Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.4/
Date: Wed, 28 May 2014 16:26:09
Message-Id: 1401294487.9a41f2d531a27a9cbbf7071595929f89f79ab809.blueness@gentoo
1 commit: 9a41f2d531a27a9cbbf7071595929f89f79ab809
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 28 16:28:07 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed May 28 16:28:07 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=9a41f2d5
7
8 Grsec/PaX: 3.0-3.14.4-201405271114
9
10 ---
11 3.14.4/0000_README | 2 +-
12 ... 4420_grsecurity-3.0-3.14.4-201405271114.patch} | 283 ++++++++++++++++-----
13 3.14.4/4450_grsec-kconfig-default-gids.patch | 12 +-
14 3.14.4/4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
15 4 files changed, 228 insertions(+), 71 deletions(-)
16
17 diff --git a/3.14.4/0000_README b/3.14.4/0000_README
18 index 1ddd194..4203555 100644
19 --- a/3.14.4/0000_README
20 +++ b/3.14.4/0000_README
21 @@ -2,7 +2,7 @@ README
22 -----------------------------------------------------------------------------
23 Individual Patch Descriptions:
24 -----------------------------------------------------------------------------
25 -Patch: 4420_grsecurity-3.0-3.14.4-201405252047.patch
26 +Patch: 4420_grsecurity-3.0-3.14.4-201405271114.patch
27 From: http://www.grsecurity.net
28 Desc: hardened-sources base patch from upstream grsecurity
29
30
31 diff --git a/3.14.4/4420_grsecurity-3.0-3.14.4-201405252047.patch b/3.14.4/4420_grsecurity-3.0-3.14.4-201405271114.patch
32 similarity index 99%
33 rename from 3.14.4/4420_grsecurity-3.0-3.14.4-201405252047.patch
34 rename to 3.14.4/4420_grsecurity-3.0-3.14.4-201405271114.patch
35 index f294dbc..3537db8 100644
36 --- a/3.14.4/4420_grsecurity-3.0-3.14.4-201405252047.patch
37 +++ b/3.14.4/4420_grsecurity-3.0-3.14.4-201405271114.patch
38 @@ -27813,7 +27813,7 @@ index 1c113db..287b42e 100644
39 static int trace_irq_vector_refcount;
40 static DEFINE_MUTEX(irq_vector_mutex);
41 diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
42 -index 57409f6..e2c17e1 100644
43 +index 57409f6..b505597 100644
44 --- a/arch/x86/kernel/traps.c
45 +++ b/arch/x86/kernel/traps.c
46 @@ -66,7 +66,7 @@
47 @@ -27892,7 +27892,19 @@ index 57409f6..e2c17e1 100644
48 regs->ip, regs->sp, error_code);
49 print_vma_addr(" in ", regs->ip);
50 pr_cont("\n");
51 -@@ -273,7 +285,7 @@ do_general_protection(struct pt_regs *regs, long error_code)
52 +@@ -251,6 +263,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
53 + tsk->thread.error_code = error_code;
54 + tsk->thread.trap_nr = X86_TRAP_DF;
55 +
56 ++#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
57 ++ if ((unsigned long)tsk->stack - regs->sp <= PAGE_SIZE)
58 ++ die("grsec: kernel stack overflow detected", regs, error_code);
59 ++#endif
60 ++
61 + #ifdef CONFIG_DOUBLEFAULT
62 + df_debug(regs, error_code);
63 + #endif
64 +@@ -273,7 +290,7 @@ do_general_protection(struct pt_regs *regs, long error_code)
65 conditional_sti(regs);
66
67 #ifdef CONFIG_X86_32
68 @@ -27901,7 +27913,7 @@ index 57409f6..e2c17e1 100644
69 local_irq_enable();
70 handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code);
71 goto exit;
72 -@@ -281,18 +293,42 @@ do_general_protection(struct pt_regs *regs, long error_code)
73 +@@ -281,18 +298,42 @@ do_general_protection(struct pt_regs *regs, long error_code)
74 #endif
75
76 tsk = current;
77 @@ -27946,7 +27958,7 @@ index 57409f6..e2c17e1 100644
78 tsk->thread.error_code = error_code;
79 tsk->thread.trap_nr = X86_TRAP_GP;
80
81 -@@ -453,7 +489,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
82 +@@ -453,7 +494,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
83 /* It's safe to allow irq's after DR6 has been saved */
84 preempt_conditional_sti(regs);
85
86 @@ -27955,7 +27967,7 @@ index 57409f6..e2c17e1 100644
87 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code,
88 X86_TRAP_DB);
89 preempt_conditional_cli(regs);
90 -@@ -468,7 +504,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
91 +@@ -468,7 +509,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
92 * We already checked v86 mode above, so we can check for kernel mode
93 * by just checking the CPL of CS.
94 */
95 @@ -27964,7 +27976,7 @@ index 57409f6..e2c17e1 100644
96 tsk->thread.debugreg6 &= ~DR_STEP;
97 set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
98 regs->flags &= ~X86_EFLAGS_TF;
99 -@@ -500,7 +536,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
100 +@@ -500,7 +541,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
101 return;
102 conditional_sti(regs);
103
104 @@ -58826,7 +58838,7 @@ index e4141f2..d8263e8 100644
105 i += packet_length_size;
106 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
107 diff --git a/fs/exec.c b/fs/exec.c
108 -index 3d78fcc..460e2a0 100644
109 +index 3d78fcc..cd4f983 100644
110 --- a/fs/exec.c
111 +++ b/fs/exec.c
112 @@ -55,8 +55,20 @@
113 @@ -59135,7 +59147,15 @@ index 3d78fcc..460e2a0 100644
114 set_fs(old_fs);
115 return result;
116 }
117 -@@ -1258,7 +1336,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
118 +@@ -846,6 +924,7 @@ static int exec_mmap(struct mm_struct *mm)
119 + tsk->mm = mm;
120 + tsk->active_mm = mm;
121 + activate_mm(active_mm, mm);
122 ++ populate_stack();
123 + task_unlock(tsk);
124 + if (old_mm) {
125 + up_read(&old_mm->mmap_sem);
126 +@@ -1258,7 +1337,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
127 }
128 rcu_read_unlock();
129
130 @@ -59144,7 +59164,7 @@ index 3d78fcc..460e2a0 100644
131 bprm->unsafe |= LSM_UNSAFE_SHARE;
132 else
133 p->fs->in_exec = 1;
134 -@@ -1434,6 +1512,31 @@ static int exec_binprm(struct linux_binprm *bprm)
135 +@@ -1434,6 +1513,31 @@ static int exec_binprm(struct linux_binprm *bprm)
136 return ret;
137 }
138
139 @@ -59176,7 +59196,7 @@ index 3d78fcc..460e2a0 100644
140 /*
141 * sys_execve() executes a new program.
142 */
143 -@@ -1441,6 +1544,11 @@ static int do_execve_common(struct filename *filename,
144 +@@ -1441,6 +1545,11 @@ static int do_execve_common(struct filename *filename,
145 struct user_arg_ptr argv,
146 struct user_arg_ptr envp)
147 {
148 @@ -59188,7 +59208,7 @@ index 3d78fcc..460e2a0 100644
149 struct linux_binprm *bprm;
150 struct file *file;
151 struct files_struct *displaced;
152 -@@ -1449,6 +1557,8 @@ static int do_execve_common(struct filename *filename,
153 +@@ -1449,6 +1558,8 @@ static int do_execve_common(struct filename *filename,
154 if (IS_ERR(filename))
155 return PTR_ERR(filename);
156
157 @@ -59197,7 +59217,7 @@ index 3d78fcc..460e2a0 100644
158 /*
159 * We move the actual failure in case of RLIMIT_NPROC excess from
160 * set*uid() to execve() because too many poorly written programs
161 -@@ -1486,11 +1596,21 @@ static int do_execve_common(struct filename *filename,
162 +@@ -1486,11 +1597,21 @@ static int do_execve_common(struct filename *filename,
163 if (IS_ERR(file))
164 goto out_unmark;
165
166 @@ -59219,7 +59239,7 @@ index 3d78fcc..460e2a0 100644
167 retval = bprm_mm_init(bprm);
168 if (retval)
169 goto out_unmark;
170 -@@ -1507,24 +1627,70 @@ static int do_execve_common(struct filename *filename,
171 +@@ -1507,24 +1628,70 @@ static int do_execve_common(struct filename *filename,
172 if (retval < 0)
173 goto out;
174
175 @@ -59294,7 +59314,7 @@ index 3d78fcc..460e2a0 100644
176 current->fs->in_exec = 0;
177 current->in_execve = 0;
178 acct_update_integrals(current);
179 -@@ -1535,6 +1701,14 @@ static int do_execve_common(struct filename *filename,
180 +@@ -1535,6 +1702,14 @@ static int do_execve_common(struct filename *filename,
181 put_files_struct(displaced);
182 return retval;
183
184 @@ -59309,7 +59329,7 @@ index 3d78fcc..460e2a0 100644
185 out:
186 if (bprm->mm) {
187 acct_arg_size(bprm, 0);
188 -@@ -1626,3 +1800,296 @@ asmlinkage long compat_sys_execve(const char __user * filename,
189 +@@ -1626,3 +1801,296 @@ asmlinkage long compat_sys_execve(const char __user * filename,
190 return compat_do_execve(getname(filename), argv, envp);
191 }
192 #endif
193 @@ -65953,10 +65973,10 @@ index bcfe612..aa399c0 100644
194
195 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
196 new file mode 100644
197 -index 0000000..3abaf02
198 +index 0000000..a14eb52
199 --- /dev/null
200 +++ b/grsecurity/Kconfig
201 -@@ -0,0 +1,1161 @@
202 +@@ -0,0 +1,1174 @@
203 +#
204 +# grecurity configuration
205 +#
206 @@ -66095,6 +66115,19 @@ index 0000000..3abaf02
207 + If you use PaX it is essential that you say Y here as it closes up
208 + several holes that make full ASLR useless locally.
209 +
210 ++
211 ++config GRKERNSEC_KSTACKOVERFLOW
212 ++ bool "Prevent kernel stack overflows"
213 ++ default y if GRKERNSEC_CONFIG_AUTO
214 ++ depends on !IA64 && 64BIT
215 ++ help
216 ++ If you say Y here, the kernel's process stacks will be allocated
217 ++ with vmalloc instead of the kernel's default allocator. This
218 ++ introduces guard pages that in combination with the alloca checking
219 ++ of the STACKLEAK feature prevents all forms of kernel process stack
220 ++ overflow abuse. Note that this is different from kernel stack
221 ++ buffer overflows.
222 ++
223 +config GRKERNSEC_BRUTE
224 + bool "Deter exploit bruteforcing"
225 + default y if GRKERNSEC_CONFIG_AUTO
226 @@ -82073,7 +82106,7 @@ index b66c211..13d2915 100644
227 static inline void anon_vma_merge(struct vm_area_struct *vma,
228 struct vm_area_struct *next)
229 diff --git a/include/linux/sched.h b/include/linux/sched.h
230 -index a781dec..be1d2a3 100644
231 +index a781dec..2c03225 100644
232 --- a/include/linux/sched.h
233 +++ b/include/linux/sched.h
234 @@ -129,6 +129,7 @@ struct fs_struct;
235 @@ -82309,7 +82342,33 @@ index a781dec..be1d2a3 100644
236 {
237 return tsk->pid;
238 }
239 -@@ -2112,7 +2223,9 @@ void yield(void);
240 +@@ -1988,6 +2099,25 @@ extern u64 sched_clock_cpu(int cpu);
241 +
242 + extern void sched_clock_init(void);
243 +
244 ++#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
245 ++static inline void populate_stack(void)
246 ++{
247 ++ struct task_struct *curtask = current;
248 ++ int c;
249 ++ int *ptr = curtask->stack;
250 ++ int *end = curtask->stack + THREAD_SIZE;
251 ++
252 ++ while (ptr < end) {
253 ++ c = *(volatile int *)ptr;
254 ++ ptr += PAGE_SIZE/sizeof(int);
255 ++ }
256 ++}
257 ++#else
258 ++static inline void populate_stack(void)
259 ++{
260 ++}
261 ++#endif
262 ++
263 + #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
264 + static inline void sched_clock_tick(void)
265 + {
266 +@@ -2112,7 +2242,9 @@ void yield(void);
267 extern struct exec_domain default_exec_domain;
268
269 union thread_union {
270 @@ -82319,7 +82378,7 @@ index a781dec..be1d2a3 100644
271 unsigned long stack[THREAD_SIZE/sizeof(long)];
272 };
273
274 -@@ -2145,6 +2258,7 @@ extern struct pid_namespace init_pid_ns;
275 +@@ -2145,6 +2277,7 @@ extern struct pid_namespace init_pid_ns;
276 */
277
278 extern struct task_struct *find_task_by_vpid(pid_t nr);
279 @@ -82327,7 +82386,7 @@ index a781dec..be1d2a3 100644
280 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
281 struct pid_namespace *ns);
282
283 -@@ -2307,7 +2421,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
284 +@@ -2307,7 +2440,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
285 extern void exit_itimers(struct signal_struct *);
286 extern void flush_itimer_signals(void);
287
288 @@ -82336,7 +82395,7 @@ index a781dec..be1d2a3 100644
289
290 extern int allow_signal(int);
291 extern int disallow_signal(int);
292 -@@ -2508,9 +2622,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
293 +@@ -2508,9 +2641,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
294
295 #endif
296
297 @@ -83302,7 +83361,7 @@ index 502073a..a7de024 100644
298 #endif
299 #endif /* _LINUX_VGA_SWITCHEROO_H_ */
300 diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
301 -index 4b8a891..cb8df6e 100644
302 +index 4b8a891..05f2361 100644
303 --- a/include/linux/vmalloc.h
304 +++ b/include/linux/vmalloc.h
305 @@ -16,6 +16,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
306 @@ -83317,7 +83376,15 @@ index 4b8a891..cb8df6e 100644
307 /* bits [20..32] reserved for arch specific ioremap internals */
308
309 /*
310 -@@ -142,7 +147,7 @@ extern void free_vm_area(struct vm_struct *area);
311 +@@ -72,6 +77,7 @@ extern void *vzalloc_node(unsigned long size, int node);
312 + extern void *vmalloc_exec(unsigned long size);
313 + extern void *vmalloc_32(unsigned long size);
314 + extern void *vmalloc_32_user(unsigned long size);
315 ++extern void *vmalloc_stack(int node);
316 + extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot);
317 + extern void *__vmalloc_node_range(unsigned long size, unsigned long align,
318 + unsigned long start, unsigned long end, gfp_t gfp_mask,
319 +@@ -142,7 +148,7 @@ extern void free_vm_area(struct vm_struct *area);
320
321 /* for /dev/kmem */
322 extern long vread(char *buf, char *addr, unsigned long count);
323 @@ -86418,10 +86485,49 @@ index 81b3d67..ef189a4 100644
324 {
325 struct signal_struct *sig = current->signal;
326 diff --git a/kernel/fork.c b/kernel/fork.c
327 -index a17621c..b77fef8 100644
328 +index a17621c..d9e4b37 100644
329 --- a/kernel/fork.c
330 +++ b/kernel/fork.c
331 -@@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
332 +@@ -137,6 +137,18 @@ void __weak arch_release_thread_info(struct thread_info *ti)
333 + {
334 + }
335 +
336 ++#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
337 ++static struct thread_info *alloc_thread_info_node(struct task_struct *tsk,
338 ++ int node)
339 ++{
340 ++ return vmalloc_stack(node);
341 ++}
342 ++
343 ++static inline void free_thread_info(struct thread_info *ti)
344 ++{
345 ++ vfree(ti);
346 ++}
347 ++#else
348 + #ifndef CONFIG_ARCH_THREAD_INFO_ALLOCATOR
349 +
350 + /*
351 +@@ -179,6 +191,7 @@ void thread_info_cache_init(void)
352 + }
353 + # endif
354 + #endif
355 ++#endif
356 +
357 + /* SLAB cache for signal_struct structures (tsk->signal) */
358 + static struct kmem_cache *signal_cachep;
359 +@@ -200,9 +213,11 @@ static struct kmem_cache *mm_cachep;
360 +
361 + static void account_kernel_stack(struct thread_info *ti, int account)
362 + {
363 ++#ifndef CONFIG_GRKERNSEC_KSTACKOVERFLOW
364 + struct zone *zone = page_zone(virt_to_page(ti));
365 +
366 + mod_zone_page_state(zone, NR_KERNEL_STACK, account);
367 ++#endif
368 + }
369 +
370 + void free_task(struct task_struct *tsk)
371 +@@ -319,7 +334,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
372 *stackend = STACK_END_MAGIC; /* for overflow detection */
373
374 #ifdef CONFIG_CC_STACKPROTECTOR
375 @@ -86430,7 +86536,7 @@ index a17621c..b77fef8 100644
376 #endif
377
378 /*
379 -@@ -345,12 +345,80 @@ free_tsk:
380 +@@ -345,12 +360,80 @@ free_tsk:
381 }
382
383 #ifdef CONFIG_MMU
384 @@ -86513,7 +86619,7 @@ index a17621c..b77fef8 100644
385
386 uprobe_start_dup_mmap();
387 down_write(&oldmm->mmap_sem);
388 -@@ -379,55 +447,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
389 +@@ -379,55 +462,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
390
391 prev = NULL;
392 for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
393 @@ -86573,7 +86679,7 @@ index a17621c..b77fef8 100644
394 }
395
396 /*
397 -@@ -459,6 +487,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
398 +@@ -459,6 +502,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
399 if (retval)
400 goto out;
401 }
402 @@ -86605,7 +86711,7 @@ index a17621c..b77fef8 100644
403 /* a new mm has just been created */
404 arch_dup_mmap(oldmm, mm);
405 retval = 0;
406 -@@ -468,14 +521,6 @@ out:
407 +@@ -468,14 +536,6 @@ out:
408 up_write(&oldmm->mmap_sem);
409 uprobe_end_dup_mmap();
410 return retval;
411 @@ -86620,7 +86726,7 @@ index a17621c..b77fef8 100644
412 }
413
414 static inline int mm_alloc_pgd(struct mm_struct *mm)
415 -@@ -689,8 +734,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
416 +@@ -689,8 +749,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
417 return ERR_PTR(err);
418
419 mm = get_task_mm(task);
420 @@ -86631,7 +86737,7 @@ index a17621c..b77fef8 100644
421 mmput(mm);
422 mm = ERR_PTR(-EACCES);
423 }
424 -@@ -906,13 +951,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
425 +@@ -906,13 +966,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
426 spin_unlock(&fs->lock);
427 return -EAGAIN;
428 }
429 @@ -86653,7 +86759,7 @@ index a17621c..b77fef8 100644
430 return 0;
431 }
432
433 -@@ -1130,7 +1182,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
434 +@@ -1130,7 +1197,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
435 * parts of the process environment (as per the clone
436 * flags). The actual kick-off is left to the caller.
437 */
438 @@ -86662,7 +86768,7 @@ index a17621c..b77fef8 100644
439 unsigned long stack_start,
440 unsigned long stack_size,
441 int __user *child_tidptr,
442 -@@ -1202,6 +1254,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
443 +@@ -1202,6 +1269,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
444 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
445 #endif
446 retval = -EAGAIN;
447 @@ -86672,7 +86778,7 @@ index a17621c..b77fef8 100644
448 if (atomic_read(&p->real_cred->user->processes) >=
449 task_rlimit(p, RLIMIT_NPROC)) {
450 if (p->real_cred->user != INIT_USER &&
451 -@@ -1449,6 +1504,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
452 +@@ -1449,6 +1519,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
453 goto bad_fork_free_pid;
454 }
455
456 @@ -86684,7 +86790,7 @@ index a17621c..b77fef8 100644
457 if (likely(p->pid)) {
458 ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
459
460 -@@ -1537,6 +1597,8 @@ bad_fork_cleanup_count:
461 +@@ -1537,6 +1612,8 @@ bad_fork_cleanup_count:
462 bad_fork_free:
463 free_task(p);
464 fork_out:
465 @@ -86693,7 +86799,7 @@ index a17621c..b77fef8 100644
466 return ERR_PTR(retval);
467 }
468
469 -@@ -1598,6 +1660,7 @@ long do_fork(unsigned long clone_flags,
470 +@@ -1598,6 +1675,7 @@ long do_fork(unsigned long clone_flags,
471
472 p = copy_process(clone_flags, stack_start, stack_size,
473 child_tidptr, NULL, trace);
474 @@ -86701,7 +86807,7 @@ index a17621c..b77fef8 100644
475 /*
476 * Do this prior waking up the new thread - the thread pointer
477 * might get invalid after that point, if the thread exits quickly.
478 -@@ -1612,6 +1675,8 @@ long do_fork(unsigned long clone_flags,
479 +@@ -1612,6 +1690,8 @@ long do_fork(unsigned long clone_flags,
480 if (clone_flags & CLONE_PARENT_SETTID)
481 put_user(nr, parent_tidptr);
482
483 @@ -86710,7 +86816,7 @@ index a17621c..b77fef8 100644
484 if (clone_flags & CLONE_VFORK) {
485 p->vfork_done = &vfork;
486 init_completion(&vfork);
487 -@@ -1728,7 +1793,7 @@ void __init proc_caches_init(void)
488 +@@ -1728,7 +1808,7 @@ void __init proc_caches_init(void)
489 mm_cachep = kmem_cache_create("mm_struct",
490 sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
491 SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
492 @@ -86719,7 +86825,7 @@ index a17621c..b77fef8 100644
493 mmap_init();
494 nsproxy_cache_init();
495 }
496 -@@ -1768,7 +1833,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
497 +@@ -1768,7 +1848,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
498 return 0;
499
500 /* don't need lock here; in the worst case we'll do useless copy */
501 @@ -86728,7 +86834,7 @@ index a17621c..b77fef8 100644
502 return 0;
503
504 *new_fsp = copy_fs_struct(fs);
505 -@@ -1875,7 +1940,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
506 +@@ -1875,7 +1955,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
507 fs = current->fs;
508 spin_lock(&fs->lock);
509 current->fs = new_fs;
510 @@ -89806,7 +89912,7 @@ index a63f4dc..349bbb0 100644
511 unsigned long timeout)
512 {
513 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
514 -index f5c6635..ab9f223 100644
515 +index f5c6635..7133356 100644
516 --- a/kernel/sched/core.c
517 +++ b/kernel/sched/core.c
518 @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
519 @@ -89818,7 +89924,19 @@ index f5c6635..ab9f223 100644
520 int err;
521 int state = numabalancing_enabled;
522
523 -@@ -3049,6 +3049,8 @@ int can_nice(const struct task_struct *p, const int nice)
524 +@@ -2251,8 +2251,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
525 + next->active_mm = oldmm;
526 + atomic_inc(&oldmm->mm_count);
527 + enter_lazy_tlb(oldmm, next);
528 +- } else
529 ++ } else {
530 + switch_mm(oldmm, mm, next);
531 ++ populate_stack();
532 ++ }
533 +
534 + if (!prev->mm) {
535 + prev->active_mm = NULL;
536 +@@ -3049,6 +3051,8 @@ int can_nice(const struct task_struct *p, const int nice)
537 /* convert nice value [19,-20] to rlimit style value [1,40] */
538 int nice_rlim = 20 - nice;
539
540 @@ -89827,7 +89945,7 @@ index f5c6635..ab9f223 100644
541 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
542 capable(CAP_SYS_NICE));
543 }
544 -@@ -3082,7 +3084,8 @@ SYSCALL_DEFINE1(nice, int, increment)
545 +@@ -3082,7 +3086,8 @@ SYSCALL_DEFINE1(nice, int, increment)
546 if (nice > 19)
547 nice = 19;
548
549 @@ -89837,7 +89955,7 @@ index f5c6635..ab9f223 100644
550 return -EPERM;
551
552 retval = security_task_setnice(current, nice);
553 -@@ -3332,6 +3335,7 @@ recheck:
554 +@@ -3332,6 +3337,7 @@ recheck:
555 if (policy != p->policy && !rlim_rtprio)
556 return -EPERM;
557
558 @@ -89845,7 +89963,19 @@ index f5c6635..ab9f223 100644
559 /* can't increase priority */
560 if (attr->sched_priority > p->rt_priority &&
561 attr->sched_priority > rlim_rtprio)
562 -@@ -4781,7 +4785,7 @@ static void migrate_tasks(unsigned int dead_cpu)
563 +@@ -4702,8 +4708,10 @@ void idle_task_exit(void)
564 +
565 + BUG_ON(cpu_online(smp_processor_id()));
566 +
567 +- if (mm != &init_mm)
568 ++ if (mm != &init_mm) {
569 + switch_mm(mm, &init_mm, current);
570 ++ populate_stack();
571 ++ }
572 + mmdrop(mm);
573 + }
574 +
575 +@@ -4781,7 +4789,7 @@ static void migrate_tasks(unsigned int dead_cpu)
576
577 #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
578
579 @@ -89854,7 +89984,7 @@ index f5c6635..ab9f223 100644
580 {
581 .procname = "sched_domain",
582 .mode = 0555,
583 -@@ -4798,17 +4802,17 @@ static struct ctl_table sd_ctl_root[] = {
584 +@@ -4798,17 +4806,17 @@ static struct ctl_table sd_ctl_root[] = {
585 {}
586 };
587
588 @@ -89876,7 +90006,7 @@ index f5c6635..ab9f223 100644
589
590 /*
591 * In the intermediate directories, both the child directory and
592 -@@ -4816,22 +4820,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
593 +@@ -4816,22 +4824,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
594 * will always be set. In the lowest directory the names are
595 * static strings and all have proc handlers.
596 */
597 @@ -89908,7 +90038,7 @@ index f5c6635..ab9f223 100644
598 const char *procname, void *data, int maxlen,
599 umode_t mode, proc_handler *proc_handler,
600 bool load_idx)
601 -@@ -4851,7 +4858,7 @@ set_table_entry(struct ctl_table *entry,
602 +@@ -4851,7 +4862,7 @@ set_table_entry(struct ctl_table *entry,
603 static struct ctl_table *
604 sd_alloc_ctl_domain_table(struct sched_domain *sd)
605 {
606 @@ -89917,7 +90047,7 @@ index f5c6635..ab9f223 100644
607
608 if (table == NULL)
609 return NULL;
610 -@@ -4886,9 +4893,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
611 +@@ -4886,9 +4897,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
612 return table;
613 }
614
615 @@ -89929,7 +90059,7 @@ index f5c6635..ab9f223 100644
616 struct sched_domain *sd;
617 int domain_num = 0, i;
618 char buf[32];
619 -@@ -4915,11 +4922,13 @@ static struct ctl_table_header *sd_sysctl_header;
620 +@@ -4915,11 +4926,13 @@ static struct ctl_table_header *sd_sysctl_header;
621 static void register_sched_domain_sysctl(void)
622 {
623 int i, cpu_num = num_possible_cpus();
624 @@ -89944,7 +90074,7 @@ index f5c6635..ab9f223 100644
625
626 if (entry == NULL)
627 return;
628 -@@ -4942,8 +4951,12 @@ static void unregister_sched_domain_sysctl(void)
629 +@@ -4942,8 +4955,12 @@ static void unregister_sched_domain_sysctl(void)
630 if (sd_sysctl_header)
631 unregister_sysctl_table(sd_sysctl_header);
632 sd_sysctl_header = NULL;
633 @@ -92241,10 +92371,24 @@ index 09d9591..165bb75 100644
634 bdi_destroy(bdi);
635 return err;
636 diff --git a/mm/filemap.c b/mm/filemap.c
637 -index 7a13f6a..e52e841 100644
638 +index 7a13f6a..e31738b 100644
639 --- a/mm/filemap.c
640 +++ b/mm/filemap.c
641 -@@ -1766,7 +1766,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
642 +@@ -192,9 +192,11 @@ static int filemap_check_errors(struct address_space *mapping)
643 + {
644 + int ret = 0;
645 + /* Check for outstanding write errors */
646 +- if (test_and_clear_bit(AS_ENOSPC, &mapping->flags))
647 ++ if (test_bit(AS_ENOSPC, &mapping->flags) &&
648 ++ test_and_clear_bit(AS_ENOSPC, &mapping->flags))
649 + ret = -ENOSPC;
650 +- if (test_and_clear_bit(AS_EIO, &mapping->flags))
651 ++ if (test_bit(AS_EIO, &mapping->flags) &&
652 ++ test_and_clear_bit(AS_EIO, &mapping->flags))
653 + ret = -EIO;
654 + return ret;
655 + }
656 +@@ -1766,7 +1768,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
657 struct address_space *mapping = file->f_mapping;
658
659 if (!mapping->a_ops->readpage)
660 @@ -92253,7 +92397,7 @@ index 7a13f6a..e52e841 100644
661 file_accessed(file);
662 vma->vm_ops = &generic_file_vm_ops;
663 return 0;
664 -@@ -1948,7 +1948,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,
665 +@@ -1948,7 +1950,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,
666
667 while (bytes) {
668 char __user *buf = iov->iov_base + base;
669 @@ -92262,7 +92406,7 @@ index 7a13f6a..e52e841 100644
670
671 base = 0;
672 left = __copy_from_user_inatomic(vaddr, buf, copy);
673 -@@ -1977,7 +1977,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page,
674 +@@ -1977,7 +1979,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page,
675 BUG_ON(!in_atomic());
676 kaddr = kmap_atomic(page);
677 if (likely(i->nr_segs == 1)) {
678 @@ -92271,7 +92415,7 @@ index 7a13f6a..e52e841 100644
679 char __user *buf = i->iov->iov_base + i->iov_offset;
680 left = __copy_from_user_inatomic(kaddr + offset, buf, bytes);
681 copied = bytes - left;
682 -@@ -2005,7 +2005,7 @@ size_t iov_iter_copy_from_user(struct page *page,
683 +@@ -2005,7 +2007,7 @@ size_t iov_iter_copy_from_user(struct page *page,
684
685 kaddr = kmap(page);
686 if (likely(i->nr_segs == 1)) {
687 @@ -92280,7 +92424,7 @@ index 7a13f6a..e52e841 100644
688 char __user *buf = i->iov->iov_base + i->iov_offset;
689 left = __copy_from_user(kaddr + offset, buf, bytes);
690 copied = bytes - left;
691 -@@ -2035,7 +2035,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes)
692 +@@ -2035,7 +2037,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes)
693 * zero-length segments (without overruning the iovec).
694 */
695 while (bytes || unlikely(i->count && !iov->iov_len)) {
696 @@ -92289,7 +92433,7 @@ index 7a13f6a..e52e841 100644
697
698 copy = min(bytes, iov->iov_len - base);
699 BUG_ON(!i->count || i->count < copy);
700 -@@ -2106,6 +2106,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
701 +@@ -2106,6 +2108,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
702 *pos = i_size_read(inode);
703
704 if (limit != RLIM_INFINITY) {
705 @@ -96786,7 +96930,7 @@ index a24aa22..a0d41ae 100644
706 }
707 #endif
708 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
709 -index 0fdf968..d6686e8 100644
710 +index 0fdf968..2183ba3 100644
711 --- a/mm/vmalloc.c
712 +++ b/mm/vmalloc.c
713 @@ -59,8 +59,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
714 @@ -96932,7 +97076,20 @@ index 0fdf968..d6686e8 100644
715 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNINITIALIZED,
716 start, end, node, gfp_mask, caller);
717 if (!area)
718 -@@ -1810,10 +1868,9 @@ EXPORT_SYMBOL(vzalloc_node);
719 +@@ -1701,6 +1759,12 @@ static inline void *__vmalloc_node_flags(unsigned long size,
720 + node, __builtin_return_address(0));
721 + }
722 +
723 ++void *vmalloc_stack(int node)
724 ++{
725 ++ return __vmalloc_node(THREAD_SIZE, THREAD_SIZE, THREADINFO_GFP, PAGE_KERNEL,
726 ++ node, __builtin_return_address(0));
727 ++}
728 ++
729 + /**
730 + * vmalloc - allocate virtually contiguous memory
731 + * @size: allocation size
732 +@@ -1810,10 +1874,9 @@ EXPORT_SYMBOL(vzalloc_node);
733 * For tight control over page level allocator and protection flags
734 * use __vmalloc() instead.
735 */
736 @@ -96944,7 +97101,7 @@ index 0fdf968..d6686e8 100644
737 NUMA_NO_NODE, __builtin_return_address(0));
738 }
739
740 -@@ -2120,6 +2177,8 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr,
741 +@@ -2120,6 +2183,8 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr,
742 {
743 struct vm_struct *area;
744
745 @@ -96953,7 +97110,7 @@ index 0fdf968..d6686e8 100644
746 size = PAGE_ALIGN(size);
747
748 if (!PAGE_ALIGNED(uaddr) || !PAGE_ALIGNED(kaddr))
749 -@@ -2602,7 +2661,11 @@ static int s_show(struct seq_file *m, void *p)
750 +@@ -2602,7 +2667,11 @@ static int s_show(struct seq_file *m, void *p)
751 v->addr, v->addr + v->size, v->size);
752
753 if (v->caller)
754
755 diff --git a/3.14.4/4450_grsec-kconfig-default-gids.patch b/3.14.4/4450_grsec-kconfig-default-gids.patch
756 index ed2968f..a965a27 100644
757 --- a/3.14.4/4450_grsec-kconfig-default-gids.patch
758 +++ b/3.14.4/4450_grsec-kconfig-default-gids.patch
759 @@ -16,7 +16,7 @@ from shooting themselves in the foot.
760 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
761 --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400
762 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400
763 -@@ -665,7 +665,7 @@
764 +@@ -678,7 +678,7 @@
765 config GRKERNSEC_AUDIT_GID
766 int "GID for auditing"
767 depends on GRKERNSEC_AUDIT_GROUP
768 @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
769
770 config GRKERNSEC_EXECLOG
771 bool "Exec logging"
772 -@@ -896,7 +896,7 @@
773 +@@ -909,7 +909,7 @@
774 config GRKERNSEC_TPE_UNTRUSTED_GID
775 int "GID for TPE-untrusted users"
776 depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
777 @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
778 help
779 Setting this GID determines what group TPE restrictions will be
780 *enabled* for. If the sysctl option is enabled, a sysctl option
781 -@@ -905,7 +905,7 @@
782 +@@ -918,7 +918,7 @@
783 config GRKERNSEC_TPE_TRUSTED_GID
784 int "GID for TPE-trusted users"
785 depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
786 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
787 help
788 Setting this GID determines what group TPE restrictions will be
789 *disabled* for. If the sysctl option is enabled, a sysctl option
790 -@@ -998,7 +998,7 @@
791 +@@ -1011,7 +1011,7 @@
792 config GRKERNSEC_SOCKET_ALL_GID
793 int "GID to deny all sockets for"
794 depends on GRKERNSEC_SOCKET_ALL
795 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
796 help
797 Here you can choose the GID to disable socket access for. Remember to
798 add the users you want socket access disabled for to the GID
799 -@@ -1019,7 +1019,7 @@
800 +@@ -1032,7 +1032,7 @@
801 config GRKERNSEC_SOCKET_CLIENT_GID
802 int "GID to deny client sockets for"
803 depends on GRKERNSEC_SOCKET_CLIENT
804 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
805 help
806 Here you can choose the GID to disable client socket access for.
807 Remember to add the users you want client socket access disabled for to
808 -@@ -1037,7 +1037,7 @@
809 +@@ -1050,7 +1050,7 @@
810 config GRKERNSEC_SOCKET_SERVER_GID
811 int "GID to deny server sockets for"
812 depends on GRKERNSEC_SOCKET_SERVER
813
814 diff --git a/3.14.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.4/4465_selinux-avc_audit-log-curr_ip.patch
815 index aa90a6f..2765cdc 100644
816 --- a/3.14.4/4465_selinux-avc_audit-log-curr_ip.patch
817 +++ b/3.14.4/4465_selinux-avc_audit-log-curr_ip.patch
818 @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
819 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
820 --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
821 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
822 -@@ -1132,6 +1132,27 @@
823 +@@ -1145,6 +1145,27 @@
824 menu "Logging Options"
825 depends on GRKERNSEC
Report Message
Find on MARC Find on Google Groups