Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-20150626204720150626

author: Anthony G. Basile <blueness@gentoo.org> 2015-06-27 16:59:02 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2015-06-27 16:59:02 -0400
commit: 64f3a8be94f41fda576330ff3523e035c3c0ebbd (patch)
tree: c52a387ad2e39ba2f563cb1fdd6f3c84d95b9459
parent: Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-201506232104 (diff)
download: hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.tar.gz
hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.tar.bz2
hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.zip
7 files changed, 366 insertions, 94 deletions
diff --git a/3.14.45/0000_README b/3.14.45/0000_README
index 53a1411..b4be2cb 100644
--- a/3.14.45/0000_README
+++ b/3.14.45/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-3.14.45-201506232103.patch
+Patch:	4420_grsecurity-3.1-3.14.45-201506262046.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch
index fe15fa1..47c91dd 100644
--- a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch
+++ b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch
@@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index c92186c..a387fb0 100644
+index c92186c..34822ca 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -304,7 +304,7 @@ index c92186c..a387fb0 100644
  HOSTCXX      = g++
 -HOSTCFLAGS   = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu89
 -HOSTCXXFLAGS = -O2
-+HOSTCFLAGS   = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89
++HOSTCFLAGS   = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks
 +HOSTCFLAGS  += $(call cc-option, -Wno-empty-body)
 +HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds
  
@@ -3947,7 +3947,7 @@ index 4370933..e77848e 100644
  		atomic64_set(&mm->context.id, asid);
  	}
 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index eb8830a..e8ff52e 100644
+index eb8830a..e39c4bd 100644
 --- a/arch/arm/mm/fault.c
 +++ b/arch/arm/mm/fault.c
 @@ -25,6 +25,7 @@
@@ -3965,10 +3965,10 @@ index eb8830a..e8ff52e 100644
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	if (addr < TASK_SIZE) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +	}
 +#endif
@@ -3979,10 +3979,10 @@ index eb8830a..e8ff52e 100644
 +	     (MODULES_VADDR <= addr && addr < MODULES_END)))
 +	{
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +	}
 +#endif
@@ -4045,10 +4045,10 @@ index eb8830a..e8ff52e 100644
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	if (addr < TASK_SIZE && is_domain_fault(fsr)) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
 +		goto die;
 +	}
@@ -4128,11 +4128,11 @@ index eb8830a..e8ff52e 100644
 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
 +	else if (is_domain_fault(ifsr) || is_xn_fault(ifsr)) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
 +					pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
 +					pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
 +		goto die;
@@ -9450,10 +9450,23 @@ index dd14532..1dfc145 100644
 -	return (ret > base) ? ret : base;
 -}
 diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index 9b436c2..54fbf0a 100644
+index 9b436c2..5c64ae8 100644
 --- a/arch/s390/mm/mmap.c
 +++ b/arch/s390/mm/mmap.c
-@@ -95,9 +95,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -58,6 +58,12 @@ static inline int mmap_is_legacy(void)
+ 
+ static unsigned long mmap_rnd(void)
+ {
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++		return 0;
++#endif
++
+ 	if (!(current->flags & PF_RANDOMIZE))
+ 		return 0;
+ 	/* 8MB randomization for mmap_base */
+@@ -95,9 +101,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
  		mm->mmap_base = mmap_base_legacy();
@@ -9475,7 +9488,7 @@ index 9b436c2..54fbf0a 100644
  		mm->get_unmapped_area = arch_get_unmapped_area_topdown;
  	}
  }
-@@ -170,9 +182,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -170,9 +188,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
  		mm->mmap_base = mmap_base_legacy();
@@ -31970,7 +31983,7 @@ index 903ec1e..c4166b2 100644
  }
  
 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index ebc551c..b8ee77e 100644
+index ebc551c..40d1269 100644
 --- a/arch/x86/mm/fault.c
 +++ b/arch/x86/mm/fault.c
 @@ -14,11 +14,18 @@
@@ -32180,11 +32193,11 @@ index ebc551c..b8ee77e 100644
 +#ifdef CONFIG_PAX_KERNEXEC
 +	if (init_mm.start_code <= address && address < init_mm.end_code) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
 +					&current->signal->curr_ip, current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
 +					from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +	}
 +#endif
@@ -32350,13 +32363,13 @@ index ebc551c..b8ee77e 100644
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
 +	if (!user_mode(regs) && address < 2 * pax_user_shadow_base) {
 +		if (!search_exception_tables(regs->ip)) {
-+			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
++			printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
 +			bad_area_nosemaphore(regs, error_code, address);
 +			return;
 +		}
 +		if (address < pax_user_shadow_base) {
-+			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
-+			printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip);
++			printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
++			printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip);
 +			show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR);
 +		} else
 +			address -= pax_user_shadow_base;
@@ -52343,7 +52356,7 @@ index c21adc3..1b4155f 100644
  	ddb_entry->default_relogin_timeout =
  		(def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ?
 diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
-index d8afec8..3ec7152 100644
+index d8afec8..fffafb8 100644
 --- a/drivers/scsi/scsi.c
 +++ b/drivers/scsi/scsi.c
 @@ -658,7 +658,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
@@ -52355,6 +52368,15 @@ index d8afec8..3ec7152 100644
  
  	/* check if the device is still usable */
  	if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
+@@ -804,7 +804,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd)
+ 
+ 	good_bytes = scsi_bufflen(cmd);
+         if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) {
+-		int old_good_bytes = good_bytes;
++		unsigned int old_good_bytes = good_bytes;
+ 		drv = scsi_cmd_to_driver(cmd);
+ 		if (drv->done)
+ 			good_bytes = drv->done(cmd);
 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
 index 719bd82..c996ebc 100644
 --- a/drivers/scsi/scsi_lib.c
@@ -52509,9 +52531,27 @@ index e3e794e..f72f20c 100644
  
  	transport_setup_device(&rport->dev);
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index a107064..a14c333 100644
+index a107064..30775cf 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
+@@ -109,7 +109,7 @@ static int sd_suspend_system(struct device *);
+ static int sd_suspend_runtime(struct device *);
+ static int sd_resume(struct device *);
+ static void sd_rescan(struct device *);
+-static int sd_done(struct scsi_cmnd *);
++static unsigned int sd_done(struct scsi_cmnd *);
+ static int sd_eh_action(struct scsi_cmnd *, int);
+ static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer);
+ static void scsi_disk_release(struct device *cdev);
+@@ -1645,7 +1645,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd)
+  *
+  *	Note: potentially run from within an ISR. Must not block.
+  **/
+-static int sd_done(struct scsi_cmnd *SCpnt)
++static unsigned int sd_done(struct scsi_cmnd *SCpnt)
+ {
+ 	int result = SCpnt->result;
+ 	unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt);
 @@ -2958,7 +2958,7 @@ static int sd_probe(struct device *dev)
  	sdkp->disk = gd;
  	sdkp->index = index;
@@ -52534,6 +52574,34 @@ index eb81c98..e6716ae 100644
  	case BLKTRACESTART:
  		return blk_trace_startstop(sdp->device->request_queue, 1);
  	case BLKTRACESTOP:
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
+index 40d8592..8e89146 100644
+--- a/drivers/scsi/sr.c
++++ b/drivers/scsi/sr.c
+@@ -79,7 +79,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM);
+ static DEFINE_MUTEX(sr_mutex);
+ static int sr_probe(struct device *);
+ static int sr_remove(struct device *);
+-static int sr_done(struct scsi_cmnd *);
++static unsigned int sr_done(struct scsi_cmnd *);
+ static int sr_runtime_suspend(struct device *dev);
+ 
+ static struct dev_pm_ops sr_pm_ops = {
+@@ -310,11 +310,11 @@ do_tur:
+  * It will be notified on the end of a SCSI read / write, and will take one
+  * of several actions based on success or failure.
+  */
+-static int sr_done(struct scsi_cmnd *SCpnt)
++static unsigned int sr_done(struct scsi_cmnd *SCpnt)
+ {
+ 	int result = SCpnt->result;
+-	int this_count = scsi_bufflen(SCpnt);
+-	int good_bytes = (result == 0 ? this_count : 0);
++	unsigned int this_count = scsi_bufflen(SCpnt);
++	unsigned int good_bytes = (result == 0 ? this_count : 0);
+ 	int block_sectors = 0;
+ 	long error_sector;
+ 	struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
 diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
 index d6563ec..a1c5da2 100644
 --- a/drivers/spi/spi.c
@@ -65832,7 +65900,7 @@ index ca0ba15..0fa3257 100644
  				fd_offset + ex.a_text);
  		if (error != N_DATADDR(ex)) {
 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 35240a7..96dd7cf 100644
+index 35240a7..a5edf69 100644
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
 @@ -34,6 +34,7 @@
@@ -66466,10 +66534,12 @@ index 35240a7..96dd7cf 100644
  	if (elf_read_implies_exec(loc->elf_ex, executable_stack))
  		current->personality |= READ_IMPLIES_EXEC;
  
-@@ -816,6 +1253,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -816,8 +1253,21 @@ static int load_elf_binary(struct linux_binprm *bprm)
  #else
  			load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
  #endif
+-			total_size = total_mapping_size(elf_phdata,
+-							loc->elf_ex.e_phnum);
 +
 +#ifdef CONFIG_PAX_RANDMMAP
 +			/* PaX: randomize base address at the default exe base if requested */
@@ -66484,10 +66554,11 @@ index 35240a7..96dd7cf 100644
 +			}
 +#endif
 +
- 			total_size = total_mapping_size(elf_phdata,
- 							loc->elf_ex.e_phnum);
++			total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum);
  			if (!total_size) {
-@@ -854,9 +1305,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ 				retval = -EINVAL;
+ 				goto out_free_dentry;
+@@ -854,9 +1304,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
  		 * allowed task size. Note that p_filesz must always be
  		 * <= p_memsz so it is only necessary to check p_memsz.
  		 */
@@ -66500,7 +66571,7 @@ index 35240a7..96dd7cf 100644
  			/* set_brk can never work. Avoid overflows. */
  			send_sig(SIGKILL, current, 0);
  			retval = -EINVAL;
-@@ -895,17 +1346,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -895,17 +1345,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
  		goto out_free_dentry;
  	}
  	if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -66552,7 +66623,7 @@ index 35240a7..96dd7cf 100644
  					    load_bias);
  		if (!IS_ERR((void *)elf_entry)) {
  			/*
-@@ -1127,7 +1606,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1127,7 +1605,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
   * Decide what to dump of a segment, part, all or none.
   */
  static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -66561,7 +66632,7 @@ index 35240a7..96dd7cf 100644
  {
  #define FILTER(type)	(mm_flags & (1UL << MMF_DUMP_##type))
  
-@@ -1165,7 +1644,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1165,7 +1643,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
  	if (vma->vm_file == NULL)
  		return 0;
  
@@ -66570,7 +66641,7 @@ index 35240a7..96dd7cf 100644
  		goto whole;
  
  	/*
-@@ -1372,9 +1851,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1372,9 +1850,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
  {
  	elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
  	int i = 0;
@@ -66582,7 +66653,7 @@ index 35240a7..96dd7cf 100644
  	fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
  }
  
-@@ -1383,7 +1862,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
+@@ -1383,7 +1861,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
  {
  	mm_segment_t old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -66591,7 +66662,7 @@ index 35240a7..96dd7cf 100644
  	set_fs(old_fs);
  	fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
  }
-@@ -2007,14 +2486,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2007,14 +2485,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
  }
  
  static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -66608,7 +66679,7 @@ index 35240a7..96dd7cf 100644
  	return size;
  }
  
-@@ -2105,7 +2584,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2105,7 +2583,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  
  	dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
  
@@ -66617,7 +66688,7 @@ index 35240a7..96dd7cf 100644
  	offset += elf_core_extra_data_size();
  	e_shoff = offset;
  
-@@ -2133,7 +2612,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2133,7 +2611,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  		phdr.p_offset = offset;
  		phdr.p_vaddr = vma->vm_start;
  		phdr.p_paddr = 0;
@@ -66626,7 +66697,7 @@ index 35240a7..96dd7cf 100644
  		phdr.p_memsz = vma->vm_end - vma->vm_start;
  		offset += phdr.p_filesz;
  		phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2166,7 +2645,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2166,7 +2644,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  		unsigned long addr;
  		unsigned long end;
  
@@ -66635,7 +66706,7 @@ index 35240a7..96dd7cf 100644
  
  		for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
  			struct page *page;
-@@ -2207,6 +2686,167 @@ out:
+@@ -2207,6 +2685,167 @@ out:
  
  #endif		/* CONFIG_ELF_CORE */
  
@@ -68245,7 +68316,7 @@ index e4141f2..d8263e8 100644
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 diff --git a/fs/exec.c b/fs/exec.c
-index 05f1942..747fc21 100644
+index 05f1942..5ea95e4 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -56,8 +56,20 @@
@@ -68892,13 +68963,13 @@ index 05f1942..747fc21 100644
 +void pax_report_refcount_overflow(struct pt_regs *regs)
 +{
 +	if (current->signal->curr_ip)
-+		printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++		printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
 +				&current->signal->curr_ip, current->comm, task_pid_nr(current),
 +				from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +	else
-+		printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
++		printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
 +				from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
-+	print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
++	print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
 +	preempt_disable();
 +	show_regs(regs);
 +	preempt_enable();
@@ -68957,10 +69028,10 @@ index 05f1942..747fc21 100644
 +static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to_user, const char *type)
 +{
 +	if (current->signal->curr_ip)
-+		printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++		printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
 +			&current->signal->curr_ip, to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
 +	else
-+		printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++		printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
 +			to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
 +	dump_stack();
 +	gr_handle_kernel_exploit();
@@ -69059,7 +69130,7 @@ index 05f1942..747fc21 100644
 +#ifdef CONFIG_PAX_SIZE_OVERFLOW
 +void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
 +{
-+	printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
++	printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
 +	dump_stack();
 +	do_group_exit(SIGKILL);
 +}
@@ -93527,7 +93598,7 @@ index b66c211..13d2915 100644
  static inline void anon_vma_merge(struct vm_area_struct *vma,
  				  struct vm_area_struct *next)
 diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h
-index a964f72..b475afb 100644
+index a964f72..a6d40b4 100644
 --- a/include/linux/scatterlist.h
 +++ b/include/linux/scatterlist.h
 @@ -1,6 +1,7 @@
@@ -93538,19 +93609,26 @@ index a964f72..b475afb 100644
  #include <linux/string.h>
  #include <linux/bug.h>
  #include <linux/mm.h>
-@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
- #ifdef CONFIG_DEBUG_SG
- 	BUG_ON(!virt_addr_valid(buf));
- #endif
+@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg)
+ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
+ 			      unsigned int buflen)
+ {
++	const void *realbuf = buf;
++
 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
-+	if (object_starts_on_stack(buf)) {
-+		void *adjbuf = buf - current->stack + current->lowmem_stack;
-+		sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf));
-+	} else
++	if (object_starts_on_stack(buf))
++		realbuf = buf - current->stack + current->lowmem_stack;
 +#endif
- 	sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++
+ #ifdef CONFIG_DEBUG_SG
+-	BUG_ON(!virt_addr_valid(buf));
++	BUG_ON(!virt_addr_valid(realbuf));
+ #endif
+-	sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++	sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf));
  }
  
+ /*
 diff --git a/include/linux/sched.h b/include/linux/sched.h
 index 91fe6a3..30088db 100644
 --- a/include/linux/sched.h
@@ -95849,6 +95927,19 @@ index 409fafb..efc53b0 100644
  
  	struct device		sdev_gendev,
  				sdev_dev;
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h
+index 20fdfc2..5745712 100644
+--- a/include/scsi/scsi_driver.h
++++ b/include/scsi/scsi_driver.h
+@@ -15,7 +15,7 @@ struct scsi_driver {
+ 	struct device_driver	gendrv;
+ 
+ 	void (*rescan)(struct device *);
+-	int (*done)(struct scsi_cmnd *);
++	unsigned int (*done)(struct scsi_cmnd *);
+ 	int (*eh_action)(struct scsi_cmnd *, int);
+ };
+ #define to_scsi_driver(drv) \
 diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h
 index b797e8f..8e2c3aa 100644
 --- a/include/scsi/scsi_transport_fc.h
@@ -103667,6 +103758,23 @@ index f504027..97a15c0 100644
  
  	bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
  	if (!bd->dbuf)
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
+index 32adb73..ccbd787 100644
+--- a/lib/decompress_unlzma.c
++++ b/lib/decompress_unlzma.c
+@@ -39,10 +39,10 @@
+ 
+ #define	MIN(a, b) (((a) < (b)) ? (a) : (b))
+ 
+-static long long INIT read_int(unsigned char *ptr, int size)
++static unsigned long long INIT read_int(unsigned char *ptr, int size)
+ {
+ 	int i;
+-	long long ret = 0;
++	unsigned long long ret = 0;
+ 
+ 	for (i = 0; i < size; i++)
+ 		ret = (ret << 8) | ptr[size-i-1];
 diff --git a/lib/devres.c b/lib/devres.c
 index 8235331..5881053 100644
 --- a/lib/devres.c
@@ -121055,7 +121163,7 @@ index 0000000..da184c5
 +}
 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
 new file mode 100644
-index 0000000..77f8462
+index 0000000..1d20e32
 --- /dev/null
 +++ b/tools/gcc/gcc-common.h
 @@ -0,0 +1,689 @@
@@ -121219,7 +121327,7 @@ index 0000000..77f8462
 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
 +
 +#if BUILDING_GCC_VERSION == 4005
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++)
 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
 +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
 +#define TODO_rebuild_cgraph_edges 0
@@ -121459,6 +121567,7 @@ index 0000000..77f8462
 +}
 +
 +#define ipa_remove_stmt_references(cnode, stmt)
++
 +typedef union gimple_statement_d gasm;
 +typedef union gimple_statement_d gassign;
 +typedef union gimple_statement_d gcall;
@@ -121480,7 +121589,6 @@ index 0000000..77f8462
 +#define create_var_ann(var)
 +#define TODO_dump_func 0
 +#define TODO_dump_cgraph 0
-+
 +#endif
 +
 +#if BUILDING_GCC_VERSION <= 4009
diff --git a/3.14.45/4435_grsec-mute-warnings.patch b/3.14.45/4435_grsec-mute-warnings.patch
index 558c435..2c2d463 100644
--- a/3.14.45/4435_grsec-mute-warnings.patch
+++ b/3.14.45/4435_grsec-mute-warnings.patch
@@ -29,14 +29,15 @@ warning flags of vanilla kernel versions.
 Acked-by: Christian Heim <phreak@gentoo.org>
 ---
 
---- a/Makefile	2011-11-18 17:50:11.000000000 -0500
-+++ b/Makefile	2011-11-18 17:50:48.000000000 -0500
+diff -Naur a/Makefile b/Makefile
+--- a/Makefile	2015-06-27 15:35:56.363504156 -0400
++++ b/Makefile	2015-06-27 16:41:08.552598625 -0400
 @@ -244,7 +244,7 @@
  
  HOSTCC       = gcc
  HOSTCXX      = g++
--HOSTCFLAGS   = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89
-+HOSTCFLAGS   = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89
+-HOSTCFLAGS   = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks
++HOSTCFLAGS   = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks
  HOSTCFLAGS  += $(call cc-option, -Wno-empty-body)
  HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds
  
diff --git a/3.2.69/0000_README b/3.2.69/0000_README
index 1521b73..05b7791 100644
--- a/3.2.69/0000_README
+++ b/3.2.69/0000_README
@@ -194,7 +194,7 @@ Patch:	1068_linux-3.2.69.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.69
 
-Patch:	4420_grsecurity-3.1-3.2.69-201506232100.patch
+Patch:	4420_grsecurity-3.1-3.2.69-201506262041.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch
index 873b401..ce279a5 100644
--- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch
+++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch
@@ -6836,10 +6836,23 @@ index 1df64a8..aea2a39 100644
  };
  
 diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index c70b3d8..d01c6b3 100644
+index c70b3d8..d7d5b01 100644
 --- a/arch/s390/mm/mmap.c
 +++ b/arch/s390/mm/mmap.c
-@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -60,6 +60,12 @@ static inline int mmap_is_legacy(void)
+ 
+ static unsigned long mmap_rnd(void)
+ {
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++		return 0;
++#endif
++
+ 	if (!(current->flags & PF_RANDOMIZE))
+ 		return 0;
+ 	/* 8MB randomization for mmap_base */
+@@ -92,10 +98,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
  		mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -6862,7 +6875,7 @@ index c70b3d8..d01c6b3 100644
  		mm->get_unmapped_area = arch_get_unmapped_area_topdown;
  		mm->unmap_area = arch_unmap_area_topdown;
  	}
-@@ -175,10 +187,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -175,10 +193,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
  		mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -28417,7 +28430,7 @@ index d0474ad..36e9257 100644
  		extern u32 pnp_bios_is_utter_crap;
  		pnp_bios_is_utter_crap = 1;
 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 351590e..a1132fb 100644
+index 351590e..825bba9 100644
 --- a/arch/x86/mm/fault.c
 +++ b/arch/x86/mm/fault.c
 @@ -13,11 +13,18 @@
@@ -28609,10 +28622,10 @@ index 351590e..a1132fb 100644
 +#ifdef CONFIG_PAX_KERNEXEC
 +	if (init_mm.start_code <= address && address < init_mm.end_code) {
 +		if (current->signal->curr_ip)
-+			printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++			printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
 +					 &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
 +		else
-+			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++			printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
 +					 current->comm, task_pid_nr(current), current_uid(), current_euid());
 +	}
 +#endif
@@ -28787,8 +28800,8 @@ index 351590e..a1132fb 100644
 +			return;
 +		}
 +		if (address < pax_user_shadow_base) {
-+			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
-+			printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip);
++			printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
++			printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip);
 +			show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR);
 +		} else
 +			address -= pax_user_shadow_base;
@@ -49651,7 +49664,7 @@ index 4169c8b..a8b896b 100644
  	ddb_entry->default_relogin_timeout =
  		le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
 diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
-index 831db24..aef1598 100644
+index 831db24..1b88f70 100644
 --- a/drivers/scsi/scsi.c
 +++ b/drivers/scsi/scsi.c
 @@ -655,7 +655,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
@@ -49663,6 +49676,15 @@ index 831db24..aef1598 100644
  
  	/* check if the device is still usable */
  	if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
+@@ -837,7 +837,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd)
+ 
+ 	good_bytes = scsi_bufflen(cmd);
+         if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) {
+-		int old_good_bytes = good_bytes;
++		unsigned int old_good_bytes = good_bytes;
+ 		drv = scsi_cmd_to_driver(cmd);
+ 		if (drv->done)
+ 			good_bytes = drv->done(cmd);
 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
 index f6a464a..797b84d 100644
 --- a/drivers/scsi/scsi_lib.c
@@ -49817,9 +49839,27 @@ index 21a045e..ec89e03 100644
  
  	transport_setup_device(&rport->dev);
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 5c6b5f5..475317d 100644
+index 5c6b5f5..015ec9d 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
+@@ -105,7 +105,7 @@ static void sd_shutdown(struct device *);
+ static int sd_suspend(struct device *, pm_message_t state);
+ static int sd_resume(struct device *);
+ static void sd_rescan(struct device *);
+-static int sd_done(struct scsi_cmnd *);
++static unsigned int sd_done(struct scsi_cmnd *);
+ static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer);
+ static void scsi_disk_release(struct device *cdev);
+ static void sd_print_sense_hdr(struct scsi_disk *, struct scsi_sense_hdr *);
+@@ -1390,7 +1390,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd)
+  *
+  *	Note: potentially run from within an ISR. Must not block.
+  **/
+-static int sd_done(struct scsi_cmnd *SCpnt)
++static unsigned int sd_done(struct scsi_cmnd *SCpnt)
+ {
+ 	int result = SCpnt->result;
+ 	unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt);
 @@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev)
  	device_initialize(&sdkp->dev);
  	sdkp->dev.parent = dev;
@@ -49860,6 +49900,34 @@ index 2d25616..7502cde 100644
  
  	sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
  	if (!sg_proc_sgp)
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
+index 5fc97d2..5f26ccd 100644
+--- a/drivers/scsi/sr.c
++++ b/drivers/scsi/sr.c
+@@ -78,7 +78,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM);
+ static DEFINE_MUTEX(sr_mutex);
+ static int sr_probe(struct device *);
+ static int sr_remove(struct device *);
+-static int sr_done(struct scsi_cmnd *);
++static unsigned int sr_done(struct scsi_cmnd *);
+ 
+ static struct scsi_driver sr_template = {
+ 	.owner			= THIS_MODULE,
+@@ -296,11 +296,11 @@ do_tur:
+  * It will be notified on the end of a SCSI read / write, and will take one
+  * of several actions based on success or failure.
+  */
+-static int sr_done(struct scsi_cmnd *SCpnt)
++static unsigned int sr_done(struct scsi_cmnd *SCpnt)
+ {
+ 	int result = SCpnt->result;
+-	int this_count = scsi_bufflen(SCpnt);
+-	int good_bytes = (result == 0 ? this_count : 0);
++	unsigned int this_count = scsi_bufflen(SCpnt);
++	unsigned int good_bytes = (result == 0 ? this_count : 0);
+ 	int block_sectors = 0;
+ 	long error_sector;
+ 	struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
 diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
 new file mode 100644
 index 0000000..06c9d30
@@ -59288,7 +59356,7 @@ index 451b9b8..12e5a03 100644
  
  out_free_fd:
 diff --git a/fs/exec.c b/fs/exec.c
-index 7adb43f..9b2005c 100644
+index 7adb43f..be703f8 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -55,12 +55,35 @@
@@ -60069,12 +60137,12 @@ index 7adb43f..9b2005c 100644
 +void pax_report_refcount_overflow(struct pt_regs *regs)
 +{
 +	if (current->signal->curr_ip)
-+		printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++		printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
 +				 &current->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
 +	else
-+		printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++		printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
 +				 current->comm, task_pid_nr(current), current_uid(), current_euid());
-+	print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
++	print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
 +	preempt_disable();
 +	show_regs(regs);
 +	preempt_enable();
@@ -60133,10 +60201,10 @@ index 7adb43f..9b2005c 100644
 +static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
 +{
 +	if (current->signal->curr_ip)
-+		printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++		printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
 +			&current->signal->curr_ip, to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len);
 +	else
-+		printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++		printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
 +			to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len);
 +	dump_stack();
 +	gr_handle_kernel_exploit();
@@ -60235,7 +60303,7 @@ index 7adb43f..9b2005c 100644
 +#ifdef CONFIG_PAX_SIZE_OVERFLOW
 +void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
 +{
-+	printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
++	printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
 +	dump_stack();
 +	do_group_exit(SIGKILL);
 +}
@@ -87940,6 +88008,19 @@ index 377ba61..1b6890c 100644
  
  	struct device		sdev_gendev,
  				sdev_dev;
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h
+index 9fd6702..52e04b7 100644
+--- a/include/scsi/scsi_driver.h
++++ b/include/scsi/scsi_driver.h
+@@ -15,7 +15,7 @@ struct scsi_driver {
+ 	struct device_driver	gendrv;
+ 
+ 	void (*rescan)(struct device *);
+-	int (*done)(struct scsi_cmnd *);
++	unsigned int (*done)(struct scsi_cmnd *);
+ };
+ #define to_scsi_driver(drv) \
+ 	container_of((drv), struct scsi_driver, gendrv)
 diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h
 index 2a65167..91e01f8 100644
 --- a/include/scsi/scsi_transport_fc.h
@@ -96477,6 +96558,23 @@ index 6a110e2..799667a 100644
  
  	bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
  	if (!bd->dbuf)
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
+index 476c65a..b4c50e8 100644
+--- a/lib/decompress_unlzma.c
++++ b/lib/decompress_unlzma.c
+@@ -39,10 +39,10 @@
+ 
+ #define	MIN(a, b) (((a) < (b)) ? (a) : (b))
+ 
+-static long long INIT read_int(unsigned char *ptr, int size)
++static unsigned long long INIT read_int(unsigned char *ptr, int size)
+ {
+ 	int i;
+-	long long ret = 0;
++	unsigned long long ret = 0;
+ 
+ 	for (i = 0; i < size; i++)
+ 		ret = (ret << 8) | ptr[size-i-1];
 diff --git a/lib/devres.c b/lib/devres.c
 index 7c0e953..f642b5c 100644
 --- a/lib/devres.c
@@ -116469,7 +116567,7 @@ index 0000000..da184c5
 +}
 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
 new file mode 100644
-index 0000000..77f8462
+index 0000000..1d20e32
 --- /dev/null
 +++ b/tools/gcc/gcc-common.h
 @@ -0,0 +1,689 @@
@@ -116633,7 +116731,7 @@ index 0000000..77f8462
 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
 +
 +#if BUILDING_GCC_VERSION == 4005
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++)
 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
 +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
 +#define TODO_rebuild_cgraph_edges 0
@@ -116873,6 +116971,7 @@ index 0000000..77f8462
 +}
 +
 +#define ipa_remove_stmt_references(cnode, stmt)
++
 +typedef union gimple_statement_d gasm;
 +typedef union gimple_statement_d gassign;
 +typedef union gimple_statement_d gcall;
@@ -116894,7 +116993,6 @@ index 0000000..77f8462
 +#define create_var_ann(var)
 +#define TODO_dump_func 0
 +#define TODO_dump_cgraph 0
-+
 +#endif
 +
 +#if BUILDING_GCC_VERSION <= 4009
diff --git a/4.0.6/0000_README b/4.0.6/0000_README
index 62fb720..00d5c29 100644
--- a/4.0.6/0000_README
+++ b/4.0.6/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.0.6-201506232104.patch
+Patch:	4420_grsecurity-3.1-4.0.6-201506262047.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
index 91512cb..797b7c1 100644
--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch
+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
@@ -53187,6 +53187,34 @@ index 2270bd5..98408a5 100644
  	case BLKTRACESTART:
  		return blk_trace_startstop(sdp->device->request_queue, 1);
  	case BLKTRACESTOP:
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
+index 8bd54a6..dd037a5 100644
+--- a/drivers/scsi/sr.c
++++ b/drivers/scsi/sr.c
+@@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex);
+ static int sr_probe(struct device *);
+ static int sr_remove(struct device *);
+ static int sr_init_command(struct scsi_cmnd *SCpnt);
+-static int sr_done(struct scsi_cmnd *);
++static unsigned int sr_done(struct scsi_cmnd *);
+ static int sr_runtime_suspend(struct device *dev);
+ 
+ static struct dev_pm_ops sr_pm_ops = {
+@@ -312,11 +312,11 @@ do_tur:
+  * It will be notified on the end of a SCSI read / write, and will take one
+  * of several actions based on success or failure.
+  */
+-static int sr_done(struct scsi_cmnd *SCpnt)
++static unsigned int sr_done(struct scsi_cmnd *SCpnt)
+ {
+ 	int result = SCpnt->result;
+-	int this_count = scsi_bufflen(SCpnt);
+-	int good_bytes = (result == 0 ? this_count : 0);
++	unsigned int this_count = scsi_bufflen(SCpnt);
++	unsigned int good_bytes = (result == 0 ? this_count : 0);
+ 	int block_sectors = 0;
+ 	long error_sector;
+ 	struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
 diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c
 index c0d660f..24a5854 100644
 --- a/drivers/soc/tegra/fuse/fuse-tegra.c
@@ -93167,7 +93195,7 @@ index c4c559a..6ba9a26 100644
  static inline void anon_vma_merge(struct vm_area_struct *vma,
  				  struct vm_area_struct *next)
 diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h
-index ed8f9e70..999bc96 100644
+index ed8f9e70..2e627f2 100644
 --- a/include/linux/scatterlist.h
 +++ b/include/linux/scatterlist.h
 @@ -1,6 +1,7 @@
@@ -93178,19 +93206,26 @@ index ed8f9e70..999bc96 100644
  #include <linux/string.h>
  #include <linux/bug.h>
  #include <linux/mm.h>
-@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
- #ifdef CONFIG_DEBUG_SG
- 	BUG_ON(!virt_addr_valid(buf));
- #endif
+@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg)
+ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
+ 			      unsigned int buflen)
+ {
++	const void *realbuf = buf;
++
 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
-+	if (object_starts_on_stack(buf)) {
-+		void *adjbuf = buf - current->stack + current->lowmem_stack;
-+		sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf));
-+	} else
++	if (object_starts_on_stack(buf))
++		realbuf = buf - current->stack + current->lowmem_stack;
 +#endif
- 	sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++
+ #ifdef CONFIG_DEBUG_SG
+-	BUG_ON(!virt_addr_valid(buf));
++	BUG_ON(!virt_addr_valid(realbuf));
+ #endif
+-	sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++	sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf));
  }
  
+ /*
 diff --git a/include/linux/sched.h b/include/linux/sched.h
 index 51348f7..8c8b0ba 100644
 --- a/include/linux/sched.h
@@ -95438,6 +95473,19 @@ index a4c9336..d6f8f34 100644
  
  	struct device		sdev_gendev,
  				sdev_dev;
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h
+index 891a658..fcd68df 100644
+--- a/include/scsi/scsi_driver.h
++++ b/include/scsi/scsi_driver.h
+@@ -14,7 +14,7 @@ struct scsi_driver {
+ 	void (*rescan)(struct device *);
+ 	int (*init_command)(struct scsi_cmnd *);
+ 	void (*uninit_command)(struct scsi_cmnd *);
+-	int (*done)(struct scsi_cmnd *);
++	unsigned int (*done)(struct scsi_cmnd *);
+ 	int (*eh_action)(struct scsi_cmnd *, int);
+ };
+ #define to_scsi_driver(drv) \
 diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h
 index 007a0bc..7188db8 100644
 --- a/include/scsi/scsi_transport_fc.h
@@ -103458,6 +103506,23 @@ index 6dd0335..1e9c239 100644
  
  	bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
  	if (!bd->dbuf)
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
+index 0be83af..4605e93 100644
+--- a/lib/decompress_unlzma.c
++++ b/lib/decompress_unlzma.c
+@@ -39,10 +39,10 @@
+ 
+ #define	MIN(a, b) (((a) < (b)) ? (a) : (b))
+ 
+-static long long INIT read_int(unsigned char *ptr, int size)
++static unsigned long long INIT read_int(unsigned char *ptr, int size)
+ {
+ 	int i;
+-	long long ret = 0;
++	unsigned long long ret = 0;
+ 
+ 	for (i = 0; i < size; i++)
+ 		ret = (ret << 8) | ptr[size-i-1];
 diff --git a/lib/div64.c b/lib/div64.c
 index 4382ad7..08aa558 100644
 --- a/lib/div64.c
author	Anthony G. Basile <blueness@gentoo.org>	2015-06-27 16:59:02 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2015-06-27 16:59:02 -0400
commit	64f3a8be94f41fda576330ff3523e035c3c0ebbd (patch)
tree	c52a387ad2e39ba2f563cb1fdd6f3c84d95b9459
parent	Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-201506232104 (diff)
download	hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.tar.gz hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.tar.bz2 hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.zip