* [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.17/, 3.15.10/, 3.2.62/
@ 2014-08-20 20:00 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2014-08-20 20:00 UTC (permalink / raw
To: gentoo-commits
commit: a559b42a27e8937ad9d9345717820cd312f2ffc6
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 20 20:01:43 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Aug 20 20:01:43 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=a559b42a
Grsec/PaX: 3.0-{3.2.62,3.14.17,3.15.10}-201408192020
---
3.14.17/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.17-201408192019.patch} | 37 +++++++++++++++++++---
3.15.10/0000_README | 2 +-
...4420_grsecurity-3.0-3.15.10-201408192020.patch} | 37 +++++++++++++++++++---
3.2.62/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.62-201408191950.patch} | 11 ++++++-
6 files changed, 77 insertions(+), 14 deletions(-)
diff --git a/3.14.17/0000_README b/3.14.17/0000_README
index e4c4eb2..ce3685e 100644
--- a/3.14.17/0000_README
+++ b/3.14.17/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.17-201408140021.patch
+Patch: 4420_grsecurity-3.0-3.14.17-201408192019.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch b/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
similarity index 99%
rename from 3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch
rename to 3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
index 1f1739c..73749ef 100644
--- a/3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch
+++ b/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
@@ -44456,7 +44456,7 @@ index 56e24c0..e1c8e1f 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index cb882aa..9bd076e 100644
+index cb882aa..cb8aeca 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error)
@@ -44518,8 +44518,25 @@ index cb882aa..9bd076e 100644
}
rdev_dec_pending(rdev, mddev);
+@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
+ */
+ if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) {
+ end_reshape(conf);
++ close_sync(conf);
+ return 0;
+ }
+
+@@ -4411,7 +4412,7 @@ read_more:
+ read_bio->bi_private = r10_bio;
+ read_bio->bi_end_io = end_sync_read;
+ read_bio->bi_rw = READ;
+- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1);
++ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS);
+ read_bio->bi_flags |= 1 << BIO_UPTODATE;
+ read_bio->bi_vcnt = 0;
+ read_bio->bi_iter.bi_size = 0;
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 16f5c21..522b82e 100644
+index 16f5c21..c5d72c7 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
@@ -44580,6 +44597,15 @@ index 16f5c21..522b82e 100644
> conf->max_nr_stripes)
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing device %s.\n",
+@@ -3779,6 +3787,8 @@ static void handle_stripe(struct stripe_head *sh)
+ set_bit(R5_Wantwrite, &dev->flags);
+ if (prexor)
+ continue;
++ if (s.failed > 1)
++ continue;
+ if (!test_bit(R5_Insync, &dev->flags) ||
+ ((i == sh->pd_idx || i == sh->qd_idx) &&
+ s.failed == 0))
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
index 983db75..ef9248c 100644
--- a/drivers/media/dvb-core/dvbdev.c
@@ -74698,10 +74724,10 @@ index 0000000..4d6fce8
+#endif
diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
new file mode 100644
-index 0000000..f35f454
+index 0000000..14638ff
--- /dev/null
+++ b/grsecurity/grsec_exec.c
-@@ -0,0 +1,187 @@
+@@ -0,0 +1,188 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -74836,7 +74862,8 @@ index 0000000..f35f454
+ "CAP_MAC_OVERRIDE",
+ "CAP_MAC_ADMIN",
+ "CAP_SYSLOG",
-+ "CAP_WAKE_ALARM"
++ "CAP_WAKE_ALARM",
++ "CAP_BLOCK_SUSPEND"
+};
+
+int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
diff --git a/3.15.10/0000_README b/3.15.10/0000_README
index 9e87c71..70556f5 100644
--- a/3.15.10/0000_README
+++ b/3.15.10/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.15.10-201408140023.patch
+Patch: 4420_grsecurity-3.0-3.15.10-201408192020.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch b/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
similarity index 99%
rename from 3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch
rename to 3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
index 500720d..08568e5 100644
--- a/3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch
+++ b/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
@@ -44189,7 +44189,7 @@ index 56e24c0..e1c8e1f 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index cb882aa..9bd076e 100644
+index cb882aa..cb8aeca 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error)
@@ -44251,8 +44251,25 @@ index cb882aa..9bd076e 100644
}
rdev_dec_pending(rdev, mddev);
+@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
+ */
+ if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) {
+ end_reshape(conf);
++ close_sync(conf);
+ return 0;
+ }
+
+@@ -4411,7 +4412,7 @@ read_more:
+ read_bio->bi_private = r10_bio;
+ read_bio->bi_end_io = end_sync_read;
+ read_bio->bi_rw = READ;
+- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1);
++ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS);
+ read_bio->bi_flags |= 1 << BIO_UPTODATE;
+ read_bio->bi_vcnt = 0;
+ read_bio->bi_iter.bi_size = 0;
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index ad1b9be..b417412 100644
+index ad1b9be..c6316b5 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1702,6 +1702,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
@@ -44313,6 +44330,15 @@ index ad1b9be..b417412 100644
> conf->max_nr_stripes)
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing device %s.\n",
+@@ -3774,6 +3782,8 @@ static void handle_stripe(struct stripe_head *sh)
+ set_bit(R5_Wantwrite, &dev->flags);
+ if (prexor)
+ continue;
++ if (s.failed > 1)
++ continue;
+ if (!test_bit(R5_Insync, &dev->flags) ||
+ ((i == sh->pd_idx || i == sh->qd_idx) &&
+ s.failed == 0))
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
index 983db75..ef9248c 100644
--- a/drivers/media/dvb-core/dvbdev.c
@@ -74555,10 +74581,10 @@ index 0000000..de31e65
+#endif
diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
new file mode 100644
-index 0000000..f35f454
+index 0000000..14638ff
--- /dev/null
+++ b/grsecurity/grsec_exec.c
-@@ -0,0 +1,187 @@
+@@ -0,0 +1,188 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -74693,7 +74719,8 @@ index 0000000..f35f454
+ "CAP_MAC_OVERRIDE",
+ "CAP_MAC_ADMIN",
+ "CAP_SYSLOG",
-+ "CAP_WAKE_ALARM"
++ "CAP_WAKE_ALARM",
++ "CAP_BLOCK_SUSPEND"
+};
+
+int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
diff --git a/3.2.62/0000_README b/3.2.62/0000_README
index aed2e0b..9bf751a 100644
--- a/3.2.62/0000_README
+++ b/3.2.62/0000_README
@@ -166,7 +166,7 @@ Patch: 1061_linux-3.2.62.patch
From: http://www.kernel.org
Desc: Linux 3.2.62
-Patch: 4420_grsecurity-3.0-3.2.62-201408110020.patch
+Patch: 4420_grsecurity-3.0-3.2.62-201408191950.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
similarity index 99%
rename from 3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
index 0c9beb1..0e00b6a 100644
--- a/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
+++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
@@ -42245,7 +42245,7 @@ index 6d05e26..a579e8c 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 7c963c4..8d07287e 100644
+index 7c963c4..73e0cd7 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1364,6 +1364,10 @@ static int grow_one_stripe(struct r5conf *conf)
@@ -42304,6 +42304,15 @@ index 7c963c4..8d07287e 100644
> conf->max_nr_stripes)
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing device %s.\n",
+@@ -3240,6 +3248,8 @@ static void handle_stripe(struct stripe_head *sh)
+ set_bit(R5_Wantwrite, &dev->flags);
+ if (prexor)
+ continue;
++ if (s.failed > 1)
++ continue;
+ if (!test_bit(R5_Insync, &dev->flags) ||
+ ((i == sh->pd_idx || i == sh->qd_idx) &&
+ s.failed == 0))
diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c
index ba9a643..e474ab5 100644
--- a/drivers/media/dvb/ddbridge/ddbridge-core.c
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.17/, 3.15.10/, 3.2.62/
@ 2014-08-24 14:46 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2014-08-24 14:46 UTC (permalink / raw
To: gentoo-commits
commit: afb00ac527c9a3d645742ea4bf120f2d3bd2b23b
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 24 14:48:35 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Aug 24 14:48:35 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=afb00ac5
Grsec/PaX: 3.0-{3.2.62,3.14.17,3.15.10}-201408212335
---
3.14.17/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.17-201408212334.patch} | 426 ++++++++++++++++---
3.14.17/4450_grsec-kconfig-default-gids.patch | 6 +-
3.15.10/0000_README | 2 +-
...4420_grsecurity-3.0-3.15.10-201408212335.patch} | 433 ++++++++++++++++---
3.15.10/4450_grsec-kconfig-default-gids.patch | 6 +-
3.2.62/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.62-201408212331.patch} | 465 +++++++++++++++++----
3.2.62/4450_grsec-kconfig-default-gids.patch | 6 +-
3.2.62/4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
10 files changed, 1134 insertions(+), 216 deletions(-)
diff --git a/3.14.17/0000_README b/3.14.17/0000_README
index ce3685e..2ab1642 100644
--- a/3.14.17/0000_README
+++ b/3.14.17/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.17-201408192019.patch
+Patch: 4420_grsecurity-3.0-3.14.17-201408212334.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch b/3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
similarity index 99%
rename from 3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
rename to 3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
index 73749ef..bf6a578 100644
--- a/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
+++ b/3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
@@ -38844,28 +38844,10 @@ index 8320abd..ec48108 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 429b75b..a7f4145 100644
+index 429b75b..de805d0 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
-@@ -270,10 +270,17 @@
- /*
- * Configuration information
- */
-+#ifdef CONFIG_GRKERNSEC_RANDNET
-+#define INPUT_POOL_SHIFT 14
-+#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
-+#define OUTPUT_POOL_SHIFT 12
-+#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
-+#else
- #define INPUT_POOL_SHIFT 12
- #define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
- #define OUTPUT_POOL_SHIFT 10
- #define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
-+#endif
- #define SEC_XFER_SIZE 512
- #define EXTRACT_SIZE 10
-
-@@ -284,9 +291,6 @@
+@@ -284,9 +284,6 @@
/*
* To allow fractional bits to be tracked, the entropy_count field is
* denominated in units of 1/8th bits.
@@ -38875,27 +38857,7 @@ index 429b75b..a7f4145 100644
*/
#define ENTROPY_SHIFT 3
#define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
-@@ -361,12 +365,19 @@ static struct poolinfo {
- #define S(x) ilog2(x)+5, (x), (x)*4, (x)*32, (x) << (ENTROPY_SHIFT+5)
- int tap1, tap2, tap3, tap4, tap5;
- } poolinfo_table[] = {
-+#ifdef CONFIG_GRKERNSEC_RANDNET
-+ /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
-+ { S(512), 411, 308, 208, 104, 1 },
-+ /* x^128 + x^104 + x^76 + x^51 + x^25 + x + 1 -- 105 */
-+ { S(128), 104, 76, 51, 25, 1 },
-+#else
- /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
- /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
- { S(128), 104, 76, 51, 25, 1 },
- /* was: x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 */
- /* x^32 + x^26 + x^19 + x^14 + x^7 + x + 1 */
- { S(32), 26, 19, 14, 7, 1 },
-+#endif
- #if 0
- /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
- { S(2048), 1638, 1231, 819, 411, 1 },
-@@ -433,9 +444,9 @@ struct entropy_store {
+@@ -433,9 +430,9 @@ struct entropy_store {
};
static void push_to_pool(struct work_struct *work);
@@ -38908,7 +38870,7 @@ index 429b75b..a7f4145 100644
static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
-@@ -524,8 +535,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -524,8 +521,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
input_rotate = (input_rotate + (i ? 7 : 14)) & 31;
}
@@ -38919,7 +38881,7 @@ index 429b75b..a7f4145 100644
smp_wmb();
if (out)
-@@ -632,7 +643,7 @@ retry:
+@@ -632,7 +629,7 @@ retry:
/* The +2 corresponds to the /4 in the denominator */
do {
@@ -38928,7 +38890,7 @@ index 429b75b..a7f4145 100644
unsigned int add =
((pool_size - entropy_count)*anfrac*3) >> s;
-@@ -1151,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1151,7 +1148,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -38937,7 +38899,7 @@ index 429b75b..a7f4145 100644
ret = -EFAULT;
break;
}
-@@ -1507,7 +1518,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1507,7 +1504,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -38946,7 +38908,7 @@ index 429b75b..a7f4145 100644
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
-@@ -1523,7 +1534,7 @@ static char sysctl_bootid[16];
+@@ -1523,7 +1520,7 @@ static char sysctl_bootid[16];
static int proc_do_uuid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -38955,7 +38917,7 @@ index 429b75b..a7f4145 100644
unsigned char buf[64], tmp_uuid[16], *uuid;
uuid = table->data;
-@@ -1553,7 +1564,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
+@@ -1553,7 +1550,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
static int proc_do_entropy(ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -41703,6 +41665,19 @@ index 6866448..2ad2b34 100644
{
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
+diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
+index 1bdcccc..f745d2c 100644
+--- a/drivers/hid/hid-cherry.c
++++ b/drivers/hid/hid-cherry.c
+@@ -28,7 +28,7 @@
+ static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
++ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
+ hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
+ rdesc[11] = rdesc[16] = 0xff;
+ rdesc[12] = rdesc[17] = 0x03;
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 7cd42ea..a367c48 100644
--- a/drivers/hid/hid-core.c
@@ -41725,6 +41700,110 @@ index 7cd42ea..a367c48 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
+diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
+index e776963..b92bf01 100644
+--- a/drivers/hid/hid-kye.c
++++ b/drivers/hid/hid-kye.c
+@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ * - change the button usage range to 4-7 for the extra
+ * buttons
+ */
+- if (*rsize >= 74 &&
++ if (*rsize >= 75 &&
+ rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
+ rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
+ rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
+diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
+index 9fe9d4a..b8207e0 100644
+--- a/drivers/hid/hid-lg.c
++++ b/drivers/hid/hid-lg.c
+@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ struct usb_device_descriptor *udesc;
+ __u16 bcdDevice, rev_maj, rev_min;
+
+- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
++ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
+ rdesc[84] == 0x8c && rdesc[85] == 0x02) {
+ hid_info(hdev,
+ "fixing up Logitech keyboard report descriptor\n");
+ rdesc[84] = rdesc[89] = 0x4d;
+ rdesc[85] = rdesc[90] = 0x10;
+ }
+- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
++ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
+ rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
+ rdesc[49] == 0x81 && rdesc[50] == 0x06) {
+ hid_info(hdev,
+diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
+index f45279c..0b14d32 100644
+--- a/drivers/hid/hid-logitech-dj.c
++++ b/drivers/hid/hid-logitech-dj.c
+@@ -237,13 +237,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
+ return;
+ }
+
+- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
+- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
+- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
+- __func__, dj_report->device_index);
+- return;
+- }
+-
+ if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
+ /* The device is already known. No need to reallocate it. */
+ dbg_hid("%s: device is already known\n", __func__);
+@@ -721,6 +714,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
+ * device (via hid_input_report() ) and return 1 so hid-core does not do
+ * anything else with it.
+ */
++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
++ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
++ __func__, dj_report->device_index);
++ return false;
++ }
+
+ spin_lock_irqsave(&djrcv_dev->lock, flags);
+ if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
+diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
+index 9e14c00..25daf28 100644
+--- a/drivers/hid/hid-monterey.c
++++ b/drivers/hid/hid-monterey.c
+@@ -24,7 +24,7 @@
+ static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
++ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
+ hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
+ rdesc[30] = 0x0c;
+ }
+diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
+index 736b250..6aca4f2 100644
+--- a/drivers/hid/hid-petalynx.c
++++ b/drivers/hid/hid-petalynx.c
+@@ -25,7 +25,7 @@
+ static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
++ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
+ rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
+ rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
+ hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
+diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
+index 87fc91e..91072fa 100644
+--- a/drivers/hid/hid-sunplus.c
++++ b/drivers/hid/hid-sunplus.c
+@@ -24,7 +24,7 @@
+ static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
++ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
+ rdesc[106] == 0x03) {
+ hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
+ rdesc[105] = rdesc[110] = 0x03;
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index c13fb5b..55a3802 100644
--- a/drivers/hid/hid-wiimote-debug.c
@@ -61813,6 +61892,185 @@ index e846a32..bb06bd0 100644
put_cpu_var(last_ino);
return res;
}
+diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
+index 4a9e10e..a9daccb 100644
+--- a/fs/isofs/inode.c
++++ b/fs/isofs/inode.c
+@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
+ return;
+ }
+
+-static int isofs_read_inode(struct inode *);
++static int isofs_read_inode(struct inode *, int relocated);
+ static int isofs_statfs (struct dentry *, struct kstatfs *);
+
+ static struct kmem_cache *isofs_inode_cachep;
+@@ -1258,7 +1258,7 @@ out_toomany:
+ goto out;
+ }
+
+-static int isofs_read_inode(struct inode *inode)
++static int isofs_read_inode(struct inode *inode, int relocated)
+ {
+ struct super_block *sb = inode->i_sb;
+ struct isofs_sb_info *sbi = ISOFS_SB(sb);
+@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode)
+ */
+
+ if (!high_sierra) {
+- parse_rock_ridge_inode(de, inode);
++ parse_rock_ridge_inode(de, inode, relocated);
+ /* if we want uid/gid set, override the rock ridge setting */
+ if (sbi->s_uid_set)
+ inode->i_uid = sbi->s_uid;
+@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
+ * offset that point to the underlying meta-data for the inode. The
+ * code below is otherwise similar to the iget() code in
+ * include/linux/fs.h */
+-struct inode *isofs_iget(struct super_block *sb,
+- unsigned long block,
+- unsigned long offset)
++struct inode *__isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset,
++ int relocated)
+ {
+ unsigned long hashval;
+ struct inode *inode;
+@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb,
+ return ERR_PTR(-ENOMEM);
+
+ if (inode->i_state & I_NEW) {
+- ret = isofs_read_inode(inode);
++ ret = isofs_read_inode(inode, relocated);
+ if (ret < 0) {
+ iget_failed(inode);
+ inode = ERR_PTR(ret);
+diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
+index 9916723..0ac4c1f 100644
+--- a/fs/isofs/isofs.h
++++ b/fs/isofs/isofs.h
+@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
+
+ struct inode; /* To make gcc happy */
+
+-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
+ extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
+ extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
+
+@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
+ extern struct buffer_head *isofs_bread(struct inode *, sector_t);
+ extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
+
+-extern struct inode *isofs_iget(struct super_block *sb,
+- unsigned long block,
+- unsigned long offset);
++struct inode *__isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset,
++ int relocated);
++
++static inline struct inode *isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset)
++{
++ return __isofs_iget(sb, block, offset, 0);
++}
++
++static inline struct inode *isofs_iget_reloc(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset)
++{
++ return __isofs_iget(sb, block, offset, 1);
++}
+
+ /* Because the inode number is no longer relevant to finding the
+ * underlying meta-data for an inode, we are free to choose a more
+diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
+index c0bf424..f488bba 100644
+--- a/fs/isofs/rock.c
++++ b/fs/isofs/rock.c
+@@ -288,12 +288,16 @@ eio:
+ goto out;
+ }
+
++#define RR_REGARD_XA 1
++#define RR_RELOC_DE 2
++
+ static int
+ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+- struct inode *inode, int regard_xa)
++ struct inode *inode, int flags)
+ {
+ int symlink_len = 0;
+ int cnt, sig;
++ unsigned int reloc_block;
+ struct inode *reloc;
+ struct rock_ridge *rr;
+ int rootflag;
+@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+
+ init_rock_state(&rs, inode);
+ setup_rock_ridge(de, inode, &rs);
+- if (regard_xa) {
++ if (flags & RR_REGARD_XA) {
+ rs.chr += 14;
+ rs.len -= 14;
+ if (rs.len < 0)
+@@ -485,12 +489,22 @@ repeat:
+ "relocated directory\n");
+ goto out;
+ case SIG('C', 'L'):
+- ISOFS_I(inode)->i_first_extent =
+- isonum_733(rr->u.CL.location);
+- reloc =
+- isofs_iget(inode->i_sb,
+- ISOFS_I(inode)->i_first_extent,
+- 0);
++ if (flags & RR_RELOC_DE) {
++ printk(KERN_ERR
++ "ISOFS: Recursive directory relocation "
++ "is not supported\n");
++ goto eio;
++ }
++ reloc_block = isonum_733(rr->u.CL.location);
++ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
++ ISOFS_I(inode)->i_iget5_offset == 0) {
++ printk(KERN_ERR
++ "ISOFS: Directory relocation points to "
++ "itself\n");
++ goto eio;
++ }
++ ISOFS_I(inode)->i_first_extent = reloc_block;
++ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
+ if (IS_ERR(reloc)) {
+ ret = PTR_ERR(reloc);
+ goto out;
+@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
+ return rpnt;
+ }
+
+-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
++ int relocated)
+ {
+- int result = parse_rock_ridge_inode_internal(de, inode, 0);
++ int flags = relocated ? RR_RELOC_DE : 0;
++ int result = parse_rock_ridge_inode_internal(de, inode, flags);
+
+ /*
+ * if rockridge flag was reset and we didn't look for attributes
+@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
+ */
+ if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
+ && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
+- result = parse_rock_ridge_inode_internal(de, inode, 14);
++ result = parse_rock_ridge_inode_internal(de, inode,
++ flags | RR_REGARD_XA);
+ }
+ return result;
+ }
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index 4a6cf28..d3a29d3 100644
--- a/fs/jffs2/erase.c
@@ -66162,10 +66420,10 @@ index 78e62cc..eec3706 100644
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..bfd482c
+index 0000000..27cec32
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1176 @@
+@@ -0,0 +1,1166 @@
+#
+# grecurity configuration
+#
@@ -67098,16 +67356,6 @@ index 0000000..bfd482c
+menu "Network Protections"
+depends on GRKERNSEC
+
-+config GRKERNSEC_RANDNET
-+ bool "Larger entropy pools"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ If you say Y here, the entropy pools used for many features of Linux
-+ and grsecurity will be doubled in size. Since several grsecurity
-+ features use additional randomness, it is recommended that you say Y
-+ here. Saying Y here has a similar effect as modifying
-+ /proc/sys/kernel/random/poolsize.
-+
+config GRKERNSEC_BLACKHOLE
+ bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -102180,10 +102428,18 @@ index b74aa07..d41926e 100644
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 48a6a93..0b0496e 100644
+index 48a6a93..d2c096b 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1845,7 +1845,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -635,6 +635,7 @@ static void init_prb_bdqc(struct packet_sock *po,
+ p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
+ p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
+
++ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
+ prb_init_ft_ops(p1, req_u);
+ prb_setup_retire_blk_timer(po, tx_ring);
+ prb_open_block(p1, pbd);
+@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_packets++;
@@ -102192,7 +102448,7 @@ index 48a6a93..0b0496e 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1854,7 +1854,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_drops++;
@@ -102201,7 +102457,26 @@ index 48a6a93..0b0496e 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3449,7 +3449,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
+ if ((int)snaplen < 0)
+ snaplen = 0;
+ }
++ } else if (unlikely(macoff + snaplen >
++ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
++ u32 nval;
++
++ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
++ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
++ snaplen, nval, macoff);
++ snaplen = nval;
++ if (unlikely((int)snaplen < 0)) {
++ snaplen = 0;
++ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
++ }
+ }
+ spin_lock(&sk->sk_receive_queue.lock);
+ h.raw = packet_current_rx_frame(po, skb,
+@@ -3449,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -102210,7 +102485,7 @@ index 48a6a93..0b0496e 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3495,7 +3495,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3495,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -102219,6 +102494,29 @@ index 48a6a93..0b0496e 100644
return -EFAULT;
return 0;
}
+@@ -3779,6 +3792,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
+ goto out;
+ if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
+ goto out;
++ if (po->tp_version >= TPACKET_V3 &&
++ (int)(req->tp_block_size -
++ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
++ goto out;
+ if (unlikely(req->tp_frame_size < po->tp_hdrlen +
+ po->tp_reserve))
+ goto out;
+diff --git a/net/packet/internal.h b/net/packet/internal.h
+index eb9580a..cdddf6a 100644
+--- a/net/packet/internal.h
++++ b/net/packet/internal.h
+@@ -29,6 +29,7 @@ struct tpacket_kbdq_core {
+ char *pkblk_start;
+ char *pkblk_end;
+ int kblk_size;
++ unsigned int max_frame_len;
+ unsigned int knum_blocks;
+ uint64_t knxt_seq_num;
+ char *prev;
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index e774117..900b8b7 100644
--- a/net/phonet/pep.c
diff --git a/3.14.17/4450_grsec-kconfig-default-gids.patch b/3.14.17/4450_grsec-kconfig-default-gids.patch
index af218a8..0451e5a 100644
--- a/3.14.17/4450_grsec-kconfig-default-gids.patch
+++ b/3.14.17/4450_grsec-kconfig-default-gids.patch
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -1013,7 +1013,7 @@
+@@ -1003,7 +1003,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -1034,7 +1034,7 @@
+@@ -1024,7 +1024,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -1052,7 +1052,7 @@
+@@ -1042,7 +1042,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.15.10/0000_README b/3.15.10/0000_README
index 70556f5..53bdf83 100644
--- a/3.15.10/0000_README
+++ b/3.15.10/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.15.10-201408192020.patch
+Patch: 4420_grsecurity-3.0-3.15.10-201408212335.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch b/3.15.10/4420_grsecurity-3.0-3.15.10-201408212335.patch
similarity index 99%
rename from 3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
rename to 3.15.10/4420_grsecurity-3.0-3.15.10-201408212335.patch
index 08568e5..a41c140 100644
--- a/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
+++ b/3.15.10/4420_grsecurity-3.0-3.15.10-201408212335.patch
@@ -38749,28 +38749,10 @@ index 8320abd..ec48108 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 18ec404..32033f3 100644
+index 18ec404..f2438cb 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
-@@ -270,10 +270,17 @@
- /*
- * Configuration information
- */
-+#ifdef CONFIG_GRKERNSEC_RANDNET
-+#define INPUT_POOL_SHIFT 14
-+#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
-+#define OUTPUT_POOL_SHIFT 12
-+#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
-+#else
- #define INPUT_POOL_SHIFT 12
- #define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
- #define OUTPUT_POOL_SHIFT 10
- #define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
-+#endif
- #define SEC_XFER_SIZE 512
- #define EXTRACT_SIZE 10
-
-@@ -284,9 +291,6 @@
+@@ -284,9 +284,6 @@
/*
* To allow fractional bits to be tracked, the entropy_count field is
* denominated in units of 1/8th bits.
@@ -38780,27 +38762,7 @@ index 18ec404..32033f3 100644
*/
#define ENTROPY_SHIFT 3
#define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
-@@ -361,12 +365,19 @@ static struct poolinfo {
- #define S(x) ilog2(x)+5, (x), (x)*4, (x)*32, (x) << (ENTROPY_SHIFT+5)
- int tap1, tap2, tap3, tap4, tap5;
- } poolinfo_table[] = {
-+#ifdef CONFIG_GRKERNSEC_RANDNET
-+ /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
-+ { S(512), 411, 308, 208, 104, 1 },
-+ /* x^128 + x^104 + x^76 + x^51 + x^25 + x + 1 -- 105 */
-+ { S(128), 104, 76, 51, 25, 1 },
-+#else
- /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
- /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
- { S(128), 104, 76, 51, 25, 1 },
- /* was: x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 */
- /* x^32 + x^26 + x^19 + x^14 + x^7 + x + 1 */
- { S(32), 26, 19, 14, 7, 1 },
-+#endif
- #if 0
- /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
- { S(2048), 1638, 1231, 819, 411, 1 },
-@@ -433,9 +444,9 @@ struct entropy_store {
+@@ -433,9 +430,9 @@ struct entropy_store {
};
static void push_to_pool(struct work_struct *work);
@@ -38813,7 +38775,7 @@ index 18ec404..32033f3 100644
static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
-@@ -524,8 +535,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -524,8 +521,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
input_rotate = (input_rotate + (i ? 7 : 14)) & 31;
}
@@ -38824,7 +38786,7 @@ index 18ec404..32033f3 100644
smp_wmb();
if (out)
-@@ -632,7 +643,7 @@ retry:
+@@ -632,7 +629,7 @@ retry:
/* The +2 corresponds to the /4 in the denominator */
do {
@@ -38833,7 +38795,7 @@ index 18ec404..32033f3 100644
unsigned int add =
((pool_size - entropy_count)*anfrac*3) >> s;
-@@ -1176,7 +1187,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1176,7 +1173,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -38842,7 +38804,7 @@ index 18ec404..32033f3 100644
ret = -EFAULT;
break;
}
-@@ -1566,7 +1577,7 @@ static char sysctl_bootid[16];
+@@ -1566,7 +1563,7 @@ static char sysctl_bootid[16];
static int proc_do_uuid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -38851,7 +38813,7 @@ index 18ec404..32033f3 100644
unsigned char buf[64], tmp_uuid[16], *uuid;
uuid = table->data;
-@@ -1596,7 +1607,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
+@@ -1596,7 +1593,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
static int proc_do_entropy(ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -41503,6 +41465,19 @@ index 6866448..2ad2b34 100644
{
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
+diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
+index 1bdcccc..f745d2c 100644
+--- a/drivers/hid/hid-cherry.c
++++ b/drivers/hid/hid-cherry.c
+@@ -28,7 +28,7 @@
+ static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
++ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
+ hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
+ rdesc[11] = rdesc[16] = 0xff;
+ rdesc[12] = rdesc[17] = 0x03;
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index a5c7927..025a2b4 100644
--- a/drivers/hid/hid-core.c
@@ -41525,6 +41500,119 @@ index a5c7927..025a2b4 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
+diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
+index e776963..b92bf01 100644
+--- a/drivers/hid/hid-kye.c
++++ b/drivers/hid/hid-kye.c
+@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ * - change the button usage range to 4-7 for the extra
+ * buttons
+ */
+- if (*rsize >= 74 &&
++ if (*rsize >= 75 &&
+ rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
+ rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
+ rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
+diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
+index a976f48..f91ff14 100644
+--- a/drivers/hid/hid-lg.c
++++ b/drivers/hid/hid-lg.c
+@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ struct usb_device_descriptor *udesc;
+ __u16 bcdDevice, rev_maj, rev_min;
+
+- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
++ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
+ rdesc[84] == 0x8c && rdesc[85] == 0x02) {
+ hid_info(hdev,
+ "fixing up Logitech keyboard report descriptor\n");
+ rdesc[84] = rdesc[89] = 0x4d;
+ rdesc[85] = rdesc[90] = 0x10;
+ }
+- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
++ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
+ rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
+ rdesc[49] == 0x81 && rdesc[50] == 0x06) {
+ hid_info(hdev,
+diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
+index 486dbde..b7ba829 100644
+--- a/drivers/hid/hid-logitech-dj.c
++++ b/drivers/hid/hid-logitech-dj.c
+@@ -238,13 +238,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
+ return;
+ }
+
+- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
+- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
+- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
+- __func__, dj_report->device_index);
+- return;
+- }
+-
+ if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
+ /* The device is already known. No need to reallocate it. */
+ dbg_hid("%s: device is already known\n", __func__);
+@@ -557,7 +550,7 @@ static int logi_dj_ll_raw_request(struct hid_device *hid,
+ if (!out_buf)
+ return -ENOMEM;
+
+- if (count < DJREPORT_SHORT_LENGTH - 2)
++ if (count > DJREPORT_SHORT_LENGTH - 2)
+ count = DJREPORT_SHORT_LENGTH - 2;
+
+ out_buf[0] = REPORT_ID_DJ_SHORT;
+@@ -690,6 +683,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
+ * device (via hid_input_report() ) and return 1 so hid-core does not do
+ * anything else with it.
+ */
++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
++ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
++ __func__, dj_report->device_index);
++ return false;
++ }
+
+ spin_lock_irqsave(&djrcv_dev->lock, flags);
+ if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
+diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
+index 9e14c00..25daf28 100644
+--- a/drivers/hid/hid-monterey.c
++++ b/drivers/hid/hid-monterey.c
+@@ -24,7 +24,7 @@
+ static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
++ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
+ hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
+ rdesc[30] = 0x0c;
+ }
+diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
+index 736b250..6aca4f2 100644
+--- a/drivers/hid/hid-petalynx.c
++++ b/drivers/hid/hid-petalynx.c
+@@ -25,7 +25,7 @@
+ static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
++ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
+ rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
+ rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
+ hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
+diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
+index 87fc91e..91072fa 100644
+--- a/drivers/hid/hid-sunplus.c
++++ b/drivers/hid/hid-sunplus.c
+@@ -24,7 +24,7 @@
+ static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
++ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
+ rdesc[106] == 0x03) {
+ hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
+ rdesc[105] = rdesc[110] = 0x03;
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index c13fb5b..55a3802 100644
--- a/drivers/hid/hid-wiimote-debug.c
@@ -61657,6 +61745,185 @@ index d2fb2f2..a6444b0 100644
put_cpu_var(last_ino);
return res;
}
+diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
+index 4556ce1..5ddaf86 100644
+--- a/fs/isofs/inode.c
++++ b/fs/isofs/inode.c
+@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
+ return;
+ }
+
+-static int isofs_read_inode(struct inode *);
++static int isofs_read_inode(struct inode *, int relocated);
+ static int isofs_statfs (struct dentry *, struct kstatfs *);
+
+ static struct kmem_cache *isofs_inode_cachep;
+@@ -1259,7 +1259,7 @@ out_toomany:
+ goto out;
+ }
+
+-static int isofs_read_inode(struct inode *inode)
++static int isofs_read_inode(struct inode *inode, int relocated)
+ {
+ struct super_block *sb = inode->i_sb;
+ struct isofs_sb_info *sbi = ISOFS_SB(sb);
+@@ -1404,7 +1404,7 @@ static int isofs_read_inode(struct inode *inode)
+ */
+
+ if (!high_sierra) {
+- parse_rock_ridge_inode(de, inode);
++ parse_rock_ridge_inode(de, inode, relocated);
+ /* if we want uid/gid set, override the rock ridge setting */
+ if (sbi->s_uid_set)
+ inode->i_uid = sbi->s_uid;
+@@ -1483,9 +1483,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
+ * offset that point to the underlying meta-data for the inode. The
+ * code below is otherwise similar to the iget() code in
+ * include/linux/fs.h */
+-struct inode *isofs_iget(struct super_block *sb,
+- unsigned long block,
+- unsigned long offset)
++struct inode *__isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset,
++ int relocated)
+ {
+ unsigned long hashval;
+ struct inode *inode;
+@@ -1507,7 +1508,7 @@ struct inode *isofs_iget(struct super_block *sb,
+ return ERR_PTR(-ENOMEM);
+
+ if (inode->i_state & I_NEW) {
+- ret = isofs_read_inode(inode);
++ ret = isofs_read_inode(inode, relocated);
+ if (ret < 0) {
+ iget_failed(inode);
+ inode = ERR_PTR(ret);
+diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
+index 9916723..0ac4c1f 100644
+--- a/fs/isofs/isofs.h
++++ b/fs/isofs/isofs.h
+@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
+
+ struct inode; /* To make gcc happy */
+
+-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
+ extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
+ extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
+
+@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
+ extern struct buffer_head *isofs_bread(struct inode *, sector_t);
+ extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
+
+-extern struct inode *isofs_iget(struct super_block *sb,
+- unsigned long block,
+- unsigned long offset);
++struct inode *__isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset,
++ int relocated);
++
++static inline struct inode *isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset)
++{
++ return __isofs_iget(sb, block, offset, 0);
++}
++
++static inline struct inode *isofs_iget_reloc(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset)
++{
++ return __isofs_iget(sb, block, offset, 1);
++}
+
+ /* Because the inode number is no longer relevant to finding the
+ * underlying meta-data for an inode, we are free to choose a more
+diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
+index c0bf424..f488bba 100644
+--- a/fs/isofs/rock.c
++++ b/fs/isofs/rock.c
+@@ -288,12 +288,16 @@ eio:
+ goto out;
+ }
+
++#define RR_REGARD_XA 1
++#define RR_RELOC_DE 2
++
+ static int
+ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+- struct inode *inode, int regard_xa)
++ struct inode *inode, int flags)
+ {
+ int symlink_len = 0;
+ int cnt, sig;
++ unsigned int reloc_block;
+ struct inode *reloc;
+ struct rock_ridge *rr;
+ int rootflag;
+@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+
+ init_rock_state(&rs, inode);
+ setup_rock_ridge(de, inode, &rs);
+- if (regard_xa) {
++ if (flags & RR_REGARD_XA) {
+ rs.chr += 14;
+ rs.len -= 14;
+ if (rs.len < 0)
+@@ -485,12 +489,22 @@ repeat:
+ "relocated directory\n");
+ goto out;
+ case SIG('C', 'L'):
+- ISOFS_I(inode)->i_first_extent =
+- isonum_733(rr->u.CL.location);
+- reloc =
+- isofs_iget(inode->i_sb,
+- ISOFS_I(inode)->i_first_extent,
+- 0);
++ if (flags & RR_RELOC_DE) {
++ printk(KERN_ERR
++ "ISOFS: Recursive directory relocation "
++ "is not supported\n");
++ goto eio;
++ }
++ reloc_block = isonum_733(rr->u.CL.location);
++ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
++ ISOFS_I(inode)->i_iget5_offset == 0) {
++ printk(KERN_ERR
++ "ISOFS: Directory relocation points to "
++ "itself\n");
++ goto eio;
++ }
++ ISOFS_I(inode)->i_first_extent = reloc_block;
++ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
+ if (IS_ERR(reloc)) {
+ ret = PTR_ERR(reloc);
+ goto out;
+@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
+ return rpnt;
+ }
+
+-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
++ int relocated)
+ {
+- int result = parse_rock_ridge_inode_internal(de, inode, 0);
++ int flags = relocated ? RR_RELOC_DE : 0;
++ int result = parse_rock_ridge_inode_internal(de, inode, flags);
+
+ /*
+ * if rockridge flag was reset and we didn't look for attributes
+@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
+ */
+ if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
+ && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
+- result = parse_rock_ridge_inode_internal(de, inode, 14);
++ result = parse_rock_ridge_inode_internal(de, inode,
++ flags | RR_REGARD_XA);
+ }
+ return result;
+ }
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index 4a6cf28..d3a29d3 100644
--- a/fs/jffs2/erase.c
@@ -65987,10 +66254,10 @@ index 6152cbe..f0f9eaa 100644
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..bfd482c
+index 0000000..27cec32
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1176 @@
+@@ -0,0 +1,1166 @@
+#
+# grecurity configuration
+#
@@ -66923,16 +67190,6 @@ index 0000000..bfd482c
+menu "Network Protections"
+depends on GRKERNSEC
+
-+config GRKERNSEC_RANDNET
-+ bool "Larger entropy pools"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ If you say Y here, the entropy pools used for many features of Linux
-+ and grsecurity will be doubled in size. Since several grsecurity
-+ features use additional randomness, it is recommended that you say Y
-+ here. Saying Y here has a similar effect as modifying
-+ /proc/sys/kernel/random/poolsize.
-+
+config GRKERNSEC_BLACKHOLE
+ bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -102378,7 +102635,7 @@ index ede50d1..d2468e6 100644
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index b85c67c..27c3368 100644
+index b85c67c..09705b7 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -275,7 +275,7 @@ static int packet_direct_xmit(struct sk_buff *skb)
@@ -102390,7 +102647,15 @@ index b85c67c..27c3368 100644
kfree_skb(skb);
return NET_XMIT_DROP;
}
-@@ -1845,7 +1845,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -636,6 +636,7 @@ static void init_prb_bdqc(struct packet_sock *po,
+ p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
+ p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
+
++ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
+ prb_init_ft_ops(p1, req_u);
+ prb_setup_retire_blk_timer(po, tx_ring);
+ prb_open_block(p1, pbd);
+@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_packets++;
@@ -102399,7 +102664,7 @@ index b85c67c..27c3368 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk);
-@@ -1854,7 +1854,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_drops++;
@@ -102408,7 +102673,26 @@ index b85c67c..27c3368 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3459,7 +3459,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
+ if ((int)snaplen < 0)
+ snaplen = 0;
+ }
++ } else if (unlikely(macoff + snaplen >
++ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
++ u32 nval;
++
++ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
++ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
++ snaplen, nval, macoff);
++ snaplen = nval;
++ if (unlikely((int)snaplen < 0)) {
++ snaplen = 0;
++ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
++ }
+ }
+ spin_lock(&sk->sk_receive_queue.lock);
+ h.raw = packet_current_rx_frame(po, skb,
+@@ -3459,7 +3472,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -102417,7 +102701,7 @@ index b85c67c..27c3368 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3505,7 +3505,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3505,7 +3518,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -102426,6 +102710,29 @@ index b85c67c..27c3368 100644
return -EFAULT;
return 0;
}
+@@ -3789,6 +3802,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
+ goto out;
+ if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
+ goto out;
++ if (po->tp_version >= TPACKET_V3 &&
++ (int)(req->tp_block_size -
++ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
++ goto out;
+ if (unlikely(req->tp_frame_size < po->tp_hdrlen +
+ po->tp_reserve))
+ goto out;
+diff --git a/net/packet/internal.h b/net/packet/internal.h
+index eb9580a..cdddf6a 100644
+--- a/net/packet/internal.h
++++ b/net/packet/internal.h
+@@ -29,6 +29,7 @@ struct tpacket_kbdq_core {
+ char *pkblk_start;
+ char *pkblk_end;
+ int kblk_size;
++ unsigned int max_frame_len;
+ unsigned int knum_blocks;
+ uint64_t knxt_seq_num;
+ char *prev;
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
index 70a547e..23477fe 100644
--- a/net/phonet/pep.c
diff --git a/3.15.10/4450_grsec-kconfig-default-gids.patch b/3.15.10/4450_grsec-kconfig-default-gids.patch
index af218a8..0451e5a 100644
--- a/3.15.10/4450_grsec-kconfig-default-gids.patch
+++ b/3.15.10/4450_grsec-kconfig-default-gids.patch
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -1013,7 +1013,7 @@
+@@ -1003,7 +1003,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -1034,7 +1034,7 @@
+@@ -1024,7 +1024,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -1052,7 +1052,7 @@
+@@ -1042,7 +1042,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.2.62/0000_README b/3.2.62/0000_README
index 9bf751a..67a218f 100644
--- a/3.2.62/0000_README
+++ b/3.2.62/0000_README
@@ -166,7 +166,7 @@ Patch: 1061_linux-3.2.62.patch
From: http://www.kernel.org
Desc: Linux 3.2.62
-Patch: 4420_grsecurity-3.0-3.2.62-201408191950.patch
+Patch: 4420_grsecurity-3.0-3.2.62-201408212331.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
similarity index 99%
rename from 3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
index 0e00b6a..0039dfe 100644
--- a/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
+++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
@@ -34960,7 +34960,7 @@ index da3cfee..a5a6606 100644
*ppos = i;
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index c244f0e..59b5e6c 100644
+index c244f0e..a86bc96 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -255,10 +255,8 @@
@@ -34976,7 +34976,7 @@ index c244f0e..59b5e6c 100644
#include <asm/processor.h>
#include <asm/uaccess.h>
-@@ -266,129 +264,150 @@
+@@ -266,129 +264,135 @@
#include <asm/irq_regs.h>
#include <asm/io.h>
@@ -34990,17 +34990,10 @@ index c244f0e..59b5e6c 100644
-#define OUTPUT_POOL_WORDS 32
-#define SEC_XFER_SIZE 512
-#define EXTRACT_SIZE 10
-+#ifdef CONFIG_GRKERNSEC_RANDNET
-+#define INPUT_POOL_SHIFT 14
-+#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
-+#define OUTPUT_POOL_SHIFT 12
-+#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
-+#else
+#define INPUT_POOL_SHIFT 12
+#define INPUT_POOL_WORDS (1 << (INPUT_POOL_SHIFT-5))
+#define OUTPUT_POOL_SHIFT 10
+#define OUTPUT_POOL_WORDS (1 << (OUTPUT_POOL_SHIFT-5))
-+#endif
+#define SEC_XFER_SIZE 512
+#define EXTRACT_SIZE 10
+
@@ -35104,20 +35097,12 @@ index c244f0e..59b5e6c 100644
- { 128, 103, 76, 51, 25, 1 },
- /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
- { 32, 26, 20, 14, 7, 1 },
-+#ifdef CONFIG_GRKERNSEC_RANDNET
-+ /* x^512 + x^411 + x^308 + x^208 + x^104 + x + 1 -- 225 */
-+ { S(512), 411, 308, 208, 104, 1 },
-+ /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
-+ /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
-+ { S(128), 104, 76, 51, 25, 1 },
-+#else
+ /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
+ /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
+ { S(128), 104, 76, 51, 25, 1 },
+ /* was: x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 */
+ /* x^32 + x^26 + x^19 + x^14 + x^7 + x + 1 */
+ { S(32), 26, 19, 14, 7, 1 },
-+#endif
#if 0
/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
- { 2048, 1638, 1231, 819, 411, 1 },
@@ -35205,7 +35190,7 @@ index c244f0e..59b5e6c 100644
/*
* Static global variables
*/
-@@ -396,21 +415,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
+@@ -396,21 +400,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);
static struct fasync_struct *fasync;
@@ -35227,7 +35212,7 @@ index c244f0e..59b5e6c 100644
/**********************************************************************
*
* OS independent entropy store. Here are the functions which handle
-@@ -421,31 +425,35 @@ module_param(debug, bool, 0644);
+@@ -421,31 +410,35 @@ module_param(debug, bool, 0644);
struct entropy_store;
struct entropy_store {
/* read-only data: */
@@ -35271,7 +35256,7 @@ index c244f0e..59b5e6c 100644
.pool = input_pool_data
};
-@@ -454,16 +462,20 @@ static struct entropy_store blocking_pool = {
+@@ -454,16 +447,20 @@ static struct entropy_store blocking_pool = {
.name = "blocking",
.limit = 1,
.pull = &input_pool,
@@ -35296,7 +35281,7 @@ index c244f0e..59b5e6c 100644
};
static __u32 const twist_table[8] = {
-@@ -480,8 +492,8 @@ static __u32 const twist_table[8] = {
+@@ -480,8 +477,8 @@ static __u32 const twist_table[8] = {
* it's cheap to do so and helps slightly in the expected case where
* the entropy is concentrated in the low-order bits.
*/
@@ -35307,7 +35292,7 @@ index c244f0e..59b5e6c 100644
{
unsigned long i, j, tap1, tap2, tap3, tap4, tap5;
int input_rotate;
-@@ -501,7 +513,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -501,7 +498,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
/* mix one byte at a time to simplify size handling and churn faster */
while (nbytes--) {
@@ -35316,7 +35301,7 @@ index c244f0e..59b5e6c 100644
i = (i - 1) & wordmask;
/* XOR in the various taps */
-@@ -521,11 +533,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -521,11 +518,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
* rotation, so that successive passes spread the
* input bits across the pool evenly.
*/
@@ -35331,7 +35316,7 @@ index c244f0e..59b5e6c 100644
smp_wmb();
if (out)
-@@ -533,13 +545,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -533,13 +530,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
((__u32 *)out)[j] = r->pool[(i - j) & wordmask];
}
@@ -35355,7 +35340,7 @@ index c244f0e..59b5e6c 100644
spin_unlock_irqrestore(&r->lock, flags);
}
-@@ -556,58 +576,151 @@ struct fast_pool {
+@@ -556,58 +561,151 @@ struct fast_pool {
* collector. It's hardcoded for an 128 bit pool and assumes that any
* locks that might be needed are taken by the caller.
*/
@@ -35532,7 +35517,7 @@ index c244f0e..59b5e6c 100644
/*********************************************************************
*
* Entropy input management
-@@ -621,42 +734,7 @@ struct timer_rand_state {
+@@ -621,42 +719,7 @@ struct timer_rand_state {
unsigned dont_count_entropy:1;
};
@@ -35576,7 +35561,7 @@ index c244f0e..59b5e6c 100644
/*
* Add device- or boot-specific data to the input and nonblocking
-@@ -669,15 +747,22 @@ static void set_timer_rand_state(unsigned int irq,
+@@ -669,15 +732,22 @@ static void set_timer_rand_state(unsigned int irq,
void add_device_randomness(const void *buf, unsigned int size)
{
unsigned long time = random_get_entropy() ^ jiffies;
@@ -35604,7 +35589,7 @@ index c244f0e..59b5e6c 100644
/*
* This function adds entropy to the entropy "pool" by using timing
-@@ -691,6 +776,7 @@ static struct timer_rand_state input_timer_state;
+@@ -691,6 +761,7 @@ static struct timer_rand_state input_timer_state;
*/
static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
{
@@ -35612,7 +35597,7 @@ index c244f0e..59b5e6c 100644
struct {
long jiffies;
unsigned cycles;
-@@ -699,15 +785,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
+@@ -699,15 +770,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
long delta, delta2, delta3;
preempt_disable();
@@ -35630,7 +35615,7 @@ index c244f0e..59b5e6c 100644
/*
* Calculate number of bits of randomness we probably added.
-@@ -741,10 +824,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
+@@ -741,10 +809,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
* Round down by 1 bit on general principles,
* and limit entropy entimate to 12 bits.
*/
@@ -35642,7 +35627,7 @@ index c244f0e..59b5e6c 100644
preempt_enable();
}
-@@ -757,10 +838,10 @@ void add_input_randomness(unsigned int type, unsigned int code,
+@@ -757,10 +823,10 @@ void add_input_randomness(unsigned int type, unsigned int code,
if (value == last_value)
return;
@@ -35654,7 +35639,7 @@ index c244f0e..59b5e6c 100644
}
EXPORT_SYMBOL_GPL(add_input_randomness);
-@@ -772,20 +853,21 @@ void add_interrupt_randomness(int irq, int irq_flags)
+@@ -772,20 +838,21 @@ void add_interrupt_randomness(int irq, int irq_flags)
struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness);
struct pt_regs *regs = get_irq_regs();
unsigned long now = jiffies;
@@ -35687,7 +35672,7 @@ index c244f0e..59b5e6c 100644
return;
fast_pool->last = now;
-@@ -814,10 +896,8 @@ void add_disk_randomness(struct gendisk *disk)
+@@ -814,10 +881,8 @@ void add_disk_randomness(struct gendisk *disk)
if (!disk || !disk->random)
return;
/* first major is 1, so we get >= 0x200 here */
@@ -35699,7 +35684,7 @@ index c244f0e..59b5e6c 100644
}
#endif
-@@ -835,104 +915,141 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -835,104 +900,141 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
* from the primary pool to the secondary extraction pool. We make
* sure we pull enough for a 'catastrophic reseed'.
*/
@@ -35904,7 +35889,7 @@ index c244f0e..59b5e6c 100644
spin_lock_irqsave(&r->lock, flags);
for (i = 0; i < r->poolinfo->poolwords; i += 16)
sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
-@@ -966,27 +1083,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -966,27 +1068,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
hash.w[1] ^= hash.w[4];
hash.w[2] ^= rol32(hash.w[2], 16);
@@ -35959,7 +35944,7 @@ index c244f0e..59b5e6c 100644
xfer_secondary_pool(r, nbytes);
nbytes = account(r, nbytes, min, reserved);
-@@ -994,8 +1127,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -994,8 +1112,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
extract_buf(r, tmp);
if (fips_enabled) {
@@ -35968,7 +35953,7 @@ index c244f0e..59b5e6c 100644
spin_lock_irqsave(&r->lock, flags);
if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
panic("Hardware RNG duplicated output!\n");
-@@ -1015,12 +1146,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -1015,12 +1131,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
return ret;
}
@@ -35986,7 +35971,7 @@ index c244f0e..59b5e6c 100644
xfer_secondary_pool(r, nbytes);
nbytes = account(r, nbytes, 0, 0);
-@@ -1036,7 +1172,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1036,7 +1157,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -35995,7 +35980,7 @@ index c244f0e..59b5e6c 100644
ret = -EFAULT;
break;
}
-@@ -1055,11 +1191,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1055,11 +1176,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
/*
* This function is the exported kernel interface. It returns some
* number of good random numbers, suitable for key generation, seeding
@@ -36018,7 +36003,7 @@ index c244f0e..59b5e6c 100644
extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
}
EXPORT_SYMBOL(get_random_bytes);
-@@ -1078,6 +1223,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
+@@ -1078,6 +1208,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
{
char *p = buf;
@@ -36026,7 +36011,7 @@ index c244f0e..59b5e6c 100644
while (nbytes) {
unsigned long v;
int chunk = min(nbytes, (int)sizeof(unsigned long));
-@@ -1111,12 +1257,11 @@ static void init_std_data(struct entropy_store *r)
+@@ -1111,12 +1242,11 @@ static void init_std_data(struct entropy_store *r)
ktime_t now = ktime_get_real();
unsigned long rv;
@@ -36042,7 +36027,7 @@ index c244f0e..59b5e6c 100644
mix_pool_bytes(r, &rv, sizeof(rv), NULL);
}
mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL);
-@@ -1139,25 +1284,7 @@ static int rand_initialize(void)
+@@ -1139,25 +1269,7 @@ static int rand_initialize(void)
init_std_data(&nonblocking_pool);
return 0;
}
@@ -36069,7 +36054,7 @@ index c244f0e..59b5e6c 100644
#ifdef CONFIG_BLOCK
void rand_initialize_disk(struct gendisk *disk)
-@@ -1169,71 +1296,60 @@ void rand_initialize_disk(struct gendisk *disk)
+@@ -1169,71 +1281,60 @@ void rand_initialize_disk(struct gendisk *disk)
* source.
*/
state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
@@ -36178,7 +36163,7 @@ index c244f0e..59b5e6c 100644
}
static unsigned int
-@@ -1244,9 +1360,9 @@ random_poll(struct file *file, poll_table * wait)
+@@ -1244,9 +1345,9 @@ random_poll(struct file *file, poll_table * wait)
poll_wait(file, &random_read_wait, wait);
poll_wait(file, &random_write_wait, wait);
mask = 0;
@@ -36190,7 +36175,7 @@ index c244f0e..59b5e6c 100644
mask |= POLLOUT | POLLWRNORM;
return mask;
}
-@@ -1297,7 +1413,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+@@ -1297,7 +1398,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
switch (cmd) {
case RNDGETENTCNT:
/* inherently racy, no point locking */
@@ -36200,7 +36185,7 @@ index c244f0e..59b5e6c 100644
return -EFAULT;
return 0;
case RNDADDTOENTCNT:
-@@ -1305,7 +1422,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+@@ -1305,7 +1407,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
return -EPERM;
if (get_user(ent_count, p))
return -EFAULT;
@@ -36209,7 +36194,7 @@ index c244f0e..59b5e6c 100644
return 0;
case RNDADDENTROPY:
if (!capable(CAP_SYS_ADMIN))
-@@ -1320,14 +1437,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+@@ -1320,14 +1422,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
size);
if (retval < 0)
return retval;
@@ -36232,7 +36217,7 @@ index c244f0e..59b5e6c 100644
return 0;
default:
return -EINVAL;
-@@ -1387,23 +1509,23 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1387,23 +1494,23 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -36263,7 +36248,7 @@ index c244f0e..59b5e6c 100644
unsigned char buf[64], tmp_uuid[16], *uuid;
uuid = table->data;
-@@ -1427,8 +1549,26 @@ static int proc_do_uuid(ctl_table *table, int write,
+@@ -1427,8 +1534,26 @@ static int proc_do_uuid(ctl_table *table, int write,
return proc_dostring(&fake_table, write, buffer, lenp, ppos);
}
@@ -36291,7 +36276,7 @@ index c244f0e..59b5e6c 100644
{
.procname = "poolsize",
.data = &sysctl_poolsize,
-@@ -1440,12 +1580,12 @@ ctl_table random_table[] = {
+@@ -1440,12 +1565,12 @@ ctl_table random_table[] = {
.procname = "entropy_avail",
.maxlen = sizeof(int),
.mode = 0444,
@@ -36306,7 +36291,7 @@ index c244f0e..59b5e6c 100644
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
-@@ -1454,7 +1594,7 @@ ctl_table random_table[] = {
+@@ -1454,7 +1579,7 @@ ctl_table random_table[] = {
},
{
.procname = "write_wakeup_threshold",
@@ -36315,7 +36300,7 @@ index c244f0e..59b5e6c 100644
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
-@@ -1462,6 +1602,13 @@ ctl_table random_table[] = {
+@@ -1462,6 +1587,13 @@ ctl_table random_table[] = {
.extra2 = &max_write_thresh,
},
{
@@ -36329,7 +36314,7 @@ index c244f0e..59b5e6c 100644
.procname = "boot_id",
.data = &sysctl_bootid,
.maxlen = 16,
-@@ -1492,7 +1639,7 @@ int random_int_secret_init(void)
+@@ -1492,7 +1624,7 @@ int random_int_secret_init(void)
* value is not cryptographically secure but for several uses the cost of
* depleting entropy is too high
*/
@@ -36338,7 +36323,7 @@ index c244f0e..59b5e6c 100644
unsigned int get_random_int(void)
{
__u32 *hash;
-@@ -1510,6 +1657,7 @@ unsigned int get_random_int(void)
+@@ -1510,6 +1642,7 @@ unsigned int get_random_int(void)
return ret;
}
@@ -39126,6 +39111,19 @@ index 8a8725c2..afed796 100644
else {
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
+diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
+index 888ece6..f870bb3 100644
+--- a/drivers/hid/hid-cherry.c
++++ b/drivers/hid/hid-cherry.c
+@@ -29,7 +29,7 @@
+ static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
++ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
+ hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
+ rdesc[11] = rdesc[16] = 0xff;
+ rdesc[12] = rdesc[17] = 0x03;
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 64d79d2..6c83020 100644
--- a/drivers/hid/hid-core.c
@@ -39148,6 +39146,84 @@ index 64d79d2..6c83020 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
+diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
+index f2ba9ef..25dfb5f 100644
+--- a/drivers/hid/hid-kye.c
++++ b/drivers/hid/hid-kye.c
+@@ -26,7 +26,7 @@
+ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 74 &&
++ if (*rsize >= 75 &&
+ rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
+ rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
+ rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
+diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
+index e7a7bd1..3ad6cd4 100644
+--- a/drivers/hid/hid-lg.c
++++ b/drivers/hid/hid-lg.c
+@@ -111,14 +111,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ {
+ unsigned long quirks = (unsigned long)hid_get_drvdata(hdev);
+
+- if ((quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
++ if ((quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
+ rdesc[84] == 0x8c && rdesc[85] == 0x02) {
+ hid_info(hdev,
+ "fixing up Logitech keyboard report descriptor\n");
+ rdesc[84] = rdesc[89] = 0x4d;
+ rdesc[85] = rdesc[90] = 0x10;
+ }
+- if ((quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
++ if ((quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
+ rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
+ rdesc[49] == 0x81 && rdesc[50] == 0x06) {
+ hid_info(hdev,
+diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
+index 828a0dd..6efc0ea 100644
+--- a/drivers/hid/hid-logitech-dj.c
++++ b/drivers/hid/hid-logitech-dj.c
+@@ -230,13 +230,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
+ return;
+ }
+
+- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
+- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
+- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
+- __func__, dj_report->device_index);
+- return;
+- }
+-
+ if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
+ /* The device is already known. No need to reallocate it. */
+ dbg_hid("%s: device is already known\n", __func__);
+@@ -713,6 +706,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
+ * device (via hid_input_report() ) and return 1 so hid-core does not do
+ * anything else with it.
+ */
++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
++ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
++ __func__, dj_report->device_index);
++ return false;
++ }
+
+ spin_lock_irqsave(&djrcv_dev->lock, flags);
+ if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
+diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
+index dedf757..eb0271e 100644
+--- a/drivers/hid/hid-monterey.c
++++ b/drivers/hid/hid-monterey.c
+@@ -25,7 +25,7 @@
+ static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
++ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
+ hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
+ rdesc[30] = 0x0c;
+ }
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
index a605ba1..fb91952 100644
--- a/drivers/hid/hid-multitouch.c
@@ -39170,6 +39246,32 @@ index a605ba1..fb91952 100644
}
/* we have handled the hidinput part, now remains hiddev */
+diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
+index f1ea3ff..99f317a 100644
+--- a/drivers/hid/hid-petalynx.c
++++ b/drivers/hid/hid-petalynx.c
+@@ -26,7 +26,7 @@
+ static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
++ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
+ rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
+ rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
+ hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
+diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
+index d484a00..3d6ae7b 100644
+--- a/drivers/hid/hid-sunplus.c
++++ b/drivers/hid/hid-sunplus.c
+@@ -25,7 +25,7 @@
+ static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
++ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
+ rdesc[106] == 0x03) {
+ hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
+ rdesc[105] = rdesc[110] = 0x03;
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index 4ef02b2..8a96831 100644
--- a/drivers/hid/usbhid/hiddev.c
@@ -60322,10 +60424,60 @@ index e2d3633..da449b7 100644
spin_unlock(&inode->i_lock);
}
diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
-index a5f25a7..8ac9cc8 100644
+index a5f25a7..e2f03bf 100644
--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
-@@ -1539,6 +1539,8 @@ static struct file_system_type iso9660_fs_type = {
+@@ -68,7 +68,7 @@ static void isofs_put_super(struct super_block *sb)
+ return;
+ }
+
+-static int isofs_read_inode(struct inode *);
++static int isofs_read_inode(struct inode *, int relocated);
+ static int isofs_statfs (struct dentry *, struct kstatfs *);
+
+ static struct kmem_cache *isofs_inode_cachep;
+@@ -1263,7 +1263,7 @@ out_toomany:
+ goto out;
+ }
+
+-static int isofs_read_inode(struct inode *inode)
++static int isofs_read_inode(struct inode *inode, int relocated)
+ {
+ struct super_block *sb = inode->i_sb;
+ struct isofs_sb_info *sbi = ISOFS_SB(sb);
+@@ -1408,7 +1408,7 @@ static int isofs_read_inode(struct inode *inode)
+ */
+
+ if (!high_sierra) {
+- parse_rock_ridge_inode(de, inode);
++ parse_rock_ridge_inode(de, inode, relocated);
+ /* if we want uid/gid set, override the rock ridge setting */
+ if (sbi->s_uid_set)
+ inode->i_uid = sbi->s_uid;
+@@ -1487,9 +1487,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
+ * offset that point to the underlying meta-data for the inode. The
+ * code below is otherwise similar to the iget() code in
+ * include/linux/fs.h */
+-struct inode *isofs_iget(struct super_block *sb,
+- unsigned long block,
+- unsigned long offset)
++struct inode *__isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset,
++ int relocated)
+ {
+ unsigned long hashval;
+ struct inode *inode;
+@@ -1511,7 +1512,7 @@ struct inode *isofs_iget(struct super_block *sb,
+ return ERR_PTR(-ENOMEM);
+
+ if (inode->i_state & I_NEW) {
+- ret = isofs_read_inode(inode);
++ ret = isofs_read_inode(inode, relocated);
+ if (ret < 0) {
+ iget_failed(inode);
+ inode = ERR_PTR(ret);
+@@ -1539,6 +1540,8 @@ static struct file_system_type iso9660_fs_type = {
.kill_sb = kill_block_super,
.fs_flags = FS_REQUIRES_DEV,
};
@@ -60334,12 +60486,137 @@ index a5f25a7..8ac9cc8 100644
static int __init init_iso9660_fs(void)
{
-@@ -1576,5 +1578,3 @@ static void __exit exit_iso9660_fs(void)
+@@ -1576,5 +1579,3 @@ static void __exit exit_iso9660_fs(void)
module_init(init_iso9660_fs)
module_exit(exit_iso9660_fs)
MODULE_LICENSE("GPL");
-/* Actual filesystem name is iso9660, as requested in filesystems.c */
-MODULE_ALIAS("iso9660");
+diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
+index 7d33de8..f9c9793 100644
+--- a/fs/isofs/isofs.h
++++ b/fs/isofs/isofs.h
+@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
+
+ struct inode; /* To make gcc happy */
+
+-extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
++extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
+ extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
+ extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
+
+@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, struct namei
+ extern struct buffer_head *isofs_bread(struct inode *, sector_t);
+ extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
+
+-extern struct inode *isofs_iget(struct super_block *sb,
+- unsigned long block,
+- unsigned long offset);
++struct inode *__isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset,
++ int relocated);
++
++static inline struct inode *isofs_iget(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset)
++{
++ return __isofs_iget(sb, block, offset, 0);
++}
++
++static inline struct inode *isofs_iget_reloc(struct super_block *sb,
++ unsigned long block,
++ unsigned long offset)
++{
++ return __isofs_iget(sb, block, offset, 1);
++}
+
+ /* Because the inode number is no longer relevant to finding the
+ * underlying meta-data for an inode, we are free to choose a more
+diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
+index 70e79d0..ee62cc0 100644
+--- a/fs/isofs/rock.c
++++ b/fs/isofs/rock.c
+@@ -288,12 +288,16 @@ eio:
+ goto out;
+ }
+
++#define RR_REGARD_XA 1
++#define RR_RELOC_DE 2
++
+ static int
+ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+- struct inode *inode, int regard_xa)
++ struct inode *inode, int flags)
+ {
+ int symlink_len = 0;
+ int cnt, sig;
++ unsigned int reloc_block;
+ struct inode *reloc;
+ struct rock_ridge *rr;
+ int rootflag;
+@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
+
+ init_rock_state(&rs, inode);
+ setup_rock_ridge(de, inode, &rs);
+- if (regard_xa) {
++ if (flags & RR_REGARD_XA) {
+ rs.chr += 14;
+ rs.len -= 14;
+ if (rs.len < 0)
+@@ -485,12 +489,22 @@ repeat:
+ "relocated directory\n");
+ goto out;
+ case SIG('C', 'L'):
+- ISOFS_I(inode)->i_first_extent =
+- isonum_733(rr->u.CL.location);
+- reloc =
+- isofs_iget(inode->i_sb,
+- ISOFS_I(inode)->i_first_extent,
+- 0);
++ if (flags & RR_RELOC_DE) {
++ printk(KERN_ERR
++ "ISOFS: Recursive directory relocation "
++ "is not supported\n");
++ goto eio;
++ }
++ reloc_block = isonum_733(rr->u.CL.location);
++ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
++ ISOFS_I(inode)->i_iget5_offset == 0) {
++ printk(KERN_ERR
++ "ISOFS: Directory relocation points to "
++ "itself\n");
++ goto eio;
++ }
++ ISOFS_I(inode)->i_first_extent = reloc_block;
++ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
+ if (IS_ERR(reloc)) {
+ ret = PTR_ERR(reloc);
+ goto out;
+@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
+ return rpnt;
+ }
+
+-int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
++int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
++ int relocated)
+ {
+- int result = parse_rock_ridge_inode_internal(de, inode, 0);
++ int flags = relocated ? RR_RELOC_DE : 0;
++ int result = parse_rock_ridge_inode_internal(de, inode, flags);
+
+ /*
+ * if rockridge flag was reset and we didn't look for attributes
+@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
+ */
+ if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
+ && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
+- result = parse_rock_ridge_inode_internal(de, inode, 14);
++ result = parse_rock_ridge_inode_internal(de, inode,
++ flags | RR_REGARD_XA);
+ }
+ return result;
+ }
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index e513f19..2ab1351 100644
--- a/fs/jffs2/erase.c
@@ -65123,10 +65400,10 @@ index 8a89949..6776861 100644
xfs_init_zones(void)
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..155d9f5
+index 0000000..5200d7b
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1162 @@
+@@ -0,0 +1,1152 @@
+#
+# grecurity configuration
+#
@@ -66045,16 +66322,6 @@ index 0000000..155d9f5
+menu "Network Protections"
+depends on GRKERNSEC
+
-+config GRKERNSEC_RANDNET
-+ bool "Larger entropy pools"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ If you say Y here, the entropy pools used for many features of Linux
-+ and grsecurity will be doubled in size. Since several grsecurity
-+ features use additional randomness, it is recommended that you say Y
-+ here. Saying Y here has a similar effect as modifying
-+ /proc/sys/kernel/random/poolsize.
-+
+config GRKERNSEC_BLACKHOLE
+ bool "TCP/UDP blackhole and LAST_ACK DoS prevention"
+ default y if GRKERNSEC_CONFIG_AUTO
@@ -104538,10 +104805,26 @@ index b4d889b..bb33240 100644
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 4f19bf2..5770069 100644
+index 4f19bf2..e3a2b51 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1678,7 +1678,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -195,6 +195,7 @@ struct tpacket_kbdq_core {
+ char *pkblk_start;
+ char *pkblk_end;
+ int kblk_size;
++ unsigned int max_frame_len;
+ unsigned int knum_blocks;
+ uint64_t knxt_seq_num;
+ char *prev;
+@@ -616,6 +617,7 @@ static void init_prb_bdqc(struct packet_sock *po,
+ p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
+ p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
+
++ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
+ prb_init_ft_ops(p1, req_u);
+ prb_setup_retire_blk_timer(po, tx_ring);
+ prb_open_block(p1, pbd);
+@@ -1678,7 +1680,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_packets++;
@@ -104550,7 +104833,7 @@ index 4f19bf2..5770069 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1687,7 +1687,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1687,7 +1689,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_drops++;
@@ -104559,7 +104842,26 @@ index 4f19bf2..5770069 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -2623,6 +2623,7 @@ out:
+@@ -1778,6 +1780,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
+ if ((int)snaplen < 0)
+ snaplen = 0;
+ }
++ } else if (unlikely(macoff + snaplen >
++ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
++ u32 nval;
++
++ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
++ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
++ snaplen, nval, macoff);
++ snaplen = nval;
++ if (unlikely((int)snaplen < 0)) {
++ snaplen = 0;
++ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
++ }
+ }
+ spin_lock(&sk->sk_receive_queue.lock);
+ h.raw = packet_current_rx_frame(po, skb,
+@@ -2623,6 +2637,7 @@ out:
static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
{
@@ -104567,7 +104869,7 @@ index 4f19bf2..5770069 100644
struct sock_exterr_skb *serr;
struct sk_buff *skb, *skb2;
int copied, err;
-@@ -2644,8 +2645,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
+@@ -2644,8 +2659,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
sock_recv_timestamp(msg, sk, skb);
serr = SKB_EXT_ERR(skb);
@@ -104578,7 +104880,7 @@ index 4f19bf2..5770069 100644
msg->msg_flags |= MSG_ERRQUEUE;
err = copied;
-@@ -3273,7 +3275,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3273,7 +3289,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -104587,7 +104889,7 @@ index 4f19bf2..5770069 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3323,7 +3325,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3323,7 +3339,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
if (put_user(len, optlen))
return -EFAULT;
@@ -104600,6 +104902,17 @@ index 4f19bf2..5770069 100644
return -EFAULT;
return 0;
}
+@@ -3614,6 +3634,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
+ goto out;
+ if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
+ goto out;
++ if (po->tp_version >= TPACKET_V3 &&
++ (int)(req->tp_block_size -
++ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
++ goto out;
+ if (unlikely(req->tp_frame_size < po->tp_hdrlen +
+ po->tp_reserve))
+ goto out;
diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
index d65f699..855d175 100644
--- a/net/phonet/af_phonet.c
diff --git a/3.2.62/4450_grsec-kconfig-default-gids.patch b/3.2.62/4450_grsec-kconfig-default-gids.patch
index e3c7c72..363dc64 100644
--- a/3.2.62/4450_grsec-kconfig-default-gids.patch
+++ b/3.2.62/4450_grsec-kconfig-default-gids.patch
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -999,7 +999,7 @@
+@@ -989,7 +989,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -1020,7 +1020,7 @@
+@@ -1010,7 +1010,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -1038,7 +1038,7 @@
+@@ -1028,7 +1028,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
index 035fe2d..3b873e1 100644
--- a/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
+++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
-@@ -1133,6 +1133,27 @@
+@@ -1123,6 +1123,27 @@
menu "Logging Options"
depends on GRKERNSEC
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-24 14:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-24 14:46 [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.17/, 3.15.10/, 3.2.62/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2014-08-20 20:00 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox