Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--2.6.32/0000_README14
-rw-r--r--2.6.32/1058_linux-2.6.32.59.patch404
-rw-r--r--2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203181400.patch)175
-rw-r--r--3.2.12/0000_README (renamed from 3.2.11/0000_README)6
-rw-r--r--3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch (renamed from 3.2.11/4420_grsecurity-2.9-3.2.11-201203181401.patch)316
-rw-r--r--3.2.12/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.11/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.2.12/4435_grsec-mute-warnings.patch (renamed from 3.2.11/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.2.12/4440_grsec-remove-protected-paths.patch (renamed from 3.2.11/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.2.12/4445_grsec-pax-without-grsec.patch (renamed from 3.2.11/4445_grsec-pax-without-grsec.patch)0
-rw-r--r--3.2.12/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.11/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.2.12/4455_grsec-kconfig-gentoo.patch (renamed from 3.2.11/4455_grsec-kconfig-gentoo.patch)0
-rw-r--r--3.2.12/4460-grsec-kconfig-proc-user.patch (renamed from 3.2.11/4460-grsec-kconfig-proc-user.patch)0
-rw-r--r--3.2.12/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.11/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.2.12/4470_disable-compat_vdso.patch (renamed from 3.2.11/4470_disable-compat_vdso.patch)0
14 files changed, 562 insertions, 353 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index ff587f9..0a02821 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -22,14 +22,18 @@ Patch: 1056_linux-2.6.32.57.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.57
-Patch: 4420_grsecurity-2.9-2.6.32.59-201203181400.patch
+Patch: 1057_linux-2.6.32.58.patch
+From: http://www.kernel.org
+Desc: Linux 2.6.32.58
+
+Patch: 1058_linux-2.6.32.59.patch
+From: http://www.kernel.org
+Desc: Linux 2.6.32.59
+
+Patch: 4420_grsecurity-2.9-2.6.32.59-201203201932.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
-Patch: 4425_grsec_enable_xtpax.patch
-From: Anthony G. Basile <blueness@gentoo.org>
-Desc: Unlock PAX_XATTR_PAX_FLAGS option
-
Patch: 4430_grsec-remove-localversion-grsec.patch
From: Kerin Millar <kerframil@gmail.com>
Desc: Removes grsecurity's localversion-grsec file
diff --git a/2.6.32/1058_linux-2.6.32.59.patch b/2.6.32/1058_linux-2.6.32.59.patch
new file mode 100644
index 0000000..9a17e49
--- /dev/null
+++ b/2.6.32/1058_linux-2.6.32.59.patch
@@ -0,0 +1,404 @@
+diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
+index 1ee596c..20fc9c5 100644
+--- a/arch/ia64/Kconfig
++++ b/arch/ia64/Kconfig
+@@ -502,23 +502,6 @@ config ARCH_PROC_KCORE_TEXT
+ def_bool y
+ depends on PROC_KCORE
+
+-config IA32_SUPPORT
+- bool "Support for Linux/x86 binaries"
+- help
+- IA-64 processors can execute IA-32 (X86) instructions. By
+- saying Y here, the kernel will include IA-32 system call
+- emulation support which makes it possible to transparently
+- run IA-32 Linux binaries on an IA-64 Linux system.
+- If in doubt, say Y.
+-
+-config COMPAT
+- bool
+- depends on IA32_SUPPORT
+- default y
+-
+-config COMPAT_FOR_U64_ALIGNMENT
+- def_bool COMPAT
+-
+ config IA64_MCA_RECOVERY
+ tristate "MCA recovery from errors other than TLB."
+
+diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
+index 43c0aca..aca7fff 100644
+--- a/arch/s390/Kconfig
++++ b/arch/s390/Kconfig
+@@ -188,6 +188,9 @@ config SYSVIPC_COMPAT
+ depends on COMPAT && SYSVIPC
+ default y
+
++config KEYS_COMPAT
++ def_bool y if COMPAT && KEYS
++
+ config AUDIT_ARCH
+ bool
+ default y
+diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c
+index 0b2573a..358e545 100644
+--- a/arch/s390/kernel/setup.c
++++ b/arch/s390/kernel/setup.c
+@@ -57,6 +57,7 @@
+ #include <asm/ptrace.h>
+ #include <asm/sections.h>
+ #include <asm/ebcdic.h>
++#include <asm/compat.h>
+ #include <asm/kvm_virtio.h>
+
+ long psw_kernel_bits = (PSW_BASE_BITS | PSW_MASK_DAT | PSW_ASC_PRIMARY |
+diff --git a/block/bsg.c b/block/bsg.c
+index 7154a7a..e3e3241 100644
+--- a/block/bsg.c
++++ b/block/bsg.c
+@@ -977,7 +977,8 @@ void bsg_unregister_queue(struct request_queue *q)
+
+ mutex_lock(&bsg_mutex);
+ idr_remove(&bsg_minor_idr, bcd->minor);
+- sysfs_remove_link(&q->kobj, "bsg");
++ if (q->kobj.sd)
++ sysfs_remove_link(&q->kobj, "bsg");
+ device_unregister(bcd->class_dev);
+ bcd->class_dev = NULL;
+ kref_put(&bcd->ref, bsg_kref_release_function);
+diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c
+index a2e8977..605d92e 100644
+--- a/drivers/block/xen-blkfront.c
++++ b/drivers/block/xen-blkfront.c
+@@ -942,11 +942,11 @@ static void blkfront_closing(struct xenbus_device *dev)
+ /* Flush gnttab callback work. Must be done with no locks held. */
+ flush_scheduled_work();
+
++ del_gendisk(info->gd);
++
+ blk_cleanup_queue(info->rq);
+ info->rq = NULL;
+
+- del_gendisk(info->gd);
+-
+ out:
+ xenbus_frontend_closed(dev);
+ }
+diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
+index ca5ca5a..da33dce 100644
+--- a/drivers/net/usb/usbnet.c
++++ b/drivers/net/usb/usbnet.c
+@@ -584,6 +584,7 @@ static int unlink_urbs (struct usbnet *dev, struct sk_buff_head *q)
+ entry = (struct skb_data *) skb->cb;
+ urb = entry->urb;
+
++ spin_unlock_irqrestore(&q->lock, flags);
+ // during some PM-driven resume scenarios,
+ // these (async) unlinks complete immediately
+ retval = usb_unlink_urb (urb);
+@@ -591,6 +592,7 @@ static int unlink_urbs (struct usbnet *dev, struct sk_buff_head *q)
+ devdbg (dev, "unlink urb err, %d", retval);
+ else
+ count++;
++ spin_lock_irqsave(&q->lock, flags);
+ }
+ spin_unlock_irqrestore (&q->lock, flags);
+ return count;
+diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
+index 2a9f54a..1f6bb28 100644
+--- a/drivers/watchdog/hpwdt.c
++++ b/drivers/watchdog/hpwdt.c
+@@ -220,7 +220,7 @@ static int __devinit cru_detect(unsigned long map_entry,
+
+ cmn_regs.u1.reax = CRU_BIOS_SIGNATURE_VALUE;
+
+- set_memory_x((unsigned long)bios32_entrypoint, (2 * PAGE_SIZE));
++ set_memory_x((unsigned long)bios32_map, 2);
+ asminline_call(&cmn_regs, bios32_entrypoint);
+
+ if (cmn_regs.u1.ral != 0) {
+@@ -239,7 +239,8 @@ static int __devinit cru_detect(unsigned long map_entry,
+ cru_rom_addr =
+ ioremap(cru_physical_address, cru_length);
+ if (cru_rom_addr) {
+- set_memory_x((unsigned long)cru_rom_addr, cru_length);
++ set_memory_x((unsigned long)cru_rom_addr & PAGE_MASK,
++ (cru_length + PAGE_SIZE - 1) >> PAGE_SHIFT);
+ retval = 0;
+ }
+ }
+diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
+index 1ed37ba..a64fde6 100644
+--- a/fs/binfmt_elf.c
++++ b/fs/binfmt_elf.c
+@@ -1452,7 +1452,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
+ for (i = 1; i < view->n; ++i) {
+ const struct user_regset *regset = &view->regsets[i];
+ do_thread_regset_writeback(t->task, regset);
+- if (regset->core_note_type &&
++ if (regset->core_note_type && regset->get &&
+ (!regset->active || regset->active(t->task, regset))) {
+ int ret;
+ size_t size = regset->n * regset->size;
+diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
+index c3d6182..7c863b5 100644
+--- a/fs/cifs/dir.c
++++ b/fs/cifs/dir.c
+@@ -691,10 +691,26 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
+ * If either that or op not supported returned, follow
+ * the normal lookup.
+ */
+- if ((rc == 0) || (rc == -ENOENT))
++ switch (rc) {
++ case 0:
++ /*
++ * The server may allow us to open things like
++ * FIFOs, but the client isn't set up to deal
++ * with that. If it's not a regular file, just
++ * close it and proceed as if it were a normal
++ * lookup.
++ */
++ if (newInode && !S_ISREG(newInode->i_mode)) {
++ CIFSSMBClose(xid, pTcon, fileHandle);
++ break;
++ }
++ case -ENOENT:
+ posix_open = true;
+- else if ((rc == -EINVAL) || (rc != -EOPNOTSUPP))
++ case -EOPNOTSUPP:
++ break;
++ default:
+ pTcon->broken_posix_open = true;
++ }
+ }
+ if (!posix_open)
+ rc = cifs_get_inode_info_unix(&newInode, full_path,
+diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
+index 7a5f1ac..7e164bb 100644
+--- a/fs/ecryptfs/crypto.c
++++ b/fs/ecryptfs/crypto.c
+@@ -1455,6 +1455,25 @@ static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
+ ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
+ }
+
++void ecryptfs_i_size_init(const char *page_virt, struct inode *inode)
++{
++ struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
++ struct ecryptfs_crypt_stat *crypt_stat;
++ u64 file_size;
++
++ crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
++ mount_crypt_stat =
++ &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
++ if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
++ file_size = i_size_read(ecryptfs_inode_to_lower(inode));
++ if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
++ file_size += crypt_stat->num_header_bytes_at_front;
++ } else
++ file_size = get_unaligned_be64(page_virt);
++ i_size_write(inode, (loff_t)file_size);
++ crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED;
++}
++
+ /**
+ * ecryptfs_read_headers_virt
+ * @page_virt: The virtual address into which to read the headers
+@@ -1485,6 +1504,8 @@ static int ecryptfs_read_headers_virt(char *page_virt,
+ rc = -EINVAL;
+ goto out;
+ }
++ if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED))
++ ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
+ offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
+ rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset),
+ &bytes_read);
+diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
+index 542f625..9685315 100644
+--- a/fs/ecryptfs/ecryptfs_kernel.h
++++ b/fs/ecryptfs/ecryptfs_kernel.h
+@@ -270,6 +270,7 @@ struct ecryptfs_crypt_stat {
+ #define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00001000
+ #define ECRYPTFS_ENCFN_USE_FEK 0x00002000
+ #define ECRYPTFS_UNLINK_SIGS 0x00004000
++#define ECRYPTFS_I_SIZE_INITIALIZED 0x00008000
+ u32 flags;
+ unsigned int file_version;
+ size_t iv_bytes;
+@@ -619,6 +620,7 @@ struct ecryptfs_open_req {
+ int ecryptfs_interpose(struct dentry *hidden_dentry,
+ struct dentry *this_dentry, struct super_block *sb,
+ u32 flags);
++void ecryptfs_i_size_init(const char *page_virt, struct inode *inode);
+ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
+ struct dentry *lower_dentry,
+ struct inode *ecryptfs_dir_inode,
+diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
+index 3015389..502b09f 100644
+--- a/fs/ecryptfs/file.c
++++ b/fs/ecryptfs/file.c
+@@ -237,7 +237,8 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
+ goto out_free;
+ }
+ rc = 0;
+- crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
++ crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
++ | ECRYPTFS_ENCRYPTED);
+ mutex_unlock(&crypt_stat->cs_mutex);
+ goto out;
+ }
+diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
+index 4434e8f..90a6087 100644
+--- a/fs/ecryptfs/inode.c
++++ b/fs/ecryptfs/inode.c
+@@ -256,10 +256,8 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
+ struct dentry *lower_dir_dentry;
+ struct vfsmount *lower_mnt;
+ struct inode *lower_inode;
+- struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
+ struct ecryptfs_crypt_stat *crypt_stat;
+ char *page_virt = NULL;
+- u64 file_size;
+ int rc = 0;
+
+ lower_dir_dentry = lower_dentry->d_parent;
+@@ -334,18 +332,7 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
+ }
+ crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
+ }
+- mount_crypt_stat = &ecryptfs_superblock_to_private(
+- ecryptfs_dentry->d_sb)->mount_crypt_stat;
+- if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
+- if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
+- file_size = (crypt_stat->num_header_bytes_at_front
+- + i_size_read(lower_dentry->d_inode));
+- else
+- file_size = i_size_read(lower_dentry->d_inode);
+- } else {
+- file_size = get_unaligned_be64(page_virt);
+- }
+- i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size);
++ ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
+ out_free_kmem:
+ kmem_cache_free(ecryptfs_header_cache_2, page_virt);
+ goto out;
+@@ -964,7 +951,8 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
+ goto out;
+ }
+ rc = 0;
+- crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
++ crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
++ | ECRYPTFS_ENCRYPTED);
+ }
+ }
+ mutex_unlock(&crypt_stat->cs_mutex);
+diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h
+index b449e73..61e43a6 100644
+--- a/include/linux/backing-dev.h
++++ b/include/linux/backing-dev.h
+@@ -105,6 +105,7 @@ void bdi_start_writeback(struct backing_dev_info *bdi, struct super_block *sb,
+ long nr_pages);
+ int bdi_writeback_task(struct bdi_writeback *wb);
+ int bdi_has_dirty_io(struct backing_dev_info *bdi);
++void bdi_arm_supers_timer(void);
+
+ extern spinlock_t bdi_lock;
+ extern struct list_head bdi_list;
+diff --git a/include/linux/regset.h b/include/linux/regset.h
+index 8abee65..686f373 100644
+--- a/include/linux/regset.h
++++ b/include/linux/regset.h
+@@ -335,8 +335,11 @@ static inline int copy_regset_to_user(struct task_struct *target,
+ {
+ const struct user_regset *regset = &view->regsets[setno];
+
++ if (!regset->get)
++ return -EOPNOTSUPP;
++
+ if (!access_ok(VERIFY_WRITE, data, size))
+- return -EIO;
++ return -EFAULT;
+
+ return regset->get(target, regset, offset, size, NULL, data);
+ }
+@@ -358,8 +361,11 @@ static inline int copy_regset_from_user(struct task_struct *target,
+ {
+ const struct user_regset *regset = &view->regsets[setno];
+
++ if (!regset->set)
++ return -EOPNOTSUPP;
++
+ if (!access_ok(VERIFY_READ, data, size))
+- return -EIO;
++ return -EFAULT;
+
+ return regset->set(target, regset, offset, size, NULL, data);
+ }
+diff --git a/mm/backing-dev.c b/mm/backing-dev.c
+index 67a33a5..d824401 100644
+--- a/mm/backing-dev.c
++++ b/mm/backing-dev.c
+@@ -41,7 +41,6 @@ static struct timer_list sync_supers_timer;
+
+ static int bdi_sync_supers(void *);
+ static void sync_supers_timer_fn(unsigned long);
+-static void arm_supers_timer(void);
+
+ static void bdi_add_default_flusher_task(struct backing_dev_info *bdi);
+
+@@ -242,7 +241,7 @@ static int __init default_bdi_init(void)
+
+ init_timer(&sync_supers_timer);
+ setup_timer(&sync_supers_timer, sync_supers_timer_fn, 0);
+- arm_supers_timer();
++ bdi_arm_supers_timer();
+
+ err = bdi_init(&default_backing_dev_info);
+ if (!err)
+@@ -364,10 +363,13 @@ static int bdi_sync_supers(void *unused)
+ return 0;
+ }
+
+-static void arm_supers_timer(void)
++void bdi_arm_supers_timer(void)
+ {
+ unsigned long next;
+
++ if (!dirty_writeback_interval)
++ return;
++
+ next = msecs_to_jiffies(dirty_writeback_interval * 10) + jiffies;
+ mod_timer(&sync_supers_timer, round_jiffies_up(next));
+ }
+@@ -375,7 +377,7 @@ static void arm_supers_timer(void)
+ static void sync_supers_timer_fn(unsigned long unused)
+ {
+ wake_up_process(sync_supers_tsk);
+- arm_supers_timer();
++ bdi_arm_supers_timer();
+ }
+
+ static int bdi_forker_task(void *ptr)
+@@ -418,7 +420,10 @@ static int bdi_forker_task(void *ptr)
+
+ spin_unlock_bh(&bdi_lock);
+ wait = msecs_to_jiffies(dirty_writeback_interval * 10);
+- schedule_timeout(wait);
++ if (wait)
++ schedule_timeout(wait);
++ else
++ schedule();
+ try_to_freeze();
+ continue;
+ }
+diff --git a/mm/page-writeback.c b/mm/page-writeback.c
+index 2c5d792..52f71ae 100644
+--- a/mm/page-writeback.c
++++ b/mm/page-writeback.c
+@@ -694,6 +694,7 @@ int dirty_writeback_centisecs_handler(ctl_table *table, int write,
+ void __user *buffer, size_t *length, loff_t *ppos)
+ {
+ proc_dointvec(table, write, buffer, length, ppos);
++ bdi_arm_supers_timer();
+ return 0;
+ }
+
diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203181400.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch
index 2e58a75..64b036f 100644
--- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203181400.patch
+++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch
@@ -13536,7 +13536,7 @@ index 61c5874..8a046e9 100644
# include "uaccess_32.h"
#else
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 632fb44..2a195ea 100644
+index 632fb44..bb15d3f 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -12,15 +12,15 @@
@@ -13726,10 +13726,10 @@ index 632fb44..2a195ea 100644
- unsigned long n);
long __must_check strncpy_from_user(char *dst, const char __user *src,
- long count);
-+ unsigned long count) __size_overflow(3);
++ unsigned long count);
long __must_check __strncpy_from_user(char *dst,
- const char __user *src, long count);
-+ const char __user *src, unsigned long count) __size_overflow(3);
++ const char __user *src, unsigned long count);
/**
* strlen_user: - Get the size of a string in user space.
@@ -13746,7 +13746,7 @@ index 632fb44..2a195ea 100644
#endif /* _ASM_X86_UACCESS_32_H */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index db24b21..d0d2413 100644
+index db24b21..7cd829e 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -9,6 +9,9 @@
@@ -14061,14 +14061,14 @@ index db24b21..d0d2413 100644
__must_check long
-strncpy_from_user(char *dst, const char __user *src, long count);
-+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
++strncpy_from_user(char *dst, const char __user *src, unsigned long count);
__must_check long
-__strncpy_from_user(char *dst, const char __user *src, long count);
-__must_check long strnlen_user(const char __user *str, long n);
-__must_check long __strnlen_user(const char __user *str, long n);
-+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
-+__must_check long strnlen_user(const char __user *str, unsigned long n) __size_overflow(2);
-+__must_check long __strnlen_user(const char __user *str, unsigned long n) __size_overflow(2);
++__strncpy_from_user(char *dst, const char __user *src, unsigned long count);
++__must_check long strnlen_user(const char __user *str, unsigned long n);
++__must_check long __strnlen_user(const char __user *str, unsigned long n);
__must_check long strlen_user(const char __user *str);
-__must_check unsigned long clear_user(void __user *mem, unsigned long len);
-__must_check unsigned long __clear_user(void __user *mem, unsigned long len);
@@ -64979,7 +64979,7 @@ index 0133b5a..3710d09 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index a64fde6..66794b9 100644
+index a64fde6..b6699eb 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -31,6 +31,7 @@
@@ -65628,7 +65628,7 @@ index a64fde6..66794b9 100644
+#ifdef CONFIG_PAX_RANDMMAP
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
-+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4);
++ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
+#endif
+
/* Calling set_brk effectively mmaps the pages that we need
@@ -74908,10 +74908,10 @@ index 0000000..1b9afa9
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..dc4812b
+index 0000000..d785922
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,4148 @@
+@@ -0,0 +1,4117 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -76370,40 +76370,28 @@ index 0000000..dc4812b
+ num_sprole_pws = arg->num_sprole_pws;
+ acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
+
-+ if (!acl_special_roles) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!acl_special_roles && num_sprole_pws)
++ return -ENOMEM;
+
+ for (i = 0; i < num_sprole_pws; i++) {
+ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
-+ if (!sptmp) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!sptmp)
++ return -ENOMEM;
+ if (copy_from_user(sptmp, arg->sprole_pws + i,
-+ sizeof (struct sprole_pw))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ sizeof (struct sprole_pw)))
++ return -EFAULT;
+
-+ len =
-+ strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
++ len = strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
+
-+ if (!len || len >= GR_SPROLE_LEN) {
-+ err = -EINVAL;
-+ goto cleanup;
-+ }
++ if (!len || len >= GR_SPROLE_LEN)
++ return -EINVAL;
+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if ((tmp = (char *) acl_alloc(len)) == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(tmp, sptmp->rolename, len))
++ return -EFAULT;
+
-+ if (copy_from_user(tmp, sptmp->rolename, len)) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
+ tmp[len-1] = '\0';
+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
+ printk(KERN_ALERT "Copying special role %s\n", tmp);
@@ -76417,38 +76405,28 @@ index 0000000..dc4812b
+ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
+ r_tmp = acl_alloc(sizeof (struct acl_role_label));
+
-+ if (!r_tmp) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!r_tmp)
++ return -ENOMEM;
+
+ if (copy_from_user(&r_utmp2, r_utmp + r_num,
-+ sizeof (struct acl_role_label *))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ sizeof (struct acl_role_label *)))
++ return -EFAULT;
+
+ if (copy_from_user(r_tmp, r_utmp2,
-+ sizeof (struct acl_role_label))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ sizeof (struct acl_role_label)))
++ return -EFAULT;
+
+ len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
+
-+ if (!len || len >= PATH_MAX) {
-+ err = -EINVAL;
-+ goto cleanup;
-+ }
++ if (!len || len >= PATH_MAX)
++ return -EINVAL;
++
++ if ((tmp = (char *) acl_alloc(len)) == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(tmp, r_tmp->rolename, len))
++ return -EFAULT;
+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
-+ if (copy_from_user(tmp, r_tmp->rolename, len)) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
+ tmp[len-1] = '\0';
+ r_tmp->rolename = tmp;
+
@@ -76459,14 +76437,11 @@ index 0000000..dc4812b
+ kernel_role = r_tmp;
+ }
+
-+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
-+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct)))
++ return -EFAULT;
+
+ r_tmp->hash = ghash;
+
@@ -76477,32 +76452,28 @@ index 0000000..dc4812b
+ (struct acl_subject_label **)
+ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
+
-+ if (!r_tmp->subj_hash) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!r_tmp->subj_hash)
++ return -ENOMEM;
+
+ err = copy_user_allowedips(r_tmp);
+ if (err)
-+ goto cleanup;
++ return err;
+
+ /* copy domain info */
+ if (r_tmp->domain_children != NULL) {
+ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
-+ if (domainlist == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
-+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ if (domainlist == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t)))
++ return -EFAULT;
++
+ r_tmp->domain_children = domainlist;
+ }
+
+ err = copy_user_transitions(r_tmp);
+ if (err)
-+ goto cleanup;
++ return err;
+
+ memset(r_tmp->subj_hash, 0,
+ r_tmp->subj_hash_size *
@@ -76511,7 +76482,7 @@ index 0000000..dc4812b
+ err = copy_user_subjs(r_tmp->hash->first, r_tmp);
+
+ if (err)
-+ goto cleanup;
++ return err;
+
+ /* set nested subject list to null */
+ r_tmp->hash->first = NULL;
@@ -76519,12 +76490,10 @@ index 0000000..dc4812b
+ insert_acl_role_label(r_tmp);
+ }
+
-+ goto return_err;
-+ cleanup:
-+ free_variables();
-+ return_err:
-+ return err;
++ if (default_role == NULL || kernel_role == NULL)
++ return -EINVAL;
+
++ return err;
+}
+
+static int
@@ -84521,7 +84490,7 @@ index e2bd73e..fea8ed3 100644
#endif /* _ASM_GENERIC_PGTABLE_H */
diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
-index b218b85..f0ac13a 100644
+index b218b85..62dbfdc 100644
--- a/include/asm-generic/uaccess.h
+++ b/include/asm-generic/uaccess.h
@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long);
@@ -84566,33 +84535,15 @@ index b218b85..f0ac13a 100644
static inline long copy_to_user(void __user *to,
const void *from, unsigned long n)
{
-@@ -265,6 +272,8 @@ static inline long copy_to_user(void __user *to,
- */
- #ifndef __strncpy_from_user
- static inline long
-+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
-+static inline long
- __strncpy_from_user(char *dst, const char __user *src, long count)
- {
- char *tmp;
-@@ -276,6 +285,8 @@ __strncpy_from_user(char *dst, const char __user *src, long count)
+@@ -276,6 +283,7 @@ __strncpy_from_user(char *dst, const char __user *src, long count)
#endif
static inline long
-+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
+static inline long
strncpy_from_user(char *dst, const char __user *src, long count)
{
if (!access_ok(VERIFY_READ, src, 1))
-@@ -289,6 +300,7 @@ strncpy_from_user(char *dst, const char __user *src, long count)
- * Return 0 on exception, a value greater than N if too long
- */
- #ifndef strnlen_user
-+static inline long strnlen_user(const char __user *src, unsigned long n) __size_overflow(2);
- static inline long strnlen_user(const char __user *src, long n)
- {
- if (!access_ok(VERIFY_READ, src, 1))
-@@ -307,6 +319,8 @@ static inline long strlen_user(const char __user *src)
+@@ -307,6 +315,8 @@ static inline long strlen_user(const char __user *src)
*/
#ifndef __clear_user
static inline __must_check unsigned long
@@ -84601,7 +84552,7 @@ index b218b85..f0ac13a 100644
__clear_user(void __user *to, unsigned long n)
{
memset((void __force *)to, 0, n);
-@@ -315,6 +329,8 @@ __clear_user(void __user *to, unsigned long n)
+@@ -315,6 +325,8 @@ __clear_user(void __user *to, unsigned long n)
#endif
static inline __must_check unsigned long
diff --git a/3.2.11/0000_README b/3.2.12/0000_README
index e078ec7..106e032 100644
--- a/3.2.11/0000_README
+++ b/3.2.12/0000_README
@@ -2,14 +2,10 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9-3.2.11-201203181401.patch
+Patch: 4420_grsecurity-2.9-3.2.12-201203201932.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
-Patch: 4425_grsec_enable_xtpax.patch
-From: Anthony G. Basile <blueness@gentoo.org>
-Desc: Unlock PAX_XATTR_PAX_FLAGS option
-
Patch: 4430_grsec-remove-localversion-grsec.patch
From: Kerin Millar <kerframil@gmail.com>
Desc: Removes grsecurity's localversion-grsec file
diff --git a/3.2.11/4420_grsecurity-2.9-3.2.11-201203181401.patch b/3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch
index 4c91dcc..2ecba26 100644
--- a/3.2.11/4420_grsecurity-2.9-3.2.11-201203181401.patch
+++ b/3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch
@@ -195,7 +195,7 @@ index 81c287f..d456d02 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 4b76371..b091a81 100644
+index 15e80f1..4fb87db 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -4643,18 +4643,9 @@ index f92602e..27060b2 100644
config SPARC64
def_bool 64BIT
diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile
-index ad1fb5d..b117d90 100644
+index eddcfb3..b117d90 100644
--- a/arch/sparc/Makefile
+++ b/arch/sparc/Makefile
-@@ -31,7 +31,7 @@ UTS_MACHINE := sparc
-
- #KBUILD_CFLAGS += -g -pipe -fcall-used-g5 -fcall-used-g7
- KBUILD_CFLAGS += -m32 -pipe -mno-fpu -fcall-used-g5 -fcall-used-g7
--KBUILD_AFLAGS += -m32
-+KBUILD_AFLAGS += -m32 -Wa,-Av8
-
- #LDFLAGS_vmlinux = -N -Ttext 0xf0004000
- # Since 2.5.40, the first stage is left not btfix-ed.
@@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc/oprofile/
# Export what is needed by arch/sparc/boot/Makefile
export VMLINUX_INIT VMLINUX_MAIN
@@ -12308,7 +12299,7 @@ index 36361bf..324f262 100644
#ifdef CONFIG_X86_WP_WORKS_OK
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 566e803..4414921 100644
+index 566e803..dfa5535 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -11,15 +11,15 @@
@@ -12524,10 +12515,10 @@ index 566e803..4414921 100644
long __must_check strncpy_from_user(char *dst, const char __user *src,
- long count);
-+ unsigned long count) __size_overflow(3);
++ unsigned long count);
long __must_check __strncpy_from_user(char *dst,
- const char __user *src, long count);
-+ const char __user *src, unsigned long count) __size_overflow(3);
++ const char __user *src, unsigned long count);
/**
* strlen_user: - Get the size of a string in user space.
@@ -12544,7 +12535,7 @@ index 566e803..4414921 100644
#endif /* _ASM_X86_UACCESS_32_H */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 1c66d30..2582764 100644
+index 1c66d30..8a44920 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -10,6 +10,9 @@
@@ -12909,12 +12900,12 @@ index 1c66d30..2582764 100644
__must_check long
-strncpy_from_user(char *dst, const char __user *src, long count);
-+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
++strncpy_from_user(char *dst, const char __user *src, unsigned long count);
__must_check long
-__strncpy_from_user(char *dst, const char __user *src, long count);
-__must_check long strnlen_user(const char __user *str, long n);
-__must_check long __strnlen_user(const char __user *str, long n);
-+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
++__strncpy_from_user(char *dst, const char __user *src, unsigned long count);
+__must_check long strnlen_user(const char __user *str, unsigned long n);
+__must_check long __strnlen_user(const char __user *str, unsigned long n);
__must_check long strlen_user(const char __user *str);
@@ -21560,22 +21551,6 @@ index 459b58a..9570bc7 100644
len, isum, NULL, errp);
}
EXPORT_SYMBOL(csum_partial_copy_to_user);
-diff --git a/arch/x86/lib/delay.c b/arch/x86/lib/delay.c
-index fc45ba8..e395693 100644
---- a/arch/x86/lib/delay.c
-+++ b/arch/x86/lib/delay.c
-@@ -48,9 +48,9 @@ static void delay_loop(unsigned long loops)
- }
-
- /* TSC based delay: */
--static void delay_tsc(unsigned long loops)
-+static void delay_tsc(unsigned long __loops)
- {
-- unsigned long bclock, now;
-+ u32 bclock, now, loops = __loops;
- int cpu;
-
- preempt_disable();
diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S
index 51f1504..ddac4c1 100644
--- a/arch/x86/lib/getuser.S
@@ -33022,7 +32997,7 @@ index a3bd163..8956575 100644
typedef struct _diva_os_xdi_adapter {
struct list_head link;
diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
-index 2339d73..802ab87 100644
+index 2339d73..802ab87a 100644
--- a/drivers/isdn/i4l/isdn_net.c
+++ b/drivers/isdn/i4l/isdn_net.c
@@ -1901,7 +1901,7 @@ static int isdn_net_header(struct sk_buff *skb, struct net_device *dev,
@@ -35220,7 +35195,7 @@ index 4a518a3..936b334 100644
#define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \
((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next)
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index c8f47f1..5da9840 100644
+index 0cf2351..56c4cef 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -698,17 +698,17 @@ struct rtl8169_private {
@@ -35273,7 +35248,7 @@ index 41e6b33..8e89b0f 100644
/* To mask all all interrupts.*/
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
-index edfa15d..002bfa9 100644
+index 486b404..0d6677d 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
@@ -36146,7 +36121,7 @@ index 76ba8a1..20ca857 100644
/* initialize our int15 lock */
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
-index 1cfbf22..be96487 100644
+index 24f049e..051f66e 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -27,9 +27,9 @@
@@ -37924,7 +37899,7 @@ index ed147c4..94fc3c6 100644
/* core tmem accessor functions */
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
-index 0c1d5c73..88e90a8 100644
+index 03d3528..6bbe82f 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
@@ -37968,7 +37943,7 @@ index 6845228..df77141 100644
core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index e4ddb93..2fc6e0f 100644
+index cdb774b..8753593 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba(
@@ -38010,7 +37985,7 @@ index e4ddb93..2fc6e0f 100644
cmd->t_task_list_num)
atomic_set(&cmd->t_transport_sent, 1);
-@@ -4296,7 +4296,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd)
+@@ -4297,7 +4297,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd)
atomic_set(&cmd->transport_lun_stop, 0);
}
if (!atomic_read(&cmd->t_transport_active) ||
@@ -38019,7 +37994,7 @@ index e4ddb93..2fc6e0f 100644
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
return false;
}
-@@ -4545,7 +4545,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
+@@ -4546,7 +4546,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
{
int ret = 0;
@@ -38028,7 +38003,7 @@ index e4ddb93..2fc6e0f 100644
if (!send_status ||
(cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS))
return 1;
-@@ -4582,7 +4582,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
+@@ -4583,7 +4583,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
*/
if (cmd->data_direction == DMA_TO_DEVICE) {
if (cmd->se_tfo->write_pending_status(cmd) != 0) {
@@ -42059,7 +42034,7 @@ index 79e2ca7..5828ad1 100644
A.out (Assembler.OUTput) is a set of formats for libraries and
executables used in the earliest versions of UNIX. Linux used
diff --git a/fs/aio.c b/fs/aio.c
-index 67e4b90..86cb1d5 100644
+index b9d64d8..86cb1d5 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -119,7 +119,7 @@ static int aio_setup_ring(struct kioctx *ctx)
@@ -42071,69 +42046,7 @@ index 67e4b90..86cb1d5 100644
return -EINVAL;
nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
-@@ -228,12 +228,6 @@ static void __put_ioctx(struct kioctx *ctx)
- call_rcu(&ctx->rcu_head, ctx_rcu_free);
- }
-
--static inline void get_ioctx(struct kioctx *kioctx)
--{
-- BUG_ON(atomic_read(&kioctx->users) <= 0);
-- atomic_inc(&kioctx->users);
--}
--
- static inline int try_get_ioctx(struct kioctx *kioctx)
- {
- return atomic_inc_not_zero(&kioctx->users);
-@@ -273,7 +267,7 @@ static struct kioctx *ioctx_alloc(unsigned nr_events)
- mm = ctx->mm = current->mm;
- atomic_inc(&mm->mm_count);
-
-- atomic_set(&ctx->users, 1);
-+ atomic_set(&ctx->users, 2);
- spin_lock_init(&ctx->ctx_lock);
- spin_lock_init(&ctx->ring_info.ring_lock);
- init_waitqueue_head(&ctx->wait);
-@@ -609,11 +603,16 @@ static void aio_fput_routine(struct work_struct *data)
- fput(req->ki_filp);
-
- /* Link the iocb into the context's free list */
-+ rcu_read_lock();
- spin_lock_irq(&ctx->ctx_lock);
- really_put_req(ctx, req);
-+ /*
-+ * at that point ctx might've been killed, but actual
-+ * freeing is RCU'd
-+ */
- spin_unlock_irq(&ctx->ctx_lock);
-+ rcu_read_unlock();
-
-- put_ioctx(ctx);
- spin_lock_irq(&fput_lock);
- }
- spin_unlock_irq(&fput_lock);
-@@ -644,7 +643,6 @@ static int __aio_put_req(struct kioctx *ctx, struct kiocb *req)
- * this function will be executed w/out any aio kthread wakeup.
- */
- if (unlikely(!fput_atomic(req->ki_filp))) {
-- get_ioctx(ctx);
- spin_lock(&fput_lock);
- list_add(&req->ki_list, &fput_head);
- spin_unlock(&fput_lock);
-@@ -1338,10 +1336,10 @@ SYSCALL_DEFINE2(io_setup, unsigned, nr_events, aio_context_t __user *, ctxp)
- ret = PTR_ERR(ioctx);
- if (!IS_ERR(ioctx)) {
- ret = put_user(ioctx->user_id, ctxp);
-- if (!ret)
-+ if (!ret) {
-+ put_ioctx(ioctx);
- return 0;
--
-- get_ioctx(ioctx); /* io_destroy() expects us to hold a ref */
-+ }
- io_destroy(ioctx);
- }
-
-@@ -1463,22 +1461,27 @@ static ssize_t aio_fsync(struct kiocb *iocb)
+@@ -1461,22 +1461,27 @@ static ssize_t aio_fsync(struct kiocb *iocb)
static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat)
{
ssize_t ret;
@@ -42306,7 +42219,7 @@ index a6395bd..f1e376a 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 6ff96c6..dbf63ee 100644
+index 6ff96c6..b5fb43a 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -42946,7 +42859,7 @@ index 6ff96c6..dbf63ee 100644
+#ifdef CONFIG_PAX_RANDMMAP
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
-+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4);
++ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
+#endif
+
/* Calling set_brk effectively mmaps the pages that we need
@@ -43226,7 +43139,7 @@ index b1fe82c..84da0a9 100644
__bio_for_each_segment(bvec, bio, i, 0) {
char *addr = page_address(bvec->bv_page);
diff --git a/fs/block_dev.c b/fs/block_dev.c
-index b07f1da..9efcb92 100644
+index abe9b48..5df59e8 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -681,7 +681,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
@@ -46930,7 +46843,7 @@ index 637694b..f84a121 100644
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 744e942..a19f203 100644
+index 9680cef..a19f203 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -47091,12 +47004,10 @@ index 744e942..a19f203 100644
audit_inode(pathname, dir);
goto ok;
}
-@@ -2139,7 +2206,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
- /* sayonara */
+@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
-- return ERR_PTR(-ECHILD);
-+ return ERR_PTR(error);
+ return ERR_PTR(error);
+#ifdef CONFIG_GRKERNSEC
+ if (nd->flags & LOOKUP_RCU) {
+ error = -ECHILD;
@@ -47152,15 +47063,6 @@ index 744e942..a19f203 100644
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path->dentry);
-@@ -2238,7 +2336,7 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
- /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
- error = complete_walk(nd);
- if (error)
-- goto exit;
-+ return ERR_PTR(error);
- error = -EISDIR;
- if (S_ISDIR(nd->inode->i_mode))
- goto exit;
@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
*path = nd.path;
return dentry;
@@ -51054,10 +50956,10 @@ index 0000000..1b9afa9
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..2733872
+index 0000000..19b3cba
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,4163 @@
+@@ -0,0 +1,4133 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -51990,6 +51892,7 @@ index 0000000..2733872
+
+ /* release the reference to the real root dentry and vfsmount */
+ path_put(&real_root);
++ memset(&real_root, 0, sizeof(real_root));
+
+ /* free all object hash tables */
+
@@ -52513,40 +52416,28 @@ index 0000000..2733872
+ num_sprole_pws = arg->num_sprole_pws;
+ acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
+
-+ if (!acl_special_roles) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!acl_special_roles && num_sprole_pws)
++ return -ENOMEM;
+
+ for (i = 0; i < num_sprole_pws; i++) {
+ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
-+ if (!sptmp) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!sptmp)
++ return -ENOMEM;
+ if (copy_from_user(sptmp, arg->sprole_pws + i,
-+ sizeof (struct sprole_pw))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ sizeof (struct sprole_pw)))
++ return -EFAULT;
+
-+ len =
-+ strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
++ len = strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
+
-+ if (!len || len >= GR_SPROLE_LEN) {
-+ err = -EINVAL;
-+ goto cleanup;
-+ }
++ if (!len || len >= GR_SPROLE_LEN)
++ return -EINVAL;
+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if ((tmp = (char *) acl_alloc(len)) == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(tmp, sptmp->rolename, len))
++ return -EFAULT;
+
-+ if (copy_from_user(tmp, sptmp->rolename, len)) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
+ tmp[len-1] = '\0';
+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
+ printk(KERN_ALERT "Copying special role %s\n", tmp);
@@ -52560,38 +52451,28 @@ index 0000000..2733872
+ for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
+ r_tmp = acl_alloc(sizeof (struct acl_role_label));
+
-+ if (!r_tmp) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!r_tmp)
++ return -ENOMEM;
+
+ if (copy_from_user(&r_utmp2, r_utmp + r_num,
-+ sizeof (struct acl_role_label *))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ sizeof (struct acl_role_label *)))
++ return -EFAULT;
+
+ if (copy_from_user(r_tmp, r_utmp2,
-+ sizeof (struct acl_role_label))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ sizeof (struct acl_role_label)))
++ return -EFAULT;
+
+ len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
+
-+ if (!len || len >= PATH_MAX) {
-+ err = -EINVAL;
-+ goto cleanup;
-+ }
++ if (!len || len >= PATH_MAX)
++ return -EINVAL;
++
++ if ((tmp = (char *) acl_alloc(len)) == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(tmp, r_tmp->rolename, len))
++ return -EFAULT;
+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
-+ if (copy_from_user(tmp, r_tmp->rolename, len)) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
+ tmp[len-1] = '\0';
+ r_tmp->rolename = tmp;
+
@@ -52602,14 +52483,11 @@ index 0000000..2733872
+ kernel_role = r_tmp;
+ }
+
-+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
-+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct)))
++ return -EFAULT;
+
+ r_tmp->hash = ghash;
+
@@ -52620,32 +52498,28 @@ index 0000000..2733872
+ (struct acl_subject_label **)
+ create_table(&(r_tmp->subj_hash_size), sizeof(void *));
+
-+ if (!r_tmp->subj_hash) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
++ if (!r_tmp->subj_hash)
++ return -ENOMEM;
+
+ err = copy_user_allowedips(r_tmp);
+ if (err)
-+ goto cleanup;
++ return err;
+
+ /* copy domain info */
+ if (r_tmp->domain_children != NULL) {
+ domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
-+ if (domainlist == NULL) {
-+ err = -ENOMEM;
-+ goto cleanup;
-+ }
-+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
-+ err = -EFAULT;
-+ goto cleanup;
-+ }
++ if (domainlist == NULL)
++ return -ENOMEM;
++
++ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t)))
++ return -EFAULT;
++
+ r_tmp->domain_children = domainlist;
+ }
+
+ err = copy_user_transitions(r_tmp);
+ if (err)
-+ goto cleanup;
++ return err;
+
+ memset(r_tmp->subj_hash, 0,
+ r_tmp->subj_hash_size *
@@ -52654,7 +52528,7 @@ index 0000000..2733872
+ err = copy_user_subjs(r_tmp->hash->first, r_tmp);
+
+ if (err)
-+ goto cleanup;
++ return err;
+
+ /* set nested subject list to null */
+ r_tmp->hash->first = NULL;
@@ -52662,12 +52536,10 @@ index 0000000..2733872
+ insert_acl_role_label(r_tmp);
+ }
+
-+ goto return_err;
-+ cleanup:
-+ free_variables();
-+ return_err:
-+ return err;
++ if (default_role == NULL || kernel_role == NULL)
++ return -EINVAL;
+
++ return err;
+}
+
+static int
@@ -60376,7 +60248,7 @@ index 76bff2b..c7a14e2 100644
#endif /* _ASM_GENERIC_PGTABLE_H */
diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
-index ac68c99..b495b0a 100644
+index ac68c99..90d3439 100644
--- a/include/asm-generic/uaccess.h
+++ b/include/asm-generic/uaccess.h
@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long);
@@ -60421,25 +60293,7 @@ index ac68c99..b495b0a 100644
static inline long copy_to_user(void __user *to,
const void *from, unsigned long n)
{
-@@ -265,6 +272,8 @@ static inline long copy_to_user(void __user *to,
- */
- #ifndef __strncpy_from_user
- static inline long
-+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
-+static inline long
- __strncpy_from_user(char *dst, const char __user *src, long count)
- {
- char *tmp;
-@@ -276,6 +285,8 @@ __strncpy_from_user(char *dst, const char __user *src, long count)
- #endif
-
- static inline long
-+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3);
-+static inline long
- strncpy_from_user(char *dst, const char __user *src, long count)
- {
- if (!access_ok(VERIFY_READ, src, 1))
-@@ -309,6 +320,8 @@ static inline long strlen_user(const char __user *src)
+@@ -309,6 +316,8 @@ static inline long strlen_user(const char __user *src)
*/
#ifndef __clear_user
static inline __must_check unsigned long
@@ -60448,7 +60302,7 @@ index ac68c99..b495b0a 100644
__clear_user(void __user *to, unsigned long n)
{
memset((void __force *)to, 0, n);
-@@ -317,6 +330,8 @@ __clear_user(void __user *to, unsigned long n)
+@@ -317,6 +326,8 @@ __clear_user(void __user *to, unsigned long n)
#endif
static inline __must_check unsigned long
@@ -61229,7 +61083,7 @@ index c3da42d..c70e0df 100644
int trace_set_clr_event(const char *system, const char *event, int set);
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
-index 6d18f35..ab71e2c 100644
+index c6f7f6a..aa0f7d3 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
@@ -185,7 +185,7 @@ struct gendisk {
@@ -63758,7 +63612,7 @@ index 92808b8..c28cac4 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index fe86488..1563c1c 100644
+index 6cf8b53..bcce844 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -642,7 +642,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
@@ -63788,7 +63642,7 @@ index fe86488..1563c1c 100644
}
/**
-@@ -1523,7 +1523,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1533,7 +1533,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -75147,10 +75001,10 @@ index 17b5b1c..826d872 100644
}
}
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
-index a5f4e57..910ee6d 100644
+index 8eb6b15..e3db7ab 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
-@@ -1485,7 +1485,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
+@@ -1488,7 +1488,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
nexthdr = ip6h->nexthdr;
offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr);
@@ -76586,10 +76440,10 @@ index 5a65eea..bd913a1 100644
int udp4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 836c4ea..cbb74dc 100644
+index a5521c5..984a2f4 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
-@@ -2149,7 +2149,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -2153,7 +2153,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
p.iph.ttl = 64;
diff --git a/3.2.11/4430_grsec-remove-localversion-grsec.patch b/3.2.12/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.2.11/4430_grsec-remove-localversion-grsec.patch
+++ b/3.2.12/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.11/4435_grsec-mute-warnings.patch b/3.2.12/4435_grsec-mute-warnings.patch
index e85abd6..e85abd6 100644
--- a/3.2.11/4435_grsec-mute-warnings.patch
+++ b/3.2.12/4435_grsec-mute-warnings.patch
diff --git a/3.2.11/4440_grsec-remove-protected-paths.patch b/3.2.12/4440_grsec-remove-protected-paths.patch
index 637934a..637934a 100644
--- a/3.2.11/4440_grsec-remove-protected-paths.patch
+++ b/3.2.12/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.11/4445_grsec-pax-without-grsec.patch b/3.2.12/4445_grsec-pax-without-grsec.patch
index 58301c0..58301c0 100644
--- a/3.2.11/4445_grsec-pax-without-grsec.patch
+++ b/3.2.12/4445_grsec-pax-without-grsec.patch
diff --git a/3.2.11/4450_grsec-kconfig-default-gids.patch b/3.2.12/4450_grsec-kconfig-default-gids.patch
index 123f877..123f877 100644
--- a/3.2.11/4450_grsec-kconfig-default-gids.patch
+++ b/3.2.12/4450_grsec-kconfig-default-gids.patch
diff --git a/3.2.11/4455_grsec-kconfig-gentoo.patch b/3.2.12/4455_grsec-kconfig-gentoo.patch
index 587b7d9..587b7d9 100644
--- a/3.2.11/4455_grsec-kconfig-gentoo.patch
+++ b/3.2.12/4455_grsec-kconfig-gentoo.patch
diff --git a/3.2.11/4460-grsec-kconfig-proc-user.patch b/3.2.12/4460-grsec-kconfig-proc-user.patch
index 2261051..2261051 100644
--- a/3.2.11/4460-grsec-kconfig-proc-user.patch
+++ b/3.2.12/4460-grsec-kconfig-proc-user.patch
diff --git a/3.2.11/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch
index af8b7b8..af8b7b8 100644
--- a/3.2.11/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.2.11/4470_disable-compat_vdso.patch b/3.2.12/4470_disable-compat_vdso.patch
index 4742d01..4742d01 100644
--- a/3.2.11/4470_disable-compat_vdso.patch
+++ b/3.2.12/4470_disable-compat_vdso.patch