* [gentoo-commits] proj/hardened-patchset:master commit in: 3.7.1/, 3.7.0/
@ 2012-12-26 16:12 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2012-12-26 16:12 UTC (permalink / raw
To: gentoo-commits
commit: d92b42aa041e4af32620d59d11a277a259ca74fd
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 26 16:12:15 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Dec 26 16:12:15 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=d92b42aa
Grsec/PaX: 2.9.1-3.7.1-201212171734
---
{3.7.0 => 3.7.1}/0000_README | 2 +-
.../4420_grsecurity-2.9.1-3.7.1-201212171734.patch | 133 ++++++++++----------
3.7.1/4425_grsec_remove_EI_PAX.patch | 19 +++
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.7.0 => 3.7.1}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.7.0 => 3.7.1}/4470_disable-compat_vdso.patch | 0
9 files changed, 87 insertions(+), 67 deletions(-)
diff --git a/3.7.0/0000_README b/3.7.1/0000_README
similarity index 96%
rename from 3.7.0/0000_README
rename to 3.7.1/0000_README
index c9d0060..84caa16 100644
--- a/3.7.0/0000_README
+++ b/3.7.1/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9.1-3.7.0-201212151422.patch
+Patch: 4420_grsecurity-2.9.1-3.7.1-201212171734.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.7.0/4420_grsecurity-2.9.1-3.7.0-201212151422.patch b/3.7.1/4420_grsecurity-2.9.1-3.7.1-201212171734.patch
similarity index 99%
rename from 3.7.0/4420_grsecurity-2.9.1-3.7.0-201212151422.patch
rename to 3.7.1/4420_grsecurity-2.9.1-3.7.1-201212171734.patch
index aaefb83..18a4557 100644
--- a/3.7.0/4420_grsecurity-2.9.1-3.7.0-201212151422.patch
+++ b/3.7.1/4420_grsecurity-2.9.1-3.7.1-201212171734.patch
@@ -251,7 +251,7 @@ index 9776f06..18b1856 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 540f7b2..c823fc5 100644
+index fbf84a4..339f6de 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -20650,7 +20650,7 @@ index d017df3..61ae42e 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index f858159..491d386 100644
+index f858159..4ab7dba 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1332,7 +1332,11 @@ static void reload_tss(void)
@@ -20701,15 +20701,16 @@ index f858159..491d386 100644
vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
#ifdef CONFIG_X86_64
-@@ -3734,6 +3748,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3733,7 +3747,7 @@ static void vmx_set_constant_host_state(void)
+ native_store_idt(&dt);
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
- vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */
+- vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */
+ vmcs_writel(HOST_RIP, ktla_ktva(vmx_return)); /* 22.2.5 */
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6279,6 +6294,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6279,6 +6293,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -20722,7 +20723,7 @@ index f858159..491d386 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -6331,6 +6352,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6331,6 +6351,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -20734,7 +20735,7 @@ index f858159..491d386 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -6344,7 +6370,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6344,7 +6369,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -20743,7 +20744,7 @@ index f858159..491d386 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -6353,8 +6379,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6353,8 +6378,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -51614,7 +51615,7 @@ index 0000000..1b9afa9
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..4428c82
+index 0000000..b1810d9
--- /dev/null
+++ b/grsecurity/gracl.c
@@ -0,0 +1,4056 @@
@@ -52007,7 +52008,7 @@ index 0000000..4428c82
+struct acl_subject_label *
+lookup_subject_map(const struct acl_subject_label *userp)
+{
-+ unsigned int index = shash(userp, subj_map_set.s_size);
++ unsigned int index = gr_shash(userp, subj_map_set.s_size);
+ struct subject_map *match;
+
+ match = subj_map_set.s_hash[index];
@@ -52024,7 +52025,7 @@ index 0000000..4428c82
+static void
+insert_subj_map_entry(struct subject_map *subjmap)
+{
-+ unsigned int index = shash(subjmap->user, subj_map_set.s_size);
++ unsigned int index = gr_shash(subjmap->user, subj_map_set.s_size);
+ struct subject_map **curr;
+
+ subjmap->prev = NULL;
@@ -52043,7 +52044,7 @@ index 0000000..4428c82
+lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
+ const gid_t gid)
+{
-+ unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
++ unsigned int index = gr_rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
+ struct acl_role_label *match;
+ struct role_allowed_ip *ipp;
+ unsigned int x;
@@ -52066,7 +52067,7 @@ index 0000000..4428c82
+found:
+ if (match == NULL) {
+ try_group:
-+ index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
++ index = gr_rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
+ match = acl_role_set.r_hash[index];
+
+ while (match) {
@@ -52112,7 +52113,7 @@ index 0000000..4428c82
+lookup_acl_subj_label(const ino_t ino, const dev_t dev,
+ const struct acl_role_label *role)
+{
-+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
++ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
+ struct acl_subject_label *match;
+
+ match = role->subj_hash[index];
@@ -52132,7 +52133,7 @@ index 0000000..4428c82
+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
+ const struct acl_role_label *role)
+{
-+ unsigned int index = fhash(ino, dev, role->subj_hash_size);
++ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size);
+ struct acl_subject_label *match;
+
+ match = role->subj_hash[index];
@@ -52152,7 +52153,7 @@ index 0000000..4428c82
+lookup_acl_obj_label(const ino_t ino, const dev_t dev,
+ const struct acl_subject_label *subj)
+{
-+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
++ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
+ struct acl_object_label *match;
+
+ match = subj->obj_hash[index];
@@ -52172,7 +52173,7 @@ index 0000000..4428c82
+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
+ const struct acl_subject_label *subj)
+{
-+ unsigned int index = fhash(ino, dev, subj->obj_hash_size);
++ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size);
+ struct acl_object_label *match;
+
+ match = subj->obj_hash[index];
@@ -52246,7 +52247,7 @@ index 0000000..4428c82
+static struct inodev_entry *
+lookup_inodev_entry(const ino_t ino, const dev_t dev)
+{
-+ unsigned int index = fhash(ino, dev, inodev_set.i_size);
++ unsigned int index = gr_fhash(ino, dev, inodev_set.i_size);
+ struct inodev_entry *match;
+
+ match = inodev_set.i_hash[index];
@@ -52260,7 +52261,7 @@ index 0000000..4428c82
+static void
+insert_inodev_entry(struct inodev_entry *entry)
+{
-+ unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
++ unsigned int index = gr_fhash(entry->nentry->inode, entry->nentry->device,
+ inodev_set.i_size);
+ struct inodev_entry **curr;
+
@@ -52280,7 +52281,7 @@ index 0000000..4428c82
+__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
+{
+ unsigned int index =
-+ rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
++ gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
+ struct acl_role_label **curr;
+ struct acl_role_label *tmp, *tmp2;
+
@@ -52413,7 +52414,7 @@ index 0000000..4428c82
+ struct acl_subject_label *subj)
+{
+ unsigned int index =
-+ fhash(obj->inode, obj->device, subj->obj_hash_size);
++ gr_fhash(obj->inode, obj->device, subj->obj_hash_size);
+ struct acl_object_label **curr;
+
+
@@ -52433,7 +52434,7 @@ index 0000000..4428c82
+insert_acl_subj_label(struct acl_subject_label *obj,
+ struct acl_role_label *role)
+{
-+ unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
++ unsigned int index = gr_fhash(obj->inode, obj->device, role->subj_hash_size);
+ struct acl_subject_label **curr;
+
+ obj->prev = NULL;
@@ -54297,7 +54298,7 @@ index 0000000..4428c82
+ const ino_t newinode, const dev_t newdevice,
+ struct acl_subject_label *subj)
+{
-+ unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
++ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size);
+ struct acl_object_label *match;
+
+ match = subj->obj_hash[index];
@@ -54336,7 +54337,7 @@ index 0000000..4428c82
+ const ino_t newinode, const dev_t newdevice,
+ struct acl_role_label *role)
+{
-+ unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
++ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size);
+ struct acl_subject_label *match;
+
+ match = role->subj_hash[index];
@@ -54374,7 +54375,7 @@ index 0000000..4428c82
+update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
+ const ino_t newinode, const dev_t newdevice)
+{
-+ unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
++ unsigned int index = gr_fhash(oldinode, olddevice, inodev_set.i_size);
+ struct inodev_entry *match;
+
+ match = inodev_set.i_hash[index];
@@ -61755,7 +61756,7 @@ index d0a7967..63c4c47 100644
{
diff --git a/include/linux/gracl.h b/include/linux/gracl.h
new file mode 100644
-index 0000000..c938b1f
+index 0000000..ebe6d72
--- /dev/null
+++ b/include/linux/gracl.h
@@ -0,0 +1,319 @@
@@ -62019,25 +62020,25 @@ index 0000000..c938b1f
+ Shift/add algorithm with modulus of table size and an XOR*/
+
+static __inline__ unsigned int
-+rhash(const uid_t uid, const __u16 type, const unsigned int sz)
++gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
+{
+ return ((((uid + type) << (16 + type)) ^ uid) % sz);
+}
+
+ static __inline__ unsigned int
-+shash(const struct acl_subject_label *userp, const unsigned int sz)
++gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
+{
+ return ((const unsigned long)userp % sz);
+}
+
+static __inline__ unsigned int
-+fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
++gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
+{
+ return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
+}
+
+static __inline__ unsigned int
-+nhash(const char *name, const __u16 len, const unsigned int sz)
++gr_nhash(const char *name, const __u16 len, const unsigned int sz)
+{
+ return full_name_hash((const unsigned char *)name, len) % sz;
+}
@@ -69684,7 +69685,7 @@ index aaa7b9f..055ff1e 100644
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index 74df86b..e0702bb 100644
+index 2682295..0f2297e 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
@@ -348,9 +348,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
@@ -69791,7 +69792,7 @@ index 74df86b..e0702bb 100644
}
/*
-@@ -1830,7 +1830,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
+@@ -1831,7 +1831,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
}
smp_mb(); /* List handling before counting for rcu_barrier(). */
rdp->qlen_lazy -= count_lazy;
@@ -69800,7 +69801,7 @@ index 74df86b..e0702bb 100644
rdp->n_cbs_invoked += count;
/* Reinstate batch limit if we have worked down the excess. */
-@@ -2023,7 +2023,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
+@@ -2024,7 +2024,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
/*
* Do RCU core processing for the current CPU.
*/
@@ -69809,7 +69810,7 @@ index 74df86b..e0702bb 100644
{
struct rcu_state *rsp;
-@@ -2135,7 +2135,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
+@@ -2136,7 +2136,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
local_irq_restore(flags);
return;
}
@@ -69818,7 +69819,7 @@ index 74df86b..e0702bb 100644
if (lazy)
rdp->qlen_lazy++;
else
-@@ -2249,8 +2249,8 @@ void synchronize_rcu_bh(void)
+@@ -2250,8 +2250,8 @@ void synchronize_rcu_bh(void)
}
EXPORT_SYMBOL_GPL(synchronize_rcu_bh);
@@ -69829,7 +69830,7 @@ index 74df86b..e0702bb 100644
static int synchronize_sched_expedited_cpu_stop(void *data)
{
-@@ -2311,7 +2311,7 @@ void synchronize_sched_expedited(void)
+@@ -2312,7 +2312,7 @@ void synchronize_sched_expedited(void)
int firstsnap, s, snap, trycount = 0;
/* Note that atomic_inc_return() implies full memory barrier. */
@@ -69838,7 +69839,7 @@ index 74df86b..e0702bb 100644
get_online_cpus();
WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id()));
-@@ -2333,7 +2333,7 @@ void synchronize_sched_expedited(void)
+@@ -2334,7 +2334,7 @@ void synchronize_sched_expedited(void)
}
/* Check to see if someone else did our work for us. */
@@ -69847,7 +69848,7 @@ index 74df86b..e0702bb 100644
if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) {
smp_mb(); /* ensure test happens before caller kfree */
return;
-@@ -2348,7 +2348,7 @@ void synchronize_sched_expedited(void)
+@@ -2349,7 +2349,7 @@ void synchronize_sched_expedited(void)
* grace period works for us.
*/
get_online_cpus();
@@ -69856,7 +69857,7 @@ index 74df86b..e0702bb 100644
smp_mb(); /* ensure read is before try_stop_cpus(). */
}
-@@ -2359,12 +2359,12 @@ void synchronize_sched_expedited(void)
+@@ -2360,12 +2360,12 @@ void synchronize_sched_expedited(void)
* than we did beat us to the punch.
*/
do {
@@ -69871,7 +69872,7 @@ index 74df86b..e0702bb 100644
put_online_cpus();
}
-@@ -2538,7 +2538,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2539,7 +2539,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
* ACCESS_ONCE() to prevent the compiler from speculating
* the increment to precede the early-exit check.
*/
@@ -69880,7 +69881,7 @@ index 74df86b..e0702bb 100644
WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1);
_rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done);
smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */
-@@ -2580,7 +2580,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2581,7 +2581,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
/* Increment ->n_barrier_done to prevent duplicate work. */
smp_mb(); /* Keep increment after above mechanism. */
@@ -69889,7 +69890,7 @@ index 74df86b..e0702bb 100644
WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0);
_rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done);
smp_mb(); /* Keep increment before caller's subsequent code. */
-@@ -2625,10 +2625,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
+@@ -2626,10 +2626,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo);
init_callback_list(rdp);
rdp->qlen_lazy = 0;
@@ -69902,7 +69903,7 @@ index 74df86b..e0702bb 100644
#ifdef CONFIG_RCU_USER_QS
WARN_ON_ONCE(rdp->dynticks->in_user);
#endif
-@@ -2663,8 +2663,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
+@@ -2664,8 +2664,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
rdp->blimit = blimit;
init_callback_list(rdp); /* Re-enable callbacks on this CPU. */
rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE;
@@ -71034,7 +71035,7 @@ index c0bd030..62a1927 100644
ret = -EIO;
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 9dcf15d..9bab704 100644
+index 51b7159..7f83cf8 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
@@ -71078,7 +71079,7 @@ index 9dcf15d..9bab704 100644
start_pg = ftrace_allocate_pages(count);
if (!start_pg)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index b979426..c54ff13 100644
+index 4cb5e51..e7e05d9 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -346,9 +346,9 @@ struct buffer_data_page {
@@ -71150,7 +71151,7 @@ index b979426..c54ff13 100644
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
}
-@@ -1903,7 +1903,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1905,7 +1905,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
* it is our responsibility to update
* the counters.
*/
@@ -71159,7 +71160,7 @@ index b979426..c54ff13 100644
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
/*
-@@ -2053,7 +2053,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2055,7 +2055,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
if (tail == BUF_PAGE_SIZE)
tail_page->real_end = 0;
@@ -71168,7 +71169,7 @@ index b979426..c54ff13 100644
return;
}
-@@ -2088,7 +2088,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2090,7 +2090,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
rb_event_set_padding(event);
/* Set the write back to the previous setting */
@@ -71177,7 +71178,7 @@ index b979426..c54ff13 100644
return;
}
-@@ -2100,7 +2100,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2102,7 +2102,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
/* Set write to end of buffer */
length = (tail + length) - BUF_PAGE_SIZE;
@@ -71186,7 +71187,7 @@ index b979426..c54ff13 100644
}
/*
-@@ -2126,7 +2126,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2128,7 +2128,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
* about it.
*/
if (unlikely(next_page == commit_page)) {
@@ -71195,7 +71196,7 @@ index b979426..c54ff13 100644
goto out_reset;
}
-@@ -2180,7 +2180,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2182,7 +2182,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
cpu_buffer->tail_page) &&
(cpu_buffer->commit_page ==
cpu_buffer->reader_page))) {
@@ -71204,7 +71205,7 @@ index b979426..c54ff13 100644
goto out_reset;
}
}
-@@ -2228,7 +2228,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2230,7 +2230,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
length += RB_LEN_TIME_EXTEND;
tail_page = cpu_buffer->tail_page;
@@ -71213,7 +71214,7 @@ index b979426..c54ff13 100644
/* set write to only the index of the write */
write &= RB_WRITE_MASK;
-@@ -2245,7 +2245,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2247,7 +2247,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
kmemcheck_annotate_bitfield(event, bitfield);
rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
@@ -71222,7 +71223,7 @@ index b979426..c54ff13 100644
/*
* If this is the first commit on the page, then update
-@@ -2278,7 +2278,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2280,7 +2280,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
unsigned long write_mask =
@@ -71231,7 +71232,7 @@ index b979426..c54ff13 100644
unsigned long event_length = rb_event_length(event);
/*
* This is on the tail page. It is possible that
-@@ -2288,7 +2288,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2290,7 +2290,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
*/
old_index += write_mask;
new_index += write_mask;
@@ -71240,7 +71241,7 @@ index b979426..c54ff13 100644
if (index == old_index) {
/* update counters */
local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2627,7 +2627,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2629,7 +2629,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
/* Do the likely case first */
if (likely(bpage->page == (void *)addr)) {
@@ -71249,7 +71250,7 @@ index b979426..c54ff13 100644
return;
}
-@@ -2639,7 +2639,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2641,7 +2641,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
start = bpage;
do {
if (bpage->page == (void *)addr) {
@@ -71258,7 +71259,7 @@ index b979426..c54ff13 100644
return;
}
rb_inc_page(cpu_buffer, &bpage);
-@@ -2921,7 +2921,7 @@ static inline unsigned long
+@@ -2923,7 +2923,7 @@ static inline unsigned long
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
{
return local_read(&cpu_buffer->entries) -
@@ -71267,7 +71268,7 @@ index b979426..c54ff13 100644
}
/**
-@@ -3008,7 +3008,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3011,7 +3011,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -71276,7 +71277,7 @@ index b979426..c54ff13 100644
return ret;
}
-@@ -3029,7 +3029,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3032,7 +3032,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -71285,7 +71286,7 @@ index b979426..c54ff13 100644
return ret;
}
-@@ -3074,7 +3074,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3077,7 +3077,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
/* if you care about this being correct, lock the buffer */
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
@@ -71294,7 +71295,7 @@ index b979426..c54ff13 100644
}
return overruns;
-@@ -3250,8 +3250,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3253,8 +3253,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
/*
* Reset the reader page to size zero.
*/
@@ -71305,7 +71306,7 @@ index b979426..c54ff13 100644
local_set(&cpu_buffer->reader_page->page->commit, 0);
cpu_buffer->reader_page->real_end = 0;
-@@ -3283,7 +3283,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3288,7 +3288,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
* want to compare with the last_overrun.
*/
smp_mb();
@@ -71314,7 +71315,7 @@ index b979426..c54ff13 100644
/*
* Here's the tricky part.
-@@ -3848,8 +3848,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3858,8 +3858,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
cpu_buffer->head_page
= list_entry(cpu_buffer->pages, struct buffer_page, list);
@@ -71325,7 +71326,7 @@ index b979426..c54ff13 100644
local_set(&cpu_buffer->head_page->page->commit, 0);
cpu_buffer->head_page->read = 0;
-@@ -3859,14 +3859,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3869,14 +3869,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
INIT_LIST_HEAD(&cpu_buffer->new_pages);
@@ -71344,7 +71345,7 @@ index b979426..c54ff13 100644
local_set(&cpu_buffer->entries, 0);
local_set(&cpu_buffer->committing, 0);
local_set(&cpu_buffer->commits, 0);
-@@ -4269,8 +4269,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4279,8 +4279,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
rb_init_page(bpage);
bpage = reader->page;
reader->page = *data_page;
diff --git a/3.7.1/4425_grsec_remove_EI_PAX.patch b/3.7.1/4425_grsec_remove_EI_PAX.patch
new file mode 100644
index 0000000..97e6951
--- /dev/null
+++ b/3.7.1/4425_grsec_remove_EI_PAX.patch
@@ -0,0 +1,19 @@
+From: Anthony G. Basile <blueness@gentoo.org>
+
+Deprecate EI_PAX.
+
+X-Gentoo-Bug: 445600
+X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
+
+diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
+--- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500
++++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500
+@@ -263,7 +263,7 @@
+
+ config PAX_EI_PAX
+ bool 'Use legacy ELF header marking'
+- default y if GRKERNSEC_CONFIG_AUTO
++ depends on BROKEN
+ help
+ Enabling this option will allow you to control PaX features on
+ a per executable basis via the 'chpax' utility available at
diff --git a/3.7.0/4430_grsec-remove-localversion-grsec.patch b/3.7.1/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.7.0/4430_grsec-remove-localversion-grsec.patch
rename to 3.7.1/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.7.0/4435_grsec-mute-warnings.patch b/3.7.1/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.7.0/4435_grsec-mute-warnings.patch
rename to 3.7.1/4435_grsec-mute-warnings.patch
diff --git a/3.7.0/4440_grsec-remove-protected-paths.patch b/3.7.1/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.7.0/4440_grsec-remove-protected-paths.patch
rename to 3.7.1/4440_grsec-remove-protected-paths.patch
diff --git a/3.7.0/4450_grsec-kconfig-default-gids.patch b/3.7.1/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.7.0/4450_grsec-kconfig-default-gids.patch
rename to 3.7.1/4450_grsec-kconfig-default-gids.patch
diff --git a/3.7.0/4465_selinux-avc_audit-log-curr_ip.patch b/3.7.1/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.7.0/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.7.1/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.7.0/4470_disable-compat_vdso.patch b/3.7.1/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.7.0/4470_disable-compat_vdso.patch
rename to 3.7.1/4470_disable-compat_vdso.patch
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-12-26 16:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-26 16:12 [gentoo-commits] proj/hardened-patchset:master commit in: 3.7.1/, 3.7.0/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox