Grsec/PaX: 3.0-{3.2.55,3.13.6}-20140320234920140320

author: Anthony G. Basile <blueness@gentoo.org> 2014-03-21 09:47:23 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2014-03-21 09:47:23 -0400
commit: e9f033878d9e670289391f5811a16b21ef3386cb (patch)
tree: b79eaaf7c6a830dac2286e69cdb958108ce6942d
parent: Grsec/PaX: 3.0-{3.2.55,3.13.6}-201403192228 (diff)
download: hardened-patchset-e9f033878d9e670289391f5811a16b21ef3386cb.tar.gz
hardened-patchset-e9f033878d9e670289391f5811a16b21ef3386cb.tar.bz2
hardened-patchset-e9f033878d9e670289391f5811a16b21ef3386cb.zip
4 files changed, 489 insertions, 82 deletions
diff --git a/3.13.6/0000_README b/3.13.6/0000_README
index e099035..1864b5a 100644
--- a/3.13.6/0000_README
+++ b/3.13.6/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.0-3.13.6-201403192228.patch
+Patch:	4420_grsecurity-3.0-3.13.6-201403202349.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.13.6/4420_grsecurity-3.0-3.13.6-201403192228.patch b/3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch
index fb3fba9..521e844 100644
--- a/3.13.6/4420_grsecurity-3.0-3.13.6-201403192228.patch
+++ b/3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index dfe5fec..b8d23eb 100644
+index dfe5fec..079642c 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -381,7 +381,7 @@ index dfe5fec..b8d23eb 100644
 +GCC_PLUGINS_CFLAGS += $(SIZE_OVERFLOW_PLUGIN_CFLAGS) $(LATENT_ENTROPY_PLUGIN_CFLAGS) $(STRUCTLEAK_PLUGIN_CFLAGS)
 +GCC_PLUGINS_CFLAGS += $(RANDSTRUCT_PLUGIN_CFLAGS)
 +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS)
-+export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS CONSTIFY_PLUGIN
++export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS CONSTIFY_PLUGIN LATENT_ENTROPY_PLUGIN_CFLAGS
 +ifeq ($(KBUILD_EXTMOD),)
 +gcc-plugins:
 +	$(Q)$(MAKE) $(build)=tools/gcc
@@ -2171,7 +2171,7 @@ index 71a06b2..8bb9ae1 100644
  /*
   * Change these and you break ASM code in entry-common.S
 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
-index 72abdc5..9eba222 100644
+index 72abdc5..35acac1 100644
 --- a/arch/arm/include/asm/uaccess.h
 +++ b/arch/arm/include/asm/uaccess.h
 @@ -18,6 +18,7 @@
@@ -2250,7 +2250,15 @@ index 72abdc5..9eba222 100644
  	 })
  
  #else /* CONFIG_MMU */
-@@ -237,13 +273,17 @@ static inline void set_fs(mm_segment_t fs)
+@@ -220,6 +256,7 @@ static inline void set_fs(mm_segment_t fs)
+ 
+ #endif /* CONFIG_MMU */
+ 
++#define access_ok_noprefault(type,addr,size) access_ok((type),(addr),(size))
+ #define access_ok(type,addr,size)	(__range_ok(addr,size) == 0)
+ 
+ #define user_addr_max() \
+@@ -237,13 +274,17 @@ static inline void set_fs(mm_segment_t fs)
  #define __get_user(x,ptr)						\
  ({									\
  	long __gu_err = 0;						\
@@ -2268,7 +2276,7 @@ index 72abdc5..9eba222 100644
  	(void) 0;							\
  })
  
-@@ -319,13 +359,17 @@ do {									\
+@@ -319,13 +360,17 @@ do {									\
  #define __put_user(x,ptr)						\
  ({									\
  	long __pu_err = 0;						\
@@ -2286,7 +2294,7 @@ index 72abdc5..9eba222 100644
  	(void) 0;							\
  })
  
-@@ -425,11 +469,44 @@ do {									\
+@@ -425,11 +470,44 @@ do {									\
  
  
  #ifdef CONFIG_MMU
@@ -2334,7 +2342,7 @@ index 72abdc5..9eba222 100644
  #else
  #define __copy_from_user(to,from,n)	(memcpy(to, (void __force *)from, n), 0)
  #define __copy_to_user(to,from,n)	(memcpy((void __force *)to, from, n), 0)
-@@ -438,6 +515,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
+@@ -438,6 +516,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
  
  static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -2344,7 +2352,7 @@ index 72abdc5..9eba222 100644
  	if (access_ok(VERIFY_READ, from, n))
  		n = __copy_from_user(to, from, n);
  	else /* security hole - plug it */
-@@ -447,6 +527,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
+@@ -447,6 +528,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
  
  static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
  {
@@ -4639,6 +4647,18 @@ index ce6d763..cfea917 100644
  
  extern void *samsung_dmadev_get_ops(void);
  extern void *s3c_dma_get_ops(void);
+diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
+index 7ecc2b2..5e56c66 100644
+--- a/arch/arm64/include/asm/uaccess.h
++++ b/arch/arm64/include/asm/uaccess.h
+@@ -99,6 +99,7 @@ static inline void set_fs(mm_segment_t fs)
+ 	flag;								\
+ })
+ 
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size)	__range_ok(addr, size)
+ 
+ /*
 diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h
 index c3a58a1..78fbf54 100644
 --- a/arch/avr32/include/asm/cache.h
@@ -5035,10 +5055,18 @@ index 45698cd..e8e2dbc 100644
  
  static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
 diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
-index 449c8c0..18965fb 100644
+index 449c8c0..3d4b1e9 100644
 --- a/arch/ia64/include/asm/uaccess.h
 +++ b/arch/ia64/include/asm/uaccess.h
-@@ -240,12 +240,24 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use
+@@ -70,6 +70,7 @@
+ 	 && ((segment).seg == KERNEL_DS.seg						\
+ 	     || likely(REGION_OFFSET((unsigned long) (addr)) < RGN_MAP_LIMIT)));	\
+ })
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size)	__access_ok((addr), (size), get_fs())
+ 
+ /*
+@@ -240,12 +241,24 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use
  static inline unsigned long
  __copy_to_user (void __user *to, const void *from, unsigned long count)
  {
@@ -5063,7 +5091,7 @@ index 449c8c0..18965fb 100644
  	return __copy_user((__force void __user *) to, from, count);
  }
  
-@@ -255,10 +267,13 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
+@@ -255,10 +268,13 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
  ({											\
  	void __user *__cu_to = (to);							\
  	const void *__cu_from = (from);							\
@@ -5079,7 +5107,7 @@ index 449c8c0..18965fb 100644
  	__cu_len;									\
  })
  
-@@ -266,11 +281,14 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
+@@ -266,11 +282,14 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
  ({											\
  	void *__cu_to = (to);								\
  	const void __user *__cu_from = (from);						\
@@ -6715,6 +6743,18 @@ index 4f58ef6..5e7081b 100644
  
  /*
   * We stash processor id into a COP0 register to retrieve it fast
+diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
+index f3fa375..3af6637 100644
+--- a/arch/mips/include/asm/uaccess.h
++++ b/arch/mips/include/asm/uaccess.h
+@@ -128,6 +128,7 @@ extern u64 __ua_limit;
+ 	__ok == 0;							\
+ })
+ 
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size)					\
+ 	likely(__access_ok((addr), (size), __access_mask))
+ 
 diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
 index 1188e00..41cf144 100644
 --- a/arch/mips/kernel/binfmt_elfn32.c
@@ -7975,6 +8015,62 @@ index 5acabbd..7ea14fa 100644
  
  #endif	/* __KERNEL__ */
  #endif	/* _ASM_POWERPC_KMAP_TYPES_H */
+diff --git a/arch/powerpc/include/asm/local.h b/arch/powerpc/include/asm/local.h
+index b8da913..60b608a 100644
+--- a/arch/powerpc/include/asm/local.h
++++ b/arch/powerpc/include/asm/local.h
+@@ -9,15 +9,26 @@ typedef struct
+ 	atomic_long_t a;
+ } local_t;
+ 
++typedef struct
++{
++	atomic_long_unchecked_t a;
++} local_unchecked_t;
++
+ #define LOCAL_INIT(i)	{ ATOMIC_LONG_INIT(i) }
+ 
+ #define local_read(l)	atomic_long_read(&(l)->a)
++#define local_read_unchecked(l)	atomic_long_read_unchecked(&(l)->a)
+ #define local_set(l,i)	atomic_long_set(&(l)->a, (i))
++#define local_set_unchecked(l,i)	atomic_long_set_unchecked(&(l)->a, (i))
+ 
+ #define local_add(i,l)	atomic_long_add((i),(&(l)->a))
++#define local_add_unchecked(i,l)	atomic_long_add_unchecked((i),(&(l)->a))
+ #define local_sub(i,l)	atomic_long_sub((i),(&(l)->a))
++#define local_sub_unchecked(i,l)	atomic_long_sub_unchecked((i),(&(l)->a))
+ #define local_inc(l)	atomic_long_inc(&(l)->a)
++#define local_inc_unchecked(l)	atomic_long_inc_unchecked(&(l)->a)
+ #define local_dec(l)	atomic_long_dec(&(l)->a)
++#define local_dec_unchecked(l)	atomic_long_dec_unchecked(&(l)->a)
+ 
+ static __inline__ long local_add_return(long a, local_t *l)
+ {
+@@ -35,6 +46,7 @@ static __inline__ long local_add_return(long a, local_t *l)
+ 
+ 	return t;
+ }
++#define local_add_return_unchecked(i, l) atomic_long_add_return_unchecked((i), (&(l)->a))
+ 
+ #define local_add_negative(a, l)	(local_add_return((a), (l)) < 0)
+ 
+@@ -54,6 +66,7 @@ static __inline__ long local_sub_return(long a, local_t *l)
+ 
+ 	return t;
+ }
++#define local_sub_return_unchecked(i, l) atomic_long_sub_return_unchecked((i), (&(l)->a))
+ 
+ static __inline__ long local_inc_return(local_t *l)
+ {
+@@ -101,6 +114,8 @@ static __inline__ long local_dec_return(local_t *l)
+ 
+ #define local_cmpxchg(l, o, n) \
+ 	(cmpxchg_local(&((l)->a.counter), (o), (n)))
++#define local_cmpxchg_unchecked(l, o, n) \
++	(cmpxchg_local(&((l)->a.counter), (o), (n)))
+ #define local_xchg(l, n) (xchg_local(&((l)->a.counter), (n)))
+ 
+ /**
 diff --git a/arch/powerpc/include/asm/mman.h b/arch/powerpc/include/asm/mman.h
 index 8565c25..2865190 100644
 --- a/arch/powerpc/include/asm/mman.h
@@ -8155,10 +8251,18 @@ index 9854c56..7517190 100644
  #define _TIF_USER_WORK_MASK	(_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
  				 _TIF_NOTIFY_RESUME | _TIF_UPROBE)
 diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
-index 9485b43..4718d50 100644
+index 9485b43..3bd3c16 100644
 --- a/arch/powerpc/include/asm/uaccess.h
 +++ b/arch/powerpc/include/asm/uaccess.h
-@@ -318,52 +318,6 @@ do {								\
+@@ -58,6 +58,7 @@
+ 
+ #endif
+ 
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size)		\
+ 	(__chk_user_ptr(addr),			\
+ 	 __access_ok((__force unsigned long)(addr), (size), get_fs()))
+@@ -318,52 +319,6 @@ do {								\
  extern unsigned long __copy_tofrom_user(void __user *to,
  		const void __user *from, unsigned long size);
  
@@ -8211,7 +8315,7 @@ index 9485b43..4718d50 100644
  static inline unsigned long __copy_from_user_inatomic(void *to,
  		const void __user *from, unsigned long n)
  {
-@@ -387,6 +341,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
+@@ -387,6 +342,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
  		if (ret == 0)
  			return 0;
  	}
@@ -8222,7 +8326,7 @@ index 9485b43..4718d50 100644
  	return __copy_tofrom_user((__force void __user *)to, from, n);
  }
  
-@@ -413,6 +371,10 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
+@@ -413,6 +372,10 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
  		if (ret == 0)
  			return 0;
  	}
@@ -8233,7 +8337,7 @@ index 9485b43..4718d50 100644
  	return __copy_tofrom_user(to, (__force const void __user *)from, n);
  }
  
-@@ -430,6 +392,92 @@ static inline unsigned long __copy_to_user(void __user *to,
+@@ -430,6 +393,92 @@ static inline unsigned long __copy_to_user(void __user *to,
  	return __copy_to_user_inatomic(to, from, size);
  }
  
@@ -8326,6 +8430,19 @@ index 9485b43..4718d50 100644
  extern unsigned long __clear_user(void __user *addr, unsigned long size);
  
  static inline unsigned long clear_user(void __user *addr, unsigned long size)
+diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
+index 445cb6e..4f80c5d 100644
+--- a/arch/powerpc/kernel/Makefile
++++ b/arch/powerpc/kernel/Makefile
+@@ -26,6 +26,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog
+ CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog
+ endif
+ 
++CFLAGS_REMOVE_prom_init.o += $(LATENT_ENTROPY_PLUGIN_CFLAGS)
++
+ obj-y				:= cputable.o ptrace.o syscalls.o \
+ 				   irq.o align.o signal_32.o pmc.o vdso.o \
+ 				   process.o systbl.o idle.o \
 diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
 index e775156..af2d1c0 100644
 --- a/arch/powerpc/kernel/exceptions-64e.S
@@ -8620,6 +8737,19 @@ index 094e45c..d82b848 100644
  	if (IS_ERR_VALUE(vdso_base)) {
  		rc = vdso_base;
  		goto fail_mmapsem;
+diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
+index 9ae9768..87c3448 100644
+--- a/arch/powerpc/kvm/powerpc.c
++++ b/arch/powerpc/kvm/powerpc.c
+@@ -1141,7 +1141,7 @@ void kvmppc_init_lpid(unsigned long nr_lpids_param)
+ }
+ EXPORT_SYMBOL_GPL(kvmppc_init_lpid);
+ 
+-int kvm_arch_init(void *opaque)
++int kvm_arch_init(const void *opaque)
+ {
+ 	return 0;
+ }
 diff --git a/arch/powerpc/lib/usercopy_64.c b/arch/powerpc/lib/usercopy_64.c
 index 5eea6f3..5d10396 100644
 --- a/arch/powerpc/lib/usercopy_64.c
@@ -8756,10 +8886,15 @@ index 51ab9e7..7d3c78b 100644
  		goto bail;
  	}
 diff --git a/arch/powerpc/mm/mmap.c b/arch/powerpc/mm/mmap.c
-index cb8bdbe..d770680 100644
+index cb8bdbe..cde4bc7 100644
 --- a/arch/powerpc/mm/mmap.c
 +++ b/arch/powerpc/mm/mmap.c
-@@ -57,6 +57,10 @@ static unsigned long mmap_rnd(void)
+@@ -53,10 +53,14 @@ static inline int mmap_is_legacy(void)
+ 	return sysctl_legacy_va_layout;
+ }
+ 
+-static unsigned long mmap_rnd(void)
++static unsigned long mmap_rnd(struct mm_struct *mm)
  {
  	unsigned long rnd = 0;
  
@@ -8770,6 +8905,24 @@ index cb8bdbe..d770680 100644
  	if (current->flags & PF_RANDOMIZE) {
  		/* 8MB for 32bit, 1GB for 64bit */
  		if (is_32bit_task())
+@@ -67,7 +71,7 @@ static unsigned long mmap_rnd(void)
+ 	return rnd << PAGE_SHIFT;
+ }
+ 
+-static inline unsigned long mmap_base(void)
++static inline unsigned long mmap_base(struct mm_struct *mm)
+ {
+ 	unsigned long gap = rlimit(RLIMIT_STACK);
+ 
+@@ -76,7 +80,7 @@ static inline unsigned long mmap_base(void)
+ 	else if (gap > MAX_GAP)
+ 		gap = MAX_GAP;
+ 
+-	return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd());
++	return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd(mm));
+ }
+ 
+ /*
 @@ -91,9 +95,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
@@ -8782,7 +8935,8 @@ index cb8bdbe..d770680 100644
 +
  		mm->get_unmapped_area = arch_get_unmapped_area;
  	} else {
- 		mm->mmap_base = mmap_base();
+-		mm->mmap_base = mmap_base();
++		mm->mmap_base = mmap_base(mm);
 +
 +#ifdef CONFIG_PAX_RANDMMAP
 +		if (mm->pax_flags & MF_PAX_RANDMMAP)
@@ -8830,6 +8984,21 @@ index 7ce9cf3..a964087 100644
  	/* If hint, make sure it matches our alignment restrictions */
  	if (!fixed && addr) {
  		addr = _ALIGN_UP(addr, 1ul << pshift);
+diff --git a/arch/powerpc/platforms/cell/celleb_scc_pciex.c b/arch/powerpc/platforms/cell/celleb_scc_pciex.c
+index 4278acf..67fd0e6 100644
+--- a/arch/powerpc/platforms/cell/celleb_scc_pciex.c
++++ b/arch/powerpc/platforms/cell/celleb_scc_pciex.c
+@@ -400,8 +400,8 @@ static int scc_pciex_write_config(struct pci_bus *bus, unsigned int devfn,
+ }
+ 
+ static struct pci_ops scc_pciex_pci_ops = {
+-	scc_pciex_read_config,
+-	scc_pciex_write_config,
++	.read = scc_pciex_read_config,
++	.write = scc_pciex_write_config,
+ };
+ 
+ static void pciex_clear_intr_all(unsigned int __iomem *base)
 diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
 index 9098692..3d54cd1 100644
 --- a/arch/powerpc/platforms/cell/spufs/file.c
@@ -8927,10 +9096,18 @@ index c4a93d6..4d2a9b4 100644
  
  #endif /* __ASM_EXEC_H */
 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
-index 79330af..a3a7b06 100644
+index 79330af..254cf37 100644
 --- a/arch/s390/include/asm/uaccess.h
 +++ b/arch/s390/include/asm/uaccess.h
-@@ -245,6 +245,10 @@ static inline unsigned long __must_check
+@@ -59,6 +59,7 @@ static inline int __range_ok(unsigned long addr, unsigned long size)
+ 	__range_ok((unsigned long)(addr), (size));	\
+ })
+ 
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size) __access_ok(addr, size)
+ 
+ /*
+@@ -245,6 +246,10 @@ static inline unsigned long __must_check
  copy_to_user(void __user *to, const void *from, unsigned long n)
  {
  	might_fault();
@@ -8941,7 +9118,7 @@ index 79330af..a3a7b06 100644
  	return __copy_to_user(to, from, n);
  }
  
-@@ -268,6 +272,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
+@@ -268,6 +273,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
  static inline unsigned long __must_check
  __copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -8951,7 +9128,7 @@ index 79330af..a3a7b06 100644
  	return uaccess.copy_from_user(n, from, to);
  }
  
-@@ -296,10 +303,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
+@@ -296,10 +304,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
  static inline unsigned long __must_check
  copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -19100,7 +19277,7 @@ index e6d90ba..f81f114 100644
  }
  
 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 8ec57c0..3ee58c9 100644
+index 8ec57c0..451bcfc 100644
 --- a/arch/x86/include/asm/uaccess.h
 +++ b/arch/x86/include/asm/uaccess.h
 @@ -7,6 +7,7 @@
@@ -19131,7 +19308,7 @@ index 8ec57c0..3ee58c9 100644
 -#define access_ok(type, addr, size) \
 -	(likely(__range_not_ok(addr, size, user_addr_max()) == 0))
 +extern int _cond_resched(void);
-+#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size, user_addr_max()) == 0))
++#define access_ok_noprefault(type, addr, size) (likely(__range_not_ok(addr, size, user_addr_max()) == 0))
 +#define access_ok(type, addr, size)					\
 +({									\
 +	long __size = size;						\
@@ -19537,7 +19714,7 @@ index 3c03a5d..1071638 100644
  
  #endif /* _ASM_X86_UACCESS_32_H */
 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 190413d..8a80c2a 100644
+index 190413d..206c200 100644
 --- a/arch/x86/include/asm/uaccess_64.h
 +++ b/arch/x86/include/asm/uaccess_64.h
 @@ -10,6 +10,9 @@
@@ -19590,7 +19767,7 @@ index 190413d..8a80c2a 100644
 +	check_object_size(dst, size, false);
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
 +#endif
 +
@@ -19672,7 +19849,7 @@ index 190413d..8a80c2a 100644
 +	check_object_size(src, size, true);
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_WRITE, dst, size))
++	if (!access_ok_noprefault(VERIFY_WRITE, dst, size))
 +		return size;
 +#endif
 +
@@ -19753,9 +19930,9 @@ index 190413d..8a80c2a 100644
 +		return size;
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
-+	if (!__access_ok(VERIFY_WRITE, dst, size))
++	if (!access_ok_noprefault(VERIFY_WRITE, dst, size))
 +		return size;
 +#endif
 +
@@ -19844,7 +20021,7 @@ index 190413d..8a80c2a 100644
 +		return size;
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
 +#endif
 +
@@ -19861,7 +20038,7 @@ index 190413d..8a80c2a 100644
 +		return size;
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
 +#endif
 +
@@ -31737,7 +31914,7 @@ index 6dea040..31e52ff 100644
 +	return ret ? -EFAULT : 0;
 +}
 diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index 0596e8e..9de0b1c 100644
+index 0596e8e..5626789 100644
 --- a/arch/x86/mm/gup.c
 +++ b/arch/x86/mm/gup.c
 @@ -268,7 +268,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
@@ -31745,7 +31922,7 @@ index 0596e8e..9de0b1c 100644
  	len = (unsigned long) nr_pages << PAGE_SHIFT;
  	end = start + len;
 -	if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
-+	if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
++	if (unlikely(!access_ok_noprefault(write ? VERIFY_WRITE : VERIFY_READ,
  					(void __user *)start, len)))
  		return 0;
  
@@ -31753,7 +31930,7 @@ index 0596e8e..9de0b1c 100644
  		goto slow_irqon;
  #endif
  
-+	if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
++	if (unlikely(!access_ok_noprefault(write ? VERIFY_WRITE : VERIFY_READ,
 +					(void __user *)start, len)))
 +		return 0;
 +
@@ -50121,7 +50298,7 @@ index 81e939e..95ead10 100644
  
  	return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
 diff --git a/drivers/tty/hvc/hvsi.c b/drivers/tty/hvc/hvsi.c
-index 4190199..48f2920 100644
+index 4190199..06d5bfa 100644
 --- a/drivers/tty/hvc/hvsi.c
 +++ b/drivers/tty/hvc/hvsi.c
 @@ -85,7 +85,7 @@ struct hvsi_struct {
@@ -50178,6 +50355,45 @@ index 4190199..48f2920 100644
  	packet.hdr.len = 6;
  	packet.verb = VSV_CLOSE_PROTOCOL;
  
+@@ -725,7 +725,7 @@ static int hvsi_open(struct tty_struct *tty, struct file *filp)
+ 
+ 	tty_port_tty_set(&hp->port, tty);
+ 	spin_lock_irqsave(&hp->lock, flags);
+-	hp->port.count++;
++	atomic_inc(&hp->port.count);
+ 	atomic_set(&hp->seqno, 0);
+ 	h_vio_signal(hp->vtermno, VIO_IRQ_ENABLE);
+ 	spin_unlock_irqrestore(&hp->lock, flags);
+@@ -782,7 +782,7 @@ static void hvsi_close(struct tty_struct *tty, struct file *filp)
+ 
+ 	spin_lock_irqsave(&hp->lock, flags);
+ 
+-	if (--hp->port.count == 0) {
++	if (atomic_dec_return(&hp->port.count) == 0) {
+ 		tty_port_tty_set(&hp->port, NULL);
+ 		hp->inbuf_end = hp->inbuf; /* discard remaining partial packets */
+ 
+@@ -815,9 +815,9 @@ static void hvsi_close(struct tty_struct *tty, struct file *filp)
+ 
+ 			spin_lock_irqsave(&hp->lock, flags);
+ 		}
+-	} else if (hp->port.count < 0)
++	} else if (atomic_read(&hp->port.count) < 0)
+ 		printk(KERN_ERR "hvsi_close %lu: oops, count is %d\n",
+-		       hp - hvsi_ports, hp->port.count);
++		       hp - hvsi_ports, atomic_read(&hp->port.count));
+ 
+ 	spin_unlock_irqrestore(&hp->lock, flags);
+ }
+@@ -832,7 +832,7 @@ static void hvsi_hangup(struct tty_struct *tty)
+ 	tty_port_tty_set(&hp->port, NULL);
+ 
+ 	spin_lock_irqsave(&hp->lock, flags);
+-	hp->port.count = 0;
++	atomic_set(&hp->port.count, 0);
+ 	hp->n_outbuf = 0;
+ 	spin_unlock_irqrestore(&hp->lock, flags);
+ }
 diff --git a/drivers/tty/hvc/hvsi_lib.c b/drivers/tty/hvc/hvsi_lib.c
 index 347050e..14f8fbf 100644
 --- a/drivers/tty/hvc/hvsi_lib.c
@@ -118576,7 +118792,7 @@ index b003ad7..c0a02f8 100644
 +
  #endif
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 4f588bc..d3cfc5c 100644
+index 4f588bc..a543c97 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -76,12 +76,17 @@ LIST_HEAD(vm_list);
@@ -118604,7 +118820,7 @@ index 4f588bc..d3cfc5c 100644
  	if ((mem->slot < KVM_USER_MEM_SLOTS) &&
  	    ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
 -	     !access_ok(VERIFY_WRITE,
-+	     !__access_ok(VERIFY_WRITE,
++	     !access_ok_noprefault(VERIFY_WRITE,
  			(void __user *)(unsigned long)mem->userspace_addr,
  			mem->memory_size)))
  		goto out;
diff --git a/3.2.55/0000_README b/3.2.55/0000_README
index 3b0b54e..a3b6dc5 100644
--- a/3.2.55/0000_README
+++ b/3.2.55/0000_README
@@ -138,7 +138,7 @@ Patch:	1054_linux-3.2.55.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.55
 
-Patch:	4420_grsecurity-3.0-3.2.55-201403192223.patch
+Patch:	4420_grsecurity-3.0-3.2.55-201403202347.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201403192223.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch
index 1ab434c..c1f6b08 100644
--- a/3.2.55/4420_grsecurity-3.0-3.2.55-201403192223.patch
+++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch
@@ -273,7 +273,7 @@ index 88fd7f5..b318a78 100644
  ==============================================================
  
 diff --git a/Makefile b/Makefile
-index 538463e..d1011ba 100644
+index 538463e..aa55228 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -367,7 +367,7 @@ index 538463e..d1011ba 100644
 +GCC_PLUGINS_CFLAGS += $(SIZE_OVERFLOW_PLUGIN_CFLAGS) $(LATENT_ENTROPY_PLUGIN_CFLAGS) $(STRUCTLEAK_PLUGIN_CFLAGS)
 +GCC_PLUGINS_CFLAGS += $(RANDSTRUCT_PLUGIN_CFLAGS)
 +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS)
-+export PLUGINCC CONSTIFY_PLUGIN
++export PLUGINCC CONSTIFY_PLUGIN LATENT_ENTROPY_PLUGIN_CFLAGS
 +ifeq ($(KBUILD_EXTMOD),)
 +gcc-plugins:
 +	$(Q)$(MAKE) $(build)=tools/gcc
@@ -1813,10 +1813,18 @@ index 7b5cc8d..5d70d88 100644
  /*
   * Change these and you break ASM code in entry-common.S
 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
-index 292c3f8..47aa55e 100644
+index 292c3f8..aef3b4a 100644
 --- a/arch/arm/include/asm/uaccess.h
 +++ b/arch/arm/include/asm/uaccess.h
-@@ -241,7 +241,7 @@ do {									\
+@@ -201,6 +201,7 @@ static inline void set_fs(mm_segment_t fs)
+ 
+ #endif /* CONFIG_MMU */
+ 
++#define access_ok_noprefault(type,addr,size) access_ok((type),(addr),(size))
+ #define access_ok(type,addr,size)	(__range_ok(addr,size) == 0)
+ 
+ /*
+@@ -241,7 +242,7 @@ do {									\
  
  #define __get_user_asm_byte(x,addr,err)				\
  	__asm__ __volatile__(					\
@@ -1825,7 +1833,7 @@ index 292c3f8..47aa55e 100644
  	"2:\n"							\
  	"	.pushsection .fixup,\"ax\"\n"			\
  	"	.align	2\n"					\
-@@ -277,7 +277,7 @@ do {									\
+@@ -277,7 +278,7 @@ do {									\
  
  #define __get_user_asm_word(x,addr,err)				\
  	__asm__ __volatile__(					\
@@ -1834,7 +1842,7 @@ index 292c3f8..47aa55e 100644
  	"2:\n"							\
  	"	.pushsection .fixup,\"ax\"\n"			\
  	"	.align	2\n"					\
-@@ -322,7 +322,7 @@ do {									\
+@@ -322,7 +323,7 @@ do {									\
  
  #define __put_user_asm_byte(x,__pu_addr,err)			\
  	__asm__ __volatile__(					\
@@ -1843,7 +1851,7 @@ index 292c3f8..47aa55e 100644
  	"2:\n"							\
  	"	.pushsection .fixup,\"ax\"\n"			\
  	"	.align	2\n"					\
-@@ -355,7 +355,7 @@ do {									\
+@@ -355,7 +356,7 @@ do {									\
  
  #define __put_user_asm_word(x,__pu_addr,err)			\
  	__asm__ __volatile__(					\
@@ -1852,7 +1860,7 @@ index 292c3f8..47aa55e 100644
  	"2:\n"							\
  	"	.pushsection .fixup,\"ax\"\n"			\
  	"	.align	2\n"					\
-@@ -380,10 +380,10 @@ do {									\
+@@ -380,10 +381,10 @@ do {									\
  
  #define __put_user_asm_dword(x,__pu_addr,err)			\
  	__asm__ __volatile__(					\
@@ -1867,7 +1875,7 @@ index 292c3f8..47aa55e 100644
  	"3:\n"							\
  	"	.pushsection .fixup,\"ax\"\n"			\
  	"	.align	2\n"					\
-@@ -401,8 +401,21 @@ do {									\
+@@ -401,8 +402,21 @@ do {									\
  
  
  #ifdef CONFIG_MMU
@@ -1891,7 +1899,7 @@ index 292c3f8..47aa55e 100644
  extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n);
  extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
  extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n);
-@@ -417,6 +430,9 @@ extern unsigned long __must_check __strnlen_user(const char __user *s, long n);
+@@ -417,6 +431,9 @@ extern unsigned long __must_check __strnlen_user(const char __user *s, long n);
  
  static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -1901,7 +1909,7 @@ index 292c3f8..47aa55e 100644
  	if (access_ok(VERIFY_READ, from, n))
  		n = __copy_from_user(to, from, n);
  	else /* security hole - plug it */
-@@ -426,6 +442,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
+@@ -426,6 +443,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
  
  static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
  {
@@ -3241,10 +3249,18 @@ index b77768d..e0795eb 100644
  
  static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
 diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
-index 449c8c0..18965fb 100644
+index 449c8c0..3d4b1e9 100644
 --- a/arch/ia64/include/asm/uaccess.h
 +++ b/arch/ia64/include/asm/uaccess.h
-@@ -240,12 +240,24 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use
+@@ -70,6 +70,7 @@
+ 	 && ((segment).seg == KERNEL_DS.seg						\
+ 	     || likely(REGION_OFFSET((unsigned long) (addr)) < RGN_MAP_LIMIT)));	\
+ })
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size)	__access_ok((addr), (size), get_fs())
+ 
+ /*
+@@ -240,12 +241,24 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use
  static inline unsigned long
  __copy_to_user (void __user *to, const void *from, unsigned long count)
  {
@@ -3269,7 +3285,7 @@ index 449c8c0..18965fb 100644
  	return __copy_user((__force void __user *) to, from, count);
  }
  
-@@ -255,10 +267,13 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
+@@ -255,10 +268,13 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
  ({											\
  	void __user *__cu_to = (to);							\
  	const void *__cu_from = (from);							\
@@ -3285,7 +3301,7 @@ index 449c8c0..18965fb 100644
  	__cu_len;									\
  })
  
-@@ -266,11 +281,14 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
+@@ -266,11 +282,14 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
  ({											\
  	void *__cu_to = (to);								\
  	const void __user *__cu_from = (from);						\
@@ -3969,6 +3985,18 @@ index adda036..e0f33bb 100644
  
  #endif /* __KERNEL__ */
  
+diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
+index 653a412..f97cc92 100644
+--- a/arch/mips/include/asm/uaccess.h
++++ b/arch/mips/include/asm/uaccess.h
+@@ -119,6 +119,7 @@ extern u64 __ua_limit;
+ 	__ok == 0;							\
+ })
+ 
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size)					\
+ 	likely(__access_ok((addr), (size), __access_mask))
+ 
 diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
 index 9fdd8bc..4bd7f1a 100644
 --- a/arch/mips/kernel/binfmt_elfn32.c
@@ -5222,6 +5250,62 @@ index bca8fdc..61e9580 100644
  	KM_TYPE_NR
  };
  
+diff --git a/arch/powerpc/include/asm/local.h b/arch/powerpc/include/asm/local.h
+index b8da913..60b608a 100644
+--- a/arch/powerpc/include/asm/local.h
++++ b/arch/powerpc/include/asm/local.h
+@@ -9,15 +9,26 @@ typedef struct
+ 	atomic_long_t a;
+ } local_t;
+ 
++typedef struct
++{
++	atomic_long_unchecked_t a;
++} local_unchecked_t;
++
+ #define LOCAL_INIT(i)	{ ATOMIC_LONG_INIT(i) }
+ 
+ #define local_read(l)	atomic_long_read(&(l)->a)
++#define local_read_unchecked(l)	atomic_long_read_unchecked(&(l)->a)
+ #define local_set(l,i)	atomic_long_set(&(l)->a, (i))
++#define local_set_unchecked(l,i)	atomic_long_set_unchecked(&(l)->a, (i))
+ 
+ #define local_add(i,l)	atomic_long_add((i),(&(l)->a))
++#define local_add_unchecked(i,l)	atomic_long_add_unchecked((i),(&(l)->a))
+ #define local_sub(i,l)	atomic_long_sub((i),(&(l)->a))
++#define local_sub_unchecked(i,l)	atomic_long_sub_unchecked((i),(&(l)->a))
+ #define local_inc(l)	atomic_long_inc(&(l)->a)
++#define local_inc_unchecked(l)	atomic_long_inc_unchecked(&(l)->a)
+ #define local_dec(l)	atomic_long_dec(&(l)->a)
++#define local_dec_unchecked(l)	atomic_long_dec_unchecked(&(l)->a)
+ 
+ static __inline__ long local_add_return(long a, local_t *l)
+ {
+@@ -35,6 +46,7 @@ static __inline__ long local_add_return(long a, local_t *l)
+ 
+ 	return t;
+ }
++#define local_add_return_unchecked(i, l) atomic_long_add_return_unchecked((i), (&(l)->a))
+ 
+ #define local_add_negative(a, l)	(local_add_return((a), (l)) < 0)
+ 
+@@ -54,6 +66,7 @@ static __inline__ long local_sub_return(long a, local_t *l)
+ 
+ 	return t;
+ }
++#define local_sub_return_unchecked(i, l) atomic_long_sub_return_unchecked((i), (&(l)->a))
+ 
+ static __inline__ long local_inc_return(local_t *l)
+ {
+@@ -101,6 +114,8 @@ static __inline__ long local_dec_return(local_t *l)
+ 
+ #define local_cmpxchg(l, o, n) \
+ 	(cmpxchg_local(&((l)->a.counter), (o), (n)))
++#define local_cmpxchg_unchecked(l, o, n) \
++	(cmpxchg_local(&((l)->a.counter), (o), (n)))
+ #define local_xchg(l, n) (xchg_local(&((l)->a.counter), (n)))
+ 
+ /**
 diff --git a/arch/powerpc/include/asm/mman.h b/arch/powerpc/include/asm/mman.h
 index d4a7f64..451de1c 100644
 --- a/arch/powerpc/include/asm/mman.h
@@ -5416,10 +5500,18 @@ index 836f231..39d0b94 100644
  #define _TIF_USER_WORK_MASK	(_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
  				 _TIF_NOTIFY_RESUME)
 diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
-index bd0fb84..1f2d065 100644
+index bd0fb84..a40ed3a 100644
 --- a/arch/powerpc/include/asm/uaccess.h
 +++ b/arch/powerpc/include/asm/uaccess.h
-@@ -327,52 +327,6 @@ do {								\
+@@ -56,6 +56,7 @@
+ 
+ #endif
+ 
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size)		\
+ 	(__chk_user_ptr(addr),			\
+ 	 __access_ok((__force unsigned long)(addr), (size), get_fs()))
+@@ -327,52 +328,6 @@ do {								\
  extern unsigned long __copy_tofrom_user(void __user *to,
  		const void __user *from, unsigned long size);
  
@@ -5472,7 +5564,7 @@ index bd0fb84..1f2d065 100644
  static inline unsigned long __copy_from_user_inatomic(void *to,
  		const void __user *from, unsigned long n)
  {
-@@ -396,6 +350,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
+@@ -396,6 +351,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
  		if (ret == 0)
  			return 0;
  	}
@@ -5483,7 +5575,7 @@ index bd0fb84..1f2d065 100644
  	return __copy_tofrom_user((__force void __user *)to, from, n);
  }
  
-@@ -422,6 +380,10 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
+@@ -422,6 +381,10 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
  		if (ret == 0)
  			return 0;
  	}
@@ -5494,7 +5586,7 @@ index bd0fb84..1f2d065 100644
  	return __copy_tofrom_user(to, (__force const void __user *)from, n);
  }
  
-@@ -439,6 +401,92 @@ static inline unsigned long __copy_to_user(void __user *to,
+@@ -439,6 +402,92 @@ static inline unsigned long __copy_to_user(void __user *to,
  	return __copy_to_user_inatomic(to, from, size);
  }
  
@@ -5587,6 +5679,19 @@ index bd0fb84..1f2d065 100644
  extern unsigned long __clear_user(void __user *addr, unsigned long size);
  
  static inline unsigned long clear_user(void __user *addr, unsigned long size)
+diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
+index ce4f7f1..ee682a0 100644
+--- a/arch/powerpc/kernel/Makefile
++++ b/arch/powerpc/kernel/Makefile
+@@ -26,6 +26,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog
+ CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog
+ endif
+ 
++CFLAGS_REMOVE_prom_init.o += $(LATENT_ENTROPY_PLUGIN_CFLAGS)
++
+ obj-y				:= cputable.o ptrace.o syscalls.o \
+ 				   irq.o align.o signal_32.o pmc.o vdso.o \
+ 				   init_task.o process.o systbl.o idle.o \
 diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
 index 429983c..7af363b 100644
 --- a/arch/powerpc/kernel/exceptions-64e.S
@@ -5941,6 +6046,19 @@ index 7d14bb69..1305601 100644
  	if (IS_ERR_VALUE(vdso_base)) {
  		rc = vdso_base;
  		goto fail_mmapsem;
+diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
+index 607fbdf..ac940f3 100644
+--- a/arch/powerpc/kvm/powerpc.c
++++ b/arch/powerpc/kvm/powerpc.c
+@@ -730,7 +730,7 @@ out:
+ 	return r;
+ }
+ 
+-int kvm_arch_init(void *opaque)
++int kvm_arch_init(const void *opaque)
+ {
+ 	return 0;
+ }
 diff --git a/arch/powerpc/lib/usercopy_64.c b/arch/powerpc/lib/usercopy_64.c
 index 5eea6f3..5d10396 100644
 --- a/arch/powerpc/lib/usercopy_64.c
@@ -6136,9 +6254,18 @@ index 5b63bd3..248942d 100644
  };
  
 diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
-index 24523dc..7205007 100644
+index 24523dc..337e4c3 100644
 --- a/arch/powerpc/mm/numa.c
 +++ b/arch/powerpc/mm/numa.c
+@@ -659,7 +659,7 @@ static void __init parse_drconf_memory(struct device_node *memory)
+ 	unsigned int n, rc, ranges, is_kexec_kdump = 0;
+ 	unsigned long lmb_size, base, size, sz;
+ 	int nid;
+-	struct assoc_arrays aa;
++	struct assoc_arrays aa = { .arrays = NULL };
+ 
+ 	n = of_get_drconf_memory(memory, &dm);
+ 	if (!n)
 @@ -964,7 +964,7 @@ static void __init *careful_zallocation(int nid, unsigned long size,
  	return ret;
  }
@@ -6218,6 +6345,21 @@ index 73709f7..8e825a8 100644
  	/* If hint, make sure it matches our alignment restrictions */
  	if (!fixed && addr) {
  		addr = _ALIGN_UP(addr, 1ul << pshift);
+diff --git a/arch/powerpc/platforms/cell/celleb_scc_pciex.c b/arch/powerpc/platforms/cell/celleb_scc_pciex.c
+index 14be2bd..56f51cb 100644
+--- a/arch/powerpc/platforms/cell/celleb_scc_pciex.c
++++ b/arch/powerpc/platforms/cell/celleb_scc_pciex.c
+@@ -400,8 +400,8 @@ static int scc_pciex_write_config(struct pci_bus *bus, unsigned int devfn,
+ }
+ 
+ static struct pci_ops scc_pciex_pci_ops = {
+-	scc_pciex_read_config,
+-	scc_pciex_write_config,
++	.read = scc_pciex_read_config,
++	.write = scc_pciex_write_config,
+ };
+ 
+ static void pciex_clear_intr_all(unsigned int __iomem *base)
 diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
 index 0cfece4..2f1a0e5 100644
 --- a/arch/powerpc/platforms/cell/spufs/file.c
@@ -6259,6 +6401,19 @@ index 3394254..8c6825c 100644
  	.notifier_call	= smp_core99_cpu_notify,
  };
  #endif /* CONFIG_HOTPLUG_CPU */
+diff --git a/arch/powerpc/platforms/pseries/eeh_event.c b/arch/powerpc/platforms/pseries/eeh_event.c
+index d2383cf..a6d33c8 100644
+--- a/arch/powerpc/platforms/pseries/eeh_event.c
++++ b/arch/powerpc/platforms/pseries/eeh_event.c
+@@ -61,7 +61,7 @@ static int eeh_event_handler(void * dummy)
+ 	struct eeh_event	*event;
+ 	struct pci_dn *pdn;
+ 
+-	daemonize ("eehd");
++	set_task_comm(current, "eehd");
+ 	set_current_state(TASK_INTERRUPTIBLE);
+ 
+ 	spin_lock_irqsave(&eeh_eventlist_lock, flags);
 diff --git a/arch/s390/appldata/appldata_base.c b/arch/s390/appldata/appldata_base.c
 index 24bff4f..0248123 100644
 --- a/arch/s390/appldata/appldata_base.c
@@ -6374,10 +6529,18 @@ index ef573c1..75a1ce6 100644
  static inline int tprot(unsigned long addr)
  {
 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
-index 2b23885..e84d6ac 100644
+index 2b23885..3db7651 100644
 --- a/arch/s390/include/asm/uaccess.h
 +++ b/arch/s390/include/asm/uaccess.h
-@@ -235,6 +235,10 @@ static inline unsigned long __must_check
+@@ -55,6 +55,7 @@
+ 	1;			\
+ })
+ 
++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size))
+ #define access_ok(type, addr, size) __access_ok(addr, size)
+ 
+ /*
+@@ -235,6 +236,10 @@ static inline unsigned long __must_check
  copy_to_user(void __user *to, const void *from, unsigned long n)
  {
  	might_fault();
@@ -6388,7 +6551,7 @@ index 2b23885..e84d6ac 100644
  	if (access_ok(VERIFY_WRITE, to, n))
  		n = __copy_to_user(to, from, n);
  	return n;
-@@ -260,6 +264,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
+@@ -260,6 +265,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
  static inline unsigned long __must_check
  __copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -6398,7 +6561,7 @@ index 2b23885..e84d6ac 100644
  	if (__builtin_constant_p(n) && (n <= 256))
  		return uaccess.copy_from_user_small(n, from, to);
  	else
-@@ -291,10 +298,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
+@@ -291,10 +299,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
  static inline unsigned long __must_check
  copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -15671,7 +15834,7 @@ index d7ef849..b1b009a 100644
  #endif
  #endif /* _ASM_X86_THREAD_INFO_H */
 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 36361bf..4252f11 100644
+index 36361bf..2c6406a 100644
 --- a/arch/x86/include/asm/uaccess.h
 +++ b/arch/x86/include/asm/uaccess.h
 @@ -7,6 +7,7 @@
@@ -15700,7 +15863,7 @@ index 36361bf..4252f11 100644
   * this function, memory access functions may still return -EFAULT.
   */
 -#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
-+#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
++#define access_ok_noprefault(type, addr, size) (likely(__range_not_ok(addr, size) == 0))
 +#define access_ok(type, addr, size)					\
 +({									\
 +	long __size = size;						\
@@ -16039,7 +16202,7 @@ index 566e803..9540707 100644
  }
  
 diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 1c66d30..9d90f2c 100644
+index 1c66d30..6f1d97a 100644
 --- a/arch/x86/include/asm/uaccess_64.h
 +++ b/arch/x86/include/asm/uaccess_64.h
 @@ -10,6 +10,9 @@
@@ -16151,7 +16314,7 @@ index 1c66d30..9d90f2c 100644
 +	check_object_size(dst, size, false);
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
 +#endif
 +
@@ -16224,7 +16387,7 @@ index 1c66d30..9d90f2c 100644
 +	check_object_size(src, size, true);
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_WRITE, dst, size))
++	if (!access_ok_noprefault(VERIFY_WRITE, dst, size))
 +		return size;
 +#endif
 +
@@ -16294,9 +16457,9 @@ index 1c66d30..9d90f2c 100644
 +		return size;
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
-+	if (!__access_ok(VERIFY_WRITE, dst, size))
++	if (!access_ok_noprefault(VERIFY_WRITE, dst, size))
 +		return size;
 +#endif
 +
@@ -16394,7 +16557,7 @@ index 1c66d30..9d90f2c 100644
 +		return size;
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
 +#endif
 +
@@ -16411,7 +16574,7 @@ index 1c66d30..9d90f2c 100644
 +		return size;
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if (!__access_ok(VERIFY_READ, src, size))
++	if (!access_ok_noprefault(VERIFY_READ, src, size))
 +		return size;
 +#endif
 +
@@ -28028,7 +28191,7 @@ index 53a7b69..8cc6fea 100644
 +	return ret ? -EFAULT : 0;
 +}
 diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index dd74e46..0970b01 100644
+index dd74e46..3f2d038 100644
 --- a/arch/x86/mm/gup.c
 +++ b/arch/x86/mm/gup.c
 @@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
@@ -28036,7 +28199,7 @@ index dd74e46..0970b01 100644
  	len = (unsigned long) nr_pages << PAGE_SHIFT;
  	end = start + len;
 -	if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
-+	if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
++	if (unlikely(!access_ok_noprefault(write ? VERIFY_WRITE : VERIFY_READ,
  					(void __user *)start, len)))
  		return 0;
  
@@ -28044,7 +28207,7 @@ index dd74e46..0970b01 100644
  		goto slow_irqon;
  #endif
  
-+	if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
++	if (unlikely(!access_ok_noprefault(write ? VERIFY_WRITE : VERIFY_READ,
 +					(void __user *)start, len)))
 +		return 0;
 +
@@ -48173,10 +48336,38 @@ index d190269..f59727e 100644
  		return NULL;
  	}
 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 0f8a785..64c35dd 100644
+index 0f8a785..2fb7043 100644
 --- a/drivers/tty/n_tty.c
 +++ b/drivers/tty/n_tty.c
-@@ -2132,6 +2132,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -1639,6 +1639,7 @@ static int copy_from_read_buf(struct tty_struct *tty,
+ 	int retval;
+ 	size_t n;
+ 	unsigned long flags;
++	bool is_eof;
+ 
+ 	retval = 0;
+ 	spin_lock_irqsave(&tty->read_lock, flags);
+@@ -1648,15 +1649,15 @@ static int copy_from_read_buf(struct tty_struct *tty,
+ 	if (n) {
+ 		retval = copy_to_user(*b, &tty->read_buf[tty->read_tail], n);
+ 		n -= retval;
++		is_eof = n == 1 &&
++			tty->read_buf[tty->read_tail] == EOF_CHAR(tty);
+ 		tty_audit_add_data(tty, &tty->read_buf[tty->read_tail], n);
+ 		spin_lock_irqsave(&tty->read_lock, flags);
+ 		tty->read_tail = (tty->read_tail + n) & (N_TTY_BUF_SIZE-1);
+ 		tty->read_cnt -= n;
+ 		/* Turn single EOF into zero-length read */
+-		if (L_EXTPROC(tty) && tty->icanon && n == 1) {
+-			if (!tty->read_cnt && (*b)[n-1] == EOF_CHAR(tty))
+-				n--;
+-		}
++		if (L_EXTPROC(tty) && tty->icanon && is_eof && !tty->read_cnt)
++			n = 0;
+ 		spin_unlock_irqrestore(&tty->read_lock, flags);
+ 		*b += n;
+ 		*nr -= n;
+@@ -2132,6 +2133,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
  {
  	*ops = tty_ldisc_N_TTY;
  	ops->owner = NULL;
@@ -121914,7 +122105,7 @@ index 547628e..74de9f2 100644
 +
  #endif
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index d83aa5e..76e9c92 100644
+index d83aa5e..52970b8 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -75,12 +75,17 @@ LIST_HEAD(vm_list);
@@ -121942,7 +122133,7 @@ index d83aa5e..76e9c92 100644
  	if (user_alloc &&
  	    ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
 -	     !access_ok(VERIFY_WRITE,
-+	     !__access_ok(VERIFY_WRITE,
++	     !access_ok_noprefault(VERIFY_WRITE,
  			(void __user *)(unsigned long)mem->userspace_addr,
  			mem->memory_size)))
  		goto out;
author	Anthony G. Basile <blueness@gentoo.org>	2014-03-21 09:47:23 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2014-03-21 09:47:23 -0400
commit	e9f033878d9e670289391f5811a16b21ef3386cb (patch)
tree	b79eaaf7c6a830dac2286e69cdb958108ce6942d
parent	Grsec/PaX: 3.0-{3.2.55,3.13.6}-201403192228 (diff)
download	hardened-patchset-e9f033878d9e670289391f5811a16b21ef3386cb.tar.gz hardened-patchset-e9f033878d9e670289391f5811a16b21ef3386cb.tar.bz2 hardened-patchset-e9f033878d9e670289391f5811a16b21ef3386cb.zip