diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2014-07-11 08:44:39 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2014-07-11 08:44:39 -0400 |
| commit | e19c6fd24e5309282575add82dc3953761ead349 (patch) | |
| tree | df31b7c5dbbb1abaa95cf4ccf118255b02559972 | |
| parent | Grsec/PaX: 3.0-{3.2.60,3.14.11,3.15.4}-201407081937 (diff) | |
| download | hardened-patchset-e19c6fd24e5309282575add82dc3953761ead349.tar.gz hardened-patchset-e19c6fd24e5309282575add82dc3953761ead349.tar.bz2 hardened-patchset-e19c6fd24e5309282575add82dc3953761ead349.zip | |
Grsec/PaX: 3.0-{3.2.60,3.14.12,3.15.5}-grsecurity-3.0-3.15.5-20140710003620140710
| -rw-r--r-- | 3.14.12/0000_README (renamed from 3.14.11/0000_README) | 2 | ||||
| -rw-r--r-- | 3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch (renamed from 3.14.11/4420_grsecurity-3.0-3.14.11-201407081919.patch) | 289 | ||||
| -rw-r--r-- | 3.14.12/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.11/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.11/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.11/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4435_grsec-mute-warnings.patch (renamed from 3.14.11/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4440_grsec-remove-protected-paths.patch (renamed from 3.14.11/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.11/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.11/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4470_disable-compat_vdso.patch (renamed from 3.14.11/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.14.12/4475_emutramp_default_on.patch (renamed from 3.14.11/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/0000_README (renamed from 3.15.4/0000_README) | 0 | ||||
| -rw-r--r-- | 3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch (renamed from 3.15.4/4420_grsecurity-3.0-3.15.4-201407081937.patch) | 294 | ||||
| -rw-r--r-- | 3.15.5/4425_grsec_remove_EI_PAX.patch (renamed from 3.15.4/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.15.4/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4430_grsec-remove-localversion-grsec.patch (renamed from 3.15.4/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4435_grsec-mute-warnings.patch (renamed from 3.15.4/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4440_grsec-remove-protected-paths.patch (renamed from 3.15.4/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4450_grsec-kconfig-default-gids.patch (renamed from 3.15.4/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.15.4/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4470_disable-compat_vdso.patch (renamed from 3.15.4/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.15.5/4475_emutramp_default_on.patch (renamed from 3.15.4/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.60/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.60/4420_grsecurity-3.0-3.2.60-201407100031.patch (renamed from 3.2.60/4420_grsecurity-3.0-3.2.60-201407081916.patch) | 64 |
24 files changed, 351 insertions, 300 deletions
diff --git a/3.14.11/0000_README b/3.14.12/0000_README index b3b205b..f71dcad 100644 --- a/3.14.11/0000_README +++ b/3.14.12/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.11-201407081919.patch +Patch: 4420_grsecurity-3.0-3.14.12-201407100035.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.11/4420_grsecurity-3.0-3.14.11-201407081919.patch b/3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch index fc0ad0c..3a245d4 100644 --- a/3.14.11/4420_grsecurity-3.0-3.14.11-201407081919.patch +++ b/3.14.12/4420_grsecurity-3.0-3.14.12-201407100035.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index f1bbec5..d78810b 100644 +index 13d8f32..a7a7b9b 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -28955,7 +28955,7 @@ index 3927528..fc19971 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index ee0c3b5..773bb94 100644 +index 8fbd1a7..e046eef 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1776,8 +1776,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) @@ -36346,10 +36346,10 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c -index 4e491d9..c8e18e4 100644 +index dd0dd2d..e59db49 100644 --- a/block/blk-cgroup.c +++ b/block/blk-cgroup.c -@@ -812,7 +812,7 @@ static void blkcg_css_free(struct cgroup_subsys_state *css) +@@ -809,7 +809,7 @@ static void blkcg_css_free(struct cgroup_subsys_state *css) static struct cgroup_subsys_state * blkcg_css_alloc(struct cgroup_subsys_state *parent_css) { @@ -36358,7 +36358,7 @@ index 4e491d9..c8e18e4 100644 struct blkcg *blkcg; if (!parent_css) { -@@ -826,7 +826,7 @@ blkcg_css_alloc(struct cgroup_subsys_state *parent_css) +@@ -823,7 +823,7 @@ blkcg_css_alloc(struct cgroup_subsys_state *parent_css) blkcg->cfq_weight = CFQ_WEIGHT_DEFAULT; blkcg->cfq_leaf_weight = CFQ_WEIGHT_DEFAULT; @@ -39664,7 +39664,7 @@ index 18d4091..434be15 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index de9ef4a..0b29fc9 100644 +index 6d98c37..a592321 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -125,10 +125,10 @@ struct pstate_funcs { @@ -39680,7 +39680,7 @@ index de9ef4a..0b29fc9 100644 struct perf_limits { int no_turbo; -@@ -529,7 +529,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -39689,7 +39689,7 @@ index de9ef4a..0b29fc9 100644 } static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -551,12 +551,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) +@@ -548,12 +548,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { sprintf(cpu->name, "Intel 2nd generation core"); @@ -39707,7 +39707,7 @@ index de9ef4a..0b29fc9 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); } -@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -835,9 +835,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -39720,7 +39720,7 @@ index de9ef4a..0b29fc9 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -851,7 +851,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -39729,7 +39729,7 @@ index de9ef4a..0b29fc9 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -863,11 +863,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -42021,10 +42021,10 @@ index 8a8725c2..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/gpu/vga/vga_switcheroo.c b/drivers/gpu/vga/vga_switcheroo.c -index ec0ae2d..dc0780b 100644 +index 6866448..2ad2b34 100644 --- a/drivers/gpu/vga/vga_switcheroo.c +++ b/drivers/gpu/vga/vga_switcheroo.c -@@ -643,7 +643,7 @@ static int vga_switcheroo_runtime_resume(struct device *dev) +@@ -644,7 +644,7 @@ static int vga_switcheroo_runtime_resume(struct device *dev) /* this version is for the case where the power switch is separate to the device being powered down. */ @@ -42033,7 +42033,7 @@ index ec0ae2d..dc0780b 100644 { /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { -@@ -688,7 +688,7 @@ static int vga_switcheroo_runtime_resume_hdmi_audio(struct device *dev) +@@ -689,7 +689,7 @@ static int vga_switcheroo_runtime_resume_hdmi_audio(struct device *dev) return ret; } @@ -44601,7 +44601,7 @@ index 8c53b09..f1fb2b0 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 8b013f8..93eed41 100644 +index 73aedcb..424968a 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -47773,10 +47773,10 @@ index ea7e70c..bc0c45f 100644 data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled", data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled", diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 8d42fd9..d923d65 100644 +index 16be0c0..eb0bc12 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1365,7 +1365,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1371,7 +1371,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -47785,7 +47785,7 @@ index 8d42fd9..d923d65 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1386,7 +1386,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1392,7 +1392,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -47847,7 +47847,7 @@ index 5028557..91cf394 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h -index e3b885d..7a7de2f 100644 +index 5d45a1a..6f5f041 100644 --- a/drivers/net/wireless/rt2x00/rt2x00.h +++ b/drivers/net/wireless/rt2x00/rt2x00.h @@ -375,7 +375,7 @@ struct rt2x00_intf { @@ -51412,7 +51412,7 @@ index 2ebe47b..3205833 100644 dlci->modem_rx = 0; diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index e36d1f5..9938e3e 100644 +index 28ac3f3..9019b3b 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -115,7 +115,7 @@ struct n_tty_data { @@ -51424,7 +51424,7 @@ index e36d1f5..9938e3e 100644 size_t line_start; /* protected by output lock */ -@@ -2519,6 +2519,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2520,6 +2520,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -51618,7 +51618,7 @@ index a260cde..6b2b5ce 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c -index b5d779c..3622cfe 100644 +index c0f2b3e..7e3f80c 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -897,7 +897,7 @@ static struct uart_driver msm_uart_driver = { @@ -56558,10 +56558,10 @@ index ce25d75..dc09eeb 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 19e7d95..af5756a 100644 +index e609e15..c9fcd97 100644 --- a/fs/aio.c +++ b/fs/aio.c -@@ -375,7 +375,7 @@ static int aio_setup_ring(struct kioctx *ctx) +@@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx) size += sizeof(struct io_event) * nr_events; nr_pages = PFN_UP(size); @@ -59884,52 +59884,10 @@ index 62f024c..a6a1a61 100644 /* locality groups */ diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c -index 594009f..c30cbe2 100644 +index e6574d7..c30cbe2 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c -@@ -389,7 +389,13 @@ static int ext4_alloc_branch(handle_t *handle, struct inode *inode, - return 0; - failed: - for (; i >= 0; i--) { -- if (i != indirect_blks && branch[i].bh) -+ /* -+ * We want to ext4_forget() only freshly allocated indirect -+ * blocks. Buffer for new_blocks[i-1] is at branch[i].bh and -+ * buffer at branch[0].bh is indirect block / inode already -+ * existing before ext4_alloc_branch() was called. -+ */ -+ if (i > 0 && i != indirect_blks && branch[i].bh) - ext4_forget(handle, 1, inode, branch[i].bh, - branch[i].bh->b_blocknr); - ext4_free_blocks(handle, inode, NULL, new_blocks[i], -@@ -1312,16 +1318,24 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, - blk = *i_data; - if (level > 0) { - ext4_lblk_t first2; -+ ext4_lblk_t count2; -+ - bh = sb_bread(inode->i_sb, le32_to_cpu(blk)); - if (!bh) { - EXT4_ERROR_INODE_BLOCK(inode, le32_to_cpu(blk), - "Read failure"); - return -EIO; - } -- first2 = (first > offset) ? first - offset : 0; -+ if (first > offset) { -+ first2 = first - offset; -+ count2 = count; -+ } else { -+ first2 = 0; -+ count2 = count - (offset - first); -+ } - ret = free_hole_blocks(handle, inode, bh, - (__le32 *)bh->b_data, level - 1, -- first2, count - offset, -+ first2, count2, - inode->i_sb->s_blocksize >> 2); - if (ret) { - brelse(bh); -@@ -1331,8 +1345,8 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, +@@ -1345,8 +1345,8 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, if (level == 0 || (bh && all_zeroes((__le32 *)bh->b_data, (__le32 *)bh->b_data + addr_per_block))) { @@ -62817,10 +62775,10 @@ index 15f9d98..082c625 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index 9a914e8..e89c0ea 100644 +index f23a6ca..730ddcc 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c -@@ -1178,7 +1178,7 @@ struct nfsd4_operation { +@@ -1169,7 +1169,7 @@ struct nfsd4_operation { nfsd4op_rsize op_rsize_bop; stateid_getter op_get_currentstateid; stateid_setter op_set_currentstateid; @@ -62830,10 +62788,10 @@ index 9a914e8..e89c0ea 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index bc11bf6..324b058 100644 +index 8657335..cd3e37f 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1531,7 +1531,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1542,7 +1542,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -64620,10 +64578,10 @@ index d4a3574..b421ce9 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index 4677bb7..94067cd 100644 +index 4677bb7..dad3045 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c -@@ -23,6 +23,7 @@ +@@ -23,9 +23,27 @@ #include <linux/nsproxy.h> #include <net/net_namespace.h> #include <linux/seq_file.h> @@ -64631,7 +64589,27 @@ index 4677bb7..94067cd 100644 #include "internal.h" -@@ -36,6 +37,8 @@ static struct net *get_proc_net(const struct inode *inode) ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++static struct seq_operations *ipv6_seq_ops_addr; ++ ++void register_ipv6_seq_ops_addr(struct seq_operations *addr) ++{ ++ ipv6_seq_ops_addr = addr; ++} ++ ++void unregister_ipv6_seq_ops_addr(void) ++{ ++ ipv6_seq_ops_addr = NULL; ++} ++ ++EXPORT_SYMBOL_GPL(register_ipv6_seq_ops_addr); ++EXPORT_SYMBOL_GPL(unregister_ipv6_seq_ops_addr); ++#endif ++ + static inline struct net *PDE_NET(struct proc_dir_entry *pde) + { + return pde->parent->data; +@@ -36,6 +54,8 @@ static struct net *get_proc_net(const struct inode *inode) return maybe_get_net(PDE_NET(PDE(inode))); } @@ -64640,18 +64618,22 @@ index 4677bb7..94067cd 100644 int seq_open_net(struct inode *ino, struct file *f, const struct seq_operations *ops, int size) { -@@ -44,6 +47,10 @@ int seq_open_net(struct inode *ino, struct file *f, +@@ -44,6 +64,14 @@ int seq_open_net(struct inode *ino, struct file *f, BUG_ON(size < sizeof(*p)); + /* only permit access to /proc/net/dev */ -+ if (ops != &dev_seq_ops && gr_proc_is_restricted()) ++ if ( ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ ops != ipv6_seq_ops_addr && ++#endif ++ ops != &dev_seq_ops && gr_proc_is_restricted()) + return -EACCES; + net = get_proc_net(ino); if (net == NULL) return -ENXIO; -@@ -66,6 +73,9 @@ int single_open_net(struct inode *inode, struct file *file, +@@ -66,6 +94,9 @@ int single_open_net(struct inode *inode, struct file *file, int err; struct net *net; @@ -85931,7 +85913,7 @@ index 0c9dc86..a891393 100644 s.version = AUDIT_VERSION_LATEST; s.backlog_wait_time = audit_backlog_wait_time; diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 37e6216..3604797 100644 +index 619b58d..e58d957 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1954,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx, @@ -90844,7 +90826,7 @@ index c0a58be..784c618 100644 if (!retval) { if (old_rlim) diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index aae21e8..58d8c9a 100644 +index c1b26e1..bc7b50d 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -94,7 +94,6 @@ @@ -90884,7 +90866,7 @@ index aae21e8..58d8c9a 100644 #endif /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ -@@ -182,10 +180,8 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -181,10 +179,8 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -90895,7 +90877,7 @@ index aae21e8..58d8c9a 100644 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); -@@ -216,6 +212,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -215,6 +211,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, #endif @@ -90904,7 +90886,7 @@ index aae21e8..58d8c9a 100644 static struct ctl_table kern_table[]; static struct ctl_table vm_table[]; static struct ctl_table fs_table[]; -@@ -230,6 +228,20 @@ extern struct ctl_table epoll_table[]; +@@ -229,6 +227,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -90925,7 +90907,7 @@ index aae21e8..58d8c9a 100644 /* The default sysctl tables: */ static struct ctl_table sysctl_base_table[] = { -@@ -278,6 +290,22 @@ static int max_extfrag_threshold = 1000; +@@ -277,6 +289,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -90948,7 +90930,7 @@ index aae21e8..58d8c9a 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -640,7 +668,7 @@ static struct ctl_table kern_table[] = { +@@ -639,7 +667,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -90957,7 +90939,7 @@ index aae21e8..58d8c9a 100644 }, { .procname = "modules_disabled", -@@ -807,16 +835,20 @@ static struct ctl_table kern_table[] = { +@@ -806,16 +834,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -90979,7 +90961,7 @@ index aae21e8..58d8c9a 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1061,10 +1093,17 @@ static struct ctl_table kern_table[] = { +@@ -1060,10 +1092,17 @@ static struct ctl_table kern_table[] = { */ { .procname = "perf_event_paranoid", @@ -91000,7 +90982,7 @@ index aae21e8..58d8c9a 100644 }, { .procname = "perf_event_mlock_kb", -@@ -1335,6 +1374,13 @@ static struct ctl_table vm_table[] = { +@@ -1334,6 +1373,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -91014,7 +90996,7 @@ index aae21e8..58d8c9a 100644 #else { .procname = "nr_trim_pages", -@@ -1799,6 +1845,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1798,6 +1844,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -91031,7 +91013,7 @@ index aae21e8..58d8c9a 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1904,6 +1960,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1903,6 +1959,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -91040,7 +91022,7 @@ index aae21e8..58d8c9a 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2068,7 +2126,7 @@ int proc_dointvec(struct ctl_table *table, int write, +@@ -2067,7 +2125,7 @@ int proc_dointvec(struct ctl_table *table, int write, static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -91049,7 +91031,7 @@ index aae21e8..58d8c9a 100644 unsigned long tmptaint = get_taint(); int err; -@@ -2096,7 +2154,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -2095,7 +2153,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -91057,7 +91039,7 @@ index aae21e8..58d8c9a 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2105,7 +2162,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2104,7 +2161,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -91065,7 +91047,7 @@ index aae21e8..58d8c9a 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2652,6 +2708,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2651,6 +2707,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -91078,7 +91060,7 @@ index aae21e8..58d8c9a 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2708,5 +2770,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2707,5 +2769,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -91674,10 +91656,10 @@ index fc4da2d..f3e800b 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index f0831c22..4b19cb3 100644 +index fd21e60..eb47c25 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -3400,7 +3400,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -3398,7 +3398,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } @@ -92824,7 +92806,7 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 06a9bc0..cfbba83 100644 +index 30dd626..e0a6729 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2070,15 +2070,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -92869,7 +92851,7 @@ index 06a9bc0..cfbba83 100644 if (ret) goto out; -@@ -2600,6 +2604,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2615,6 +2619,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -92897,7 +92879,7 @@ index 06a9bc0..cfbba83 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2716,6 +2741,11 @@ retry_avoidcopy: +@@ -2731,6 +2756,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -92909,7 +92891,7 @@ index 06a9bc0..cfbba83 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2880,6 +2910,10 @@ retry: +@@ -2895,6 +2925,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -92920,7 +92902,7 @@ index 06a9bc0..cfbba83 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -2910,6 +2944,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2925,6 +2959,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -92931,7 +92913,7 @@ index 06a9bc0..cfbba83 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2923,6 +2961,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2938,6 +2976,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -93234,7 +93216,7 @@ index 33365e9..2234ef9 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 49e930f..90d7ec5 100644 +index 2121d8b8..fa1095a 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -93807,7 +93789,7 @@ index 49e930f..90d7ec5 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3839,6 +4080,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3836,6 +4077,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -93831,7 +93813,7 @@ index 49e930f..90d7ec5 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3869,6 +4127,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3866,6 +4124,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -93862,7 +93844,7 @@ index 49e930f..90d7ec5 100644 #endif /* __PAGETABLE_PMD_FOLDED */ #if !defined(__HAVE_ARCH_GATE_AREA) -@@ -3882,7 +4164,7 @@ static int __init gate_vma_init(void) +@@ -3879,7 +4161,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -93871,7 +93853,7 @@ index 49e930f..90d7ec5 100644 return 0; } -@@ -4016,8 +4298,8 @@ out: +@@ -4013,8 +4295,8 @@ out: return ret; } @@ -93882,7 +93864,7 @@ index 49e930f..90d7ec5 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -4043,8 +4325,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -4040,8 +4322,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -93893,7 +93875,7 @@ index 49e930f..90d7ec5 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -4052,7 +4334,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4049,7 +4331,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -93902,7 +93884,7 @@ index 49e930f..90d7ec5 100644 void *maddr; struct page *page = NULL; -@@ -4111,8 +4393,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4108,8 +4390,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -93913,7 +93895,7 @@ index 49e930f..90d7ec5 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -4122,11 +4404,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -4119,11 +4401,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -93929,10 +93911,10 @@ index 49e930f..90d7ec5 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 56224d9..a74c77e 100644 +index 9c6288a..b0ea97e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -750,6 +750,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, unsigned long vmstart; unsigned long vmend; @@ -93943,7 +93925,7 @@ index 56224d9..a74c77e 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -793,6 +797,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -790,6 +794,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, err = vma_replace_policy(vma, new_pol); if (err) goto out; @@ -93960,7 +93942,7 @@ index 56224d9..a74c77e 100644 } out: -@@ -1256,6 +1270,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1253,6 +1267,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -93978,7 +93960,7 @@ index 56224d9..a74c77e 100644 if (end == start) return 0; -@@ -1484,8 +1509,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1478,8 +1503,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -93988,7 +93970,7 @@ index 56224d9..a74c77e 100644 rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1516,6 +1540,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1510,6 +1534,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -95760,7 +95742,7 @@ index d013dba..d5ae30d 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 4b5d4f6..56dfb0a 100644 +index 7e7f947..254d009 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -95771,7 +95753,7 @@ index 4b5d4f6..56dfb0a 100644 #include <asm/sections.h> #include <asm/tlbflush.h> -@@ -354,7 +355,7 @@ out: +@@ -355,7 +356,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -95780,7 +95762,7 @@ index 4b5d4f6..56dfb0a 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -728,6 +729,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -729,6 +730,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -95791,7 +95773,7 @@ index 4b5d4f6..56dfb0a 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -744,6 +749,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -745,6 +750,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -95804,7 +95786,7 @@ index 4b5d4f6..56dfb0a 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -766,6 +777,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -767,6 +778,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -95825,7 +95807,7 @@ index 4b5d4f6..56dfb0a 100644 void __init __free_pages_bootmem(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -781,6 +806,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) +@@ -782,6 +807,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -95845,7 +95827,7 @@ index 4b5d4f6..56dfb0a 100644 page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -897,8 +935,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -910,8 +948,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -95856,7 +95838,7 @@ index 4b5d4f6..56dfb0a 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -2401,7 +2441,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, +@@ -2414,7 +2454,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, continue; mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -95865,7 +95847,7 @@ index 4b5d4f6..56dfb0a 100644 } } -@@ -6577,4 +6617,4 @@ void dump_page(struct page *page, char *reason) +@@ -6605,4 +6645,4 @@ void dump_page(struct page *page, char *reason) { dump_page_badflags(page, reason, 0); } @@ -96203,7 +96185,7 @@ index 1f18c9d..b550bab 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index b264214..83872cd 100644 +index 6dd8d5f..2482a6d 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -300,10 +300,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) @@ -96232,7 +96214,7 @@ index b264214..83872cd 100644 #endif #if DEBUG -@@ -403,7 +407,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct page *page, +@@ -436,7 +440,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct page *page, * reciprocal_divide(offset, cache->reciprocal_buffer_size) */ static inline unsigned int obj_to_index(const struct kmem_cache *cache, @@ -96241,7 +96223,7 @@ index b264214..83872cd 100644 { u32 offset = (obj - page->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -1489,12 +1493,12 @@ void __init kmem_cache_init(void) +@@ -1536,12 +1540,12 @@ void __init kmem_cache_init(void) */ kmalloc_caches[INDEX_AC] = create_kmalloc_cache("kmalloc-ac", @@ -96256,7 +96238,7 @@ index b264214..83872cd 100644 slab_early_init = 0; -@@ -3428,6 +3432,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, +@@ -3484,6 +3488,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, struct array_cache *ac = cpu_cache_get(cachep); check_irq_off(); @@ -96278,7 +96260,7 @@ index b264214..83872cd 100644 kmemleak_free_recursive(objp, cachep->flags); objp = cache_free_debugcheck(cachep, objp, caller); -@@ -3656,6 +3675,7 @@ void kfree(const void *objp) +@@ -3712,6 +3731,7 @@ void kfree(const void *objp) if (unlikely(ZERO_OR_NULL_PTR(objp))) return; @@ -96286,7 +96268,7 @@ index b264214..83872cd 100644 local_irq_save(flags); kfree_debugcheck(objp); c = virt_to_cache(objp); -@@ -4097,14 +4117,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) +@@ -4153,14 +4173,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) } /* cpu stats */ { @@ -96313,7 +96295,7 @@ index b264214..83872cd 100644 #endif } -@@ -4334,13 +4362,69 @@ static const struct file_operations proc_slabstats_operations = { +@@ -4381,13 +4409,69 @@ static const struct file_operations proc_slabstats_operations = { static int __init slab_proc_init(void) { #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -98136,7 +98118,7 @@ index 6afa3b4..7a14180 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index d4b7702..7122922 100644 +index 27ae841..e5a8343 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -625,7 +625,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, @@ -98177,7 +98159,7 @@ index d4b7702..7122922 100644 if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; -@@ -857,7 +859,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -852,7 +854,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; @@ -100579,7 +100561,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..285086c 100644 +index 6c7fa08..8a31430 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -100600,7 +100582,32 @@ index 6c7fa08..285086c 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -4146,7 +4146,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -3528,16 +3528,23 @@ static const struct file_operations if6_fops = { + .release = seq_release_net, + }; + ++extern void register_ipv6_seq_ops_addr(struct seq_operations *addr); ++extern void unregister_ipv6_seq_ops_addr(void); ++ + static int __net_init if6_proc_net_init(struct net *net) + { +- if (!proc_create("if_inet6", S_IRUGO, net->proc_net, &if6_fops)) ++ register_ipv6_seq_ops_addr(&if6_seq_ops); ++ if (!proc_create("if_inet6", S_IRUGO, net->proc_net, &if6_fops)) { ++ unregister_ipv6_seq_ops_addr(); + return -ENOMEM; ++ } + return 0; + } + + static void __net_exit if6_proc_net_exit(struct net *net) + { + remove_proc_entry("if_inet6", net->proc_net); ++ unregister_ipv6_seq_ops_addr(); + } + + static struct pernet_operations if6_proc_net_ops = { +@@ -4146,7 +4153,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -100609,7 +100616,7 @@ index 6c7fa08..285086c 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4758,7 +4758,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4758,7 +4765,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -100618,7 +100625,7 @@ index 6c7fa08..285086c 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4779,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4779,7 +4786,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -100627,7 +100634,7 @@ index 6c7fa08..285086c 100644 int ret; /* -@@ -4864,7 +4864,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4864,7 +4871,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; diff --git a/3.14.11/4425_grsec_remove_EI_PAX.patch b/3.14.12/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.11/4425_grsec_remove_EI_PAX.patch +++ b/3.14.12/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.11/4427_force_XATTR_PAX_tmpfs.patch b/3.14.12/4427_force_XATTR_PAX_tmpfs.patch index 3db2112..3db2112 100644 --- a/3.14.11/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.12/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.11/4430_grsec-remove-localversion-grsec.patch b/3.14.12/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.11/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.12/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.11/4435_grsec-mute-warnings.patch b/3.14.12/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.11/4435_grsec-mute-warnings.patch +++ b/3.14.12/4435_grsec-mute-warnings.patch diff --git a/3.14.11/4440_grsec-remove-protected-paths.patch b/3.14.12/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.11/4440_grsec-remove-protected-paths.patch +++ b/3.14.12/4440_grsec-remove-protected-paths.patch diff --git a/3.14.11/4450_grsec-kconfig-default-gids.patch b/3.14.12/4450_grsec-kconfig-default-gids.patch index af218a8..af218a8 100644 --- a/3.14.11/4450_grsec-kconfig-default-gids.patch +++ b/3.14.12/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.11/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.12/4465_selinux-avc_audit-log-curr_ip.patch index fb528d0..fb528d0 100644 --- a/3.14.11/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.12/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.11/4470_disable-compat_vdso.patch b/3.14.12/4470_disable-compat_vdso.patch index 677174c..677174c 100644 --- a/3.14.11/4470_disable-compat_vdso.patch +++ b/3.14.12/4470_disable-compat_vdso.patch diff --git a/3.14.11/4475_emutramp_default_on.patch b/3.14.12/4475_emutramp_default_on.patch index 015c7c1..015c7c1 100644 --- a/3.14.11/4475_emutramp_default_on.patch +++ b/3.14.12/4475_emutramp_default_on.patch diff --git a/3.15.4/0000_README b/3.15.5/0000_README index a26acbb..a26acbb 100644 --- a/3.15.4/0000_README +++ b/3.15.5/0000_README diff --git a/3.15.4/4420_grsecurity-3.0-3.15.4-201407081937.patch b/3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch index fbbdd34..9936204 100644 --- a/3.15.4/4420_grsecurity-3.0-3.15.4-201407081937.patch +++ b/3.15.5/4420_grsecurity-3.0-3.15.5-201407100036.patch @@ -287,7 +287,7 @@ index 30a8ad0d..2ed9efd 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 25ecc1d..184bee9 100644 +index e6b01ed..74dbc85 100644 --- a/Makefile +++ b/Makefile @@ -246,7 +246,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -28481,7 +28481,7 @@ index 138ceff..2e584f0 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 20316c6..9b3dddc 100644 +index 5521f7c..691b7a3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1822,8 +1822,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) @@ -35859,10 +35859,10 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c -index 1039fb9..d7c0d9a 100644 +index 95ee425..c9c7237 100644 --- a/block/blk-cgroup.c +++ b/block/blk-cgroup.c -@@ -825,7 +825,7 @@ static void blkcg_css_free(struct cgroup_subsys_state *css) +@@ -822,7 +822,7 @@ static void blkcg_css_free(struct cgroup_subsys_state *css) static struct cgroup_subsys_state * blkcg_css_alloc(struct cgroup_subsys_state *parent_css) { @@ -35871,7 +35871,7 @@ index 1039fb9..d7c0d9a 100644 struct blkcg *blkcg; if (!parent_css) { -@@ -839,7 +839,7 @@ blkcg_css_alloc(struct cgroup_subsys_state *parent_css) +@@ -836,7 +836,7 @@ blkcg_css_alloc(struct cgroup_subsys_state *parent_css) blkcg->cfq_weight = CFQ_WEIGHT_DEFAULT; blkcg->cfq_leaf_weight = CFQ_WEIGHT_DEFAULT; @@ -39194,7 +39194,7 @@ index 18d4091..434be15 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index db2e45b..72c7d37 100644 +index fcd0c92..7b736c2 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -125,10 +125,10 @@ struct pstate_funcs { @@ -39210,7 +39210,7 @@ index db2e45b..72c7d37 100644 struct perf_limits { int no_turbo; -@@ -529,7 +529,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -39219,7 +39219,7 @@ index db2e45b..72c7d37 100644 } static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -551,12 +551,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) +@@ -548,12 +548,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { sprintf(cpu->name, "Intel 2nd generation core"); @@ -39237,7 +39237,7 @@ index db2e45b..72c7d37 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); } -@@ -841,9 +841,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -39250,7 +39250,7 @@ index db2e45b..72c7d37 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -857,7 +857,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -39259,7 +39259,7 @@ index db2e45b..72c7d37 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -869,11 +869,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -39984,7 +39984,7 @@ index d8b7099..8a314a5 100644 diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c old mode 100644 new mode 100755 -index 03711d0..9960928a +index 8218078..9960928a --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -233,7 +233,7 @@ module_exit(drm_core_exit); @@ -40005,17 +40005,6 @@ index 03711d0..9960928a unsigned int nr = DRM_IOCTL_NR(cmd); int retcode = -EINVAL; char stack_kdata[128]; -@@ -419,8 +419,9 @@ long drm_ioctl(struct file *filp, - retcode = -EFAULT; - goto err_i1; - } -- } else -+ } else if (cmd & IOC_OUT) { - memset(kdata, 0, usize); -+ } - - if (ioctl->flags & DRM_UNLOCKED) - retcode = func(dev, kdata, file_priv); diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c index e1eba0b..98f69f9 100644 --- a/drivers/gpu/drm/drm_fops.c @@ -41424,10 +41413,10 @@ index 8a8725c2..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/gpu/vga/vga_switcheroo.c b/drivers/gpu/vga/vga_switcheroo.c -index ec0ae2d..dc0780b 100644 +index 6866448..2ad2b34 100644 --- a/drivers/gpu/vga/vga_switcheroo.c +++ b/drivers/gpu/vga/vga_switcheroo.c -@@ -643,7 +643,7 @@ static int vga_switcheroo_runtime_resume(struct device *dev) +@@ -644,7 +644,7 @@ static int vga_switcheroo_runtime_resume(struct device *dev) /* this version is for the case where the power switch is separate to the device being powered down. */ @@ -41436,7 +41425,7 @@ index ec0ae2d..dc0780b 100644 { /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { -@@ -688,7 +688,7 @@ static int vga_switcheroo_runtime_resume_hdmi_audio(struct device *dev) +@@ -689,7 +689,7 @@ static int vga_switcheroo_runtime_resume_hdmi_audio(struct device *dev) return ret; } @@ -43937,7 +43926,7 @@ index 455e649..1f214be 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 2382cfc..0d7e551 100644 +index 9a18209..ec4d3ec 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -47138,10 +47127,10 @@ index 6a6df71..eb5c93a 100644 data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled", data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled", diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 2365553..97126d8 100644 +index 295b24c..cb4f823 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1552,7 +1552,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1558,7 +1558,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -47150,7 +47139,7 @@ index 2365553..97126d8 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1573,7 +1573,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1579,7 +1579,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -47212,7 +47201,7 @@ index 39d22a1..4ec8612 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h -index e3b885d..7a7de2f 100644 +index 5d45a1a..6f5f041 100644 --- a/drivers/net/wireless/rt2x00/rt2x00.h +++ b/drivers/net/wireless/rt2x00/rt2x00.h @@ -375,7 +375,7 @@ struct rt2x00_intf { @@ -49681,10 +49670,10 @@ index 13e8983..d306a68 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index efcbcd1..aeaf26e 100644 +index bffbd4b..cb1b68a 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2968,7 +2968,7 @@ static int sd_probe(struct device *dev) +@@ -2971,7 +2971,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -50796,7 +50785,7 @@ index 2ebe47b..3205833 100644 dlci->modem_rx = 0; diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index fe9d129..477300f 100644 +index 0391f17..31fa586 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -115,7 +115,7 @@ struct n_tty_data { @@ -50808,7 +50797,7 @@ index fe9d129..477300f 100644 size_t line_start; /* protected by output lock */ -@@ -2516,6 +2516,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2517,6 +2517,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -51002,7 +50991,7 @@ index a260cde..6b2b5ce 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c -index 053b98e..86742e5 100644 +index 7307dc4..ce4fe90 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c @@ -1026,7 +1026,7 @@ static struct uart_driver msm_uart_driver = { @@ -59304,52 +59293,10 @@ index f542e48..c0275f5 100644 /* locality groups */ diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c -index 594009f..c30cbe2 100644 +index e6574d7..c30cbe2 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c -@@ -389,7 +389,13 @@ static int ext4_alloc_branch(handle_t *handle, struct inode *inode, - return 0; - failed: - for (; i >= 0; i--) { -- if (i != indirect_blks && branch[i].bh) -+ /* -+ * We want to ext4_forget() only freshly allocated indirect -+ * blocks. Buffer for new_blocks[i-1] is at branch[i].bh and -+ * buffer at branch[0].bh is indirect block / inode already -+ * existing before ext4_alloc_branch() was called. -+ */ -+ if (i > 0 && i != indirect_blks && branch[i].bh) - ext4_forget(handle, 1, inode, branch[i].bh, - branch[i].bh->b_blocknr); - ext4_free_blocks(handle, inode, NULL, new_blocks[i], -@@ -1312,16 +1318,24 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, - blk = *i_data; - if (level > 0) { - ext4_lblk_t first2; -+ ext4_lblk_t count2; -+ - bh = sb_bread(inode->i_sb, le32_to_cpu(blk)); - if (!bh) { - EXT4_ERROR_INODE_BLOCK(inode, le32_to_cpu(blk), - "Read failure"); - return -EIO; - } -- first2 = (first > offset) ? first - offset : 0; -+ if (first > offset) { -+ first2 = first - offset; -+ count2 = count; -+ } else { -+ first2 = 0; -+ count2 = count - (offset - first); -+ } - ret = free_hole_blocks(handle, inode, bh, - (__le32 *)bh->b_data, level - 1, -- first2, count - offset, -+ first2, count2, - inode->i_sb->s_blocksize >> 2); - if (ret) { - brelse(bh); -@@ -1331,8 +1345,8 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, +@@ -1345,8 +1345,8 @@ static int free_hole_blocks(handle_t *handle, struct inode *inode, if (level == 0 || (bh && all_zeroes((__le32 *)bh->b_data, (__le32 *)bh->b_data + addr_per_block))) { @@ -62237,10 +62184,10 @@ index c79f3e7..d61d671 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index d543222..2cfa2a2 100644 +index 95e3720..46c23fa 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c -@@ -1178,7 +1178,7 @@ struct nfsd4_operation { +@@ -1169,7 +1169,7 @@ struct nfsd4_operation { nfsd4op_rsize op_rsize_bop; stateid_getter op_get_currentstateid; stateid_setter op_set_currentstateid; @@ -62250,10 +62197,10 @@ index d543222..2cfa2a2 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index b4c4958..04687ad 100644 +index 3297158..7bb8436 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1530,7 +1530,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1541,7 +1541,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -64021,10 +63968,10 @@ index d4a3574..b421ce9 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index 4677bb7..94067cd 100644 +index 4677bb7..dad3045 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c -@@ -23,6 +23,7 @@ +@@ -23,9 +23,27 @@ #include <linux/nsproxy.h> #include <net/net_namespace.h> #include <linux/seq_file.h> @@ -64032,7 +63979,27 @@ index 4677bb7..94067cd 100644 #include "internal.h" -@@ -36,6 +37,8 @@ static struct net *get_proc_net(const struct inode *inode) ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++static struct seq_operations *ipv6_seq_ops_addr; ++ ++void register_ipv6_seq_ops_addr(struct seq_operations *addr) ++{ ++ ipv6_seq_ops_addr = addr; ++} ++ ++void unregister_ipv6_seq_ops_addr(void) ++{ ++ ipv6_seq_ops_addr = NULL; ++} ++ ++EXPORT_SYMBOL_GPL(register_ipv6_seq_ops_addr); ++EXPORT_SYMBOL_GPL(unregister_ipv6_seq_ops_addr); ++#endif ++ + static inline struct net *PDE_NET(struct proc_dir_entry *pde) + { + return pde->parent->data; +@@ -36,6 +54,8 @@ static struct net *get_proc_net(const struct inode *inode) return maybe_get_net(PDE_NET(PDE(inode))); } @@ -64041,18 +64008,22 @@ index 4677bb7..94067cd 100644 int seq_open_net(struct inode *ino, struct file *f, const struct seq_operations *ops, int size) { -@@ -44,6 +47,10 @@ int seq_open_net(struct inode *ino, struct file *f, +@@ -44,6 +64,14 @@ int seq_open_net(struct inode *ino, struct file *f, BUG_ON(size < sizeof(*p)); + /* only permit access to /proc/net/dev */ -+ if (ops != &dev_seq_ops && gr_proc_is_restricted()) ++ if ( ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ ops != ipv6_seq_ops_addr && ++#endif ++ ops != &dev_seq_ops && gr_proc_is_restricted()) + return -EACCES; + net = get_proc_net(ino); if (net == NULL) return -ENXIO; -@@ -66,6 +73,9 @@ int single_open_net(struct inode *inode, struct file *file, +@@ -66,6 +94,9 @@ int single_open_net(struct inode *inode, struct file *file, int err; struct net *net; @@ -84061,10 +84032,10 @@ index 52beadf..598734c 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 5853c91..1e355a8 100644 +index 27ab310..60dc245 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -186,9 +186,9 @@ struct scsi_device { +@@ -187,9 +187,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -90358,7 +90329,7 @@ index fba0f29..84400e2 100644 if (!retval) { if (old_rlim) diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 74f5b58..65ba165 100644 +index 0e0373f..69f5181 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -94,7 +94,6 @@ @@ -90399,7 +90370,7 @@ index 74f5b58..65ba165 100644 #endif /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ -@@ -179,10 +179,8 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -178,10 +178,8 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -90410,7 +90381,7 @@ index 74f5b58..65ba165 100644 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); -@@ -213,6 +211,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -212,6 +210,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, #endif @@ -90419,7 +90390,7 @@ index 74f5b58..65ba165 100644 static struct ctl_table kern_table[]; static struct ctl_table vm_table[]; static struct ctl_table fs_table[]; -@@ -227,6 +227,20 @@ extern struct ctl_table epoll_table[]; +@@ -226,6 +226,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -90440,7 +90411,7 @@ index 74f5b58..65ba165 100644 /* The default sysctl tables: */ static struct ctl_table sysctl_base_table[] = { -@@ -275,6 +289,22 @@ static int max_extfrag_threshold = 1000; +@@ -274,6 +288,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -90463,7 +90434,7 @@ index 74f5b58..65ba165 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -630,7 +660,7 @@ static struct ctl_table kern_table[] = { +@@ -629,7 +659,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -90472,7 +90443,7 @@ index 74f5b58..65ba165 100644 }, { .procname = "modules_disabled", -@@ -797,16 +827,20 @@ static struct ctl_table kern_table[] = { +@@ -796,16 +826,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -90494,7 +90465,7 @@ index 74f5b58..65ba165 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1051,10 +1085,17 @@ static struct ctl_table kern_table[] = { +@@ -1050,10 +1084,17 @@ static struct ctl_table kern_table[] = { */ { .procname = "perf_event_paranoid", @@ -90515,7 +90486,7 @@ index 74f5b58..65ba165 100644 }, { .procname = "perf_event_mlock_kb", -@@ -1316,6 +1357,13 @@ static struct ctl_table vm_table[] = { +@@ -1315,6 +1356,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -90529,7 +90500,7 @@ index 74f5b58..65ba165 100644 #else { .procname = "nr_trim_pages", -@@ -1780,6 +1828,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1779,6 +1827,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -90546,7 +90517,7 @@ index 74f5b58..65ba165 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1885,6 +1943,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1884,6 +1942,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -90555,7 +90526,7 @@ index 74f5b58..65ba165 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2049,7 +2109,7 @@ int proc_dointvec(struct ctl_table *table, int write, +@@ -2048,7 +2108,7 @@ int proc_dointvec(struct ctl_table *table, int write, static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -90564,7 +90535,7 @@ index 74f5b58..65ba165 100644 unsigned long tmptaint = get_taint(); int err; -@@ -2077,7 +2137,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -2076,7 +2136,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -90572,7 +90543,7 @@ index 74f5b58..65ba165 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2086,7 +2145,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2085,7 +2144,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -90580,7 +90551,7 @@ index 74f5b58..65ba165 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2633,6 +2691,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2632,6 +2690,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -90593,7 +90564,7 @@ index 74f5b58..65ba165 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2689,5 +2753,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2688,5 +2752,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -91225,10 +91196,10 @@ index c634868..00d0d19 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index e916972..e87f285 100644 +index 1848dc6..5fc244c 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -3449,7 +3449,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -3447,7 +3447,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } @@ -92303,7 +92274,7 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index c82290b..863d466 100644 +index a646f15..f55da4c 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2107,6 +2107,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -92350,7 +92321,7 @@ index c82290b..863d466 100644 if (ret) goto out; -@@ -2639,6 +2643,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2654,6 +2658,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -92378,7 +92349,7 @@ index c82290b..863d466 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2756,6 +2781,11 @@ retry_avoidcopy: +@@ -2771,6 +2796,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -92390,7 +92361,7 @@ index c82290b..863d466 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2915,6 +2945,10 @@ retry: +@@ -2930,6 +2960,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -92401,7 +92372,7 @@ index c82290b..863d466 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -2981,6 +3015,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2996,6 +3030,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, struct hstate *h = hstate_vma(vma); struct address_space *mapping; @@ -92412,7 +92383,7 @@ index c82290b..863d466 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2994,6 +3032,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3009,6 +3047,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -92755,7 +92726,7 @@ index eb8fb72..ae36cf3 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 037b812..948123c 100644 +index e302ae1..c0ef712 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -413,6 +413,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -93343,7 +93314,7 @@ index 037b812..948123c 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -4003,6 +4251,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -4000,6 +4248,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -93367,7 +93338,7 @@ index 037b812..948123c 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -4033,6 +4298,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -4030,6 +4295,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -93398,7 +93369,7 @@ index 037b812..948123c 100644 #endif /* __PAGETABLE_PMD_FOLDED */ #if !defined(__HAVE_ARCH_GATE_AREA) -@@ -4046,7 +4335,7 @@ static int __init gate_vma_init(void) +@@ -4043,7 +4332,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -93407,7 +93378,7 @@ index 037b812..948123c 100644 return 0; } -@@ -4180,8 +4469,8 @@ out: +@@ -4177,8 +4466,8 @@ out: return ret; } @@ -93418,7 +93389,7 @@ index 037b812..948123c 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -4207,8 +4496,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -4204,8 +4493,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -93429,7 +93400,7 @@ index 037b812..948123c 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -4216,7 +4505,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4213,7 +4502,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -93438,7 +93409,7 @@ index 037b812..948123c 100644 void *maddr; struct page *page = NULL; -@@ -4275,8 +4564,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4272,8 +4561,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -93449,7 +93420,7 @@ index 037b812..948123c 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -4286,11 +4575,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -4283,11 +4572,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -93465,10 +93436,10 @@ index 037b812..948123c 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 30cc47f8..c12ef34 100644 +index 35f9f91..bed4575 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -750,6 +750,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, unsigned long vmstart; unsigned long vmend; @@ -93479,7 +93450,7 @@ index 30cc47f8..c12ef34 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -793,6 +797,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -790,6 +794,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, err = vma_replace_policy(vma, new_pol); if (err) goto out; @@ -93496,7 +93467,7 @@ index 30cc47f8..c12ef34 100644 } out: -@@ -1225,6 +1239,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1222,6 +1236,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -93514,7 +93485,7 @@ index 30cc47f8..c12ef34 100644 if (end == start) return 0; -@@ -1453,8 +1478,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1447,8 +1472,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -93524,7 +93495,7 @@ index 30cc47f8..c12ef34 100644 rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1485,6 +1509,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1479,6 +1503,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -95216,7 +95187,7 @@ index 05f1180..c3cde48 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 85f8d66..b3375fa 100644 +index 431fd7c..8674512 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -67,7 +67,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; @@ -95296,7 +95267,7 @@ index 154af21..86e447f 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 56eb0eb..bb5e928 100644 +index d64f5f9..9005ab5 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -95307,7 +95278,7 @@ index 56eb0eb..bb5e928 100644 #include <asm/sections.h> #include <asm/tlbflush.h> -@@ -355,7 +356,7 @@ out: +@@ -356,7 +357,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -95316,7 +95287,7 @@ index 56eb0eb..bb5e928 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -729,6 +730,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -730,6 +731,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -95327,7 +95298,7 @@ index 56eb0eb..bb5e928 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -745,6 +750,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -746,6 +751,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -95340,7 +95311,7 @@ index 56eb0eb..bb5e928 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -767,6 +778,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -768,6 +779,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -95361,7 +95332,7 @@ index 56eb0eb..bb5e928 100644 void __init __free_pages_bootmem(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -782,6 +807,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) +@@ -783,6 +808,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -95381,7 +95352,7 @@ index 56eb0eb..bb5e928 100644 page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -898,8 +936,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -911,8 +949,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -95392,7 +95363,7 @@ index 56eb0eb..bb5e928 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -2402,7 +2442,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, +@@ -2415,7 +2455,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, continue; mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -97668,10 +97639,10 @@ index b9a418e..2af862a 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index dc4d301..4975bac 100644 +index 1c97b7a..9171d69 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -3536,8 +3536,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, +@@ -3542,8 +3542,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, break; case L2CAP_CONF_RFC: @@ -97685,7 +97656,7 @@ index dc4d301..4975bac 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index ade3fb4..df37cb4 100644 +index e137869..33f3ebd 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -628,7 +628,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, @@ -97726,7 +97697,7 @@ index ade3fb4..df37cb4 100644 if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; -@@ -866,7 +868,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -861,7 +863,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; @@ -100232,7 +100203,7 @@ index 6156f68..d6ab46d 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..285086c 100644 +index 6c7fa08..8a31430 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -100253,7 +100224,32 @@ index 6c7fa08..285086c 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -4146,7 +4146,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -3528,16 +3528,23 @@ static const struct file_operations if6_fops = { + .release = seq_release_net, + }; + ++extern void register_ipv6_seq_ops_addr(struct seq_operations *addr); ++extern void unregister_ipv6_seq_ops_addr(void); ++ + static int __net_init if6_proc_net_init(struct net *net) + { +- if (!proc_create("if_inet6", S_IRUGO, net->proc_net, &if6_fops)) ++ register_ipv6_seq_ops_addr(&if6_seq_ops); ++ if (!proc_create("if_inet6", S_IRUGO, net->proc_net, &if6_fops)) { ++ unregister_ipv6_seq_ops_addr(); + return -ENOMEM; ++ } + return 0; + } + + static void __net_exit if6_proc_net_exit(struct net *net) + { + remove_proc_entry("if_inet6", net->proc_net); ++ unregister_ipv6_seq_ops_addr(); + } + + static struct pernet_operations if6_proc_net_ops = { +@@ -4146,7 +4153,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -100262,7 +100258,7 @@ index 6c7fa08..285086c 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4758,7 +4758,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4758,7 +4765,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -100271,7 +100267,7 @@ index 6c7fa08..285086c 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4779,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4779,7 +4786,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -100280,7 +100276,7 @@ index 6c7fa08..285086c 100644 int ret; /* -@@ -4864,7 +4864,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4864,7 +4871,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; diff --git a/3.15.4/4425_grsec_remove_EI_PAX.patch b/3.15.5/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.15.4/4425_grsec_remove_EI_PAX.patch +++ b/3.15.5/4425_grsec_remove_EI_PAX.patch diff --git a/3.15.4/4427_force_XATTR_PAX_tmpfs.patch b/3.15.5/4427_force_XATTR_PAX_tmpfs.patch index 85766c5..85766c5 100644 --- a/3.15.4/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.15.5/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.15.4/4430_grsec-remove-localversion-grsec.patch b/3.15.5/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.15.4/4430_grsec-remove-localversion-grsec.patch +++ b/3.15.5/4430_grsec-remove-localversion-grsec.patch diff --git a/3.15.4/4435_grsec-mute-warnings.patch b/3.15.5/4435_grsec-mute-warnings.patch index a685858..a685858 100644 --- a/3.15.4/4435_grsec-mute-warnings.patch +++ b/3.15.5/4435_grsec-mute-warnings.patch diff --git a/3.15.4/4440_grsec-remove-protected-paths.patch b/3.15.5/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.15.4/4440_grsec-remove-protected-paths.patch +++ b/3.15.5/4440_grsec-remove-protected-paths.patch diff --git a/3.15.4/4450_grsec-kconfig-default-gids.patch b/3.15.5/4450_grsec-kconfig-default-gids.patch index af218a8..af218a8 100644 --- a/3.15.4/4450_grsec-kconfig-default-gids.patch +++ b/3.15.5/4450_grsec-kconfig-default-gids.patch diff --git a/3.15.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.5/4465_selinux-avc_audit-log-curr_ip.patch index fb528d0..fb528d0 100644 --- a/3.15.4/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.15.5/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.15.4/4470_disable-compat_vdso.patch b/3.15.5/4470_disable-compat_vdso.patch index 7852848..7852848 100644 --- a/3.15.4/4470_disable-compat_vdso.patch +++ b/3.15.5/4470_disable-compat_vdso.patch diff --git a/3.15.4/4475_emutramp_default_on.patch b/3.15.5/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.15.4/4475_emutramp_default_on.patch +++ b/3.15.5/4475_emutramp_default_on.patch diff --git a/3.2.60/0000_README b/3.2.60/0000_README index 86d5902..2fa8fe3 100644 --- a/3.2.60/0000_README +++ b/3.2.60/0000_README @@ -158,7 +158,7 @@ Patch: 1059_linux-3.2.60.patch From: http://www.kernel.org Desc: Linux 3.2.60 -Patch: 4420_grsecurity-3.0-3.2.60-201407081916.patch +Patch: 4420_grsecurity-3.0-3.2.60-201407100031.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.60/4420_grsecurity-3.0-3.2.60-201407081916.patch b/3.2.60/4420_grsecurity-3.0-3.2.60-201407100031.patch index 3dc65d9..ba7f89f 100644 --- a/3.2.60/4420_grsecurity-3.0-3.2.60-201407081916.patch +++ b/3.2.60/4420_grsecurity-3.0-3.2.60-201407100031.patch @@ -63141,10 +63141,10 @@ index b1822dd..df622cb 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index f738024..867e17d 100644 +index f738024..c2f9e5e 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c -@@ -23,6 +23,7 @@ +@@ -23,15 +23,34 @@ #include <linux/nsproxy.h> #include <net/net_namespace.h> #include <linux/seq_file.h> @@ -63152,7 +63152,25 @@ index f738024..867e17d 100644 #include "internal.h" -@@ -32,6 +33,8 @@ static struct net *get_proc_net(const struct inode *inode) ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++static struct seq_operations *ipv6_seq_ops_addr; ++ ++void register_ipv6_seq_ops_addr(struct seq_operations *addr) ++{ ++ ipv6_seq_ops_addr = addr; ++} ++ ++void unregister_ipv6_seq_ops_addr(void) ++{ ++ ipv6_seq_ops_addr = NULL; ++} ++ ++EXPORT_SYMBOL_GPL(register_ipv6_seq_ops_addr); ++EXPORT_SYMBOL_GPL(unregister_ipv6_seq_ops_addr); ++#endif + + static struct net *get_proc_net(const struct inode *inode) + { return maybe_get_net(PDE_NET(PDE(inode))); } @@ -63161,18 +63179,22 @@ index f738024..867e17d 100644 int seq_open_net(struct inode *ino, struct file *f, const struct seq_operations *ops, int size) { -@@ -40,6 +43,10 @@ int seq_open_net(struct inode *ino, struct file *f, +@@ -40,6 +59,14 @@ int seq_open_net(struct inode *ino, struct file *f, BUG_ON(size < sizeof(*p)); + /* only permit access to /proc/net/dev */ -+ if (ops != &dev_seq_ops && gr_proc_is_restricted()) ++ if ( ++#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) ++ ops != ipv6_seq_ops_addr && ++#endif ++ ops != &dev_seq_ops && gr_proc_is_restricted()) + return -EACCES; + net = get_proc_net(ino); if (net == NULL) return -ENXIO; -@@ -62,6 +69,9 @@ int single_open_net(struct inode *inode, struct file *file, +@@ -62,6 +89,9 @@ int single_open_net(struct inode *inode, struct file *file, int err; struct net *net; @@ -63182,7 +63204,7 @@ index f738024..867e17d 100644 err = -ENXIO; net = get_proc_net(inode); if (net == NULL) -@@ -228,7 +238,7 @@ static __net_exit void proc_net_ns_exit(struct net *net) +@@ -228,7 +258,7 @@ static __net_exit void proc_net_ns_exit(struct net *net) kfree(net->proc_net); } @@ -103468,7 +103490,7 @@ index a0b4c5d..a5818a1 100644 } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index b9edff0..2dba43d 100644 +index b9edff0..63ad6cf 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2160,7 +2160,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) @@ -103480,6 +103502,32 @@ index b9edff0..2dba43d 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); +@@ -3227,16 +3227,23 @@ static const struct file_operations if6_fops = { + .release = seq_release_net, + }; + ++extern void register_ipv6_seq_ops_addr(struct seq_operations *addr); ++extern void unregister_ipv6_seq_ops_addr(void); ++ + static int __net_init if6_proc_net_init(struct net *net) + { +- if (!proc_net_fops_create(net, "if_inet6", S_IRUGO, &if6_fops)) ++ register_ipv6_seq_ops_addr(&if6_seq_ops); ++ if (!proc_net_fops_create(net, "if_inet6", S_IRUGO, &if6_fops)) { ++ unregister_ipv6_seq_ops_addr(); + return -ENOMEM; ++ } + return 0; + } + + static void __net_exit if6_proc_net_exit(struct net *net) + { +- proc_net_remove(net, "if_inet6"); ++ proc_net_remove(net, "if_inet6"); ++ unregister_ipv6_seq_ops_addr(); + } + + static struct pernet_operations if6_proc_net_ops = { diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 65dd543..e6c6e6d 100644 --- a/net/ipv6/esp6.c |