Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.5/, 4.5.6/
Date: Mon, 06 Jun 2016 14:21:05
Message-Id: 1465222945.713f3073603ed2b9ab0c16b36ad996bb8543cbef.blueness@gentoo
1 commit: 713f3073603ed2b9ab0c16b36ad996bb8543cbef
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Mon Jun 6 14:22:25 2016 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 6 14:22:25 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=713f3073
7
8 grsecurity-3.1-4.5.6-201606051644
9
10 {4.5.5 => 4.5.6}/0000_README | 2 +-
11 .../4420_grsecurity-3.1-4.5.6-201606051644.patch | 134 +++++++++++----------
12 {4.5.5 => 4.5.6}/4425_grsec_remove_EI_PAX.patch | 0
13 {4.5.5 => 4.5.6}/4427_force_XATTR_PAX_tmpfs.patch | 0
14 .../4430_grsec-remove-localversion-grsec.patch | 0
15 {4.5.5 => 4.5.6}/4435_grsec-mute-warnings.patch | 0
16 .../4440_grsec-remove-protected-paths.patch | 0
17 .../4450_grsec-kconfig-default-gids.patch | 0
18 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
19 {4.5.5 => 4.5.6}/4470_disable-compat_vdso.patch | 0
20 {4.5.5 => 4.5.6}/4475_emutramp_default_on.patch | 0
21 11 files changed, 71 insertions(+), 65 deletions(-)
22
23 diff --git a/4.5.5/0000_README b/4.5.6/0000_README
24 similarity index 96%
25 rename from 4.5.5/0000_README
26 rename to 4.5.6/0000_README
27 index 71dba33..48f38a5 100644
28 --- a/4.5.5/0000_README
29 +++ b/4.5.6/0000_README
30 @@ -2,7 +2,7 @@ README
31 -----------------------------------------------------------------------------
32 Individual Patch Descriptions:
33 -----------------------------------------------------------------------------
34 -Patch: 4420_grsecurity-3.1-4.5.5-201605291201.patch
35 +Patch: 4420_grsecurity-3.1-4.5.6-201606051644.patch
36 From: http://www.grsecurity.net
37 Desc: hardened-sources base patch from upstream grsecurity
38
39
40 diff --git a/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch b/4.5.6/4420_grsecurity-3.1-4.5.6-201606051644.patch
41 similarity index 99%
42 rename from 4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch
43 rename to 4.5.6/4420_grsecurity-3.1-4.5.6-201606051644.patch
44 index 1fb08ce..d2dfe90 100644
45 --- a/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch
46 +++ b/4.5.6/4420_grsecurity-3.1-4.5.6-201606051644.patch
47 @@ -408,7 +408,7 @@ index a93b414..f50a50b 100644
48
49 A toggle value indicating if modules are allowed to be loaded
50 diff --git a/Makefile b/Makefile
51 -index a23df41..db4f30b 100644
52 +index 07a1786..7f359da 100644
53 --- a/Makefile
54 +++ b/Makefile
55 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
56 @@ -456,7 +456,7 @@ index a23df41..db4f30b 100644
57 ifdef CONFIG_READABLE_ASM
58 # Disable optimizations that make assembler listings hard to read.
59 # reorder blocks reorders the control in the function
60 -@@ -714,7 +727,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
61 +@@ -715,7 +728,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
62 else
63 KBUILD_CFLAGS += -g
64 endif
65 @@ -465,7 +465,7 @@ index a23df41..db4f30b 100644
66 endif
67 ifdef CONFIG_DEBUG_INFO_DWARF4
68 KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
69 -@@ -886,7 +899,7 @@ export mod_sign_cmd
70 +@@ -887,7 +900,7 @@ export mod_sign_cmd
71
72
73 ifeq ($(KBUILD_EXTMOD),)
74 @@ -474,7 +474,7 @@ index a23df41..db4f30b 100644
75
76 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
77 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
78 -@@ -989,7 +1002,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
79 +@@ -990,7 +1003,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
80
81 archprepare: archheaders archscripts prepare1 scripts_basic
82
83 @@ -483,7 +483,7 @@ index a23df41..db4f30b 100644
84 $(Q)$(MAKE) $(build)=.
85
86 # All the preparing..
87 -@@ -1184,7 +1197,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
88 +@@ -1185,7 +1198,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
89 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
90 signing_key.pem signing_key.priv signing_key.x509 \
91 x509.genkey extra_certificates signing_key.x509.keyid \
92 @@ -496,7 +496,7 @@ index a23df41..db4f30b 100644
93
94 # clean - Delete most, but leave enough to build external modules
95 #
96 -@@ -1223,7 +1240,7 @@ distclean: mrproper
97 +@@ -1224,7 +1241,7 @@ distclean: mrproper
98 @find $(srctree) $(RCS_FIND_IGNORE) \
99 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
100 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
101 @@ -25822,7 +25822,7 @@ index 653f88d..11b6b78 100644
102 if (!insn.opcode.got)
103 return X86_BR_ABORT;
104 diff --git a/arch/x86/kernel/cpu/perf_event_intel_pt.c b/arch/x86/kernel/cpu/perf_event_intel_pt.c
105 -index c0bbd10..53a5dc6 100644
106 +index a5286d0..79c220a 100644
107 --- a/arch/x86/kernel/cpu/perf_event_intel_pt.c
108 +++ b/arch/x86/kernel/cpu/perf_event_intel_pt.c
109 @@ -133,14 +133,10 @@ static const struct attribute_group *pt_attr_groups[] = {
110 @@ -25890,7 +25890,7 @@ index c0bbd10..53a5dc6 100644
111 }
112
113 #define RTIT_CTL_CYC_PSB (RTIT_CTL_CYCLEACC | \
114 -@@ -997,7 +979,7 @@ static void pt_event_start(struct perf_event *event, int mode)
115 +@@ -999,7 +981,7 @@ static void pt_event_start(struct perf_event *event, int mode)
116 return;
117 }
118
119 @@ -25899,7 +25899,7 @@ index c0bbd10..53a5dc6 100644
120 event->hw.state = 0;
121
122 pt_config_buffer(buf->cur->table, buf->cur_idx,
123 -@@ -1013,7 +995,7 @@ static void pt_event_stop(struct perf_event *event, int mode)
124 +@@ -1015,7 +997,7 @@ static void pt_event_stop(struct perf_event *event, int mode)
125 * Protect against the PMI racing with disabling wrmsr,
126 * see comment in intel_pt_interrupt().
127 */
128 @@ -31435,7 +31435,7 @@ index dad5fe9..ce5f4ba 100644
129 .disable = native_disable_io_apic,
130 };
131 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
132 -index 6525e92..28559d2 100644
133 +index 2e1fd58..cc6d3d7 100644
134 --- a/arch/x86/kvm/cpuid.c
135 +++ b/arch/x86/kvm/cpuid.c
136 @@ -206,15 +206,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
137 @@ -31701,7 +31701,7 @@ index c13a64b..2075a7c 100644
138 .disabled_by_bios = is_disabled,
139 .hardware_setup = svm_hardware_setup,
140 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
141 -index 539062e..0aa69ab 100644
142 +index 60946a5..0ac3003 100644
143 --- a/arch/x86/kvm/vmx.c
144 +++ b/arch/x86/kvm/vmx.c
145 @@ -1575,14 +1575,14 @@ static __always_inline void vmcs_writel(unsigned long field, unsigned long value
146 @@ -39745,10 +39745,10 @@ index c68e724..e863008 100644
147 /* parse the table header to get the table length */
148 if (count <= sizeof(struct acpi_table_header))
149 diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c
150 -index cd2c3d6..2031a4a 100644
151 +index 993fd31..cc15d14 100644
152 --- a/drivers/acpi/device_pm.c
153 +++ b/drivers/acpi/device_pm.c
154 -@@ -1025,6 +1025,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
155 +@@ -1026,6 +1026,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
156
157 #endif /* CONFIG_PM_SLEEP */
158
159 @@ -39757,7 +39757,7 @@ index cd2c3d6..2031a4a 100644
160 static struct dev_pm_domain acpi_general_pm_domain = {
161 .ops = {
162 .runtime_suspend = acpi_subsys_runtime_suspend,
163 -@@ -1041,6 +1043,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
164 +@@ -1042,6 +1044,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
165 .restore_early = acpi_subsys_resume_early,
166 #endif
167 },
168 @@ -39765,7 +39765,7 @@ index cd2c3d6..2031a4a 100644
169 };
170
171 /**
172 -@@ -1118,7 +1121,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
173 +@@ -1119,7 +1122,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
174 acpi_device_wakeup(adev, ACPI_STATE_S0, false);
175 }
176
177 @@ -51059,10 +51059,10 @@ index 8adaaea..99dab8e 100644
178
179 void ir_ack_apic_edge(struct irq_data *data)
180 diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
181 -index 8f9ebf7..e614150 100644
182 +index eef9500..71f7183 100644
183 --- a/drivers/irqchip/irq-gic.c
184 +++ b/drivers/irqchip/irq-gic.c
185 -@@ -379,7 +379,7 @@ static void gic_handle_cascade_irq(struct irq_desc *desc)
186 +@@ -387,7 +387,7 @@ static void gic_handle_cascade_irq(struct irq_desc *desc)
187 chained_irq_exit(chip, desc);
188 }
189
190 @@ -58214,10 +58214,10 @@ index 1deb8ff..4e2b0c1 100644
191 struct bfin_can_priv *priv = netdev_priv(dev);
192 struct bfin_can_regs __iomem *reg = priv->membase;
193 diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
194 -index 141c2a4..ca734ed 100644
195 +index 910c12e..b9c005d 100644
196 --- a/drivers/net/can/dev.c
197 +++ b/drivers/net/can/dev.c
198 -@@ -961,7 +961,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
199 +@@ -1008,7 +1008,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
200 return -EOPNOTSUPP;
201 }
202
203 @@ -71818,7 +71818,7 @@ index 8c6e318..1c58581 100644
204 /* check if the device is still usable */
205 if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
206 diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
207 -index 00bc721..7a16d8a 100644
208 +index 9e5f893..2bf2da8 100644
209 --- a/drivers/scsi/scsi_sysfs.c
210 +++ b/drivers/scsi/scsi_sysfs.c
211 @@ -818,7 +818,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \
212 @@ -75713,7 +75713,7 @@ index 92982d7..758ecfe 100644
213 tty_port_tty_set(&ch->port, tty);
214 mutex_lock(&ch->port.mutex);
215 diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
216 -index c3fe026..66cd166 100644
217 +index 9aff371..2faef0d 100644
218 --- a/drivers/tty/n_gsm.c
219 +++ b/drivers/tty/n_gsm.c
220 @@ -1644,7 +1644,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
221 @@ -75725,7 +75725,7 @@ index c3fe026..66cd166 100644
222 kfree(dlci);
223 return NULL;
224 }
225 -@@ -2665,7 +2665,7 @@ static inline void muxnet_put(struct gsm_mux_net *mux_net)
226 +@@ -2667,7 +2667,7 @@ static inline void muxnet_put(struct gsm_mux_net *mux_net)
227 kref_put(&mux_net->ref, net_free);
228 }
229
230 @@ -75734,7 +75734,7 @@ index c3fe026..66cd166 100644
231 struct net_device *net)
232 {
233 struct gsm_mux_net *mux_net = netdev_priv(net);
234 -@@ -2957,7 +2957,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
235 +@@ -2959,7 +2959,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
236 struct gsm_dlci *dlci = tty->driver_data;
237 struct tty_port *port = &dlci->port;
238
239 @@ -75744,7 +75744,7 @@ index c3fe026..66cd166 100644
240
241 dlci->modem_rx = 0;
242 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
243 -index b280abaa..3ccd7d1 100644
244 +index c12def7..4f1303d 100644
245 --- a/drivers/tty/n_tty.c
246 +++ b/drivers/tty/n_tty.c
247 @@ -1515,7 +1515,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
248 @@ -75835,7 +75835,7 @@ index b280abaa..3ccd7d1 100644
249
250 n = min(count, room);
251 if (!n)
252 -@@ -2549,6 +2550,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
253 +@@ -2545,6 +2546,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
254 {
255 *ops = tty_ldisc_N_TTY;
256 ops->owner = NULL;
257 @@ -75845,10 +75845,10 @@ index b280abaa..3ccd7d1 100644
258 }
259 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
260 diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
261 -index 2348fa6..490e407 100644
262 +index 6427a39..4ee0796 100644
263 --- a/drivers/tty/pty.c
264 +++ b/drivers/tty/pty.c
265 -@@ -879,8 +879,10 @@ static void __init unix98_pty_init(void)
266 +@@ -877,8 +877,10 @@ static void __init unix98_pty_init(void)
267 panic("Couldn't register Unix98 pts driver");
268
269 /* Now create the /dev/ptmx special device */
270 @@ -75921,10 +75921,10 @@ index c9720a9..964f2d9 100644
271 if (share_irqs)
272 irqflag = IRQF_SHARED;
273 diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c
274 -index 7cd6f9a..d13ac0a 100644
275 +index c1d4a8f..a8e7167 100644
276 --- a/drivers/tty/serial/8250/8250_pci.c
277 +++ b/drivers/tty/serial/8250/8250_pci.c
278 -@@ -5656,7 +5656,7 @@ static struct pci_device_id serial_pci_tbl[] = {
279 +@@ -5659,7 +5659,7 @@ static struct pci_device_id serial_pci_tbl[] = {
280 };
281
282 static pci_ers_result_t serial8250_io_error_detected(struct pci_dev *dev,
283 @@ -76143,7 +76143,7 @@ index dcde955..920693f 100644
284 if (unlikely(line < 0 || line >= UART_NR))
285 return -ENXIO;
286 diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
287 -index d72cd73..aac0435 100644
288 +index 8320173..fd1160b 100644
289 --- a/drivers/tty/serial/samsung.c
290 +++ b/drivers/tty/serial/samsung.c
291 @@ -970,11 +970,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
292 @@ -96727,7 +96727,7 @@ index 3525ed7..ac8afb7 100644
293 }
294
295 diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
296 -index 42e1f44..017e7f6 100644
297 +index 8f38e33..90f716a 100644
298 --- a/fs/cifs/smb2pdu.c
299 +++ b/fs/cifs/smb2pdu.c
300 @@ -2388,8 +2388,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
301 @@ -122536,10 +122536,10 @@ index 0000000..39645c9
302 +}
303 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
304 new file mode 100644
305 -index 0000000..10f1617
306 +index 0000000..02c5a2b
307 --- /dev/null
308 +++ b/grsecurity/gracl_segv.c
309 -@@ -0,0 +1,304 @@
310 +@@ -0,0 +1,306 @@
311 +#include <linux/kernel.h>
312 +#include <linux/mm.h>
313 +#include <asm/uaccess.h>
314 @@ -122752,9 +122752,11 @@ index 0000000..10f1617
315 +
316 + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
317 + time_after(curr->expires, get_seconds())) {
318 ++ int is_priv = is_privileged_binary(task->mm->exe_file->f_path.dentry);
319 ++
320 + rcu_read_lock();
321 + cred = __task_cred(task);
322 -+ if (gr_is_global_nonroot(cred->uid) && is_privileged_binary(task->mm->exe_file->f_path.dentry)) {
323 ++ if (gr_is_global_nonroot(cred->uid) && is_priv) {
324 + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
325 + spin_lock(&gr_uid_lock);
326 + gr_insert_uid(cred->uid, curr->expires);
327 @@ -125147,10 +125149,10 @@ index 0000000..304c518
328 +}
329 diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c
330 new file mode 100644
331 -index 0000000..a2b8b8f
332 +index 0000000..f072c9d
333 --- /dev/null
334 +++ b/grsecurity/grsec_sig.c
335 -@@ -0,0 +1,245 @@
336 +@@ -0,0 +1,248 @@
337 +#include <linux/kernel.h>
338 +#include <linux/sched.h>
339 +#include <linux/fs.h>
340 @@ -125236,16 +125238,19 @@ index 0000000..a2b8b8f
341 +#ifdef CONFIG_GRKERNSEC_BRUTE
342 + struct task_struct *p = current;
343 + kuid_t uid = GLOBAL_ROOT_UID;
344 ++ int is_priv = 0;
345 + int daemon = 0;
346 +
347 + if (!grsec_enable_brute)
348 + return;
349 +
350 ++ if (is_privileged_binary(p->mm->exe_file->f_path.dentry))
351 ++ is_priv = 1;
352 ++
353 + rcu_read_lock();
354 + read_lock(&tasklist_lock);
355 + read_lock(&grsec_exec_file_lock);
356 -+ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file) &&
357 -+ !is_privileged_binary(p->mm->exe_file->f_path.dentry)) {
358 ++ if (!is_priv && p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file)) {
359 + p->real_parent->brute_expires = get_seconds() + GR_DAEMON_BRUTE_TIME;
360 + p->real_parent->brute = 1;
361 + daemon = 1;
362 @@ -126173,7 +126178,7 @@ index 0000000..61b514e
363 +EXPORT_SYMBOL_GPL(gr_log_timechange);
364 diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
365 new file mode 100644
366 -index 0000000..9786671
367 +index 0000000..cbd2776
368 --- /dev/null
369 +++ b/grsecurity/grsec_tpe.c
370 @@ -0,0 +1,78 @@
371 @@ -126221,7 +126226,7 @@ index 0000000..9786671
372 + msg2 = "file in non-root-owned directory";
373 + else if (inode->i_mode & S_IWOTH)
374 + msg2 = "file in world-writable directory";
375 -+ else if (inode->i_mode & S_IWGRP)
376 ++ else if ((inode->i_mode & S_IWGRP) && gr_is_global_nonroot_gid(inode->i_gid))
377 + msg2 = "file in group-writable directory";
378 + else if (file_inode->i_mode & S_IWOTH)
379 + msg2 = "file is world-writable";
380 @@ -126242,7 +126247,7 @@ index 0000000..9786671
381 + msg = "directory not owned by user";
382 + else if (inode->i_mode & S_IWOTH)
383 + msg = "file in world-writable directory";
384 -+ else if (inode->i_mode & S_IWGRP)
385 ++ else if ((inode->i_mode & S_IWGRP) && gr_is_global_nonroot_gid(inode->i_gid))
386 + msg = "file in group-writable directory";
387 + else if (file_inode->i_mode & S_IWOTH)
388 + msg = "file is world-writable";
389 @@ -133221,10 +133226,10 @@ index 04e8818..af85805 100644
390 /* shm_mode upper byte flags */
391 #define SHM_DEST 01000 /* segment will be destroyed on last detach */
392 diff --git a/include/linux/signal.h b/include/linux/signal.h
393 -index 92557bb..53fa513 100644
394 +index d80259a..41a639a 100644
395 --- a/include/linux/signal.h
396 +++ b/include/linux/signal.h
397 -@@ -288,7 +288,7 @@ static inline void allow_signal(int sig)
398 +@@ -303,7 +303,7 @@ static inline void allow_signal(int sig)
399 * know it'll be handled, so that they don't get converted to
400 * SIGKILL or just silently dropped.
401 */
402 @@ -134184,7 +134189,7 @@ index b4c2a48..0a13f65 100644
403
404 #endif /* _LINUX_THREAD_INFO_H */
405 diff --git a/include/linux/tty.h b/include/linux/tty.h
406 -index 19199c2..e16a361 100644
407 +index e5b996d..65cd286 100644
408 --- a/include/linux/tty.h
409 +++ b/include/linux/tty.h
410 @@ -225,7 +225,7 @@ struct tty_port {
411 @@ -134294,10 +134299,10 @@ index 3495578..f479218 100644
412 #ifndef user_access_begin
413 #define user_access_begin() do { } while (0)
414 diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
415 -index 0383552..a0125dd 100644
416 +index 0383552..595969a 100644
417 --- a/include/linux/uidgid.h
418 +++ b/include/linux/uidgid.h
419 -@@ -187,4 +187,9 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
420 +@@ -187,4 +187,10 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
421
422 #endif /* CONFIG_USER_NS */
423
424 @@ -134305,6 +134310,7 @@ index 0383552..a0125dd 100644
425 +#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x))
426 +#define gr_is_global_root(x) uid_eq((x), GLOBAL_ROOT_UID)
427 +#define gr_is_global_nonroot(x) (!uid_eq((x), GLOBAL_ROOT_UID))
428 ++#define gr_is_global_nonroot_gid(x) (!gid_eq((x), GLOBAL_ROOT_GID))
429 +
430 #endif /* _LINUX_UIDGID_H */
431 diff --git a/include/linux/uio_driver.h b/include/linux/uio_driver.h
432 @@ -134372,7 +134378,7 @@ index 99c1b4d..562e6f3 100644
433
434 static inline void put_unaligned_le16(u16 val, void *p)
435 diff --git a/include/linux/usb.h b/include/linux/usb.h
436 -index 89533ba..78c419a 100644
437 +index f3dbc21..a59a42a 100644
438 --- a/include/linux/usb.h
439 +++ b/include/linux/usb.h
440 @@ -367,7 +367,7 @@ struct usb_bus {
441 @@ -135825,7 +135831,7 @@ index 93d14da..734b3d8 100644
442 u8 qfull;
443 enum fc_lport_state state;
444 diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
445 -index ba93c0f..90acd4d 100644
446 +index a5d31f7..e5ee774 100644
447 --- a/include/scsi/scsi_device.h
448 +++ b/include/scsi/scsi_device.h
449 @@ -187,9 +187,9 @@ struct scsi_device {
450 @@ -137969,7 +137975,7 @@ index 2a20c0d..3eb7d03 100644
451 #ifdef CONFIG_MODULE_UNLOAD
452 {
453 diff --git a/kernel/events/core.c b/kernel/events/core.c
454 -index a0ef98b..c60fa0a 100644
455 +index 477fb6b..dcd02b5 100644
456 --- a/kernel/events/core.c
457 +++ b/kernel/events/core.c
458 @@ -350,8 +350,15 @@ static struct srcu_struct pmus_srcu;
459 @@ -138018,7 +138024,7 @@ index a0ef98b..c60fa0a 100644
460 struct hrtimer *timer = &cpuctx->hrtimer;
461 struct pmu *pmu = cpuctx->ctx.pmu;
462 unsigned long flags;
463 -@@ -2893,7 +2901,7 @@ void __perf_event_task_sched_in(struct task_struct *prev,
464 +@@ -2894,7 +2902,7 @@ void __perf_event_task_sched_in(struct task_struct *prev,
465 perf_pmu_sched_task(prev, task, true);
466 }
467
468 @@ -138027,7 +138033,7 @@ index a0ef98b..c60fa0a 100644
469 {
470 u64 frequency = event->attr.sample_freq;
471 u64 sec = NSEC_PER_SEC;
472 -@@ -3944,9 +3952,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
473 +@@ -3935,9 +3943,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
474 total += perf_event_count(event);
475
476 *enabled += event->total_time_enabled +
477 @@ -138039,7 +138045,7 @@ index a0ef98b..c60fa0a 100644
478
479 list_for_each_entry(child, &event->child_list, child_list) {
480 (void)perf_event_read(child, false);
481 -@@ -3978,12 +3986,12 @@ static int __perf_read_group_add(struct perf_event *leader,
482 +@@ -3969,12 +3977,12 @@ static int __perf_read_group_add(struct perf_event *leader,
483 */
484 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
485 values[n++] += leader->total_time_enabled +
486 @@ -138054,7 +138060,7 @@ index a0ef98b..c60fa0a 100644
487 }
488
489 /*
490 -@@ -4485,10 +4493,10 @@ void perf_event_update_userpage(struct perf_event *event)
491 +@@ -4476,10 +4484,10 @@ void perf_event_update_userpage(struct perf_event *event)
492 userpg->offset -= local64_read(&event->hw.prev_count);
493
494 userpg->time_enabled = enabled +
495 @@ -138067,7 +138073,7 @@ index a0ef98b..c60fa0a 100644
496
497 arch_perf_update_userpage(event, userpg, now);
498
499 -@@ -5163,7 +5171,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
500 +@@ -5154,7 +5162,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
501
502 /* Data. */
503 sp = perf_user_stack_pointer(regs);
504 @@ -138076,7 +138082,7 @@ index a0ef98b..c60fa0a 100644
505 dyn_size = dump_size - rem;
506
507 perf_output_skip(handle, rem);
508 -@@ -5254,11 +5262,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
509 +@@ -5245,11 +5253,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
510 values[n++] = perf_event_count(event);
511 if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
512 values[n++] = enabled +
513 @@ -138090,7 +138096,7 @@ index a0ef98b..c60fa0a 100644
514 }
515 if (read_format & PERF_FORMAT_ID)
516 values[n++] = primary_event_id(event);
517 -@@ -7568,8 +7576,7 @@ perf_event_mux_interval_ms_store(struct device *dev,
518 +@@ -7559,8 +7567,7 @@ perf_event_mux_interval_ms_store(struct device *dev,
519 cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu);
520 cpuctx->hrtimer_interval = ns_to_ktime(NSEC_PER_MSEC * timer);
521
522 @@ -138100,7 +138106,7 @@ index a0ef98b..c60fa0a 100644
523 }
524 put_online_cpus();
525 mutex_unlock(&mux_interval_mutex);
526 -@@ -7938,7 +7945,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
527 +@@ -7929,7 +7936,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
528 event->parent = parent_event;
529
530 event->ns = get_pid_ns(task_active_pid_ns(current));
531 @@ -138109,7 +138115,7 @@ index a0ef98b..c60fa0a 100644
532
533 event->state = PERF_EVENT_STATE_INACTIVE;
534
535 -@@ -8300,6 +8307,11 @@ SYSCALL_DEFINE5(perf_event_open,
536 +@@ -8291,6 +8298,11 @@ SYSCALL_DEFINE5(perf_event_open,
537 if (flags & ~PERF_FLAG_ALL)
538 return -EINVAL;
539
540 @@ -138121,7 +138127,7 @@ index a0ef98b..c60fa0a 100644
541 err = perf_copy_attr(attr_uptr, &attr);
542 if (err)
543 return err;
544 -@@ -8788,10 +8800,10 @@ static void sync_child_event(struct perf_event *child_event,
545 +@@ -8805,10 +8817,10 @@ static void sync_child_event(struct perf_event *child_event,
546 /*
547 * Add back the child's count to the parent's count:
548 */
549 @@ -143482,7 +143488,7 @@ index 57a6eea..168c21f 100644
550 /* make curr_ret_stack visible before we add the ret_stack */
551 smp_wmb();
552 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
553 -index 95181e3..3b49321 100644
554 +index 9c14373..5ddd763 100644
555 --- a/kernel/trace/ring_buffer.c
556 +++ b/kernel/trace/ring_buffer.c
557 @@ -296,9 +296,9 @@ struct buffer_data_page {
558 @@ -143535,7 +143541,7 @@ index 95181e3..3b49321 100644
559
560 /*
561 * No need to worry about races with clearing out the commit.
562 -@@ -1411,12 +1411,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
563 +@@ -1412,12 +1412,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
564
565 static inline unsigned long rb_page_entries(struct buffer_page *bpage)
566 {
567 @@ -143550,7 +143556,7 @@ index 95181e3..3b49321 100644
568 }
569
570 static int
571 -@@ -1511,7 +1511,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
572 +@@ -1512,7 +1512,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages)
573 * bytes consumed in ring buffer from here.
574 * Increment overrun to account for the lost events.
575 */
576 @@ -160909,10 +160915,10 @@ index 55c96cb..e4e88ab 100644
577 __clean-files := $(filter-out $(no-clean-files), $(__clean-files))
578
579 diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
580 -index f9e47a7..b72022a 100644
581 +index 53449a6..c1fd180 100644
582 --- a/scripts/Makefile.extrawarn
583 +++ b/scripts/Makefile.extrawarn
584 -@@ -27,6 +27,10 @@ warning-1 += $(call cc-option, -Wunused-but-set-variable)
585 +@@ -28,6 +28,10 @@ warning-1 += $(call cc-option, -Wunused-const-variable)
586 warning-1 += $(call cc-disable-warning, missing-field-initializers)
587 warning-1 += $(call cc-disable-warning, sign-compare)
588
589
590 diff --git a/4.5.5/4425_grsec_remove_EI_PAX.patch b/4.5.6/4425_grsec_remove_EI_PAX.patch
591 similarity index 100%
592 rename from 4.5.5/4425_grsec_remove_EI_PAX.patch
593 rename to 4.5.6/4425_grsec_remove_EI_PAX.patch
594
595 diff --git a/4.5.5/4427_force_XATTR_PAX_tmpfs.patch b/4.5.6/4427_force_XATTR_PAX_tmpfs.patch
596 similarity index 100%
597 rename from 4.5.5/4427_force_XATTR_PAX_tmpfs.patch
598 rename to 4.5.6/4427_force_XATTR_PAX_tmpfs.patch
599
600 diff --git a/4.5.5/4430_grsec-remove-localversion-grsec.patch b/4.5.6/4430_grsec-remove-localversion-grsec.patch
601 similarity index 100%
602 rename from 4.5.5/4430_grsec-remove-localversion-grsec.patch
603 rename to 4.5.6/4430_grsec-remove-localversion-grsec.patch
604
605 diff --git a/4.5.5/4435_grsec-mute-warnings.patch b/4.5.6/4435_grsec-mute-warnings.patch
606 similarity index 100%
607 rename from 4.5.5/4435_grsec-mute-warnings.patch
608 rename to 4.5.6/4435_grsec-mute-warnings.patch
609
610 diff --git a/4.5.5/4440_grsec-remove-protected-paths.patch b/4.5.6/4440_grsec-remove-protected-paths.patch
611 similarity index 100%
612 rename from 4.5.5/4440_grsec-remove-protected-paths.patch
613 rename to 4.5.6/4440_grsec-remove-protected-paths.patch
614
615 diff --git a/4.5.5/4450_grsec-kconfig-default-gids.patch b/4.5.6/4450_grsec-kconfig-default-gids.patch
616 similarity index 100%
617 rename from 4.5.5/4450_grsec-kconfig-default-gids.patch
618 rename to 4.5.6/4450_grsec-kconfig-default-gids.patch
619
620 diff --git a/4.5.5/4465_selinux-avc_audit-log-curr_ip.patch b/4.5.6/4465_selinux-avc_audit-log-curr_ip.patch
621 similarity index 100%
622 rename from 4.5.5/4465_selinux-avc_audit-log-curr_ip.patch
623 rename to 4.5.6/4465_selinux-avc_audit-log-curr_ip.patch
624
625 diff --git a/4.5.5/4470_disable-compat_vdso.patch b/4.5.6/4470_disable-compat_vdso.patch
626 similarity index 100%
627 rename from 4.5.5/4470_disable-compat_vdso.patch
628 rename to 4.5.6/4470_disable-compat_vdso.patch
629
630 diff --git a/4.5.5/4475_emutramp_default_on.patch b/4.5.6/4475_emutramp_default_on.patch
631 similarity index 100%
632 rename from 4.5.5/4475_emutramp_default_on.patch
633 rename to 4.5.6/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups