Grsec/PaX: 3.0-{3.2.55,3.13.5}-20140224194320140224

13 files changed, 201 insertions, 221 deletions

diff --git a/3.13.3/0000_README b/3.13.5/0000_README
index dc48ad4..7516385 100644
--- a/3.13.3/0000_README
+++ b/3.13.5/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.0-3.13.4-201402221308.patch
+Patch:	4420_grsecurity-3.0-3.13.5-201402241943.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.13.3/4420_grsecurity-3.0-3.13.4-201402221308.patch b/3.13.5/4420_grsecurity-3.0-3.13.5-201402241943.patch
index 0cb3174..0356b07 100644
--- a/3.13.3/4420_grsecurity-3.0-3.13.4-201402221308.patch
+++ b/3.13.5/4420_grsecurity-3.0-3.13.5-201402241943.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index 2236ed8..89d7bf0 100644
+index a03bbf9..0817ef1 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -17178,7 +17178,7 @@ index 81bb91b..9392125 100644
  
  /*
 diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index bbc8b12..f228861 100644
+index 5ad38ad..71db3f2 100644
 --- a/arch/x86/include/asm/pgtable.h
 +++ b/arch/x86/include/asm/pgtable.h
 @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -17301,7 +17301,7 @@ index bbc8b12..f228861 100644
  #include <linux/mm_types.h>
  #include <linux/mmdebug.h>
  #include <linux/log2.h>
-@@ -570,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+@@ -580,7 +655,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
   * Currently stuck as a macro due to indirect forward reference to
   * linux/mmzone.h's __section_mem_map_addr() definition:
   */
@@ -17310,7 +17310,7 @@ index bbc8b12..f228861 100644
  
  /* Find an entry in the second-level page table.. */
  static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
-@@ -610,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -620,7 +695,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
   * Currently stuck as a macro due to indirect forward reference to
   * linux/mmzone.h's __section_mem_map_addr() definition:
   */
@@ -17319,7 +17319,7 @@ index bbc8b12..f228861 100644
  
  /* to find an entry in a page-table-directory. */
  static inline unsigned long pud_index(unsigned long address)
-@@ -625,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -635,7 +710,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
  
  static inline int pgd_bad(pgd_t pgd)
  {
@@ -17328,7 +17328,7 @@ index bbc8b12..f228861 100644
  }
  
  static inline int pgd_none(pgd_t pgd)
-@@ -648,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -658,7 +733,12 @@ static inline int pgd_none(pgd_t pgd)
   * pgd_offset() returns a (pgd_t *)
   * pgd_index() is used get the offset into the pgd page's array of pgd_t's;
   */
@@ -17342,7 +17342,7 @@ index bbc8b12..f228861 100644
  /*
   * a shortcut which implies the use of the kernel's pgd, instead
   * of a process's
-@@ -659,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
+@@ -669,6 +749,23 @@ static inline int pgd_none(pgd_t pgd)
  #define KERNEL_PGD_BOUNDARY	pgd_index(PAGE_OFFSET)
  #define KERNEL_PGD_PTRS		(PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
  
@@ -17366,7 +17366,7 @@ index bbc8b12..f228861 100644
  #ifndef __ASSEMBLY__
  
  extern int direct_gbpages;
-@@ -825,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -835,11 +932,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
   * dst and src can be on the same page, but the range must not overlap,
   * and must not cross a page boundary.
   */
@@ -20437,7 +20437,7 @@ index 59bfebc..d8f27bd 100644
  		if (c->x86_model == 3 && c->x86_mask == 0)
  			size = 64;
 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 6abc172..77b0d1b 100644
+index fe2bdd0..77b0d1b 100644
 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
 @@ -88,60 +88,6 @@ static const struct cpu_dev default_cpu = {
@@ -20501,18 +20501,8 @@ index 6abc172..77b0d1b 100644
  static int __init x86_xsave_setup(char *s)
  {
  	setup_clear_cpu_cap(X86_FEATURE_XSAVE);
-@@ -284,10 +230,68 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
- 	raw_local_save_flags(eflags);
- 	BUG_ON(eflags & X86_EFLAGS_AC);
- 
--	if (cpu_has(c, X86_FEATURE_SMAP))
-+	if (cpu_has(c, X86_FEATURE_SMAP)) {
-+#ifdef CONFIG_X86_SMAP
- 		set_in_cr4(X86_CR4_SMAP);
-+#else
-+		clear_in_cr4(X86_CR4_SMAP);
-+#endif
-+	}
+@@ -293,6 +239,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+ 	}
  }
  
 +#ifdef CONFIG_X86_64
@@ -20571,7 +20561,7 @@ index 6abc172..77b0d1b 100644
  /*
   * Some CPU features depend on higher CPUID levels, which may not always
   * be available due to CPUID level capping or broken virtualization
-@@ -388,7 +392,7 @@ void switch_to_new_gdt(int cpu)
+@@ -393,7 +392,7 @@ void switch_to_new_gdt(int cpu)
  {
  	struct desc_ptr gdt_descr;
  
@@ -20580,7 +20570,7 @@ index 6abc172..77b0d1b 100644
  	gdt_descr.size = GDT_SIZE - 1;
  	load_gdt(&gdt_descr);
  	/* Reload the per-cpu base */
-@@ -877,6 +881,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+@@ -882,6 +881,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
  	setup_smep(c);
  	setup_smap(c);
  
@@ -20591,7 +20581,7 @@ index 6abc172..77b0d1b 100644
  	/*
  	 * The vendor-specific functions might have changed features.
  	 * Now we do "generic changes."
-@@ -885,6 +893,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+@@ -890,6 +893,10 @@ static void identify_cpu(struct cpuinfo_x86 *c)
  	/* Filter out anything that depends on CPUID levels we don't have */
  	filter_cpuid_features(c, true);
  
@@ -20602,7 +20592,7 @@ index 6abc172..77b0d1b 100644
  	/* If the model name is still unset, do table lookup. */
  	if (!c->x86_model_id[0]) {
  		const char *p;
-@@ -1072,10 +1084,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1077,10 +1084,12 @@ static __init int setup_disablecpuid(char *arg)
  }
  __setup("clearcpuid=", setup_disablecpuid);
  
@@ -20618,7 +20608,7 @@ index 6abc172..77b0d1b 100644
  
  DEFINE_PER_CPU_FIRST(union irq_stack_union,
  		     irq_stack_union) __aligned(PAGE_SIZE) __visible;
-@@ -1089,7 +1103,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+@@ -1094,7 +1103,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
  EXPORT_PER_CPU_SYMBOL(current_task);
  
  DEFINE_PER_CPU(unsigned long, kernel_stack) =
@@ -20627,7 +20617,7 @@ index 6abc172..77b0d1b 100644
  EXPORT_PER_CPU_SYMBOL(kernel_stack);
  
  DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1239,7 +1253,7 @@ void cpu_init(void)
+@@ -1244,7 +1253,7 @@ void cpu_init(void)
  	load_ucode_ap();
  
  	cpu = stack_smp_processor_id();
@@ -20636,7 +20626,7 @@ index 6abc172..77b0d1b 100644
  	oist = &per_cpu(orig_ist, cpu);
  
  #ifdef CONFIG_NUMA
-@@ -1274,7 +1288,6 @@ void cpu_init(void)
+@@ -1279,7 +1288,6 @@ void cpu_init(void)
  	wrmsrl(MSR_KERNEL_GS_BASE, 0);
  	barrier();
  
@@ -20644,7 +20634,7 @@ index 6abc172..77b0d1b 100644
  	enable_x2apic();
  
  	/*
-@@ -1326,7 +1339,7 @@ void cpu_init(void)
+@@ -1331,7 +1339,7 @@ void cpu_init(void)
  {
  	int cpu = smp_processor_id();
  	struct task_struct *curr = current;
@@ -23545,10 +23535,10 @@ index 1e96c36..3ff710a 100644
  /*
   * End of kprobes section
 diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index d4bdd25..912664c 100644
+index e625319..b9abb9d 100644
 --- a/arch/x86/kernel/ftrace.c
 +++ b/arch/x86/kernel/ftrace.c
-@@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
+@@ -104,6 +104,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
  {
  	unsigned char replaced[MCOUNT_INSN_SIZE];
  
@@ -23557,25 +23547,16 @@ index d4bdd25..912664c 100644
  	/*
  	 * Note: Due to modules and __init, code can
  	 *  disappear and change, we need to protect against faulting
-@@ -227,7 +229,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
- 	unsigned char old[MCOUNT_INSN_SIZE], *new;
+@@ -229,7 +231,7 @@ static int update_ftrace_func(unsigned long ip, void *new)
+ 	unsigned char old[MCOUNT_INSN_SIZE];
  	int ret;
  
--	memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
-+	memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE);
- 	new = ftrace_call_replace(ip, (unsigned long)func);
+-	memcpy(old, (void *)ip, MCOUNT_INSN_SIZE);
++	memcpy(old, (void *)ktla_ktva(ip), MCOUNT_INSN_SIZE);
  
- 	/* See comment above by declaration of modifying_ftrace_code */
-@@ -238,7 +240,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
- 	/* Also update the regs callback function */
- 	if (!ret) {
- 		ip = (unsigned long)(&ftrace_regs_call);
--		memcpy(old, &ftrace_regs_call, MCOUNT_INSN_SIZE);
-+		memcpy(old, ktla_ktva((void *)&ftrace_regs_call), MCOUNT_INSN_SIZE);
- 		new = ftrace_call_replace(ip, (unsigned long)func);
- 		ret = ftrace_modify_code(ip, old, new);
- 	}
-@@ -291,7 +293,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size)
+ 	ftrace_update_func = ip;
+ 	/* Make sure the breakpoints see the ftrace_update_func update */
+@@ -306,7 +308,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size)
  	 * kernel identity mapping to modify code.
  	 */
  	if (within(ip, (unsigned long)_text, (unsigned long)_etext))
@@ -23584,7 +23565,7 @@ index d4bdd25..912664c 100644
  
  	return probe_kernel_write((void *)ip, val, size);
  }
-@@ -301,7 +303,7 @@ static int add_break(unsigned long ip, const char *old)
+@@ -316,7 +318,7 @@ static int add_break(unsigned long ip, const char *old)
  	unsigned char replaced[MCOUNT_INSN_SIZE];
  	unsigned char brk = BREAKPOINT_INSTRUCTION;
  
@@ -23593,7 +23574,7 @@ index d4bdd25..912664c 100644
  		return -EFAULT;
  
  	/* Make sure it is what we expect it to be */
-@@ -649,7 +651,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
+@@ -664,7 +666,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
  	return ret;
  
   fail_update:
@@ -23602,15 +23583,6 @@ index d4bdd25..912664c 100644
  	goto out;
  }
  
-@@ -682,6 +684,8 @@ static int ftrace_mod_jmp(unsigned long ip,
- {
- 	unsigned char code[MCOUNT_INSN_SIZE];
- 
-+	ip = ktla_ktva(ip);
-+
- 	if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
- 		return -EFAULT;
- 
 diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
 index 85126cc..1bbce17 100644
 --- a/arch/x86/kernel/head64.c
@@ -30828,7 +30800,7 @@ index 903ec1e..c4166b2 100644
  }
  
 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 9d591c8..31e52ff 100644
+index 6dea040..31e52ff 100644
 --- a/arch/x86/mm/fault.c
 +++ b/arch/x86/mm/fault.c
 @@ -14,11 +14,18 @@
@@ -31192,16 +31164,7 @@ index 9d591c8..31e52ff 100644
  	if (error_code & PF_WRITE) {
  		/* write, present and write, not present: */
  		if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -1001,10 +1209,16 @@ static int fault_in_kernel_space(unsigned long address)
- 
- static inline bool smap_violation(int error_code, struct pt_regs *regs)
- {
-+	if (!IS_ENABLED(CONFIG_X86_SMAP))
-+		return false;
-+
-+	if (!static_cpu_has(X86_FEATURE_SMAP))
-+		return false;
-+
+@@ -1010,7 +1218,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
  	if (error_code & PF_USER)
  		return false;
  
@@ -31210,7 +31173,7 @@ index 9d591c8..31e52ff 100644
  		return false;
  
  	return true;
-@@ -1031,6 +1245,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1037,6 +1245,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
  	/* Get the faulting address: */
  	address = read_cr2();
  
@@ -31233,22 +31196,7 @@ index 9d591c8..31e52ff 100644
  	/*
  	 * Detect and handle instructions that would cause a page fault for
  	 * both a tracked kernel page and a userspace page.
-@@ -1087,11 +1317,9 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
- 	if (unlikely(error_code & PF_RSVD))
- 		pgtable_bad(regs, error_code, address);
- 
--	if (static_cpu_has(X86_FEATURE_SMAP)) {
--		if (unlikely(smap_violation(error_code, regs))) {
--			bad_area_nosemaphore(regs, error_code, address);
--			return;
--		}
-+	if (unlikely(smap_violation(error_code, regs))) {
-+		bad_area_nosemaphore(regs, error_code, address);
-+		return;
- 	}
- 
- 	/*
-@@ -1110,7 +1338,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1114,7 +1338,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
  	 * User-mode registers count as a user access even for any
  	 * potential system fault or CPU buglet:
  	 */
@@ -31257,7 +31205,7 @@ index 9d591c8..31e52ff 100644
  		local_irq_enable();
  		error_code |= PF_USER;
  		flags |= FAULT_FLAG_USER;
-@@ -1157,6 +1385,11 @@ retry:
+@@ -1161,6 +1385,11 @@ retry:
  		might_sleep();
  	}
  
@@ -31269,7 +31217,7 @@ index 9d591c8..31e52ff 100644
  	vma = find_vma(mm, address);
  	if (unlikely(!vma)) {
  		bad_area(regs, error_code, address);
-@@ -1168,18 +1401,24 @@ retry:
+@@ -1172,18 +1401,24 @@ retry:
  		bad_area(regs, error_code, address);
  		return;
  	}
@@ -31305,7 +31253,7 @@ index 9d591c8..31e52ff 100644
  	if (unlikely(expand_stack(vma, address))) {
  		bad_area(regs, error_code, address);
  		return;
-@@ -1273,3 +1512,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1277,3 +1512,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
  	__do_page_fault(regs, error_code);
  	exception_exit(prev_state);
  }
@@ -35088,7 +35036,7 @@ index fa6ade7..73da73a5 100644
  
  #ifdef CONFIG_ACPI_NUMA
 diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index ce563be..7327d91 100644
+index 3c76c3d..7871755 100644
 --- a/arch/x86/xen/mmu.c
 +++ b/arch/x86/xen/mmu.c
 @@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
@@ -35098,7 +35046,7 @@ index ce563be..7327d91 100644
 -static pteval_t pte_pfn_to_mfn(pteval_t val)
 +static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val)
  {
- 	if (val & _PAGE_PRESENT) {
+ 	if (pteval_present(val)) {
  		unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
 @@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
  	/* L3_k[510] -> level2_kernel_pgt
@@ -38960,10 +38908,10 @@ index 1026743..80b081c 100644
  EXPORT_SYMBOL_GPL(edac_device_alloc_index);
  
 diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
-index 9f7e0e60..348c875 100644
+index e5bdf21..b8f9055 100644
 --- a/drivers/edac/edac_mc_sysfs.c
 +++ b/drivers/edac/edac_mc_sysfs.c
-@@ -150,7 +150,7 @@ static const char * const edac_caps[] = {
+@@ -152,7 +152,7 @@ static const char * const edac_caps[] = {
  struct dev_ch_attribute {
  	struct device_attribute attr;
  	int channel;
@@ -38972,7 +38920,7 @@ index 9f7e0e60..348c875 100644
  
  #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \
  	struct dev_ch_attribute dev_attr_legacy_##_name = \
-@@ -1007,14 +1007,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
+@@ -1009,14 +1009,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
  	}
  
  	if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) {
@@ -39724,10 +39672,10 @@ index 3c59584..500f2e9 100644
  
  	return ret;
 diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index f13d5ed..8e6f36d 100644
+index a209177..842a89a 100644
 --- a/drivers/gpu/drm/i915/i915_irq.c
 +++ b/drivers/gpu/drm/i915/i915_irq.c
-@@ -1420,7 +1420,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
+@@ -1419,7 +1419,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
  	int pipe;
  	u32 pipe_stats[I915_MAX_PIPES];
  
@@ -39736,7 +39684,7 @@ index f13d5ed..8e6f36d 100644
  
  	while (true) {
  		iir = I915_READ(VLV_IIR);
-@@ -1730,7 +1730,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
+@@ -1729,7 +1729,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
  	u32 de_iir, gt_iir, de_ier, sde_ier = 0;
  	irqreturn_t ret = IRQ_NONE;
  
@@ -39745,7 +39693,7 @@ index f13d5ed..8e6f36d 100644
  
  	/* We get interrupts on unclaimed registers, so check for this before we
  	 * do any I915_{READ,WRITE}. */
-@@ -1800,7 +1800,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg)
+@@ -1799,7 +1799,7 @@ static irqreturn_t gen8_irq_handler(int irq, void *arg)
  	uint32_t tmp = 0;
  	enum pipe pipe;
  
@@ -39754,7 +39702,7 @@ index f13d5ed..8e6f36d 100644
  
  	master_ctl = I915_READ(GEN8_MASTER_IRQ);
  	master_ctl &= ~GEN8_MASTER_IRQ_CONTROL;
-@@ -2624,7 +2624,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -2623,7 +2623,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
  {
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  
@@ -39763,7 +39711,7 @@ index f13d5ed..8e6f36d 100644
  
  	I915_WRITE(HWSTAM, 0xeffe);
  
-@@ -2642,7 +2642,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -2641,7 +2641,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -39772,7 +39720,7 @@ index f13d5ed..8e6f36d 100644
  
  	/* VLV magic */
  	I915_WRITE(VLV_IMR, 0);
-@@ -2673,7 +2673,7 @@ static void gen8_irq_preinstall(struct drm_device *dev)
+@@ -2672,7 +2672,7 @@ static void gen8_irq_preinstall(struct drm_device *dev)
  	struct drm_i915_private *dev_priv = dev->dev_private;
  	int pipe;
  
@@ -39781,7 +39729,7 @@ index f13d5ed..8e6f36d 100644
  
  	I915_WRITE(GEN8_MASTER_IRQ, 0);
  	POSTING_READ(GEN8_MASTER_IRQ);
-@@ -2999,7 +2999,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
+@@ -2998,7 +2998,7 @@ static void gen8_irq_uninstall(struct drm_device *dev)
  	if (!dev_priv)
  		return;
  
@@ -39790,7 +39738,7 @@ index f13d5ed..8e6f36d 100644
  
  	I915_WRITE(GEN8_MASTER_IRQ, 0);
  
-@@ -3093,7 +3093,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -3092,7 +3092,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -39799,7 +39747,7 @@ index f13d5ed..8e6f36d 100644
  
  	for_each_pipe(pipe)
  		I915_WRITE(PIPESTAT(pipe), 0);
-@@ -3179,7 +3179,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -3178,7 +3178,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
  		I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
  		I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
  
@@ -39808,7 +39756,7 @@ index f13d5ed..8e6f36d 100644
  
  	iir = I915_READ16(IIR);
  	if (iir == 0)
-@@ -3254,7 +3254,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -3253,7 +3253,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -39817,7 +39765,7 @@ index f13d5ed..8e6f36d 100644
  
  	if (I915_HAS_HOTPLUG(dev)) {
  		I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -3361,7 +3361,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+@@ -3360,7 +3360,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
  		I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
  	int pipe, ret = IRQ_NONE;
  
@@ -39826,7 +39774,7 @@ index f13d5ed..8e6f36d 100644
  
  	iir = I915_READ(IIR);
  	do {
-@@ -3488,7 +3488,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -3487,7 +3487,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -39835,7 +39783,7 @@ index f13d5ed..8e6f36d 100644
  
  	I915_WRITE(PORT_HOTPLUG_EN, 0);
  	I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -3604,7 +3604,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+@@ -3603,7 +3603,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
  		I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
  		I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
  
@@ -43638,7 +43586,7 @@ index 3e6d115..ffecdeb 100644
  /*----------------------------------------------------------------*/
  
 diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index a49cfcc..20b9a65 100644
+index 63b2e8d..225f16b 100644
 --- a/drivers/md/raid1.c
 +++ b/drivers/md/raid1.c
 @@ -1921,7 +1921,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
@@ -43650,7 +43598,7 @@ index a49cfcc..20b9a65 100644
  		}
  		sectors -= s;
  		sect += s;
-@@ -2148,7 +2148,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2155,7 +2155,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
  			    test_bit(In_sync, &rdev->flags)) {
  				if (r1_sync_page_io(rdev, sect, s,
  						    conf->tmppage, READ)) {
@@ -43723,7 +43671,7 @@ index 06eeb99..770613e 100644
  
  			rdev_dec_pending(rdev, mddev);
 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 03f82ab..374bb38 100644
+index 48cdec8..c7726b1 100644
 --- a/drivers/md/raid5.c
 +++ b/drivers/md/raid5.c
 @@ -1991,21 +1991,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
@@ -49132,10 +49080,10 @@ index df5e961..df6b97f 100644
  		return blk_trace_startstop(sdp->device->request_queue, 1);
  	case BLKTRACESTOP:
 diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index d745f95..6bef2fc 100644
+index 349ebba..ff2a249 100644
 --- a/drivers/spi/spi.c
 +++ b/drivers/spi/spi.c
-@@ -1947,7 +1947,7 @@ int spi_bus_unlock(struct spi_master *master)
+@@ -1945,7 +1945,7 @@ int spi_bus_unlock(struct spi_master *master)
  EXPORT_SYMBOL_GPL(spi_bus_unlock);
  
  /* portable code must never pass more than 32 bytes */
@@ -49357,6 +49305,19 @@ index f3108c7..cd4f9da 100644
  };
  
  extern int insert_proc(void);
+diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c
+index a4e0472..05d854c 100644
+--- a/drivers/staging/lustre/lustre/llite/dir.c
++++ b/drivers/staging/lustre/lustre/llite/dir.c
+@@ -660,7 +660,7 @@ int ll_dir_setdirstripe(struct inode *dir, struct lmv_user_md *lump,
+ 	int mode;
+ 	int err;
+ 
+-	mode = (0755 & (S_IRWXUGO|S_ISVTX) & ~current->fs->umask) | S_IFDIR;
++	mode = (0755 & (S_IRWXUGO|S_ISVTX) & ~current_umask()) | S_IFDIR;
+ 	op_data = ll_prep_md_op_data(NULL, dir, NULL, filename,
+ 				     strlen(filename), mode, LUSTRE_OPC_MKDIR,
+ 				     lump);
 diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c
 index 3675020..e80d92c 100644
 --- a/drivers/staging/media/solo6x10/solo6x10-core.c
@@ -50070,10 +50031,10 @@ index 1deaca4..c8582d4 100644
  	tty_port_tty_set(&ch->port, tty);
  	mutex_lock(&ch->port.mutex);
 diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
-index c0f76da..d974c32 100644
+index 5056090..c80ca04 100644
 --- a/drivers/tty/n_gsm.c
 +++ b/drivers/tty/n_gsm.c
-@@ -1632,7 +1632,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
+@@ -1643,7 +1643,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
  	spin_lock_init(&dlci->lock);
  	mutex_init(&dlci->mutex);
  	dlci->fifo = &dlci->_fifo;
@@ -50082,7 +50043,7 @@ index c0f76da..d974c32 100644
  		kfree(dlci);
  		return NULL;
  	}
-@@ -2935,7 +2935,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
+@@ -2946,7 +2946,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
  	struct gsm_dlci *dlci = tty->driver_data;
  	struct tty_port *port = &dlci->port;
  
@@ -50092,7 +50053,7 @@ index c0f76da..d974c32 100644
  	dlci_get(dlci->gsm->dlci[0]);
  	mux_get(dlci->gsm);
 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 34aacaa..dad073b 100644
+index 4c10837..a40ec45 100644
 --- a/drivers/tty/n_tty.c
 +++ b/drivers/tty/n_tty.c
 @@ -114,7 +114,7 @@ struct n_tty_data {
@@ -50104,7 +50065,7 @@ index 34aacaa..dad073b 100644
  	size_t line_start;
  
  	/* protected by output lock */
-@@ -2502,6 +2502,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2504,6 +2504,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
  {
  	*ops = tty_ldisc_N_TTY;
  	ops->owner = NULL;
@@ -50974,19 +50935,6 @@ index d0e3a44..5f8b754 100644
  		if (!perm) {
  			ret = -EPERM;
  			goto reterr;
-diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
-index 61b1137..23b5d32 100644
---- a/drivers/tty/vt/vt.c
-+++ b/drivers/tty/vt/vt.c
-@@ -1164,6 +1164,8 @@ static void csi_J(struct vc_data *vc, int vpar)
- 			scr_memsetw(vc->vc_screenbuf, vc->vc_video_erase_char,
- 				    vc->vc_screenbuf_size >> 1);
- 			set_origin(vc);
-+			if (CON_IS_VISIBLE(vc))
-+				update_screen(vc);
- 			/* fall through */
- 		case 2: /* erase whole display */
- 			count = vc->vc_cols * vc->vc_rows;
 diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
 index a673e5b..36e5d32 100644
 --- a/drivers/uio/uio.c
@@ -51245,10 +51193,10 @@ index 967152a..16fa2e5 100644
  				    dev->rawdescriptors[i] + (*ppos - pos),
  				    min(len, alloclen))) {
 diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index 6bffb8c..b404e8b 100644
+index d39106c..bfe13a4 100644
 --- a/drivers/usb/core/hcd.c
 +++ b/drivers/usb/core/hcd.c
-@@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1549,7 +1549,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
  	 */
  	usb_get_urb(urb);
  	atomic_inc(&urb->use_count);
@@ -51257,7 +51205,7 @@ index 6bffb8c..b404e8b 100644
  	usbmon_urb_submit(&hcd->self, urb);
  
  	/* NOTE requirements on root-hub callers (usbfs and the hub
-@@ -1577,7 +1577,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1576,7 +1576,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
  		urb->hcpriv = NULL;
  		INIT_LIST_HEAD(&urb->urb_list);
  		atomic_dec(&urb->use_count);
@@ -51267,7 +51215,7 @@ index 6bffb8c..b404e8b 100644
  			wake_up(&usb_kill_urb_queue);
  		usb_put_urb(urb);
 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 07e6654..6420edf 100644
+index ebcd3bf..be93a64 100644
 --- a/drivers/usb/core/hub.c
 +++ b/drivers/usb/core/hub.c
 @@ -27,6 +27,7 @@
@@ -51278,7 +51226,7 @@ index 07e6654..6420edf 100644
  
  #include <asm/uaccess.h>
  #include <asm/byteorder.h>
-@@ -4442,6 +4443,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -4437,6 +4438,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
  			goto done;
  		return;
  	}
@@ -56828,10 +56776,10 @@ index 849f613..eae6dec 100644
  
  	atomic_set(&midCount, 0);
 diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index f918a99..bb300d5 100644
+index 579c6d5..95b6d03353 100644
 --- a/fs/cifs/cifsglob.h
 +++ b/fs/cifs/cifsglob.h
-@@ -787,35 +787,35 @@ struct cifs_tcon {
+@@ -797,35 +797,35 @@ struct cifs_tcon {
  	__u16 Flags;		/* optional support bits */
  	enum statusEnum tidStatus;
  #ifdef CONFIG_CIFS_STATS
@@ -56891,7 +56839,7 @@ index f918a99..bb300d5 100644
  		} smb2_stats;
  #endif /* CONFIG_CIFS_SMB2 */
  	} stats;
-@@ -1145,7 +1145,7 @@ convert_delimiter(char *path, char delim)
+@@ -1155,7 +1155,7 @@ convert_delimiter(char *path, char delim)
  }
  
  #ifdef CONFIG_CIFS_STATS
@@ -56900,7 +56848,7 @@ index f918a99..bb300d5 100644
  
  static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
  					    unsigned int bytes)
-@@ -1511,8 +1511,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -1521,8 +1521,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
  /* Various Debug counters */
  GLOBAL_EXTERN atomic_t bufAllocCount;    /* current number allocated  */
  #ifdef CONFIG_CIFS_STATS2
@@ -57013,7 +56961,7 @@ index 2f9f379..43f8025 100644
  
  	}
 diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
-index 5f5ba0d..8d6ef7d 100644
+index ffc9ef9..b3c992b 100644
 --- a/fs/cifs/smb1ops.c
 +++ b/fs/cifs/smb1ops.c
 @@ -609,27 +609,27 @@ static void
@@ -58958,7 +58906,7 @@ index 999ff5c..41f4109 100644
  			 sizeof(struct file_handle) + handle_bytes))
  		retval = -EFAULT;
 diff --git a/fs/file.c b/fs/file.c
-index 4a78f98..f9a6d25 100644
+index 9de2026..8e334ca 100644
 --- a/fs/file.c
 +++ b/fs/file.c
 @@ -16,6 +16,7 @@
@@ -61499,22 +61447,6 @@ index f4ccfe6..a5cf064 100644
  
  static struct callback_op callback_ops[];
  
-diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
-index 812154a..c442a74 100644
---- a/fs/nfs/dir.c
-+++ b/fs/nfs/dir.c
-@@ -1837,6 +1837,11 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
- 							GFP_KERNEL)) {
- 		SetPageUptodate(page);
- 		unlock_page(page);
-+		/*
-+		 * add_to_page_cache_lru() grabs an extra page refcount.
-+		 * Drop it here to avoid leaking this page later.
-+		 */
-+		page_cache_release(page);
- 	} else
- 		__free_page(page);
- 
 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
 index 00ad1c2..2fde15e 100644
 --- a/fs/nfs/inode.c
@@ -73717,7 +73649,7 @@ index 0000000..ae6c028
 +}
 diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c
 new file mode 100644
-index 0000000..78d1680
+index 0000000..1773300
 --- /dev/null
 +++ b/grsecurity/grsec_ipc.c
 @@ -0,0 +1,48 @@
@@ -73740,7 +73672,7 @@ index 0000000..78d1680
 +	kgid_t egid;
 +
 +	if (!grsec_enable_harden_ipc)
-+		return 0;
++		return 1;
 +
 +	euid = current_euid();
 +	egid = current_egid();
@@ -76610,7 +76542,7 @@ index 19f6003..90b64f4 100644
  asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
  /*
 diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index ded4299..55203f8 100644
+index 2507fd2..55203f8 100644
 --- a/include/linux/compiler-gcc4.h
 +++ b/include/linux/compiler-gcc4.h
 @@ -39,9 +39,34 @@
@@ -76648,19 +76580,6 @@ index ded4299..55203f8 100644
  /*
   * Mark a position in code as unreachable.  This can be used to
   * suppress control flow warnings after asm blocks that transfer
-@@ -75,11 +100,7 @@
-  *
-  * (asm goto is automatically volatile - the naming reflects this.)
-  */
--#if GCC_VERSION <= 40801
--# define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
--#else
--# define asm_volatile_goto(x...)	do { asm goto(x); } while (0)
--#endif
-+#define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
- 
- #ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
- #if GCC_VERSION >= 40400
 diff --git a/include/linux/compiler.h b/include/linux/compiler.h
 index 92669cd..cc564c0 100644
 --- a/include/linux/compiler.h
@@ -81754,7 +81673,7 @@ index 99c1b4d..562e6f3 100644
  
  static inline void put_unaligned_le16(u16 val, void *p)
 diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 512ab16..f53e1bf 100644
+index 7454865..29f4bfa 100644
 --- a/include/linux/usb.h
 +++ b/include/linux/usb.h
 @@ -563,7 +563,7 @@ struct usb_device {
@@ -81766,7 +81685,7 @@ index 512ab16..f53e1bf 100644
  
  	unsigned long active_duration;
  
-@@ -1643,7 +1643,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
+@@ -1641,7 +1641,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
  
  extern int usb_control_msg(struct usb_device *dev, unsigned int pipe,
  	__u8 request, __u8 requesttype, __u16 value, __u16 index,
@@ -89450,7 +89369,7 @@ index 38463d2..68abe92 100644
  
  	ftrace_graph_active++;
 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index cc2f66f..05edd54 100644
+index 0e337ee..3370631 100644
 --- a/kernel/trace/ring_buffer.c
 +++ b/kernel/trace/ring_buffer.c
 @@ -352,9 +352,9 @@ struct buffer_data_page {
@@ -89585,7 +89504,7 @@ index cc2f66f..05edd54 100644
  
  	/* set write to only the index of the write */
  	write &= RB_WRITE_MASK;
-@@ -2408,7 +2408,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
  	kmemcheck_annotate_bitfield(event, bitfield);
  	rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
  
@@ -89594,7 +89513,7 @@ index cc2f66f..05edd54 100644
  
  	/*
  	 * If this is the first commit on the page, then update
-@@ -2441,7 +2441,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
  
  	if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
  		unsigned long write_mask =
@@ -89603,7 +89522,7 @@ index cc2f66f..05edd54 100644
  		unsigned long event_length = rb_event_length(event);
  		/*
  		 * This is on the tail page. It is possible that
-@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
  		 */
  		old_index += write_mask;
  		new_index += write_mask;
@@ -89612,7 +89531,7 @@ index cc2f66f..05edd54 100644
  		if (index == old_index) {
  			/* update counters */
  			local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2843,7 +2843,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
  
  	/* Do the likely case first */
  	if (likely(bpage->page == (void *)addr)) {
@@ -89621,7 +89540,7 @@ index cc2f66f..05edd54 100644
  		return;
  	}
  
-@@ -2855,7 +2855,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
  	start = bpage;
  	do {
  		if (bpage->page == (void *)addr) {
@@ -89630,7 +89549,7 @@ index cc2f66f..05edd54 100644
  			return;
  		}
  		rb_inc_page(cpu_buffer, &bpage);
-@@ -3139,7 +3139,7 @@ static inline unsigned long
+@@ -3146,7 +3146,7 @@ static inline unsigned long
  rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
  {
  	return local_read(&cpu_buffer->entries) -
@@ -89639,7 +89558,7 @@ index cc2f66f..05edd54 100644
  }
  
  /**
-@@ -3228,7 +3228,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
  		return 0;
  
  	cpu_buffer = buffer->buffers[cpu];
@@ -89648,7 +89567,7 @@ index cc2f66f..05edd54 100644
  
  	return ret;
  }
-@@ -3251,7 +3251,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
  		return 0;
  
  	cpu_buffer = buffer->buffers[cpu];
@@ -89657,7 +89576,7 @@ index cc2f66f..05edd54 100644
  
  	return ret;
  }
-@@ -3336,7 +3336,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
  	/* if you care about this being correct, lock the buffer */
  	for_each_buffer_cpu(buffer, cpu) {
  		cpu_buffer = buffer->buffers[cpu];
@@ -89666,7 +89585,7 @@ index cc2f66f..05edd54 100644
  	}
  
  	return overruns;
-@@ -3512,8 +3512,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3519,8 +3519,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
  	/*
  	 * Reset the reader page to size zero.
  	 */
@@ -89677,7 +89596,7 @@ index cc2f66f..05edd54 100644
  	local_set(&cpu_buffer->reader_page->page->commit, 0);
  	cpu_buffer->reader_page->real_end = 0;
  
-@@ -3547,7 +3547,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3554,7 +3554,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
  	 * want to compare with the last_overrun.
  	 */
  	smp_mb();
@@ -89686,7 +89605,7 @@ index cc2f66f..05edd54 100644
  
  	/*
  	 * Here's the tricky part.
-@@ -4117,8 +4117,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4124,8 +4124,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
  
  	cpu_buffer->head_page
  		= list_entry(cpu_buffer->pages, struct buffer_page, list);
@@ -89697,7 +89616,7 @@ index cc2f66f..05edd54 100644
  	local_set(&cpu_buffer->head_page->page->commit, 0);
  
  	cpu_buffer->head_page->read = 0;
-@@ -4128,14 +4128,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4135,14 +4135,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
  
  	INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
  	INIT_LIST_HEAD(&cpu_buffer->new_pages);
@@ -89716,7 +89635,7 @@ index cc2f66f..05edd54 100644
  	local_set(&cpu_buffer->dropped_events, 0);
  	local_set(&cpu_buffer->entries, 0);
  	local_set(&cpu_buffer->committing, 0);
-@@ -4540,8 +4540,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4547,8 +4547,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
  		rb_init_page(bpage);
  		bpage = reader->page;
  		reader->page = *data_page;
@@ -90478,6 +90397,19 @@ index 7811ed3..f80ca19 100644
  
  static inline void *ptr_to_indirect(void *ptr)
  {
+diff --git a/lib/random32.c b/lib/random32.c
+index 1e5b2df..fb616c7 100644
+--- a/lib/random32.c
++++ b/lib/random32.c
+@@ -44,7 +44,7 @@
+ static void __init prandom_state_selftest(void);
+ #endif
+ 
+-static DEFINE_PER_CPU(struct rnd_state, net_rand_state);
++static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
+ 
+ /**
+  *	prandom_u32_state - seeded pseudo-random number generator.
 diff --git a/lib/rbtree.c b/lib/rbtree.c
 index 65f4eff..2cfa167 100644
 --- a/lib/rbtree.c
@@ -91102,7 +91034,7 @@ index 539eeb9..e24a987 100644
  	if (end == start)
  		return error;
 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 6420be5..b7b7c8f 100644
+index 90977ac..487ab84 100644
 --- a/mm/memory-failure.c
 +++ b/mm/memory-failure.c
 @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -91132,7 +91064,7 @@ index 6420be5..b7b7c8f 100644
  	{ reserved,	reserved,	"reserved kernel",	me_kernel },
  	/*
  	 * free pages are specially detected outside this table:
-@@ -1060,7 +1060,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1062,7 +1062,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
  		nr_pages = 1 << compound_order(hpage);
  	else /* normal page or thp */
  		nr_pages = 1;
@@ -91141,7 +91073,7 @@ index 6420be5..b7b7c8f 100644
  
  	/*
  	 * We need/can do nothing about count=0 pages.
-@@ -1090,7 +1090,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1092,7 +1092,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
  			if (!PageHWPoison(hpage)
  			    || (hwpoison_filter(p) && TestClearPageHWPoison(p))
  			    || (p != hpage && TestSetPageHWPoison(hpage))) {
@@ -91150,7 +91082,7 @@ index 6420be5..b7b7c8f 100644
  				return 0;
  			}
  			set_page_hwpoison_huge_page(hpage);
-@@ -1159,7 +1159,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1161,7 +1161,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
  	}
  	if (hwpoison_filter(p)) {
  		if (TestClearPageHWPoison(p))
@@ -91159,7 +91091,7 @@ index 6420be5..b7b7c8f 100644
  		unlock_page(hpage);
  		put_page(hpage);
  		return 0;
-@@ -1381,7 +1381,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1383,7 +1383,7 @@ int unpoison_memory(unsigned long pfn)
  			return 0;
  		}
  		if (TestClearPageHWPoison(p))
@@ -91168,7 +91100,7 @@ index 6420be5..b7b7c8f 100644
  		pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
  		return 0;
  	}
-@@ -1395,7 +1395,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1397,7 +1397,7 @@ int unpoison_memory(unsigned long pfn)
  	 */
  	if (TestClearPageHWPoison(page)) {
  		pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
@@ -91177,7 +91109,7 @@ index 6420be5..b7b7c8f 100644
  		freeit = 1;
  		if (PageHuge(page))
  			clear_page_hwpoison_huge_page(page);
-@@ -1520,11 +1520,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+@@ -1522,11 +1522,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
  		if (PageHuge(page)) {
  			set_page_hwpoison_huge_page(hpage);
  			dequeue_hwpoisoned_huge_page(hpage);
@@ -91191,7 +91123,7 @@ index 6420be5..b7b7c8f 100644
  		}
  	}
  	return ret;
-@@ -1563,7 +1563,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1565,7 +1565,7 @@ static int __soft_offline_page(struct page *page, int flags)
  		put_page(page);
  		pr_info("soft_offline: %#lx: invalidated\n", pfn);
  		SetPageHWPoison(page);
@@ -91200,7 +91132,7 @@ index 6420be5..b7b7c8f 100644
  		return 0;
  	}
  
-@@ -1608,7 +1608,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1610,7 +1610,7 @@ static int __soft_offline_page(struct page *page, int flags)
  			if (!is_free_buddy_page(page))
  				pr_info("soft offline: %#lx: page leaked\n",
  					pfn);
@@ -91209,7 +91141,7 @@ index 6420be5..b7b7c8f 100644
  		}
  	} else {
  		pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1682,11 +1682,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1684,11 +1684,11 @@ int soft_offline_page(struct page *page, int flags)
  		if (PageHuge(page)) {
  			set_page_hwpoison_huge_page(hpage);
  			dequeue_hwpoisoned_huge_page(hpage);
@@ -99073,7 +99005,7 @@ index da1a1ce..571db8d 100644
  	if (inet->cmsg_flags)
  		ip_cmsg_recv(msg, skb);
 diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index 364ce0c..3ebb5a4 100644
+index b4b61b2..ac84a257 100644
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
 @@ -826,7 +826,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
@@ -99085,7 +99017,7 @@ index 364ce0c..3ebb5a4 100644
  		local->_oper_chandef = *chandef;
  		ieee80211_hw_config(local, 0);
  	}
-@@ -3308,7 +3308,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
+@@ -3311,7 +3311,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
  		else
  			local->probe_req_reg--;
  
@@ -99094,7 +99026,7 @@ index 364ce0c..3ebb5a4 100644
  			break;
  
  		ieee80211_queue_work(&local->hw, &local->reconfig_filter);
-@@ -3771,8 +3771,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
+@@ -3774,8 +3774,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
  	if (chanctx_conf) {
  		*chandef = chanctx_conf->def;
  		ret = 0;
@@ -102033,7 +101965,7 @@ index 2dcb377..a82c500 100644
  kallsymso=""
  kallsyms_vmlinux=""
 diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index 2370863..212fbca 100644
+index 25e5cb0..6e85821 100644
 --- a/scripts/mod/file2alias.c
 +++ b/scripts/mod/file2alias.c
 @@ -142,7 +142,7 @@ static void device_id_check(const char *modname, const char *device_id,
@@ -106500,10 +106432,10 @@ index 0000000..dd73713
 +}
 diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
 new file mode 100644
-index 0000000..7e39d81
+index 0000000..1a98bed
 --- /dev/null
 +++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,403 @@
+@@ -0,0 +1,451 @@
 +/*
 + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -106532,7 +106464,7 @@ index 0000000..7e39d81
 +static tree latent_entropy_decl;
 +
 +static struct plugin_info latent_entropy_plugin_info = {
-+	.version	= "201402210120",
++	.version	= "201402240545",
 +	.help		= NULL
 +};
 +
@@ -106555,6 +106487,12 @@ index 0000000..7e39d81
 +static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
 +{
 +	tree type;
++	unsigned long long mask;
++#if BUILDING_GCC_VERSION <= 4007
++	VEC(constructor_elt, gc) *vals;
++#else
++	vec<constructor_elt, va_gc> *vals;
++#endif
 +
 +	switch (TREE_CODE(*node)) {
 +	default:
@@ -106579,22 +106517,64 @@ index 0000000..7e39d81
 +		switch (TREE_CODE(type)) {
 +		default:
 +			*no_add_attrs = true;
-+			error("variable %qD with %qE attribute must be an integer or a fixed length integer array type", *node, name);
++			error("variable %qD with %qE attribute must be an integer or a fixed length integer array type or a fixed sized structure with integer fields", *node, name);
++			break;
++
++		case RECORD_TYPE: {
++			tree field;
++			unsigned int nelt = 0;
++
++			for (field = TYPE_FIELDS(type); field; nelt++, field = TREE_CHAIN(field)) {
++				tree fieldtype;
++
++				fieldtype = TREE_TYPE(field);
++				if (TREE_CODE(fieldtype) != INTEGER_TYPE) {
++					*no_add_attrs = true;
++					error("structure variable %qD with %qE attribute has a non-integer field %qE", *node, name, field);
++					break;
++				}
++			}
++
++			if (field)
++				break;
++
++#if BUILDING_GCC_VERSION <= 4007
++			vals = VEC_alloc(constructor_elt, gc, nelt);
++#else
++			vec_alloc(vals, nelt);
++#endif
++
++			for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
++				tree fieldtype;
++
++				fieldtype = TREE_TYPE(field);
++				mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(fieldtype)) - 1);
++				mask = 2 * (mask - 1) + 1;
++
++				if (TYPE_UNSIGNED(fieldtype))
++					CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cstu(fieldtype, mask & get_random_const()));
++				else
++					CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cst(fieldtype, mask & get_random_const()));
++			}
++
++			DECL_INITIAL(*node) = build_constructor(type, vals);
++//debug_tree(DECL_INITIAL(*node));
 +			break;
++		}
 +
 +		case INTEGER_TYPE:
-+			DECL_INITIAL(*node) = build_int_cstu(type, get_random_const());
++			mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(type)) - 1);
++			mask = 2 * (mask - 1) + 1;
++
++			if (TYPE_UNSIGNED(type))
++				DECL_INITIAL(*node) = build_int_cstu(type, mask & get_random_const());
++			else
++				DECL_INITIAL(*node) = build_int_cst(type, mask & get_random_const());
 +			break;
 +
 +		case ARRAY_TYPE: {
 +			tree elt_type, array_size, elt_size;
-+			unsigned long long mask;
 +			unsigned int i, nelt;
-+#if BUILDING_GCC_VERSION <= 4007
-+			VEC(constructor_elt, gc) *vals;
-+#else
-+			vec<constructor_elt, va_gc> *vals;
-+#endif
 +
 +			elt_type = TREE_TYPE(type);
 +			elt_size = TYPE_SIZE_UNIT(TREE_TYPE(type));
@@ -106602,7 +106582,7 @@ index 0000000..7e39d81
 +
 +			if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) {
 +				*no_add_attrs = true;
-+				error("variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
++				error("array variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
 +				break;
 +			}
 +
diff --git a/3.13.3/4425_grsec_remove_EI_PAX.patch b/3.13.5/4425_grsec_remove_EI_PAX.patch
index fc51f79..fc51f79 100644
--- a/3.13.3/4425_grsec_remove_EI_PAX.patch
+++ b/3.13.5/4425_grsec_remove_EI_PAX.patch
diff --git a/3.13.3/4427_force_XATTR_PAX_tmpfs.patch b/3.13.5/4427_force_XATTR_PAX_tmpfs.patch
index 23e60cd..23e60cd 100644
--- a/3.13.3/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.13.5/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.13.3/4430_grsec-remove-localversion-grsec.patch b/3.13.5/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.13.3/4430_grsec-remove-localversion-grsec.patch
+++ b/3.13.5/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.13.3/4435_grsec-mute-warnings.patch b/3.13.5/4435_grsec-mute-warnings.patch
index cb51a05..cb51a05 100644
--- a/3.13.3/4435_grsec-mute-warnings.patch
+++ b/3.13.5/4435_grsec-mute-warnings.patch
diff --git a/3.13.3/4440_grsec-remove-protected-paths.patch b/3.13.5/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.13.3/4440_grsec-remove-protected-paths.patch
+++ b/3.13.5/4440_grsec-remove-protected-paths.patch
diff --git a/3.13.3/4450_grsec-kconfig-default-gids.patch b/3.13.5/4450_grsec-kconfig-default-gids.patch
index 88f1f9b..88f1f9b 100644
--- a/3.13.3/4450_grsec-kconfig-default-gids.patch
+++ b/3.13.5/4450_grsec-kconfig-default-gids.patch
diff --git a/3.13.3/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.5/4465_selinux-avc_audit-log-curr_ip.patch
index 0648169..0648169 100644
--- a/3.13.3/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.13.5/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.13.3/4470_disable-compat_vdso.patch b/3.13.5/4470_disable-compat_vdso.patch
index a25c029..a25c029 100644
--- a/3.13.3/4470_disable-compat_vdso.patch
+++ b/3.13.5/4470_disable-compat_vdso.patch
diff --git a/3.13.3/4475_emutramp_default_on.patch b/3.13.5/4475_emutramp_default_on.patch
index 30f6978..30f6978 100644
--- a/3.13.3/4475_emutramp_default_on.patch
+++ b/3.13.5/4475_emutramp_default_on.patch
diff --git a/3.2.55/0000_README b/3.2.55/0000_README
index f58c905..0a4207c 100644
--- a/3.2.55/0000_README
+++ b/3.2.55/0000_README
@@ -138,7 +138,7 @@ Patch:	1054_linux-3.2.55.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.55
 
-Patch:	4420_grsecurity-3.0-3.2.55-201402221305.patch
+Patch:	4420_grsecurity-3.0-3.2.55-201402241936.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201402241936.patch
index 8c95615..f875551 100644
--- a/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch
+++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201402241936.patch
@@ -71890,7 +71890,7 @@ index 0000000..7bcfc7a
 +}
 diff --git a/grsecurity/grsec_ipc.c b/grsecurity/grsec_ipc.c
 new file mode 100644
-index 0000000..5377493
+index 0000000..28dbb82
 --- /dev/null
 +++ b/grsecurity/grsec_ipc.c
 @@ -0,0 +1,48 @@
@@ -71913,7 +71913,7 @@ index 0000000..5377493
 +	gid_t egid;
 +
 +	if (!grsec_enable_harden_ipc)
-+		return 0;
++		return 1;
 +
 +	euid = current_euid();
 +	egid = current_egid();