diff --git a/valgrind-3.15.0-pkey.patch b/valgrind-3.15.0-pkey.patch
new file mode 100644
index 0000000..3f534c5
--- /dev/null
+++ b/valgrind-3.15.0-pkey.patch
@@ -0,0 +1,226 @@
+commit b064131bdf099d3647b4501e5d15391e1e9623e6
+Author: Mark Wielaard <mark@klomp.org>
+Date: Thu May 30 00:29:58 2019 +0200
+
+ linux x86 and amd64 memory protection key syscalls.
+
+ This implements minimal support for the pkey_alloc, pkey_free and
+ pkey_mprotect syscalls. pkey_alloc will simply indicate that pkeys
+ are not supported. pkey_free always fails. pkey_mprotect works just
+ like mprotect if the special pkey -1 is provided.
+
+ https://bugs.kde.org/show_bug.cgi?id=408091
+
+diff --git a/coregrind/m_syswrap/priv_syswrap-generic.h b/coregrind/m_syswrap/priv_syswrap-generic.h
+index 88530f0..3e1c8b6 100644
+--- a/coregrind/m_syswrap/priv_syswrap-generic.h
++++ b/coregrind/m_syswrap/priv_syswrap-generic.h
+@@ -106,6 +106,10 @@ extern Bool
+ ML_(handle_auxv_open)(SyscallStatus *status, const HChar *filename,
+ int flags);
+
++/* Helper function for generic mprotect and linux pkey_mprotect. */
++extern void handle_sys_mprotect (ThreadId tid, SyscallStatus *status,
++ Addr *addr, SizeT *len, Int *prot);
++
+ DECL_TEMPLATE(generic, sys_ni_syscall); // * P -- unimplemented
+ DECL_TEMPLATE(generic, sys_exit);
+ DECL_TEMPLATE(generic, sys_fork);
+diff --git a/coregrind/m_syswrap/priv_syswrap-linux.h b/coregrind/m_syswrap/priv_syswrap-linux.h
+index 5cf5407..2471524 100644
+--- a/coregrind/m_syswrap/priv_syswrap-linux.h
++++ b/coregrind/m_syswrap/priv_syswrap-linux.h
+@@ -299,6 +299,11 @@ DECL_TEMPLATE(linux, sys_bpf);
+ // Linux-specific (new in Linux 4.11)
+ DECL_TEMPLATE(linux, sys_statx);
+
++// Linux-specific memory protection key syscalls (since Linux 4.9)
++DECL_TEMPLATE(linux, sys_pkey_alloc);
++DECL_TEMPLATE(linux, sys_pkey_free);
++DECL_TEMPLATE(linux, sys_pkey_mprotect);
++
+ /* ---------------------------------------------------------------------
+ Wrappers for sockets and ipc-ery. These are split into standalone
+ procedures because x86-linux hides them inside multiplexors
+diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c
+index d4fe413..2d6b95f 100644
+--- a/coregrind/m_syswrap/syswrap-amd64-linux.c
++++ b/coregrind/m_syswrap/syswrap-amd64-linux.c
+@@ -863,6 +863,10 @@ static SyscallTableEntry syscall_table[] = {
+ LINX_(__NR_membarrier, sys_membarrier), // 324
+
+ LINX_(__NR_copy_file_range, sys_copy_file_range), // 326
++
++ LINXY(__NR_pkey_mprotect, sys_pkey_mprotect), // 329
++ LINX_(__NR_pkey_alloc, sys_pkey_alloc), // 330
++ LINX_(__NR_pkey_free, sys_pkey_free), // 331
+ };
+
+ SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )
+diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c
+index 0b64919..01191f6 100644
+--- a/coregrind/m_syswrap/syswrap-generic.c
++++ b/coregrind/m_syswrap/syswrap-generic.c
+@@ -3842,12 +3842,28 @@ PRE(sys_mprotect)
+ PRE_REG_READ3(long, "mprotect",
+ unsigned long, addr, vki_size_t, len, unsigned long, prot);
+
+- if (!ML_(valid_client_addr)(ARG1, ARG2, tid, "mprotect")) {
++ Addr addr = ARG1;
++ SizeT len = ARG2;
++ Int prot = ARG3;
++
++ handle_sys_mprotect (tid, status, &addr, &len, &prot);
++
++ ARG1 = addr;
++ ARG2 = len;
++ ARG3 = prot;
++}
++/* This will be called from the generic mprotect, or the linux specific
++ pkey_mprotect. Pass pointers to ARG1, ARG2 and ARG3 as addr, len and prot,
++ they might be adjusted and have to assigned back to ARG1, ARG2 and ARG3. */
++void handle_sys_mprotect(ThreadId tid, SyscallStatus* status,
++ Addr *addr, SizeT *len, Int *prot)
++{
++ if (!ML_(valid_client_addr)(*addr, *len, tid, "mprotect")) {
+ SET_STATUS_Failure( VKI_ENOMEM );
+ }
+ #if defined(VKI_PROT_GROWSDOWN)
+ else
+- if (ARG3 & (VKI_PROT_GROWSDOWN|VKI_PROT_GROWSUP)) {
++ if (*prot & (VKI_PROT_GROWSDOWN|VKI_PROT_GROWSUP)) {
+ /* Deal with mprotects on growable stack areas.
+
+ The critical files to understand all this are mm/mprotect.c
+@@ -3862,8 +3878,8 @@ PRE(sys_mprotect)
+
+ The sanity check provided by the kernel is that the vma must
+ have the VM_GROWSDOWN/VM_GROWSUP flag set as appropriate. */
+- UInt grows = ARG3 & (VKI_PROT_GROWSDOWN|VKI_PROT_GROWSUP);
+- NSegment const *aseg = VG_(am_find_nsegment)(ARG1);
++ UInt grows = *prot & (VKI_PROT_GROWSDOWN|VKI_PROT_GROWSUP);
++ NSegment const *aseg = VG_(am_find_nsegment)(*addr);
+ NSegment const *rseg;
+
+ vg_assert(aseg);
+@@ -3874,10 +3890,10 @@ PRE(sys_mprotect)
+ && rseg->kind == SkResvn
+ && rseg->smode == SmUpper
+ && rseg->end+1 == aseg->start) {
+- Addr end = ARG1 + ARG2;
+- ARG1 = aseg->start;
+- ARG2 = end - aseg->start;
+- ARG3 &= ~VKI_PROT_GROWSDOWN;
++ Addr end = *addr + *len;
++ *addr = aseg->start;
++ *len = end - aseg->start;
++ *prot &= ~VKI_PROT_GROWSDOWN;
+ } else {
+ SET_STATUS_Failure( VKI_EINVAL );
+ }
+@@ -3887,8 +3903,8 @@ PRE(sys_mprotect)
+ && rseg->kind == SkResvn
+ && rseg->smode == SmLower
+ && aseg->end+1 == rseg->start) {
+- ARG2 = aseg->end - ARG1 + 1;
+- ARG3 &= ~VKI_PROT_GROWSUP;
++ *len = aseg->end - *addr + 1;
++ *prot &= ~VKI_PROT_GROWSUP;
+ } else {
+ SET_STATUS_Failure( VKI_EINVAL );
+ }
+diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
+index 810ca24..5452b8d 100644
+--- a/coregrind/m_syswrap/syswrap-linux.c
++++ b/coregrind/m_syswrap/syswrap-linux.c
+@@ -12120,6 +12120,76 @@ PRE(sys_copy_file_range)
+ }
+ }
+
++PRE(sys_pkey_alloc)
++{
++ PRINT("pkey_alloc (%lu, %lu)", ARG1, ARG2);
++
++ PRE_REG_READ2(long, "pkey_alloc",
++ unsigned long, "flags",
++ unsigned long, "access_rights");
++
++ /* The kernel says: pkey_alloc() is always safe to call regardless of
++ whether or not the operating system supports protection keys. It can be
++ used in lieu of any other mechanism for detecting pkey support and will
++ simply fail with the error ENOSPC if the operating system has no pkey
++ support.
++
++ So we simply always return ENOSPC to signal memory protection keys are
++ not supported under valgrind, unless there are unknown flags, then we
++ return EINVAL. */
++ unsigned long pkey_flags = ARG1;
++ if (pkey_flags != 0)
++ SET_STATUS_Failure( VKI_EINVAL );
++ else
++ SET_STATUS_Failure( VKI_ENOSPC );
++}
++
++PRE(sys_pkey_free)
++{
++ PRINT("pkey_free (%" FMT_REGWORD "u )", ARG1);
++
++ PRE_REG_READ1(long, "pkey_free",
++ unsigned long, "pkey");
++
++ /* Since pkey_alloc () can never succeed, see above, freeing any pkey is
++ always an error. */
++ SET_STATUS_Failure( VKI_EINVAL );
++}
++
++PRE(sys_pkey_mprotect)
++{
++ PRINT("sys_pkey_mprotect ( %#" FMT_REGWORD "x, %" FMT_REGWORD "u, %"
++ FMT_REGWORD "u %" FMT_REGWORD "u )", ARG1, ARG2, ARG3, ARG4);
++ PRE_REG_READ4(long, "pkey_mprotect",
++ unsigned long, addr, vki_size_t, len, unsigned long, prot,
++ unsigned long, pkey);
++
++ Addr addr = ARG1;
++ SizeT len = ARG2;
++ Int prot = ARG3;
++ Int pkey = ARG4;
++
++ /* Since pkey_alloc () can never succeed, see above, any pkey is
++ invalid. Except for -1, then pkey_mprotect acts just like mprotect. */
++ if (pkey != -1)
++ SET_STATUS_Failure( VKI_EINVAL );
++ else
++ handle_sys_mprotect (tid, status, &addr, &len, &prot);
++
++ ARG1 = addr;
++ ARG2 = len;
++ ARG3 = prot;
++}
++
++POST(sys_pkey_mprotect)
++{
++ Addr addr = ARG1;
++ SizeT len = ARG2;
++ Int prot = ARG3;
++
++ ML_(notify_core_and_tool_of_mprotect)(addr, len, prot);
++}
++
+
+ #undef PRE
+ #undef POST
+diff --git a/coregrind/m_syswrap/syswrap-x86-linux.c b/coregrind/m_syswrap/syswrap-x86-linux.c
+index ad54cf6..3829fa4 100644
+--- a/coregrind/m_syswrap/syswrap-x86-linux.c
++++ b/coregrind/m_syswrap/syswrap-x86-linux.c
+@@ -1608,6 +1608,9 @@ static SyscallTableEntry syscall_table[] = {
+
+ LINX_(__NR_copy_file_range, sys_copy_file_range), // 377
+
++ LINXY(__NR_pkey_mprotect, sys_pkey_mprotect), // 380
++ LINX_(__NR_pkey_alloc, sys_pkey_alloc), // 381
++ LINX_(__NR_pkey_free, sys_pkey_free), // 382
+ LINXY(__NR_statx, sys_statx), // 383
+
+ /* Explicitly not supported on i386 yet. */
diff --git a/valgrind.spec b/valgrind.spec
index 21d9e15..ff0c5f5 100644
--- a/valgrind.spec
+++ b/valgrind.spec
@@ -3,7 +3,7 @@
Summary: Tool for finding memory management bugs in programs
Name: %{?scl_prefix}valgrind
Version: 3.15.0
-Release: 8%{?dist}
+Release: 9%{?dist}
Epoch: 1
License: GPLv2+
URL: http://www.valgrind.org/
@@ -121,6 +121,9 @@ Patch14: valgrind-3.15.0-some-Wl-z-now.patch
# KDE#408009 Expose rdrand and f16c even on avx if host cpu supports them
Patch15: valgrind-3.15.0-avx-rdrand-f16c.patch
+# KDE#408091 Missing pkey syscalls
+Patch16: valgrind-3.15.0-pkey.patch
+
BuildRequires: glibc-devel
%if %{build_openmpi}
@@ -267,6 +270,7 @@ Valgrind User Manual for details.
%endif
%patch15 -p1
+%patch16 -p1
%build
@@ -487,6 +491,9 @@ fi
%endif
%changelog
+* Wed May 29 2019 Mark Wielaard <mjw@fedoraproject.org> - 3.15.0-9
+- Add valgrind-3.15.0-pkey.patch
+
* Tue May 28 2019 Mark Wielaard <mjw@fedoraproject.org> - 3.15.0-8
- Update valgrind-3.15.0-copy_file_range.patch.
- Add valgrind-3.15.0-avx-rdrand-f16c.patch.