1 |
commit: 8cfabd4a07eb6dd70deed8064c51ce937d31c5e0 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Nov 18 22:56:15 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Nov 18 22:56:15 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=8cfabd4a |
7 |
|
8 |
Grsec/PaX: 2.2.2-3.1.1-201111171911 |
9 |
|
10 |
--- |
11 |
3.1.1/0000_README | 2 +- |
12 |
...4420_grsecurity-2.2.2-3.1.1-201111171911.patch} | 293 ++++++++------------ |
13 |
3.1.1/4422_grsec-mute-warnings.patch | 11 +- |
14 |
3 files changed, 125 insertions(+), 181 deletions(-) |
15 |
|
16 |
diff --git a/3.1.1/0000_README b/3.1.1/0000_README |
17 |
index debad5a..2f63187 100644 |
18 |
--- a/3.1.1/0000_README |
19 |
+++ b/3.1.1/0000_README |
20 |
@@ -3,7 +3,7 @@ README |
21 |
|
22 |
Individual Patch Descriptions: |
23 |
----------------------------------------------------------------------------- |
24 |
-Patch: 4420_grsecurity-2.2.2-3.1.1-201111170037.patch |
25 |
+Patch: 4420_grsecurity-2.2.2-3.1.1-201111171911.patch |
26 |
From: http://www.grsecurity.net |
27 |
Desc: hardened-sources base patch from upstream grsecurity |
28 |
|
29 |
|
30 |
diff --git a/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111170037.patch b/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111171911.patch |
31 |
similarity index 99% |
32 |
rename from 3.1.1/4420_grsecurity-2.2.2-3.1.1-201111170037.patch |
33 |
rename to 3.1.1/4420_grsecurity-2.2.2-3.1.1-201111171911.patch |
34 |
index 4c833da..0a5ebc1 100644 |
35 |
--- a/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111170037.patch |
36 |
+++ b/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111171911.patch |
37 |
@@ -5689,7 +5689,7 @@ diff -urNp linux-3.1.1/arch/x86/ia32/ia32_aout.c linux-3.1.1/arch/x86/ia32/ia32_ |
38 |
has_dumped = 1; |
39 |
diff -urNp linux-3.1.1/arch/x86/ia32/ia32entry.S linux-3.1.1/arch/x86/ia32/ia32entry.S |
40 |
--- linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-11 15:19:27.000000000 -0500 |
41 |
-+++ linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-16 18:40:08.000000000 -0500 |
42 |
++++ linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-17 18:27:57.000000000 -0500 |
43 |
@@ -13,7 +13,9 @@ |
44 |
#include <asm/thread_info.h> |
45 |
#include <asm/segment.h> |
46 |
@@ -5721,11 +5721,11 @@ diff -urNp linux-3.1.1/arch/x86/ia32/ia32entry.S linux-3.1.1/arch/x86/ia32/ia32e |
47 |
+#endif |
48 |
+ .endm |
49 |
+ |
50 |
-+ .macro pax_erase_kstack |
51 |
++.macro pax_erase_kstack |
52 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
53 |
+ call pax_erase_kstack |
54 |
+#endif |
55 |
-+ .endm |
56 |
++.endm |
57 |
+ |
58 |
/* |
59 |
* 32bit SYSENTER instruction entry. |
60 |
@@ -12370,7 +12370,7 @@ diff -urNp linux-3.1.1/arch/x86/kernel/entry_32.S linux-3.1.1/arch/x86/kernel/en |
61 |
/* |
62 |
diff -urNp linux-3.1.1/arch/x86/kernel/entry_64.S linux-3.1.1/arch/x86/kernel/entry_64.S |
63 |
--- linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-11 15:19:27.000000000 -0500 |
64 |
-+++ linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-16 18:40:08.000000000 -0500 |
65 |
++++ linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-17 18:28:56.000000000 -0500 |
66 |
@@ -55,6 +55,8 @@ |
67 |
#include <asm/paravirt.h> |
68 |
#include <asm/ftrace.h> |
69 |
@@ -12653,11 +12653,11 @@ diff -urNp linux-3.1.1/arch/x86/kernel/entry_64.S linux-3.1.1/arch/x86/kernel/en |
70 |
+ENDPROC(pax_exit_kernel_user) |
71 |
+#endif |
72 |
+ |
73 |
-+ .macro pax_erase_kstack |
74 |
++.macro pax_erase_kstack |
75 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
76 |
+ call pax_erase_kstack |
77 |
+#endif |
78 |
-+ .endm |
79 |
++.endm |
80 |
+ |
81 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
82 |
+/* |
83 |
@@ -14811,7 +14811,7 @@ diff -urNp linux-3.1.1/arch/x86/kernel/module.c linux-3.1.1/arch/x86/kernel/modu |
84 |
goto overflow; |
85 |
diff -urNp linux-3.1.1/arch/x86/kernel/paravirt.c linux-3.1.1/arch/x86/kernel/paravirt.c |
86 |
--- linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-11 15:19:27.000000000 -0500 |
87 |
-+++ linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-16 18:40:08.000000000 -0500 |
88 |
++++ linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-17 18:29:42.000000000 -0500 |
89 |
@@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x) |
90 |
{ |
91 |
return x; |
92 |
@@ -14822,15 +14822,6 @@ diff -urNp linux-3.1.1/arch/x86/kernel/paravirt.c linux-3.1.1/arch/x86/kernel/pa |
93 |
|
94 |
void __init default_banner(void) |
95 |
{ |
96 |
-@@ -122,7 +125,7 @@ unsigned paravirt_patch_jmp(void *insnbu |
97 |
- * corresponding structure. */ |
98 |
- static void *get_call_destination(u8 type) |
99 |
- { |
100 |
-- struct paravirt_patch_template tmpl = { |
101 |
-+ const struct paravirt_patch_template tmpl = { |
102 |
- .pv_init_ops = pv_init_ops, |
103 |
- .pv_time_ops = pv_time_ops, |
104 |
- .pv_cpu_ops = pv_cpu_ops, |
105 |
@@ -133,6 +136,9 @@ static void *get_call_destination(u8 typ |
106 |
.pv_lock_ops = pv_lock_ops, |
107 |
#endif |
108 |
@@ -19809,15 +19800,15 @@ diff -urNp linux-3.1.1/arch/x86/lib/usercopy_64.c linux-3.1.1/arch/x86/lib/userc |
109 |
unsigned zero_len; |
110 |
diff -urNp linux-3.1.1/arch/x86/Makefile linux-3.1.1/arch/x86/Makefile |
111 |
--- linux-3.1.1/arch/x86/Makefile 2011-11-11 15:19:27.000000000 -0500 |
112 |
-+++ linux-3.1.1/arch/x86/Makefile 2011-11-16 18:40:08.000000000 -0500 |
113 |
-@@ -44,6 +44,7 @@ ifeq ($(CONFIG_X86_32),y) |
114 |
- else |
115 |
- BITS := 64 |
116 |
++++ linux-3.1.1/arch/x86/Makefile 2011-11-17 18:30:30.000000000 -0500 |
117 |
+@@ -46,6 +46,7 @@ else |
118 |
UTS_MACHINE := x86_64 |
119 |
-+ biarch := $(call cc-option,-m64) |
120 |
CHECKFLAGS += -D__x86_64__ -m64 |
121 |
|
122 |
++ biarch := $(call cc-option,-m64) |
123 |
KBUILD_AFLAGS += -m64 |
124 |
+ KBUILD_CFLAGS += -m64 |
125 |
+ |
126 |
@@ -195,3 +196,12 @@ define archhelp |
127 |
echo ' FDARGS="..." arguments for the booted kernel' |
128 |
echo ' FDINITRD=file initrd for the booted kernel' |
129 |
@@ -21168,7 +21159,7 @@ diff -urNp linux-3.1.1/arch/x86/mm/init_64.c linux-3.1.1/arch/x86/mm/init_64.c |
130 |
return "[vsyscall]"; |
131 |
diff -urNp linux-3.1.1/arch/x86/mm/init.c linux-3.1.1/arch/x86/mm/init.c |
132 |
--- linux-3.1.1/arch/x86/mm/init.c 2011-11-11 15:19:27.000000000 -0500 |
133 |
-+++ linux-3.1.1/arch/x86/mm/init.c 2011-11-16 18:40:08.000000000 -0500 |
134 |
++++ linux-3.1.1/arch/x86/mm/init.c 2011-11-17 18:31:28.000000000 -0500 |
135 |
@@ -31,7 +31,7 @@ int direct_gbpages |
136 |
static void __init find_early_table_space(unsigned long end, int use_pse, |
137 |
int use_gbpages) |
138 |
@@ -21178,7 +21169,7 @@ diff -urNp linux-3.1.1/arch/x86/mm/init.c linux-3.1.1/arch/x86/mm/init.c |
139 |
phys_addr_t base; |
140 |
|
141 |
puds = (end + PUD_SIZE - 1) >> PUD_SHIFT; |
142 |
-@@ -312,12 +312,34 @@ unsigned long __init_refok init_memory_m |
143 |
+@@ -312,8 +312,29 @@ unsigned long __init_refok init_memory_m |
144 |
*/ |
145 |
int devmem_is_allowed(unsigned long pagenr) |
146 |
{ |
147 |
@@ -21209,12 +21200,7 @@ diff -urNp linux-3.1.1/arch/x86/mm/init.c linux-3.1.1/arch/x86/mm/init.c |
148 |
if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) |
149 |
return 0; |
150 |
if (!page_is_ram(pagenr)) |
151 |
- return 1; |
152 |
-+ |
153 |
- return 0; |
154 |
- } |
155 |
- |
156 |
-@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigne |
157 |
+@@ -372,6 +393,86 @@ void free_init_pages(char *what, unsigne |
158 |
|
159 |
void free_initmem(void) |
160 |
{ |
161 |
@@ -25478,7 +25464,7 @@ diff -urNp linux-3.1.1/drivers/char/mbcs.c linux-3.1.1/drivers/char/mbcs.c |
162 |
.mfg_num = MBCS_MFG_NUM, |
163 |
diff -urNp linux-3.1.1/drivers/char/mem.c linux-3.1.1/drivers/char/mem.c |
164 |
--- linux-3.1.1/drivers/char/mem.c 2011-11-11 15:19:27.000000000 -0500 |
165 |
-+++ linux-3.1.1/drivers/char/mem.c 2011-11-16 18:40:10.000000000 -0500 |
166 |
++++ linux-3.1.1/drivers/char/mem.c 2011-11-17 18:31:56.000000000 -0500 |
167 |
@@ -18,6 +18,7 @@ |
168 |
#include <linux/raw.h> |
169 |
#include <linux/tty.h> |
170 |
@@ -25492,7 +25478,7 @@ diff -urNp linux-3.1.1/drivers/char/mem.c linux-3.1.1/drivers/char/mem.c |
171 |
#endif |
172 |
|
173 |
+#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC) |
174 |
-+extern struct file_operations grsec_fops; |
175 |
++extern const struct file_operations grsec_fops; |
176 |
+#endif |
177 |
+ |
178 |
static inline unsigned long size_inside_page(unsigned long start, |
179 |
@@ -29898,14 +29884,8 @@ diff -urNp linux-3.1.1/drivers/media/dvb/dvb-core/dvb_ca_en50221.c linux-3.1.1/d |
180 |
/* Incoming packet has a 2 byte header. hdr[0] = slot_id, hdr[1] = connection_id */ |
181 |
diff -urNp linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h |
182 |
--- linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-11 15:19:27.000000000 -0500 |
183 |
-+++ linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-16 18:40:10.000000000 -0500 |
184 |
-@@ -68,12 +68,12 @@ struct dvb_demux_feed { |
185 |
- union { |
186 |
- struct dmx_ts_feed ts; |
187 |
- struct dmx_section_feed sec; |
188 |
-- } feed; |
189 |
-+ } __no_const feed; |
190 |
- |
191 |
++++ linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-17 18:34:32.000000000 -0500 |
192 |
+@@ -73,7 +73,7 @@ struct dvb_demux_feed { |
193 |
union { |
194 |
dmx_ts_cb ts; |
195 |
dmx_section_cb sec; |
196 |
@@ -29950,18 +29930,6 @@ diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dib0700_core.c linux-3.1.1/driv |
197 |
while ((ret = dvb_usb_get_hexline(fw, &hx, &pos)) > 0) { |
198 |
deb_fwdata("writing to address 0x%08x (buffer: 0x%02x %02x)\n", |
199 |
hx.addr, hx.len, hx.chk); |
200 |
-diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h |
201 |
---- linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h 2011-11-11 15:19:27.000000000 -0500 |
202 |
-+++ linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h 2011-11-16 18:40:10.000000000 -0500 |
203 |
-@@ -97,7 +97,7 @@ |
204 |
- #define DIBUSB_IOCTL_CMD_DISABLE_STREAM 0x02 |
205 |
- |
206 |
- struct dibusb_state { |
207 |
-- struct dib_fe_xfer_ops ops; |
208 |
-+ dib_fe_xfer_ops_no_const ops; |
209 |
- int mt2060_present; |
210 |
- u8 tuner_addr; |
211 |
- }; |
212 |
diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c |
213 |
--- linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c 2011-11-11 15:19:27.000000000 -0500 |
214 |
+++ linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c 2011-11-16 18:39:07.000000000 -0500 |
215 |
@@ -29996,32 +29964,16 @@ diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/lmedm04.c linux-3.1.1/drivers/m |
216 |
info("FRM Firmware Cold Reset"); |
217 |
diff -urNp linux-3.1.1/drivers/media/dvb/frontends/dib3000.h linux-3.1.1/drivers/media/dvb/frontends/dib3000.h |
218 |
--- linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-11 15:19:27.000000000 -0500 |
219 |
-+++ linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-16 18:40:10.000000000 -0500 |
220 |
-@@ -40,10 +40,11 @@ struct dib_fe_xfer_ops |
221 |
++++ linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-17 18:38:05.000000000 -0500 |
222 |
+@@ -39,7 +39,7 @@ struct dib_fe_xfer_ops |
223 |
+ int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff); |
224 |
int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff); |
225 |
int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl); |
226 |
- }; |
227 |
-+typedef struct dib_fe_xfer_ops __no_const dib_fe_xfer_ops_no_const; |
228 |
+-}; |
229 |
++} __no_const; |
230 |
|
231 |
#if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) |
232 |
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, |
233 |
-- struct i2c_adapter* i2c, struct dib_fe_xfer_ops *xfer_ops); |
234 |
-+ struct i2c_adapter* i2c, dib_fe_xfer_ops_no_const *xfer_ops); |
235 |
- #else |
236 |
- static inline struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, |
237 |
- struct i2c_adapter* i2c, struct dib_fe_xfer_ops *xfer_ops) |
238 |
-diff -urNp linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c |
239 |
---- linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c 2011-11-11 15:19:27.000000000 -0500 |
240 |
-+++ linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c 2011-11-16 18:40:10.000000000 -0500 |
241 |
-@@ -756,7 +756,7 @@ static int dib3000mb_tuner_pass_ctrl(str |
242 |
- static struct dvb_frontend_ops dib3000mb_ops; |
243 |
- |
244 |
- struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, |
245 |
-- struct i2c_adapter* i2c, struct dib_fe_xfer_ops *xfer_ops) |
246 |
-+ struct i2c_adapter* i2c, dib_fe_xfer_ops_no_const *xfer_ops) |
247 |
- { |
248 |
- struct dib3000_state* state = NULL; |
249 |
- |
250 |
diff -urNp linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c |
251 |
--- linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c 2011-11-11 15:19:27.000000000 -0500 |
252 |
+++ linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c 2011-11-16 18:40:10.000000000 -0500 |
253 |
@@ -30177,7 +30129,7 @@ diff -urNp linux-3.1.1/drivers/media/video/saa7164/saa7164-cmd.c linux-3.1.1/dri |
254 |
struct tmComResInfo tRsp = { 0, 0, 0, 0, 0, 0 }; |
255 |
diff -urNp linux-3.1.1/drivers/media/video/timblogiw.c linux-3.1.1/drivers/media/video/timblogiw.c |
256 |
--- linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-11 15:19:27.000000000 -0500 |
257 |
-+++ linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-16 18:40:10.000000000 -0500 |
258 |
++++ linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-17 18:36:32.000000000 -0500 |
259 |
@@ -744,7 +744,7 @@ static int timblogiw_mmap(struct file *f |
260 |
|
261 |
/* Platform device functions */ |
262 |
@@ -30187,6 +30139,15 @@ diff -urNp linux-3.1.1/drivers/media/video/timblogiw.c linux-3.1.1/drivers/media |
263 |
.vidioc_querycap = timblogiw_querycap, |
264 |
.vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt, |
265 |
.vidioc_g_fmt_vid_cap = timblogiw_g_fmt, |
266 |
+@@ -766,7 +766,7 @@ static __devinitconst struct v4l2_ioctl_ |
267 |
+ .vidioc_enum_framesizes = timblogiw_enum_framesizes, |
268 |
+ }; |
269 |
+ |
270 |
+-static __devinitconst struct v4l2_file_operations timblogiw_fops = { |
271 |
++static __devinitconst v4l2_file_operations_no_const timblogiw_fops = { |
272 |
+ .owner = THIS_MODULE, |
273 |
+ .open = timblogiw_open, |
274 |
+ .release = timblogiw_close, |
275 |
diff -urNp linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c |
276 |
--- linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c 2011-11-11 15:19:27.000000000 -0500 |
277 |
+++ linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c 2011-11-16 18:40:10.000000000 -0500 |
278 |
@@ -34962,6 +34923,27 @@ diff -urNp linux-3.1.1/drivers/staging/iio/ring_generic.h linux-3.1.1/drivers/st |
279 |
|
280 |
struct iio_ring_setup_ops { |
281 |
int (*preenable)(struct iio_dev *); |
282 |
+diff -urNp linux-3.1.1/drivers/staging/mei/interface.c linux-3.1.1/drivers/staging/mei/interface.c |
283 |
+--- linux-3.1.1/drivers/staging/mei/interface.c 2011-11-11 15:19:27.000000000 -0500 |
284 |
++++ linux-3.1.1/drivers/staging/mei/interface.c 2011-11-17 18:39:18.000000000 -0500 |
285 |
+@@ -332,7 +332,7 @@ int mei_send_flow_control(struct mei_dev |
286 |
+ mei_hdr->reserved = 0; |
287 |
+ |
288 |
+ mei_flow_control = (struct hbm_flow_control *) &dev->wr_msg_buf[1]; |
289 |
+- memset(mei_flow_control, 0, sizeof(mei_flow_control)); |
290 |
++ memset(mei_flow_control, 0, sizeof(*mei_flow_control)); |
291 |
+ mei_flow_control->host_addr = cl->host_client_id; |
292 |
+ mei_flow_control->me_addr = cl->me_client_id; |
293 |
+ mei_flow_control->cmd.cmd = MEI_FLOW_CONTROL_CMD; |
294 |
+@@ -396,7 +396,7 @@ int mei_disconnect(struct mei_device *de |
295 |
+ |
296 |
+ mei_cli_disconnect = |
297 |
+ (struct hbm_client_disconnect_request *) &dev->wr_msg_buf[1]; |
298 |
+- memset(mei_cli_disconnect, 0, sizeof(mei_cli_disconnect)); |
299 |
++ memset(mei_cli_disconnect, 0, sizeof(*mei_cli_disconnect)); |
300 |
+ mei_cli_disconnect->host_addr = cl->host_client_id; |
301 |
+ mei_cli_disconnect->me_addr = cl->me_client_id; |
302 |
+ mei_cli_disconnect->cmd.cmd = CLIENT_DISCONNECT_REQ_CMD; |
303 |
diff -urNp linux-3.1.1/drivers/staging/octeon/ethernet.c linux-3.1.1/drivers/staging/octeon/ethernet.c |
304 |
--- linux-3.1.1/drivers/staging/octeon/ethernet.c 2011-11-11 15:19:27.000000000 -0500 |
305 |
+++ linux-3.1.1/drivers/staging/octeon/ethernet.c 2011-11-16 18:39:07.000000000 -0500 |
306 |
@@ -40501,7 +40483,7 @@ diff -urNp linux-3.1.1/fs/btrfs/ctree.c linux-3.1.1/fs/btrfs/ctree.c |
307 |
WARN_ON(trans->transid != btrfs_header_generation(parent)); |
308 |
diff -urNp linux-3.1.1/fs/btrfs/inode.c linux-3.1.1/fs/btrfs/inode.c |
309 |
--- linux-3.1.1/fs/btrfs/inode.c 2011-11-11 15:19:27.000000000 -0500 |
310 |
-+++ linux-3.1.1/fs/btrfs/inode.c 2011-11-16 18:40:29.000000000 -0500 |
311 |
++++ linux-3.1.1/fs/btrfs/inode.c 2011-11-17 18:12:11.000000000 -0500 |
312 |
@@ -6922,7 +6922,7 @@ fail: |
313 |
return -ENOMEM; |
314 |
} |
315 |
@@ -40519,7 +40501,7 @@ diff -urNp linux-3.1.1/fs/btrfs/inode.c linux-3.1.1/fs/btrfs/inode.c |
316 |
+ |
317 |
+dev_t get_btrfs_dev_from_inode(struct inode *inode) |
318 |
+{ |
319 |
-+ return BTRFS_I(inode)->root->anon_super.s_dev; |
320 |
++ return BTRFS_I(inode)->root->anon_dev; |
321 |
+} |
322 |
+EXPORT_SYMBOL(get_btrfs_dev_from_inode); |
323 |
+ |
324 |
@@ -41341,7 +41323,7 @@ diff -urNp linux-3.1.1/fs/ecryptfs/read_write.c linux-3.1.1/fs/ecryptfs/read_wri |
325 |
} |
326 |
diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
327 |
--- linux-3.1.1/fs/exec.c 2011-11-11 15:19:27.000000000 -0500 |
328 |
-+++ linux-3.1.1/fs/exec.c 2011-11-16 23:41:58.000000000 -0500 |
329 |
++++ linux-3.1.1/fs/exec.c 2011-11-17 18:40:47.000000000 -0500 |
330 |
@@ -55,12 +55,24 @@ |
331 |
#include <linux/pipe_fs_i.h> |
332 |
#include <linux/oom.h> |
333 |
@@ -41694,7 +41676,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
334 |
cn->corename = kmalloc(cn->size, GFP_KERNEL); |
335 |
cn->used = 0; |
336 |
|
337 |
-@@ -1816,6 +1889,219 @@ out: |
338 |
+@@ -1816,6 +1889,218 @@ out: |
339 |
return ispipe; |
340 |
} |
341 |
|
342 |
@@ -41885,7 +41867,6 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
343 |
+#endif |
344 |
+} |
345 |
+ |
346 |
-+ |
347 |
+NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) |
348 |
+{ |
349 |
+ if (current->signal->curr_ip) |
350 |
@@ -41914,7 +41895,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
351 |
static int zap_process(struct task_struct *start, int exit_code) |
352 |
{ |
353 |
struct task_struct *t; |
354 |
-@@ -2027,17 +2313,17 @@ static void wait_for_dump_helpers(struct |
355 |
+@@ -2027,17 +2312,17 @@ static void wait_for_dump_helpers(struct |
356 |
pipe = file->f_path.dentry->d_inode->i_pipe; |
357 |
|
358 |
pipe_lock(pipe); |
359 |
@@ -41937,7 +41918,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
360 |
pipe_unlock(pipe); |
361 |
|
362 |
} |
363 |
-@@ -2098,7 +2384,7 @@ void do_coredump(long signr, int exit_co |
364 |
+@@ -2098,7 +2383,7 @@ void do_coredump(long signr, int exit_co |
365 |
int retval = 0; |
366 |
int flag = 0; |
367 |
int ispipe; |
368 |
@@ -41946,7 +41927,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
369 |
struct coredump_params cprm = { |
370 |
.signr = signr, |
371 |
.regs = regs, |
372 |
-@@ -2113,6 +2399,9 @@ void do_coredump(long signr, int exit_co |
373 |
+@@ -2113,6 +2398,9 @@ void do_coredump(long signr, int exit_co |
374 |
|
375 |
audit_core_dumps(signr); |
376 |
|
377 |
@@ -41956,7 +41937,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
378 |
binfmt = mm->binfmt; |
379 |
if (!binfmt || !binfmt->core_dump) |
380 |
goto fail; |
381 |
-@@ -2180,7 +2469,7 @@ void do_coredump(long signr, int exit_co |
382 |
+@@ -2180,7 +2468,7 @@ void do_coredump(long signr, int exit_co |
383 |
} |
384 |
cprm.limit = RLIM_INFINITY; |
385 |
|
386 |
@@ -41965,7 +41946,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
387 |
if (core_pipe_limit && (core_pipe_limit < dump_count)) { |
388 |
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", |
389 |
task_tgid_vnr(current), current->comm); |
390 |
-@@ -2207,6 +2496,8 @@ void do_coredump(long signr, int exit_co |
391 |
+@@ -2207,6 +2495,8 @@ void do_coredump(long signr, int exit_co |
392 |
} else { |
393 |
struct inode *inode; |
394 |
|
395 |
@@ -41974,7 +41955,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
396 |
if (cprm.limit < binfmt->min_coredump) |
397 |
goto fail_unlock; |
398 |
|
399 |
-@@ -2250,7 +2541,7 @@ close_fail: |
400 |
+@@ -2250,7 +2540,7 @@ close_fail: |
401 |
filp_close(cprm.file, NULL); |
402 |
fail_dropcount: |
403 |
if (ispipe) |
404 |
@@ -41983,7 +41964,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c |
405 |
fail_unlock: |
406 |
kfree(cn.corename); |
407 |
fail_corename: |
408 |
-@@ -2269,7 +2560,7 @@ fail: |
409 |
+@@ -2269,7 +2559,7 @@ fail: |
410 |
*/ |
411 |
int dump_write(struct file *file, const void *addr, int nr) |
412 |
{ |
413 |
@@ -45059,7 +45040,7 @@ diff -urNp linux-3.1.1/fs/ocfs2/symlink.c linux-3.1.1/fs/ocfs2/symlink.c |
414 |
} |
415 |
diff -urNp linux-3.1.1/fs/open.c linux-3.1.1/fs/open.c |
416 |
--- linux-3.1.1/fs/open.c 2011-11-11 15:19:27.000000000 -0500 |
417 |
-+++ linux-3.1.1/fs/open.c 2011-11-16 23:40:57.000000000 -0500 |
418 |
++++ linux-3.1.1/fs/open.c 2011-11-17 19:07:55.000000000 -0500 |
419 |
@@ -112,6 +112,10 @@ static long do_sys_truncate(const char _ |
420 |
error = locks_verify_truncate(inode, NULL, length); |
421 |
if (!error) |
422 |
@@ -45145,28 +45126,10 @@ diff -urNp linux-3.1.1/fs/open.c linux-3.1.1/fs/open.c |
423 |
newattrs.ia_valid = ATTR_CTIME; |
424 |
if (user != (uid_t) -1) { |
425 |
newattrs.ia_valid |= ATTR_UID; |
426 |
-@@ -976,7 +1011,8 @@ long do_sys_open(int dfd, const char __u |
427 |
- if (!IS_ERR(tmp)) { |
428 |
- fd = get_unused_fd_flags(flags); |
429 |
- if (fd >= 0) { |
430 |
-- struct file *f = do_filp_open(dfd, tmp, &op, lookup); |
431 |
-+ struct file *f; |
432 |
-+ f = do_filp_open(dfd, tmp, &op, lookup); |
433 |
- if (IS_ERR(f)) { |
434 |
- put_unused_fd(fd); |
435 |
- fd = PTR_ERR(f); |
436 |
diff -urNp linux-3.1.1/fs/partitions/ldm.c linux-3.1.1/fs/partitions/ldm.c |
437 |
--- linux-3.1.1/fs/partitions/ldm.c 2011-11-11 15:19:27.000000000 -0500 |
438 |
-+++ linux-3.1.1/fs/partitions/ldm.c 2011-11-16 18:40:29.000000000 -0500 |
439 |
-@@ -1311,6 +1311,7 @@ static bool ldm_frag_add (const u8 *data |
440 |
- ldm_error ("A VBLK claims to have %d parts.", num); |
441 |
- return false; |
442 |
- } |
443 |
-+ |
444 |
- if (rec >= num) { |
445 |
- ldm_error("REC value (%d) exceeds NUM value (%d)", rec, num); |
446 |
- return false; |
447 |
-@@ -1322,7 +1323,7 @@ static bool ldm_frag_add (const u8 *data |
448 |
++++ linux-3.1.1/fs/partitions/ldm.c 2011-11-17 19:08:15.000000000 -0500 |
449 |
+@@ -1322,7 +1322,7 @@ static bool ldm_frag_add (const u8 *data |
450 |
goto found; |
451 |
} |
452 |
|
453 |
@@ -45303,7 +45266,7 @@ diff -urNp linux-3.1.1/fs/pipe.c linux-3.1.1/fs/pipe.c |
454 |
/* |
455 |
diff -urNp linux-3.1.1/fs/proc/array.c linux-3.1.1/fs/proc/array.c |
456 |
--- linux-3.1.1/fs/proc/array.c 2011-11-11 15:19:27.000000000 -0500 |
457 |
-+++ linux-3.1.1/fs/proc/array.c 2011-11-16 18:40:29.000000000 -0500 |
458 |
++++ linux-3.1.1/fs/proc/array.c 2011-11-17 18:42:02.000000000 -0500 |
459 |
@@ -60,6 +60,7 @@ |
460 |
#include <linux/tty.h> |
461 |
#include <linux/string.h> |
462 |
@@ -45359,12 +45322,8 @@ diff -urNp linux-3.1.1/fs/proc/array.c linux-3.1.1/fs/proc/array.c |
463 |
static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
464 |
struct pid *pid, struct task_struct *task, int whole) |
465 |
{ |
466 |
-@@ -375,9 +406,11 @@ static int do_task_stat(struct seq_file |
467 |
- cputime_t cutime, cstime, utime, stime; |
468 |
- cputime_t cgtime, gtime; |
469 |
- unsigned long rsslim = 0; |
470 |
-- char tcomm[sizeof(task->comm)]; |
471 |
-+ char tcomm[sizeof(task->comm)] = { 0 }; |
472 |
+@@ -378,6 +409,8 @@ static int do_task_stat(struct seq_file |
473 |
+ char tcomm[sizeof(task->comm)]; |
474 |
unsigned long flags; |
475 |
|
476 |
+ pax_track_stack(); |
477 |
@@ -45429,7 +45388,7 @@ diff -urNp linux-3.1.1/fs/proc/array.c linux-3.1.1/fs/proc/array.c |
478 |
+#endif |
479 |
diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
480 |
--- linux-3.1.1/fs/proc/base.c 2011-11-11 15:19:27.000000000 -0500 |
481 |
-+++ linux-3.1.1/fs/proc/base.c 2011-11-16 19:25:48.000000000 -0500 |
482 |
++++ linux-3.1.1/fs/proc/base.c 2011-11-17 18:43:19.000000000 -0500 |
483 |
@@ -107,6 +107,22 @@ struct pid_entry { |
484 |
union proc_op op; |
485 |
}; |
486 |
@@ -45645,12 +45604,12 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
487 |
+#else |
488 |
stat->gid = cred->egid; |
489 |
+#endif |
490 |
-+ } |
491 |
+ } |
492 |
+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) |
493 |
+ } else { |
494 |
+ rcu_read_unlock(); |
495 |
+ return -ENOENT; |
496 |
- } |
497 |
++ } |
498 |
+#endif |
499 |
} |
500 |
rcu_read_unlock(); |
501 |
@@ -45739,15 +45698,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
502 |
if (!IS_ERR(s)) |
503 |
__putname(s); |
504 |
} |
505 |
-@@ -2663,6 +2778,7 @@ static struct dentry *proc_base_instanti |
506 |
- if (p->fop) |
507 |
- inode->i_fop = p->fop; |
508 |
- ei->op = p->op; |
509 |
-+ |
510 |
- d_add(dentry, inode); |
511 |
- error = NULL; |
512 |
- out: |
513 |
-@@ -2802,7 +2918,7 @@ static const struct pid_entry tgid_base_ |
514 |
+@@ -2802,7 +2917,7 @@ static const struct pid_entry tgid_base_ |
515 |
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), |
516 |
#endif |
517 |
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
518 |
@@ -45756,7 +45707,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
519 |
INF("syscall", S_IRUGO, proc_pid_syscall), |
520 |
#endif |
521 |
INF("cmdline", S_IRUGO, proc_pid_cmdline), |
522 |
-@@ -2827,10 +2943,10 @@ static const struct pid_entry tgid_base_ |
523 |
+@@ -2827,10 +2942,10 @@ static const struct pid_entry tgid_base_ |
524 |
#ifdef CONFIG_SECURITY |
525 |
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), |
526 |
#endif |
527 |
@@ -45769,7 +45720,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
528 |
ONE("stack", S_IRUGO, proc_pid_stack), |
529 |
#endif |
530 |
#ifdef CONFIG_SCHEDSTATS |
531 |
-@@ -2864,6 +2980,9 @@ static const struct pid_entry tgid_base_ |
532 |
+@@ -2864,6 +2979,9 @@ static const struct pid_entry tgid_base_ |
533 |
#ifdef CONFIG_HARDWALL |
534 |
INF("hardwall", S_IRUGO, proc_pid_hardwall), |
535 |
#endif |
536 |
@@ -45779,7 +45730,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
537 |
}; |
538 |
|
539 |
static int proc_tgid_base_readdir(struct file * filp, |
540 |
-@@ -2989,7 +3108,14 @@ static struct dentry *proc_pid_instantia |
541 |
+@@ -2989,7 +3107,14 @@ static struct dentry *proc_pid_instantia |
542 |
if (!inode) |
543 |
goto out; |
544 |
|
545 |
@@ -45794,7 +45745,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
546 |
inode->i_op = &proc_tgid_base_inode_operations; |
547 |
inode->i_fop = &proc_tgid_base_operations; |
548 |
inode->i_flags|=S_IMMUTABLE; |
549 |
-@@ -3031,7 +3157,14 @@ struct dentry *proc_pid_lookup(struct in |
550 |
+@@ -3031,7 +3156,14 @@ struct dentry *proc_pid_lookup(struct in |
551 |
if (!task) |
552 |
goto out; |
553 |
|
554 |
@@ -45809,7 +45760,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
555 |
put_task_struct(task); |
556 |
out: |
557 |
return result; |
558 |
-@@ -3096,6 +3229,11 @@ int proc_pid_readdir(struct file * filp, |
559 |
+@@ -3096,6 +3228,11 @@ int proc_pid_readdir(struct file * filp, |
560 |
{ |
561 |
unsigned int nr; |
562 |
struct task_struct *reaper; |
563 |
@@ -45821,7 +45772,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
564 |
struct tgid_iter iter; |
565 |
struct pid_namespace *ns; |
566 |
|
567 |
-@@ -3119,8 +3257,27 @@ int proc_pid_readdir(struct file * filp, |
568 |
+@@ -3119,8 +3256,27 @@ int proc_pid_readdir(struct file * filp, |
569 |
for (iter = next_tgid(ns, iter); |
570 |
iter.task; |
571 |
iter.tgid += 1, iter = next_tgid(ns, iter)) { |
572 |
@@ -45850,7 +45801,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
573 |
put_task_struct(iter.task); |
574 |
goto out; |
575 |
} |
576 |
-@@ -3148,7 +3305,7 @@ static const struct pid_entry tid_base_s |
577 |
+@@ -3148,7 +3304,7 @@ static const struct pid_entry tid_base_s |
578 |
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), |
579 |
#endif |
580 |
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
581 |
@@ -45859,7 +45810,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c |
582 |
INF("syscall", S_IRUGO, proc_pid_syscall), |
583 |
#endif |
584 |
INF("cmdline", S_IRUGO, proc_pid_cmdline), |
585 |
-@@ -3172,10 +3329,10 @@ static const struct pid_entry tid_base_s |
586 |
+@@ -3172,10 +3328,10 @@ static const struct pid_entry tid_base_s |
587 |
#ifdef CONFIG_SECURITY |
588 |
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), |
589 |
#endif |
590 |
@@ -61025,15 +60976,16 @@ diff -urNp linux-3.1.1/include/media/v4l2-dev.h linux-3.1.1/include/media/v4l2-d |
591 |
* Newer version of video_device, handled by videodev2.c |
592 |
diff -urNp linux-3.1.1/include/media/v4l2-ioctl.h linux-3.1.1/include/media/v4l2-ioctl.h |
593 |
--- linux-3.1.1/include/media/v4l2-ioctl.h 2011-11-11 15:19:27.000000000 -0500 |
594 |
-+++ linux-3.1.1/include/media/v4l2-ioctl.h 2011-11-16 18:40:44.000000000 -0500 |
595 |
-@@ -272,6 +272,7 @@ struct v4l2_ioctl_ops { |
596 |
++++ linux-3.1.1/include/media/v4l2-ioctl.h 2011-11-17 18:44:20.000000000 -0500 |
597 |
+@@ -272,7 +272,7 @@ struct v4l2_ioctl_ops { |
598 |
long (*vidioc_default) (struct file *file, void *fh, |
599 |
bool valid_prio, int cmd, void *arg); |
600 |
}; |
601 |
+- |
602 |
+typedef struct v4l2_ioctl_ops __no_const v4l2_ioctl_ops_no_const; |
603 |
|
604 |
- |
605 |
/* v4l debugging and diagnostics */ |
606 |
+ |
607 |
diff -urNp linux-3.1.1/include/net/caif/caif_hsi.h linux-3.1.1/include/net/caif/caif_hsi.h |
608 |
--- linux-3.1.1/include/net/caif/caif_hsi.h 2011-11-11 15:19:27.000000000 -0500 |
609 |
+++ linux-3.1.1/include/net/caif/caif_hsi.h 2011-11-16 18:39:08.000000000 -0500 |
610 |
@@ -66967,7 +66919,7 @@ diff -urNp linux-3.1.1/localversion-grsec linux-3.1.1/localversion-grsec |
611 |
+-grsec |
612 |
diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
613 |
--- linux-3.1.1/Makefile 2011-11-11 15:19:27.000000000 -0500 |
614 |
-+++ linux-3.1.1/Makefile 2011-11-16 18:45:38.000000000 -0500 |
615 |
++++ linux-3.1.1/Makefile 2011-11-17 18:56:01.000000000 -0500 |
616 |
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" |
617 |
|
618 |
HOSTCC = gcc |
619 |
@@ -66975,25 +66927,12 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
620 |
-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer |
621 |
-HOSTCXXFLAGS = -O2 |
622 |
+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks |
623 |
-+HOSTCFLAGS += $(call cc-option, -Wno-empty-body) |
624 |
-+HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks |
625 |
++HOSTCLFAGS += $(call cc-option, -Wno-empty-body) |
626 |
++HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks |
627 |
|
628 |
# Decide whether to build built-in, modular, or both. |
629 |
# Normally, just do built-in. |
630 |
-@@ -365,10 +366,12 @@ LINUXINCLUDE := -I$(srctree)/arch/$(h |
631 |
- KBUILD_CPPFLAGS := -D__KERNEL__ |
632 |
- |
633 |
- KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ |
634 |
-+ -W -Wno-unused-parameter -Wno-missing-field-initializers \ |
635 |
- -fno-strict-aliasing -fno-common \ |
636 |
- -Werror-implicit-function-declaration \ |
637 |
- -Wno-format-security \ |
638 |
- -fno-delete-null-pointer-checks |
639 |
-+KBUILD_CFLAGS += $(call cc-option, -Wno-empty-body) |
640 |
- KBUILD_AFLAGS_KERNEL := |
641 |
- KBUILD_CFLAGS_KERNEL := |
642 |
- KBUILD_AFLAGS := -D__ASSEMBLY__ |
643 |
-@@ -407,8 +410,8 @@ export RCS_TAR_IGNORE := --exclude SCCS |
644 |
+@@ -407,8 +408,8 @@ export RCS_TAR_IGNORE := --exclude SCCS |
645 |
# Rules shared between *config targets and build targets |
646 |
|
647 |
# Basic helpers built in scripts/ |
648 |
@@ -67004,7 +66943,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
649 |
$(Q)$(MAKE) $(build)=scripts/basic |
650 |
$(Q)rm -f .tmp_quiet_recordmcount |
651 |
|
652 |
-@@ -564,6 +567,37 @@ else |
653 |
+@@ -564,6 +565,37 @@ else |
654 |
KBUILD_CFLAGS += -O2 |
655 |
endif |
656 |
|
657 |
@@ -67036,13 +66975,13 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
658 |
+else |
659 |
+ $(Q)echo "warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least" |
660 |
+endif |
661 |
-+ $(Q)echo "PAX_MEMORY_STACKLEAK and constification will be less secure" |
662 |
++ $(Q)echo "PAX_MEMORY_STACKLEAK and other features will be less secure" |
663 |
+endif |
664 |
+ |
665 |
include $(srctree)/arch/$(SRCARCH)/Makefile |
666 |
|
667 |
ifneq ($(CONFIG_FRAME_WARN),0) |
668 |
-@@ -708,7 +742,7 @@ export mod_strip_cmd |
669 |
+@@ -708,7 +740,7 @@ export mod_strip_cmd |
670 |
|
671 |
|
672 |
ifeq ($(KBUILD_EXTMOD),) |
673 |
@@ -67051,7 +66990,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
674 |
|
675 |
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ |
676 |
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \ |
677 |
-@@ -932,6 +966,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai |
678 |
+@@ -932,6 +964,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai |
679 |
|
680 |
# The actual objects are generated when descending, |
681 |
# make sure no implicit rule kicks in |
682 |
@@ -67059,7 +66998,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
683 |
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; |
684 |
|
685 |
# Handle descending into subdirectories listed in $(vmlinux-dirs) |
686 |
-@@ -941,7 +976,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) |
687 |
+@@ -941,7 +974,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) |
688 |
# Error messages still appears in the original language |
689 |
|
690 |
PHONY += $(vmlinux-dirs) |
691 |
@@ -67068,7 +67007,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
692 |
$(Q)$(MAKE) $(build)=$@ |
693 |
|
694 |
# Store (new) KERNELRELASE string in include/config/kernel.release |
695 |
-@@ -986,6 +1021,7 @@ prepare0: archprepare FORCE |
696 |
+@@ -986,6 +1019,7 @@ prepare0: archprepare FORCE |
697 |
$(Q)$(MAKE) $(build)=. missing-syscalls |
698 |
|
699 |
# All the preparing.. |
700 |
@@ -67076,7 +67015,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
701 |
prepare: prepare0 |
702 |
|
703 |
# Generate some files |
704 |
-@@ -1087,6 +1123,7 @@ all: modules |
705 |
+@@ -1087,6 +1121,7 @@ all: modules |
706 |
# using awk while concatenating to the final file. |
707 |
|
708 |
PHONY += modules |
709 |
@@ -67084,7 +67023,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
710 |
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin |
711 |
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order |
712 |
@$(kecho) ' Building modules, stage 2.'; |
713 |
-@@ -1102,7 +1139,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu |
714 |
+@@ -1102,7 +1137,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu |
715 |
|
716 |
# Target to prepare building external modules |
717 |
PHONY += modules_prepare |
718 |
@@ -67093,7 +67032,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
719 |
|
720 |
# Target to install modules |
721 |
PHONY += modules_install |
722 |
-@@ -1198,7 +1235,7 @@ distclean: mrproper |
723 |
+@@ -1198,7 +1233,7 @@ distclean: mrproper |
724 |
@find $(srctree) $(RCS_FIND_IGNORE) \ |
725 |
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \ |
726 |
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ |
727 |
@@ -67102,7 +67041,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
728 |
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ |
729 |
-type f -print | xargs rm -f |
730 |
|
731 |
-@@ -1360,6 +1397,7 @@ PHONY += $(module-dirs) modules |
732 |
+@@ -1360,6 +1395,7 @@ PHONY += $(module-dirs) modules |
733 |
$(module-dirs): crmodverdir $(objtree)/Module.symvers |
734 |
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) |
735 |
|
736 |
@@ -67110,7 +67049,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
737 |
modules: $(module-dirs) |
738 |
@$(kecho) ' Building modules, stage 2.'; |
739 |
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost |
740 |
-@@ -1486,17 +1524,19 @@ else |
741 |
+@@ -1486,17 +1522,19 @@ else |
742 |
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) |
743 |
endif |
744 |
|
745 |
@@ -67134,7 +67073,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile |
746 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
747 |
%.symtypes: %.c prepare scripts FORCE |
748 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
749 |
-@@ -1506,11 +1546,13 @@ endif |
750 |
+@@ -1506,11 +1544,13 @@ endif |
751 |
$(cmd_crmodverdir) |
752 |
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ |
753 |
$(build)=$(build-dir) |
754 |
@@ -67330,16 +67269,21 @@ diff -urNp linux-3.1.1/mm/internal.h linux-3.1.1/mm/internal.h |
755 |
extern bool is_free_buddy_page(struct page *page); |
756 |
diff -urNp linux-3.1.1/mm/Kconfig linux-3.1.1/mm/Kconfig |
757 |
--- linux-3.1.1/mm/Kconfig 2011-11-11 15:19:27.000000000 -0500 |
758 |
-+++ linux-3.1.1/mm/Kconfig 2011-11-16 18:40:44.000000000 -0500 |
759 |
-@@ -240,7 +240,7 @@ config KSM |
760 |
++++ linux-3.1.1/mm/Kconfig 2011-11-17 18:57:00.000000000 -0500 |
761 |
+@@ -238,10 +238,10 @@ config KSM |
762 |
+ root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). |
763 |
+ |
764 |
config DEFAULT_MMAP_MIN_ADDR |
765 |
- int "Low address space to protect from user allocation" |
766 |
+- int "Low address space to protect from user allocation" |
767 |
++ int "Low address space to protect from user allocation" |
768 |
depends on MMU |
769 |
- default 4096 |
770 |
-+ default 65536 |
771 |
- help |
772 |
+- help |
773 |
++ default 65536 |
774 |
++ help |
775 |
This is the portion of low virtual memory which should be protected |
776 |
from userspace allocation. Keeping a user from writing to low pages |
777 |
+ can help reduce the impact of kernel NULL pointer bugs. |
778 |
diff -urNp linux-3.1.1/mm/kmemleak.c linux-3.1.1/mm/kmemleak.c |
779 |
--- linux-3.1.1/mm/kmemleak.c 2011-11-11 15:19:27.000000000 -0500 |
780 |
+++ linux-3.1.1/mm/kmemleak.c 2011-11-16 18:40:44.000000000 -0500 |
781 |
@@ -72519,7 +72463,7 @@ diff -urNp linux-3.1.1/net/ipv4/ping.c linux-3.1.1/net/ipv4/ping.c |
782 |
static int ping_seq_show(struct seq_file *seq, void *v) |
783 |
diff -urNp linux-3.1.1/net/ipv4/raw.c linux-3.1.1/net/ipv4/raw.c |
784 |
--- linux-3.1.1/net/ipv4/raw.c 2011-11-11 15:19:27.000000000 -0500 |
785 |
-+++ linux-3.1.1/net/ipv4/raw.c 2011-11-16 18:40:44.000000000 -0500 |
786 |
++++ linux-3.1.1/net/ipv4/raw.c 2011-11-17 18:58:40.000000000 -0500 |
787 |
@@ -302,7 +302,7 @@ static int raw_rcv_skb(struct sock * sk, |
788 |
int raw_rcv(struct sock *sk, struct sk_buff *skb) |
789 |
{ |
790 |
@@ -72551,19 +72495,18 @@ diff -urNp linux-3.1.1/net/ipv4/raw.c linux-3.1.1/net/ipv4/raw.c |
791 |
|
792 |
if (get_user(len, optlen)) |
793 |
goto out; |
794 |
-@@ -756,8 +760,9 @@ static int raw_geticmpfilter(struct sock |
795 |
+@@ -756,8 +760,8 @@ static int raw_geticmpfilter(struct sock |
796 |
if (len > sizeof(struct icmp_filter)) |
797 |
len = sizeof(struct icmp_filter); |
798 |
ret = -EFAULT; |
799 |
- if (put_user(len, optlen) || |
800 |
- copy_to_user(optval, &raw_sk(sk)->filter, len)) |
801 |
+ filter = raw_sk(sk)->filter; |
802 |
-+ if (put_user(len, optlen) || len > sizeof filter || |
803 |
-+ copy_to_user(optval, &filter, len)) |
804 |
++ if (put_user(len, optlen) || len > sizeof filter || copy_to_user(optval, &filter, len)) |
805 |
goto out; |
806 |
ret = 0; |
807 |
out: return ret; |
808 |
-@@ -985,7 +990,13 @@ static void raw_sock_seq_show(struct seq |
809 |
+@@ -985,7 +989,13 @@ static void raw_sock_seq_show(struct seq |
810 |
sk_wmem_alloc_get(sp), |
811 |
sk_rmem_alloc_get(sp), |
812 |
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), |
813 |
|
814 |
diff --git a/3.1.1/4422_grsec-mute-warnings.patch b/3.1.1/4422_grsec-mute-warnings.patch |
815 |
index fbca0bb..e85abd6 100644 |
816 |
--- a/3.1.1/4422_grsec-mute-warnings.patch |
817 |
+++ b/3.1.1/4422_grsec-mute-warnings.patch |
818 |
@@ -29,14 +29,15 @@ warning flags of vanilla kernel versions. |
819 |
Acked-by: Christian Heim <phreak@g.o> |
820 |
--- |
821 |
|
822 |
---- a/Makefile 2011-06-06 00:47:21.000000000 -0400 |
823 |
-+++ b/Makefile 2011-06-06 00:49:13.000000000 -0400 |
824 |
+--- a/Makefile 2011-11-18 17:50:11.000000000 -0500 |
825 |
++++ b/Makefile 2011-11-18 17:50:48.000000000 -0500 |
826 |
@@ -245,7 +245,7 @@ |
827 |
|
828 |
HOSTCC = gcc |
829 |
HOSTCXX = g++ |
830 |
-HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks |
831 |
-+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks |
832 |
- HOSTCFLAGS += $(call cc-option, -Wno-empty-body) |
833 |
- HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks |
834 |
++HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks |
835 |
+ HOSTCLFAGS += $(call cc-option, -Wno-empty-body) |
836 |
+ HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks |
837 |
+ |