_PAX.patch b/3.13.8/4425_grsec_remove_EI_PAX.patch
deleted file mode 100644
index fc51f79..0000000
--- a/3.13.8/4425_grsec_remove_EI_PAX.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-From: Anthony G. Basile <blueness@gentoo.org>
-
-Deprecate EI_PAX.
-
-X-Gentoo-Bug: 445600
-X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
-
-diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
---- linux-3.7.1-hardened.orig/security/Kconfig	2012-12-26 08:39:29.000000000 -0500
-+++ linux-3.7.1-hardened/security/Kconfig	2012-12-26 09:05:44.000000000 -0500
-@@ -268,7 +268,7 @@
- 
- config PAX_EI_PAX
- 	bool 'Use legacy ELF header marking'
--	default y if GRKERNSEC_CONFIG_AUTO
-+	depends on BROKEN
- 	help
- 	  Enabling this option will allow you to control PaX features on
- 	  a per executable basis via the 'chpax' utility available at
diff --git a/3.13.8/0000_README b/3.13.9/0000_README
index 02b8064..97a73be 100644
--- a/3.13.8/0000_README
+++ b/3.13.9/0000_README
@@ -6,10 +6,6 @@ Patch:	4420_grsecurity-3.0-3.13.9-201404062127.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
-Patch:	4425_grsec_remove_EI_PAX.patch
-From:	Anthony G. Basile <blueness@gentoo.org>
-Desc:	Remove EI_PAX option and force off
-
 Patch:	4430_grsec-remove-localversion-grsec.patch
 From:	Kerin Millar <kerframil@gmail.com>
 Desc:	Removes grsecurity's localversion-grsec file
diff --git a/3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch b/3.13.9/4420_grsecurity-3.0-3.13.9-201404111815.patch
index 3408709..a875b82 100644
--- a/3.13.8/4420_grsecurity-3.0-3.13.9-201404062127.patch
+++ b/3.13.9/4420_grsecurity-3.0-3.13.9-201404111815.patch
@@ -25367,7 +25367,7 @@ index 898160b..758cde8 100644
  			reset_current_kprobe();
  		preempt_enable_no_resched();
 diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index ebc9873..1b9724b 100644
+index ebc9873..37b8776 100644
 --- a/arch/x86/kernel/ldt.c
 +++ b/arch/x86/kernel/ldt.c
 @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
@@ -25420,7 +25420,7 @@ index ebc9873..1b9724b 100644
  	return retval;
  }
  
-@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -229,6 +247,24 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
  		}
  	}
  
@@ -25431,6 +25431,17 @@ index ebc9873..1b9724b 100644
 +	}
 +#endif
 +
++	/*
++	 * On x86-64 we do not support 16-bit segments due to
++	 * IRET leaking the high bits of the kernel stack address.
++	 */
++#ifdef CONFIG_X86_64
++	if (!ldt_info.seg_32bit) {
++		error = -EINVAL;
++		goto out_unlock;
++	}
++#endif
++
  	fill_ldt(&ldt, &ldt_info);
  	if (oldmode)
  		ldt.avl = 0;
@@ -43395,10 +43406,31 @@ index 53d487f..f020f41 100644
  		} else
  			memcpy(msg, buf, count);
 diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c
-index 02125e6..e1f8748 100644
+index 02125e6..5a4da94 100644
 --- a/drivers/isdn/isdnloop/isdnloop.c
 +++ b/drivers/isdn/isdnloop/isdnloop.c
-@@ -1070,6 +1070,12 @@ isdnloop_start(isdnloop_card *card, isdnloop_sdef *sdefp)
+@@ -518,9 +518,9 @@ static isdnloop_stat isdnloop_cmd_table[] =
+ static void
+ isdnloop_fake_err(isdnloop_card *card)
+ {
+-	char buf[60];
++	char buf[64];
+ 
+-	sprintf(buf, "E%s", card->omsg);
++	snprintf(buf, sizeof(buf), "E%s", card->omsg);
+ 	isdnloop_fake(card, buf, -1);
+ 	isdnloop_fake(card, "NAK", -1);
+ }
+@@ -903,6 +903,8 @@ isdnloop_parse_cmd(isdnloop_card *card)
+ 	case 7:
+ 		/* 0x;EAZ */
+ 		p += 3;
++		if (strlen(p) >= sizeof(card->eazlist[0]))
++			break;
+ 		strcpy(card->eazlist[ch - 1], p);
+ 		break;
+ 	case 8:
+@@ -1070,6 +1072,12 @@ isdnloop_start(isdnloop_card *card, isdnloop_sdef *sdefp)
  		return -EBUSY;
  	if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef)))
  		return -EFAULT;
@@ -43411,6 +43443,38 @@ index 02125e6..e1f8748 100644
  	spin_lock_irqsave(&card->isdnloop_lock, flags);
  	switch (sdef.ptype) {
  	case ISDN_PTYPE_EURO:
+@@ -1127,7 +1135,7 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card)
+ {
+ 	ulong a;
+ 	int i;
+-	char cbuf[60];
++	char cbuf[80];
+ 	isdn_ctrl cmd;
+ 	isdnloop_cdef cdef;
+ 
+@@ -1192,7 +1200,6 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card)
+ 			break;
+ 		if ((c->arg & 255) < ISDNLOOP_BCH) {
+ 			char *p;
+-			char dial[50];
+ 			char dcode[4];
+ 
+ 			a = c->arg;
+@@ -1204,10 +1211,10 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card)
+ 			} else
+ 				/* Normal Dial */
+ 				strcpy(dcode, "CAL");
+-			strcpy(dial, p);
+-			sprintf(cbuf, "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a + 1),
+-				dcode, dial, c->parm.setup.si1,
+-				c->parm.setup.si2, c->parm.setup.eazmsn);
++			snprintf(cbuf, sizeof(cbuf),
++				 "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a + 1),
++				 dcode, p, c->parm.setup.si1,
++				 c->parm.setup.si2, c->parm.setup.eazmsn);
+ 			i = isdnloop_writecmd(cbuf, strlen(cbuf), 0, card);
+ 		}
+ 		break;
 diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
 index a4f05c5..1433bc5 100644
 --- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -61953,6 +62017,58 @@ index 5d94c02..630214f 100644
  }
  
  void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index 0e90bf0..134691e 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -1070,6 +1070,7 @@ static void nfs4_opendata_free(struct kref *kref)
+ 	dput(p->dentry);
+ 	nfs_sb_deactive(sb);
+ 	nfs_fattr_free_names(&p->f_attr);
++	kfree(p->f_attr.mdsthreshold);
+ 	kfree(p);
+ }
+ 
+@@ -2246,10 +2247,12 @@ static int _nfs4_do_open(struct inode *dir,
+ 		}
+ 	}
+ 
+-	if (ctx_th && server->attr_bitmask[2] & FATTR4_WORD2_MDSTHRESHOLD) {
+-		opendata->f_attr.mdsthreshold = pnfs_mdsthreshold_alloc();
+-		if (!opendata->f_attr.mdsthreshold)
+-			goto err_free_label;
++	if (server->attr_bitmask[2] & FATTR4_WORD2_MDSTHRESHOLD) {
++		if (!opendata->f_attr.mdsthreshold) {
++			opendata->f_attr.mdsthreshold = pnfs_mdsthreshold_alloc();
++			if (!opendata->f_attr.mdsthreshold)
++				goto err_free_label;
++		}
+ 		opendata->o_arg.open_bitmap = &nfs4_pnfs_open_bitmap[0];
+ 	}
+ 	if (dentry->d_inode != NULL)
+@@ -2277,11 +2280,10 @@ static int _nfs4_do_open(struct inode *dir,
+ 	if (opendata->file_created)
+ 		*opened |= FILE_CREATED;
+ 
+-	if (pnfs_use_threshold(ctx_th, opendata->f_attr.mdsthreshold, server))
++	if (pnfs_use_threshold(ctx_th, opendata->f_attr.mdsthreshold, server)) {
+ 		*ctx_th = opendata->f_attr.mdsthreshold;
+-	else
+-		kfree(opendata->f_attr.mdsthreshold);
+-	opendata->f_attr.mdsthreshold = NULL;
++		opendata->f_attr.mdsthreshold = NULL;
++	}
+ 
+ 	nfs4_label_free(olabel);
+ 
+@@ -2291,7 +2293,6 @@ static int _nfs4_do_open(struct inode *dir,
+ err_free_label:
+ 	nfs4_label_free(olabel);
+ err_opendata_put:
+-	kfree(opendata->f_attr.mdsthreshold);
+ 	nfs4_opendata_put(opendata);
+ err_put_state_owner:
+ 	nfs4_put_state_owner(sp);
 diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
 index 419572f..5414a23 100644
 --- a/fs/nfsd/nfs4proc.c
@@ -65158,10 +65274,10 @@ index 104455b..764c512 100644
  		kfree(s);
 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
-index 0000000..81a6826
+index 0000000..3abaf02
 --- /dev/null
 +++ b/grsecurity/Kconfig
-@@ -0,0 +1,1160 @@
+@@ -0,0 +1,1161 @@
 +#
 +# grecurity configuration
 +#
@@ -65217,7 +65333,8 @@ index 0000000..81a6826
 +	  the most notable of which are XFree86 and hwclock.  hwclock can be
 +	  remedied by having RTC support in the kernel, so real-time 
 +	  clock support is enabled if this option is enabled, to ensure 
-+	  that hwclock operates correctly.
++	  that hwclock operates correctly.  If hwclock still does not work,
++	  either update udev or symlink /dev/rtc to /dev/rtc0.
 +
 +	  If you're using XFree86 or a version of Xorg from 2012 or earlier,
 +	  you may not be able to boot into a graphical environment with this
@@ -83026,6 +83143,21 @@ index 8ba8ce2..99b7fff 100644
  		struct sk_buff *skb, int offset, struct iovec *to,
  		size_t len, struct dma_pinned_list *pinned_list);
  
+diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
+index 956b175..55d1504 100644
+--- a/include/net/netfilter/nf_conntrack_extend.h
++++ b/include/net/netfilter/nf_conntrack_extend.h
+@@ -47,8 +47,8 @@ enum nf_ct_ext_id {
+ /* Extensions: optional stuff which isn't permanently in struct. */
+ struct nf_ct_ext {
+ 	struct rcu_head rcu;
+-	u8 offset[NF_CT_EXT_NUM];
+-	u8 len;
++	u16 offset[NF_CT_EXT_NUM];
++	u16 len;
+ 	char data[0];
+ };
+ 
 diff --git a/include/net/netlink.h b/include/net/netlink.h
 index 2b47eaa..6d5bcc2 100644
 --- a/include/net/netlink.h
@@ -98170,7 +98302,7 @@ index 718dfbd..cef4152 100644
  
  	case IPT_SO_GET_ENTRIES:
 diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 242e7f4..a084e95 100644
+index 242e7f4..76cc7ee 100644
 --- a/net/ipv4/ping.c
 +++ b/net/ipv4/ping.c
 @@ -55,7 +55,7 @@
@@ -98182,7 +98314,39 @@ index 242e7f4..a084e95 100644
  EXPORT_SYMBOL_GPL(pingv6_ops);
  
  static u16 ping_port_rover;
-@@ -334,7 +334,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
+@@ -251,23 +251,28 @@ int ping_init_sock(struct sock *sk)
+ 	struct group_info *group_info = get_current_groups();
+ 	int i, j, count = group_info->ngroups;
+ 	kgid_t low, high;
++	int ret = 0;
+ 
+ 	inet_get_ping_group_range_net(net, &low, &high);
+ 	if (gid_lte(low, group) && gid_lte(group, high))
+-		return 0;
++		goto out_release_group;
+ 
+ 	for (i = 0; i < group_info->nblocks; i++) {
+ 		int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
+ 		for (j = 0; j < cp_count; j++) {
+ 			kgid_t gid = group_info->blocks[i][j];
+ 			if (gid_lte(low, gid) && gid_lte(gid, high))
+-				return 0;
++				goto out_release_group;
+ 		}
+ 
+ 		count -= cp_count;
+ 	}
+ 
+-	return -EACCES;
++	ret = -EACCES;
++
++out_release_group:
++	put_group_info(group_info);
++	return ret;
+ }
+ EXPORT_SYMBOL_GPL(ping_init_sock);
+ 
+@@ -334,7 +339,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
  				return -ENODEV;
  			}
  		}
@@ -98191,7 +98355,7 @@ index 242e7f4..a084e95 100644
  						    scoped);
  		rcu_read_unlock();
  
-@@ -542,7 +542,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -542,7 +547,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
  		}
  #if IS_ENABLED(CONFIG_IPV6)
  	} else if (skb->protocol == htons(ETH_P_IPV6)) {
@@ -98200,7 +98364,7 @@ index 242e7f4..a084e95 100644
  #endif
  	}
  
-@@ -560,7 +560,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
+@@ -560,7 +565,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info)
  				      info, (u8 *)icmph);
  #if IS_ENABLED(CONFIG_IPV6)
  		} else if (family == AF_INET6) {
@@ -98209,7 +98373,7 @@ index 242e7f4..a084e95 100644
  						   info, (u8 *)icmph);
  #endif
  		}
-@@ -830,6 +830,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -830,6 +835,8 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
  {
  	struct inet_sock *isk = inet_sk(sk);
  	int family = sk->sk_family;
@@ -98218,7 +98382,7 @@ index 242e7f4..a084e95 100644
  	struct sk_buff *skb;
  	int copied, err;
  
-@@ -839,12 +841,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -839,12 +846,19 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
  	if (flags & MSG_OOB)
  		goto out;
  
@@ -98239,7 +98403,7 @@ index 242e7f4..a084e95 100644
  							  addr_len);
  #endif
  		}
-@@ -876,7 +885,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -876,7 +890,6 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
  			sin->sin_port = 0 /* skb->h.uh->source */;
  			sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
  			memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
@@ -98247,7 +98411,7 @@ index 242e7f4..a084e95 100644
  		}
  
  		if (isk->cmsg_flags)
-@@ -899,11 +907,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -899,11 +912,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
  			sin6->sin6_scope_id =
  				ipv6_iface_scope_id(&sin6->sin6_addr,
  						    IP6CB(skb)->iif);
@@ -98260,7 +98424,7 @@ index 242e7f4..a084e95 100644
  #endif
  	} else {
  		BUG();
-@@ -1093,7 +1100,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -1093,7 +1105,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
  		from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
  		0, sock_i_ino(sp),
  		atomic_read(&sp->sk_refcnt), sp,
@@ -100434,6 +100598,31 @@ index f042ae5..30ea486 100644
  	mutex_unlock(&nf_sockopt_mutex);
  }
  EXPORT_SYMBOL(nf_unregister_sockopt);
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
+index 71a9f49..c09b60c 100644
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -148,8 +148,8 @@ static int nf_tables_chain_type_lookup(const struct nft_af_info *afi,
+ #ifdef CONFIG_MODULES
+ 	if (type < 0 && autoload) {
+ 		nfnl_unlock(NFNL_SUBSYS_NFTABLES);
+-		request_module("nft-chain-%u-%*.s", afi->family,
+-			       nla_len(nla)-1, (const char *)nla_data(nla));
++		request_module("nft-chain-%u-%.*s", afi->family,
++			       nla_len(nla), (const char *)nla_data(nla));
+ 		nfnl_lock(NFNL_SUBSYS_NFTABLES);
+ 		type = __nf_tables_chain_type_lookup(afi->family, nla);
+ 	}
+@@ -1916,7 +1916,8 @@ static const struct nft_set_ops *nft_select_set_ops(const struct nlattr * const
+ 
+ static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
+ 	[NFTA_SET_TABLE]		= { .type = NLA_STRING },
+-	[NFTA_SET_NAME]			= { .type = NLA_STRING },
++	[NFTA_SET_NAME]			= { .type = NLA_STRING,
++					    .len = IFNAMSIZ - 1 },
+ 	[NFTA_SET_FLAGS]		= { .type = NLA_U32 },
+ 	[NFTA_SET_KEY_TYPE]		= { .type = NLA_U32 },
+ 	[NFTA_SET_KEY_LEN]		= { .type = NLA_U32 },
 diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
 index a155d19..726b0f2 100644
 --- a/net/netfilter/nfnetlink_log.c
@@ -119392,6 +119581,19 @@ index b003ad7..c0a02f8 100644
 +#endif
 +
  #endif
+diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c
+index 2d68297..39dc5bc 100644
+--- a/virt/kvm/ioapic.c
++++ b/virt/kvm/ioapic.c
+@@ -306,7 +306,7 @@ static int ioapic_deliver(struct kvm_ioapic *ioapic, int irq, bool line_status)
+ 		BUG_ON(ioapic->rtc_status.pending_eoi != 0);
+ 		ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe,
+ 				ioapic->rtc_status.dest_map);
+-		ioapic->rtc_status.pending_eoi = ret;
++		ioapic->rtc_status.pending_eoi = (ret < 0 ? 0 : ret);
+ 	} else
+ 		ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, NULL);
+ 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
 index 4f588bc..a543c97 100644
 --- a/virt/kvm/kvm_main.c
diff --git a/3.13.8/4427_force_XATTR_PAX_tmpfs.patch b/3.13.9/4427_force_XATTR_PAX_tmpfs.patch
index 23e60cd..23e60cd 100644
--- a/3.13.8/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.13.9/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.13.8/4430_grsec-remove-localversion-grsec.patch b/3.13.9/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.13.8/4430_grsec-remove-localversion-grsec.patch
+++ b/3.13.9/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.13.8/4435_grsec-mute-warnings.patch b/3.13.9/4435_grsec-mute-warnings.patch
index cb51a05..cb51a05 100644
--- a/3.13.8/4435_grsec-mute-warnings.patch
+++ b/3.13.9/4435_grsec-mute-warnings.patch
diff --git a/3.13.8/4440_grsec-remove-protected-paths.patch b/3.13.9/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.13.8/4440_grsec-remove-protected-paths.patch
+++ b/3.13.9/4440_grsec-remove-protected-paths.patch
diff --git a/3.13.8/4450_grsec-kconfig-default-gids.patch b/3.13.9/4450_grsec-kconfig-default-gids.patch
index abff221..abff221 100644
--- a/3.13.8/4450_grsec-kconfig-default-gids.patch
+++ b/3.13.9/4450_grsec-kconfig-default-gids.patch
diff --git a/3.13.8/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.9/4465_selinux-avc_audit-log-curr_ip.patch
index 6caf9de..6caf9de 100644
--- a/3.13.8/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.13.9/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.13.8/4470_disable-compat_vdso.patch b/3.13.9/4470_disable-compat_vdso.patch
index a25c029..a25c029 100644
--- a/3.13.8/4470_disable-compat_vdso.patch
+++ b/3.13.9/4470_disable-compat_vdso.patch
diff --git a/3.13.8/4475_emutramp_default_on.patch b/3.13.9/4475_emutramp_default_on.patch
index a453a5b..a453a5b 100644
--- a/3.13.8/4475_emutramp_default_on.patch
+++ b/3.13.9/4475_emutramp_default_on.patch
diff --git a/3.2.56/0000_README b/3.2.57/0000_README
index 0adc45a..c153165 100644
--- a/3.2.56/0000_README
+++ b/3.2.57/0000_README
@@ -142,7 +142,11 @@ Patch:	1055_linux-3.2.56.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.56
 
-Patch:	4420_grsecurity-3.0-3.2.56-201404062126.patch
+Patch:	1056_linux-3.2.57.patch
+From:	http://www.kernel.org
+Desc:	Linux 3.2.57
+
+Patch:	4420_grsecurity-3.0-3.2.57-201404111812.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.56/1021_linux-3.2.22.patch b/3.2.57/1021_linux-3.2.22.patch
index e6ad93a..e6ad93a 100644
--- a/3.2.56/1021_linux-3.2.22.patch
+++ b/3.2.57/1021_linux-3.2.22.patch
diff --git a/3.2.56/1022_linux-3.2.23.patch b/3.2.57/1022_linux-3.2.23.patch
index 3d796d0..3d796d0 100644
--- a/3.2.56/1022_linux-3.2.23.patch
+++ b/3.2.57/1022_linux-3.2.23.patch
diff --git a/3.2.56/1023_linux-3.2.24.patch b/3.2.57/1023_linux-3.2.24.patch
index 4692eb4..4692eb4 100644
--- a/3.2.56/1023_linux-3.2.24.patch
+++ b/3.2.57/1023_linux-3.2.24.patch
diff --git a/3.2.56/1024_linux-3.2.25.patch b/3.2.57/1024_linux-3.2.25.patch
index e95c213..e95c213 100644
--- a/3.2.56/1024_linux-3.2.25.patch
+++ b/3.2.57/1024_linux-3.2.25.patch
diff --git a/3.2.56/1025_linux-3.2.26.patch b/3.2.57/1025_linux-3.2.26.patch
index 44065b9..44065b9 100644
--- a/3.2.56/1025_linux-3.2.26.patch
+++ b/3.2.57/1025_linux-3.2.26.patch
diff --git a/3.2.56/1026_linux-3.2.27.patch b/3.2.57/1026_linux-3.2.27.patch
index 5878eb4..5878eb4 100644
--- a/3.2.56/1026_linux-3.2.27.patch
+++ b/3.2.57/1026_linux-3.2.27.patch
diff --git a/3.2.56/1027_linux-3.2.28.patch b/3.2.57/1027_linux-3.2.28.patch
index 4dbba4b..4dbba4b 100644
--- a/3.2.56/1027_linux-3.2.28.patch
+++ b/3.2.57/1027_linux-3.2.28.patch
diff --git a/3.2.56/1028_linux-3.2.29.patch b/3.2.57/1028_linux-3.2.29.patch
index 3c65179..3c65179 100644
--- a/3.2.56/1028_linux-3.2.29.patch
+++ b/3.2.57/1028_linux-3.2.29.patch
diff --git a/3.2.56/1029_linux-3.2.30.patch b/3.2.57/1029_linux-3.2.30.patch
index 86aea4b..86aea4b 100644
--- a/3.2.56/1029_linux-3.2.30.patch
+++ b/3.2.57/1029_linux-3.2.30.patch
diff --git a/3.2.56/1030_linux-3.2.31.patch b/3.2.57/1030_linux-3.2.31.patch
index c6accf5..c6accf5 100644
--- a/3.2.56/1030_linux-3.2.31.patch
+++ b/3.2.57/1030_linux-3.2.31.patch
diff --git a/3.2.56/1031_linux-3.2.32.patch b/3.2.57/1031_linux-3.2.32.patch
index 247fc0b..247fc0b 100644
--- a/3.2.56/1031_linux-3.2.32.patch
+++ b/3.2.57/1031_linux-3.2.32.patch
diff --git a/3.2.56/1032_linux-3.2.33.patch b/3.2.57/1032_linux-3.2.33.patch
index c32fb75..c32fb75 100644
--- a/3.2.56/1032_linux-3.2.33.patch
+++ b/3.2.57/1032_linux-3.2.33.patch
diff --git a/3.2.56/1033_linux-3.2.34.patch b/3.2.57/1033_linux-3.2.34.patch
index d647b38..d647b38 100644
--- a/3.2.56/1033_linux-3.2.34.patch
+++ b/3.2.57/1033_linux-3.2.34.patch
diff --git a/3.2.56/1034_linux-3.2.35.patch b/3.2.57/1034_linux-3.2.35.patch
index 76a9c19..76a9c19 100644
--- a/3.2.56/1034_linux-3.2.35.patch
+++ b/3.2.57/1034_linux-3.2.35.patch
diff --git a/3.2.56/1035_linux-3.2.36.patch b/3.2.57/1035_linux-3.2.36.patch
index 5d192a3..5d192a3 100644
--- a/3.2.56/1035_linux-3.2.36.patch
+++ b/3.2.57/1035_linux-3.2.36.patch
diff --git a/3.2.56/1036_linux-3.2.37.patch b/3.2.57/1036_linux-3.2.37.patch
index ad13251..ad13251 100644
--- a/3.2.56/1036_linux-3.2.37.patch
+++ b/3.2.57/1036_linux-3.2.37.patch
diff --git a/3.2.56/1037_linux-3.2.38.patch b/3.2.57/1037_linux-3.2.38.patch
index a3c106f..a3c106f 100644
--- a/3.2.56/1037_linux-3.2.38.patch
+++ b/3.2.57/1037_linux-3.2.38.patch
diff --git a/3.2.56/1038_linux-3.2.39.patch b/3.2.57/1038_linux-3.2.39.patch
index 5639e92..5639e92 100644
--- a/3.2.56/1038_linux-3.2.39.patch
+++ b/3.2.57/1038_linux-3.2.39.patch
diff --git a/3.2.56/1039_linux-3.2.40.patch b/3.2.57/1039_linux-3.2.40.patch
index f26b39c..f26b39c 100644
--- a/3.2.56/1039_linux-3.2.40.patch
+++ b/3.2.57/1039_linux-3.2.40.patch
diff --git a/3.2.56/1040_linux-3.2.41.patch b/3.2.57/1040_linux-3.2.41.patch
index 0d27fcb..0d27fcb 100644
--- a/3.2.56/1040_linux-3.2.41.patch
+++ b/3.2.57/1040_linux-3.2.41.patch
diff --git a/3.2.56/1041_linux-3.2.42.patch b/3.2.57/1041_linux-3.2.42.patch
index 77a08ed..77a08ed 100644
--- a/3.2.56/1041_linux-3.2.42.patch
+++ b/3.2.57/1041_linux-3.2.42.patch
diff --git a/3.2.56/1042_linux-3.2.43.patch b/3.2.57/1042_linux-3.2.43.patch
index a3f878b..a3f878b 100644
--- a/3.2.56/1042_linux-3.2.43.patch
+++ b/3.2.57/1042_linux-3.2.43.patch
diff --git a/3.2.56/1043_linux-3.2.44.patch b/3.2.57/1043_linux-3.2.44.patch
index 3d5e6ff..3d5e6ff 100644
--- a/3.2.56/1043_linux-3.2.44.patch
+++ b/3.2.57/1043_linux-3.2.44.patch
diff --git a/3.2.56/1044_linux-3.2.45.patch b/3.2.57/1044_linux-3.2.45.patch
index 44e1767..44e1767 100644
--- a/3.2.56/1044_linux-3.2.45.patch
+++ b/3.2.57/1044_linux-3.2.45.patch
diff --git a/3.2.56/1045_linux-3.2.46.patch b/3.2.57/1045_linux-3.2.46.patch
index bc10efd..bc10efd 100644
--- a/3.2.56/1045_linux-3.2.46.patch
+++ b/3.2.57/1045_linux-3.2.46.patch
diff --git a/3.2.56/1046_linux-3.2.47.patch b/3.2.57/1046_linux-3.2.47.patch
index b74563c..b74563c 100644
--- a/3.2.56/1046_linux-3.2.47.patch
+++ b/3.2.57/1046_linux-3.2.47.patch
diff --git a/3.2.56/1047_linux-3.2.48.patch b/3.2.57/1047_linux-3.2.48.patch
index 6d55b1f..6d55b1f 100644
--- a/3.2.56/1047_linux-3.2.48.patch
+++ b/3.2.57/1047_linux-3.2.48.patch
diff --git a/3.2.56/1048_linux-3.2.49.patch b/3.2.57/1048_linux-3.2.49.patch
index 2dab0cf..2dab0cf 100644
--- a/3.2.56/1048_linux-3.2.49.patch
+++ b/3.2.57/1048_linux-3.2.49.patch
diff --git a/3.2.56/1049_linux-3.2.50.patch b/3.2.57/1049_linux-3.2.50.patch
index 20b3015..20b3015 100644
--- a/3.2.56/1049_linux-3.2.50.patch
+++ b/3.2.57/1049_linux-3.2.50.patch
diff --git a/3.2.56/1050_linux-3.2.51.patch b/3.2.57/1050_linux-3.2.51.patch
index 5d5832b..5d5832b 100644
--- a/3.2.56/1050_linux-3.2.51.patch
+++ b/3.2.57/1050_linux-3.2.51.patch
diff --git a/3.2.56/1051_linux-3.2.52.patch b/3.2.57/1051_linux-3.2.52.patch
index 94b9359..94b9359 100644
--- a/3.2.56/1051_linux-3.2.52.patch
+++ b/3.2.57/1051_linux-3.2.52.patch
diff --git a/3.2.56/1052_linux-3.2.53.patch b/3.2.57/1052_linux-3.2.53.patch
index 986d714..986d714 100644
--- a/3.2.56/1052_linux-3.2.53.patch
+++ b/3.2.57/1052_linux-3.2.53.patch
diff --git a/3.2.56/1053_linux-3.2.54.patch b/3.2.57/1053_linux-3.2.54.patch
index a907496..a907496 100644
--- a/3.2.56/1053_linux-3.2.54.patch
+++ b/3.2.57/1053_linux-3.2.54.patch
diff --git a/3.2.56/1054_linux-3.2.55.patch b/3.2.57/1054_linux-3.2.55.patch
index 6071ff5..6071ff5 100644
--- a/3.2.56/1054_linux-3.2.55.patch
+++ b/3.2.57/1054_linux-3.2.55.patch
diff --git a/3.2.56/1055_linux-3.2.56.patch b/3.2.57/1055_linux-3.2.56.patch
index 2e8239c..2e8239c 100644
--- a/3.2.56/1055_linux-3.2.56.patch
+++ b/3.2.57/1055_linux-3.2.56.patch
diff --git a/3.2.57/1056_linux-3.2.57.patch b/3.2.57/1056_linux-3.2.57.patch
new file mode 100644
index 0000000..7b8f174
--- /dev/null
+++ b/3.2.57/1056_linux-3.2.57.patch
@@ -0,0 +1,905 @@
+diff --git a/Makefile b/Makefile
+index ec90bfb..c92db9b 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 2
+-SUBLEVEL = 56
++SUBLEVEL = 57
+ EXTRAVERSION =
+ NAME = Saber-toothed Squirrel
+ 
+diff --git a/arch/s390/kernel/head64.S b/arch/s390/kernel/head64.S
+index 99348c0..78be245 100644
+--- a/arch/s390/kernel/head64.S
++++ b/arch/s390/kernel/head64.S
+@@ -61,7 +61,7 @@ ENTRY(startup_continue)
+ 	.quad	0			# cr12: tracing off
+ 	.quad	0			# cr13: home space segment table
+ 	.quad	0xc0000000		# cr14: machine check handling off
+-	.quad	0			# cr15: linkage stack operations
++	.quad	.Llinkage_stack		# cr15: linkage stack operations
+ .Lpcmsk:.quad	0x0000000180000000
+ .L4malign:.quad 0xffffffffffc00000
+ .Lscan2g:.quad	0x80000000 + 0x20000 - 8	# 2GB + 128K - 8
+@@ -69,12 +69,15 @@ ENTRY(startup_continue)
+ .Lparmaddr:
+ 	.quad	PARMAREA
+ 	.align	64
+-.Lduct: .long	0,0,0,0,.Lduald,0,0,0
++.Lduct: .long	0,.Laste,.Laste,0,.Lduald,0,0,0
+ 	.long	0,0,0,0,0,0,0,0
++.Laste:	.quad	0,0xffffffffffffffff,0,0,0,0,0,0
+ 	.align	128
+ .Lduald:.rept	8
+ 	.long	0x80000000,0,0,0	# invalid access-list entries
+ 	.endr
++.Llinkage_stack:
++	.long	0,0,0x89000000,0,0,0,0x8a000000,0
+ 
+ ENTRY(_ehead)
+ 
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
+index f1b36cf..db2ffef 100644
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -2451,6 +2451,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
+ 	int emulate = 0;
+ 	gfn_t pseudo_gfn;
+ 
++	if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
++		return 0;
++
+ 	for_each_shadow_entry(vcpu, (u64)gfn << PAGE_SHIFT, iterator) {
+ 		if (iterator.level == level) {
+ 			unsigned pte_access = ACC_ALL;
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
+index aac5ea7..a4f6bda 100644
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -6273,8 +6273,8 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
+ 	struct vcpu_vmx *vmx = to_vmx(vcpu);
+ 
+ 	free_vpid(vmx);
+-	free_nested(vmx);
+ 	free_loaded_vmcs(vmx->loaded_vmcs);
++	free_nested(vmx);
+ 	kfree(vmx->guest_msrs);
+ 	kvm_vcpu_uninit(vcpu);
+ 	kmem_cache_free(kvm_vcpu_cache, vmx);
+diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
+index 7be5fd9..bc35070 100644
+--- a/drivers/input/mouse/synaptics.c
++++ b/drivers/input/mouse/synaptics.c
+@@ -237,11 +237,22 @@ static int synaptics_identify(struct psmouse *psmouse)
+  * Read touchpad resolution and maximum reported coordinates
+  * Resolution is left zero if touchpad does not support the query
+  */
++
++static const int *quirk_min_max;
++
+ static int synaptics_resolution(struct psmouse *psmouse)
+ {
+ 	struct synaptics_data *priv = psmouse->private;
+ 	unsigned char resp[3];
+ 
++	if (quirk_min_max) {
++		priv->x_min = quirk_min_max[0];
++		priv->x_max = quirk_min_max[1];
++		priv->y_min = quirk_min_max[2];
++		priv->y_max = quirk_min_max[3];
++		return 0;
++	}
++
+ 	if (SYN_ID_MAJOR(priv->identity) < 4)
+ 		return 0;
+ 
+@@ -1364,10 +1375,54 @@ static const struct dmi_system_id __initconst olpc_dmi_table[] = {
+ 	{ }
+ };
+ 
++static const struct dmi_system_id min_max_dmi_table[] __initconst = {
++#if defined(CONFIG_DMI)
++	{
++		/* Lenovo ThinkPad Helix */
++		.matches = {
++			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
++			DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad Helix"),
++		},
++		.driver_data = (int []){1024, 5052, 2258, 4832},
++	},
++	{
++		/* Lenovo ThinkPad X240 */
++		.matches = {
++			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
++			DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad X240"),
++		},
++		.driver_data = (int []){1232, 5710, 1156, 4696},
++	},
++	{
++		/* Lenovo ThinkPad T440s */
++		.matches = {
++			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
++			DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad T440"),
++		},
++		.driver_data = (int []){1024, 5112, 2024, 4832},
++	},
++	{
++		/* Lenovo ThinkPad T540p */
++		.matches = {
++			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
++			DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad T540"),
++		},
++		.driver_data = (int []){1024, 5056, 2058, 4832},
++	},
++#endif
++	{ }
++};
++
+ void __init synaptics_module_init(void)
+ {
++	const struct dmi_system_id *min_max_dmi;
++
+ 	impaired_toshiba_kbc = dmi_check_system(toshiba_dmi_table);
+ 	broken_olpc_ec = dmi_check_system(olpc_dmi_table);
++
++	min_max_dmi = dmi_first_match(min_max_dmi_table);
++	if (min_max_dmi)
++		quirk_min_max = min_max_dmi->driver_data;
+ }
+ 
+ int synaptics_init(struct psmouse *psmouse)
+diff --git a/drivers/net/usb/asix.c b/drivers/net/usb/asix.c
+index 6729585..98ab759 100644
+--- a/drivers/net/usb/asix.c
++++ b/drivers/net/usb/asix.c
+@@ -183,6 +183,17 @@ struct ax88172_int_data {
+ 	__le16 res3;
+ } __packed;
+ 
++struct asix_rx_fixup_info {
++	struct sk_buff *ax_skb;
++	u32 header;
++	u16 size;
++	bool split_head;
++};
++
++struct asix_common_private {
++	struct asix_rx_fixup_info rx_fixup_info;
++};
++
+ static int asix_read_cmd(struct usbnet *dev, u8 cmd, u16 value, u16 index,
+ 			    u16 size, void *data)
+ {
+@@ -304,97 +315,89 @@ asix_write_cmd_async(struct usbnet *dev, u8 cmd, u16 value, u16 index,
+ 	}
+ }
+ 
+-static int asix_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
++static int asix_rx_fixup_internal(struct usbnet *dev, struct sk_buff *skb,
++				  struct asix_rx_fixup_info *rx)
+ {
+-	u8  *head;
+-	u32  header;
+-	char *packet;
+-	struct sk_buff *ax_skb;
+-	u16 size;
++	int offset = 0;
++
++	while (offset + sizeof(u16) <= skb->len) {
++		u16 remaining = 0;
++		unsigned char *data;
++
++		if (!rx->size) {
++			if ((skb->len - offset == sizeof(u16)) ||
++			    rx->split_head) {
++				if(!rx->split_head) {
++					rx->header = get_unaligned_le16(
++							skb->data + offset);
++					rx->split_head = true;
++					offset += sizeof(u16);
++					break;
++				} else {
++					rx->header |= (get_unaligned_le16(
++							skb->data + offset)
++							<< 16);
++					rx->split_head = false;
++					offset += sizeof(u16);
++				}
++			} else {
++				rx->header = get_unaligned_le32(skb->data +
++								offset);
++				offset += sizeof(u32);
++			}
+ 
+-	head = (u8 *) skb->data;
+-	memcpy(&header, head, sizeof(header));
+-	le32_to_cpus(&header);
+-	packet = head + sizeof(header);
+-
+-	skb_pull(skb, 4);
+-
+-	while (skb->len > 0) {
+-		if ((header & 0x07ff) != ((~header >> 16) & 0x07ff))
+-			netdev_err(dev->net, "asix_rx_fixup() Bad Header Length\n");
+-
+-		/* get the packet length */
+-		size = (u16) (header & 0x000007ff);
+-
+-		if ((skb->len) - ((size + 1) & 0xfffe) == 0) {
+-			u8 alignment = (unsigned long)skb->data & 0x3;
+-			if (alignment != 0x2) {
+-				/*
+-				 * not 16bit aligned so use the room provided by
+-				 * the 32 bit header to align the data
+-				 *
+-				 * note we want 16bit alignment as MAC header is
+-				 * 14bytes thus ip header will be aligned on
+-				 * 32bit boundary so accessing ipheader elements
+-				 * using a cast to struct ip header wont cause
+-				 * an unaligned accesses.
+-				 */
+-				u8 realignment = (alignment + 2) & 0x3;
+-				memmove(skb->data - realignment,
+-					skb->data,
+-					size);
+-				skb->data -= realignment;
+-				skb_set_tail_pointer(skb, size);
++			/* get the packet length */
++			rx->size = (u16) (rx->header & 0x7ff);
++			if (rx->size != ((~rx->header >> 16) & 0x7ff)) {
++				netdev_err(dev->net, "asix_rx_fixup() Bad Header Length 0x%x, offset %d\n",
++					   rx->header, offset);
++				rx->size = 0;
++				return 0;
+ 			}
+-			return 2;
++			rx->ax_skb = netdev_alloc_skb_ip_align(dev->net,
++							       rx->size);
++			if (!rx->ax_skb)
++				return 0;
+ 		}
+ 
+-		if (size > dev->net->mtu + ETH_HLEN + VLAN_HLEN) {
++		if (rx->size > dev->net->mtu + ETH_HLEN + VLAN_HLEN) {
+ 			netdev_err(dev->net, "asix_rx_fixup() Bad RX Length %d\n",
+-				   size);
+-			return 0;
+-		}
+-		ax_skb = skb_clone(skb, GFP_ATOMIC);
+-		if (ax_skb) {
+-			u8 alignment = (unsigned long)packet & 0x3;
+-			ax_skb->len = size;
+-
+-			if (alignment != 0x2) {
+-				/*
+-				 * not 16bit aligned use the room provided by
+-				 * the 32 bit header to align the data
+-				 */
+-				u8 realignment = (alignment + 2) & 0x3;
+-				memmove(packet - realignment, packet, size);
+-				packet -= realignment;
+-			}
+-			ax_skb->data = packet;
+-			skb_set_tail_pointer(ax_skb, size);
+-			usbnet_skb_return(dev, ax_skb);
+-		} else {
++				   rx->size);
++			kfree_skb(rx->ax_skb);
+ 			return 0;
+ 		}
+ 
+-		skb_pull(skb, (size + 1) & 0xfffe);
++		if (rx->size > skb->len - offset) {
++			remaining = rx->size - (skb->len - offset);
++			rx->size = skb->len - offset;
++		}
+ 
+-		if (skb->len < sizeof(header))
+-			break;
++		data = skb_put(rx->ax_skb, rx->size);
++		memcpy(data, skb->data + offset, rx->size);
++		if (!remaining)
++			usbnet_skb_return(dev, rx->ax_skb);
+ 
+-		head = (u8 *) skb->data;
+-		memcpy(&header, head, sizeof(header));
+-		le32_to_cpus(&header);
+-		packet = head + sizeof(header);
+-		skb_pull(skb, 4);
++		offset += (rx->size + 1) & 0xfffe;
++		rx->size = remaining;
+ 	}
+ 
+-	if (skb->len < 0) {
+-		netdev_err(dev->net, "asix_rx_fixup() Bad SKB Length %d\n",
+-			   skb->len);
++	if (skb->len != offset) {
++		netdev_err(dev->net, "asix_rx_fixup() Bad SKB Length %d, %d\n",
++			   skb->len, offset);
+ 		return 0;
+ 	}
++
+ 	return 1;
+ }
+ 
++static int asix_rx_fixup_common(struct usbnet *dev, struct sk_buff *skb)
++{
++	struct asix_common_private *dp = dev->driver_priv;
++	struct asix_rx_fixup_info *rx = &dp->rx_fixup_info;
++
++	return asix_rx_fixup_internal(dev, skb, rx);
++}
++
+ static struct sk_buff *asix_tx_fixup(struct usbnet *dev, struct sk_buff *skb,
+ 					gfp_t flags)
+ {
+@@ -1154,9 +1157,19 @@ static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf)
+ 		dev->rx_urb_size = 2048;
+ 	}
+ 
++	dev->driver_priv = kzalloc(sizeof(struct asix_common_private), GFP_KERNEL);
++	if (!dev->driver_priv)
++		return -ENOMEM;
++
+ 	return 0;
+ }
+ 
++static void ax88772_unbind(struct usbnet *dev, struct usb_interface *intf)
++{
++	if (dev->driver_priv)
++		kfree(dev->driver_priv);
++}
++
+ static struct ethtool_ops ax88178_ethtool_ops = {
+ 	.get_drvinfo		= asix_get_drvinfo,
+ 	.get_link		= asix_get_link,
+@@ -1489,6 +1502,10 @@ static int ax88178_bind(struct usbnet *dev, struct usb_interface *intf)
+ 		dev->rx_urb_size = 2048;
+ 	}
+ 
++	dev->driver_priv = kzalloc(sizeof(struct asix_common_private), GFP_KERNEL);
++	if (!dev->driver_priv)
++			return -ENOMEM;
++
+ 	return 0;
+ }
+ 
+@@ -1535,22 +1552,25 @@ static const struct driver_info hawking_uf200_info = {
+ static const struct driver_info ax88772_info = {
+ 	.description = "ASIX AX88772 USB 2.0 Ethernet",
+ 	.bind = ax88772_bind,
++	.unbind = ax88772_unbind,
+ 	.status = asix_status,
+ 	.link_reset = ax88772_link_reset,
+ 	.reset = ax88772_reset,
+-	.flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_LINK_INTR,
+-	.rx_fixup = asix_rx_fixup,
++	.flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_LINK_INTR | FLAG_MULTI_PACKET,
++	.rx_fixup = asix_rx_fixup_common,
+ 	.tx_fixup = asix_tx_fixup,
+ };
+ 
+ static const struct driver_info ax88178_info = {
+ 	.description = "ASIX AX88178 USB 2.0 Ethernet",
+ 	.bind = ax88178_bind,
++	.unbind = ax88772_unbind,
+ 	.status = asix_status,
+ 	.link_reset = ax88178_link_reset,
+ 	.reset = ax88178_reset,
+-	.flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_LINK_INTR,
+-	.rx_fixup = asix_rx_fixup,
++	.flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_LINK_INTR |
++		 FLAG_MULTI_PACKET,
++	.rx_fixup = asix_rx_fixup_common,
+ 	.tx_fixup = asix_tx_fixup,
+ };
+ 
+diff --git a/drivers/staging/speakup/kobjects.c b/drivers/staging/speakup/kobjects.c
+index 07a7f54..6829195 100644
+--- a/drivers/staging/speakup/kobjects.c
++++ b/drivers/staging/speakup/kobjects.c
+@@ -521,9 +521,9 @@ static ssize_t punc_store(struct kobject *kobj, struct kobj_attribute *attr,
+ 	spk_lock(flags);
+ 
+ 	if (*punc_buf == 'd' || *punc_buf == 'r')
+-		x = set_mask_bits(0, var->value, 3);
++		x = spk_set_mask_bits(0, var->value, 3);
+ 	else
+-		x = set_mask_bits(punc_buf, var->value, 3);
++		x = spk_set_mask_bits(punc_buf, var->value, 3);
+ 
+ 	spk_unlock(flags);
+ 	return count;
+diff --git a/drivers/staging/speakup/main.c b/drivers/staging/speakup/main.c
+index 0d70f68..a076351 100644
+--- a/drivers/staging/speakup/main.c
++++ b/drivers/staging/speakup/main.c
+@@ -2265,7 +2265,7 @@ static int __init speakup_init(void)
+ 	     (var->var_id >= 0) && (var->var_id < MAXVARS); var++)
+ 		speakup_register_var(var);
+ 	for (i = 1; punc_info[i].mask != 0; i++)
+-		set_mask_bits(0, i, 2);
++		spk_set_mask_bits(0, i, 2);
+ 
+ 	set_key_info(key_defaults, key_buf);
+ 	if (quiet_boot)
+diff --git a/drivers/staging/speakup/speakup.h b/drivers/staging/speakup/speakup.h
+index 412b879..f39c0a2 100644
+--- a/drivers/staging/speakup/speakup.h
++++ b/drivers/staging/speakup/speakup.h
+@@ -71,7 +71,7 @@ extern struct st_var_header *var_header_by_name(const char *name);
+ extern struct punc_var_t *get_punc_var(enum var_id_t var_id);
+ extern int set_num_var(int val, struct st_var_header *var, int how);
+ extern int set_string_var(const char *page, struct st_var_header *var, int len);
+-extern int set_mask_bits(const char *input, const int which, const int how);
++extern int spk_set_mask_bits(const char *input, const int which, const int how);
+ extern special_func special_handler;
+ extern int handle_help(struct vc_data *vc, u_char type, u_char ch, u_short key);
+ extern int synth_init(char *name);
+diff --git a/drivers/staging/speakup/varhandlers.c b/drivers/staging/speakup/varhandlers.c
+index ab7de93..75eaf27 100644
+--- a/drivers/staging/speakup/varhandlers.c
++++ b/drivers/staging/speakup/varhandlers.c
+@@ -267,11 +267,11 @@ int set_string_var(const char *page, struct st_var_header *var, int len)
+ 	return ret;
+ }
+ 
+-/* set_mask_bits sets or clears the punc/delim/repeat bits,
++/* spk_set_mask_bits sets or clears the punc/delim/repeat bits,
+  * if input is null uses the defaults.
+  * values for how: 0 clears bits of chars supplied,
+  * 1 clears allk, 2 sets bits for chars */
+-int set_mask_bits(const char *input, const int which, const int how)
++int spk_set_mask_bits(const char *input, const int which, const int how)
+ {
+ 	u_char *cp;
+ 	short mask = punc_info[which].mask;
+diff --git a/fs/cifs/file.c b/fs/cifs/file.c
+index c55808e..aa05d5e 100644
+--- a/fs/cifs/file.c
++++ b/fs/cifs/file.c
+@@ -2107,7 +2107,7 @@ cifs_iovec_write(struct file *file, const struct iovec *iov,
+ {
+ 	unsigned int written;
+ 	unsigned long num_pages, npages, i;
+-	size_t copied, len, cur_len;
++	size_t bytes, copied, len, cur_len;
+ 	ssize_t total_written = 0;
+ 	struct kvec *to_send;
+ 	struct page **pages;
+@@ -2165,17 +2165,45 @@ cifs_iovec_write(struct file *file, const struct iovec *iov,
+ 	do {
+ 		size_t save_len = cur_len;
+ 		for (i = 0; i < npages; i++) {
+-			copied = min_t(const size_t, cur_len, PAGE_CACHE_SIZE);
++			bytes = min_t(const size_t, cur_len, PAGE_CACHE_SIZE);
+ 			copied = iov_iter_copy_from_user(pages[i], &it, 0,
+-							 copied);
++							 bytes);
+ 			cur_len -= copied;
+ 			iov_iter_advance(&it, copied);
+ 			to_send[i+1].iov_base = kmap(pages[i]);
+ 			to_send[i+1].iov_len = copied;
++			/*
++			 * If we didn't copy as much as we expected, then that
++			 * may mean we trod into an unmapped area. Stop copying
++			 * at that point. On the next pass through the big
++			 * loop, we'll likely end up getting a zero-length
++			 * write and bailing out of it.
++			 */
++			if (copied < bytes)
++				break;
+ 		}
+ 
+ 		cur_len = save_len - cur_len;
+ 
++		/*
++		 * If we have no data to send, then that probably means that
++		 * the copy above failed altogether. That's most likely because
++		 * the address in the iovec was bogus. Set the rc to -EFAULT,
++		 * free anything we allocated and bail out.
++		 */
++		if (!cur_len) {
++			kunmap(pages[0]);
++			if (!total_written)
++				total_written = -EFAULT;
++			break;
++		}
++
++		/*
++		 * i + 1 now represents the number of pages we actually used in
++		 * the copy phase above.
++		 */
++		npages = min(npages, i + 1);
++
+ 		do {
+ 			if (open_file->invalidHandle) {
+ 				rc = cifs_reopen_file(open_file, false);
+diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
+index 45778a6..dc9f0ec 100644
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -38,6 +38,7 @@
+ #include <linux/printk.h>
+ #include <linux/slab.h>
+ #include <linux/ratelimit.h>
++#include <linux/bitops.h>
+ 
+ #include "ext4_jbd2.h"
+ #include "xattr.h"
+@@ -3694,18 +3695,20 @@ int ext4_get_inode_loc(struct inode *inode, struct ext4_iloc *iloc)
+ void ext4_set_inode_flags(struct inode *inode)
+ {
+ 	unsigned int flags = EXT4_I(inode)->i_flags;
++	unsigned int new_fl = 0;
+ 
+-	inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC);
+ 	if (flags & EXT4_SYNC_FL)
+-		inode->i_flags |= S_SYNC;
++		new_fl |= S_SYNC;
+ 	if (flags & EXT4_APPEND_FL)
+-		inode->i_flags |= S_APPEND;
++		new_fl |= S_APPEND;
+ 	if (flags & EXT4_IMMUTABLE_FL)
+-		inode->i_flags |= S_IMMUTABLE;
++		new_fl |= S_IMMUTABLE;
+ 	if (flags & EXT4_NOATIME_FL)
+-		inode->i_flags |= S_NOATIME;
++		new_fl |= S_NOATIME;
+ 	if (flags & EXT4_DIRSYNC_FL)
+-		inode->i_flags |= S_DIRSYNC;
++		new_fl |= S_DIRSYNC;
++	set_mask_bits(&inode->i_flags,
++		      S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC, new_fl);
+ }
+ 
+ /* Propagate flags from i_flags to EXT4_I(inode)->i_flags */
+diff --git a/include/linux/bitops.h b/include/linux/bitops.h
+index fc8a3ff..87a375f 100644
+--- a/include/linux/bitops.h
++++ b/include/linux/bitops.h
+@@ -168,6 +168,21 @@ static inline unsigned long __ffs64(u64 word)
+ 
+ #ifdef __KERNEL__
+ 
++#ifndef set_mask_bits
++#define set_mask_bits(ptr, _mask, _bits)	\
++({								\
++	const typeof(*ptr) mask = (_mask), bits = (_bits);	\
++	typeof(*ptr) old, new;					\
++								\
++	do {							\
++		old = ACCESS_ONCE(*ptr);			\
++		new = (old & ~mask) | bits;			\
++	} while (cmpxchg(ptr, old, new) != old);		\
++								\
++	new;							\
++})
++#endif
++
+ #ifndef find_last_bit
+ /**
+  * find_last_bit - find the last set bit in a memory region
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index 85180bf..13bd6d0 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -2143,6 +2143,8 @@ extern int	       skb_shift(struct sk_buff *tgt, struct sk_buff *skb,
+ 
+ extern struct sk_buff *skb_segment(struct sk_buff *skb, u32 features);
+ 
++unsigned int skb_gso_transport_seglen(const struct sk_buff *skb);
++
+ static inline void *skb_header_pointer(const struct sk_buff *skb, int offset,
+ 				       int len, void *buffer)
+ {
+@@ -2555,5 +2557,22 @@ static inline bool skb_is_recycleable(const struct sk_buff *skb, int skb_size)
+ 
+ 	return true;
+ }
++
++/**
++ * skb_gso_network_seglen - Return length of individual segments of a gso packet
++ *
++ * @skb: GSO skb
++ *
++ * skb_gso_network_seglen is used to determine the real size of the
++ * individual segments, including Layer3 (IP, IPv6) and L4 headers (TCP/UDP).
++ *
++ * The MAC/L2 header is not accounted for.
++ */
++static inline unsigned int skb_gso_network_seglen(const struct sk_buff *skb)
++{
++	unsigned int hdr_len = skb_transport_header(skb) -
++			       skb_network_header(skb);
++	return hdr_len + skb_gso_transport_seglen(skb);
++}
+ #endif	/* __KERNEL__ */
+ #endif	/* _LINUX_SKBUFF_H */
+diff --git a/ipc/msg.c b/ipc/msg.c
+index 7385de2..25f1a61 100644
+--- a/ipc/msg.c
++++ b/ipc/msg.c
+@@ -296,7 +296,9 @@ static void freeque(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp)
+ 	}
+ 	atomic_sub(msq->q_cbytes, &ns->msg_bytes);
+ 	security_msg_queue_free(msq);
++	ipc_lock_by_ptr(&msq->q_perm);
+ 	ipc_rcu_putref(msq);
++	ipc_unlock(&msq->q_perm);
+ }
+ 
+ /*
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c
+index 5d6cb54..8ac4a0f 100644
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -45,6 +45,8 @@
+ #include <linux/in.h>
+ #include <linux/inet.h>
+ #include <linux/slab.h>
++#include <linux/tcp.h>
++#include <linux/udp.h>
+ #include <linux/netdevice.h>
+ #ifdef CONFIG_NET_CLS_ACT
+ #include <net/pkt_sched.h>
+@@ -3181,3 +3183,26 @@ void __skb_warn_lro_forwarding(const struct sk_buff *skb)
+ 			   " while LRO is enabled\n", skb->dev->name);
+ }
+ EXPORT_SYMBOL(__skb_warn_lro_forwarding);
++
++/**
++ * skb_gso_transport_seglen - Return length of individual segments of a gso packet
++ *
++ * @skb: GSO skb
++ *
++ * skb_gso_transport_seglen is used to determine the real size of the
++ * individual segments, including Layer4 headers (TCP/UDP).
++ *
++ * The MAC/L2 or network (IP, IPv6) headers are not accounted for.
++ */
++unsigned int skb_gso_transport_seglen(const struct sk_buff *skb)
++{
++	const struct skb_shared_info *shinfo = skb_shinfo(skb);
++	unsigned int hdr_len;
++
++	if (likely(shinfo->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)))
++		hdr_len = tcp_hdrlen(skb);
++	else
++		hdr_len = sizeof(struct udphdr);
++	return hdr_len + shinfo->gso_size;
++}
++EXPORT_SYMBOL_GPL(skb_gso_transport_seglen);
+diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
+index 29a07b6..e0d9f02 100644
+--- a/net/ipv4/ip_forward.c
++++ b/net/ipv4/ip_forward.c
+@@ -39,6 +39,68 @@
+ #include <net/route.h>
+ #include <net/xfrm.h>
+ 
++static bool ip_may_fragment(const struct sk_buff *skb)
++{
++	return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
++	       !skb->local_df;
++}
++
++static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
++{
++	if (skb->len <= mtu || skb->local_df)
++		return false;
++
++	if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
++		return false;
++
++	return true;
++}
++
++static bool ip_gso_exceeds_dst_mtu(const struct sk_buff *skb)
++{
++	unsigned int mtu;
++
++	if (skb->local_df || !skb_is_gso(skb))
++		return false;
++
++	mtu = dst_mtu(skb_dst(skb));
++
++	/* if seglen > mtu, do software segmentation for IP fragmentation on
++	 * output.  DF bit cannot be set since ip_forward would have sent
++	 * icmp error.
++	 */
++	return skb_gso_network_seglen(skb) > mtu;
++}
++
++/* called if GSO skb needs to be fragmented on forward */
++static int ip_forward_finish_gso(struct sk_buff *skb)
++{
++	struct sk_buff *segs;
++	int ret = 0;
++
++	segs = skb_gso_segment(skb, 0);
++	if (IS_ERR(segs)) {
++		kfree_skb(skb);
++		return -ENOMEM;
++	}
++
++	consume_skb(skb);
++
++	do {
++		struct sk_buff *nskb = segs->next;
++		int err;
++
++		segs->next = NULL;
++		err = dst_output(segs);
++
++		if (err && ret == 0)
++			ret = err;
++		segs = nskb;
++	} while (segs);
++
++	return ret;
++}
++
+ static int ip_forward_finish(struct sk_buff *skb)
+ {
+ 	struct ip_options * opt	= &(IPCB(skb)->opt);
+@@ -48,6 +110,9 @@ static int ip_forward_finish(struct sk_buff *skb)
+ 	if (unlikely(opt->optlen))
+ 		ip_forward_options(skb);
+ 
++	if (ip_gso_exceeds_dst_mtu(skb))
++		return ip_forward_finish_gso(skb);
++
+ 	return dst_output(skb);
+ }
+ 
+@@ -87,8 +152,7 @@ int ip_forward(struct sk_buff *skb)
+ 	if (opt->is_strictroute && opt->nexthop != rt->rt_gateway)
+ 		goto sr_failed;
+ 
+-	if (unlikely(skb->len > dst_mtu(&rt->dst) && !skb_is_gso(skb) &&
+-		     (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
++	if (!ip_may_fragment(skb) && ip_exceeds_mtu(skb, dst_mtu(&rt->dst))) {
+ 		IP_INC_STATS(dev_net(rt->dst.dev), IPSTATS_MIB_FRAGFAILS);
+ 		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+ 			  htonl(dst_mtu(&rt->dst)));
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index d3fde7e..cd4b529 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -381,6 +381,17 @@ static inline int ip6_forward_finish(struct sk_buff *skb)
+ 	return dst_output(skb);
+ }
+ 
++static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
++{
++	if (skb->len <= mtu || skb->local_df)
++		return false;
++
++	if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
++		return false;
++
++	return true;
++}
++
+ int ip6_forward(struct sk_buff *skb)
+ {
+ 	struct dst_entry *dst = skb_dst(skb);
+@@ -504,7 +515,7 @@ int ip6_forward(struct sk_buff *skb)
+ 	if (mtu < IPV6_MIN_MTU)
+ 		mtu = IPV6_MIN_MTU;
+ 
+-	if (skb->len > mtu && !skb_is_gso(skb)) {
++	if (ip6_pkt_too_big(skb, mtu)) {
+ 		/* Again, force OUTPUT device used as source address */
+ 		skb->dev = dst->dev;
+ 		icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
+index 2e664a6..8aa94ee 100644
+--- a/net/netfilter/nf_conntrack_proto_dccp.c
++++ b/net/netfilter/nf_conntrack_proto_dccp.c
+@@ -431,7 +431,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
+ 	const char *msg;
+ 	u_int8_t state;
+ 
+-	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
++	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
+ 	BUG_ON(dh == NULL);
+ 
+ 	state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
+@@ -483,7 +483,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
+ 	u_int8_t type, old_state, new_state;
+ 	enum ct_dccp_roles role;
+ 
+-	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
++	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
+ 	BUG_ON(dh == NULL);
+ 	type = dh->dccph_type;
+ 
+@@ -575,7 +575,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
+ 	unsigned int cscov;
+ 	const char *msg;
+ 
+-	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
++	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
+ 	if (dh == NULL) {
+ 		msg = "nf_ct_dccp: short packet ";
+ 		goto out_invalid;
+diff --git a/scripts/package/builddeb b/scripts/package/builddeb
+index 3c6c0b1..bee55f6 100644
+--- a/scripts/package/builddeb
++++ b/scripts/package/builddeb
+@@ -41,9 +41,9 @@ create_package() {
+ 	parisc*)
+ 		debarch=hppa ;;
+ 	mips*)
+-		debarch=mips$(grep -q CPU_LITTLE_ENDIAN=y .config && echo el) ;;
++		debarch=mips$(grep -q CPU_LITTLE_ENDIAN=y $KCONFIG_CONFIG && echo el || true) ;;
+ 	arm*)
+-		debarch=arm$(grep -q CONFIG_AEABI=y .config && echo el) ;;
++		debarch=arm$(grep -q CONFIG_AEABI=y $KCONFIG_CONFIG && echo el || true) ;;
+ 	*)
+ 		echo "" >&2
+ 		echo "** ** **  WARNING  ** ** **" >&2
+@@ -62,7 +62,7 @@ create_package() {
+ 	fi
+ 
+ 	# Create the package
+-	dpkg-gencontrol -isp $forcearch -p$pname -P"$pdir"
++	dpkg-gencontrol -isp $forcearch -Vkernel:debarch="${debarch:-$(dpkg --print-architecture)}" -p$pname -P"$pdir"
+ 	dpkg --build "$pdir" ..
+ }
+ 
+@@ -105,12 +105,12 @@ fi
+ if [ "$ARCH" = "um" ] ; then
+ 	$MAKE linux
+ 	cp System.map "$tmpdir/usr/lib/uml/modules/$version/System.map"
+-	cp .config "$tmpdir/usr/share/doc/$packagename/config"
++	cp $KCONFIG_CONFIG "$tmpdir/usr/share/doc/$packagename/config"
+ 	gzip "$tmpdir/usr/share/doc/$packagename/config"
+ 	cp $KBUILD_IMAGE "$tmpdir/usr/bin/linux-$version"
+ else 
+ 	cp System.map "$tmpdir/boot/System.map-$version"
+-	cp .config "$tmpdir/boot/config-$version"
++	cp $KCONFIG_CONFIG "$tmpdir/boot/config-$version"
+ 	# Not all arches include the boot path in KBUILD_IMAGE
+ 	if [ -e $KBUILD_IMAGE ]; then
+ 		cp $KBUILD_IMAGE "$tmpdir/boot/vmlinuz-$version"
+@@ -119,7 +119,7 @@ else
+ 	fi
+ fi
+ 
+-if grep -q '^CONFIG_MODULES=y' .config ; then
++if grep -q '^CONFIG_MODULES=y' $KCONFIG_CONFIG ; then
+ 	INSTALL_MOD_PATH="$tmpdir" make KBUILD_SRC= modules_install
+ 	if [ "$ARCH" = "um" ] ; then
+ 		mv "$tmpdir/lib/modules/$version"/* "$tmpdir/usr/lib/uml/modules/$version/"
+@@ -240,21 +240,21 @@ fi
+ # Build header package
+ (cd $srctree; find . -name Makefile -o -name Kconfig\* -o -name \*.pl > "$objtree/debian/hdrsrcfiles")
+ (cd $srctree; find arch/$SRCARCH/include include scripts -type f >> "$objtree/debian/hdrsrcfiles")
+-(cd $objtree; find .config Module.symvers include scripts -type f >> "$objtree/debian/hdrobjfiles")
++(cd $objtree; find Module.symvers include scripts -type f >> "$objtree/debian/hdrobjfiles")
+ destdir=$kernel_headers_dir/usr/src/linux-headers-$version
+ mkdir -p "$destdir"
+ (cd $srctree; tar -c -f - -T "$objtree/debian/hdrsrcfiles") | (cd $destdir; tar -xf -)
+ (cd $objtree; tar -c -f - -T "$objtree/debian/hdrobjfiles") | (cd $destdir; tar -xf -)
++(cd $objtree; cp $KCONFIG_CONFIG $destdir/.config) # copy .config manually to be where it's expected to be
+ rm -f "$objtree/debian/hdrsrcfiles" "$objtree/debian/hdrobjfiles"
+-arch=$(dpkg --print-architecture)
+ 
+ cat <<EOF >> debian/control
+ 
+ Package: $kernel_headers_packagename
+ Provides: linux-headers, linux-headers-2.6
+-Architecture: $arch
+-Description: Linux kernel headers for $KERNELRELEASE on $arch
+- This package provides kernel header files for $KERNELRELEASE on $arch
++Architecture: any
++Description: Linux kernel headers for $KERNELRELEASE on \${kernel:debarch}
++ This package provides kernel header files for $KERNELRELEASE on \${kernel:debarch}
+  .
+  This is useful for people who need to build external modules
+ EOF
diff --git a/3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch b/3.2.57/4420_grsecurity-3.0-3.2.57-201404111812.patch
index f93b78b..8dc447e 100644
--- a/3.2.56/4420_grsecurity-3.0-3.2.56-201404062126.patch
+++ b/3.2.57/4420_grsecurity-3.0-3.2.57-201404111812.patch
@@ -273,7 +273,7 @@ index 88fd7f5..b318a78 100644
  ==============================================================
  
 diff --git a/Makefile b/Makefile
-index ec90bfb..3e09b31 100644
+index c92db9b..500e773 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -21638,7 +21638,7 @@ index a9c2116..94c1e1a 100644
  };
  #endif
 diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index ea69726..604d066 100644
+index ea69726..2476f99 100644
 --- a/arch/x86/kernel/ldt.c
 +++ b/arch/x86/kernel/ldt.c
 @@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
@@ -21691,7 +21691,7 @@ index ea69726..604d066 100644
  	return retval;
  }
  
-@@ -230,6 +248,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -230,6 +248,24 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
  		}
  	}
  
@@ -21702,6 +21702,17 @@ index ea69726..604d066 100644
 +	}
 +#endif
 +
++	/*
++	 * On x86-64 we do not support 16-bit segments due to
++	 * IRET leaking the high bits of the kernel stack address.
++	 */
++#ifdef CONFIG_X86_64
++	if (!ldt_info.seg_32bit) {
++		error = -EINVAL;
++		goto out_unlock;
++	}
++#endif
++
  	fill_ldt(&ldt, &ldt_info);
  	if (oldmode)
  		ldt.avl = 0;
@@ -24403,10 +24414,10 @@ index 176205a..920cd58 100644
  #define APIC_LVT_NUM			6
  /* 14 is the version for Xeon and Pentium 8.4.8*/
 diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
-index f1b36cf..af8a124 100644
+index db2ffef..1e6c37a 100644
 --- a/arch/x86/kvm/mmu.c
 +++ b/arch/x86/kvm/mmu.c
-@@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
+@@ -3558,7 +3558,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
  
  	pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes);
  
@@ -24415,7 +24426,7 @@ index f1b36cf..af8a124 100644
  
  	/*
  	 * Assume that the pte write on a page table of the same type
-@@ -3587,7 +3587,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
+@@ -3590,7 +3590,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
  	}
  
  	spin_lock(&vcpu->kvm->mmu_lock);
@@ -24474,7 +24485,7 @@ index 2102a17..16e1531 100644
  
  	local_irq_disable();
 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index aac5ea7..266eda9 100644
+index a4f6bda..40eb721 100644
 --- a/arch/x86/kvm/vmx.c
 +++ b/arch/x86/kvm/vmx.c
 @@ -1099,12 +1099,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -41308,10 +41319,31 @@ index 1f355bb..43f1fea 100644
  		} else
  			memcpy(msg, buf, count);
 diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c
-index 4df80fb..6a58169 100644
+index 4df80fb..75ca5d2 100644
 --- a/drivers/isdn/isdnloop/isdnloop.c
 +++ b/drivers/isdn/isdnloop/isdnloop.c
-@@ -1070,6 +1070,12 @@ isdnloop_start(isdnloop_card * card, isdnloop_sdef * sdefp)
+@@ -518,9 +518,9 @@ static isdnloop_stat isdnloop_cmd_table[] =
+ static void
+ isdnloop_fake_err(isdnloop_card * card)
+ {
+-	char buf[60];
++	char buf[64];
+ 
+-	sprintf(buf, "E%s", card->omsg);
++	snprintf(buf, sizeof(buf), "E%s", card->omsg);
+ 	isdnloop_fake(card, buf, -1);
+ 	isdnloop_fake(card, "NAK", -1);
+ }
+@@ -903,6 +903,8 @@ isdnloop_parse_cmd(isdnloop_card * card)
+ 		case 7:
+ 			/* 0x;EAZ */
+ 			p += 3;
++			if (strlen(p) >= sizeof(card->eazlist[0]))
++				break;
+ 			strcpy(card->eazlist[ch - 1], p);
+ 			break;
+ 		case 8:
+@@ -1070,6 +1072,12 @@ isdnloop_start(isdnloop_card * card, isdnloop_sdef * sdefp)
  		return -EBUSY;
  	if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef)))
  		return -EFAULT;
@@ -41324,6 +41356,38 @@ index 4df80fb..6a58169 100644
  	spin_lock_irqsave(&card->isdnloop_lock, flags);
  	switch (sdef.ptype) {
  		case ISDN_PTYPE_EURO:
+@@ -1127,7 +1135,7 @@ isdnloop_command(isdn_ctrl * c, isdnloop_card * card)
+ {
+ 	ulong a;
+ 	int i;
+-	char cbuf[60];
++	char cbuf[80];
+ 	isdn_ctrl cmd;
+ 	isdnloop_cdef cdef;
+ 
+@@ -1192,7 +1200,6 @@ isdnloop_command(isdn_ctrl * c, isdnloop_card * card)
+ 				break;
+ 			if ((c->arg & 255) < ISDNLOOP_BCH) {
+ 				char *p;
+-				char dial[50];
+ 				char dcode[4];
+ 
+ 				a = c->arg;
+@@ -1204,10 +1211,10 @@ isdnloop_command(isdn_ctrl * c, isdnloop_card * card)
+ 				} else
+ 					/* Normal Dial */
+ 					strcpy(dcode, "CAL");
+-				strcpy(dial, p);
+-				sprintf(cbuf, "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a + 1),
+-					dcode, dial, c->parm.setup.si1,
+-				c->parm.setup.si2, c->parm.setup.eazmsn);
++				snprintf(cbuf, sizeof(cbuf),
++					 "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a + 1),
++					 dcode, p, c->parm.setup.si1,
++					 c->parm.setup.si2, c->parm.setup.eazmsn);
+ 				i = isdnloop_writecmd(cbuf, strlen(cbuf), 0, card);
+ 			}
+ 			break;
 diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
 index 4d395de..c504763 100644
 --- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -55031,7 +55095,7 @@ index 7b68088..17a275b 100644
  GLOBAL_EXTERN atomic_t smBufAllocCount;
  GLOBAL_EXTERN atomic_t midCount;
 diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index c55808e..c1814ab 100644
+index aa05d5e..4c7ee5d 100644
 --- a/fs/cifs/file.c
 +++ b/fs/cifs/file.c
 @@ -1690,10 +1690,14 @@ static int cifs_writepages(struct address_space *mapping,
@@ -63454,10 +63518,10 @@ index 8a89949..6776861 100644
  xfs_init_zones(void)
 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
-index 0000000..d913d1e
+index 0000000..802b13c
 --- /dev/null
 +++ b/grsecurity/Kconfig
-@@ -0,0 +1,1146 @@
+@@ -0,0 +1,1147 @@
 +#
 +# grecurity configuration
 +#
@@ -63513,7 +63577,8 @@ index 0000000..d913d1e
 +	  the most notable of which are XFree86 and hwclock.  hwclock can be
 +	  remedied by having RTC support in the kernel, so real-time 
 +	  clock support is enabled if this option is enabled, to ensure 
-+	  that hwclock operates correctly.
++	  that hwclock operates correctly.  If hwclock still does not work,
++	  either update udev or symlink /dev/rtc to /dev/rtc0.
 +
 +	  If you're using XFree86 or a version of Xorg from 2012 or earlier,
 +	  you may not be able to boot into a graphical environment with this
@@ -75464,7 +75529,7 @@ index d337419..1d6a512f 100644
  extern int __register_binfmt(struct linux_binfmt *fmt, int insert);
  
 diff --git a/include/linux/bitops.h b/include/linux/bitops.h
-index fc8a3ff..ad5938b 100644
+index 87a375f..94c85dd 100644
 --- a/include/linux/bitops.h
 +++ b/include/linux/bitops.h
 @@ -74,7 +74,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift)
@@ -80523,7 +80588,7 @@ index 92808b8..c28cac4 100644
  
  /* shm_mode upper byte flags */
 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 85180bf..78919aa 100644
+index 13bd6d0..fbdc193 100644
 --- a/include/linux/skbuff.h
 +++ b/include/linux/skbuff.h
 @@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb);
@@ -80589,7 +80654,7 @@ index 85180bf..78919aa 100644
  					       int offset, struct iovec *to,
  					       int size);
  extern int	       skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
-@@ -2380,6 +2380,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2382,6 +2382,9 @@ static inline void nf_reset(struct sk_buff *skb)
  	nf_bridge_put(skb->nf_bridge);
  	skb->nf_bridge = NULL;
  #endif
@@ -82072,6 +82137,21 @@ index 8ba8ce2..99b7fff 100644
  		struct sk_buff *skb, int offset, struct iovec *to,
  		size_t len, struct dma_pinned_list *pinned_list);
  
+diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
+index 2dcf317..d918074 100644
+--- a/include/net/netfilter/nf_conntrack_extend.h
++++ b/include/net/netfilter/nf_conntrack_extend.h
+@@ -33,8 +33,8 @@ enum nf_ct_ext_id {
+ /* Extensions: optional stuff which isn't permanently in struct. */
+ struct nf_ct_ext {
+ 	struct rcu_head rcu;
+-	u8 offset[NF_CT_EXT_NUM];
+-	u8 len;
++	u16 offset[NF_CT_EXT_NUM];
++	u16 len;
+ 	char data[0];
+ };
+ 
 diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
 index 252fd10..aa1421f 100644
 --- a/include/net/netfilter/nf_queue.h
@@ -83516,10 +83596,10 @@ index 5b4293d..f179875 100644
  		if (u->mq_bytes + mq_bytes < u->mq_bytes ||
  		    u->mq_bytes + mq_bytes > task_rlimit(p, RLIMIT_MSGQUEUE)) {
 diff --git a/ipc/msg.c b/ipc/msg.c
-index 7385de2..a8180e08 100644
+index 25f1a61..58f7ac1 100644
 --- a/ipc/msg.c
 +++ b/ipc/msg.c
-@@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
+@@ -311,18 +311,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
  	return security_msg_queue_associate(msq, msgflg);
  }
  
@@ -98338,10 +98418,10 @@ index 925991a..209a505 100644
  #ifdef CONFIG_INET
  static u32 seq_scale(u32 seq)
 diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index 5d6cb54..6367e1e 100644
+index 8ac4a0f..4ca060b 100644
 --- a/net/core/skbuff.c
 +++ b/net/core/skbuff.c
-@@ -2872,13 +2872,15 @@ void __init skb_init(void)
+@@ -2874,13 +2874,15 @@ void __init skb_init(void)
  	skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
  					      sizeof(struct sk_buff),
  					      0,
@@ -99266,10 +99346,43 @@ index b550815..c3b44d5 100644
  	/* copy_len <= skb->len, so can't fail. */
  	if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
 diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 00975b6..e922b06 100644
+index 00975b6..ebd3af9 100644
 --- a/net/ipv4/ping.c
 +++ b/net/ipv4/ping.c
-@@ -835,7 +835,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
+@@ -205,10 +205,11 @@ static int ping_init_sock(struct sock *sk)
+ 	gid_t range[2];
+ 	struct group_info *group_info = get_current_groups();
+ 	int i, j, count = group_info->ngroups;
++	int ret = 0;
+ 
+ 	inet_get_ping_group_range_net(net, range, range+1);
+ 	if (range[0] <= group && group <= range[1])
+-		return 0;
++		goto out_release_group;
+ 
+ 	for (i = 0; i < group_info->nblocks; i++) {
+ 		int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
+@@ -216,13 +217,17 @@ static int ping_init_sock(struct sock *sk)
+ 		for (j = 0; j < cp_count; j++) {
+ 			group = group_info->blocks[i][j];
+ 			if (range[0] <= group && group <= range[1])
+-				return 0;
++				goto out_release_group;
+ 		}
+ 
+ 		count -= cp_count;
+ 	}
+ 
+-	return -EACCES;
++	ret = -EACCES;
++
++out_release_group:
++	put_group_info(group_info);
++	return ret;
+ }
+ 
+ static void ping_close(struct sock *sk, long timeout)
+@@ -835,7 +840,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
  		sk_rmem_alloc_get(sp),
  		0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
  		atomic_read(&sp->sk_refcnt), sp,
@@ -100195,10 +100308,10 @@ index 1567fb1..29af910 100644
  			dst = NULL;
  		}
 diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index d3fde7e..f526e49 100644
+index cd4b529..b059726 100644
 --- a/net/ipv6/ip6_output.c
 +++ b/net/ipv6/ip6_output.c
-@@ -600,8 +600,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
+@@ -611,8 +611,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
  
  void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
  {
@@ -100209,7 +100322,7 @@ index d3fde7e..f526e49 100644
  
  	if (rt && !(rt->dst.flags & DST_NOPEER)) {
  		struct inet_peer *peer;
-@@ -614,13 +614,10 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
+@@ -625,13 +625,10 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
  			return;
  		}
  	}
@@ -101488,7 +101601,7 @@ index 14af632..9914188 100644
  	table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
  			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
-index 2e664a6..c854e4a 100644
+index 8aa94ee..c854e4a 100644
 --- a/net/netfilter/nf_conntrack_proto_dccp.c
 +++ b/net/netfilter/nf_conntrack_proto_dccp.c
 @@ -391,7 +391,7 @@ struct dccp_net {
@@ -101500,15 +101613,6 @@ index 2e664a6..c854e4a 100644
  #endif
  };
  
-@@ -431,7 +431,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
- 	const char *msg;
- 	u_int8_t state;
- 
--	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
-+	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
- 	BUG_ON(dh == NULL);
- 
- 	state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
 @@ -459,7 +459,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
  
  out_invalid:
@@ -101518,24 +101622,6 @@ index 2e664a6..c854e4a 100644
  	return false;
  }
  
-@@ -483,7 +483,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
- 	u_int8_t type, old_state, new_state;
- 	enum ct_dccp_roles role;
- 
--	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
-+	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
- 	BUG_ON(dh == NULL);
- 	type = dh->dccph_type;
- 
-@@ -575,7 +575,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
- 	unsigned int cscov;
- 	const char *msg;
- 
--	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
-+	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
- 	if (dh == NULL) {
- 		msg = "nf_ct_dccp: short packet ";
- 		goto out_invalid;
 @@ -612,7 +612,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
  
  out_invalid:
@@ -104859,13 +104945,13 @@ index 0865b3e..7235dd4 100644
  	__ksymtab_gpl		: { *(SORT(___ksymtab_gpl+*)) }
  	__ksymtab_unused	: { *(SORT(___ksymtab_unused+*)) }
 diff --git a/scripts/package/builddeb b/scripts/package/builddeb
-index 3c6c0b1..3e4dbf3 100644
+index bee55f6..4108c4b 100644
 --- a/scripts/package/builddeb
 +++ b/scripts/package/builddeb
 @@ -241,6 +241,7 @@ fi
  (cd $srctree; find . -name Makefile -o -name Kconfig\* -o -name \*.pl > "$objtree/debian/hdrsrcfiles")
  (cd $srctree; find arch/$SRCARCH/include include scripts -type f >> "$objtree/debian/hdrsrcfiles")
- (cd $objtree; find .config Module.symvers include scripts -type f >> "$objtree/debian/hdrobjfiles")
+ (cd $objtree; find Module.symvers include scripts -type f >> "$objtree/debian/hdrobjfiles")
 +(cd $objtree; find tools/gcc -name \*.so >> "$objtree/debian/hdrobjfiles")
  destdir=$kernel_headers_dir/usr/src/linux-headers-$version
  mkdir -p "$destdir"
diff --git a/3.2.56/4425_grsec_remove_EI_PAX.patch b/3.2.57/4425_grsec_remove_EI_PAX.patch
index cf65d90..cf65d90 100644
--- a/3.2.56/4425_grsec_remove_EI_PAX.patch
+++ b/3.2.57/4425_grsec_remove_EI_PAX.patch
diff --git a/3.2.56/4427_force_XATTR_PAX_tmpfs.patch b/3.2.57/4427_force_XATTR_PAX_tmpfs.patch
index 8c7a533..8c7a533 100644
--- a/3.2.56/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.2.57/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.2.56/4430_grsec-remove-localversion-grsec.patch b/3.2.57/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.2.56/4430_grsec-remove-localversion-grsec.patch
+++ b/3.2.57/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.56/4435_grsec-mute-warnings.patch b/3.2.57/4435_grsec-mute-warnings.patch
index f099757..f099757 100644
--- a/3.2.56/4435_grsec-mute-warnings.patch
+++ b/3.2.57/4435_grsec-mute-warnings.patch
diff --git a/3.2.56/4440_grsec-remove-protected-paths.patch b/3.2.57/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.2.56/4440_grsec-remove-protected-paths.patch
+++ b/3.2.57/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.56/4450_grsec-kconfig-default-gids.patch b/3.2.57/4450_grsec-kconfig-default-gids.patch
index 2c2c6ec..2c2c6ec 100644
--- a/3.2.56/4450_grsec-kconfig-default-gids.patch
+++ b/3.2.57/4450_grsec-kconfig-default-gids.patch
diff --git a/3.2.56/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.57/4465_selinux-avc_audit-log-curr_ip.patch
index 610fb07..610fb07 100644
--- a/3.2.56/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.2.57/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.2.56/4470_disable-compat_vdso.patch b/3.2.57/4470_disable-compat_vdso.patch
index f6eb9f7..f6eb9f7 100644
--- a/3.2.56/4470_disable-compat_vdso.patch
+++ b/3.2.57/4470_disable-compat_vdso.patch
diff --git a/3.2.56/4475_emutramp_default_on.patch b/3.2.57/4475_emutramp_default_on.patch
index 10a2580..10a2580 100644
--- a/3.2.56/4475_emutramp_default_on.patch
+++ b/3.2.57/4475_emutramp_default_on.patch