1 |
commit: c2144d560a97fdad96c84200e9b45a564409b42e |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Feb 1 17:18:55 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 1 17:18:55 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=c2144d56 |
7 |
|
8 |
Grsec/PaX: 3.0-3.13.1-201401301657 |
9 |
|
10 |
--- |
11 |
{3.13.0 => 3.13.1}/0000_README | 2 +- |
12 |
.../4420_grsecurity-3.0-3.13.1-201401301657.patch | 75 +++++++++++++--------- |
13 |
{3.13.0 => 3.13.1}/4425_grsec_remove_EI_PAX.patch | 0 |
14 |
.../4427_force_XATTR_PAX_tmpfs.patch | 0 |
15 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
16 |
{3.13.0 => 3.13.1}/4435_grsec-mute-warnings.patch | 0 |
17 |
.../4440_grsec-remove-protected-paths.patch | 0 |
18 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
19 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
20 |
{3.13.0 => 3.13.1}/4470_disable-compat_vdso.patch | 0 |
21 |
{3.13.0 => 3.13.1}/4475_emutramp_default_on.patch | 0 |
22 |
11 files changed, 46 insertions(+), 31 deletions(-) |
23 |
|
24 |
diff --git a/3.13.0/0000_README b/3.13.1/0000_README |
25 |
similarity index 96% |
26 |
rename from 3.13.0/0000_README |
27 |
rename to 3.13.1/0000_README |
28 |
index d5c2b2c..a830d5a 100644 |
29 |
--- a/3.13.0/0000_README |
30 |
+++ b/3.13.1/0000_README |
31 |
@@ -2,7 +2,7 @@ README |
32 |
----------------------------------------------------------------------------- |
33 |
Individual Patch Descriptions: |
34 |
----------------------------------------------------------------------------- |
35 |
-Patch: 4420_grsecurity-3.0-3.13.0-201401281848.patch |
36 |
+Patch: 4420_grsecurity-3.0-3.13.1-201401301657.patch |
37 |
From: http://www.grsecurity.net |
38 |
Desc: hardened-sources base patch from upstream grsecurity |
39 |
|
40 |
|
41 |
diff --git a/3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch b/3.13.1/4420_grsecurity-3.0-3.13.1-201401301657.patch |
42 |
similarity index 99% |
43 |
rename from 3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch |
44 |
rename to 3.13.1/4420_grsecurity-3.0-3.13.1-201401301657.patch |
45 |
index 93699a6..08da283 100644 |
46 |
--- a/3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch |
47 |
+++ b/3.13.1/4420_grsecurity-3.0-3.13.1-201401301657.patch |
48 |
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644 |
49 |
|
50 |
pcd. [PARIDE] |
51 |
diff --git a/Makefile b/Makefile |
52 |
-index b8b7f74..1f3d7c8 100644 |
53 |
+index de4cda9..d1183df 100644 |
54 |
--- a/Makefile |
55 |
+++ b/Makefile |
56 |
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
57 |
@@ -19178,7 +19178,7 @@ index 3c03a5d..1071638 100644 |
58 |
|
59 |
#endif /* _ASM_X86_UACCESS_32_H */ |
60 |
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h |
61 |
-index 190413d..bf69468 100644 |
62 |
+index 190413d..8a80c2a 100644 |
63 |
--- a/arch/x86/include/asm/uaccess_64.h |
64 |
+++ b/arch/x86/include/asm/uaccess_64.h |
65 |
@@ -10,6 +10,9 @@ |
66 |
@@ -19457,7 +19457,7 @@ index 190413d..bf69468 100644 |
67 |
+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) |
68 |
{ |
69 |
- return __copy_from_user_nocheck(dst, (__force const void *)src, size); |
70 |
-+ return __copy_from_user_nocheck(dst, ____m(src), size); |
71 |
++ return __copy_from_user_nocheck(dst, src, size); |
72 |
} |
73 |
|
74 |
-static __must_check __always_inline int |
75 |
@@ -19466,7 +19466,7 @@ index 190413d..bf69468 100644 |
76 |
+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) |
77 |
{ |
78 |
- return __copy_to_user_nocheck((__force void *)dst, src, size); |
79 |
-+ return __copy_to_user_nocheck(____m(dst), src, size); |
80 |
++ return __copy_to_user_nocheck(dst, src, size); |
81 |
} |
82 |
|
83 |
-extern long __copy_user_nocache(void *dst, const void __user *src, |
84 |
@@ -43411,7 +43411,7 @@ index 06eeb99..770613e 100644 |
85 |
|
86 |
rdev_dec_pending(rdev, mddev); |
87 |
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c |
88 |
-index cbb1571..47952f5 100644 |
89 |
+index 03f82ab..374bb38 100644 |
90 |
--- a/drivers/md/raid5.c |
91 |
+++ b/drivers/md/raid5.c |
92 |
@@ -1991,21 +1991,21 @@ static void raid5_end_read_request(struct bio * bi, int error) |
93 |
@@ -78741,7 +78741,7 @@ index 9fe426b..8148be6 100644 |
94 |
static inline int |
95 |
vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) |
96 |
diff --git a/include/linux/mm.h b/include/linux/mm.h |
97 |
-index 3552717..658aae0 100644 |
98 |
+index 9fac6dd..158ca43 100644 |
99 |
--- a/include/linux/mm.h |
100 |
+++ b/include/linux/mm.h |
101 |
@@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp); |
102 |
@@ -78775,7 +78775,7 @@ index 3552717..658aae0 100644 |
103 |
|
104 |
struct mmu_gather; |
105 |
struct inode; |
106 |
-@@ -1061,8 +1067,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, |
107 |
+@@ -1064,8 +1070,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, |
108 |
unsigned long *pfn); |
109 |
int follow_phys(struct vm_area_struct *vma, unsigned long address, |
110 |
unsigned int flags, unsigned long *prot, resource_size_t *phys); |
111 |
@@ -78786,7 +78786,7 @@ index 3552717..658aae0 100644 |
112 |
|
113 |
static inline void unmap_shared_mapping_range(struct address_space *mapping, |
114 |
loff_t const holebegin, loff_t const holelen) |
115 |
-@@ -1101,9 +1107,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, |
116 |
+@@ -1104,9 +1110,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, |
117 |
} |
118 |
#endif |
119 |
|
120 |
@@ -78799,7 +78799,7 @@ index 3552717..658aae0 100644 |
121 |
|
122 |
long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, |
123 |
unsigned long start, unsigned long nr_pages, |
124 |
-@@ -1135,34 +1141,6 @@ int set_page_dirty(struct page *page); |
125 |
+@@ -1138,34 +1144,6 @@ int set_page_dirty(struct page *page); |
126 |
int set_page_dirty_lock(struct page *page); |
127 |
int clear_page_dirty_for_io(struct page *page); |
128 |
|
129 |
@@ -78834,7 +78834,7 @@ index 3552717..658aae0 100644 |
130 |
extern pid_t |
131 |
vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); |
132 |
|
133 |
-@@ -1262,6 +1240,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) |
134 |
+@@ -1265,6 +1243,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) |
135 |
} |
136 |
#endif |
137 |
|
138 |
@@ -78850,7 +78850,7 @@ index 3552717..658aae0 100644 |
139 |
int vma_wants_writenotify(struct vm_area_struct *vma); |
140 |
|
141 |
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, |
142 |
-@@ -1280,8 +1267,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, |
143 |
+@@ -1283,8 +1270,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, |
144 |
{ |
145 |
return 0; |
146 |
} |
147 |
@@ -78866,7 +78866,7 @@ index 3552717..658aae0 100644 |
148 |
#endif |
149 |
|
150 |
#ifdef __PAGETABLE_PMD_FOLDED |
151 |
-@@ -1290,8 +1284,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, |
152 |
+@@ -1293,8 +1287,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, |
153 |
{ |
154 |
return 0; |
155 |
} |
156 |
@@ -78882,7 +78882,7 @@ index 3552717..658aae0 100644 |
157 |
#endif |
158 |
|
159 |
int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, |
160 |
-@@ -1309,11 +1310,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a |
161 |
+@@ -1312,11 +1313,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a |
162 |
NULL: pud_offset(pgd, address); |
163 |
} |
164 |
|
165 |
@@ -78906,7 +78906,7 @@ index 3552717..658aae0 100644 |
166 |
#endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ |
167 |
|
168 |
#if USE_SPLIT_PTE_PTLOCKS |
169 |
-@@ -1691,7 +1704,7 @@ extern int install_special_mapping(struct mm_struct *mm, |
170 |
+@@ -1694,7 +1707,7 @@ extern int install_special_mapping(struct mm_struct *mm, |
171 |
unsigned long addr, unsigned long len, |
172 |
unsigned long flags, struct page **pages); |
173 |
|
174 |
@@ -78915,7 +78915,7 @@ index 3552717..658aae0 100644 |
175 |
|
176 |
extern unsigned long mmap_region(struct file *file, unsigned long addr, |
177 |
unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); |
178 |
-@@ -1699,6 +1712,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, |
179 |
+@@ -1702,6 +1715,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, |
180 |
unsigned long len, unsigned long prot, unsigned long flags, |
181 |
unsigned long pgoff, unsigned long *populate); |
182 |
extern int do_munmap(struct mm_struct *, unsigned long, size_t); |
183 |
@@ -78923,7 +78923,7 @@ index 3552717..658aae0 100644 |
184 |
|
185 |
#ifdef CONFIG_MMU |
186 |
extern int __mm_populate(unsigned long addr, unsigned long len, |
187 |
-@@ -1727,10 +1741,11 @@ struct vm_unmapped_area_info { |
188 |
+@@ -1730,10 +1744,11 @@ struct vm_unmapped_area_info { |
189 |
unsigned long high_limit; |
190 |
unsigned long align_mask; |
191 |
unsigned long align_offset; |
192 |
@@ -78937,7 +78937,7 @@ index 3552717..658aae0 100644 |
193 |
|
194 |
/* |
195 |
* Search for an unmapped address range. |
196 |
-@@ -1742,7 +1757,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); |
197 |
+@@ -1745,7 +1760,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); |
198 |
* - satisfies (begin_addr & align_mask) == (align_offset & align_mask) |
199 |
*/ |
200 |
static inline unsigned long |
201 |
@@ -78946,7 +78946,7 @@ index 3552717..658aae0 100644 |
202 |
{ |
203 |
if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) |
204 |
return unmapped_area(info); |
205 |
-@@ -1805,6 +1820,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add |
206 |
+@@ -1808,6 +1823,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add |
207 |
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, |
208 |
struct vm_area_struct **pprev); |
209 |
|
210 |
@@ -78957,7 +78957,7 @@ index 3552717..658aae0 100644 |
211 |
/* Look up the first VMA which intersects the interval start_addr..end_addr-1, |
212 |
NULL if none. Assume start_addr < end_addr. */ |
213 |
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) |
214 |
-@@ -1833,15 +1852,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, |
215 |
+@@ -1836,15 +1855,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, |
216 |
return vma; |
217 |
} |
218 |
|
219 |
@@ -78973,7 +78973,7 @@ index 3552717..658aae0 100644 |
220 |
#ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE |
221 |
unsigned long change_prot_numa(struct vm_area_struct *vma, |
222 |
unsigned long start, unsigned long end); |
223 |
-@@ -1893,6 +1903,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); |
224 |
+@@ -1896,6 +1906,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); |
225 |
static inline void vm_stat_account(struct mm_struct *mm, |
226 |
unsigned long flags, struct file *file, long pages) |
227 |
{ |
228 |
@@ -78985,7 +78985,7 @@ index 3552717..658aae0 100644 |
229 |
mm->total_vm += pages; |
230 |
} |
231 |
#endif /* CONFIG_PROC_FS */ |
232 |
-@@ -1974,7 +1989,7 @@ extern int unpoison_memory(unsigned long pfn); |
233 |
+@@ -1977,7 +1992,7 @@ extern int unpoison_memory(unsigned long pfn); |
234 |
extern int sysctl_memory_failure_early_kill; |
235 |
extern int sysctl_memory_failure_recovery; |
236 |
extern void shake_page(struct page *p, int access); |
237 |
@@ -78994,7 +78994,7 @@ index 3552717..658aae0 100644 |
238 |
extern int soft_offline_page(struct page *page, int flags); |
239 |
|
240 |
extern void dump_page(struct page *page); |
241 |
-@@ -2011,5 +2026,11 @@ void __init setup_nr_node_ids(void); |
242 |
+@@ -2014,5 +2029,11 @@ void __init setup_nr_node_ids(void); |
243 |
static inline void setup_nr_node_ids(void) {} |
244 |
#endif |
245 |
|
246 |
@@ -95456,7 +95456,7 @@ index 4a5df7b..9ad1f1d 100644 |
247 |
|
248 |
switch (ss->ss_family) { |
249 |
diff --git a/net/compat.c b/net/compat.c |
250 |
-index dd32e34..0529c9c 100644 |
251 |
+index dd32e34..94fa415 100644 |
252 |
--- a/net/compat.c |
253 |
+++ b/net/compat.c |
254 |
@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) |
255 |
@@ -95586,16 +95586,31 @@ index dd32e34..0529c9c 100644 |
256 |
struct group_filter __user *kgf; |
257 |
int __user *koptlen; |
258 |
u32 interface, fmode, numsrc; |
259 |
-@@ -783,7 +783,7 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, |
260 |
- if (COMPAT_USE_64BIT_TIME) |
261 |
- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, |
262 |
- flags | MSG_CMSG_COMPAT, |
263 |
-- (struct timespec *) timeout); |
264 |
-+ (struct timespec __force_kernel *) timeout); |
265 |
+@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, |
266 |
+ if (flags & MSG_CMSG_COMPAT) |
267 |
+ return -EINVAL; |
268 |
|
269 |
+- if (COMPAT_USE_64BIT_TIME) |
270 |
+- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, |
271 |
+- flags | MSG_CMSG_COMPAT, |
272 |
+- (struct timespec *) timeout); |
273 |
+- |
274 |
if (timeout == NULL) |
275 |
return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, |
276 |
-@@ -808,7 +808,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) |
277 |
+ flags | MSG_CMSG_COMPAT, NULL); |
278 |
+ |
279 |
+- if (get_compat_timespec(&ktspec, timeout)) |
280 |
++ if (compat_get_timespec(&ktspec, timeout)) |
281 |
+ return -EFAULT; |
282 |
+ |
283 |
+ datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, |
284 |
+ flags | MSG_CMSG_COMPAT, &ktspec); |
285 |
+- if (datagrams > 0 && put_compat_timespec(&ktspec, timeout)) |
286 |
++ if (datagrams > 0 && compat_put_timespec(&ktspec, timeout)) |
287 |
+ datagrams = -EFAULT; |
288 |
+ |
289 |
+ return datagrams; |
290 |
+@@ -808,7 +803,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) |
291 |
|
292 |
if (call < SYS_SOCKET || call > SYS_SENDMMSG) |
293 |
return -EINVAL; |
294 |
|
295 |
diff --git a/3.13.0/4425_grsec_remove_EI_PAX.patch b/3.13.1/4425_grsec_remove_EI_PAX.patch |
296 |
similarity index 100% |
297 |
rename from 3.13.0/4425_grsec_remove_EI_PAX.patch |
298 |
rename to 3.13.1/4425_grsec_remove_EI_PAX.patch |
299 |
|
300 |
diff --git a/3.13.0/4427_force_XATTR_PAX_tmpfs.patch b/3.13.1/4427_force_XATTR_PAX_tmpfs.patch |
301 |
similarity index 100% |
302 |
rename from 3.13.0/4427_force_XATTR_PAX_tmpfs.patch |
303 |
rename to 3.13.1/4427_force_XATTR_PAX_tmpfs.patch |
304 |
|
305 |
diff --git a/3.13.0/4430_grsec-remove-localversion-grsec.patch b/3.13.1/4430_grsec-remove-localversion-grsec.patch |
306 |
similarity index 100% |
307 |
rename from 3.13.0/4430_grsec-remove-localversion-grsec.patch |
308 |
rename to 3.13.1/4430_grsec-remove-localversion-grsec.patch |
309 |
|
310 |
diff --git a/3.13.0/4435_grsec-mute-warnings.patch b/3.13.1/4435_grsec-mute-warnings.patch |
311 |
similarity index 100% |
312 |
rename from 3.13.0/4435_grsec-mute-warnings.patch |
313 |
rename to 3.13.1/4435_grsec-mute-warnings.patch |
314 |
|
315 |
diff --git a/3.13.0/4440_grsec-remove-protected-paths.patch b/3.13.1/4440_grsec-remove-protected-paths.patch |
316 |
similarity index 100% |
317 |
rename from 3.13.0/4440_grsec-remove-protected-paths.patch |
318 |
rename to 3.13.1/4440_grsec-remove-protected-paths.patch |
319 |
|
320 |
diff --git a/3.13.0/4450_grsec-kconfig-default-gids.patch b/3.13.1/4450_grsec-kconfig-default-gids.patch |
321 |
similarity index 100% |
322 |
rename from 3.13.0/4450_grsec-kconfig-default-gids.patch |
323 |
rename to 3.13.1/4450_grsec-kconfig-default-gids.patch |
324 |
|
325 |
diff --git a/3.13.0/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.1/4465_selinux-avc_audit-log-curr_ip.patch |
326 |
similarity index 100% |
327 |
rename from 3.13.0/4465_selinux-avc_audit-log-curr_ip.patch |
328 |
rename to 3.13.1/4465_selinux-avc_audit-log-curr_ip.patch |
329 |
|
330 |
diff --git a/3.13.0/4470_disable-compat_vdso.patch b/3.13.1/4470_disable-compat_vdso.patch |
331 |
similarity index 100% |
332 |
rename from 3.13.0/4470_disable-compat_vdso.patch |
333 |
rename to 3.13.1/4470_disable-compat_vdso.patch |
334 |
|
335 |
diff --git a/3.13.0/4475_emutramp_default_on.patch b/3.13.1/4475_emutramp_default_on.patch |
336 |
similarity index 100% |
337 |
rename from 3.13.0/4475_emutramp_default_on.patch |
338 |
rename to 3.13.1/4475_emutramp_default_on.patch |