Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.3.4/, 2.6.32/, 3.3.3/, 3.2.16/
Date: Tue, 01 May 2012 00:15:31
Message-Id: 1335831296.e4ccaafaed07d4747a274b551ab90fedcdb21c17.blueness@gentoo
1 commit: e4ccaafaed07d4747a274b551ab90fedcdb21c17
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Tue May 1 00:14:56 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Tue May 1 00:14:56 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=e4ccaafa
7
8 Grsec/PaX: 2.9-{2.6.32.59,3.2.16,3.3.4}-201204272005
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ...20_grsecurity-2.9-2.6.32.59-201204272005.patch} | 11 +-
13 3.2.16/0000_README | 2 +-
14 ... 4420_grsecurity-2.9-3.2.16-201204272005.patch} | 19 ++-
15 {3.3.3 => 3.3.4}/0000_README | 2 +-
16 .../4420_grsecurity-2.9-3.3.4-201204272006.patch | 264 +++++---------------
17 .../4430_grsec-remove-localversion-grsec.patch | 0
18 {3.3.3 => 3.3.4}/4435_grsec-mute-warnings.patch | 0
19 .../4440_grsec-remove-protected-paths.patch | 0
20 .../4445_grsec-pax-without-grsec.patch | 0
21 .../4450_grsec-kconfig-default-gids.patch | 0
22 {3.3.3 => 3.3.4}/4455_grsec-kconfig-gentoo.patch | 0
23 .../4460-grsec-kconfig-proc-user.patch | 0
24 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
25 {3.3.3 => 3.3.4}/4470_disable-compat_vdso.patch | 0
26 15 files changed, 92 insertions(+), 208 deletions(-)
27
28 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
29 index 88d91ed..78e053c 100644
30 --- a/2.6.32/0000_README
31 +++ b/2.6.32/0000_README
32 @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
33 From: http://www.kernel.org
34 Desc: Linux 2.6.32.59
35
36 -Patch: 4420_grsecurity-2.9-2.6.32.59-201204231832.patch
37 +Patch: 4420_grsecurity-2.9-2.6.32.59-201204272005.patch
38 From: http://www.grsecurity.net
39 Desc: hardened-sources base patch from upstream grsecurity
40
41
42 diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch
43 similarity index 99%
44 rename from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch
45 rename to 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch
46 index f9f051f..0991ae8 100644
47 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch
48 +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch
49 @@ -754,7 +754,7 @@ index b68faef..6dd1496 100644
50 select HAVE_KRETPROBES if (HAVE_KPROBES)
51 select HAVE_FUNCTION_TRACER if (!XIP_KERNEL)
52 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
53 -index d0daeab..99ab713 100644
54 +index d0daeab..8d7cb84 100644
55 --- a/arch/arm/include/asm/atomic.h
56 +++ b/arch/arm/include/asm/atomic.h
57 @@ -15,6 +15,10 @@
58 @@ -832,7 +832,7 @@ index d0daeab..99ab713 100644
59 +#ifdef CONFIG_PAX_REFCOUNT
60 +" bvc 3f\n"
61 +" mov %0, %1\n"
62 -+"2: bkpt 0xf103\n"
63 ++"2: bkpt 0xf103\n"
64 +"3:\n"
65 +#endif
66 +
67 @@ -104361,10 +104361,10 @@ index d52f7a0..b66cdd9 100755
68 rm -f tags
69 xtags ctags
70 diff --git a/security/Kconfig b/security/Kconfig
71 -index fb363cd..50f3c98 100644
72 +index fb363cd..c2c0a96 100644
73 --- a/security/Kconfig
74 +++ b/security/Kconfig
75 -@@ -4,6 +4,633 @@
76 +@@ -4,6 +4,634 @@
77
78 menu "Security options"
79
80 @@ -104980,6 +104980,7 @@ index fb363cd..50f3c98 100644
81 +
82 +config PAX_SIZE_OVERFLOW
83 + bool "Prevent various integer overflows in function size parameters"
84 ++ depends on X86
85 + help
86 + By saying Y here the kernel recomputes expressions of function
87 + arguments marked by a size_overflow attribute with double integer
88 @@ -104998,7 +104999,7 @@ index fb363cd..50f3c98 100644
89 config KEYS
90 bool "Enable access key retention support"
91 help
92 -@@ -146,7 +773,7 @@ config INTEL_TXT
93 +@@ -146,7 +774,7 @@ config INTEL_TXT
94 config LSM_MMAP_MIN_ADDR
95 int "Low address space for LSM to protect from user allocation"
96 depends on SECURITY && SECURITY_SELINUX
97
98 diff --git a/3.2.16/0000_README b/3.2.16/0000_README
99 index 1868caa..7ae16d8 100644
100 --- a/3.2.16/0000_README
101 +++ b/3.2.16/0000_README
102 @@ -2,7 +2,7 @@ README
103 -----------------------------------------------------------------------------
104 Individual Patch Descriptions:
105 -----------------------------------------------------------------------------
106 -Patch: 4420_grsecurity-2.9-3.2.16-201204231833.patch
107 +Patch: 4420_grsecurity-2.9-3.2.16-201204272005.patch
108 From: http://www.grsecurity.net
109 Desc: hardened-sources base patch from upstream grsecurity
110
111
112 diff --git a/3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch b/3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch
113 similarity index 99%
114 rename from 3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch
115 rename to 3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch
116 index e77a05a..c60e3c1 100644
117 --- a/3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch
118 +++ b/3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch
119 @@ -687,7 +687,7 @@ index fadd5f8..904e73a 100644
120 /* Allow reads even for write-only mappings */
121 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
122 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
123 -index 86976d0..8e07f84 100644
124 +index 86976d0..c63ea6b 100644
125 --- a/arch/arm/include/asm/atomic.h
126 +++ b/arch/arm/include/asm/atomic.h
127 @@ -15,6 +15,10 @@
128 @@ -763,7 +763,7 @@ index 86976d0..8e07f84 100644
129 +#ifdef CONFIG_PAX_REFCOUNT
130 +" bvc 3f\n"
131 +" mov %0, %1\n"
132 -+"2: bkpt 0xf103\n"
133 ++"2: bkpt 0xf103\n"
134 +"3:\n"
135 +#endif
136 +
137 @@ -86499,6 +86499,21 @@ index 0000000..b87ec9d
138 +
139 + return 0;
140 +}
141 +diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
142 +index adb372d..e0a0970 100644
143 +--- a/tools/perf/util/hist.c
144 ++++ b/tools/perf/util/hist.c
145 +@@ -237,8 +237,8 @@ struct hist_entry *__hists__add_entry(struct hists *hists,
146 + * mis-adjust symbol addresses when computing
147 + * the history counter to increment.
148 + */
149 +- if (he->ms.map != entry->ms.map) {
150 +- he->ms.map = entry->ms.map;
151 ++ if (he->ms.map != entry.ms.map) {
152 ++ he->ms.map = entry.ms.map;
153 + if (he->ms.map)
154 + he->ms.map->referenced = true;
155 + }
156 diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h
157 index 6789d78..4afd019 100644
158 --- a/tools/perf/util/include/asm/alternative-asm.h
159
160 diff --git a/3.3.3/0000_README b/3.3.4/0000_README
161 similarity index 97%
162 rename from 3.3.3/0000_README
163 rename to 3.3.4/0000_README
164 index b75ac47..e35a073 100644
165 --- a/3.3.3/0000_README
166 +++ b/3.3.4/0000_README
167 @@ -2,7 +2,7 @@ README
168 -----------------------------------------------------------------------------
169 Individual Patch Descriptions:
170 -----------------------------------------------------------------------------
171 -Patch: 4420_grsecurity-2.9-3.3.3-201204231833.patch
172 +Patch: 4420_grsecurity-2.9-3.3.4-201204272006.patch
173 From: http://www.grsecurity.net
174 Desc: hardened-sources base patch from upstream grsecurity
175
176
177 diff --git a/3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch b/3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch
178 similarity index 99%
179 rename from 3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch
180 rename to 3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch
181 index 8309b6e..7c10a25 100644
182 --- a/3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch
183 +++ b/3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch
184 @@ -195,7 +195,7 @@ index d99fd9c..8689fef 100644
185
186 pcd. [PARIDE]
187 diff --git a/Makefile b/Makefile
188 -index 0acd141..865e73d 100644
189 +index 44ef766..dac9410 100644
190 --- a/Makefile
191 +++ b/Makefile
192 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
193 @@ -16999,10 +16999,18 @@ index 9c3bd4a..e1d9b35 100644
194 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
195 +#endif
196 diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
197 -index 739d859..d1d6be7 100644
198 +index 739d859..aab2a58 100644
199 --- a/arch/x86/kernel/i387.c
200 +++ b/arch/x86/kernel/i387.c
201 -@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
202 +@@ -154,6 +154,7 @@ int init_fpu(struct task_struct *tsk)
203 + if (tsk_used_math(tsk)) {
204 + if (HAVE_HWFP && tsk == current)
205 + unlazy_fpu(tsk);
206 ++ tsk->thread.fpu.last_cpu = ~0;
207 + return 0;
208 + }
209 +
210 +@@ -188,6 +189,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
211
212 int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
213 unsigned int pos, unsigned int count,
214 @@ -17012,7 +17020,7 @@ index 739d859..d1d6be7 100644
215 void *kbuf, void __user *ubuf)
216 {
217 int ret;
218 -@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
219 +@@ -207,6 +211,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
220
221 int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
222 unsigned int pos, unsigned int count,
223 @@ -17022,7 +17030,7 @@ index 739d859..d1d6be7 100644
224 const void *kbuf, const void __user *ubuf)
225 {
226 int ret;
227 -@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
228 +@@ -240,6 +247,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
229
230 int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
231 unsigned int pos, unsigned int count,
232 @@ -17032,7 +17040,7 @@ index 739d859..d1d6be7 100644
233 void *kbuf, void __user *ubuf)
234 {
235 int ret;
236 -@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
237 +@@ -269,6 +279,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
238
239 int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
240 unsigned int pos, unsigned int count,
241 @@ -17042,7 +17050,7 @@ index 739d859..d1d6be7 100644
242 const void *kbuf, const void __user *ubuf)
243 {
244 int ret;
245 -@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
246 +@@ -439,6 +452,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
247
248 int fpregs_get(struct task_struct *target, const struct user_regset *regset,
249 unsigned int pos, unsigned int count,
250 @@ -17052,7 +17060,7 @@ index 739d859..d1d6be7 100644
251 void *kbuf, void __user *ubuf)
252 {
253 struct user_i387_ia32_struct env;
254 -@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
255 +@@ -471,6 +487,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
256
257 int fpregs_set(struct task_struct *target, const struct user_regset *regset,
258 unsigned int pos, unsigned int count,
259 @@ -17062,7 +17070,7 @@ index 739d859..d1d6be7 100644
260 const void *kbuf, const void __user *ubuf)
261 {
262 struct user_i387_ia32_struct env;
263 -@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
264 +@@ -619,6 +638,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
265 }
266
267 static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
268 @@ -33318,7 +33326,7 @@ index b89c548..2af3ce4 100644
269
270 void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
271 diff --git a/drivers/md/md.c b/drivers/md/md.c
272 -index 6acc846..80a6b96 100644
273 +index 58027d8..d9cddcd 100644
274 --- a/drivers/md/md.c
275 +++ b/drivers/md/md.c
276 @@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
277 @@ -35255,10 +35263,10 @@ index 58dc117..f140c77 100644
278 if ((num_pages != size) ||
279 (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags))
280 diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
281 -index 486b404..0d6677d 100644
282 +index 3ed983c..a1bb418 100644
283 --- a/drivers/net/ppp/ppp_generic.c
284 +++ b/drivers/net/ppp/ppp_generic.c
285 -@@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
286 +@@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
287 void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
288 struct ppp_stats stats;
289 struct ppp_comp_stats cstats;
290 @@ -35266,7 +35274,7 @@ index 486b404..0d6677d 100644
291
292 switch (cmd) {
293 case SIOCGPPPSTATS:
294 -@@ -1009,8 +1008,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
295 +@@ -1008,8 +1007,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
296 break;
297
298 case SIOCGPPPVER:
299 @@ -47381,7 +47389,7 @@ index d355e6e..578d905 100644
300
301 enum ocfs2_local_alloc_state
302 diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
303 -index ba5d97e..c77db25 100644
304 +index f169da4..9112253 100644
305 --- a/fs/ocfs2/suballoc.c
306 +++ b/fs/ocfs2/suballoc.c
307 @@ -872,7 +872,7 @@ static int ocfs2_reserve_suballoc_bits(struct ocfs2_super *osb,
308 @@ -49047,10 +49055,10 @@ index 4023d6b..ab46c6a 100644
309
310 if (op) {
311 diff --git a/fs/splice.c b/fs/splice.c
312 -index 1ec0493..d6ab5c2 100644
313 +index 96d7b28..fd465ac 100644
314 --- a/fs/splice.c
315 +++ b/fs/splice.c
316 -@@ -193,7 +193,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
317 +@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
318 pipe_lock(pipe);
319
320 for (;;) {
321 @@ -49059,7 +49067,7 @@ index 1ec0493..d6ab5c2 100644
322 send_sig(SIGPIPE, current, 0);
323 if (!ret)
324 ret = -EPIPE;
325 -@@ -247,9 +247,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
326 +@@ -248,9 +248,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
327 do_wakeup = 0;
328 }
329
330 @@ -49071,7 +49079,7 @@ index 1ec0493..d6ab5c2 100644
331 }
332
333 pipe_unlock(pipe);
334 -@@ -559,7 +559,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
335 +@@ -560,7 +560,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
336 old_fs = get_fs();
337 set_fs(get_ds());
338 /* The cast to a user pointer is valid due to the set_fs() */
339 @@ -49080,7 +49088,7 @@ index 1ec0493..d6ab5c2 100644
340 set_fs(old_fs);
341
342 return res;
343 -@@ -574,7 +574,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
344 +@@ -575,7 +575,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
345 old_fs = get_fs();
346 set_fs(get_ds());
347 /* The cast to a user pointer is valid due to the set_fs() */
348 @@ -49089,7 +49097,7 @@ index 1ec0493..d6ab5c2 100644
349 set_fs(old_fs);
350
351 return res;
352 -@@ -625,7 +625,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
353 +@@ -626,7 +626,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
354 goto err;
355
356 this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
357 @@ -49098,7 +49106,7 @@ index 1ec0493..d6ab5c2 100644
358 vec[i].iov_len = this_len;
359 spd.pages[i] = page;
360 spd.nr_pages++;
361 -@@ -845,10 +845,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
362 +@@ -848,10 +848,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
363 int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
364 {
365 while (!pipe->nrbufs) {
366 @@ -49111,7 +49119,7 @@ index 1ec0493..d6ab5c2 100644
367 return 0;
368
369 if (sd->flags & SPLICE_F_NONBLOCK)
370 -@@ -1181,7 +1181,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
371 +@@ -1184,7 +1184,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
372 * out of the pipe right after the splice_to_pipe(). So set
373 * PIPE_READERS appropriately.
374 */
375 @@ -49120,7 +49128,7 @@ index 1ec0493..d6ab5c2 100644
376
377 current->splice_pipe = pipe;
378 }
379 -@@ -1733,9 +1733,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
380 +@@ -1736,9 +1736,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
381 ret = -ERESTARTSYS;
382 break;
383 }
384 @@ -49132,7 +49140,7 @@ index 1ec0493..d6ab5c2 100644
385 if (flags & SPLICE_F_NONBLOCK) {
386 ret = -EAGAIN;
387 break;
388 -@@ -1767,7 +1767,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
389 +@@ -1770,7 +1770,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
390 pipe_lock(pipe);
391
392 while (pipe->nrbufs >= pipe->buffers) {
393 @@ -49141,7 +49149,7 @@ index 1ec0493..d6ab5c2 100644
394 send_sig(SIGPIPE, current, 0);
395 ret = -EPIPE;
396 break;
397 -@@ -1780,9 +1780,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
398 +@@ -1783,9 +1783,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
399 ret = -ERESTARTSYS;
400 break;
401 }
402 @@ -49153,7 +49161,7 @@ index 1ec0493..d6ab5c2 100644
403 }
404
405 pipe_unlock(pipe);
406 -@@ -1818,14 +1818,14 @@ retry:
407 +@@ -1821,14 +1821,14 @@ retry:
408 pipe_double_lock(ipipe, opipe);
409
410 do {
411 @@ -49170,7 +49178,7 @@ index 1ec0493..d6ab5c2 100644
412 break;
413
414 /*
415 -@@ -1922,7 +1922,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
416 +@@ -1925,7 +1925,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
417 pipe_double_lock(ipipe, opipe);
418
419 do {
420 @@ -49179,7 +49187,7 @@ index 1ec0493..d6ab5c2 100644
421 send_sig(SIGPIPE, current, 0);
422 if (!ret)
423 ret = -EPIPE;
424 -@@ -1967,7 +1967,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
425 +@@ -1970,7 +1970,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
426 * return EAGAIN if we have the potential of some data in the
427 * future, otherwise just return 0
428 */
429 @@ -62201,7 +62209,7 @@ index 9c07dce..a92fa71 100644
430 if (atomic_sub_and_test((int) count, &kref->refcount)) {
431 release(kref);
432 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
433 -index 900c763..098aefa 100644
434 +index bc21720..098aefa 100644
435 --- a/include/linux/kvm_host.h
436 +++ b/include/linux/kvm_host.h
437 @@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
438 @@ -62249,27 +62257,7 @@ index 900c763..098aefa 100644
439 void kvm_arch_exit(void);
440
441 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
442 -@@ -593,6 +593,7 @@ void kvm_free_irq_source_id(struct kvm *kvm, int irq_source_id);
443 -
444 - #ifdef CONFIG_IOMMU_API
445 - int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
446 -+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
447 - int kvm_iommu_map_guest(struct kvm *kvm);
448 - int kvm_iommu_unmap_guest(struct kvm *kvm);
449 - int kvm_assign_device(struct kvm *kvm,
450 -@@ -606,6 +607,11 @@ static inline int kvm_iommu_map_pages(struct kvm *kvm,
451 - return 0;
452 - }
453 -
454 -+static inline void kvm_iommu_unmap_pages(struct kvm *kvm,
455 -+ struct kvm_memory_slot *slot)
456 -+{
457 -+}
458 -+
459 - static inline int kvm_iommu_map_guest(struct kvm *kvm)
460 - {
461 - return -ENODEV;
462 -@@ -721,7 +727,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
463 +@@ -727,7 +727,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
464 int kvm_set_irq_routing(struct kvm *kvm,
465 const struct kvm_irq_routing_entry *entries,
466 unsigned nr,
467 @@ -62735,7 +62723,7 @@ index ffc0213..2c1f2cb 100644
468 return nd->saved_names[nd->depth];
469 }
470 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
471 -index 0eac07c..a59f6a8 100644
472 +index 4f3b01a..8256d1a 100644
473 --- a/include/linux/netdevice.h
474 +++ b/include/linux/netdevice.h
475 @@ -1002,6 +1002,7 @@ struct net_device_ops {
476 @@ -63409,10 +63397,10 @@ index 92808b8..c28cac4 100644
477
478 /* shm_mode upper byte flags */
479 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
480 -index ae86ade..2b51468 100644
481 +index 42854ce..3b7d3c8 100644
482 --- a/include/linux/skbuff.h
483 +++ b/include/linux/skbuff.h
484 -@@ -654,7 +654,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
485 +@@ -655,7 +655,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
486 */
487 static inline int skb_queue_empty(const struct sk_buff_head *list)
488 {
489 @@ -63421,7 +63409,7 @@ index ae86ade..2b51468 100644
490 }
491
492 /**
493 -@@ -667,7 +667,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
494 +@@ -668,7 +668,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
495 static inline bool skb_queue_is_last(const struct sk_buff_head *list,
496 const struct sk_buff *skb)
497 {
498 @@ -63430,7 +63418,7 @@ index ae86ade..2b51468 100644
499 }
500
501 /**
502 -@@ -680,7 +680,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
503 +@@ -681,7 +681,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
504 static inline bool skb_queue_is_first(const struct sk_buff_head *list,
505 const struct sk_buff *skb)
506 {
507 @@ -63439,7 +63427,7 @@ index ae86ade..2b51468 100644
508 }
509
510 /**
511 -@@ -1545,7 +1545,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
512 +@@ -1558,7 +1558,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
513 * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
514 */
515 #ifndef NET_SKB_PAD
516 @@ -74954,7 +74942,7 @@ index 68bbf9f..5ef0d12 100644
517
518 return err;
519 diff --git a/net/core/dev.c b/net/core/dev.c
520 -index a4bf943..9c83051 100644
521 +index 7f72c9c..e29943b 100644
522 --- a/net/core/dev.c
523 +++ b/net/core/dev.c
524 @@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name)
525 @@ -75035,7 +75023,7 @@ index a4bf943..9c83051 100644
526 {
527 struct softnet_data *sd = &__get_cpu_var(softnet_data);
528 unsigned long time_limit = jiffies + 2;
529 -@@ -5890,7 +5894,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
530 +@@ -5858,7 +5862,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
531 } else {
532 netdev_stats_to_stats64(storage, &dev->stats);
533 }
534 @@ -75159,28 +75147,6 @@ index ff52ad0..aff1c0f 100644
535 i++, cmfptr++)
536 {
537 int new_fd;
538 -diff --git a/net/core/skbuff.c b/net/core/skbuff.c
539 -index da0c97f..8253632 100644
540 ---- a/net/core/skbuff.c
541 -+++ b/net/core/skbuff.c
542 -@@ -3160,6 +3160,8 @@ static void sock_rmem_free(struct sk_buff *skb)
543 - */
544 - int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
545 - {
546 -+ int len = skb->len;
547 -+
548 - if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
549 - (unsigned)sk->sk_rcvbuf)
550 - return -ENOMEM;
551 -@@ -3174,7 +3176,7 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
552 -
553 - skb_queue_tail(&sk->sk_error_queue, skb);
554 - if (!sock_flag(sk, SOCK_DEAD))
555 -- sk->sk_data_ready(sk, skb->len);
556 -+ sk->sk_data_ready(sk, len);
557 - return 0;
558 - }
559 - EXPORT_SYMBOL(sock_queue_err_skb);
560 diff --git a/net/core/sock.c b/net/core/sock.c
561 index 02f8dfe..86dfd4a 100644
562 --- a/net/core/sock.c
563 @@ -76172,7 +76138,7 @@ index d02f7e4..2d2a0f1 100644
564
565 static int raw6_seq_show(struct seq_file *seq, void *v)
566 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
567 -index 3edd05a..63aad01 100644
568 +index a89ca8d..12e66b0 100644
569 --- a/net/ipv6/tcp_ipv6.c
570 +++ b/net/ipv6/tcp_ipv6.c
571 @@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
572 @@ -76186,7 +76152,7 @@ index 3edd05a..63aad01 100644
573 static void tcp_v6_hash(struct sock *sk)
574 {
575 if (sk->sk_state != TCP_CLOSE) {
576 -@@ -1650,6 +1654,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
577 +@@ -1654,6 +1658,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
578 return 0;
579
580 reset:
581 @@ -76196,7 +76162,7 @@ index 3edd05a..63aad01 100644
582 tcp_v6_send_reset(sk, skb);
583 discard:
584 if (opt_skb)
585 -@@ -1729,12 +1736,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
586 +@@ -1733,12 +1740,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
587 TCP_SKB_CB(skb)->sacked = 0;
588
589 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
590 @@ -76219,7 +76185,7 @@ index 3edd05a..63aad01 100644
591
592 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
593 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
594 -@@ -1782,6 +1797,10 @@ no_tcp_socket:
595 +@@ -1786,6 +1801,10 @@ no_tcp_socket:
596 bad_packet:
597 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
598 } else {
599 @@ -76230,7 +76196,7 @@ index 3edd05a..63aad01 100644
600 tcp_v6_send_reset(NULL, skb);
601 }
602
603 -@@ -2043,7 +2062,13 @@ static void get_openreq6(struct seq_file *seq,
604 +@@ -2047,7 +2066,13 @@ static void get_openreq6(struct seq_file *seq,
605 uid,
606 0, /* non standard timer */
607 0, /* open_requests have no inode */
608 @@ -76245,7 +76211,7 @@ index 3edd05a..63aad01 100644
609 }
610
611 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
612 -@@ -2093,7 +2118,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
613 +@@ -2097,7 +2122,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
614 sock_i_uid(sp),
615 icsk->icsk_probes_out,
616 sock_i_ino(sp),
617 @@ -76259,7 +76225,7 @@ index 3edd05a..63aad01 100644
618 jiffies_to_clock_t(icsk->icsk_rto),
619 jiffies_to_clock_t(icsk->icsk_ack.ato),
620 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
621 -@@ -2128,7 +2158,13 @@ static void get_timewait6_sock(struct seq_file *seq,
622 +@@ -2132,7 +2162,13 @@ static void get_timewait6_sock(struct seq_file *seq,
623 dest->s6_addr32[2], dest->s6_addr32[3], destp,
624 tw->tw_substate, 0, 0,
625 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
626 @@ -76957,7 +76923,7 @@ index 4fe4fb4..87a89e5 100644
627 return 0;
628 }
629 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
630 -index 629b061..8f415cc 100644
631 +index 467af9c..8f415cc 100644
632 --- a/net/netlink/af_netlink.c
633 +++ b/net/netlink/af_netlink.c
634 @@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk)
635 @@ -76969,64 +76935,7 @@ index 629b061..8f415cc 100644
636 }
637
638 static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
639 -@@ -829,12 +829,19 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb,
640 - return 0;
641 - }
642 -
643 --int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
644 -+static int __netlink_sendskb(struct sock *sk, struct sk_buff *skb)
645 - {
646 - int len = skb->len;
647 -
648 - skb_queue_tail(&sk->sk_receive_queue, skb);
649 - sk->sk_data_ready(sk, len);
650 -+ return len;
651 -+}
652 -+
653 -+int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
654 -+{
655 -+ int len = __netlink_sendskb(sk, skb);
656 -+
657 - sock_put(sk);
658 - return len;
659 - }
660 -@@ -957,8 +964,7 @@ static int netlink_broadcast_deliver(struct sock *sk, struct sk_buff *skb)
661 - if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf &&
662 - !test_bit(0, &nlk->state)) {
663 - skb_set_owner_r(skb, sk);
664 -- skb_queue_tail(&sk->sk_receive_queue, skb);
665 -- sk->sk_data_ready(sk, skb->len);
666 -+ __netlink_sendskb(sk, skb);
667 - return atomic_read(&sk->sk_rmem_alloc) > (sk->sk_rcvbuf >> 1);
668 - }
669 - return -1;
670 -@@ -1680,10 +1686,8 @@ static int netlink_dump(struct sock *sk)
671 -
672 - if (sk_filter(sk, skb))
673 - kfree_skb(skb);
674 -- else {
675 -- skb_queue_tail(&sk->sk_receive_queue, skb);
676 -- sk->sk_data_ready(sk, skb->len);
677 -- }
678 -+ else
679 -+ __netlink_sendskb(sk, skb);
680 - return 0;
681 - }
682 -
683 -@@ -1697,10 +1701,8 @@ static int netlink_dump(struct sock *sk)
684 -
685 - if (sk_filter(sk, skb))
686 - kfree_skb(skb);
687 -- else {
688 -- skb_queue_tail(&sk->sk_receive_queue, skb);
689 -- sk->sk_data_ready(sk, skb->len);
690 -- }
691 -+ else
692 -+ __netlink_sendskb(sk, skb);
693 -
694 - if (cb->done)
695 - cb->done(cb);
696 -@@ -1995,7 +1997,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
697 +@@ -1997,7 +1997,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
698 sk_wmem_alloc_get(s),
699 nlk->cb,
700 atomic_read(&s->sk_refcnt),
701 @@ -77118,7 +77027,7 @@ index d65f699..05aa6ce 100644
702
703 err = proto_register(pp->prot, 1);
704 diff --git a/net/phonet/pep.c b/net/phonet/pep.c
705 -index 9f60008..ae96f04 100644
706 +index 9726fe6..fc4e3a4 100644
707 --- a/net/phonet/pep.c
708 +++ b/net/phonet/pep.c
709 @@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
710 @@ -77596,10 +77505,10 @@ index 1e2eee8..ce3967e 100644
711 assoc->assoc_id,
712 assoc->sndbuf_used,
713 diff --git a/net/sctp/socket.c b/net/sctp/socket.c
714 -index 408ebd0..202aa85 100644
715 +index d043722..6903416 100644
716 --- a/net/sctp/socket.c
717 +++ b/net/sctp/socket.c
718 -@@ -4574,7 +4574,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
719 +@@ -4575,7 +4575,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
720 addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
721 if (space_left < addrlen)
722 return -ENOMEM;
723 @@ -77609,7 +77518,7 @@ index 408ebd0..202aa85 100644
724 to += addrlen;
725 cnt++;
726 diff --git a/net/socket.c b/net/socket.c
727 -index 28a96af..61a7a06 100644
728 +index 0de4131..7e7ddab 100644
729 --- a/net/socket.c
730 +++ b/net/socket.c
731 @@ -88,6 +88,7 @@
732 @@ -78452,7 +78361,7 @@ index 0000000..8729101
733 +#!/bin/sh
734 +echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
735 diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
736 -index b89efe6..2c30808 100644
737 +index e047e17..ea646ec 100644
738 --- a/scripts/mod/file2alias.c
739 +++ b/scripts/mod/file2alias.c
740 @@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id,
741 @@ -86018,33 +85927,8 @@ index af0f22f..9a7d479 100644
742 } else
743 break;
744 }
745 -diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
746 -index a457d21..fec1723 100644
747 ---- a/virt/kvm/iommu.c
748 -+++ b/virt/kvm/iommu.c
749 -@@ -310,6 +310,11 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
750 - }
751 - }
752 -
753 -+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
754 -+{
755 -+ kvm_iommu_put_pages(kvm, slot->base_gfn, slot->npages);
756 -+}
757 -+
758 - static int kvm_iommu_unmap_memslots(struct kvm *kvm)
759 - {
760 - int idx;
761 -@@ -320,7 +325,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
762 - slots = kvm_memslots(kvm);
763 -
764 - kvm_for_each_memslot(memslot, slots)
765 -- kvm_iommu_put_pages(kvm, memslot->base_gfn, memslot->npages);
766 -+ kvm_iommu_unmap_pages(kvm, memslot);
767 -
768 - srcu_read_unlock(&kvm->srcu, idx);
769 -
770 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
771 -index a91f980..527711d 100644
772 +index c4ac57e..527711d 100644
773 --- a/virt/kvm/kvm_main.c
774 +++ b/virt/kvm/kvm_main.c
775 @@ -75,7 +75,7 @@ LIST_HEAD(vm_list);
776 @@ -86056,23 +85940,7 @@ index a91f980..527711d 100644
777
778 struct kmem_cache *kvm_vcpu_cache;
779 EXPORT_SYMBOL_GPL(kvm_vcpu_cache);
780 -@@ -873,12 +873,13 @@ skip_lpage:
781 - if (r)
782 - goto out_free;
783 -
784 -- /* map the pages in iommu page table */
785 -+ /* map/unmap the pages in iommu page table */
786 - if (npages) {
787 - r = kvm_iommu_map_pages(kvm, &new);
788 - if (r)
789 - goto out_free;
790 -- }
791 -+ } else
792 -+ kvm_iommu_unmap_pages(kvm, &old);
793 -
794 - r = -ENOMEM;
795 - slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots),
796 -@@ -2312,7 +2313,7 @@ static void hardware_enable_nolock(void *junk)
797 +@@ -2313,7 +2313,7 @@ static void hardware_enable_nolock(void *junk)
798
799 if (r) {
800 cpumask_clear_cpu(cpu, cpus_hardware_enabled);
801 @@ -86081,7 +85949,7 @@ index a91f980..527711d 100644
802 printk(KERN_INFO "kvm: enabling virtualization on "
803 "CPU%d failed\n", cpu);
804 }
805 -@@ -2366,10 +2367,10 @@ static int hardware_enable_all(void)
806 +@@ -2367,10 +2367,10 @@ static int hardware_enable_all(void)
807
808 kvm_usage_count++;
809 if (kvm_usage_count == 1) {
810 @@ -86094,7 +85962,7 @@ index a91f980..527711d 100644
811 hardware_disable_all_nolock();
812 r = -EBUSY;
813 }
814 -@@ -2732,7 +2733,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
815 +@@ -2733,7 +2733,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
816 kvm_arch_vcpu_put(vcpu);
817 }
818
819 @@ -86103,7 +85971,7 @@ index a91f980..527711d 100644
820 struct module *module)
821 {
822 int r;
823 -@@ -2795,7 +2796,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
824 +@@ -2796,7 +2796,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
825 if (!vcpu_align)
826 vcpu_align = __alignof__(struct kvm_vcpu);
827 kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
828 @@ -86112,7 +85980,7 @@ index a91f980..527711d 100644
829 if (!kvm_vcpu_cache) {
830 r = -ENOMEM;
831 goto out_free_3;
832 -@@ -2805,9 +2806,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
833 +@@ -2806,9 +2806,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
834 if (r)
835 goto out_free;
836
837
838 diff --git a/3.3.3/4430_grsec-remove-localversion-grsec.patch b/3.3.4/4430_grsec-remove-localversion-grsec.patch
839 similarity index 100%
840 rename from 3.3.3/4430_grsec-remove-localversion-grsec.patch
841 rename to 3.3.4/4430_grsec-remove-localversion-grsec.patch
842
843 diff --git a/3.3.3/4435_grsec-mute-warnings.patch b/3.3.4/4435_grsec-mute-warnings.patch
844 similarity index 100%
845 rename from 3.3.3/4435_grsec-mute-warnings.patch
846 rename to 3.3.4/4435_grsec-mute-warnings.patch
847
848 diff --git a/3.3.3/4440_grsec-remove-protected-paths.patch b/3.3.4/4440_grsec-remove-protected-paths.patch
849 similarity index 100%
850 rename from 3.3.3/4440_grsec-remove-protected-paths.patch
851 rename to 3.3.4/4440_grsec-remove-protected-paths.patch
852
853 diff --git a/3.3.3/4445_grsec-pax-without-grsec.patch b/3.3.4/4445_grsec-pax-without-grsec.patch
854 similarity index 100%
855 rename from 3.3.3/4445_grsec-pax-without-grsec.patch
856 rename to 3.3.4/4445_grsec-pax-without-grsec.patch
857
858 diff --git a/3.3.3/4450_grsec-kconfig-default-gids.patch b/3.3.4/4450_grsec-kconfig-default-gids.patch
859 similarity index 100%
860 rename from 3.3.3/4450_grsec-kconfig-default-gids.patch
861 rename to 3.3.4/4450_grsec-kconfig-default-gids.patch
862
863 diff --git a/3.3.3/4455_grsec-kconfig-gentoo.patch b/3.3.4/4455_grsec-kconfig-gentoo.patch
864 similarity index 100%
865 rename from 3.3.3/4455_grsec-kconfig-gentoo.patch
866 rename to 3.3.4/4455_grsec-kconfig-gentoo.patch
867
868 diff --git a/3.3.3/4460-grsec-kconfig-proc-user.patch b/3.3.4/4460-grsec-kconfig-proc-user.patch
869 similarity index 100%
870 rename from 3.3.3/4460-grsec-kconfig-proc-user.patch
871 rename to 3.3.4/4460-grsec-kconfig-proc-user.patch
872
873 diff --git a/3.3.3/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.4/4465_selinux-avc_audit-log-curr_ip.patch
874 similarity index 100%
875 rename from 3.3.3/4465_selinux-avc_audit-log-curr_ip.patch
876 rename to 3.3.4/4465_selinux-avc_audit-log-curr_ip.patch
877
878 diff --git a/3.3.3/4470_disable-compat_vdso.patch b/3.3.4/4470_disable-compat_vdso.patch
879 similarity index 100%
880 rename from 3.3.3/4470_disable-compat_vdso.patch
881 rename to 3.3.4/4470_disable-compat_vdso.patch
Report Message
Find on MARC Find on Google Groups