Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.1.6/, 3.1.5/, 2.6.32/
Date: Fri, 23 Dec 2011 23:34:13
Message-Id: 82d2c36cc22e9a10732b6279952d085c72230d17.blueness@gentoo
1 commit: 82d2c36cc22e9a10732b6279952d085c72230d17
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Fri Dec 23 23:33:49 2011 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Fri Dec 23 23:33:49 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=82d2c36c
7
8 Grsec/PaX: 2.6.32.51-201112222105 + 3.1.6-201112222105
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.2.2-2.6.32.51-201112222105.patch} | 121 +-----
13 {3.1.5 => 3.1.6}/0000_README | 2 +-
14 .../4420_grsecurity-2.2.2-3.1.6-201112222105.patch | 431 ++++++++++----------
15 .../4421_grsec-remove-localversion-grsec.patch | 0
16 {3.1.5 => 3.1.6}/4422_grsec-mute-warnings.patch | 0
17 .../4423_grsec-remove-protected-paths.patch | 0
18 .../4425_grsec-pax-without-grsec.patch | 0
19 .../4430_grsec-kconfig-default-gids.patch | 0
20 {3.1.5 => 3.1.6}/4435_grsec-kconfig-gentoo.patch | 0
21 .../4437-grsec-kconfig-proc-user.patch | 0
22 .../4440_selinux-avc_audit-log-curr_ip.patch | 0
23 {3.1.5 => 3.1.6}/4445_disable-compat_vdso.patch | 0
24 13 files changed, 250 insertions(+), 306 deletions(-)
25
26 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
27 index 60b9d80..22c2947 100644
28 --- a/2.6.32/0000_README
29 +++ b/2.6.32/0000_README
30 @@ -3,7 +3,7 @@ README
31
32 Individual Patch Descriptions:
33 -----------------------------------------------------------------------------
34 -Patch: 4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch
35 +Patch: 4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch
36 From: http://www.grsecurity.net
37 Desc: hardened-sources base patch from upstream grsecurity
38
39
40 diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch
41 similarity index 99%
42 rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch
43 rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch
44 index bb97e13..1a4e34c 100644
45 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch
46 +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch
47 @@ -185,7 +185,7 @@ index c840e7d..f4c451c 100644
48
49 pcd. [PARIDE]
50 diff --git a/Makefile b/Makefile
51 -index f38986c..46a251b 100644
52 +index 1c640ea..b545bdc 100644
53 --- a/Makefile
54 +++ b/Makefile
55 @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
56 @@ -26002,19 +26002,10 @@ index 36fe08e..b123d3a 100644
57 EXPORT_SYMBOL_GPL(leave_mm);
58
59 diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
60 -index 044897b..a195924 100644
61 +index 829edf0..672adb3 100644
62 --- a/arch/x86/oprofile/backtrace.c
63 +++ b/arch/x86/oprofile/backtrace.c
64 -@@ -57,7 +57,7 @@ static struct frame_head *dump_user_backtrace(struct frame_head *head)
65 - struct frame_head bufhead[2];
66 -
67 - /* Also check accessibility of one struct frame_head beyond */
68 -- if (!access_ok(VERIFY_READ, head, sizeof(bufhead)))
69 -+ if (!__access_ok(VERIFY_READ, head, sizeof(bufhead)))
70 - return NULL;
71 - if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead)))
72 - return NULL;
73 -@@ -77,7 +77,7 @@ x86_backtrace(struct pt_regs * const regs, unsigned int depth)
74 +@@ -115,7 +115,7 @@ x86_backtrace(struct pt_regs * const regs, unsigned int depth)
75 {
76 struct frame_head *head = (struct frame_head *)frame_pointer(regs);
77
78 @@ -39601,10 +39592,10 @@ index 2ecbedb..42704f0 100644
79
80 tmp = cpu_to_le32(rts_threshold);
81 diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c
82 -index 5c4df24..3b42925 100644
83 +index 334ccd6..47f8944 100644
84 --- a/drivers/oprofile/buffer_sync.c
85 +++ b/drivers/oprofile/buffer_sync.c
86 -@@ -341,7 +341,7 @@ static void add_data(struct op_entry *entry, struct mm_struct *mm)
87 +@@ -342,7 +342,7 @@ static void add_data(struct op_entry *entry, struct mm_struct *mm)
88 if (cookie == NO_COOKIE)
89 offset = pc;
90 if (cookie == INVALID_COOKIE) {
91 @@ -39613,7 +39604,7 @@ index 5c4df24..3b42925 100644
92 offset = pc;
93 }
94 if (cookie != last_cookie) {
95 -@@ -385,14 +385,14 @@ add_sample(struct mm_struct *mm, struct op_sample *s, int in_kernel)
96 +@@ -386,14 +386,14 @@ add_sample(struct mm_struct *mm, struct op_sample *s, int in_kernel)
97 /* add userspace sample */
98
99 if (!mm) {
100 @@ -39630,7 +39621,7 @@ index 5c4df24..3b42925 100644
101 return 0;
102 }
103
104 -@@ -561,7 +561,7 @@ void sync_buffer(int cpu)
105 +@@ -562,7 +562,7 @@ void sync_buffer(int cpu)
106 /* ignore backtraces if failed to add a sample */
107 if (state == sb_bt_start) {
108 state = sb_bt_ignore;
109 @@ -50470,50 +50461,6 @@ index 4463297..4fed53b 100644
110 .uevent = gfs2_uevent,
111 };
112
113 -diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c
114 -index 052f214..2462c5b 100644
115 ---- a/fs/hfs/btree.c
116 -+++ b/fs/hfs/btree.c
117 -@@ -45,11 +45,27 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke
118 - case HFS_EXT_CNID:
119 - hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize,
120 - mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz));
121 -+
122 -+ if (HFS_I(tree->inode)->alloc_blocks >
123 -+ HFS_I(tree->inode)->first_blocks) {
124 -+ printk(KERN_ERR "hfs: invalid btree extent records\n");
125 -+ unlock_new_inode(tree->inode);
126 -+ goto free_inode;
127 -+ }
128 -+
129 - tree->inode->i_mapping->a_ops = &hfs_btree_aops;
130 - break;
131 - case HFS_CAT_CNID:
132 - hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize,
133 - mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz));
134 -+
135 -+ if (!HFS_I(tree->inode)->first_blocks) {
136 -+ printk(KERN_ERR "hfs: invalid btree extent records "
137 -+ "(0 size).\n");
138 -+ unlock_new_inode(tree->inode);
139 -+ goto free_inode;
140 -+ }
141 -+
142 - tree->inode->i_mapping->a_ops = &hfs_btree_aops;
143 - break;
144 - default:
145 -@@ -58,11 +74,6 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke
146 - }
147 - unlock_new_inode(tree->inode);
148 -
149 -- if (!HFS_I(tree->inode)->first_blocks) {
150 -- printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n");
151 -- goto free_inode;
152 -- }
153 --
154 - mapping = tree->inode->i_mapping;
155 - page = read_mapping_page(mapping, 0, NULL);
156 - if (IS_ERR(page))
157 diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c
158 index f6874ac..7cd98a8 100644
159 --- a/fs/hfsplus/catalog.c
160 @@ -71032,7 +70979,7 @@ index 4bde56f..29a9bab 100644
161 else
162 new_fs = fs;
163 diff --git a/kernel/futex.c b/kernel/futex.c
164 -index fb98c9f..f158c0c 100644
165 +index fb98c9f..333faec 100644
166 --- a/kernel/futex.c
167 +++ b/kernel/futex.c
168 @@ -54,6 +54,7 @@
169 @@ -71082,34 +71029,18 @@ index fb98c9f..f158c0c 100644
170 if (!bitset)
171 return -EINVAL;
172
173 -@@ -2407,7 +2417,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
174 - {
175 - struct robust_list_head __user *head;
176 - unsigned long ret;
177 -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
178 - const struct cred *cred = current_cred(), *pcred;
179 -+#endif
180 -
181 - if (!futex_cmpxchg_enabled)
182 - return -ENOSYS;
183 -@@ -2423,11 +2435,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
184 +@@ -2423,6 +2433,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
185 if (!p)
186 goto err_unlock;
187 ret = -EPERM;
188 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
189 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
190 + goto err_unlock;
191 -+#else
192 ++#endif
193 pcred = __task_cred(p);
194 if (cred->euid != pcred->euid &&
195 cred->euid != pcred->uid &&
196 - !capable(CAP_SYS_PTRACE))
197 - goto err_unlock;
198 -+#endif
199 - head = p->robust_list;
200 - rcu_read_unlock();
201 - }
202 -@@ -2489,7 +2506,7 @@ retry:
203 +@@ -2489,7 +2503,7 @@ retry:
204 */
205 static inline int fetch_robust_entry(struct robust_list __user **entry,
206 struct robust_list __user * __user *head,
207 @@ -71118,7 +71049,7 @@ index fb98c9f..f158c0c 100644
208 {
209 unsigned long uentry;
210
211 -@@ -2670,6 +2687,7 @@ static int __init futex_init(void)
212 +@@ -2670,6 +2684,7 @@ static int __init futex_init(void)
213 {
214 u32 curval;
215 int i;
216 @@ -71126,7 +71057,7 @@ index fb98c9f..f158c0c 100644
217
218 /*
219 * This will fail and we want it. Some arch implementations do
220 -@@ -2681,7 +2699,10 @@ static int __init futex_init(void)
221 +@@ -2681,7 +2696,10 @@ static int __init futex_init(void)
222 * implementation, the non functional ones will return
223 * -ENOSYS.
224 */
225 @@ -71138,7 +71069,7 @@ index fb98c9f..f158c0c 100644
226 futex_cmpxchg_enabled = 1;
227
228 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
229 -index 2357165..8d70cee 100644
230 +index 2357165..eb25501 100644
231 --- a/kernel/futex_compat.c
232 +++ b/kernel/futex_compat.c
233 @@ -10,6 +10,7 @@
234 @@ -71149,35 +71080,27 @@ index 2357165..8d70cee 100644
235
236 #include <asm/uaccess.h>
237
238 -@@ -135,7 +136,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
239 +@@ -135,7 +136,8 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
240 {
241 struct compat_robust_list_head __user *head;
242 unsigned long ret;
243 - const struct cred *cred = current_cred(), *pcred;
244 -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
245 + const struct cred *cred = current_cred();
246 + const struct cred *pcred;
247 -+#endif
248
249 if (!futex_cmpxchg_enabled)
250 return -ENOSYS;
251 -@@ -151,11 +155,16 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
252 +@@ -151,6 +153,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
253 if (!p)
254 goto err_unlock;
255 ret = -EPERM;
256 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
257 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
258 + goto err_unlock;
259 -+#else
260 ++#endif
261 pcred = __task_cred(p);
262 if (cred->euid != pcred->euid &&
263 cred->euid != pcred->uid &&
264 - !capable(CAP_SYS_PTRACE))
265 - goto err_unlock;
266 -+#endif
267 - head = p->compat_robust_list;
268 - read_unlock(&tasklist_lock);
269 - }
270 diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c
271 index 9b22d03..6295b62 100644
272 --- a/kernel/gcov/base.c
273 @@ -74411,7 +74334,7 @@ index 469193c..ea3ecb2 100644
274 (table->proc_handler == proc_dointvec_minmax) ||
275 (table->proc_handler == proc_dointvec_jiffies) ||
276 diff --git a/kernel/taskstats.c b/kernel/taskstats.c
277 -index b080920..d344f89 100644
278 +index a4ef542..798bcd7 100644
279 --- a/kernel/taskstats.c
280 +++ b/kernel/taskstats.c
281 @@ -26,9 +26,12 @@
282 @@ -78051,11 +77974,11 @@ index 3ecab7e..594a471 100644
283 #endif /* CONFIG_SPARSEMEM */
284
285 diff --git a/mm/percpu.c b/mm/percpu.c
286 -index 3bfd6e2..60404b9 100644
287 +index c90614a..5f7b7b8 100644
288 --- a/mm/percpu.c
289 +++ b/mm/percpu.c
290 -@@ -115,7 +115,7 @@ static unsigned int pcpu_first_unit_cpu __read_mostly;
291 - static unsigned int pcpu_last_unit_cpu __read_mostly;
292 +@@ -115,7 +115,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
293 + static unsigned int pcpu_high_unit_cpu __read_mostly;
294
295 /* the address of the first chunk which starts with the kernel static area */
296 -void *pcpu_base_addr __read_mostly;
297 @@ -78943,7 +78866,7 @@ index 308e57d..5de19c0 100644
298 }
299 }
300 diff --git a/mm/util.c b/mm/util.c
301 -index b377ce4..3a891af 100644
302 +index e48b493..24a601d 100644
303 --- a/mm/util.c
304 +++ b/mm/util.c
305 @@ -228,6 +228,12 @@ EXPORT_SYMBOL(strndup_user);
306
307 diff --git a/3.1.5/0000_README b/3.1.6/0000_README
308 similarity index 97%
309 rename from 3.1.5/0000_README
310 rename to 3.1.6/0000_README
311 index 613b71d..29427c6 100644
312 --- a/3.1.5/0000_README
313 +++ b/3.1.6/0000_README
314 @@ -3,7 +3,7 @@ README
315
316 Individual Patch Descriptions:
317 -----------------------------------------------------------------------------
318 -Patch: 4420_grsecurity-2.2.2-3.1.5-201112101853.patch
319 +Patch: 4420_grsecurity-2.2.2-3.1.6-201112222105.patch
320 From: http://www.grsecurity.net
321 Desc: hardened-sources base patch from upstream grsecurity
322
323
324 diff --git a/3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch b/3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch
325 similarity index 99%
326 rename from 3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch
327 rename to 3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch
328 index 67dea05..5c91c1a 100644
329 --- a/3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch
330 +++ b/3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch
331 @@ -186,7 +186,7 @@ index d6e6724..a024ce8 100644
332
333 pcd. [PARIDE]
334 diff --git a/Makefile b/Makefile
335 -index 94ab2ad..1e4a6e8 100644
336 +index 2d6e0a8..d1d2564 100644
337 --- a/Makefile
338 +++ b/Makefile
339 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
340 @@ -10212,7 +10212,7 @@ index cb23852..2dde194 100644
341
342 asmlinkage long sys32_sched_rr_get_interval(compat_pid_t,
343 diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h
344 -index c2ff2a1..4349184 100644
345 +index 2d2f01c..f985723 100644
346 --- a/arch/x86/include/asm/system.h
347 +++ b/arch/x86/include/asm/system.h
348 @@ -129,7 +129,7 @@ do { \
349 @@ -10242,7 +10242,7 @@ index c2ff2a1..4349184 100644
350 }
351
352 static inline void native_clts(void)
353 -@@ -397,12 +397,12 @@ void enable_hlt(void);
354 +@@ -397,13 +397,13 @@ void enable_hlt(void);
355
356 void cpu_idle_wait(void);
357
358 @@ -10251,6 +10251,7 @@ index c2ff2a1..4349184 100644
359 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
360
361 void default_idle(void);
362 + bool set_pm_idle_to_default(void);
363
364 -void stop_this_cpu(void *dummy);
365 +void stop_this_cpu(void *dummy) __noreturn;
366 @@ -16136,7 +16137,7 @@ index 35ccf75..67e7d4d 100644
367 for (p = start; p < finish; p++) {
368 q = find_dependents_of(start, finish, p);
369 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
370 -index e7e3b01..43c5af3 100644
371 +index 30eb651..0758167 100644
372 --- a/arch/x86/kernel/process.c
373 +++ b/arch/x86/kernel/process.c
374 @@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk)
375 @@ -16219,16 +16220,17 @@ index e7e3b01..43c5af3 100644
376 #else
377 regs.ss = __KERNEL_DS;
378 #endif
379 -@@ -403,7 +423,7 @@ void default_idle(void)
380 - EXPORT_SYMBOL(default_idle);
381 - #endif
382 +@@ -411,7 +431,8 @@ bool set_pm_idle_to_default(void)
383
384 + return ret;
385 + }
386 -void stop_this_cpu(void *dummy)
387 ++
388 +__noreturn void stop_this_cpu(void *dummy)
389 {
390 local_irq_disable();
391 /*
392 -@@ -645,16 +665,37 @@ static int __init idle_setup(char *str)
393 +@@ -653,16 +674,37 @@ static int __init idle_setup(char *str)
394 }
395 early_param("idle", idle_setup);
396
397 @@ -22066,19 +22068,10 @@ index 0d17c8c..4f4764f 100644
398 + return ret ? -EFAULT : 0;
399 +}
400 diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
401 -index ea30585..7d26398 100644
402 +index dd74e46..7d26398 100644
403 --- a/arch/x86/mm/gup.c
404 +++ b/arch/x86/mm/gup.c
405 -@@ -201,6 +201,8 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr,
406 - do {
407 - VM_BUG_ON(compound_head(page) != head);
408 - pages[*nr] = page;
409 -+ if (PageTail(page))
410 -+ get_huge_page_tail(page);
411 - (*nr)++;
412 - page++;
413 - refs++;
414 -@@ -253,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
415 +@@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
416 addr = start;
417 len = (unsigned long) nr_pages << PAGE_SHIFT;
418 end = start + len;
419 @@ -28728,10 +28721,10 @@ index b51e157..8f14fb9 100644
420 return can_switch;
421 }
422 diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
423 -index 6adb3e5..b91553e2 100644
424 +index 07ac481..41cb437 100644
425 --- a/drivers/gpu/drm/radeon/radeon_display.c
426 +++ b/drivers/gpu/drm/radeon/radeon_display.c
427 -@@ -925,6 +925,8 @@ void radeon_compute_pll_legacy(struct radeon_pll *pll,
428 +@@ -926,6 +926,8 @@ void radeon_compute_pll_legacy(struct radeon_pll *pll,
429 uint32_t post_div;
430 u32 pll_out_min, pll_out_max;
431
432 @@ -37356,10 +37349,10 @@ index ed147c4..94fc3c6 100644
433
434 /* core tmem accessor functions */
435 diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
436 -index 26a5d8b..74434f8 100644
437 +index c4ac6f6..4f90f53 100644
438 --- a/drivers/target/iscsi/iscsi_target.c
439 +++ b/drivers/target/iscsi/iscsi_target.c
440 -@@ -1368,7 +1368,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
441 +@@ -1370,7 +1370,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
442 * outstanding_r2ts reaches zero, go ahead and send the delayed
443 * TASK_ABORTED status.
444 */
445 @@ -37391,7 +37384,7 @@ index 8badcb4..94c9ac6 100644
446 memset(wwn, 0, ALUA_SECONDARY_METADATA_WWN_LEN);
447
448 diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c
449 -index f04d4ef..7de212b 100644
450 +index 5f91397..dcc2d25 100644
451 --- a/drivers/target/target_core_cdb.c
452 +++ b/drivers/target/target_core_cdb.c
453 @@ -933,6 +933,8 @@ target_emulate_modesense(struct se_cmd *cmd, int ten)
454 @@ -37479,7 +37472,7 @@ index 5c1b8c5..0cb7d0e 100644
455
456 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
457 diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
458 -index 013c100..8fd2e57 100644
459 +index e2added..ccb5251 100644
460 --- a/drivers/target/target_core_transport.c
461 +++ b/drivers/target/target_core_transport.c
462 @@ -1445,7 +1445,7 @@ struct se_device *transport_add_device_to_core_hba(
463 @@ -37521,7 +37514,7 @@ index 013c100..8fd2e57 100644
464 cmd->t_task_list_num)
465 atomic_set(&cmd->transport_sent, 1);
466
467 -@@ -4665,7 +4665,7 @@ static void transport_generic_wait_for_tasks(
468 +@@ -4682,7 +4682,7 @@ static void transport_generic_wait_for_tasks(
469 atomic_set(&cmd->transport_lun_stop, 0);
470 }
471 if (!atomic_read(&cmd->t_transport_active) ||
472 @@ -37530,7 +37523,7 @@ index 013c100..8fd2e57 100644
473 goto remove;
474
475 atomic_set(&cmd->t_transport_stop, 1);
476 -@@ -4900,7 +4900,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
477 +@@ -4917,7 +4917,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
478 {
479 int ret = 0;
480
481 @@ -37539,7 +37532,7 @@ index 013c100..8fd2e57 100644
482 if (!send_status ||
483 (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS))
484 return 1;
485 -@@ -4937,7 +4937,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
486 +@@ -4954,7 +4954,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
487 */
488 if (cmd->data_direction == DMA_TO_DEVICE) {
489 if (cmd->se_tfo->write_pending_status(cmd) != 0) {
490 @@ -37548,7 +37541,7 @@ index 013c100..8fd2e57 100644
491 smp_mb__after_atomic_inc();
492 cmd->scsi_status = SAM_STAT_TASK_ABORTED;
493 transport_new_cmd_failure(cmd);
494 -@@ -5051,7 +5051,7 @@ static void transport_processing_shutdown(struct se_device *dev)
495 +@@ -5068,7 +5068,7 @@ static void transport_processing_shutdown(struct se_device *dev)
496 cmd->se_tfo->get_task_tag(cmd),
497 cmd->t_task_list_num,
498 atomic_read(&cmd->t_task_cdbs_left),
499 @@ -43434,10 +43427,10 @@ index 9a37a9b..35792b6 100644
500 /*
501 * We'll have a dentry and an inode for
502 diff --git a/fs/dcache.c b/fs/dcache.c
503 -index a88948b..1e32160 100644
504 +index 8b732a2..6db6c27 100644
505 --- a/fs/dcache.c
506 +++ b/fs/dcache.c
507 -@@ -2998,7 +2998,7 @@ void __init vfs_caches_init(unsigned long mempages)
508 +@@ -3015,7 +3015,7 @@ void __init vfs_caches_init(unsigned long mempages)
509 mempages -= reserve;
510
511 names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
512 @@ -45976,7 +45969,7 @@ index b6cca47..ec782c3 100644
513 cuse_class = class_create(THIS_MODULE, "cuse");
514 if (IS_ERR(cuse_class))
515 diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
516 -index 5cb8614..6865b11 100644
517 +index 2aaf3ea..8e50863 100644
518 --- a/fs/fuse/dev.c
519 +++ b/fs/fuse/dev.c
520 @@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
521 @@ -46014,50 +46007,6 @@ index 900cf98..3896726 100644
522 if (!IS_ERR(s))
523 kfree(s);
524 }
525 -diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c
526 -index 3ebc437..eb23952 100644
527 ---- a/fs/hfs/btree.c
528 -+++ b/fs/hfs/btree.c
529 -@@ -46,11 +46,27 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke
530 - case HFS_EXT_CNID:
531 - hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize,
532 - mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz));
533 -+
534 -+ if (HFS_I(tree->inode)->alloc_blocks >
535 -+ HFS_I(tree->inode)->first_blocks) {
536 -+ printk(KERN_ERR "hfs: invalid btree extent records\n");
537 -+ unlock_new_inode(tree->inode);
538 -+ goto free_inode;
539 -+ }
540 -+
541 - tree->inode->i_mapping->a_ops = &hfs_btree_aops;
542 - break;
543 - case HFS_CAT_CNID:
544 - hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize,
545 - mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz));
546 -+
547 -+ if (!HFS_I(tree->inode)->first_blocks) {
548 -+ printk(KERN_ERR "hfs: invalid btree extent records "
549 -+ "(0 size).\n");
550 -+ unlock_new_inode(tree->inode);
551 -+ goto free_inode;
552 -+ }
553 -+
554 - tree->inode->i_mapping->a_ops = &hfs_btree_aops;
555 - break;
556 - default:
557 -@@ -59,11 +75,6 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke
558 - }
559 - unlock_new_inode(tree->inode);
560 -
561 -- if (!HFS_I(tree->inode)->first_blocks) {
562 -- printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n");
563 -- goto free_inode;
564 -- }
565 --
566 - mapping = tree->inode->i_mapping;
567 - page = read_mapping_page(mapping, 0, NULL);
568 - if (IS_ERR(page))
569 diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c
570 index 4dfbfec..947c9c2 100644
571 --- a/fs/hfsplus/catalog.c
572 @@ -47015,10 +46964,10 @@ index 3d15072..c1ddf9c 100644
573 out:
574 return len;
575 diff --git a/fs/namespace.c b/fs/namespace.c
576 -index e5e1c7d..019609e 100644
577 +index 5e7f2e9..cd13685 100644
578 --- a/fs/namespace.c
579 +++ b/fs/namespace.c
580 -@@ -1329,6 +1329,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
581 +@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
582 if (!(sb->s_flags & MS_RDONLY))
583 retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
584 up_write(&sb->s_umount);
585 @@ -47028,7 +46977,7 @@ index e5e1c7d..019609e 100644
586 return retval;
587 }
588
589 -@@ -1348,6 +1351,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
590 +@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
591 br_write_unlock(vfsmount_lock);
592 up_write(&namespace_sem);
593 release_mounts(&umount_list);
594 @@ -47038,7 +46987,7 @@ index e5e1c7d..019609e 100644
595 return retval;
596 }
597
598 -@@ -2339,6 +2345,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
599 +@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
600 MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
601 MS_STRICTATIME);
602
603 @@ -47055,7 +47004,7 @@ index e5e1c7d..019609e 100644
604 if (flags & MS_REMOUNT)
605 retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
606 data_page);
607 -@@ -2353,6 +2369,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
608 +@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
609 dev_name, data_page);
610 dput_out:
611 path_put(&path);
612 @@ -47065,7 +47014,7 @@ index e5e1c7d..019609e 100644
613 return retval;
614 }
615
616 -@@ -2576,6 +2595,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
617 +@@ -2573,6 +2592,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
618 if (error)
619 goto out2;
620
621 @@ -48470,7 +48419,7 @@ index d245cb2..7e645bd 100644
622 return -EPERM;
623 if (kcore_need_update)
624 diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
625 -index 5861741..32c53bc 100644
626 +index 80e4645..d2689e9 100644
627 --- a/fs/proc/meminfo.c
628 +++ b/fs/proc/meminfo.c
629 @@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
630 @@ -48482,7 +48431,7 @@ index 5861741..32c53bc 100644
631 /*
632 * display in kilobytes.
633 */
634 -@@ -157,7 +159,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
635 +@@ -158,7 +160,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
636 vmi.used >> 10,
637 vmi.largest_chunk >> 10
638 #ifdef CONFIG_MEMORY_FAILURE
639 @@ -49098,7 +49047,7 @@ index d33418f..f8e06bc 100644
640 return -EINVAL;
641
642 diff --git a/fs/seq_file.c b/fs/seq_file.c
643 -index 05d6b0e..ee96362 100644
644 +index dba43c3..a99fb63 100644
645 --- a/fs/seq_file.c
646 +++ b/fs/seq_file.c
647 @@ -76,7 +76,8 @@ static int traverse(struct seq_file *m, loff_t offset)
648 @@ -49591,10 +49540,10 @@ index 474920b..97169a9 100644
649 kfree(s);
650 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
651 new file mode 100644
652 -index 0000000..9629731
653 +index 0000000..4639511
654 --- /dev/null
655 +++ b/grsecurity/Kconfig
656 -@@ -0,0 +1,1037 @@
657 +@@ -0,0 +1,1051 @@
658 +#
659 +# grecurity configuration
660 +#
661 @@ -49729,6 +49678,7 @@ index 0000000..9629731
662 + select GRKERNSEC_PROC_ADD
663 + select GRKERNSEC_CHROOT_CHMOD
664 + select GRKERNSEC_CHROOT_NICE
665 ++ select GRKERNSEC_SETXID
666 + select GRKERNSEC_AUDIT_MOUNT
667 + select GRKERNSEC_MODHARDEN if (MODULES)
668 + select GRKERNSEC_HARDEN_PTRACE
669 @@ -50394,6 +50344,19 @@ index 0000000..9629731
670 + option is enabled, a sysctl option with name "harden_ptrace" is
671 + created.
672 +
673 ++config GRKERNSEC_SETXID
674 ++ bool "Enforce consistent multithreaded privileges"
675 ++ help
676 ++ If you say Y here, a change from a root uid to a non-root uid
677 ++ in a multithreaded application will cause the resulting uids,
678 ++ gids, supplementary groups, and capabilities in that thread
679 ++ to be propagated to the other threads of the process. In most
680 ++ cases this is unnecessary, as glibc will emulate this behavior
681 ++ on behalf of the application. Other libcs do not act in the
682 ++ same way, allowing the other threads of the process to continue
683 ++ running with root privileges. If the sysctl option is enabled,
684 ++ a sysctl option with name "consistent_setxid" is created.
685 ++
686 +config GRKERNSEC_TPE
687 + bool "Trusted Path Execution (TPE)"
688 + help
689 @@ -57558,10 +57521,10 @@ index 0000000..8ca18bf
690 +}
691 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
692 new file mode 100644
693 -index 0000000..356ef00
694 +index 0000000..cb8e5a1
695 --- /dev/null
696 +++ b/grsecurity/grsec_init.c
697 -@@ -0,0 +1,269 @@
698 +@@ -0,0 +1,273 @@
699 +#include <linux/kernel.h>
700 +#include <linux/sched.h>
701 +#include <linux/mm.h>
702 @@ -57571,6 +57534,7 @@ index 0000000..356ef00
703 +#include <linux/percpu.h>
704 +#include <linux/module.h>
705 +
706 ++int grsec_enable_setxid;
707 +int grsec_enable_brute;
708 +int grsec_enable_link;
709 +int grsec_enable_dmesg;
710 @@ -57751,6 +57715,9 @@ index 0000000..356ef00
711 +#ifdef CONFIG_GRKERNSEC_EXECLOG
712 + grsec_enable_execlog = 1;
713 +#endif
714 ++#ifdef CONFIG_GRKERNSEC_SETXID
715 ++ grsec_enable_setxid = 1;
716 ++#endif
717 +#ifdef CONFIG_GRKERNSEC_SIGNAL
718 + grsec_enable_signal = 1;
719 +#endif
720 @@ -58841,10 +58808,10 @@ index 0000000..4030d57
721 +}
722 diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c
723 new file mode 100644
724 -index 0000000..174668f
725 +index 0000000..bceef2f
726 --- /dev/null
727 +++ b/grsecurity/grsec_sysctl.c
728 -@@ -0,0 +1,433 @@
729 +@@ -0,0 +1,442 @@
730 +#include <linux/kernel.h>
731 +#include <linux/sched.h>
732 +#include <linux/sysctl.h>
733 @@ -58908,6 +58875,15 @@ index 0000000..174668f
734 + .proc_handler = &proc_dointvec,
735 + },
736 +#endif
737 ++#ifdef CONFIG_GRKERNSEC_SETXID
738 ++ {
739 ++ .procname = "consistent_setxid",
740 ++ .data = &grsec_enable_setxid,
741 ++ .maxlen = sizeof(int),
742 ++ .mode = 0600,
743 ++ .proc_handler = &proc_dointvec,
744 ++ },
745 ++#endif
746 +#ifdef CONFIG_GRKERNSEC_BLACKHOLE
747 + {
748 + .procname = "ip_blackhole",
749 @@ -60533,7 +60509,7 @@ index 84ccf8e..2e9b14c 100644
750 };
751
752 diff --git a/include/linux/fs.h b/include/linux/fs.h
753 -index 277f497..9be66a4 100644
754 +index cf7bc25..0d2babf 100644
755 --- a/include/linux/fs.h
756 +++ b/include/linux/fs.h
757 @@ -1588,7 +1588,8 @@ struct file_operations {
758 @@ -61455,10 +61431,10 @@ index 0000000..9d5fd4a
759 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
760 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
761 new file mode 100644
762 -index 0000000..bd25f72
763 +index 0000000..4620f36
764 --- /dev/null
765 +++ b/include/linux/grsecurity.h
766 -@@ -0,0 +1,228 @@
767 +@@ -0,0 +1,231 @@
768 +#ifndef GR_SECURITY_H
769 +#define GR_SECURITY_H
770 +#include <linux/fs.h>
771 @@ -61684,6 +61660,9 @@ index 0000000..bd25f72
772 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
773 +extern int grsec_enable_chroot_findtask;
774 +#endif
775 ++#ifdef CONFIG_GRKERNSEC_SETXID
776 ++extern int grsec_enable_setxid;
777 ++#endif
778 +#endif
779 +
780 +#endif
781 @@ -65202,7 +65181,7 @@ index 42e8fa0..9e7406b 100644
782 return -ENOMEM;
783
784 diff --git a/kernel/cred.c b/kernel/cred.c
785 -index 8ef31f5..f63d997 100644
786 +index 8ef31f5..d7d50d8 100644
787 --- a/kernel/cred.c
788 +++ b/kernel/cred.c
789 @@ -158,6 +158,8 @@ static void put_cred_rcu(struct rcu_head *rcu)
790 @@ -65241,7 +65220,15 @@ index 8ef31f5..f63d997 100644
791 new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
792 if (!new)
793 return NULL;
794 -@@ -287,6 +295,8 @@ struct cred *prepare_creds(void)
795 +@@ -281,12 +289,14 @@ error:
796 + *
797 + * Call commit_creds() or abort_creds() to clean up.
798 + */
799 +-struct cred *prepare_creds(void)
800 ++
801 ++static struct cred *__prepare_creds(struct task_struct *task)
802 + {
803 +- struct task_struct *task = current;
804 const struct cred *old;
805 struct cred *new;
806
807 @@ -65250,7 +65237,19 @@ index 8ef31f5..f63d997 100644
808 validate_process_creds();
809
810 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
811 -@@ -333,6 +343,8 @@ struct cred *prepare_exec_creds(void)
812 +@@ -322,6 +332,11 @@ error:
813 + abort_creds(new);
814 + return NULL;
815 + }
816 ++
817 ++struct cred *prepare_creds(void)
818 ++{
819 ++ return __prepare_creds(current);
820 ++}
821 + EXPORT_SYMBOL(prepare_creds);
822 +
823 + /*
824 +@@ -333,6 +348,8 @@ struct cred *prepare_exec_creds(void)
825 struct thread_group_cred *tgcred = NULL;
826 struct cred *new;
827
828 @@ -65259,7 +65258,7 @@ index 8ef31f5..f63d997 100644
829 #ifdef CONFIG_KEYS
830 tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL);
831 if (!tgcred)
832 -@@ -385,6 +397,8 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
833 +@@ -385,6 +402,8 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
834 struct cred *new;
835 int ret;
836
837 @@ -65268,8 +65267,14 @@ index 8ef31f5..f63d997 100644
838 if (
839 #ifdef CONFIG_KEYS
840 !p->cred->thread_keyring &&
841 -@@ -475,6 +489,8 @@ int commit_creds(struct cred *new)
842 - struct task_struct *task = current;
843 +@@ -470,11 +489,12 @@ error_put:
844 + * Always returns 0 thus allowing this function to be tail-called at the end
845 + * of, say, sys_setgid().
846 + */
847 +-int commit_creds(struct cred *new)
848 ++static int __commit_creds(struct task_struct *task, struct cred *new)
849 + {
850 +- struct task_struct *task = current;
851 const struct cred *old = task->real_cred;
852
853 + pax_track_stack();
854 @@ -65277,7 +65282,7 @@ index 8ef31f5..f63d997 100644
855 kdebug("commit_creds(%p{%d,%d})", new,
856 atomic_read(&new->usage),
857 read_cred_subscribers(new));
858 -@@ -489,6 +505,8 @@ int commit_creds(struct cred *new)
859 +@@ -489,6 +509,8 @@ int commit_creds(struct cred *new)
860
861 get_cred(new); /* we will require a ref for the subj creds too */
862
863 @@ -65286,7 +65291,72 @@ index 8ef31f5..f63d997 100644
864 /* dumpability changes */
865 if (old->euid != new->euid ||
866 old->egid != new->egid ||
867 -@@ -549,6 +567,8 @@ EXPORT_SYMBOL(commit_creds);
868 +@@ -538,6 +560,64 @@ int commit_creds(struct cred *new)
869 + put_cred(old);
870 + return 0;
871 + }
872 ++
873 ++int commit_creds(struct cred *new)
874 ++{
875 ++#ifdef CONFIG_GRKERNSEC_SETXID
876 ++ struct task_struct *t;
877 ++ struct cred *ncred;
878 ++ const struct cred *old;
879 ++
880 ++ if (grsec_enable_setxid && !current_is_single_threaded() &&
881 ++ !current_uid() && new->uid) {
882 ++ rcu_read_lock();
883 ++ read_lock(&tasklist_lock);
884 ++ for (t = next_thread(current); t != current;
885 ++ t = next_thread(t)) {
886 ++ old = __task_cred(t);
887 ++ if (old->uid)
888 ++ continue;
889 ++ ncred = __prepare_creds(t);
890 ++ if (!ncred)
891 ++ goto die;
892 ++ // uids
893 ++ ncred->uid = new->uid;
894 ++ ncred->euid = new->euid;
895 ++ ncred->suid = new->suid;
896 ++ ncred->fsuid = new->fsuid;
897 ++ // gids
898 ++ ncred->gid = new->gid;
899 ++ ncred->egid = new->egid;
900 ++ ncred->sgid = new->sgid;
901 ++ ncred->fsgid = new->fsgid;
902 ++ // groups
903 ++ if (set_groups(ncred, new->group_info) < 0) {
904 ++ abort_creds(ncred);
905 ++ goto die;
906 ++ }
907 ++ // caps
908 ++ ncred->securebits = new->securebits;
909 ++ ncred->cap_inheritable = new->cap_inheritable;
910 ++ ncred->cap_permitted = new->cap_permitted;
911 ++ ncred->cap_effective = new->cap_effective;
912 ++ ncred->cap_bset = new->cap_bset;
913 ++
914 ++ __commit_creds(t, ncred);
915 ++ }
916 ++ read_unlock(&tasklist_lock);
917 ++ rcu_read_unlock();
918 ++ }
919 ++#endif
920 ++ return __commit_creds(current, new);
921 ++#ifdef CONFIG_GRKERNSEC_SETXID
922 ++die:
923 ++ read_unlock(&tasklist_lock);
924 ++ rcu_read_unlock();
925 ++ abort_creds(new);
926 ++ do_group_exit(SIGKILL);
927 ++#endif
928 ++}
929 ++
930 + EXPORT_SYMBOL(commit_creds);
931 +
932 + /**
933 +@@ -549,6 +629,8 @@ EXPORT_SYMBOL(commit_creds);
934 */
935 void abort_creds(struct cred *new)
936 {
937 @@ -65295,7 +65365,7 @@ index 8ef31f5..f63d997 100644
938 kdebug("abort_creds(%p{%d,%d})", new,
939 atomic_read(&new->usage),
940 read_cred_subscribers(new));
941 -@@ -572,6 +592,8 @@ const struct cred *override_creds(const struct cred *new)
942 +@@ -572,6 +654,8 @@ const struct cred *override_creds(const struct cred *new)
943 {
944 const struct cred *old = current->cred;
945
946 @@ -65304,7 +65374,7 @@ index 8ef31f5..f63d997 100644
947 kdebug("override_creds(%p{%d,%d})", new,
948 atomic_read(&new->usage),
949 read_cred_subscribers(new));
950 -@@ -601,6 +623,8 @@ void revert_creds(const struct cred *old)
951 +@@ -601,6 +685,8 @@ void revert_creds(const struct cred *old)
952 {
953 const struct cred *override = current->cred;
954
955 @@ -65313,7 +65383,7 @@ index 8ef31f5..f63d997 100644
956 kdebug("revert_creds(%p{%d,%d})", old,
957 atomic_read(&old->usage),
958 read_cred_subscribers(old));
959 -@@ -647,6 +671,8 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
960 +@@ -647,6 +733,8 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon)
961 const struct cred *old;
962 struct cred *new;
963
964 @@ -65322,7 +65392,7 @@ index 8ef31f5..f63d997 100644
965 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
966 if (!new)
967 return NULL;
968 -@@ -701,6 +727,8 @@ EXPORT_SYMBOL(prepare_kernel_cred);
969 +@@ -701,6 +789,8 @@ EXPORT_SYMBOL(prepare_kernel_cred);
970 */
971 int set_security_override(struct cred *new, u32 secid)
972 {
973 @@ -65331,7 +65401,7 @@ index 8ef31f5..f63d997 100644
974 return security_kernel_act_as(new, secid);
975 }
976 EXPORT_SYMBOL(set_security_override);
977 -@@ -720,6 +748,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx)
978 +@@ -720,6 +810,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx)
979 u32 secid;
980 int ret;
981
982 @@ -65896,7 +65966,7 @@ index 8e6b6f4..9dccf00 100644
983 else
984 new_fs = fs;
985 diff --git a/kernel/futex.c b/kernel/futex.c
986 -index 11cbe05..9ff191b 100644
987 +index 11cbe05..c5dab58 100644
988 --- a/kernel/futex.c
989 +++ b/kernel/futex.c
990 @@ -54,6 +54,7 @@
991 @@ -65937,36 +66007,18 @@ index 11cbe05..9ff191b 100644
992 if (!bitset)
993 return -EINVAL;
994
995 -@@ -2431,7 +2441,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
996 - {
997 - struct robust_list_head __user *head;
998 - unsigned long ret;
999 -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
1000 - const struct cred *cred = current_cred(), *pcred;
1001 -+#endif
1002 -
1003 - if (!futex_cmpxchg_enabled)
1004 - return -ENOSYS;
1005 -@@ -2447,6 +2459,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
1006 +@@ -2447,6 +2457,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
1007 if (!p)
1008 goto err_unlock;
1009 ret = -EPERM;
1010 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
1011 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
1012 + goto err_unlock;
1013 -+#else
1014 ++#endif
1015 pcred = __task_cred(p);
1016 /* If victim is in different user_ns, then uids are not
1017 comparable, so we must have CAP_SYS_PTRACE */
1018 -@@ -2461,6 +2477,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
1019 - !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
1020 - goto err_unlock;
1021 - ok:
1022 -+#endif
1023 - head = p->robust_list;
1024 - rcu_read_unlock();
1025 - }
1026 -@@ -2712,6 +2729,7 @@ static int __init futex_init(void)
1027 +@@ -2712,6 +2726,7 @@ static int __init futex_init(void)
1028 {
1029 u32 curval;
1030 int i;
1031 @@ -65974,7 +66026,7 @@ index 11cbe05..9ff191b 100644
1032
1033 /*
1034 * This will fail and we want it. Some arch implementations do
1035 -@@ -2723,8 +2741,11 @@ static int __init futex_init(void)
1036 +@@ -2723,8 +2738,11 @@ static int __init futex_init(void)
1037 * implementation, the non-functional ones will return
1038 * -ENOSYS.
1039 */
1040 @@ -65987,7 +66039,7 @@ index 11cbe05..9ff191b 100644
1041 for (i = 0; i < ARRAY_SIZE(futex_queues); i++) {
1042 plist_head_init(&futex_queues[i].chain);
1043 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
1044 -index 5f9e689..03afa21 100644
1045 +index 5f9e689..582d46d 100644
1046 --- a/kernel/futex_compat.c
1047 +++ b/kernel/futex_compat.c
1048 @@ -10,6 +10,7 @@
1049 @@ -65998,37 +66050,27 @@ index 5f9e689..03afa21 100644
1050
1051 #include <asm/uaccess.h>
1052
1053 -@@ -136,7 +137,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
1054 +@@ -136,7 +137,8 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
1055 {
1056 struct compat_robust_list_head __user *head;
1057 unsigned long ret;
1058 - const struct cred *cred = current_cred(), *pcred;
1059 -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP
1060 + const struct cred *cred = current_cred();
1061 + const struct cred *pcred;
1062 -+#endif
1063
1064 if (!futex_cmpxchg_enabled)
1065 return -ENOSYS;
1066 -@@ -152,6 +156,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
1067 +@@ -152,6 +154,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
1068 if (!p)
1069 goto err_unlock;
1070 ret = -EPERM;
1071 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
1072 + if (!ptrace_may_access(p, PTRACE_MODE_READ))
1073 + goto err_unlock;
1074 -+#else
1075 ++#endif
1076 pcred = __task_cred(p);
1077 /* If victim is in different user_ns, then uids are not
1078 comparable, so we must have CAP_SYS_PTRACE */
1079 -@@ -166,6 +174,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
1080 - !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
1081 - goto err_unlock;
1082 - ok:
1083 -+#endif
1084 - head = p->compat_robust_list;
1085 - rcu_read_unlock();
1086 - }
1087 diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c
1088 index 9b22d03..6295b62 100644
1089 --- a/kernel/gcov/base.c
1090 @@ -66364,10 +66406,10 @@ index b30fd54..11821ec 100644
1091 head = &kprobe_table[i];
1092 preempt_disable();
1093 diff --git a/kernel/lockdep.c b/kernel/lockdep.c
1094 -index 91d67ce..ac259df 100644
1095 +index 4479606..4036bea 100644
1096 --- a/kernel/lockdep.c
1097 +++ b/kernel/lockdep.c
1098 -@@ -583,6 +583,10 @@ static int static_obj(void *obj)
1099 +@@ -584,6 +584,10 @@ static int static_obj(void *obj)
1100 end = (unsigned long) &_end,
1101 addr = (unsigned long) obj;
1102
1103 @@ -66378,7 +66420,7 @@ index 91d67ce..ac259df 100644
1104 /*
1105 * static variable?
1106 */
1107 -@@ -718,6 +722,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
1108 +@@ -719,6 +723,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
1109 if (!static_obj(lock->key)) {
1110 debug_locks_off();
1111 printk("INFO: trying to register non-static key.\n");
1112 @@ -66386,7 +66428,7 @@ index 91d67ce..ac259df 100644
1113 printk("the code is fine but needs lockdep annotation.\n");
1114 printk("turning off the locking correctness validator.\n");
1115 dump_stack();
1116 -@@ -2948,7 +2953,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass,
1117 +@@ -2954,7 +2959,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass,
1118 if (!class)
1119 return 0;
1120 }
1121 @@ -69057,7 +69099,7 @@ index d776062..fa8d186 100644
1122 sys_tz = *tz;
1123 update_vsyscall_tz();
1124 diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
1125 -index ea5e1a9..8b8df07 100644
1126 +index 8b70c76..923e9f5 100644
1127 --- a/kernel/time/alarmtimer.c
1128 +++ b/kernel/time/alarmtimer.c
1129 @@ -693,7 +693,7 @@ static int __init alarmtimer_init(void)
1130 @@ -69679,6 +69721,20 @@ index 013a761..c28f3fc 100644
1131 #define free(a) kfree(a)
1132 #endif
1133
1134 +diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c
1135 +index bd2bea9..6b3c95e 100644
1136 +--- a/lib/is_single_threaded.c
1137 ++++ b/lib/is_single_threaded.c
1138 +@@ -22,6 +22,9 @@ bool current_is_single_threaded(void)
1139 + struct task_struct *p, *t;
1140 + bool ret;
1141 +
1142 ++ if (!mm)
1143 ++ return true;
1144 ++
1145 + if (atomic_read(&task->signal->live) != 1)
1146 + return false;
1147 +
1148 diff --git a/lib/kref.c b/lib/kref.c
1149 index 3efb882..8492f4c 100644
1150 --- a/lib/kref.c
1151 @@ -69916,18 +69972,10 @@ index d819d93..468e18f 100644
1152 cond_resched();
1153 }
1154 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1155 -index bb28a5f..fef0140 100644
1156 +index 73f17c0..fef0140 100644
1157 --- a/mm/hugetlb.c
1158 +++ b/mm/hugetlb.c
1159 -@@ -576,6 +576,7 @@ static void prep_compound_gigantic_page(struct page *page, unsigned long order)
1160 - __SetPageHead(page);
1161 - for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) {
1162 - __SetPageTail(p);
1163 -+ set_page_count(p, 0);
1164 - p->first_page = page;
1165 - }
1166 - }
1167 -@@ -2346,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
1168 +@@ -2347,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
1169 return 1;
1170 }
1171
1172 @@ -69955,7 +70003,7 @@ index bb28a5f..fef0140 100644
1173 /*
1174 * Hugetlb_cow() should be called with page lock of the original hugepage held.
1175 */
1176 -@@ -2449,6 +2471,11 @@ retry_avoidcopy:
1177 +@@ -2450,6 +2471,11 @@ retry_avoidcopy:
1178 make_huge_pte(vma, new_page, 1));
1179 page_remove_rmap(old_page);
1180 hugepage_add_new_anon_rmap(new_page, vma, address);
1181 @@ -69967,7 +70015,7 @@ index bb28a5f..fef0140 100644
1182 /* Make the old page be freed below */
1183 new_page = old_page;
1184 mmu_notifier_invalidate_range_end(mm,
1185 -@@ -2600,6 +2627,10 @@ retry:
1186 +@@ -2601,6 +2627,10 @@ retry:
1187 && (vma->vm_flags & VM_SHARED)));
1188 set_huge_pte_at(mm, address, ptep, new_pte);
1189
1190 @@ -69978,7 +70026,7 @@ index bb28a5f..fef0140 100644
1191 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
1192 /* Optimization, do the COW without a second fault */
1193 ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
1194 -@@ -2629,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1195 +@@ -2630,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1196 static DEFINE_MUTEX(hugetlb_instantiation_mutex);
1197 struct hstate *h = hstate_vma(vma);
1198
1199 @@ -69989,7 +70037,7 @@ index bb28a5f..fef0140 100644
1200 ptep = huge_pte_offset(mm, address);
1201 if (ptep) {
1202 entry = huge_ptep_get(ptep);
1203 -@@ -2640,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1204 +@@ -2641,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1205 VM_FAULT_SET_HINDEX(h - hstates);
1206 }
1207
1208 @@ -72683,7 +72731,7 @@ index 626303b..e9a1785 100644
1209 if (oom_unkillable_task(p, mem, nodemask))
1210 return 0;
1211 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
1212 -index 6e8ecb6..d9e3d7a 100644
1213 +index e8fae15..18c0442 100644
1214 --- a/mm/page_alloc.c
1215 +++ b/mm/page_alloc.c
1216 @@ -340,7 +340,7 @@ out:
1217 @@ -72695,16 +72743,6 @@ index 6e8ecb6..d9e3d7a 100644
1218 {
1219 __free_pages_ok(page, compound_order(page));
1220 }
1221 -@@ -355,8 +355,8 @@ void prep_compound_page(struct page *page, unsigned long order)
1222 - __SetPageHead(page);
1223 - for (i = 1; i < nr_pages; i++) {
1224 - struct page *p = page + i;
1225 --
1226 - __SetPageTail(p);
1227 -+ set_page_count(p, 0);
1228 - p->first_page = page;
1229 - }
1230 - }
1231 @@ -653,6 +653,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
1232 int i;
1233 int bad = 0;
1234 @@ -72763,20 +72801,12 @@ index 6e8ecb6..d9e3d7a 100644
1235 return 1;
1236 }
1237 return 0;
1238 -@@ -3373,6 +3393,7 @@ static void setup_zone_migrate_reserve(struct zone *zone)
1239 - /* Get the start pfn, end pfn and the number of blocks to reserve */
1240 - start_pfn = zone->zone_start_pfn;
1241 - end_pfn = start_pfn + zone->spanned_pages;
1242 -+ start_pfn = roundup(start_pfn, pageblock_nr_pages);
1243 - reserve = roundup(min_wmark_pages(zone), pageblock_nr_pages) >>
1244 - pageblock_order;
1245 -
1246 diff --git a/mm/percpu.c b/mm/percpu.c
1247 -index bf80e55..c7c3f9a 100644
1248 +index 93b5a7c..28d642c 100644
1249 --- a/mm/percpu.c
1250 +++ b/mm/percpu.c
1251 -@@ -121,7 +121,7 @@ static unsigned int pcpu_first_unit_cpu __read_mostly;
1252 - static unsigned int pcpu_last_unit_cpu __read_mostly;
1253 +@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
1254 + static unsigned int pcpu_high_unit_cpu __read_mostly;
1255
1256 /* the address of the first chunk which starts with the kernel static area */
1257 -void *pcpu_base_addr __read_mostly;
1258 @@ -73806,7 +73836,7 @@ index 88ea1bd..0f1dfdb 100644
1259 mm->unmap_area = arch_unmap_area;
1260 }
1261 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
1262 -index 56faf31..862c072 100644
1263 +index 3a65d6f7..862c072 100644
1264 --- a/mm/vmalloc.c
1265 +++ b/mm/vmalloc.c
1266 @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
1267 @@ -73955,16 +73985,7 @@ index 56faf31..862c072 100644
1268 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
1269 start, end, node, gfp_mask, caller);
1270
1271 -@@ -1634,6 +1696,8 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
1272 - return NULL;
1273 -
1274 - addr = __vmalloc_area_node(area, gfp_mask, prot, node, caller);
1275 -+ if (!addr)
1276 -+ return NULL;
1277 -
1278 - /*
1279 - * In this function, newly allocated vm_struct is not added
1280 -@@ -1672,6 +1736,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
1281 +@@ -1674,6 +1736,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
1282 gfp_mask, prot, node, caller);
1283 }
1284
1285 @@ -73972,7 +73993,7 @@ index 56faf31..862c072 100644
1286 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
1287 {
1288 return __vmalloc_node(size, 1, gfp_mask, prot, -1,
1289 -@@ -1695,6 +1760,7 @@ static inline void *__vmalloc_node_flags(unsigned long size,
1290 +@@ -1697,6 +1760,7 @@ static inline void *__vmalloc_node_flags(unsigned long size,
1291 * For tight control over page level allocator and protection flags
1292 * use __vmalloc() instead.
1293 */
1294 @@ -73980,7 +74001,7 @@ index 56faf31..862c072 100644
1295 void *vmalloc(unsigned long size)
1296 {
1297 return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM);
1298 -@@ -1711,6 +1777,7 @@ EXPORT_SYMBOL(vmalloc);
1299 +@@ -1713,6 +1777,7 @@ EXPORT_SYMBOL(vmalloc);
1300 * For tight control over page level allocator and protection flags
1301 * use __vmalloc() instead.
1302 */
1303 @@ -73988,7 +74009,7 @@ index 56faf31..862c072 100644
1304 void *vzalloc(unsigned long size)
1305 {
1306 return __vmalloc_node_flags(size, -1,
1307 -@@ -1725,6 +1792,7 @@ EXPORT_SYMBOL(vzalloc);
1308 +@@ -1727,6 +1792,7 @@ EXPORT_SYMBOL(vzalloc);
1309 * The resulting memory area is zeroed so it can be mapped to userspace
1310 * without leaking data.
1311 */
1312 @@ -73996,7 +74017,7 @@ index 56faf31..862c072 100644
1313 void *vmalloc_user(unsigned long size)
1314 {
1315 struct vm_struct *area;
1316 -@@ -1752,6 +1820,7 @@ EXPORT_SYMBOL(vmalloc_user);
1317 +@@ -1754,6 +1820,7 @@ EXPORT_SYMBOL(vmalloc_user);
1318 * For tight control over page level allocator and protection flags
1319 * use __vmalloc() instead.
1320 */
1321 @@ -74004,7 +74025,7 @@ index 56faf31..862c072 100644
1322 void *vmalloc_node(unsigned long size, int node)
1323 {
1324 return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
1325 -@@ -1771,6 +1840,7 @@ EXPORT_SYMBOL(vmalloc_node);
1326 +@@ -1773,6 +1840,7 @@ EXPORT_SYMBOL(vmalloc_node);
1327 * For tight control over page level allocator and protection flags
1328 * use __vmalloc_node() instead.
1329 */
1330 @@ -74012,7 +74033,7 @@ index 56faf31..862c072 100644
1331 void *vzalloc_node(unsigned long size, int node)
1332 {
1333 return __vmalloc_node_flags(size, node,
1334 -@@ -1793,10 +1863,10 @@ EXPORT_SYMBOL(vzalloc_node);
1335 +@@ -1795,10 +1863,10 @@ EXPORT_SYMBOL(vzalloc_node);
1336 * For tight control over page level allocator and protection flags
1337 * use __vmalloc() instead.
1338 */
1339 @@ -74025,7 +74046,7 @@ index 56faf31..862c072 100644
1340 -1, __builtin_return_address(0));
1341 }
1342
1343 -@@ -1815,6 +1885,7 @@ void *vmalloc_exec(unsigned long size)
1344 +@@ -1817,6 +1885,7 @@ void *vmalloc_exec(unsigned long size)
1345 * Allocate enough 32bit PA addressable pages to cover @size from the
1346 * page level allocator and map them into contiguous kernel virtual space.
1347 */
1348 @@ -74033,7 +74054,7 @@ index 56faf31..862c072 100644
1349 void *vmalloc_32(unsigned long size)
1350 {
1351 return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
1352 -@@ -1829,6 +1900,7 @@ EXPORT_SYMBOL(vmalloc_32);
1353 +@@ -1831,6 +1900,7 @@ EXPORT_SYMBOL(vmalloc_32);
1354 * The resulting memory area is 32bit addressable and zeroed so it can be
1355 * mapped to userspace without leaking data.
1356 */
1357 @@ -74041,7 +74062,7 @@ index 56faf31..862c072 100644
1358 void *vmalloc_32_user(unsigned long size)
1359 {
1360 struct vm_struct *area;
1361 -@@ -2091,6 +2163,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
1362 +@@ -2093,6 +2163,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
1363 unsigned long uaddr = vma->vm_start;
1364 unsigned long usize = vma->vm_end - vma->vm_start;
1365
1366
1367 diff --git a/3.1.5/4421_grsec-remove-localversion-grsec.patch b/3.1.6/4421_grsec-remove-localversion-grsec.patch
1368 similarity index 100%
1369 rename from 3.1.5/4421_grsec-remove-localversion-grsec.patch
1370 rename to 3.1.6/4421_grsec-remove-localversion-grsec.patch
1371
1372 diff --git a/3.1.5/4422_grsec-mute-warnings.patch b/3.1.6/4422_grsec-mute-warnings.patch
1373 similarity index 100%
1374 rename from 3.1.5/4422_grsec-mute-warnings.patch
1375 rename to 3.1.6/4422_grsec-mute-warnings.patch
1376
1377 diff --git a/3.1.5/4423_grsec-remove-protected-paths.patch b/3.1.6/4423_grsec-remove-protected-paths.patch
1378 similarity index 100%
1379 rename from 3.1.5/4423_grsec-remove-protected-paths.patch
1380 rename to 3.1.6/4423_grsec-remove-protected-paths.patch
1381
1382 diff --git a/3.1.5/4425_grsec-pax-without-grsec.patch b/3.1.6/4425_grsec-pax-without-grsec.patch
1383 similarity index 100%
1384 rename from 3.1.5/4425_grsec-pax-without-grsec.patch
1385 rename to 3.1.6/4425_grsec-pax-without-grsec.patch
1386
1387 diff --git a/3.1.5/4430_grsec-kconfig-default-gids.patch b/3.1.6/4430_grsec-kconfig-default-gids.patch
1388 similarity index 100%
1389 rename from 3.1.5/4430_grsec-kconfig-default-gids.patch
1390 rename to 3.1.6/4430_grsec-kconfig-default-gids.patch
1391
1392 diff --git a/3.1.5/4435_grsec-kconfig-gentoo.patch b/3.1.6/4435_grsec-kconfig-gentoo.patch
1393 similarity index 100%
1394 rename from 3.1.5/4435_grsec-kconfig-gentoo.patch
1395 rename to 3.1.6/4435_grsec-kconfig-gentoo.patch
1396
1397 diff --git a/3.1.5/4437-grsec-kconfig-proc-user.patch b/3.1.6/4437-grsec-kconfig-proc-user.patch
1398 similarity index 100%
1399 rename from 3.1.5/4437-grsec-kconfig-proc-user.patch
1400 rename to 3.1.6/4437-grsec-kconfig-proc-user.patch
1401
1402 diff --git a/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch
1403 similarity index 100%
1404 rename from 3.1.5/4440_selinux-avc_audit-log-curr_ip.patch
1405 rename to 3.1.6/4440_selinux-avc_audit-log-curr_ip.patch
1406
1407 diff --git a/3.1.5/4445_disable-compat_vdso.patch b/3.1.6/4445_disable-compat_vdso.patch
1408 similarity index 100%
1409 rename from 3.1.5/4445_disable-compat_vdso.patch
1410 rename to 3.1.6/4445_disable-compat_vdso.patch
Report Message
Find on MARC Find on Google Groups