Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.7.1/, 3.7.0/
Date: Wed, 26 Dec 2012 16:12:46
Message-Id: 1356538335.d92b42aa041e4af32620d59d11a277a259ca74fd.blueness@gentoo
1 commit: d92b42aa041e4af32620d59d11a277a259ca74fd
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Dec 26 16:12:15 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Dec 26 16:12:15 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=d92b42aa
7
8 Grsec/PaX: 2.9.1-3.7.1-201212171734
9
10 ---
11 {3.7.0 => 3.7.1}/0000_README | 2 +-
12 .../4420_grsecurity-2.9.1-3.7.1-201212171734.patch | 133 ++++++++++----------
13 3.7.1/4425_grsec_remove_EI_PAX.patch | 19 +++
14 .../4430_grsec-remove-localversion-grsec.patch | 0
15 {3.7.0 => 3.7.1}/4435_grsec-mute-warnings.patch | 0
16 .../4440_grsec-remove-protected-paths.patch | 0
17 .../4450_grsec-kconfig-default-gids.patch | 0
18 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
19 {3.7.0 => 3.7.1}/4470_disable-compat_vdso.patch | 0
20 9 files changed, 87 insertions(+), 67 deletions(-)
21
22 diff --git a/3.7.0/0000_README b/3.7.1/0000_README
23 similarity index 96%
24 rename from 3.7.0/0000_README
25 rename to 3.7.1/0000_README
26 index c9d0060..84caa16 100644
27 --- a/3.7.0/0000_README
28 +++ b/3.7.1/0000_README
29 @@ -2,7 +2,7 @@ README
30 -----------------------------------------------------------------------------
31 Individual Patch Descriptions:
32 -----------------------------------------------------------------------------
33 -Patch: 4420_grsecurity-2.9.1-3.7.0-201212151422.patch
34 +Patch: 4420_grsecurity-2.9.1-3.7.1-201212171734.patch
35 From: http://www.grsecurity.net
36 Desc: hardened-sources base patch from upstream grsecurity
37
38
39 diff --git a/3.7.0/4420_grsecurity-2.9.1-3.7.0-201212151422.patch b/3.7.1/4420_grsecurity-2.9.1-3.7.1-201212171734.patch
40 similarity index 99%
41 rename from 3.7.0/4420_grsecurity-2.9.1-3.7.0-201212151422.patch
42 rename to 3.7.1/4420_grsecurity-2.9.1-3.7.1-201212171734.patch
43 index aaefb83..18a4557 100644
44 --- a/3.7.0/4420_grsecurity-2.9.1-3.7.0-201212151422.patch
45 +++ b/3.7.1/4420_grsecurity-2.9.1-3.7.1-201212171734.patch
46 @@ -251,7 +251,7 @@ index 9776f06..18b1856 100644
47
48 pcd. [PARIDE]
49 diff --git a/Makefile b/Makefile
50 -index 540f7b2..c823fc5 100644
51 +index fbf84a4..339f6de 100644
52 --- a/Makefile
53 +++ b/Makefile
54 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
55 @@ -20650,7 +20650,7 @@ index d017df3..61ae42e 100644
56
57 local_irq_disable();
58 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
59 -index f858159..491d386 100644
60 +index f858159..4ab7dba 100644
61 --- a/arch/x86/kvm/vmx.c
62 +++ b/arch/x86/kvm/vmx.c
63 @@ -1332,7 +1332,11 @@ static void reload_tss(void)
64 @@ -20701,15 +20701,16 @@ index f858159..491d386 100644
65
66 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
67 #ifdef CONFIG_X86_64
68 -@@ -3734,6 +3748,7 @@ static void vmx_set_constant_host_state(void)
69 +@@ -3733,7 +3747,7 @@ static void vmx_set_constant_host_state(void)
70 + native_store_idt(&dt);
71 vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
72
73 - vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */
74 +- vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */
75 + vmcs_writel(HOST_RIP, ktla_ktva(vmx_return)); /* 22.2.5 */
76
77 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
78 vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
79 -@@ -6279,6 +6294,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
80 +@@ -6279,6 +6293,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
81 "jmp 2f \n\t"
82 "1: " __ex(ASM_VMX_VMRESUME) "\n\t"
83 "2: "
84 @@ -20722,7 +20723,7 @@ index f858159..491d386 100644
85 /* Save guest registers, load host registers, keep flags */
86 "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
87 "pop %0 \n\t"
88 -@@ -6331,6 +6352,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
89 +@@ -6331,6 +6351,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
90 #endif
91 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
92 [wordsize]"i"(sizeof(ulong))
93 @@ -20734,7 +20735,7 @@ index f858159..491d386 100644
94 : "cc", "memory"
95 #ifdef CONFIG_X86_64
96 , "rax", "rbx", "rdi", "rsi"
97 -@@ -6344,7 +6370,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
98 +@@ -6344,7 +6369,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
99 if (debugctlmsr)
100 update_debugctlmsr(debugctlmsr);
101
102 @@ -20743,7 +20744,7 @@ index f858159..491d386 100644
103 /*
104 * The sysexit path does not restore ds/es, so we must set them to
105 * a reasonable value ourselves.
106 -@@ -6353,8 +6379,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
107 +@@ -6353,8 +6378,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
108 * may be executed in interrupt context, which saves and restore segments
109 * around it, nullifying its effect.
110 */
111 @@ -51614,7 +51615,7 @@ index 0000000..1b9afa9
112 +endif
113 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
114 new file mode 100644
115 -index 0000000..4428c82
116 +index 0000000..b1810d9
117 --- /dev/null
118 +++ b/grsecurity/gracl.c
119 @@ -0,0 +1,4056 @@
120 @@ -52007,7 +52008,7 @@ index 0000000..4428c82
121 +struct acl_subject_label *
122 +lookup_subject_map(const struct acl_subject_label *userp)
123 +{
124 -+ unsigned int index = shash(userp, subj_map_set.s_size);
125 ++ unsigned int index = gr_shash(userp, subj_map_set.s_size);
126 + struct subject_map *match;
127 +
128 + match = subj_map_set.s_hash[index];
129 @@ -52024,7 +52025,7 @@ index 0000000..4428c82
130 +static void
131 +insert_subj_map_entry(struct subject_map *subjmap)
132 +{
133 -+ unsigned int index = shash(subjmap->user, subj_map_set.s_size);
134 ++ unsigned int index = gr_shash(subjmap->user, subj_map_set.s_size);
135 + struct subject_map **curr;
136 +
137 + subjmap->prev = NULL;
138 @@ -52043,7 +52044,7 @@ index 0000000..4428c82
139 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
140 + const gid_t gid)
141 +{
142 -+ unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
143 ++ unsigned int index = gr_rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
144 + struct acl_role_label *match;
145 + struct role_allowed_ip *ipp;
146 + unsigned int x;
147 @@ -52066,7 +52067,7 @@ index 0000000..4428c82
148 +found:
149 + if (match == NULL) {
150 + try_group:
151 -+ index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
152 ++ index = gr_rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
153 + match = acl_role_set.r_hash[index];
154 +
155 + while (match) {
156 @@ -52112,7 +52113,7 @@ index 0000000..4428c82
157 +lookup_acl_subj_label(const ino_t ino, const dev_t dev,
158 + const struct acl_role_label *role)
159 +{
160 -+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
161 ++ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
162 + struct acl_subject_label *match;
163 +
164 + match = role->subj_hash[index];
165 @@ -52132,7 +52133,7 @@ index 0000000..4428c82
166 +lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
167 + const struct acl_role_label *role)
168 +{
169 -+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
170 ++ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
171 + struct acl_subject_label *match;
172 +
173 + match = role->subj_hash[index];
174 @@ -52152,7 +52153,7 @@ index 0000000..4428c82
175 +lookup_acl_obj_label(const ino_t ino, const dev_t dev,
176 + const struct acl_subject_label *subj)
177 +{
178 -+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
179 ++ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
180 + struct acl_object_label *match;
181 +
182 + match = subj->obj_hash[index];
183 @@ -52172,7 +52173,7 @@ index 0000000..4428c82
184 +lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
185 + const struct acl_subject_label *subj)
186 +{
187 -+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
188 ++ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
189 + struct acl_object_label *match;
190 +
191 + match = subj->obj_hash[index];
192 @@ -52246,7 +52247,7 @@ index 0000000..4428c82
193 +static struct inodev_entry *
194 +lookup_inodev_entry(const ino_t ino, const dev_t dev)
195 +{
196 -+ unsigned int index = fhash(ino, dev, inodev_set.i_size);
197 ++ unsigned int index = gr_fhash(ino, dev, inodev_set.i_size);
198 + struct inodev_entry *match;
199 +
200 + match = inodev_set.i_hash[index];
201 @@ -52260,7 +52261,7 @@ index 0000000..4428c82
202 +static void
203 +insert_inodev_entry(struct inodev_entry *entry)
204 +{
205 -+ unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
206 ++ unsigned int index = gr_fhash(entry->nentry->inode, entry->nentry->device,
207 + inodev_set.i_size);
208 + struct inodev_entry **curr;
209 +
210 @@ -52280,7 +52281,7 @@ index 0000000..4428c82
211 +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
212 +{
213 + unsigned int index =
214 -+ rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
215 ++ gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
216 + struct acl_role_label **curr;
217 + struct acl_role_label *tmp, *tmp2;
218 +
219 @@ -52413,7 +52414,7 @@ index 0000000..4428c82
220 + struct acl_subject_label *subj)
221 +{
222 + unsigned int index =
223 -+ fhash(obj->inode, obj->device, subj->obj_hash_size);
224 ++ gr_fhash(obj->inode, obj->device, subj->obj_hash_size);
225 + struct acl_object_label **curr;
226 +
227 +
228 @@ -52433,7 +52434,7 @@ index 0000000..4428c82
229 +insert_acl_subj_label(struct acl_subject_label *obj,
230 + struct acl_role_label *role)
231 +{
232 -+ unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
233 ++ unsigned int index = gr_fhash(obj->inode, obj->device, role->subj_hash_size);
234 + struct acl_subject_label **curr;
235 +
236 + obj->prev = NULL;
237 @@ -54297,7 +54298,7 @@ index 0000000..4428c82
238 + const ino_t newinode, const dev_t newdevice,
239 + struct acl_subject_label *subj)
240 +{
241 -+ unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
242 ++ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
243 + struct acl_object_label *match;
244 +
245 + match = subj->obj_hash[index];
246 @@ -54336,7 +54337,7 @@ index 0000000..4428c82
247 + const ino_t newinode, const dev_t newdevice,
248 + struct acl_role_label *role)
249 +{
250 -+ unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
251 ++ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
252 + struct acl_subject_label *match;
253 +
254 + match = role->subj_hash[index];
255 @@ -54374,7 +54375,7 @@ index 0000000..4428c82
256 +update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
257 + const ino_t newinode, const dev_t newdevice)
258 +{
259 -+ unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
260 ++ unsigned int index = gr_fhash(oldinode, olddevice, inodev_set.i_size);
261 + struct inodev_entry *match;
262 +
263 + match = inodev_set.i_hash[index];
264 @@ -61755,7 +61756,7 @@ index d0a7967..63c4c47 100644
265 {
266 diff --git a/include/linux/gracl.h b/include/linux/gracl.h
267 new file mode 100644
268 -index 0000000..c938b1f
269 +index 0000000..ebe6d72
270 --- /dev/null
271 +++ b/include/linux/gracl.h
272 @@ -0,0 +1,319 @@
273 @@ -62019,25 +62020,25 @@ index 0000000..c938b1f
274 + Shift/add algorithm with modulus of table size and an XOR*/
275 +
276 +static __inline__ unsigned int
277 -+rhash(const uid_t uid, const __u16 type, const unsigned int sz)
278 ++gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
279 +{
280 + return ((((uid + type) << (16 + type)) ^ uid) % sz);
281 +}
282 +
283 + static __inline__ unsigned int
284 -+shash(const struct acl_subject_label *userp, const unsigned int sz)
285 ++gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
286 +{
287 + return ((const unsigned long)userp % sz);
288 +}
289 +
290 +static __inline__ unsigned int
291 -+fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
292 ++gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
293 +{
294 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
295 +}
296 +
297 +static __inline__ unsigned int
298 -+nhash(const char *name, const __u16 len, const unsigned int sz)
299 ++gr_nhash(const char *name, const __u16 len, const unsigned int sz)
300 +{
301 + return full_name_hash((const unsigned char *)name, len) % sz;
302 +}
303 @@ -69684,7 +69685,7 @@ index aaa7b9f..055ff1e 100644
304 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
305 per_cpu(rcu_torture_count, cpu)[i] = 0;
306 diff --git a/kernel/rcutree.c b/kernel/rcutree.c
307 -index 74df86b..e0702bb 100644
308 +index 2682295..0f2297e 100644
309 --- a/kernel/rcutree.c
310 +++ b/kernel/rcutree.c
311 @@ -348,9 +348,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
312 @@ -69791,7 +69792,7 @@ index 74df86b..e0702bb 100644
313 }
314
315 /*
316 -@@ -1830,7 +1830,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
317 +@@ -1831,7 +1831,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
318 }
319 smp_mb(); /* List handling before counting for rcu_barrier(). */
320 rdp->qlen_lazy -= count_lazy;
321 @@ -69800,7 +69801,7 @@ index 74df86b..e0702bb 100644
322 rdp->n_cbs_invoked += count;
323
324 /* Reinstate batch limit if we have worked down the excess. */
325 -@@ -2023,7 +2023,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
326 +@@ -2024,7 +2024,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
327 /*
328 * Do RCU core processing for the current CPU.
329 */
330 @@ -69809,7 +69810,7 @@ index 74df86b..e0702bb 100644
331 {
332 struct rcu_state *rsp;
333
334 -@@ -2135,7 +2135,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
335 +@@ -2136,7 +2136,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
336 local_irq_restore(flags);
337 return;
338 }
339 @@ -69818,7 +69819,7 @@ index 74df86b..e0702bb 100644
340 if (lazy)
341 rdp->qlen_lazy++;
342 else
343 -@@ -2249,8 +2249,8 @@ void synchronize_rcu_bh(void)
344 +@@ -2250,8 +2250,8 @@ void synchronize_rcu_bh(void)
345 }
346 EXPORT_SYMBOL_GPL(synchronize_rcu_bh);
347
348 @@ -69829,7 +69830,7 @@ index 74df86b..e0702bb 100644
349
350 static int synchronize_sched_expedited_cpu_stop(void *data)
351 {
352 -@@ -2311,7 +2311,7 @@ void synchronize_sched_expedited(void)
353 +@@ -2312,7 +2312,7 @@ void synchronize_sched_expedited(void)
354 int firstsnap, s, snap, trycount = 0;
355
356 /* Note that atomic_inc_return() implies full memory barrier. */
357 @@ -69838,7 +69839,7 @@ index 74df86b..e0702bb 100644
358 get_online_cpus();
359 WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id()));
360
361 -@@ -2333,7 +2333,7 @@ void synchronize_sched_expedited(void)
362 +@@ -2334,7 +2334,7 @@ void synchronize_sched_expedited(void)
363 }
364
365 /* Check to see if someone else did our work for us. */
366 @@ -69847,7 +69848,7 @@ index 74df86b..e0702bb 100644
367 if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) {
368 smp_mb(); /* ensure test happens before caller kfree */
369 return;
370 -@@ -2348,7 +2348,7 @@ void synchronize_sched_expedited(void)
371 +@@ -2349,7 +2349,7 @@ void synchronize_sched_expedited(void)
372 * grace period works for us.
373 */
374 get_online_cpus();
375 @@ -69856,7 +69857,7 @@ index 74df86b..e0702bb 100644
376 smp_mb(); /* ensure read is before try_stop_cpus(). */
377 }
378
379 -@@ -2359,12 +2359,12 @@ void synchronize_sched_expedited(void)
380 +@@ -2360,12 +2360,12 @@ void synchronize_sched_expedited(void)
381 * than we did beat us to the punch.
382 */
383 do {
384 @@ -69871,7 +69872,7 @@ index 74df86b..e0702bb 100644
385
386 put_online_cpus();
387 }
388 -@@ -2538,7 +2538,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
389 +@@ -2539,7 +2539,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
390 * ACCESS_ONCE() to prevent the compiler from speculating
391 * the increment to precede the early-exit check.
392 */
393 @@ -69880,7 +69881,7 @@ index 74df86b..e0702bb 100644
394 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1);
395 _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done);
396 smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */
397 -@@ -2580,7 +2580,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
398 +@@ -2581,7 +2581,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
399
400 /* Increment ->n_barrier_done to prevent duplicate work. */
401 smp_mb(); /* Keep increment after above mechanism. */
402 @@ -69889,7 +69890,7 @@ index 74df86b..e0702bb 100644
403 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0);
404 _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done);
405 smp_mb(); /* Keep increment before caller's subsequent code. */
406 -@@ -2625,10 +2625,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
407 +@@ -2626,10 +2626,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
408 rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo);
409 init_callback_list(rdp);
410 rdp->qlen_lazy = 0;
411 @@ -69902,7 +69903,7 @@ index 74df86b..e0702bb 100644
412 #ifdef CONFIG_RCU_USER_QS
413 WARN_ON_ONCE(rdp->dynticks->in_user);
414 #endif
415 -@@ -2663,8 +2663,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
416 +@@ -2664,8 +2664,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
417 rdp->blimit = blimit;
418 init_callback_list(rdp); /* Re-enable callbacks on this CPU. */
419 rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE;
420 @@ -71034,7 +71035,7 @@ index c0bd030..62a1927 100644
421 ret = -EIO;
422 bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
423 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
424 -index 9dcf15d..9bab704 100644
425 +index 51b7159..7f83cf8 100644
426 --- a/kernel/trace/ftrace.c
427 +++ b/kernel/trace/ftrace.c
428 @@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
429 @@ -71078,7 +71079,7 @@ index 9dcf15d..9bab704 100644
430 start_pg = ftrace_allocate_pages(count);
431 if (!start_pg)
432 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
433 -index b979426..c54ff13 100644
434 +index 4cb5e51..e7e05d9 100644
435 --- a/kernel/trace/ring_buffer.c
436 +++ b/kernel/trace/ring_buffer.c
437 @@ -346,9 +346,9 @@ struct buffer_data_page {
438 @@ -71150,7 +71151,7 @@ index b979426..c54ff13 100644
439 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
440 }
441
442 -@@ -1903,7 +1903,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
443 +@@ -1905,7 +1905,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
444 * it is our responsibility to update
445 * the counters.
446 */
447 @@ -71159,7 +71160,7 @@ index b979426..c54ff13 100644
448 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
449
450 /*
451 -@@ -2053,7 +2053,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
452 +@@ -2055,7 +2055,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
453 if (tail == BUF_PAGE_SIZE)
454 tail_page->real_end = 0;
455
456 @@ -71168,7 +71169,7 @@ index b979426..c54ff13 100644
457 return;
458 }
459
460 -@@ -2088,7 +2088,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
461 +@@ -2090,7 +2090,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
462 rb_event_set_padding(event);
463
464 /* Set the write back to the previous setting */
465 @@ -71177,7 +71178,7 @@ index b979426..c54ff13 100644
466 return;
467 }
468
469 -@@ -2100,7 +2100,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
470 +@@ -2102,7 +2102,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
471
472 /* Set write to end of buffer */
473 length = (tail + length) - BUF_PAGE_SIZE;
474 @@ -71186,7 +71187,7 @@ index b979426..c54ff13 100644
475 }
476
477 /*
478 -@@ -2126,7 +2126,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
479 +@@ -2128,7 +2128,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
480 * about it.
481 */
482 if (unlikely(next_page == commit_page)) {
483 @@ -71195,7 +71196,7 @@ index b979426..c54ff13 100644
484 goto out_reset;
485 }
486
487 -@@ -2180,7 +2180,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
488 +@@ -2182,7 +2182,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
489 cpu_buffer->tail_page) &&
490 (cpu_buffer->commit_page ==
491 cpu_buffer->reader_page))) {
492 @@ -71204,7 +71205,7 @@ index b979426..c54ff13 100644
493 goto out_reset;
494 }
495 }
496 -@@ -2228,7 +2228,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
497 +@@ -2230,7 +2230,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
498 length += RB_LEN_TIME_EXTEND;
499
500 tail_page = cpu_buffer->tail_page;
501 @@ -71213,7 +71214,7 @@ index b979426..c54ff13 100644
502
503 /* set write to only the index of the write */
504 write &= RB_WRITE_MASK;
505 -@@ -2245,7 +2245,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
506 +@@ -2247,7 +2247,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
507 kmemcheck_annotate_bitfield(event, bitfield);
508 rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
509
510 @@ -71222,7 +71223,7 @@ index b979426..c54ff13 100644
511
512 /*
513 * If this is the first commit on the page, then update
514 -@@ -2278,7 +2278,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
515 +@@ -2280,7 +2280,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
516
517 if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
518 unsigned long write_mask =
519 @@ -71231,7 +71232,7 @@ index b979426..c54ff13 100644
520 unsigned long event_length = rb_event_length(event);
521 /*
522 * This is on the tail page. It is possible that
523 -@@ -2288,7 +2288,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
524 +@@ -2290,7 +2290,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
525 */
526 old_index += write_mask;
527 new_index += write_mask;
528 @@ -71240,7 +71241,7 @@ index b979426..c54ff13 100644
529 if (index == old_index) {
530 /* update counters */
531 local_sub(event_length, &cpu_buffer->entries_bytes);
532 -@@ -2627,7 +2627,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
533 +@@ -2629,7 +2629,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
534
535 /* Do the likely case first */
536 if (likely(bpage->page == (void *)addr)) {
537 @@ -71249,7 +71250,7 @@ index b979426..c54ff13 100644
538 return;
539 }
540
541 -@@ -2639,7 +2639,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
542 +@@ -2641,7 +2641,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
543 start = bpage;
544 do {
545 if (bpage->page == (void *)addr) {
546 @@ -71258,7 +71259,7 @@ index b979426..c54ff13 100644
547 return;
548 }
549 rb_inc_page(cpu_buffer, &bpage);
550 -@@ -2921,7 +2921,7 @@ static inline unsigned long
551 +@@ -2923,7 +2923,7 @@ static inline unsigned long
552 rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
553 {
554 return local_read(&cpu_buffer->entries) -
555 @@ -71267,7 +71268,7 @@ index b979426..c54ff13 100644
556 }
557
558 /**
559 -@@ -3008,7 +3008,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
560 +@@ -3011,7 +3011,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
561 return 0;
562
563 cpu_buffer = buffer->buffers[cpu];
564 @@ -71276,7 +71277,7 @@ index b979426..c54ff13 100644
565
566 return ret;
567 }
568 -@@ -3029,7 +3029,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
569 +@@ -3032,7 +3032,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
570 return 0;
571
572 cpu_buffer = buffer->buffers[cpu];
573 @@ -71285,7 +71286,7 @@ index b979426..c54ff13 100644
574
575 return ret;
576 }
577 -@@ -3074,7 +3074,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
578 +@@ -3077,7 +3077,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
579 /* if you care about this being correct, lock the buffer */
580 for_each_buffer_cpu(buffer, cpu) {
581 cpu_buffer = buffer->buffers[cpu];
582 @@ -71294,7 +71295,7 @@ index b979426..c54ff13 100644
583 }
584
585 return overruns;
586 -@@ -3250,8 +3250,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
587 +@@ -3253,8 +3253,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
588 /*
589 * Reset the reader page to size zero.
590 */
591 @@ -71305,7 +71306,7 @@ index b979426..c54ff13 100644
592 local_set(&cpu_buffer->reader_page->page->commit, 0);
593 cpu_buffer->reader_page->real_end = 0;
594
595 -@@ -3283,7 +3283,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
596 +@@ -3288,7 +3288,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
597 * want to compare with the last_overrun.
598 */
599 smp_mb();
600 @@ -71314,7 +71315,7 @@ index b979426..c54ff13 100644
601
602 /*
603 * Here's the tricky part.
604 -@@ -3848,8 +3848,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
605 +@@ -3858,8 +3858,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
606
607 cpu_buffer->head_page
608 = list_entry(cpu_buffer->pages, struct buffer_page, list);
609 @@ -71325,7 +71326,7 @@ index b979426..c54ff13 100644
610 local_set(&cpu_buffer->head_page->page->commit, 0);
611
612 cpu_buffer->head_page->read = 0;
613 -@@ -3859,14 +3859,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
614 +@@ -3869,14 +3869,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
615
616 INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
617 INIT_LIST_HEAD(&cpu_buffer->new_pages);
618 @@ -71344,7 +71345,7 @@ index b979426..c54ff13 100644
619 local_set(&cpu_buffer->entries, 0);
620 local_set(&cpu_buffer->committing, 0);
621 local_set(&cpu_buffer->commits, 0);
622 -@@ -4269,8 +4269,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
623 +@@ -4279,8 +4279,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
624 rb_init_page(bpage);
625 bpage = reader->page;
626 reader->page = *data_page;
627
628 diff --git a/3.7.1/4425_grsec_remove_EI_PAX.patch b/3.7.1/4425_grsec_remove_EI_PAX.patch
629 new file mode 100644
630 index 0000000..97e6951
631 --- /dev/null
632 +++ b/3.7.1/4425_grsec_remove_EI_PAX.patch
633 @@ -0,0 +1,19 @@
634 +From: Anthony G. Basile <blueness@g.o>
635 +
636 +Deprecate EI_PAX.
637 +
638 +X-Gentoo-Bug: 445600
639 +X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
640 +
641 +diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
642 +--- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500
643 ++++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500
644 +@@ -263,7 +263,7 @@
645 +
646 + config PAX_EI_PAX
647 + bool 'Use legacy ELF header marking'
648 +- default y if GRKERNSEC_CONFIG_AUTO
649 ++ depends on BROKEN
650 + help
651 + Enabling this option will allow you to control PaX features on
652 + a per executable basis via the 'chpax' utility available at
653
654 diff --git a/3.7.0/4430_grsec-remove-localversion-grsec.patch b/3.7.1/4430_grsec-remove-localversion-grsec.patch
655 similarity index 100%
656 rename from 3.7.0/4430_grsec-remove-localversion-grsec.patch
657 rename to 3.7.1/4430_grsec-remove-localversion-grsec.patch
658
659 diff --git a/3.7.0/4435_grsec-mute-warnings.patch b/3.7.1/4435_grsec-mute-warnings.patch
660 similarity index 100%
661 rename from 3.7.0/4435_grsec-mute-warnings.patch
662 rename to 3.7.1/4435_grsec-mute-warnings.patch
663
664 diff --git a/3.7.0/4440_grsec-remove-protected-paths.patch b/3.7.1/4440_grsec-remove-protected-paths.patch
665 similarity index 100%
666 rename from 3.7.0/4440_grsec-remove-protected-paths.patch
667 rename to 3.7.1/4440_grsec-remove-protected-paths.patch
668
669 diff --git a/3.7.0/4450_grsec-kconfig-default-gids.patch b/3.7.1/4450_grsec-kconfig-default-gids.patch
670 similarity index 100%
671 rename from 3.7.0/4450_grsec-kconfig-default-gids.patch
672 rename to 3.7.1/4450_grsec-kconfig-default-gids.patch
673
674 diff --git a/3.7.0/4465_selinux-avc_audit-log-curr_ip.patch b/3.7.1/4465_selinux-avc_audit-log-curr_ip.patch
675 similarity index 100%
676 rename from 3.7.0/4465_selinux-avc_audit-log-curr_ip.patch
677 rename to 3.7.1/4465_selinux-avc_audit-log-curr_ip.patch
678
679 diff --git a/3.7.0/4470_disable-compat_vdso.patch b/3.7.1/4470_disable-compat_vdso.patch
680 similarity index 100%
681 rename from 3.7.0/4470_disable-compat_vdso.patch
682 rename to 3.7.1/4470_disable-compat_vdso.patch
Report Message
Find on MARC Find on Google Groups