Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.1.1/
Date: Fri, 18 Nov 2011 22:56:47
Message-Id: 8cfabd4a07eb6dd70deed8064c51ce937d31c5e0.blueness@gentoo
1 commit: 8cfabd4a07eb6dd70deed8064c51ce937d31c5e0
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Fri Nov 18 22:56:15 2011 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Fri Nov 18 22:56:15 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=8cfabd4a
7
8 Grsec/PaX: 2.2.2-3.1.1-201111171911
9
10 ---
11 3.1.1/0000_README | 2 +-
12 ...4420_grsecurity-2.2.2-3.1.1-201111171911.patch} | 293 ++++++++------------
13 3.1.1/4422_grsec-mute-warnings.patch | 11 +-
14 3 files changed, 125 insertions(+), 181 deletions(-)
15
16 diff --git a/3.1.1/0000_README b/3.1.1/0000_README
17 index debad5a..2f63187 100644
18 --- a/3.1.1/0000_README
19 +++ b/3.1.1/0000_README
20 @@ -3,7 +3,7 @@ README
21
22 Individual Patch Descriptions:
23 -----------------------------------------------------------------------------
24 -Patch: 4420_grsecurity-2.2.2-3.1.1-201111170037.patch
25 +Patch: 4420_grsecurity-2.2.2-3.1.1-201111171911.patch
26 From: http://www.grsecurity.net
27 Desc: hardened-sources base patch from upstream grsecurity
28
29
30 diff --git a/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111170037.patch b/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111171911.patch
31 similarity index 99%
32 rename from 3.1.1/4420_grsecurity-2.2.2-3.1.1-201111170037.patch
33 rename to 3.1.1/4420_grsecurity-2.2.2-3.1.1-201111171911.patch
34 index 4c833da..0a5ebc1 100644
35 --- a/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111170037.patch
36 +++ b/3.1.1/4420_grsecurity-2.2.2-3.1.1-201111171911.patch
37 @@ -5689,7 +5689,7 @@ diff -urNp linux-3.1.1/arch/x86/ia32/ia32_aout.c linux-3.1.1/arch/x86/ia32/ia32_
38 has_dumped = 1;
39 diff -urNp linux-3.1.1/arch/x86/ia32/ia32entry.S linux-3.1.1/arch/x86/ia32/ia32entry.S
40 --- linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-11 15:19:27.000000000 -0500
41 -+++ linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-16 18:40:08.000000000 -0500
42 ++++ linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-17 18:27:57.000000000 -0500
43 @@ -13,7 +13,9 @@
44 #include <asm/thread_info.h>
45 #include <asm/segment.h>
46 @@ -5721,11 +5721,11 @@ diff -urNp linux-3.1.1/arch/x86/ia32/ia32entry.S linux-3.1.1/arch/x86/ia32/ia32e
47 +#endif
48 + .endm
49 +
50 -+ .macro pax_erase_kstack
51 ++.macro pax_erase_kstack
52 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
53 + call pax_erase_kstack
54 +#endif
55 -+ .endm
56 ++.endm
57 +
58 /*
59 * 32bit SYSENTER instruction entry.
60 @@ -12370,7 +12370,7 @@ diff -urNp linux-3.1.1/arch/x86/kernel/entry_32.S linux-3.1.1/arch/x86/kernel/en
61 /*
62 diff -urNp linux-3.1.1/arch/x86/kernel/entry_64.S linux-3.1.1/arch/x86/kernel/entry_64.S
63 --- linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-11 15:19:27.000000000 -0500
64 -+++ linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-16 18:40:08.000000000 -0500
65 ++++ linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-17 18:28:56.000000000 -0500
66 @@ -55,6 +55,8 @@
67 #include <asm/paravirt.h>
68 #include <asm/ftrace.h>
69 @@ -12653,11 +12653,11 @@ diff -urNp linux-3.1.1/arch/x86/kernel/entry_64.S linux-3.1.1/arch/x86/kernel/en
70 +ENDPROC(pax_exit_kernel_user)
71 +#endif
72 +
73 -+ .macro pax_erase_kstack
74 ++.macro pax_erase_kstack
75 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
76 + call pax_erase_kstack
77 +#endif
78 -+ .endm
79 ++.endm
80 +
81 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
82 +/*
83 @@ -14811,7 +14811,7 @@ diff -urNp linux-3.1.1/arch/x86/kernel/module.c linux-3.1.1/arch/x86/kernel/modu
84 goto overflow;
85 diff -urNp linux-3.1.1/arch/x86/kernel/paravirt.c linux-3.1.1/arch/x86/kernel/paravirt.c
86 --- linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-11 15:19:27.000000000 -0500
87 -+++ linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-16 18:40:08.000000000 -0500
88 ++++ linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-17 18:29:42.000000000 -0500
89 @@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x)
90 {
91 return x;
92 @@ -14822,15 +14822,6 @@ diff -urNp linux-3.1.1/arch/x86/kernel/paravirt.c linux-3.1.1/arch/x86/kernel/pa
93
94 void __init default_banner(void)
95 {
96 -@@ -122,7 +125,7 @@ unsigned paravirt_patch_jmp(void *insnbu
97 - * corresponding structure. */
98 - static void *get_call_destination(u8 type)
99 - {
100 -- struct paravirt_patch_template tmpl = {
101 -+ const struct paravirt_patch_template tmpl = {
102 - .pv_init_ops = pv_init_ops,
103 - .pv_time_ops = pv_time_ops,
104 - .pv_cpu_ops = pv_cpu_ops,
105 @@ -133,6 +136,9 @@ static void *get_call_destination(u8 typ
106 .pv_lock_ops = pv_lock_ops,
107 #endif
108 @@ -19809,15 +19800,15 @@ diff -urNp linux-3.1.1/arch/x86/lib/usercopy_64.c linux-3.1.1/arch/x86/lib/userc
109 unsigned zero_len;
110 diff -urNp linux-3.1.1/arch/x86/Makefile linux-3.1.1/arch/x86/Makefile
111 --- linux-3.1.1/arch/x86/Makefile 2011-11-11 15:19:27.000000000 -0500
112 -+++ linux-3.1.1/arch/x86/Makefile 2011-11-16 18:40:08.000000000 -0500
113 -@@ -44,6 +44,7 @@ ifeq ($(CONFIG_X86_32),y)
114 - else
115 - BITS := 64
116 ++++ linux-3.1.1/arch/x86/Makefile 2011-11-17 18:30:30.000000000 -0500
117 +@@ -46,6 +46,7 @@ else
118 UTS_MACHINE := x86_64
119 -+ biarch := $(call cc-option,-m64)
120 CHECKFLAGS += -D__x86_64__ -m64
121
122 ++ biarch := $(call cc-option,-m64)
123 KBUILD_AFLAGS += -m64
124 + KBUILD_CFLAGS += -m64
125 +
126 @@ -195,3 +196,12 @@ define archhelp
127 echo ' FDARGS="..." arguments for the booted kernel'
128 echo ' FDINITRD=file initrd for the booted kernel'
129 @@ -21168,7 +21159,7 @@ diff -urNp linux-3.1.1/arch/x86/mm/init_64.c linux-3.1.1/arch/x86/mm/init_64.c
130 return "[vsyscall]";
131 diff -urNp linux-3.1.1/arch/x86/mm/init.c linux-3.1.1/arch/x86/mm/init.c
132 --- linux-3.1.1/arch/x86/mm/init.c 2011-11-11 15:19:27.000000000 -0500
133 -+++ linux-3.1.1/arch/x86/mm/init.c 2011-11-16 18:40:08.000000000 -0500
134 ++++ linux-3.1.1/arch/x86/mm/init.c 2011-11-17 18:31:28.000000000 -0500
135 @@ -31,7 +31,7 @@ int direct_gbpages
136 static void __init find_early_table_space(unsigned long end, int use_pse,
137 int use_gbpages)
138 @@ -21178,7 +21169,7 @@ diff -urNp linux-3.1.1/arch/x86/mm/init.c linux-3.1.1/arch/x86/mm/init.c
139 phys_addr_t base;
140
141 puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
142 -@@ -312,12 +312,34 @@ unsigned long __init_refok init_memory_m
143 +@@ -312,8 +312,29 @@ unsigned long __init_refok init_memory_m
144 */
145 int devmem_is_allowed(unsigned long pagenr)
146 {
147 @@ -21209,12 +21200,7 @@ diff -urNp linux-3.1.1/arch/x86/mm/init.c linux-3.1.1/arch/x86/mm/init.c
148 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
149 return 0;
150 if (!page_is_ram(pagenr))
151 - return 1;
152 -+
153 - return 0;
154 - }
155 -
156 -@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigne
157 +@@ -372,6 +393,86 @@ void free_init_pages(char *what, unsigne
158
159 void free_initmem(void)
160 {
161 @@ -25478,7 +25464,7 @@ diff -urNp linux-3.1.1/drivers/char/mbcs.c linux-3.1.1/drivers/char/mbcs.c
162 .mfg_num = MBCS_MFG_NUM,
163 diff -urNp linux-3.1.1/drivers/char/mem.c linux-3.1.1/drivers/char/mem.c
164 --- linux-3.1.1/drivers/char/mem.c 2011-11-11 15:19:27.000000000 -0500
165 -+++ linux-3.1.1/drivers/char/mem.c 2011-11-16 18:40:10.000000000 -0500
166 ++++ linux-3.1.1/drivers/char/mem.c 2011-11-17 18:31:56.000000000 -0500
167 @@ -18,6 +18,7 @@
168 #include <linux/raw.h>
169 #include <linux/tty.h>
170 @@ -25492,7 +25478,7 @@ diff -urNp linux-3.1.1/drivers/char/mem.c linux-3.1.1/drivers/char/mem.c
171 #endif
172
173 +#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
174 -+extern struct file_operations grsec_fops;
175 ++extern const struct file_operations grsec_fops;
176 +#endif
177 +
178 static inline unsigned long size_inside_page(unsigned long start,
179 @@ -29898,14 +29884,8 @@ diff -urNp linux-3.1.1/drivers/media/dvb/dvb-core/dvb_ca_en50221.c linux-3.1.1/d
180 /* Incoming packet has a 2 byte header. hdr[0] = slot_id, hdr[1] = connection_id */
181 diff -urNp linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h
182 --- linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-11 15:19:27.000000000 -0500
183 -+++ linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-16 18:40:10.000000000 -0500
184 -@@ -68,12 +68,12 @@ struct dvb_demux_feed {
185 - union {
186 - struct dmx_ts_feed ts;
187 - struct dmx_section_feed sec;
188 -- } feed;
189 -+ } __no_const feed;
190 -
191 ++++ linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-17 18:34:32.000000000 -0500
192 +@@ -73,7 +73,7 @@ struct dvb_demux_feed {
193 union {
194 dmx_ts_cb ts;
195 dmx_section_cb sec;
196 @@ -29950,18 +29930,6 @@ diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dib0700_core.c linux-3.1.1/driv
197 while ((ret = dvb_usb_get_hexline(fw, &hx, &pos)) > 0) {
198 deb_fwdata("writing to address 0x%08x (buffer: 0x%02x %02x)\n",
199 hx.addr, hx.len, hx.chk);
200 -diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h
201 ---- linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h 2011-11-11 15:19:27.000000000 -0500
202 -+++ linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h 2011-11-16 18:40:10.000000000 -0500
203 -@@ -97,7 +97,7 @@
204 - #define DIBUSB_IOCTL_CMD_DISABLE_STREAM 0x02
205 -
206 - struct dibusb_state {
207 -- struct dib_fe_xfer_ops ops;
208 -+ dib_fe_xfer_ops_no_const ops;
209 - int mt2060_present;
210 - u8 tuner_addr;
211 - };
212 diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c
213 --- linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c 2011-11-11 15:19:27.000000000 -0500
214 +++ linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c 2011-11-16 18:39:07.000000000 -0500
215 @@ -29996,32 +29964,16 @@ diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/lmedm04.c linux-3.1.1/drivers/m
216 info("FRM Firmware Cold Reset");
217 diff -urNp linux-3.1.1/drivers/media/dvb/frontends/dib3000.h linux-3.1.1/drivers/media/dvb/frontends/dib3000.h
218 --- linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-11 15:19:27.000000000 -0500
219 -+++ linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-16 18:40:10.000000000 -0500
220 -@@ -40,10 +40,11 @@ struct dib_fe_xfer_ops
221 ++++ linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-17 18:38:05.000000000 -0500
222 +@@ -39,7 +39,7 @@ struct dib_fe_xfer_ops
223 + int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
224 int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
225 int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
226 - };
227 -+typedef struct dib_fe_xfer_ops __no_const dib_fe_xfer_ops_no_const;
228 +-};
229 ++} __no_const;
230
231 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE))
232 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
233 -- struct i2c_adapter* i2c, struct dib_fe_xfer_ops *xfer_ops);
234 -+ struct i2c_adapter* i2c, dib_fe_xfer_ops_no_const *xfer_ops);
235 - #else
236 - static inline struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
237 - struct i2c_adapter* i2c, struct dib_fe_xfer_ops *xfer_ops)
238 -diff -urNp linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c
239 ---- linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c 2011-11-11 15:19:27.000000000 -0500
240 -+++ linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c 2011-11-16 18:40:10.000000000 -0500
241 -@@ -756,7 +756,7 @@ static int dib3000mb_tuner_pass_ctrl(str
242 - static struct dvb_frontend_ops dib3000mb_ops;
243 -
244 - struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
245 -- struct i2c_adapter* i2c, struct dib_fe_xfer_ops *xfer_ops)
246 -+ struct i2c_adapter* i2c, dib_fe_xfer_ops_no_const *xfer_ops)
247 - {
248 - struct dib3000_state* state = NULL;
249 -
250 diff -urNp linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c
251 --- linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c 2011-11-11 15:19:27.000000000 -0500
252 +++ linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c 2011-11-16 18:40:10.000000000 -0500
253 @@ -30177,7 +30129,7 @@ diff -urNp linux-3.1.1/drivers/media/video/saa7164/saa7164-cmd.c linux-3.1.1/dri
254 struct tmComResInfo tRsp = { 0, 0, 0, 0, 0, 0 };
255 diff -urNp linux-3.1.1/drivers/media/video/timblogiw.c linux-3.1.1/drivers/media/video/timblogiw.c
256 --- linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-11 15:19:27.000000000 -0500
257 -+++ linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-16 18:40:10.000000000 -0500
258 ++++ linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-17 18:36:32.000000000 -0500
259 @@ -744,7 +744,7 @@ static int timblogiw_mmap(struct file *f
260
261 /* Platform device functions */
262 @@ -30187,6 +30139,15 @@ diff -urNp linux-3.1.1/drivers/media/video/timblogiw.c linux-3.1.1/drivers/media
263 .vidioc_querycap = timblogiw_querycap,
264 .vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt,
265 .vidioc_g_fmt_vid_cap = timblogiw_g_fmt,
266 +@@ -766,7 +766,7 @@ static __devinitconst struct v4l2_ioctl_
267 + .vidioc_enum_framesizes = timblogiw_enum_framesizes,
268 + };
269 +
270 +-static __devinitconst struct v4l2_file_operations timblogiw_fops = {
271 ++static __devinitconst v4l2_file_operations_no_const timblogiw_fops = {
272 + .owner = THIS_MODULE,
273 + .open = timblogiw_open,
274 + .release = timblogiw_close,
275 diff -urNp linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c
276 --- linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c 2011-11-11 15:19:27.000000000 -0500
277 +++ linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c 2011-11-16 18:40:10.000000000 -0500
278 @@ -34962,6 +34923,27 @@ diff -urNp linux-3.1.1/drivers/staging/iio/ring_generic.h linux-3.1.1/drivers/st
279
280 struct iio_ring_setup_ops {
281 int (*preenable)(struct iio_dev *);
282 +diff -urNp linux-3.1.1/drivers/staging/mei/interface.c linux-3.1.1/drivers/staging/mei/interface.c
283 +--- linux-3.1.1/drivers/staging/mei/interface.c 2011-11-11 15:19:27.000000000 -0500
284 ++++ linux-3.1.1/drivers/staging/mei/interface.c 2011-11-17 18:39:18.000000000 -0500
285 +@@ -332,7 +332,7 @@ int mei_send_flow_control(struct mei_dev
286 + mei_hdr->reserved = 0;
287 +
288 + mei_flow_control = (struct hbm_flow_control *) &dev->wr_msg_buf[1];
289 +- memset(mei_flow_control, 0, sizeof(mei_flow_control));
290 ++ memset(mei_flow_control, 0, sizeof(*mei_flow_control));
291 + mei_flow_control->host_addr = cl->host_client_id;
292 + mei_flow_control->me_addr = cl->me_client_id;
293 + mei_flow_control->cmd.cmd = MEI_FLOW_CONTROL_CMD;
294 +@@ -396,7 +396,7 @@ int mei_disconnect(struct mei_device *de
295 +
296 + mei_cli_disconnect =
297 + (struct hbm_client_disconnect_request *) &dev->wr_msg_buf[1];
298 +- memset(mei_cli_disconnect, 0, sizeof(mei_cli_disconnect));
299 ++ memset(mei_cli_disconnect, 0, sizeof(*mei_cli_disconnect));
300 + mei_cli_disconnect->host_addr = cl->host_client_id;
301 + mei_cli_disconnect->me_addr = cl->me_client_id;
302 + mei_cli_disconnect->cmd.cmd = CLIENT_DISCONNECT_REQ_CMD;
303 diff -urNp linux-3.1.1/drivers/staging/octeon/ethernet.c linux-3.1.1/drivers/staging/octeon/ethernet.c
304 --- linux-3.1.1/drivers/staging/octeon/ethernet.c 2011-11-11 15:19:27.000000000 -0500
305 +++ linux-3.1.1/drivers/staging/octeon/ethernet.c 2011-11-16 18:39:07.000000000 -0500
306 @@ -40501,7 +40483,7 @@ diff -urNp linux-3.1.1/fs/btrfs/ctree.c linux-3.1.1/fs/btrfs/ctree.c
307 WARN_ON(trans->transid != btrfs_header_generation(parent));
308 diff -urNp linux-3.1.1/fs/btrfs/inode.c linux-3.1.1/fs/btrfs/inode.c
309 --- linux-3.1.1/fs/btrfs/inode.c 2011-11-11 15:19:27.000000000 -0500
310 -+++ linux-3.1.1/fs/btrfs/inode.c 2011-11-16 18:40:29.000000000 -0500
311 ++++ linux-3.1.1/fs/btrfs/inode.c 2011-11-17 18:12:11.000000000 -0500
312 @@ -6922,7 +6922,7 @@ fail:
313 return -ENOMEM;
314 }
315 @@ -40519,7 +40501,7 @@ diff -urNp linux-3.1.1/fs/btrfs/inode.c linux-3.1.1/fs/btrfs/inode.c
316 +
317 +dev_t get_btrfs_dev_from_inode(struct inode *inode)
318 +{
319 -+ return BTRFS_I(inode)->root->anon_super.s_dev;
320 ++ return BTRFS_I(inode)->root->anon_dev;
321 +}
322 +EXPORT_SYMBOL(get_btrfs_dev_from_inode);
323 +
324 @@ -41341,7 +41323,7 @@ diff -urNp linux-3.1.1/fs/ecryptfs/read_write.c linux-3.1.1/fs/ecryptfs/read_wri
325 }
326 diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
327 --- linux-3.1.1/fs/exec.c 2011-11-11 15:19:27.000000000 -0500
328 -+++ linux-3.1.1/fs/exec.c 2011-11-16 23:41:58.000000000 -0500
329 ++++ linux-3.1.1/fs/exec.c 2011-11-17 18:40:47.000000000 -0500
330 @@ -55,12 +55,24 @@
331 #include <linux/pipe_fs_i.h>
332 #include <linux/oom.h>
333 @@ -41694,7 +41676,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
334 cn->corename = kmalloc(cn->size, GFP_KERNEL);
335 cn->used = 0;
336
337 -@@ -1816,6 +1889,219 @@ out:
338 +@@ -1816,6 +1889,218 @@ out:
339 return ispipe;
340 }
341
342 @@ -41885,7 +41867,6 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
343 +#endif
344 +}
345 +
346 -+
347 +NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
348 +{
349 + if (current->signal->curr_ip)
350 @@ -41914,7 +41895,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
351 static int zap_process(struct task_struct *start, int exit_code)
352 {
353 struct task_struct *t;
354 -@@ -2027,17 +2313,17 @@ static void wait_for_dump_helpers(struct
355 +@@ -2027,17 +2312,17 @@ static void wait_for_dump_helpers(struct
356 pipe = file->f_path.dentry->d_inode->i_pipe;
357
358 pipe_lock(pipe);
359 @@ -41937,7 +41918,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
360 pipe_unlock(pipe);
361
362 }
363 -@@ -2098,7 +2384,7 @@ void do_coredump(long signr, int exit_co
364 +@@ -2098,7 +2383,7 @@ void do_coredump(long signr, int exit_co
365 int retval = 0;
366 int flag = 0;
367 int ispipe;
368 @@ -41946,7 +41927,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
369 struct coredump_params cprm = {
370 .signr = signr,
371 .regs = regs,
372 -@@ -2113,6 +2399,9 @@ void do_coredump(long signr, int exit_co
373 +@@ -2113,6 +2398,9 @@ void do_coredump(long signr, int exit_co
374
375 audit_core_dumps(signr);
376
377 @@ -41956,7 +41937,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
378 binfmt = mm->binfmt;
379 if (!binfmt || !binfmt->core_dump)
380 goto fail;
381 -@@ -2180,7 +2469,7 @@ void do_coredump(long signr, int exit_co
382 +@@ -2180,7 +2468,7 @@ void do_coredump(long signr, int exit_co
383 }
384 cprm.limit = RLIM_INFINITY;
385
386 @@ -41965,7 +41946,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
387 if (core_pipe_limit && (core_pipe_limit < dump_count)) {
388 printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
389 task_tgid_vnr(current), current->comm);
390 -@@ -2207,6 +2496,8 @@ void do_coredump(long signr, int exit_co
391 +@@ -2207,6 +2495,8 @@ void do_coredump(long signr, int exit_co
392 } else {
393 struct inode *inode;
394
395 @@ -41974,7 +41955,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
396 if (cprm.limit < binfmt->min_coredump)
397 goto fail_unlock;
398
399 -@@ -2250,7 +2541,7 @@ close_fail:
400 +@@ -2250,7 +2540,7 @@ close_fail:
401 filp_close(cprm.file, NULL);
402 fail_dropcount:
403 if (ispipe)
404 @@ -41983,7 +41964,7 @@ diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
405 fail_unlock:
406 kfree(cn.corename);
407 fail_corename:
408 -@@ -2269,7 +2560,7 @@ fail:
409 +@@ -2269,7 +2559,7 @@ fail:
410 */
411 int dump_write(struct file *file, const void *addr, int nr)
412 {
413 @@ -45059,7 +45040,7 @@ diff -urNp linux-3.1.1/fs/ocfs2/symlink.c linux-3.1.1/fs/ocfs2/symlink.c
414 }
415 diff -urNp linux-3.1.1/fs/open.c linux-3.1.1/fs/open.c
416 --- linux-3.1.1/fs/open.c 2011-11-11 15:19:27.000000000 -0500
417 -+++ linux-3.1.1/fs/open.c 2011-11-16 23:40:57.000000000 -0500
418 ++++ linux-3.1.1/fs/open.c 2011-11-17 19:07:55.000000000 -0500
419 @@ -112,6 +112,10 @@ static long do_sys_truncate(const char _
420 error = locks_verify_truncate(inode, NULL, length);
421 if (!error)
422 @@ -45145,28 +45126,10 @@ diff -urNp linux-3.1.1/fs/open.c linux-3.1.1/fs/open.c
423 newattrs.ia_valid = ATTR_CTIME;
424 if (user != (uid_t) -1) {
425 newattrs.ia_valid |= ATTR_UID;
426 -@@ -976,7 +1011,8 @@ long do_sys_open(int dfd, const char __u
427 - if (!IS_ERR(tmp)) {
428 - fd = get_unused_fd_flags(flags);
429 - if (fd >= 0) {
430 -- struct file *f = do_filp_open(dfd, tmp, &op, lookup);
431 -+ struct file *f;
432 -+ f = do_filp_open(dfd, tmp, &op, lookup);
433 - if (IS_ERR(f)) {
434 - put_unused_fd(fd);
435 - fd = PTR_ERR(f);
436 diff -urNp linux-3.1.1/fs/partitions/ldm.c linux-3.1.1/fs/partitions/ldm.c
437 --- linux-3.1.1/fs/partitions/ldm.c 2011-11-11 15:19:27.000000000 -0500
438 -+++ linux-3.1.1/fs/partitions/ldm.c 2011-11-16 18:40:29.000000000 -0500
439 -@@ -1311,6 +1311,7 @@ static bool ldm_frag_add (const u8 *data
440 - ldm_error ("A VBLK claims to have %d parts.", num);
441 - return false;
442 - }
443 -+
444 - if (rec >= num) {
445 - ldm_error("REC value (%d) exceeds NUM value (%d)", rec, num);
446 - return false;
447 -@@ -1322,7 +1323,7 @@ static bool ldm_frag_add (const u8 *data
448 ++++ linux-3.1.1/fs/partitions/ldm.c 2011-11-17 19:08:15.000000000 -0500
449 +@@ -1322,7 +1322,7 @@ static bool ldm_frag_add (const u8 *data
450 goto found;
451 }
452
453 @@ -45303,7 +45266,7 @@ diff -urNp linux-3.1.1/fs/pipe.c linux-3.1.1/fs/pipe.c
454 /*
455 diff -urNp linux-3.1.1/fs/proc/array.c linux-3.1.1/fs/proc/array.c
456 --- linux-3.1.1/fs/proc/array.c 2011-11-11 15:19:27.000000000 -0500
457 -+++ linux-3.1.1/fs/proc/array.c 2011-11-16 18:40:29.000000000 -0500
458 ++++ linux-3.1.1/fs/proc/array.c 2011-11-17 18:42:02.000000000 -0500
459 @@ -60,6 +60,7 @@
460 #include <linux/tty.h>
461 #include <linux/string.h>
462 @@ -45359,12 +45322,8 @@ diff -urNp linux-3.1.1/fs/proc/array.c linux-3.1.1/fs/proc/array.c
463 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
464 struct pid *pid, struct task_struct *task, int whole)
465 {
466 -@@ -375,9 +406,11 @@ static int do_task_stat(struct seq_file
467 - cputime_t cutime, cstime, utime, stime;
468 - cputime_t cgtime, gtime;
469 - unsigned long rsslim = 0;
470 -- char tcomm[sizeof(task->comm)];
471 -+ char tcomm[sizeof(task->comm)] = { 0 };
472 +@@ -378,6 +409,8 @@ static int do_task_stat(struct seq_file
473 + char tcomm[sizeof(task->comm)];
474 unsigned long flags;
475
476 + pax_track_stack();
477 @@ -45429,7 +45388,7 @@ diff -urNp linux-3.1.1/fs/proc/array.c linux-3.1.1/fs/proc/array.c
478 +#endif
479 diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
480 --- linux-3.1.1/fs/proc/base.c 2011-11-11 15:19:27.000000000 -0500
481 -+++ linux-3.1.1/fs/proc/base.c 2011-11-16 19:25:48.000000000 -0500
482 ++++ linux-3.1.1/fs/proc/base.c 2011-11-17 18:43:19.000000000 -0500
483 @@ -107,6 +107,22 @@ struct pid_entry {
484 union proc_op op;
485 };
486 @@ -45645,12 +45604,12 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
487 +#else
488 stat->gid = cred->egid;
489 +#endif
490 -+ }
491 + }
492 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
493 + } else {
494 + rcu_read_unlock();
495 + return -ENOENT;
496 - }
497 ++ }
498 +#endif
499 }
500 rcu_read_unlock();
501 @@ -45739,15 +45698,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
502 if (!IS_ERR(s))
503 __putname(s);
504 }
505 -@@ -2663,6 +2778,7 @@ static struct dentry *proc_base_instanti
506 - if (p->fop)
507 - inode->i_fop = p->fop;
508 - ei->op = p->op;
509 -+
510 - d_add(dentry, inode);
511 - error = NULL;
512 - out:
513 -@@ -2802,7 +2918,7 @@ static const struct pid_entry tgid_base_
514 +@@ -2802,7 +2917,7 @@ static const struct pid_entry tgid_base_
515 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
516 #endif
517 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
518 @@ -45756,7 +45707,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
519 INF("syscall", S_IRUGO, proc_pid_syscall),
520 #endif
521 INF("cmdline", S_IRUGO, proc_pid_cmdline),
522 -@@ -2827,10 +2943,10 @@ static const struct pid_entry tgid_base_
523 +@@ -2827,10 +2942,10 @@ static const struct pid_entry tgid_base_
524 #ifdef CONFIG_SECURITY
525 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
526 #endif
527 @@ -45769,7 +45720,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
528 ONE("stack", S_IRUGO, proc_pid_stack),
529 #endif
530 #ifdef CONFIG_SCHEDSTATS
531 -@@ -2864,6 +2980,9 @@ static const struct pid_entry tgid_base_
532 +@@ -2864,6 +2979,9 @@ static const struct pid_entry tgid_base_
533 #ifdef CONFIG_HARDWALL
534 INF("hardwall", S_IRUGO, proc_pid_hardwall),
535 #endif
536 @@ -45779,7 +45730,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
537 };
538
539 static int proc_tgid_base_readdir(struct file * filp,
540 -@@ -2989,7 +3108,14 @@ static struct dentry *proc_pid_instantia
541 +@@ -2989,7 +3107,14 @@ static struct dentry *proc_pid_instantia
542 if (!inode)
543 goto out;
544
545 @@ -45794,7 +45745,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
546 inode->i_op = &proc_tgid_base_inode_operations;
547 inode->i_fop = &proc_tgid_base_operations;
548 inode->i_flags|=S_IMMUTABLE;
549 -@@ -3031,7 +3157,14 @@ struct dentry *proc_pid_lookup(struct in
550 +@@ -3031,7 +3156,14 @@ struct dentry *proc_pid_lookup(struct in
551 if (!task)
552 goto out;
553
554 @@ -45809,7 +45760,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
555 put_task_struct(task);
556 out:
557 return result;
558 -@@ -3096,6 +3229,11 @@ int proc_pid_readdir(struct file * filp,
559 +@@ -3096,6 +3228,11 @@ int proc_pid_readdir(struct file * filp,
560 {
561 unsigned int nr;
562 struct task_struct *reaper;
563 @@ -45821,7 +45772,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
564 struct tgid_iter iter;
565 struct pid_namespace *ns;
566
567 -@@ -3119,8 +3257,27 @@ int proc_pid_readdir(struct file * filp,
568 +@@ -3119,8 +3256,27 @@ int proc_pid_readdir(struct file * filp,
569 for (iter = next_tgid(ns, iter);
570 iter.task;
571 iter.tgid += 1, iter = next_tgid(ns, iter)) {
572 @@ -45850,7 +45801,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
573 put_task_struct(iter.task);
574 goto out;
575 }
576 -@@ -3148,7 +3305,7 @@ static const struct pid_entry tid_base_s
577 +@@ -3148,7 +3304,7 @@ static const struct pid_entry tid_base_s
578 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
579 #endif
580 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
581 @@ -45859,7 +45810,7 @@ diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
582 INF("syscall", S_IRUGO, proc_pid_syscall),
583 #endif
584 INF("cmdline", S_IRUGO, proc_pid_cmdline),
585 -@@ -3172,10 +3329,10 @@ static const struct pid_entry tid_base_s
586 +@@ -3172,10 +3328,10 @@ static const struct pid_entry tid_base_s
587 #ifdef CONFIG_SECURITY
588 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
589 #endif
590 @@ -61025,15 +60976,16 @@ diff -urNp linux-3.1.1/include/media/v4l2-dev.h linux-3.1.1/include/media/v4l2-d
591 * Newer version of video_device, handled by videodev2.c
592 diff -urNp linux-3.1.1/include/media/v4l2-ioctl.h linux-3.1.1/include/media/v4l2-ioctl.h
593 --- linux-3.1.1/include/media/v4l2-ioctl.h 2011-11-11 15:19:27.000000000 -0500
594 -+++ linux-3.1.1/include/media/v4l2-ioctl.h 2011-11-16 18:40:44.000000000 -0500
595 -@@ -272,6 +272,7 @@ struct v4l2_ioctl_ops {
596 ++++ linux-3.1.1/include/media/v4l2-ioctl.h 2011-11-17 18:44:20.000000000 -0500
597 +@@ -272,7 +272,7 @@ struct v4l2_ioctl_ops {
598 long (*vidioc_default) (struct file *file, void *fh,
599 bool valid_prio, int cmd, void *arg);
600 };
601 +-
602 +typedef struct v4l2_ioctl_ops __no_const v4l2_ioctl_ops_no_const;
603
604 -
605 /* v4l debugging and diagnostics */
606 +
607 diff -urNp linux-3.1.1/include/net/caif/caif_hsi.h linux-3.1.1/include/net/caif/caif_hsi.h
608 --- linux-3.1.1/include/net/caif/caif_hsi.h 2011-11-11 15:19:27.000000000 -0500
609 +++ linux-3.1.1/include/net/caif/caif_hsi.h 2011-11-16 18:39:08.000000000 -0500
610 @@ -66967,7 +66919,7 @@ diff -urNp linux-3.1.1/localversion-grsec linux-3.1.1/localversion-grsec
611 +-grsec
612 diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
613 --- linux-3.1.1/Makefile 2011-11-11 15:19:27.000000000 -0500
614 -+++ linux-3.1.1/Makefile 2011-11-16 18:45:38.000000000 -0500
615 ++++ linux-3.1.1/Makefile 2011-11-17 18:56:01.000000000 -0500
616 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
617
618 HOSTCC = gcc
619 @@ -66975,25 +66927,12 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
620 -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
621 -HOSTCXXFLAGS = -O2
622 +HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
623 -+HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
624 -+HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
625 ++HOSTCLFAGS += $(call cc-option, -Wno-empty-body)
626 ++HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks
627
628 # Decide whether to build built-in, modular, or both.
629 # Normally, just do built-in.
630 -@@ -365,10 +366,12 @@ LINUXINCLUDE := -I$(srctree)/arch/$(h
631 - KBUILD_CPPFLAGS := -D__KERNEL__
632 -
633 - KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
634 -+ -W -Wno-unused-parameter -Wno-missing-field-initializers \
635 - -fno-strict-aliasing -fno-common \
636 - -Werror-implicit-function-declaration \
637 - -Wno-format-security \
638 - -fno-delete-null-pointer-checks
639 -+KBUILD_CFLAGS += $(call cc-option, -Wno-empty-body)
640 - KBUILD_AFLAGS_KERNEL :=
641 - KBUILD_CFLAGS_KERNEL :=
642 - KBUILD_AFLAGS := -D__ASSEMBLY__
643 -@@ -407,8 +410,8 @@ export RCS_TAR_IGNORE := --exclude SCCS
644 +@@ -407,8 +408,8 @@ export RCS_TAR_IGNORE := --exclude SCCS
645 # Rules shared between *config targets and build targets
646
647 # Basic helpers built in scripts/
648 @@ -67004,7 +66943,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
649 $(Q)$(MAKE) $(build)=scripts/basic
650 $(Q)rm -f .tmp_quiet_recordmcount
651
652 -@@ -564,6 +567,37 @@ else
653 +@@ -564,6 +565,37 @@ else
654 KBUILD_CFLAGS += -O2
655 endif
656
657 @@ -67036,13 +66975,13 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
658 +else
659 + $(Q)echo "warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least"
660 +endif
661 -+ $(Q)echo "PAX_MEMORY_STACKLEAK and constification will be less secure"
662 ++ $(Q)echo "PAX_MEMORY_STACKLEAK and other features will be less secure"
663 +endif
664 +
665 include $(srctree)/arch/$(SRCARCH)/Makefile
666
667 ifneq ($(CONFIG_FRAME_WARN),0)
668 -@@ -708,7 +742,7 @@ export mod_strip_cmd
669 +@@ -708,7 +740,7 @@ export mod_strip_cmd
670
671
672 ifeq ($(KBUILD_EXTMOD),)
673 @@ -67051,7 +66990,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
674
675 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
676 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
677 -@@ -932,6 +966,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
678 +@@ -932,6 +964,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-mai
679
680 # The actual objects are generated when descending,
681 # make sure no implicit rule kicks in
682 @@ -67059,7 +66998,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
683 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
684
685 # Handle descending into subdirectories listed in $(vmlinux-dirs)
686 -@@ -941,7 +976,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
687 +@@ -941,7 +974,7 @@ $(sort $(vmlinux-init) $(vmlinux-main))
688 # Error messages still appears in the original language
689
690 PHONY += $(vmlinux-dirs)
691 @@ -67068,7 +67007,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
692 $(Q)$(MAKE) $(build)=$@
693
694 # Store (new) KERNELRELASE string in include/config/kernel.release
695 -@@ -986,6 +1021,7 @@ prepare0: archprepare FORCE
696 +@@ -986,6 +1019,7 @@ prepare0: archprepare FORCE
697 $(Q)$(MAKE) $(build)=. missing-syscalls
698
699 # All the preparing..
700 @@ -67076,7 +67015,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
701 prepare: prepare0
702
703 # Generate some files
704 -@@ -1087,6 +1123,7 @@ all: modules
705 +@@ -1087,6 +1121,7 @@ all: modules
706 # using awk while concatenating to the final file.
707
708 PHONY += modules
709 @@ -67084,7 +67023,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
710 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
711 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
712 @$(kecho) ' Building modules, stage 2.';
713 -@@ -1102,7 +1139,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
714 +@@ -1102,7 +1137,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modu
715
716 # Target to prepare building external modules
717 PHONY += modules_prepare
718 @@ -67093,7 +67032,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
719
720 # Target to install modules
721 PHONY += modules_install
722 -@@ -1198,7 +1235,7 @@ distclean: mrproper
723 +@@ -1198,7 +1233,7 @@ distclean: mrproper
724 @find $(srctree) $(RCS_FIND_IGNORE) \
725 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
726 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
727 @@ -67102,7 +67041,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
728 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
729 -type f -print | xargs rm -f
730
731 -@@ -1360,6 +1397,7 @@ PHONY += $(module-dirs) modules
732 +@@ -1360,6 +1395,7 @@ PHONY += $(module-dirs) modules
733 $(module-dirs): crmodverdir $(objtree)/Module.symvers
734 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
735
736 @@ -67110,7 +67049,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
737 modules: $(module-dirs)
738 @$(kecho) ' Building modules, stage 2.';
739 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
740 -@@ -1486,17 +1524,19 @@ else
741 +@@ -1486,17 +1522,19 @@ else
742 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
743 endif
744
745 @@ -67134,7 +67073,7 @@ diff -urNp linux-3.1.1/Makefile linux-3.1.1/Makefile
746 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
747 %.symtypes: %.c prepare scripts FORCE
748 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
749 -@@ -1506,11 +1546,13 @@ endif
750 +@@ -1506,11 +1544,13 @@ endif
751 $(cmd_crmodverdir)
752 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
753 $(build)=$(build-dir)
754 @@ -67330,16 +67269,21 @@ diff -urNp linux-3.1.1/mm/internal.h linux-3.1.1/mm/internal.h
755 extern bool is_free_buddy_page(struct page *page);
756 diff -urNp linux-3.1.1/mm/Kconfig linux-3.1.1/mm/Kconfig
757 --- linux-3.1.1/mm/Kconfig 2011-11-11 15:19:27.000000000 -0500
758 -+++ linux-3.1.1/mm/Kconfig 2011-11-16 18:40:44.000000000 -0500
759 -@@ -240,7 +240,7 @@ config KSM
760 ++++ linux-3.1.1/mm/Kconfig 2011-11-17 18:57:00.000000000 -0500
761 +@@ -238,10 +238,10 @@ config KSM
762 + root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
763 +
764 config DEFAULT_MMAP_MIN_ADDR
765 - int "Low address space to protect from user allocation"
766 +- int "Low address space to protect from user allocation"
767 ++ int "Low address space to protect from user allocation"
768 depends on MMU
769 - default 4096
770 -+ default 65536
771 - help
772 +- help
773 ++ default 65536
774 ++ help
775 This is the portion of low virtual memory which should be protected
776 from userspace allocation. Keeping a user from writing to low pages
777 + can help reduce the impact of kernel NULL pointer bugs.
778 diff -urNp linux-3.1.1/mm/kmemleak.c linux-3.1.1/mm/kmemleak.c
779 --- linux-3.1.1/mm/kmemleak.c 2011-11-11 15:19:27.000000000 -0500
780 +++ linux-3.1.1/mm/kmemleak.c 2011-11-16 18:40:44.000000000 -0500
781 @@ -72519,7 +72463,7 @@ diff -urNp linux-3.1.1/net/ipv4/ping.c linux-3.1.1/net/ipv4/ping.c
782 static int ping_seq_show(struct seq_file *seq, void *v)
783 diff -urNp linux-3.1.1/net/ipv4/raw.c linux-3.1.1/net/ipv4/raw.c
784 --- linux-3.1.1/net/ipv4/raw.c 2011-11-11 15:19:27.000000000 -0500
785 -+++ linux-3.1.1/net/ipv4/raw.c 2011-11-16 18:40:44.000000000 -0500
786 ++++ linux-3.1.1/net/ipv4/raw.c 2011-11-17 18:58:40.000000000 -0500
787 @@ -302,7 +302,7 @@ static int raw_rcv_skb(struct sock * sk,
788 int raw_rcv(struct sock *sk, struct sk_buff *skb)
789 {
790 @@ -72551,19 +72495,18 @@ diff -urNp linux-3.1.1/net/ipv4/raw.c linux-3.1.1/net/ipv4/raw.c
791
792 if (get_user(len, optlen))
793 goto out;
794 -@@ -756,8 +760,9 @@ static int raw_geticmpfilter(struct sock
795 +@@ -756,8 +760,8 @@ static int raw_geticmpfilter(struct sock
796 if (len > sizeof(struct icmp_filter))
797 len = sizeof(struct icmp_filter);
798 ret = -EFAULT;
799 - if (put_user(len, optlen) ||
800 - copy_to_user(optval, &raw_sk(sk)->filter, len))
801 + filter = raw_sk(sk)->filter;
802 -+ if (put_user(len, optlen) || len > sizeof filter ||
803 -+ copy_to_user(optval, &filter, len))
804 ++ if (put_user(len, optlen) || len > sizeof filter || copy_to_user(optval, &filter, len))
805 goto out;
806 ret = 0;
807 out: return ret;
808 -@@ -985,7 +990,13 @@ static void raw_sock_seq_show(struct seq
809 +@@ -985,7 +989,13 @@ static void raw_sock_seq_show(struct seq
810 sk_wmem_alloc_get(sp),
811 sk_rmem_alloc_get(sp),
812 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
813
814 diff --git a/3.1.1/4422_grsec-mute-warnings.patch b/3.1.1/4422_grsec-mute-warnings.patch
815 index fbca0bb..e85abd6 100644
816 --- a/3.1.1/4422_grsec-mute-warnings.patch
817 +++ b/3.1.1/4422_grsec-mute-warnings.patch
818 @@ -29,14 +29,15 @@ warning flags of vanilla kernel versions.
819 Acked-by: Christian Heim <phreak@g.o>
820 ---
821
822 ---- a/Makefile 2011-06-06 00:47:21.000000000 -0400
823 -+++ b/Makefile 2011-06-06 00:49:13.000000000 -0400
824 +--- a/Makefile 2011-11-18 17:50:11.000000000 -0500
825 ++++ b/Makefile 2011-11-18 17:50:48.000000000 -0500
826 @@ -245,7 +245,7 @@
827
828 HOSTCC = gcc
829 HOSTCXX = g++
830 -HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
831 -+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-empty-body -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
832 - HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
833 - HOSTCXXFLAGS = -O2 -fno-delete-null-pointer-checks
834 ++HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
835 + HOSTCLFAGS += $(call cc-option, -Wno-empty-body)
836 + HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks
837 +
Report Message
Find on MARC Find on Google Groups