diff --git a/device/linux-samsung-n5110/0001-BACKPORT-random-introduce-getrandom-2-system-call.patch b/device/linux-samsung-n5110/0001-BACKPORT-random-introduce-getrandom-2-system-call.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6f67dee680fe895696753fc4e8bbb55f940306d3
--- /dev/null
+++ b/device/linux-samsung-n5110/0001-BACKPORT-random-introduce-getrandom-2-system-call.patch
@@ -0,0 +1,335 @@
+From 1c1f660bcb0682a80324e5204a08e59ac93b7a88 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 17 Jul 2014 04:13:05 -0400
+Subject: [PATCH 1/3] BACKPORT: random: introduce getrandom(2) system call
+
+Almost clean cherry pick of c6e9d6f38894798696f23c8084ca7edbf16ee895,
+includes change made by merge 0891ad829d2a0501053703df66029e843e3b8365.
+
+The getrandom(2) system call was requested by the LibreSSL Portable
+developers. It is analoguous to the getentropy(2) system call in
+OpenBSD.
+
+The rationale of this system call is to provide resiliance against
+file descriptor exhaustion attacks, where the attacker consumes all
+available file descriptors, forcing the use of the fallback code where
+/dev/[u]random is not available. Since the fallback code is often not
+well-tested, it is better to eliminate this potential failure mode
+entirely.
+
+The other feature provided by this new system call is the ability to
+request randomness from the /dev/urandom entropy pool, but to block
+until at least 128 bits of entropy has been accumulated in the
+/dev/urandom entropy pool. Historically, the emphasis in the
+/dev/urandom development has been to ensure that urandom pool is
+initialized as quickly as possible after system boot, and preferably
+before the init scripts start execution.
+
+This is because changing /dev/urandom reads to block represents an
+interface change that could potentially break userspace which is not
+acceptable. In practice, on most x86 desktop and server systems, in
+general the entropy pool can be initialized before it is needed (and
+in modern kernels, we will printk a warning message if not). However,
+on an embedded system, this may not be the case. And so with this new
+interface, we can provide the functionality of blocking until the
+urandom pool has been initialized. Any userspace program which uses
+this new functionality must take care to assure that if it is used
+during the boot process, that it will not cause the init scripts or
+other portions of the system startup to hang indefinitely.
+
+SYNOPSIS
+ #include <linux/random.h>
+
+ int getrandom(void *buf, size_t buflen, unsigned int flags);
+
+DESCRIPTION
+ The system call getrandom() fills the buffer pointed to by buf
+ with up to buflen random bytes which can be used to seed user
+ space random number generators (i.e., DRBG's) or for other
+ cryptographic uses. It should not be used for Monte Carlo
+ simulations or other programs/algorithms which are doing
+ probabilistic sampling.
+
+ If the GRND_RANDOM flags bit is set, then draw from the
+ /dev/random pool instead of the /dev/urandom pool. The
+ /dev/random pool is limited based on the entropy that can be
+ obtained from environmental noise, so if there is insufficient
+ entropy, the requested number of bytes may not be returned.
+ If there is no entropy available at all, getrandom(2) will
+ either block, or return an error with errno set to EAGAIN if
+ the GRND_NONBLOCK bit is set in flags.
+
+ If the GRND_RANDOM bit is not set, then the /dev/urandom pool
+ will be used. Unlike using read(2) to fetch data from
+ /dev/urandom, if the urandom pool has not been sufficiently
+ initialized, getrandom(2) will block (or return -1 with the
+ errno set to EAGAIN if the GRND_NONBLOCK bit is set in flags).
+
+ The getentropy(2) system call in OpenBSD can be emulated using
+ the following function:
+
+ int getentropy(void *buf, size_t buflen)
+ {
+ int ret;
+
+ if (buflen > 256)
+ goto failure;
+ ret = getrandom(buf, buflen, 0);
+ if (ret < 0)
+ return ret;
+ if (ret == buflen)
+ return 0;
+ failure:
+ errno = EIO;
+ return -1;
+ }
+
+RETURN VALUE
+ On success, the number of bytes that was filled in the buf is
+ returned. This may not be all the bytes requested by the
+ caller via buflen if insufficient entropy was present in the
+ /dev/random pool, or if the system call was interrupted by a
+ signal.
+
+ On error, -1 is returned, and errno is set appropriately.
+
+ERRORS
+ EINVAL An invalid flag was passed to getrandom(2)
+
+ EFAULT buf is outside the accessible address space.
+
+ EAGAIN The requested entropy was not available, and
+ getentropy(2) would have blocked if the
+ GRND_NONBLOCK flag was not set.
+
+ EINTR While blocked waiting for entropy, the call was
+ interrupted by a signal handler; see the description
+ of how interrupted read(2) calls on "slow" devices
+ are handled with and without the SA_RESTART flag
+ in the signal(7) man page.
+
+NOTES
+ For small requests (buflen <= 256) getrandom(2) will not
+ return EINTR when reading from the urandom pool once the
+ entropy pool has been initialized, and it will return all of
+ the bytes that have been requested. This is the recommended
+ way to use getrandom(2), and is designed for compatibility
+ with OpenBSD's getentropy() system call.
+
+ However, if you are using GRND_RANDOM, then getrandom(2) may
+ block until the entropy accounting determines that sufficient
+ environmental noise has been gathered such that getrandom(2)
+ will be operating as a NRBG instead of a DRBG for those people
+ who are working in the NIST SP 800-90 regime. Since it may
+ block for a long time, these guarantees do *not* apply. The
+ user may want to interrupt a hanging process using a signal,
+ so blocking until all of the requested bytes are returned
+ would be unfriendly.
+
+ For this reason, the user of getrandom(2) MUST always check
+ the return value, in case it returns some error, or if fewer
+ bytes than requested was returned. In the case of
+ !GRND_RANDOM and small request, the latter should never
+ happen, but the careful userspace code (and all crypto code
+ should be careful) should check for this anyway!
+
+ Finally, unless you are doing long-term key generation (and
+ perhaps not even then), you probably shouldn't be using
+ GRND_RANDOM. The cryptographic algorithms used for
+ /dev/urandom are quite conservative, and so should be
+ sufficient for all purposes. The disadvantage of GRND_RANDOM
+ is that it can block, and the increased complexity required to
+ deal with partially fulfilled getrandom(2) requests.
+
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Zach Brown <zab@zabbo.net>
+
+Bug: http://b/29621447
+Change-Id: I189ba74070dd6d918b0fdf83ff30bb74ec0f7556
+(cherry picked from commit 4af712e8df998475736f3e2727701bd31e3751a9)
+[flex1911]: backport to 3.4
+[michitux]: backport to 3.0, remove x86 support
+---
+ drivers/char/random.c | 52 +++++++++++++++++++++++++++++++-----
+ include/asm-generic/unistd.h | 4 ++-
+ include/linux/random.h | 9 +++++++
+ include/linux/syscalls.h | 3 +++
+ 4 files changed, 60 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index e7e479c84233..8d09b53c9102 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -255,6 +255,8 @@
+ #include <linux/fips.h>
+ #include <linux/ptrace.h>
+ #include <linux/kmemcheck.h>
++#include <linux/syscalls.h>
++#include <linux/completion.h>
+
+ #ifdef CONFIG_GENERIC_HARDIRQS
+ # include <linux/irq.h>
+@@ -397,6 +399,7 @@ static struct poolinfo {
+ */
+ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
+ static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);
++static DECLARE_WAIT_QUEUE_HEAD(urandom_init_wait);
+ static struct fasync_struct *fasync;
+
+ #if 0
+@@ -607,10 +610,14 @@ retry:
+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
+ goto retry;
+
+- if (!r->initialized && nbits > 0) {
+- r->entropy_total += nbits;
+- if (r->entropy_total > 128)
+- r->initialized = 1;
++ r->entropy_total += nbits;
++ if (!r->initialized && r->entropy_total > 128) {
++ r->initialized = 1;
++ r->entropy_total = 0;
++ if (r == &nonblocking_pool) {
++ wake_up_interruptible(&urandom_init_wait);
++ pr_notice("random: %s pool is initialized\n", r->name);
++ }
+ }
+
+ trace_credit_entropy_bits(r->name, nbits, entropy_count,
+@@ -957,6 +964,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+ ssize_t ret = 0, i;
+ __u8 tmp[EXTRACT_SIZE];
+
++
+ trace_extract_entropy(r->name, nbytes, r->entropy_count, _RET_IP_);
+ xfer_secondary_pool(r, nbytes);
+ nbytes = account(r, nbytes, min, reserved);
+@@ -991,13 +999,14 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+ {
+ ssize_t ret = 0, i;
+ __u8 tmp[EXTRACT_SIZE];
++ int large_request = (nbytes > 256);
+
+ trace_extract_entropy_user(r->name, nbytes, r->entropy_count, _RET_IP_);
+ xfer_secondary_pool(r, nbytes);
+ nbytes = account(r, nbytes, 0, 0);
+
+ while (nbytes) {
+- if (need_resched()) {
++ if (large_request && need_resched()) {
+ if (signal_pending(current)) {
+ if (ret == 0)
+ ret = -ERESTARTSYS;
+@@ -1130,7 +1139,7 @@ void rand_initialize_disk(struct gendisk *disk)
+ #endif
+
+ static ssize_t
+-random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
++_random_read(int nonblock, char __user *buf, size_t nbytes)
+ {
+ ssize_t n, retval = 0, count = 0;
+
+@@ -1150,7 +1159,7 @@ random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
+ n*8, (nbytes-n)*8);
+
+ if (n == 0) {
+- if (file->f_flags & O_NONBLOCK) {
++ if (nonblock) {
+ retval = -EAGAIN;
+ break;
+ }
+@@ -1185,6 +1194,12 @@ random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
+ return (count ? count : retval);
+ }
+
++static ssize_t
++random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
++{
++ return _random_read(file->f_flags & O_NONBLOCK, buf, nbytes);
++}
++
+ static ssize_t
+ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
+ {
+@@ -1311,6 +1326,29 @@ const struct file_operations urandom_fops = {
+ .llseek = noop_llseek,
+ };
+
++SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count,
++ unsigned int, flags)
++{
++ if (flags & ~(GRND_NONBLOCK|GRND_RANDOM))
++ return -EINVAL;
++
++ if (count > INT_MAX)
++ count = INT_MAX;
++
++ if (flags & GRND_RANDOM)
++ return _random_read(flags & GRND_NONBLOCK, buf, count);
++
++ if (unlikely(nonblocking_pool.initialized == 0)) {
++ if (flags & GRND_NONBLOCK)
++ return -EAGAIN;
++ wait_event_interruptible(urandom_init_wait,
++ nonblocking_pool.initialized);
++ if (signal_pending(current))
++ return -ERESTARTSYS;
++ }
++ return urandom_read(NULL, buf, count, NULL);
++}
++
+ /***************************************************************
+ * Random UUID interface
+ *
+diff --git a/include/asm-generic/unistd.h b/include/asm-generic/unistd.h
+index 5518963e38b0..4eeff0f900ac 100644
+--- a/include/asm-generic/unistd.h
++++ b/include/asm-generic/unistd.h
+@@ -685,9 +685,11 @@ __SYSCALL(__NR_syncfs, sys_syncfs)
+ __SYSCALL(__NR_setns, sys_setns)
+ #define __NR_sendmmsg 269
+ __SC_COMP(__NR_sendmmsg, sys_sendmmsg, compat_sys_sendmmsg)
++#define __NR_getrandom 278
++__SYSCALL(__NR_getrandom, sys_getrandom)
+
+ #undef __NR_syscalls
+-#define __NR_syscalls 270
++#define __NR_syscalls 279
+
+ /*
+ * All syscalls below here should go away really,
+diff --git a/include/linux/random.h b/include/linux/random.h
+index 7e58ad27b7ff..788834fb7969 100644
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -46,6 +46,15 @@ struct rnd_state {
+
+ /* Exported functions */
+
++/*
++ * Flags for getrandom(2)
++ *
++ * GRND_NONBLOCK Don't block and return EAGAIN instead
++ * GRND_RANDOM Use the /dev/random pool instead of /dev/urandom
++ */
++#define GRND_NONBLOCK 0x0001
++#define GRND_RANDOM 0x0002
++
+ #ifdef __KERNEL__
+
+ extern void add_device_randomness(const void *, unsigned int);
+diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
+index 8c03b98df5f9..6935b215e34c 100644
+--- a/include/linux/syscalls.h
++++ b/include/linux/syscalls.h
+@@ -847,4 +847,7 @@ asmlinkage long sys_open_by_handle_at(int mountdirfd,
+ struct file_handle __user *handle,
+ int flags);
+ asmlinkage long sys_setns(int fd, int nstype);
++asmlinkage long sys_getrandom(char __user *buf, size_t count,
++ unsigned int flags);
++
+ #endif
+--
+2.19.0
+
diff --git a/device/linux-samsung-n5110/0002-BACKPORT-random-Wake-up-all-getrandom-2-callers-when.patch b/device/linux-samsung-n5110/0002-BACKPORT-random-Wake-up-all-getrandom-2-callers-when.patch
new file mode 100644
index 0000000000000000000000000000000000000000..87ba343a8a33db7e813b38469a3071b32739a913
--- /dev/null
+++ b/device/linux-samsung-n5110/0002-BACKPORT-random-Wake-up-all-getrandom-2-callers-when.patch
@@ -0,0 +1,39 @@
+From ad7154f084e30ed053a616fd1ebe1d969c2b742a Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 21 May 2015 16:19:54 +0800
+Subject: [PATCH 2/3] BACKPORT: random: Wake up all getrandom(2) callers when
+ pool is ready
+
+Clean cherry pick of 1d9de44e268d880cbe2d0bd3be1ef0661f93fd34.
+
+If more than one application invokes getrandom(2) before the pool
+is ready, then all bar one will be stuck forever because we use
+wake_up_interruptible which wakes up a single task.
+
+This patch replaces it with wake_up_all.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Bug: http://b/29621447
+Change-Id: I5dfd7abac10898802f030e0a2af7110809283328
+(cherry picked from commit 1d9de44e268d880cbe2d0bd3be1ef0661f93fd34)
+---
+ drivers/char/random.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index 8d09b53c9102..702b5bcad2c8 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -615,7 +615,7 @@ retry:
+ r->initialized = 1;
+ r->entropy_total = 0;
+ if (r == &nonblocking_pool) {
+- wake_up_interruptible(&urandom_init_wait);
++ wake_up_all(&urandom_init_wait);
+ pr_notice("random: %s pool is initialized\n", r->name);
+ }
+ }
+--
+2.19.0
+
diff --git a/device/linux-samsung-n5110/0003-BACKPORT-ARM-wire-up-getrandom-syscall.patch b/device/linux-samsung-n5110/0003-BACKPORT-ARM-wire-up-getrandom-syscall.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9d9c723375df2082778027ed530528e63029315e
--- /dev/null
+++ b/device/linux-samsung-n5110/0003-BACKPORT-ARM-wire-up-getrandom-syscall.patch
@@ -0,0 +1,71 @@
+From d919f1f5c38205ad2ab38d4c061e8b28e606559b Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Fri, 8 Aug 2014 10:56:34 +0100
+Subject: [PATCH 3/3] BACKPORT: ARM: wire up getrandom syscall
+
+Clean cherry pick of eb6452537b280652eee66801ec97cc369e27e5d8.
+
+Add the new getrandom syscall for ARM.
+
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+
+Bug: http://b/29621447
+Change-Id: I6d50b57f3a61fbf9102c69103b9a5b7ebf239860
+(cherry picked from commit eb6452537b280652eee66801ec97cc369e27e5d8)
+[flex1911]: backport to 3.4
+[michitux]: backport to 3.0
+---
+ arch/arm/include/asm/unistd.h | 9 +++++++++
+ arch/arm/kernel/calls.S | 9 +++++++++
+ 2 files changed, 18 insertions(+)
+
+diff --git a/arch/arm/include/asm/unistd.h b/arch/arm/include/asm/unistd.h
+index 2c04ed5efeb5..96e290b9fecf 100644
+--- a/arch/arm/include/asm/unistd.h
++++ b/arch/arm/include/asm/unistd.h
+@@ -402,6 +402,7 @@
+ #define __NR_syncfs (__NR_SYSCALL_BASE+373)
+ #define __NR_sendmmsg (__NR_SYSCALL_BASE+374)
+ #define __NR_setns (__NR_SYSCALL_BASE+375)
++#define __NR_getrandom (__NR_SYSCALL_BASE+384)
+
+ /*
+ * The following SWIs are ARM private.
+@@ -413,6 +414,14 @@
+ #define __ARM_NR_usr32 (__ARM_NR_BASE+4)
+ #define __ARM_NR_set_tls (__ARM_NR_BASE+5)
+
++/*
++ * This may need to be greater than __NR_last_syscall+1 in order to
++ * account for the padding in the syscall table
++ */
++#ifdef __KERNEL__
++#define __NR_syscalls (388)
++#endif
++
+ /*
+ * *NOTE*: This is a ghost syscall private to the kernel. Only the
+ * __kuser_cmpxchg code in entry-armv.S should be aware of its
+diff --git a/arch/arm/kernel/calls.S b/arch/arm/kernel/calls.S
+index 80f7896cc016..612627f899d4 100644
+--- a/arch/arm/kernel/calls.S
++++ b/arch/arm/kernel/calls.S
+@@ -385,6 +385,15 @@
+ CALL(sys_syncfs)
+ CALL(sys_sendmmsg)
+ /* 375 */ CALL(sys_setns)
++ CALL(sys_ni_syscall)
++ CALL(sys_ni_syscall)
++ CALL(sys_ni_syscall)
++ CALL(sys_ni_syscall)
++/* 380 */ CALL(sys_ni_syscall)
++ CALL(sys_ni_syscall)
++ CALL(sys_ni_syscall)
++ CALL(sys_ni_syscall)
++ CALL(sys_getrandom)
+ #ifndef syscalls_counted
+ .equ syscalls_padding, ((NR_syscalls + 3) & ~3) - NR_syscalls
+ #define syscalls_counted
+--
+2.19.0
+
diff --git a/device/linux-samsung-n5110/APKBUILD b/device/linux-samsung-n5110/APKBUILD
index 15b840ce846f5307103fd5cb1bc7665ab1b6f435..d32333b8ba59081fa960c16b3c6c118540bb5db8 100644
--- a/device/linux-samsung-n5110/APKBUILD
+++ b/device/linux-samsung-n5110/APKBUILD
@@ -2,7 +2,7 @@
pkgname="linux-samsung-n5110"
pkgver=3.0.101
-pkgrel=1
+pkgrel=2
pkgdesc="Samsung Galaxy Note 8.0 (Wi-Fi) kernel fork"
arch="armhf"
_carch="arm"
@@ -28,6 +28,9 @@ _config="config-${_flavor}.${arch}"
source="
$pkgname-$_commit.tar.gz::https://github.com/LineageOS/${_repository}/archive/${_commit}.tar.gz
$_config
+ 0001-BACKPORT-random-introduce-getrandom-2-system-call.patch
+ 0002-BACKPORT-random-Wake-up-all-getrandom-2-callers-when.patch
+ 0003-BACKPORT-ARM-wire-up-getrandom-syscall.patch
compiler-gcc6.h
"
builddir="$srcdir/${_repository}-${_commit}"
@@ -77,4 +80,7 @@ package() {
sha512sums="7e47ecfa6c3b2f4ac199ceed4103a00a577f9fa0002f5759df570f3c11a3436e53114e87a13e9efd27f2a2e17fcaab1be0666dffaa7d23699e700bee0d2afe33 linux-samsung-n5110-b7ffe7f2aea2391737cdeac2a33217ee0ea4f2ba.tar.gz
0d0219494704891d06c85929ed2d73db49c581874ad04c9e11f625dd06a499854a1ec813dd7073fb9bb88a91f17510ae168e38716986de324e156e45d6fb965e config-samsung-n5110.armhf
+9f931974afda5f82dab400758aa35decb97678ef698748c56dae4b2ede62fab34c3a7d6c16293602cfbb7a6a41d64ac3d25b8cb63251bef23475d50bfaae16a6 0001-BACKPORT-random-introduce-getrandom-2-system-call.patch
+5d64e22eaeddc4a7fd4b99076bd2e29c02c214852663d6ddb30d304e9aba1f177f8c25e15f7892045cc132ef80e148952128536817fa8af6f03f3c7ee33d33a3 0002-BACKPORT-random-Wake-up-all-getrandom-2-callers-when.patch
+8ce10fba0b10131de07a9c47544702b68c52f2e0a09eb2942044abf2e292cbfacbac0b6f6445306af46915064573037cfd66f99500bfa75551daa9376b1a6f77 0003-BACKPORT-ARM-wire-up-getrandom-syscall.patch
d80980e9474c82ba0ef1a6903b434d8bd1b092c40367ba543e72d2c119301c8b2d05265740e4104ca1ac5d15f6c4aa49e8776cb44264a9a28dc551e0d1850dcc compiler-gcc6.h"