| 1 |
commit: 609ffe9ee3a9e872e67a7e811058ee837cd917dd |
| 2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Apr 26 08:20:46 2016 +0000 |
| 4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Apr 26 08:20:46 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=609ffe9e |
| 7 |
|
| 8 |
grsecurity-3.1-4.4.8-201604252206 |
| 9 |
|
| 10 |
4.4.8/0000_README | 2 +- |
| 11 |
...> 4420_grsecurity-3.1-4.4.8-201604252206.patch} | 63 ++++++++++++++++++++-- |
| 12 |
2 files changed, 59 insertions(+), 6 deletions(-) |
| 13 |
|
| 14 |
diff --git a/4.4.8/0000_README b/4.4.8/0000_README |
| 15 |
index 50bafae..31bb556 100644 |
| 16 |
--- a/4.4.8/0000_README |
| 17 |
+++ b/4.4.8/0000_README |
| 18 |
@@ -6,7 +6,7 @@ Patch: 1007_linux-4.4.8.patch |
| 19 |
From: http://www.kernel.org |
| 20 |
Desc: Linux 4.4.8 |
| 21 |
|
| 22 |
-Patch: 4420_grsecurity-3.1-4.4.8-201604201957.patch |
| 23 |
+Patch: 4420_grsecurity-3.1-4.4.8-201604252206.patch |
| 24 |
From: http://www.grsecurity.net |
| 25 |
Desc: hardened-sources base patch from upstream grsecurity |
| 26 |
|
| 27 |
|
| 28 |
diff --git a/4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch b/4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch |
| 29 |
similarity index 99% |
| 30 |
rename from 4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch |
| 31 |
rename to 4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch |
| 32 |
index a90771e..a7a3280 100644 |
| 33 |
--- a/4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch |
| 34 |
+++ b/4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch |
| 35 |
@@ -56408,6 +56408,18 @@ index a14c784..6de6790 100644 |
| 36 |
} |
| 37 |
|
| 38 |
#define BFA_CACHELINE_SZ (256) |
| 39 |
+diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c |
| 40 |
+index f3bb7af..ead83a2 100644 |
| 41 |
+--- a/drivers/scsi/cxgbi/libcxgbi.c |
| 42 |
++++ b/drivers/scsi/cxgbi/libcxgbi.c |
| 43 |
+@@ -688,6 +688,7 @@ static struct rt6_info *find_route_ipv6(const struct in6_addr *saddr, |
| 44 |
+ { |
| 45 |
+ struct flowi6 fl; |
| 46 |
+ |
| 47 |
++ memset(&fl, 0, sizeof(fl)); |
| 48 |
+ if (saddr) |
| 49 |
+ memcpy(&fl.saddr, saddr, sizeof(struct in6_addr)); |
| 50 |
+ if (daddr) |
| 51 |
diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c |
| 52 |
index 045c4e1..13de803 100644 |
| 53 |
--- a/drivers/scsi/fcoe/fcoe_sysfs.c |
| 54 |
@@ -59040,7 +59052,7 @@ index c3fe026..9cfe421 100644 |
| 55 |
|
| 56 |
dlci->modem_rx = 0; |
| 57 |
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c |
| 58 |
-index cf000b3..63baffa 100644 |
| 59 |
+index cf000b3..a399250 100644 |
| 60 |
--- a/drivers/tty/n_tty.c |
| 61 |
+++ b/drivers/tty/n_tty.c |
| 62 |
@@ -1507,7 +1507,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag) |
| 63 |
@@ -59110,7 +59122,28 @@ index cf000b3..63baffa 100644 |
| 64 |
|
| 65 |
down_read(&tty->termios_rwsem); |
| 66 |
|
| 67 |
-@@ -2550,6 +2550,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) |
| 68 |
+@@ -1723,15 +1723,16 @@ n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp, |
| 69 |
+ room = N_TTY_BUF_SIZE - (ldata->read_head - tail); |
| 70 |
+ if (I_PARMRK(tty)) |
| 71 |
+ room = (room + 2) / 3; |
| 72 |
+- room--; |
| 73 |
+- if (room <= 0) { |
| 74 |
++ if (room <= 1) { |
| 75 |
+ overflow = ldata->icanon && ldata->canon_head == tail; |
| 76 |
+- if (overflow && room < 0) |
| 77 |
++ if (overflow && room == 0) |
| 78 |
+ ldata->read_head--; |
| 79 |
+ room = overflow; |
| 80 |
+ ldata->no_room = flow && !room; |
| 81 |
+- } else |
| 82 |
++ } else { |
| 83 |
++ room--; |
| 84 |
+ overflow = 0; |
| 85 |
++ } |
| 86 |
+ |
| 87 |
+ n = min(count, room); |
| 88 |
+ if (!n) |
| 89 |
+@@ -2550,6 +2551,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) |
| 90 |
{ |
| 91 |
*ops = tty_ldisc_N_TTY; |
| 92 |
ops->owner = NULL; |
| 93 |
@@ -86717,7 +86750,7 @@ index b6c00ce..ab37ad1 100644 |
| 94 |
static struct pid * |
| 95 |
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) |
| 96 |
diff --git a/fs/proc/base.c b/fs/proc/base.c |
| 97 |
-index b7de324..417bafe 100644 |
| 98 |
+index b7de324..c1235e2 100644 |
| 99 |
--- a/fs/proc/base.c |
| 100 |
+++ b/fs/proc/base.c |
| 101 |
@@ -113,6 +113,14 @@ struct pid_entry { |
| 102 |
@@ -86928,8 +86961,12 @@ index b7de324..417bafe 100644 |
| 103 |
|
| 104 |
if (write && copy_from_user(page, buf, this_len)) { |
| 105 |
copied = -EFAULT; |
| 106 |
-@@ -957,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
| 107 |
- if (!mm) |
| 108 |
+@@ -954,9 +1034,16 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
| 109 |
+ int ret = 0; |
| 110 |
+ struct mm_struct *mm = file->private_data; |
| 111 |
+ |
| 112 |
+- if (!mm) |
| 113 |
++ if (!mm || !mm->env_end) |
| 114 |
return 0; |
| 115 |
|
| 116 |
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP |
| 117 |
@@ -115251,6 +115288,22 @@ index 70e5e09..87f2797 100644 |
| 118 |
} |
| 119 |
#else |
| 120 |
static void register_sched_domain_sysctl(void) |
| 121 |
+diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c |
| 122 |
+index 6415117..7dc45dc 100644 |
| 123 |
+--- a/kernel/sched/debug.c |
| 124 |
++++ b/kernel/sched/debug.c |
| 125 |
+@@ -490,7 +490,11 @@ static int __init init_sched_debug_procfs(void) |
| 126 |
+ { |
| 127 |
+ struct proc_dir_entry *pe; |
| 128 |
+ |
| 129 |
++#ifdef CONFIG_GRKERNSEC_PROC_ADD |
| 130 |
++ pe = proc_create("sched_debug", 0400, NULL, &sched_debug_fops); |
| 131 |
++#else |
| 132 |
+ pe = proc_create("sched_debug", 0444, NULL, &sched_debug_fops); |
| 133 |
++#endif |
| 134 |
+ if (!pe) |
| 135 |
+ return -ENOMEM; |
| 136 |
+ return 0; |
| 137 |
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
| 138 |
index cfdc0e6..71f2abd 100644 |
| 139 |
--- a/kernel/sched/fair.c |
Archives