commit: 94efa2bf66f223dd6ca9cc2b394f7a17a0db8da3
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 15 12:05:50 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Apr 15 12:05:50 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=94efa2bf
Grsec/PaX: 3.0-{3.2.57,3.13.10}-201404141717
---
{3.13.9 => 3.13.10}/0000_README | 0
.../4420_grsecurity-3.0-3.13.10-201404141717.patch | 496 ++++-----------------
{3.13.9 => 3.13.10}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.13.9 => 3.13.10}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.13.9 => 3.13.10}/4470_disable-compat_vdso.patch | 0
{3.13.9 => 3.13.10}/4475_emutramp_default_on.patch | 0
3.2.57/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.57-201404131252.patch} | 40 +-
13 files changed, 133 insertions(+), 405 deletions(-)
diff --git a/3.13.9/0000_README b/3.13.10/0000_README
similarity index 100%
rename from 3.13.9/0000_README
rename to 3.13.10/0000_README
diff --git a/3.13.9/4420_grsecurity-3.0-3.13.9-201404111815.patch
b/3.13.10/4420_grsecurity-3.0-3.13.10-201404141717.patch
similarity index 99%
rename from 3.13.9/4420_grsecurity-3.0-3.13.9-201404111815.patch
rename to 3.13.10/4420_grsecurity-3.0-3.13.10-201404141717.patch
index a875b82..10e9b5b 100644
--- a/3.13.9/4420_grsecurity-3.0-3.13.9-201404111815.patch
+++ b/3.13.10/4420_grsecurity-3.0-3.13.10-201404141717.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 652f972..20ef4fb 100644
+index 982ade0..f9cdd67 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo
$$BASH; \
@@ -13688,7 +13688,7 @@ index dbc4339..de6e120 100644
################################################################
diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S
b/arch/x86/crypto/ghash-clmulni-intel_asm.S
-index 586f41a..d02851e 100644
+index 185fad4..ff4cd36 100644
--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S
+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
@@ -18,6 +18,7 @@
@@ -13699,7 +13699,7 @@ index 586f41a..d02851e 100644
.data
-@@ -93,6 +94,7 @@ __clmul_gf128mul_ble:
+@@ -89,6 +90,7 @@ __clmul_gf128mul_ble:
psrlq $1, T2
pxor T2, T1
pxor T1, DATA
@@ -13707,7 +13707,7 @@ index 586f41a..d02851e 100644
ret
ENDPROC(__clmul_gf128mul_ble)
-@@ -105,6 +107,7 @@ ENTRY(clmul_ghash_mul)
+@@ -101,6 +103,7 @@ ENTRY(clmul_ghash_mul)
call __clmul_gf128mul_ble
PSHUFB_XMM BSWAP DATA
movups DATA, (%rdi)
@@ -13715,21 +13715,13 @@ index 586f41a..d02851e 100644
ret
ENDPROC(clmul_ghash_mul)
-@@ -132,6 +135,7 @@ ENTRY(clmul_ghash_update)
+@@ -128,5 +131,6 @@ ENTRY(clmul_ghash_update)
PSHUFB_XMM BSWAP DATA
movups DATA, (%rdi)
.Lupdate_just_ret:
+ pax_force_retaddr
ret
ENDPROC(clmul_ghash_update)
-
-@@ -157,5 +161,6 @@ ENTRY(clmul_ghash_setkey)
- pand .Lpoly, %xmm1
- pxor %xmm1, %xmm0
- movups %xmm0, (%rdi)
-+ pax_force_retaddr
- ret
- ENDPROC(clmul_ghash_setkey)
diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S
b/arch/x86/crypto/salsa20-x86_64-asm_64.S
index 9279e0b..c4b3d2c 100644
--- a/arch/x86/crypto/salsa20-x86_64-asm_64.S
@@ -43405,76 +43397,6 @@ index 53d487f..f020f41 100644
return -EFAULT;
} else
memcpy(msg, buf, count);
-diff --git a/drivers/isdn/isdnloop/isdnloop.c
b/drivers/isdn/isdnloop/isdnloop.c
-index 02125e6..5a4da94 100644
---- a/drivers/isdn/isdnloop/isdnloop.c
-+++ b/drivers/isdn/isdnloop/isdnloop.c
-@@ -518,9 +518,9 @@ static isdnloop_stat isdnloop_cmd_table[] =
- static void
- isdnloop_fake_err(isdnloop_card *card)
- {
-- char buf[60];
-+ char buf[64];
-
-- sprintf(buf, "E%s", card->omsg);
-+ snprintf(buf, sizeof(buf), "E%s", card->omsg);
- isdnloop_fake(card, buf, -1);
- isdnloop_fake(card, "NAK", -1);
- }
-@@ -903,6 +903,8 @@ isdnloop_parse_cmd(isdnloop_card *card)
- case 7:
- /* 0x;EAZ */
- p += 3;
-+ if (strlen(p) >= sizeof(card->eazlist[0]))
-+ break;
- strcpy(card->eazlist[ch - 1], p);
- break;
- case 8:
-@@ -1070,6 +1072,12 @@ isdnloop_start(isdnloop_card *card, isdnloop_sdef
*sdefp)
- return -EBUSY;
- if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef)))
- return -EFAULT;
-+
-+ for (i = 0; i < 3; i++) {
-+ if (!memchr(sdef.num[i], 0, sizeof(sdef.num[i])))
-+ return -EINVAL;
-+ }
-+
- spin_lock_irqsave(&card->isdnloop_lock, flags);
- switch (sdef.ptype) {
- case ISDN_PTYPE_EURO:
-@@ -1127,7 +1135,7 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card)
- {
- ulong a;
- int i;
-- char cbuf[60];
-+ char cbuf[80];
- isdn_ctrl cmd;
- isdnloop_cdef cdef;
-
-@@ -1192,7 +1200,6 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card)
- break;
- if ((c->arg & 255) < ISDNLOOP_BCH) {
- char *p;
-- char dial[50];
- char dcode[4];
-
- a = c->arg;
-@@ -1204,10 +1211,10 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card)
- } else
- /* Normal Dial */
- strcpy(dcode, "CAL");
-- strcpy(dial, p);
-- sprintf(cbuf, "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a +
1),
-- dcode, dial, c->parm.setup.si1,
-- c->parm.setup.si2, c->parm.setup.eazmsn);
-+ snprintf(cbuf, sizeof(cbuf),
-+ "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a + 1),
-+ dcode, p, c->parm.setup.si1,
-+ c->parm.setup.si2, c->parm.setup.eazmsn);
- i = isdnloop_writecmd(cbuf, strlen(cbuf), 0, card);
- }
- break;
diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c
index a4f05c5..1433bc5 100644
--- a/drivers/isdn/mISDN/dsp_cmx.c
@@ -46404,10 +46326,10 @@ index a79e9d3..78cd4fa 100644
/* we will have to manufacture ethernet headers, prepare template */
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index 0247973..088193a 100644
+index fc5d2b7..48e2984 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
-@@ -2615,7 +2615,7 @@ nla_put_failure:
+@@ -2721,7 +2721,7 @@ nla_put_failure:
return -EMSGSIZE;
}
@@ -47269,93 +47191,6 @@ index 84d94f5..bd6c61c 100644
u16 int_num;
ZD_ASSERT(in_interrupt());
-diff --git a/drivers/net/xen-netback/common.h
b/drivers/net/xen-netback/common.h
-index c47794b..6668d03 100644
---- a/drivers/net/xen-netback/common.h
-+++ b/drivers/net/xen-netback/common.h
-@@ -113,6 +113,11 @@ struct xenvif {
- domid_t domid;
- unsigned int handle;
-
-+ /* Is this interface disabled? True when backend discovers
-+ * frontend is rogue.
-+ */
-+ bool disabled;
-+
- /* Use NAPI for guest TX */
- struct napi_struct napi;
- /* When feature-split-event-channels = 0, tx_irq = rx_irq. */
-diff --git a/drivers/net/xen-netback/interface.c
b/drivers/net/xen-netback/interface.c
-index fff8cddf..a2ef2e6 100644
---- a/drivers/net/xen-netback/interface.c
-+++ b/drivers/net/xen-netback/interface.c
-@@ -67,6 +67,15 @@ static int xenvif_poll(struct napi_struct *napi, int budget)
- struct xenvif *vif = container_of(napi, struct xenvif, napi);
- int work_done;
-
-+ /* This vif is rogue, we pretend we've there is nothing to do
-+ * for this vif to deschedule it from NAPI. But this interface
-+ * will be turned off in thread context later.
-+ */
-+ if (unlikely(vif->disabled)) {
-+ napi_complete(napi);
-+ return 0;
-+ }
-+
- work_done = xenvif_tx_action(vif, budget);
-
- if (work_done < budget) {
-@@ -323,6 +332,8 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t
domid,
- vif->ip_csum = 1;
- vif->dev = dev;
-
-+ vif->disabled = false;
-+
- vif->credit_bytes = vif->remaining_credit = ~0UL;
- vif->credit_usec = 0UL;
- init_timer(&vif->credit_timeout);
-diff --git a/drivers/net/xen-netback/netback.c
b/drivers/net/xen-netback/netback.c
-index 7842555..c69d1ad 100644
---- a/drivers/net/xen-netback/netback.c
-+++ b/drivers/net/xen-netback/netback.c
-@@ -756,7 +756,8 @@ static void xenvif_tx_err(struct xenvif *vif,
- static void xenvif_fatal_tx_err(struct xenvif *vif)
- {
- netdev_err(vif->dev, "fatal error; disabling device\n");
-- xenvif_carrier_off(vif);
-+ vif->disabled = true;
-+ xenvif_kick_thread(vif);
- }
-
- static int xenvif_count_requests(struct xenvif *vif,
-@@ -1483,7 +1484,7 @@ static unsigned xenvif_tx_build_gops(struct xenvif *vif,
int budget)
- vif->tx.sring->req_prod, vif->tx.req_cons,
- XEN_NETIF_TX_RING_SIZE);
- xenvif_fatal_tx_err(vif);
-- continue;
-+ break;
- }
-
- work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&vif->tx);
-@@ -1877,7 +1878,18 @@ int xenvif_kthread(void *data)
- while (!kthread_should_stop()) {
- wait_event_interruptible(vif->wq,
- rx_work_todo(vif) ||
-+ vif->disabled ||
- kthread_should_stop());
-+
-+ /* This frontend is found to be rogue, disable it in
-+ * kthread context. Currently this is only set when
-+ * netback finds out frontend sends malformed packet,
-+ * but we cannot disable the interface in softirq
-+ * context so we defer it here.
-+ */
-+ if (unlikely(vif->disabled && netif_carrier_ok(vif->dev)))
-+ xenvif_carrier_off(vif);
-+
- if (kthread_should_stop())
- break;
-
diff --git a/drivers/nfc/nfcwilink.c b/drivers/nfc/nfcwilink.c
index 7130864..00e64de 100644
--- a/drivers/nfc/nfcwilink.c
@@ -52274,38 +52109,6 @@ index 1eab4ac..e21efc9 100644
iommu_group_id(group->iommu_group));
return 0;
-diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
-index b12176f..e5522d9 100644
---- a/drivers/vhost/net.c
-+++ b/drivers/vhost/net.c
-@@ -528,6 +528,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq,
- *iovcount = seg;
- if (unlikely(log))
- *log_num = nlogs;
-+
-+ /* Detect overrun */
-+ if (unlikely(datalen > 0)) {
-+ r = UIO_MAXIOV + 1;
-+ goto err;
-+ }
- return headcount;
- err:
- vhost_discard_vq_desc(vq, headcount);
-@@ -583,6 +589,14 @@ static void handle_rx(struct vhost_net *net)
- /* On error, stop handling until the next kick. */
- if (unlikely(headcount < 0))
- break;
-+ /* On overrun, truncate and discard */
-+ if (unlikely(headcount > UIO_MAXIOV)) {
-+ msg.msg_iovlen = 1;
-+ err = sock->ops->recvmsg(NULL, sock, &msg,
-+ 1, MSG_DONTWAIT | MSG_TRUNC);
-+ pr_debug("Discarded rx packet: len %zd\n", sock_len);
-+ continue;
-+ }
- /* OK, now we need to know about added descriptors. */
- if (!headcount) {
- if (unlikely(vhost_enable_notify(&net->dev, vq))) {
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 5174eba..451e6bc 100644
--- a/drivers/vhost/vringh.c
@@ -83332,7 +83135,7 @@ index 0a248b3..4dcbe5c 100644
/* Structure to track chunk fragments that have been acked, but peer
diff --git a/include/net/sock.h b/include/net/sock.h
-index 2ef3c3e..c89ee4c 100644
+index a2b3d4e..466983f 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -348,7 +348,7 @@ struct sock {
@@ -83371,7 +83174,7 @@ index 2ef3c3e..c89ee4c 100644
static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
{
-@@ -1813,7 +1813,7 @@ static inline void sk_nocaps_add(struct sock *sk,
netdev_features_t flags)
+@@ -1818,7 +1818,7 @@ static inline void sk_nocaps_add(struct sock *sk,
netdev_features_t flags)
}
static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff
*skb,
@@ -83380,7 +83183,7 @@ index 2ef3c3e..c89ee4c 100644
int copy, int offset)
{
if (skb->ip_summed == CHECKSUM_NONE) {
-@@ -2075,7 +2075,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock
*sk)
+@@ -2080,7 +2080,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock
*sk)
}
}
@@ -83390,37 +83193,10 @@ index 2ef3c3e..c89ee4c 100644
/**
* sk_page_frag - return an appropriate page_frag
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index 9250d62..10a7f03 100644
+index 197b020..10a7f03 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
-@@ -480,20 +480,21 @@ struct sock *cookie_v4_check(struct sock *sk, struct
sk_buff *skb,
- #ifdef CONFIG_SYN_COOKIES
- #include <linux/ktime.h>
-
--/* Syncookies use a monotonic timer which increments every 64 seconds.
-+/* Syncookies use a monotonic timer which increments every 60 seconds.
- * This counter is used both as a hash input and partially encoded into
- * the cookie value. A cookie is only validated further if the delta
- * between the current counter value and the encoded one is less than this,
-- * i.e. a sent cookie is valid only at most for 128 seconds (or less if
-+ * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if
- * the counter advances immediately after a cookie is generated).
- */
- #define MAX_SYNCOOKIE_AGE 2
-
- static inline u32 tcp_cookie_time(void)
- {
-- struct timespec now;
-- getnstimeofday(&now);
-- return now.tv_sec >> 6; /* 64 seconds granularity */
-+ u64 val = get_jiffies_64();
-+
-+ do_div(val, 60 * HZ);
-+ return val;
- }
-
- u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr
*th,
-@@ -540,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk);
+@@ -541,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk);
void tcp_xmit_retransmit_queue(struct sock *);
void tcp_simple_retransmit(struct sock *);
int tcp_trim_head(struct sock *, struct sk_buff *, u32);
@@ -83429,7 +83205,7 @@ index 9250d62..10a7f03 100644
void tcp_send_probe0(struct sock *);
void tcp_send_partial(struct sock *);
-@@ -711,8 +712,8 @@ struct tcp_skb_cb {
+@@ -712,8 +712,8 @@ struct tcp_skb_cb {
struct inet6_skb_parm h6;
#endif
} header; /* For incoming frames */
@@ -83440,7 +83216,7 @@ index 9250d62..10a7f03 100644
__u32 when; /* used to compute rtt's */
__u8 tcp_flags; /* TCP header flags. (tcp[13]) */
-@@ -726,7 +727,7 @@ struct tcp_skb_cb {
+@@ -727,7 +727,7 @@ struct tcp_skb_cb {
__u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */
/* 1 byte hole */
@@ -83987,7 +83763,7 @@ index 30f5362..8ed8ac9 100644
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index 4e5d96a..93cd8a1 100644
+index 66e6759..1333b01 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1079,6 +1079,7 @@ endif # CGROUPS
@@ -83998,7 +83774,7 @@ index 4e5d96a..93cd8a1 100644
default n
help
Enables additional kernel features in a sake of checkpoint/restore.
-@@ -1550,7 +1551,7 @@ config SLUB_DEBUG
+@@ -1557,7 +1558,7 @@ config SLUB_DEBUG
config COMPAT_BRK
bool "Disable heap randomization"
@@ -84007,7 +83783,7 @@ index 4e5d96a..93cd8a1 100644
help
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
-@@ -1838,7 +1839,7 @@ config INIT_ALL_POSSIBLE
+@@ -1845,7 +1846,7 @@ config INIT_ALL_POSSIBLE
config STOP_MACHINE
bool
default y
@@ -85996,7 +85772,7 @@ index dfa736c..d170f9b 100644
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index f6ff019..ac53307 100644
+index 0d74e3a..59bea40 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
@@ -86007,7 +85783,7 @@ index f6ff019..ac53307 100644
#include <linux/signal.h>
#include <linux/export.h>
#include <linux/magic.h>
-@@ -243,6 +244,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union
futex_key *key, int rw)
+@@ -245,6 +246,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union
futex_key *key, int rw)
struct page *page, *page_head;
int err, ro = 0;
@@ -86019,7 +85795,7 @@ index f6ff019..ac53307 100644
/*
* The futex address must be "naturally" aligned.
*/
-@@ -442,7 +448,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32
__user *uaddr,
+@@ -444,7 +450,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32
__user *uaddr,
static int get_futex_value_locked(u32 *dest, u32 __user *from)
{
@@ -86028,15 +85804,15 @@ index f6ff019..ac53307 100644
pagefault_disable();
ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
-@@ -2735,6 +2741,7 @@ static int __init futex_init(void)
+@@ -2737,6 +2743,7 @@ static void __init futex_detect_cmpxchg(void)
{
+ #ifndef CONFIG_HAVE_FUTEX_CMPXCHG
u32 curval;
- int i;
+ mm_segment_t oldfs;
/*
* This will fail and we want it. Some arch implementations do
-@@ -2746,8 +2753,11 @@ static int __init futex_init(void)
+@@ -2748,8 +2755,11 @@ static void __init futex_detect_cmpxchg(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
@@ -86045,9 +85821,9 @@ index f6ff019..ac53307 100644
if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT)
futex_cmpxchg_enabled = 1;
+ set_fs(oldfs);
+ #endif
+ }
- for (i = 0; i < ARRAY_SIZE(futex_queues); i++) {
- plist_head_init(&futex_queues[i].chain);
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
index f9f44fd..29885e4 100644
--- a/kernel/futex_compat.c
@@ -91187,28 +90963,6 @@ index c24c2f7..f0296f4 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
-diff --git a/lib/nlattr.c b/lib/nlattr.c
-index 18eca78..fc67547 100644
---- a/lib/nlattr.c
-+++ b/lib/nlattr.c
-@@ -303,9 +303,15 @@ int nla_memcmp(const struct nlattr *nla, const void *data,
- */
- int nla_strcmp(const struct nlattr *nla, const char *str)
- {
-- int len = strlen(str) + 1;
-- int d = nla_len(nla) - len;
-+ int len = strlen(str);
-+ char *buf = nla_data(nla);
-+ int attrlen = nla_len(nla);
-+ int d;
-
-+ if (attrlen > 0 && buf[attrlen - 1] == '\0')
-+ attrlen--;
-+
-+ d = attrlen - len;
- if (d == 0)
- d = memcmp(nla_data(nla), str, len);
-
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index 1a53d49..ace934c 100644
--- a/lib/percpu-refcount.c
@@ -96250,10 +96004,10 @@ index 7249614..2639fc7 100644
return 0;
}
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
-index b3d17d1..e8e4cdd 100644
+index 9a87f5a..67aeeb2 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
-@@ -472,7 +472,7 @@ out:
+@@ -474,7 +474,7 @@ out:
return NOTIFY_DONE;
}
@@ -96262,7 +96016,7 @@ index b3d17d1..e8e4cdd 100644
.notifier_call = vlan_device_event,
};
-@@ -547,8 +547,7 @@ static int vlan_ioctl_handler(struct net *net, void __user
*arg)
+@@ -549,8 +549,7 @@ static int vlan_ioctl_handler(struct net *net, void __user
*arg)
err = -EPERM;
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
break;
@@ -97137,7 +96891,7 @@ index 5b7d0e1..cb960fc 100644
}
EXPORT_SYMBOL(dev_load);
diff --git a/net/core/filter.c b/net/core/filter.c
-index ad30d62..821081f 100644
+index ad30d62..21c0743 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -126,7 +126,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
@@ -97175,7 +96929,35 @@ index ad30d62..821081f 100644
continue;
case BPF_S_ANC_PROTOCOL:
A = ntohs(skb->protocol);
-@@ -391,9 +391,10 @@ load_b:
+@@ -355,6 +355,10 @@ load_b:
+
+ if (skb_is_nonlinear(skb))
+ return 0;
++
++ if (skb->len < sizeof(struct nlattr))
++ return 0;
++
+ if (A > skb->len - sizeof(struct nlattr))
+ return 0;
+
+@@ -371,11 +375,15 @@ load_b:
+
+ if (skb_is_nonlinear(skb))
+ return 0;
++
++ if (skb->len < sizeof(struct nlattr))
++ return 0;
++
+ if (A > skb->len - sizeof(struct nlattr))
+ return 0;
+
+ nla = (struct nlattr *)&skb->data[A];
+- if (nla->nla_len > A - skb->len)
++ if (nla->nla_len > skb->len - A)
+ return 0;
+
+ nla = nla_find_nested(nla, X);
+@@ -391,9 +399,10 @@ load_b:
continue;
#endif
default:
@@ -97187,7 +96969,7 @@ index ad30d62..821081f 100644
return 0;
}
}
-@@ -416,7 +417,7 @@ static int check_load_and_stores(struct sock_filter
*filter, int flen)
+@@ -416,7 +425,7 @@ static int check_load_and_stores(struct sock_filter
*filter, int flen)
u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */
int pc, ret = 0;
@@ -97196,7 +96978,7 @@ index ad30d62..821081f 100644
masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL);
if (!masks)
return -ENOMEM;
-@@ -679,7 +680,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
+@@ -679,7 +688,7 @@ int sk_unattached_filter_create(struct sk_filter **pfp,
fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL);
if (!fp)
return -ENOMEM;
@@ -97369,7 +97151,7 @@ index 81d3a9a..a0bd7a8 100644
return error;
}
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
-index 81975f2..9ef3531 100644
+index 9a46671..6b8cb72 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg,
int len)
@@ -97391,7 +97173,7 @@ index 81975f2..9ef3531 100644
iph->ttl = 64;
iph->protocol = IPPROTO_UDP;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index cf67144..12bf94c 100644
+index cc706c9..21fcd84 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -97470,7 +97252,7 @@ index b442e7e..6f5b5a2 100644
{
struct socket *sock;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index deffb37..213db0a 100644
+index 9a9898e..38cc3e3 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2006,7 +2006,7 @@ EXPORT_SYMBOL(__skb_checksum);
@@ -97482,7 +97264,7 @@ index deffb37..213db0a 100644
.update = csum_partial_ext,
.combine = csum_block_add_ext,
};
-@@ -3119,13 +3119,15 @@ void __init skb_init(void)
+@@ -3124,13 +3124,15 @@ void __init skb_init(void)
skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
sizeof(struct sk_buff),
0,
@@ -97501,7 +97283,7 @@ index deffb37..213db0a 100644
}
diff --git a/net/core/sock.c b/net/core/sock.c
-index fbc5cfb..6d7e8c3 100644
+index 50db733..8e4aeb4 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff
*skb)
@@ -97597,7 +97379,7 @@ index fbc5cfb..6d7e8c3 100644
}
EXPORT_SYMBOL(sock_init_data);
-@@ -2478,6 +2478,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
+@@ -2481,6 +2481,7 @@ void sock_enable_timestamp(struct sock *sk, int flag)
int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
int level, int type)
{
@@ -97605,7 +97387,7 @@ index fbc5cfb..6d7e8c3 100644
struct sock_exterr_skb *serr;
struct sk_buff *skb, *skb2;
int copied, err;
-@@ -2499,7 +2500,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr
*msg, int len,
+@@ -2502,7 +2503,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr
*msg, int len,
sock_recv_timestamp(msg, sk, skb);
serr = SKB_EXT_ERR(skb);
@@ -97961,23 +97743,6 @@ index fc0e649..febfa65 100644
EXPORT_SYMBOL(sysctl_local_reserved_ports);
void inet_get_local_port_range(struct net *net, int *low, int *high)
-diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
-index bb075fc..322dceb 100644
---- a/net/ipv4/inet_fragment.c
-+++ b/net/ipv4/inet_fragment.c
-@@ -278,9 +278,10 @@ static struct inet_frag_queue *inet_frag_intern(struct
netns_frags *nf,
-
- atomic_inc(&qp->refcnt);
- hlist_add_head(&qp->list, &hb->chain);
-- spin_unlock(&hb->chain_lock);
-- read_unlock(&f->lock);
- inet_frag_lru_add(nf, qp);
-+ spin_unlock(&hb->chain_lock);
-+ read_unlock(&f->lock);
-+
- return qp;
- }
-
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 8b9cf27..0d8d592 100644
--- a/net/ipv4/inet_hashtables.c
@@ -98733,7 +98498,7 @@ index c53b7f3..a89aadd 100644
if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
return 1;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index 0672139..cacc17d 100644
+index 1d7b9dd..66749f8 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly;
@@ -99053,7 +98818,7 @@ index e1a6393..f634ce5 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 9c05d77..9cfa714 100644
+index 0e8ae69..0fc7350 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -589,7 +589,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
@@ -99065,7 +98830,7 @@ index 9c05d77..9cfa714 100644
net->dev_base_seq;
hlist_for_each_entry_rcu(dev, head, index_hlist) {
if (idx < s_idx)
-@@ -2334,7 +2334,7 @@ int addrconf_set_dstaddr(struct net *net, void __user
*arg)
+@@ -2337,7 +2337,7 @@ int addrconf_set_dstaddr(struct net *net, void __user
*arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
p.iph.ttl = 64;
@@ -99074,7 +98839,7 @@ index 9c05d77..9cfa714 100644
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
-@@ -3964,7 +3964,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct
netlink_callback *cb,
+@@ -3967,7 +3967,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct
netlink_callback *cb,
s_ip_idx = ip_idx = cb->args[2];
rcu_read_lock();
@@ -99083,7 +98848,7 @@ index 9c05d77..9cfa714 100644
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4571,7 +4571,7 @@ static void __ipv6_ifa_notify(int event, struct
inet6_ifaddr *ifp)
+@@ -4574,7 +4574,7 @@ static void __ipv6_ifa_notify(int event, struct
inet6_ifaddr *ifp)
dst_free(&ifp->rt->dst);
break;
}
@@ -99092,7 +98857,7 @@ index 9c05d77..9cfa714 100644
rt_genid_bump_ipv6(net);
}
-@@ -4592,7 +4592,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int
write,
+@@ -4595,7 +4595,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int
write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -99101,7 +98866,7 @@ index 9c05d77..9cfa714 100644
int ret;
/*
-@@ -4677,7 +4677,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int
write,
+@@ -4680,7 +4680,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int
write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -99135,7 +98900,7 @@ index 93b1aa3..e902855 100644
+ atomic_read_unchecked(&sp->sk_drops));
}
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
-index eef8d94..cfa1852 100644
+index e2c9ff8..1e40285 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -997,7 +997,7 @@ struct ctl_table ipv6_icmp_table_template[] = {
@@ -99369,7 +99134,7 @@ index 827f795..7e28e82 100644
EXPORT_SYMBOL(ipv6_select_ident);
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
-index a83243c..a1ca589 100644
+index 3a1f1f3..11d95bf 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
@@ -246,6 +246,22 @@ static struct pernet_operations ping_v6_net_ops = {
@@ -99557,18 +99322,9 @@ index cc85a9b..526a133 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 4b4944c..d346b14 100644
+index 40b6e69..d346b14 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -1495,7 +1495,7 @@ int ip6_route_add(struct fib6_config *cfg)
- if (!table)
- goto out;
-
-- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table);
-+ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 :
DST_NOCOUNT, table);
-
- if (!rt) {
- err = -ENOMEM;
@@ -2954,7 +2954,7 @@ struct ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
@@ -101563,7 +101319,7 @@ index b0565af..d135e6e 100644
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index e83c416..5b883e0 100644
+index dc57dae..5b883e0 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -101747,18 +101503,7 @@ index e83c416..5b883e0 100644
int err, err2;
int fput_needed;
-@@ -1972,6 +2038,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg,
- {
- if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
- return -EFAULT;
-+
-+ if (kmsg->msg_namelen < 0)
-+ return -EINVAL;
-+
- if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
- kmsg->msg_namelen = sizeof(struct sockaddr_storage);
- return 0;
-@@ -2047,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct
msghdr __user *msg,
+@@ -2051,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct
msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -101767,7 +101512,7 @@ index e83c416..5b883e0 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2198,7 +2268,7 @@ static int ___sys_recvmsg(struct socket *sock, struct
msghdr __user *msg,
+@@ -2202,7 +2268,7 @@ static int ___sys_recvmsg(struct socket *sock, struct
msghdr __user *msg,
int err, total_len, len;
/* kernel mode address */
@@ -101776,7 +101521,7 @@ index e83c416..5b883e0 100644
/* user mode address pointers */
struct sockaddr __user *uaddr;
-@@ -2227,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct
msghdr __user *msg,
+@@ -2231,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct
msghdr __user *msg,
/* Save the user-mode address (verify_iovec will change the
* kernel msghdr to use the kernel address space)
*/
@@ -101785,7 +101530,7 @@ index e83c416..5b883e0 100644
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags)
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
-@@ -2871,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct
compat_ifreq __user *ifr32)
+@@ -2875,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct
compat_ifreq __user *ifr32)
ifr = compat_alloc_user_space(buf_size);
rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
@@ -101794,7 +101539,7 @@ index e83c416..5b883e0 100644
return -EFAULT;
if (put_user(convert_in ? rxnfc : compat_ptr(data),
-@@ -2985,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int
cmd,
+@@ -2989,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int
cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -101811,7 +101556,7 @@ index e83c416..5b883e0 100644
return -EFAULT;
if (get_user(data, &ifr32->ifr_ifru.ifru_data))
-@@ -3094,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned
int cmd,
+@@ -3098,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned
int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -101820,7 +101565,7 @@ index e83c416..5b883e0 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3199,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket
*sock,
+@@ -3203,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket
*sock,
ret |= get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -101829,7 +101574,7 @@ index e83c416..5b883e0 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3425,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level,
int optname,
+@@ -3429,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level,
int optname,
int __user *uoptlen;
int err;
@@ -101840,7 +101585,7 @@ index e83c416..5b883e0 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3446,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level,
int optname,
+@@ -3450,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level,
int optname,
char __user *uoptval;
int err;
@@ -102189,20 +101934,20 @@ index e7000be..e3b0ba7 100644
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
-index d38bb45..38d5df5 100644
+index c2a37aa..c195fef 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
-@@ -98,7 +98,7 @@ static void subscr_send_event(struct tipc_subscription *sub,
u32 found_lower,
+@@ -97,7 +97,7 @@ static void subscr_send_event(struct tipc_subscription *sub,
u32 found_lower,
+ struct tipc_subscriber *subscriber = sub->subscriber;
struct kvec msg_sect;
- int ret;
- msg_sect.iov_base = (void *)&sub->evt;
+ msg_sect.iov_base = &sub->evt;
msg_sect.iov_len = sizeof(struct tipc_event);
-
sub->evt.event = htohl(event, sub->swap);
+ sub->evt.found_lower = htohl(found_lower, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index d7c1ac6..b0fc322 100644
+index c3975bc..b0fc322 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -102251,52 +101996,7 @@ index d7c1ac6..b0fc322 100644
done_path_create(&path, dentry);
return err;
}
-@@ -1785,8 +1804,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb,
struct socket *sock,
- goto out;
-
- err = mutex_lock_interruptible(&u->readlock);
-- if (err) {
-- err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
-+ if (unlikely(err)) {
-+ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
-+ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
-+ */
-+ err = noblock ? -EAGAIN : -ERESTARTSYS;
- goto out;
- }
-
-@@ -1911,6 +1933,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb,
struct socket *sock,
- struct unix_sock *u = unix_sk(sk);
- struct sockaddr_un *sunaddr = msg->msg_name;
- int copied = 0;
-+ int noblock = flags & MSG_DONTWAIT;
- int check_creds = 0;
- int target;
- int err = 0;
-@@ -1926,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb,
struct socket *sock,
- goto out;
-
- target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
-- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
-+ timeo = sock_rcvtimeo(sk, noblock);
-
- /* Lock the socket to prevent queue disordering
- * while sleeps in memcpy_tomsg
-@@ -1938,8 +1961,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb,
struct socket *sock,
- }
-
- err = mutex_lock_interruptible(&u->readlock);
-- if (err) {
-- err = sock_intr_errno(timeo);
-+ if (unlikely(err)) {
-+ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
-+ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
-+ */
-+ err = noblock ? -EAGAIN : -ERESTARTSYS;
- goto out;
- }
-
-@@ -2335,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2342,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -102311,7 +102011,7 @@ index d7c1ac6..b0fc322 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2364,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2371,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -104509,7 +104209,7 @@ index fc3e662..7844c60 100644
lock = &avc_cache.slots_lock[hvalue];
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 57b0b49..402063e 100644
+index 019749c..0648215 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -96,8 +96,6 @@
@@ -104521,7 +104221,7 @@ index 57b0b49..402063e 100644
/* SECMARK reference count */
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
-@@ -5745,7 +5743,7 @@ static int selinux_key_getsecurity(struct key *key, char
**_buffer)
+@@ -5763,7 +5761,7 @@ static int selinux_key_getsecurity(struct key *key, char
**_buffer)
#endif
@@ -104530,7 +104230,7 @@ index 57b0b49..402063e 100644
.name = "selinux",
.ptrace_access_check = selinux_ptrace_access_check,
-@@ -6098,6 +6096,9 @@ static void selinux_nf_ip_exit(void)
+@@ -6116,6 +6114,9 @@ static void selinux_nf_ip_exit(void)
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static int selinux_disabled;
@@ -104540,7 +104240,7 @@ index 57b0b49..402063e 100644
int selinux_disable(void)
{
if (ss_initialized) {
-@@ -6115,7 +6116,9 @@ int selinux_disable(void)
+@@ -6133,7 +6134,9 @@ int selinux_disable(void)
selinux_disabled = 1;
selinux_enabled = 0;
diff --git a/3.13.9/4425_grsec_remove_EI_PAX.patch
b/3.13.10/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.13.9/4425_grsec_remove_EI_PAX.patch
rename to 3.13.10/4425_grsec_remove_EI_PAX.patch
diff --git a/3.13.9/4427_force_XATTR_PAX_tmpfs.patch
b/3.13.10/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.13.9/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.13.10/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.13.9/4430_grsec-remove-localversion-grsec.patch
b/3.13.10/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.13.9/4430_grsec-remove-localversion-grsec.patch
rename to 3.13.10/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.13.9/4435_grsec-mute-warnings.patch
b/3.13.10/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.13.9/4435_grsec-mute-warnings.patch
rename to 3.13.10/4435_grsec-mute-warnings.patch
diff --git a/3.13.9/4440_grsec-remove-protected-paths.patch
b/3.13.10/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.13.9/4440_grsec-remove-protected-paths.patch
rename to 3.13.10/4440_grsec-remove-protected-paths.patch
diff --git a/3.13.9/4450_grsec-kconfig-default-gids.patch
b/3.13.10/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.13.9/4450_grsec-kconfig-default-gids.patch
rename to 3.13.10/4450_grsec-kconfig-default-gids.patch
diff --git a/3.13.9/4465_selinux-avc_audit-log-curr_ip.patch
b/3.13.10/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.13.9/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.13.10/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.13.9/4470_disable-compat_vdso.patch
b/3.13.10/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.13.9/4470_disable-compat_vdso.patch
rename to 3.13.10/4470_disable-compat_vdso.patch
diff --git a/3.13.9/4475_emutramp_default_on.patch
b/3.13.10/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.13.9/4475_emutramp_default_on.patch
rename to 3.13.10/4475_emutramp_default_on.patch
diff --git a/3.2.57/0000_README b/3.2.57/0000_README
index c153165..fa70e2f 100644
--- a/3.2.57/0000_README
+++ b/3.2.57/0000_README
@@ -146,7 +146,7 @@ Patch: 1056_linux-3.2.57.patch
From: http://www.kernel.org
Desc: Linux 3.2.57
-Patch: 4420_grsecurity-3.0-3.2.57-201404111812.patch
+Patch: 4420_grsecurity-3.0-3.2.57-201404131252.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.57/4420_grsecurity-3.0-3.2.57-201404111812.patch
b/3.2.57/4420_grsecurity-3.0-3.2.57-201404131252.patch
similarity index 99%
rename from 3.2.57/4420_grsecurity-3.0-3.2.57-201404111812.patch
rename to 3.2.57/4420_grsecurity-3.0-3.2.57-201404131252.patch
index 8dc447e..d27fdf9 100644
--- a/3.2.57/4420_grsecurity-3.0-3.2.57-201404111812.patch
+++ b/3.2.57/4420_grsecurity-3.0-3.2.57-201404131252.patch
@@ -98081,7 +98081,7 @@ index 2367246..4a0a677 100644
ret = -EFAULT;
goto out;
diff --git a/net/core/filter.c b/net/core/filter.c
-index 5dea452..e17caac 100644
+index 5dea452..b247b98 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -39,6 +39,7 @@
@@ -98127,7 +98127,35 @@ index 5dea452..e17caac 100644
continue;
case BPF_S_ANC_PROTOCOL:
A = ntohs(skb->protocol);
-@@ -350,10 +351,16 @@ load_b:
+@@ -320,6 +321,10 @@ load_b:
+
+ if (skb_is_nonlinear(skb))
+ return 0;
++
++ if (skb->len < sizeof(struct nlattr))
++ return 0;
++
+ if (A > skb->len - sizeof(struct nlattr))
+ return 0;
+
+@@ -336,11 +341,15 @@ load_b:
+
+ if (skb_is_nonlinear(skb))
+ return 0;
++
++ if (skb->len < sizeof(struct nlattr))
++ return 0;
++
+ if (A > skb->len - sizeof(struct nlattr))
+ return 0;
+
+ nla = (struct nlattr *)&skb->data[A];
+- if (nla->nla_len > A - skb->len)
++ if (nla->nla_len > skb->len - A)
+ return 0;
+
+ nla = nla_find_nested(nla, X);
+@@ -350,10 +359,16 @@ load_b:
A = 0;
continue;
}
@@ -98145,7 +98173,7 @@ index 5dea452..e17caac 100644
return 0;
}
}
-@@ -376,7 +383,7 @@ static int check_load_and_stores(struct sock_filter
*filter, int flen)
+@@ -376,7 +391,7 @@ static int check_load_and_stores(struct sock_filter
*filter, int flen)
u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */
int pc, ret = 0;
@@ -98154,7 +98182,7 @@ index 5dea452..e17caac 100644
masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL);
if (!masks)
return -ENOMEM;
-@@ -490,6 +497,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int
flen)
+@@ -490,6 +505,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int
flen)
[BPF_JMP|BPF_JSET|BPF_X] = BPF_S_JMP_JSET_X,
};
int pc;
@@ -98162,7 +98190,7 @@ index 5dea452..e17caac 100644
if (flen == 0 || flen > BPF_MAXINSNS)
return -EINVAL;
-@@ -545,8 +553,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned
int flen)
+@@ -545,8 +561,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned
int flen)
case BPF_S_LD_W_ABS:
case BPF_S_LD_H_ABS:
case BPF_S_LD_B_ABS:
@@ -98173,7 +98201,7 @@ index 5dea452..e17caac 100644
break
switch (ftest->k) {
ANCILLARY(PROTOCOL);
-@@ -560,6 +570,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned
int flen)
+@@ -560,6 +578,10 @@ int sk_chk_filter(struct sock_filter *filter, unsigned
int flen)
ANCILLARY(RXHASH);
ANCILLARY(CPU);
}
