1 |
commit: 609ffe9ee3a9e872e67a7e811058ee837cd917dd |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Apr 26 08:20:46 2016 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Apr 26 08:20:46 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=609ffe9e |
7 |
|
8 |
grsecurity-3.1-4.4.8-201604252206 |
9 |
|
10 |
4.4.8/0000_README | 2 +- |
11 |
...> 4420_grsecurity-3.1-4.4.8-201604252206.patch} | 63 ++++++++++++++++++++-- |
12 |
2 files changed, 59 insertions(+), 6 deletions(-) |
13 |
|
14 |
diff --git a/4.4.8/0000_README b/4.4.8/0000_README |
15 |
index 50bafae..31bb556 100644 |
16 |
--- a/4.4.8/0000_README |
17 |
+++ b/4.4.8/0000_README |
18 |
@@ -6,7 +6,7 @@ Patch: 1007_linux-4.4.8.patch |
19 |
From: http://www.kernel.org |
20 |
Desc: Linux 4.4.8 |
21 |
|
22 |
-Patch: 4420_grsecurity-3.1-4.4.8-201604201957.patch |
23 |
+Patch: 4420_grsecurity-3.1-4.4.8-201604252206.patch |
24 |
From: http://www.grsecurity.net |
25 |
Desc: hardened-sources base patch from upstream grsecurity |
26 |
|
27 |
|
28 |
diff --git a/4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch b/4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch |
29 |
similarity index 99% |
30 |
rename from 4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch |
31 |
rename to 4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch |
32 |
index a90771e..a7a3280 100644 |
33 |
--- a/4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch |
34 |
+++ b/4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch |
35 |
@@ -56408,6 +56408,18 @@ index a14c784..6de6790 100644 |
36 |
} |
37 |
|
38 |
#define BFA_CACHELINE_SZ (256) |
39 |
+diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c |
40 |
+index f3bb7af..ead83a2 100644 |
41 |
+--- a/drivers/scsi/cxgbi/libcxgbi.c |
42 |
++++ b/drivers/scsi/cxgbi/libcxgbi.c |
43 |
+@@ -688,6 +688,7 @@ static struct rt6_info *find_route_ipv6(const struct in6_addr *saddr, |
44 |
+ { |
45 |
+ struct flowi6 fl; |
46 |
+ |
47 |
++ memset(&fl, 0, sizeof(fl)); |
48 |
+ if (saddr) |
49 |
+ memcpy(&fl.saddr, saddr, sizeof(struct in6_addr)); |
50 |
+ if (daddr) |
51 |
diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c |
52 |
index 045c4e1..13de803 100644 |
53 |
--- a/drivers/scsi/fcoe/fcoe_sysfs.c |
54 |
@@ -59040,7 +59052,7 @@ index c3fe026..9cfe421 100644 |
55 |
|
56 |
dlci->modem_rx = 0; |
57 |
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c |
58 |
-index cf000b3..63baffa 100644 |
59 |
+index cf000b3..a399250 100644 |
60 |
--- a/drivers/tty/n_tty.c |
61 |
+++ b/drivers/tty/n_tty.c |
62 |
@@ -1507,7 +1507,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag) |
63 |
@@ -59110,7 +59122,28 @@ index cf000b3..63baffa 100644 |
64 |
|
65 |
down_read(&tty->termios_rwsem); |
66 |
|
67 |
-@@ -2550,6 +2550,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) |
68 |
+@@ -1723,15 +1723,16 @@ n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp, |
69 |
+ room = N_TTY_BUF_SIZE - (ldata->read_head - tail); |
70 |
+ if (I_PARMRK(tty)) |
71 |
+ room = (room + 2) / 3; |
72 |
+- room--; |
73 |
+- if (room <= 0) { |
74 |
++ if (room <= 1) { |
75 |
+ overflow = ldata->icanon && ldata->canon_head == tail; |
76 |
+- if (overflow && room < 0) |
77 |
++ if (overflow && room == 0) |
78 |
+ ldata->read_head--; |
79 |
+ room = overflow; |
80 |
+ ldata->no_room = flow && !room; |
81 |
+- } else |
82 |
++ } else { |
83 |
++ room--; |
84 |
+ overflow = 0; |
85 |
++ } |
86 |
+ |
87 |
+ n = min(count, room); |
88 |
+ if (!n) |
89 |
+@@ -2550,6 +2551,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) |
90 |
{ |
91 |
*ops = tty_ldisc_N_TTY; |
92 |
ops->owner = NULL; |
93 |
@@ -86717,7 +86750,7 @@ index b6c00ce..ab37ad1 100644 |
94 |
static struct pid * |
95 |
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) |
96 |
diff --git a/fs/proc/base.c b/fs/proc/base.c |
97 |
-index b7de324..417bafe 100644 |
98 |
+index b7de324..c1235e2 100644 |
99 |
--- a/fs/proc/base.c |
100 |
+++ b/fs/proc/base.c |
101 |
@@ -113,6 +113,14 @@ struct pid_entry { |
102 |
@@ -86928,8 +86961,12 @@ index b7de324..417bafe 100644 |
103 |
|
104 |
if (write && copy_from_user(page, buf, this_len)) { |
105 |
copied = -EFAULT; |
106 |
-@@ -957,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
107 |
- if (!mm) |
108 |
+@@ -954,9 +1034,16 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
109 |
+ int ret = 0; |
110 |
+ struct mm_struct *mm = file->private_data; |
111 |
+ |
112 |
+- if (!mm) |
113 |
++ if (!mm || !mm->env_end) |
114 |
return 0; |
115 |
|
116 |
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP |
117 |
@@ -115251,6 +115288,22 @@ index 70e5e09..87f2797 100644 |
118 |
} |
119 |
#else |
120 |
static void register_sched_domain_sysctl(void) |
121 |
+diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c |
122 |
+index 6415117..7dc45dc 100644 |
123 |
+--- a/kernel/sched/debug.c |
124 |
++++ b/kernel/sched/debug.c |
125 |
+@@ -490,7 +490,11 @@ static int __init init_sched_debug_procfs(void) |
126 |
+ { |
127 |
+ struct proc_dir_entry *pe; |
128 |
+ |
129 |
++#ifdef CONFIG_GRKERNSEC_PROC_ADD |
130 |
++ pe = proc_create("sched_debug", 0400, NULL, &sched_debug_fops); |
131 |
++#else |
132 |
+ pe = proc_create("sched_debug", 0444, NULL, &sched_debug_fops); |
133 |
++#endif |
134 |
+ if (!pe) |
135 |
+ return -ENOMEM; |
136 |
+ return 0; |
137 |
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
138 |
index cfdc0e6..71f2abd 100644 |
139 |
--- a/kernel/sched/fair.c |