* [gentoo-commits] proj/hardened-patchset:master commit in: 3.3.4/, 2.6.32/, 3.3.3/, 3.2.16/
@ 2012-05-01 0:15 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2012-05-01 0:15 UTC (permalink / raw
To: gentoo-commits
commit: e4ccaafaed07d4747a274b551ab90fedcdb21c17
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue May 1 00:14:56 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue May 1 00:14:56 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=e4ccaafa
Grsec/PaX: 2.9-{2.6.32.59,3.2.16,3.3.4}-201204272005
---
2.6.32/0000_README | 2 +-
...20_grsecurity-2.9-2.6.32.59-201204272005.patch} | 11 +-
3.2.16/0000_README | 2 +-
... 4420_grsecurity-2.9-3.2.16-201204272005.patch} | 19 ++-
{3.3.3 => 3.3.4}/0000_README | 2 +-
.../4420_grsecurity-2.9-3.3.4-201204272006.patch | 264 +++++---------------
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.3.3 => 3.3.4}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4445_grsec-pax-without-grsec.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
{3.3.3 => 3.3.4}/4455_grsec-kconfig-gentoo.patch | 0
.../4460-grsec-kconfig-proc-user.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.3.3 => 3.3.4}/4470_disable-compat_vdso.patch | 0
15 files changed, 92 insertions(+), 208 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 88d91ed..78e053c 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9-2.6.32.59-201204231832.patch
+Patch: 4420_grsecurity-2.9-2.6.32.59-201204272005.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch
rename to 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch
index f9f051f..0991ae8 100644
--- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204231832.patch
+++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch
@@ -754,7 +754,7 @@ index b68faef..6dd1496 100644
select HAVE_KRETPROBES if (HAVE_KPROBES)
select HAVE_FUNCTION_TRACER if (!XIP_KERNEL)
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index d0daeab..99ab713 100644
+index d0daeab..8d7cb84 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -15,6 +15,10 @@
@@ -832,7 +832,7 @@ index d0daeab..99ab713 100644
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
+" mov %0, %1\n"
-+"2: bkpt 0xf103\n"
++"2: bkpt 0xf103\n"
+"3:\n"
+#endif
+
@@ -104361,10 +104361,10 @@ index d52f7a0..b66cdd9 100755
rm -f tags
xtags ctags
diff --git a/security/Kconfig b/security/Kconfig
-index fb363cd..50f3c98 100644
+index fb363cd..c2c0a96 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,633 @@
+@@ -4,6 +4,634 @@
menu "Security options"
@@ -104980,6 +104980,7 @@ index fb363cd..50f3c98 100644
+
+config PAX_SIZE_OVERFLOW
+ bool "Prevent various integer overflows in function size parameters"
++ depends on X86
+ help
+ By saying Y here the kernel recomputes expressions of function
+ arguments marked by a size_overflow attribute with double integer
@@ -104998,7 +104999,7 @@ index fb363cd..50f3c98 100644
config KEYS
bool "Enable access key retention support"
help
-@@ -146,7 +773,7 @@ config INTEL_TXT
+@@ -146,7 +774,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
diff --git a/3.2.16/0000_README b/3.2.16/0000_README
index 1868caa..7ae16d8 100644
--- a/3.2.16/0000_README
+++ b/3.2.16/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9-3.2.16-201204231833.patch
+Patch: 4420_grsecurity-2.9-3.2.16-201204272005.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch b/3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch
similarity index 99%
rename from 3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch
rename to 3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch
index e77a05a..c60e3c1 100644
--- a/3.2.16/4420_grsecurity-2.9-3.2.16-201204231833.patch
+++ b/3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch
@@ -687,7 +687,7 @@ index fadd5f8..904e73a 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 86976d0..8e07f84 100644
+index 86976d0..c63ea6b 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -15,6 +15,10 @@
@@ -763,7 +763,7 @@ index 86976d0..8e07f84 100644
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
+" mov %0, %1\n"
-+"2: bkpt 0xf103\n"
++"2: bkpt 0xf103\n"
+"3:\n"
+#endif
+
@@ -86499,6 +86499,21 @@ index 0000000..b87ec9d
+
+ return 0;
+}
+diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
+index adb372d..e0a0970 100644
+--- a/tools/perf/util/hist.c
++++ b/tools/perf/util/hist.c
+@@ -237,8 +237,8 @@ struct hist_entry *__hists__add_entry(struct hists *hists,
+ * mis-adjust symbol addresses when computing
+ * the history counter to increment.
+ */
+- if (he->ms.map != entry->ms.map) {
+- he->ms.map = entry->ms.map;
++ if (he->ms.map != entry.ms.map) {
++ he->ms.map = entry.ms.map;
+ if (he->ms.map)
+ he->ms.map->referenced = true;
+ }
diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h
index 6789d78..4afd019 100644
--- a/tools/perf/util/include/asm/alternative-asm.h
diff --git a/3.3.3/0000_README b/3.3.4/0000_README
similarity index 97%
rename from 3.3.3/0000_README
rename to 3.3.4/0000_README
index b75ac47..e35a073 100644
--- a/3.3.3/0000_README
+++ b/3.3.4/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9-3.3.3-201204231833.patch
+Patch: 4420_grsecurity-2.9-3.3.4-201204272006.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch b/3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch
similarity index 99%
rename from 3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch
rename to 3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch
index 8309b6e..7c10a25 100644
--- a/3.3.3/4420_grsecurity-2.9-3.3.3-201204231833.patch
+++ b/3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch
@@ -195,7 +195,7 @@ index d99fd9c..8689fef 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 0acd141..865e73d 100644
+index 44ef766..dac9410 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -16999,10 +16999,18 @@ index 9c3bd4a..e1d9b35 100644
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
-index 739d859..d1d6be7 100644
+index 739d859..aab2a58 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
-@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
+@@ -154,6 +154,7 @@ int init_fpu(struct task_struct *tsk)
+ if (tsk_used_math(tsk)) {
+ if (HAVE_HWFP && tsk == current)
+ unlazy_fpu(tsk);
++ tsk->thread.fpu.last_cpu = ~0;
+ return 0;
+ }
+
+@@ -188,6 +189,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
@@ -17012,7 +17020,7 @@ index 739d859..d1d6be7 100644
void *kbuf, void __user *ubuf)
{
int ret;
-@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -207,6 +211,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
@@ -17022,7 +17030,7 @@ index 739d859..d1d6be7 100644
const void *kbuf, const void __user *ubuf)
{
int ret;
-@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
+@@ -240,6 +247,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
@@ -17032,7 +17040,7 @@ index 739d859..d1d6be7 100644
void *kbuf, void __user *ubuf)
{
int ret;
-@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -269,6 +279,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
@@ -17042,7 +17050,7 @@ index 739d859..d1d6be7 100644
const void *kbuf, const void __user *ubuf)
{
int ret;
-@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
+@@ -439,6 +452,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
int fpregs_get(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
@@ -17052,7 +17060,7 @@ index 739d859..d1d6be7 100644
void *kbuf, void __user *ubuf)
{
struct user_i387_ia32_struct env;
-@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
+@@ -471,6 +487,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
int fpregs_set(struct task_struct *target, const struct user_regset *regset,
unsigned int pos, unsigned int count,
@@ -17062,7 +17070,7 @@ index 739d859..d1d6be7 100644
const void *kbuf, const void __user *ubuf)
{
struct user_i387_ia32_struct env;
-@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
+@@ -619,6 +638,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
}
static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
@@ -33318,7 +33326,7 @@ index b89c548..2af3ce4 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 6acc846..80a6b96 100644
+index 58027d8..d9cddcd 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -35255,10 +35263,10 @@ index 58dc117..f140c77 100644
if ((num_pages != size) ||
(num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags))
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
-index 486b404..0d6677d 100644
+index 3ed983c..a1bb418 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
-@@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
struct ppp_stats stats;
struct ppp_comp_stats cstats;
@@ -35266,7 +35274,7 @@ index 486b404..0d6677d 100644
switch (cmd) {
case SIOCGPPPSTATS:
-@@ -1009,8 +1008,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -1008,8 +1007,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
break;
case SIOCGPPPVER:
@@ -47381,7 +47389,7 @@ index d355e6e..578d905 100644
enum ocfs2_local_alloc_state
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
-index ba5d97e..c77db25 100644
+index f169da4..9112253 100644
--- a/fs/ocfs2/suballoc.c
+++ b/fs/ocfs2/suballoc.c
@@ -872,7 +872,7 @@ static int ocfs2_reserve_suballoc_bits(struct ocfs2_super *osb,
@@ -49047,10 +49055,10 @@ index 4023d6b..ab46c6a 100644
if (op) {
diff --git a/fs/splice.c b/fs/splice.c
-index 1ec0493..d6ab5c2 100644
+index 96d7b28..fd465ac 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -193,7 +193,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
pipe_lock(pipe);
for (;;) {
@@ -49059,7 +49067,7 @@ index 1ec0493..d6ab5c2 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -247,9 +247,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -248,9 +248,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
do_wakeup = 0;
}
@@ -49071,7 +49079,7 @@ index 1ec0493..d6ab5c2 100644
}
pipe_unlock(pipe);
-@@ -559,7 +559,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
+@@ -560,7 +560,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -49080,7 +49088,7 @@ index 1ec0493..d6ab5c2 100644
set_fs(old_fs);
return res;
-@@ -574,7 +574,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
+@@ -575,7 +575,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -49089,7 +49097,7 @@ index 1ec0493..d6ab5c2 100644
set_fs(old_fs);
return res;
-@@ -625,7 +625,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
+@@ -626,7 +626,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
goto err;
this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
@@ -49098,7 +49106,7 @@ index 1ec0493..d6ab5c2 100644
vec[i].iov_len = this_len;
spd.pages[i] = page;
spd.nr_pages++;
-@@ -845,10 +845,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
+@@ -848,10 +848,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
{
while (!pipe->nrbufs) {
@@ -49111,7 +49119,7 @@ index 1ec0493..d6ab5c2 100644
return 0;
if (sd->flags & SPLICE_F_NONBLOCK)
-@@ -1181,7 +1181,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
+@@ -1184,7 +1184,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
* out of the pipe right after the splice_to_pipe(). So set
* PIPE_READERS appropriately.
*/
@@ -49120,7 +49128,7 @@ index 1ec0493..d6ab5c2 100644
current->splice_pipe = pipe;
}
-@@ -1733,9 +1733,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1736,9 +1736,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
@@ -49132,7 +49140,7 @@ index 1ec0493..d6ab5c2 100644
if (flags & SPLICE_F_NONBLOCK) {
ret = -EAGAIN;
break;
-@@ -1767,7 +1767,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1770,7 +1770,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
pipe_lock(pipe);
while (pipe->nrbufs >= pipe->buffers) {
@@ -49141,7 +49149,7 @@ index 1ec0493..d6ab5c2 100644
send_sig(SIGPIPE, current, 0);
ret = -EPIPE;
break;
-@@ -1780,9 +1780,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1783,9 +1783,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
@@ -49153,7 +49161,7 @@ index 1ec0493..d6ab5c2 100644
}
pipe_unlock(pipe);
-@@ -1818,14 +1818,14 @@ retry:
+@@ -1821,14 +1821,14 @@ retry:
pipe_double_lock(ipipe, opipe);
do {
@@ -49170,7 +49178,7 @@ index 1ec0493..d6ab5c2 100644
break;
/*
-@@ -1922,7 +1922,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1925,7 +1925,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
pipe_double_lock(ipipe, opipe);
do {
@@ -49179,7 +49187,7 @@ index 1ec0493..d6ab5c2 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -1967,7 +1967,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1970,7 +1970,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
* return EAGAIN if we have the potential of some data in the
* future, otherwise just return 0
*/
@@ -62201,7 +62209,7 @@ index 9c07dce..a92fa71 100644
if (atomic_sub_and_test((int) count, &kref->refcount)) {
release(kref);
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index 900c763..098aefa 100644
+index bc21720..098aefa 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
@@ -62249,27 +62257,7 @@ index 900c763..098aefa 100644
void kvm_arch_exit(void);
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
-@@ -593,6 +593,7 @@ void kvm_free_irq_source_id(struct kvm *kvm, int irq_source_id);
-
- #ifdef CONFIG_IOMMU_API
- int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
-+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
- int kvm_iommu_map_guest(struct kvm *kvm);
- int kvm_iommu_unmap_guest(struct kvm *kvm);
- int kvm_assign_device(struct kvm *kvm,
-@@ -606,6 +607,11 @@ static inline int kvm_iommu_map_pages(struct kvm *kvm,
- return 0;
- }
-
-+static inline void kvm_iommu_unmap_pages(struct kvm *kvm,
-+ struct kvm_memory_slot *slot)
-+{
-+}
-+
- static inline int kvm_iommu_map_guest(struct kvm *kvm)
- {
- return -ENODEV;
-@@ -721,7 +727,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
+@@ -727,7 +727,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
int kvm_set_irq_routing(struct kvm *kvm,
const struct kvm_irq_routing_entry *entries,
unsigned nr,
@@ -62735,7 +62723,7 @@ index ffc0213..2c1f2cb 100644
return nd->saved_names[nd->depth];
}
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 0eac07c..a59f6a8 100644
+index 4f3b01a..8256d1a 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1002,6 +1002,7 @@ struct net_device_ops {
@@ -63409,10 +63397,10 @@ index 92808b8..c28cac4 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index ae86ade..2b51468 100644
+index 42854ce..3b7d3c8 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -654,7 +654,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
+@@ -655,7 +655,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
*/
static inline int skb_queue_empty(const struct sk_buff_head *list)
{
@@ -63421,7 +63409,7 @@ index ae86ade..2b51468 100644
}
/**
-@@ -667,7 +667,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
+@@ -668,7 +668,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
static inline bool skb_queue_is_last(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -63430,7 +63418,7 @@ index ae86ade..2b51468 100644
}
/**
-@@ -680,7 +680,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
+@@ -681,7 +681,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
static inline bool skb_queue_is_first(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -63439,7 +63427,7 @@ index ae86ade..2b51468 100644
}
/**
-@@ -1545,7 +1545,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1558,7 +1558,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -74954,7 +74942,7 @@ index 68bbf9f..5ef0d12 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index a4bf943..9c83051 100644
+index 7f72c9c..e29943b 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name)
@@ -75035,7 +75023,7 @@ index a4bf943..9c83051 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -5890,7 +5894,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5858,7 +5862,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -75159,28 +75147,6 @@ index ff52ad0..aff1c0f 100644
i++, cmfptr++)
{
int new_fd;
-diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index da0c97f..8253632 100644
---- a/net/core/skbuff.c
-+++ b/net/core/skbuff.c
-@@ -3160,6 +3160,8 @@ static void sock_rmem_free(struct sk_buff *skb)
- */
- int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
- {
-+ int len = skb->len;
-+
- if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
- (unsigned)sk->sk_rcvbuf)
- return -ENOMEM;
-@@ -3174,7 +3176,7 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
-
- skb_queue_tail(&sk->sk_error_queue, skb);
- if (!sock_flag(sk, SOCK_DEAD))
-- sk->sk_data_ready(sk, skb->len);
-+ sk->sk_data_ready(sk, len);
- return 0;
- }
- EXPORT_SYMBOL(sock_queue_err_skb);
diff --git a/net/core/sock.c b/net/core/sock.c
index 02f8dfe..86dfd4a 100644
--- a/net/core/sock.c
@@ -76172,7 +76138,7 @@ index d02f7e4..2d2a0f1 100644
static int raw6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 3edd05a..63aad01 100644
+index a89ca8d..12e66b0 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
@@ -76186,7 +76152,7 @@ index 3edd05a..63aad01 100644
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -1650,6 +1654,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1654,6 +1658,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -76196,7 +76162,7 @@ index 3edd05a..63aad01 100644
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1729,12 +1736,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1733,12 +1740,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -76219,7 +76185,7 @@ index 3edd05a..63aad01 100644
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1782,6 +1797,10 @@ no_tcp_socket:
+@@ -1786,6 +1801,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -76230,7 +76196,7 @@ index 3edd05a..63aad01 100644
tcp_v6_send_reset(NULL, skb);
}
-@@ -2043,7 +2062,13 @@ static void get_openreq6(struct seq_file *seq,
+@@ -2047,7 +2066,13 @@ static void get_openreq6(struct seq_file *seq,
uid,
0, /* non standard timer */
0, /* open_requests have no inode */
@@ -76245,7 +76211,7 @@ index 3edd05a..63aad01 100644
}
static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
-@@ -2093,7 +2118,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
+@@ -2097,7 +2122,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
sock_i_uid(sp),
icsk->icsk_probes_out,
sock_i_ino(sp),
@@ -76259,7 +76225,7 @@ index 3edd05a..63aad01 100644
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
-@@ -2128,7 +2158,13 @@ static void get_timewait6_sock(struct seq_file *seq,
+@@ -2132,7 +2162,13 @@ static void get_timewait6_sock(struct seq_file *seq,
dest->s6_addr32[2], dest->s6_addr32[3], destp,
tw->tw_substate, 0, 0,
3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
@@ -76957,7 +76923,7 @@ index 4fe4fb4..87a89e5 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 629b061..8f415cc 100644
+index 467af9c..8f415cc 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk)
@@ -76969,64 +76935,7 @@ index 629b061..8f415cc 100644
}
static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
-@@ -829,12 +829,19 @@ int netlink_attachskb(struct sock *sk, struct sk_buff *skb,
- return 0;
- }
-
--int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
-+static int __netlink_sendskb(struct sock *sk, struct sk_buff *skb)
- {
- int len = skb->len;
-
- skb_queue_tail(&sk->sk_receive_queue, skb);
- sk->sk_data_ready(sk, len);
-+ return len;
-+}
-+
-+int netlink_sendskb(struct sock *sk, struct sk_buff *skb)
-+{
-+ int len = __netlink_sendskb(sk, skb);
-+
- sock_put(sk);
- return len;
- }
-@@ -957,8 +964,7 @@ static int netlink_broadcast_deliver(struct sock *sk, struct sk_buff *skb)
- if (atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf &&
- !test_bit(0, &nlk->state)) {
- skb_set_owner_r(skb, sk);
-- skb_queue_tail(&sk->sk_receive_queue, skb);
-- sk->sk_data_ready(sk, skb->len);
-+ __netlink_sendskb(sk, skb);
- return atomic_read(&sk->sk_rmem_alloc) > (sk->sk_rcvbuf >> 1);
- }
- return -1;
-@@ -1680,10 +1686,8 @@ static int netlink_dump(struct sock *sk)
-
- if (sk_filter(sk, skb))
- kfree_skb(skb);
-- else {
-- skb_queue_tail(&sk->sk_receive_queue, skb);
-- sk->sk_data_ready(sk, skb->len);
-- }
-+ else
-+ __netlink_sendskb(sk, skb);
- return 0;
- }
-
-@@ -1697,10 +1701,8 @@ static int netlink_dump(struct sock *sk)
-
- if (sk_filter(sk, skb))
- kfree_skb(skb);
-- else {
-- skb_queue_tail(&sk->sk_receive_queue, skb);
-- sk->sk_data_ready(sk, skb->len);
-- }
-+ else
-+ __netlink_sendskb(sk, skb);
-
- if (cb->done)
- cb->done(cb);
-@@ -1995,7 +1997,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -1997,7 +1997,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb,
atomic_read(&s->sk_refcnt),
@@ -77118,7 +77027,7 @@ index d65f699..05aa6ce 100644
err = proto_register(pp->prot, 1);
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
-index 9f60008..ae96f04 100644
+index 9726fe6..fc4e3a4 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
@@ -77596,10 +77505,10 @@ index 1e2eee8..ce3967e 100644
assoc->assoc_id,
assoc->sndbuf_used,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 408ebd0..202aa85 100644
+index d043722..6903416 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -4574,7 +4574,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4575,7 +4575,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;
@@ -77609,7 +77518,7 @@ index 408ebd0..202aa85 100644
to += addrlen;
cnt++;
diff --git a/net/socket.c b/net/socket.c
-index 28a96af..61a7a06 100644
+index 0de4131..7e7ddab 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -78452,7 +78361,7 @@ index 0000000..8729101
+#!/bin/sh
+echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index b89efe6..2c30808 100644
+index e047e17..ea646ec 100644
--- a/scripts/mod/file2alias.c
+++ b/scripts/mod/file2alias.c
@@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id,
@@ -86018,33 +85927,8 @@ index af0f22f..9a7d479 100644
} else
break;
}
-diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
-index a457d21..fec1723 100644
---- a/virt/kvm/iommu.c
-+++ b/virt/kvm/iommu.c
-@@ -310,6 +310,11 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
- }
- }
-
-+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
-+{
-+ kvm_iommu_put_pages(kvm, slot->base_gfn, slot->npages);
-+}
-+
- static int kvm_iommu_unmap_memslots(struct kvm *kvm)
- {
- int idx;
-@@ -320,7 +325,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
- slots = kvm_memslots(kvm);
-
- kvm_for_each_memslot(memslot, slots)
-- kvm_iommu_put_pages(kvm, memslot->base_gfn, memslot->npages);
-+ kvm_iommu_unmap_pages(kvm, memslot);
-
- srcu_read_unlock(&kvm->srcu, idx);
-
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index a91f980..527711d 100644
+index c4ac57e..527711d 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -75,7 +75,7 @@ LIST_HEAD(vm_list);
@@ -86056,23 +85940,7 @@ index a91f980..527711d 100644
struct kmem_cache *kvm_vcpu_cache;
EXPORT_SYMBOL_GPL(kvm_vcpu_cache);
-@@ -873,12 +873,13 @@ skip_lpage:
- if (r)
- goto out_free;
-
-- /* map the pages in iommu page table */
-+ /* map/unmap the pages in iommu page table */
- if (npages) {
- r = kvm_iommu_map_pages(kvm, &new);
- if (r)
- goto out_free;
-- }
-+ } else
-+ kvm_iommu_unmap_pages(kvm, &old);
-
- r = -ENOMEM;
- slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots),
-@@ -2312,7 +2313,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2313,7 +2313,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -86081,7 +85949,7 @@ index a91f980..527711d 100644
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2366,10 +2367,10 @@ static int hardware_enable_all(void)
+@@ -2367,10 +2367,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
@@ -86094,7 +85962,7 @@ index a91f980..527711d 100644
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -2732,7 +2733,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -2733,7 +2733,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
@@ -86103,7 +85971,7 @@ index a91f980..527711d 100644
struct module *module)
{
int r;
-@@ -2795,7 +2796,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2796,7 +2796,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
@@ -86112,7 +85980,7 @@ index a91f980..527711d 100644
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -2805,9 +2806,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2806,9 +2806,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
diff --git a/3.3.3/4430_grsec-remove-localversion-grsec.patch b/3.3.4/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.3.3/4430_grsec-remove-localversion-grsec.patch
rename to 3.3.4/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.3.3/4435_grsec-mute-warnings.patch b/3.3.4/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.3.3/4435_grsec-mute-warnings.patch
rename to 3.3.4/4435_grsec-mute-warnings.patch
diff --git a/3.3.3/4440_grsec-remove-protected-paths.patch b/3.3.4/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.3.3/4440_grsec-remove-protected-paths.patch
rename to 3.3.4/4440_grsec-remove-protected-paths.patch
diff --git a/3.3.3/4445_grsec-pax-without-grsec.patch b/3.3.4/4445_grsec-pax-without-grsec.patch
similarity index 100%
rename from 3.3.3/4445_grsec-pax-without-grsec.patch
rename to 3.3.4/4445_grsec-pax-without-grsec.patch
diff --git a/3.3.3/4450_grsec-kconfig-default-gids.patch b/3.3.4/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.3.3/4450_grsec-kconfig-default-gids.patch
rename to 3.3.4/4450_grsec-kconfig-default-gids.patch
diff --git a/3.3.3/4455_grsec-kconfig-gentoo.patch b/3.3.4/4455_grsec-kconfig-gentoo.patch
similarity index 100%
rename from 3.3.3/4455_grsec-kconfig-gentoo.patch
rename to 3.3.4/4455_grsec-kconfig-gentoo.patch
diff --git a/3.3.3/4460-grsec-kconfig-proc-user.patch b/3.3.4/4460-grsec-kconfig-proc-user.patch
similarity index 100%
rename from 3.3.3/4460-grsec-kconfig-proc-user.patch
rename to 3.3.4/4460-grsec-kconfig-proc-user.patch
diff --git a/3.3.3/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.4/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.3.3/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.3.4/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.3.3/4470_disable-compat_vdso.patch b/3.3.4/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.3.3/4470_disable-compat_vdso.patch
rename to 3.3.4/4470_disable-compat_vdso.patch
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-05-01 0:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-01 0:15 [gentoo-commits] proj/hardened-patchset:master commit in: 3.3.4/, 2.6.32/, 3.3.3/, 3.2.16/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox