* [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.11/, 3.14.10/, 3.15.4/, 3.2.60/, 3.15.3/
@ 2014-07-08 20:14 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2014-07-08 20:14 UTC (permalink / raw
To: gentoo-commits
commit: 94139e45a98575a57447fac3045d8f74b6108422
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 8 20:15:22 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jul 8 20:15:22 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=94139e45
Grsec/PaX: 3.0-{3.2.60,3.14.11,3.15.4}-201407072046
---
{3.14.10 => 3.14.11}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.14.11-201407072045.patch | 178 +++++++-----------
.../4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
.../4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
.../4470_disable-compat_vdso.patch | 0
.../4475_emutramp_default_on.patch | 0
{3.15.3 => 3.15.4}/0000_README | 0
.../4420_grsecurity-3.0-3.15.4-201407072046.patch | 207 +++++++++------------
{3.15.3 => 3.15.4}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.15.3 => 3.15.4}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.15.3 => 3.15.4}/4470_disable-compat_vdso.patch | 0
{3.15.3 => 3.15.4}/4475_emutramp_default_on.patch | 0
3.2.60/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.60-201407072042.patch} | 51 +++--
24 files changed, 197 insertions(+), 243 deletions(-)
diff --git a/3.14.10/0000_README b/3.14.11/0000_README
similarity index 96%
rename from 3.14.10/0000_README
rename to 3.14.11/0000_README
index 7edf2bb..4a9468b 100644
--- a/3.14.10/0000_README
+++ b/3.14.11/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.10-201407052031.patch
+Patch: 4420_grsecurity-3.0-3.14.11-201407072045.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch b/3.14.11/4420_grsecurity-3.0-3.14.11-201407072045.patch
similarity index 99%
rename from 3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
rename to 3.14.11/4420_grsecurity-3.0-3.14.11-201407072045.patch
index 5cd674b..a883f75 100644
--- a/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
+++ b/3.14.11/4420_grsecurity-3.0-3.14.11-201407072045.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index bd5d673..00eaa40 100644
+index f1bbec5..d78810b 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -16136,7 +16136,7 @@ index 69bbb48..32517fe 100644
#define smp_load_acquire(p) \
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
-index 9fc1af7..fc71228 100644
+index 9fc1af7..776d75a 100644
--- a/arch/x86/include/asm/bitops.h
+++ b/arch/x86/include/asm/bitops.h
@@ -49,7 +49,7 @@
@@ -16216,7 +16216,7 @@ index 9fc1af7..fc71228 100644
*/
#ifdef CONFIG_X86_64
-static __always_inline int fls64(__u64 x)
-+static __always_inline long fls64(__u64 x)
++static __always_inline __intentional_overflow(-1) int fls64(__u64 x)
{
int bitpos = -1;
/*
@@ -18734,7 +18734,7 @@ index fdedd38..95c02c2 100644
void df_debug(struct pt_regs *regs, long error_code);
#endif /* _ASM_X86_PROCESSOR_H */
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
-index 14fd6fd..b31a4a4 100644
+index 6205f0c..b31a4a4 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
@@ -18807,29 +18807,6 @@ index 14fd6fd..b31a4a4 100644
#endif
return *(unsigned long *)((unsigned long)regs + offset);
}
-@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs,
-
- #define ARCH_HAS_USER_SINGLE_STEP_INFO
-
-+/*
-+ * When hitting ptrace_stop(), we cannot return using SYSRET because
-+ * that does not restore the full CPU state, only a minimal set. The
-+ * ptracer can change arbitrary register values, which is usually okay
-+ * because the usual ptrace stops run off the signal delivery path which
-+ * forces IRET; however, ptrace_event() stops happen in arbitrary places
-+ * in the kernel and don't force IRET path.
-+ *
-+ * So force IRET path after a ptrace stop.
-+ */
-+#define arch_ptrace_stop_needed(code, info) \
-+({ \
-+ set_thread_flag(TIF_NOTIFY_RESUME); \
-+ false; \
-+})
-+
- struct user_desc;
- extern int do_get_thread_area(struct task_struct *p, int idx,
- struct user_desc __user *info);
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 9c6b890..5305f53 100644
--- a/arch/x86/include/asm/realmode.h
@@ -26887,7 +26864,7 @@ index 9c0280f..5bbb1c0 100644
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 7461f50..1334029 100644
+index 7461f50..01d0b9c 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
@@ -26909,7 +26886,28 @@ index 7461f50..1334029 100644
return (unsigned long)regs;
}
-@@ -588,7 +587,7 @@ static void ptrace_triggered(struct perf_event *bp,
+@@ -452,6 +451,20 @@ static int putreg(struct task_struct *child,
+ if (child->thread.gs != value)
+ return do_arch_prctl(child, ARCH_SET_GS, value);
+ return 0;
++
++ case offsetof(struct user_regs_struct,ip):
++ /*
++ * Protect against any attempt to set ip to an
++ * impossible address. There are dragons lurking if the
++ * address is noncanonical. (This explicitly allows
++ * setting ip to TASK_SIZE_MAX, because user code can do
++ * that all by itself by running off the end of its
++ * address space.
++ */
++ if (value > TASK_SIZE_MAX)
++ return -EIO;
++ break;
++
+ #endif
+ }
+
+@@ -588,7 +601,7 @@ static void ptrace_triggered(struct perf_event *bp,
static unsigned long ptrace_get_dr7(struct perf_event *bp[])
{
int i;
@@ -26918,7 +26916,7 @@ index 7461f50..1334029 100644
struct arch_hw_breakpoint *info;
for (i = 0; i < HBP_NUM; i++) {
-@@ -822,7 +821,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -822,7 +835,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
@@ -26927,7 +26925,7 @@ index 7461f50..1334029 100644
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -907,14 +906,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -907,14 +920,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
@@ -26944,7 +26942,7 @@ index 7461f50..1334029 100644
break;
#endif
-@@ -1292,7 +1291,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
+@@ -1292,7 +1305,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
#ifdef CONFIG_X86_64
@@ -26953,7 +26951,7 @@ index 7461f50..1334029 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct) / sizeof(long),
-@@ -1333,7 +1332,7 @@ static const struct user_regset_view user_x86_64_view = {
+@@ -1333,7 +1346,7 @@ static const struct user_regset_view user_x86_64_view = {
#endif /* CONFIG_X86_64 */
#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
@@ -26962,7 +26960,7 @@ index 7461f50..1334029 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct32) / sizeof(u32),
-@@ -1386,7 +1385,7 @@ static const struct user_regset_view user_x86_32_view = {
+@@ -1386,7 +1399,7 @@ static const struct user_regset_view user_x86_32_view = {
*/
u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
@@ -26971,7 +26969,7 @@ index 7461f50..1334029 100644
{
#ifdef CONFIG_X86_64
x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
-@@ -1421,7 +1420,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+@@ -1421,7 +1434,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
@@ -26980,7 +26978,7 @@ index 7461f50..1334029 100644
}
void user_single_step_siginfo(struct task_struct *tsk,
-@@ -1450,6 +1449,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+@@ -1450,6 +1463,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
# define IS_IA32 0
#endif
@@ -26991,7 +26989,7 @@ index 7461f50..1334029 100644
/*
* We must return the syscall number to actually look up in the table.
* This can be -1L to skip running any syscall at all.
-@@ -1460,6 +1463,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1460,6 +1477,11 @@ long syscall_trace_enter(struct pt_regs *regs)
user_exit();
@@ -27003,7 +27001,7 @@ index 7461f50..1334029 100644
/*
* If we stepped into a sysenter/syscall insn, it trapped in
* kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
-@@ -1515,6 +1523,11 @@ void syscall_trace_leave(struct pt_regs *regs)
+@@ -1515,6 +1537,11 @@ void syscall_trace_leave(struct pt_regs *regs)
*/
user_exit();
@@ -47099,6 +47097,19 @@ index a2515887..6d13233 100644
dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
/* we will have to manufacture ethernet headers, prepare template */
+diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
+index 841b608..198a8b7 100644
+--- a/drivers/net/virtio_net.c
++++ b/drivers/net/virtio_net.c
+@@ -47,7 +47,7 @@ module_param(gso, bool, 0444);
+ #define RECEIVE_AVG_WEIGHT 64
+
+ /* Minimum alignment for mergeable packet buffers. */
+-#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256)
++#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256UL)
+
+ #define VIRTNET_DRIVER_VERSION "1.0.0"
+
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 40ad25d..8703023 100644
--- a/drivers/net/vxlan.c
@@ -50909,10 +50920,10 @@ index 24884ca..26c8220 100644
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 26416c1..e796a3d 100644
+index 6ea95d2..88607b4 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
-@@ -1524,7 +1524,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1525,7 +1525,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->se_tmr_lock);
spin_lock_init(&dev->qf_cmd_lock);
sema_init(&dev->caw_sem, 1);
@@ -62806,7 +62817,7 @@ index f4ccfe6..a5cf064 100644
static struct callback_op callback_ops[];
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 360114a..ac6e265 100644
+index 15f9d98..082c625 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1189,16 +1189,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
@@ -62843,7 +62854,7 @@ index 9a914e8..e89c0ea 100644
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index 16e8fa7..b0803f6 100644
+index bc11bf6..324b058 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1531,7 +1531,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
@@ -82100,20 +82111,6 @@ index 34a1e10..70f6bde 100644
struct proc_ns {
void *ns;
-diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
-index 077904c..cc79eff 100644
---- a/include/linux/ptrace.h
-+++ b/include/linux/ptrace.h
-@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk,
- * calling arch_ptrace_stop() when it would be superfluous. For example,
- * if the thread has not been back to user mode since the last stop, the
- * thread state might indicate that nothing needs to be done.
-+ *
-+ * This is guaranteed to be invoked once before a task stops for ptrace and
-+ * may include arch-specific operations necessary prior to a ptrace stop.
- */
- #define arch_ptrace_stop_needed(code, info) (0)
- #endif
diff --git a/include/linux/quota.h b/include/linux/quota.h
index cc7494a..1e27036 100644
--- a/include/linux/quota.h
@@ -86755,7 +86752,7 @@ index 81b3d67..ef189a4 100644
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 45da005c..6581b2b 100644
+index c44bff8..a3c5876 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -180,6 +180,48 @@ void thread_info_cache_init(void)
@@ -87137,7 +87134,7 @@ index 45da005c..6581b2b 100644
if (likely(p->pid)) {
ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
-@@ -1537,6 +1647,8 @@ bad_fork_cleanup_count:
+@@ -1539,6 +1649,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -87146,7 +87143,7 @@ index 45da005c..6581b2b 100644
return ERR_PTR(retval);
}
-@@ -1598,6 +1710,7 @@ long do_fork(unsigned long clone_flags,
+@@ -1600,6 +1712,7 @@ long do_fork(unsigned long clone_flags,
p = copy_process(clone_flags, stack_start, stack_size,
child_tidptr, NULL, trace);
@@ -87154,7 +87151,7 @@ index 45da005c..6581b2b 100644
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
-@@ -1614,6 +1727,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1616,6 +1729,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -87163,7 +87160,7 @@ index 45da005c..6581b2b 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1732,7 +1847,7 @@ void __init proc_caches_init(void)
+@@ -1734,7 +1849,7 @@ void __init proc_caches_init(void)
mm_cachep = kmem_cache_create("mm_struct",
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
@@ -87172,7 +87169,7 @@ index 45da005c..6581b2b 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1772,7 +1887,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1774,7 +1889,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -87181,7 +87178,7 @@ index 45da005c..6581b2b 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1879,7 +1994,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1881,7 +1996,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -91701,10 +91698,10 @@ index fc4da2d..f3e800b 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 24c1f23..781fd73f 100644
+index f0831c22..4b19cb3 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -3399,7 +3399,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+@@ -3400,7 +3400,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
return 0;
}
@@ -91894,7 +91891,7 @@ index 4f69f9a..7c6f8f8 100644
memcpy(&uts_table, table, sizeof(uts_table));
uts_table.data = get_uts(table, write);
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
-index 4431610..4265616 100644
+index c9b6f01..37781d9 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -475,7 +475,7 @@ static int watchdog_nmi_enable(unsigned int cpu) { return 0; }
@@ -92442,37 +92439,6 @@ index c24c2f7..f0296f4 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
-diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
-index b74da44..7a85967 100644
---- a/lib/lz4/lz4_decompress.c
-+++ b/lib/lz4/lz4_decompress.c
-@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
- int s = 255;
- while ((ip < iend) && (s == 255)) {
- s = *ip++;
-+ if (unlikely(length > (size_t)(length + s)))
-+ goto _output_error;
- length += s;
- }
- }
-@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
- if (length == ML_MASK) {
- while (ip < iend) {
- int s = *ip++;
-+ if (unlikely(length > (size_t)(length + s)))
-+ goto _output_error;
- length += s;
- if (s == 255)
- continue;
-@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
-
- /* write overflow error detected */
- _output_error:
-- return (int) (-(((char *) ip) - source));
-+ return -1;
- }
-
- int lz4_decompress(const unsigned char *src, size_t *src_len,
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index 963b703..438bc51 100644
--- a/lib/percpu-refcount.c
@@ -101804,7 +101770,7 @@ index a8eb0a8..86f2de4 100644
if (!todrop_rate[i]) return 0;
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
-index 4f26ee4..6a9d7c3 100644
+index 3d2d2c8..c87e4d3 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -567,7 +567,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
@@ -101816,7 +101782,7 @@ index 4f26ee4..6a9d7c3 100644
ip_vs_conn_put(cp);
return ret;
}
-@@ -1706,7 +1706,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
+@@ -1711,7 +1711,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
if (cp->flags & IP_VS_CONN_F_ONE_PACKET)
pkts = sysctl_sync_threshold(ipvs);
else
@@ -101994,7 +101960,7 @@ index a4b5e2a..13b1de3 100644
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 356bef5..99932cb 100644
+index 356bef5..163b56a 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1627,6 +1627,10 @@ void nf_conntrack_init_end(void)
@@ -102013,7 +101979,7 @@ index 356bef5..99932cb 100644
}
+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return_unchecked(&conntrack_cache_id));
++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08x", atomic_inc_return_unchecked(&conntrack_cache_id));
+#else
net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
+#endif
@@ -114733,7 +114699,7 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..8972f81
+index 0000000..4077712
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
@@ -0,0 +1,5988 @@
@@ -116547,8 +116513,8 @@ index 0000000..8972f81
+attach_hdlc_protocol_19986 attach_hdlc_protocol 3 19986 NULL
+rtw_set_wps_probe_resp_19989 rtw_set_wps_probe_resp 3 19989 NULL
+diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL
-+lov_stripe_md_size_20009 lov_stripe_md_size 0-1 20009 NULL nohasharray
-+event_trigger_write_20009 event_trigger_write 3 20009 &lov_stripe_md_size_20009
++event_trigger_write_20009 event_trigger_write 3 20009 NULL nohasharray
++lov_stripe_md_size_20009 lov_stripe_md_size 0-1 20009 &event_trigger_write_20009
+tree_mod_log_eb_move_20011 tree_mod_log_eb_move 5 20011 NULL
+SYSC_fgetxattr_20027 SYSC_fgetxattr 4 20027 NULL
+split_scan_timeout_read_20029 split_scan_timeout_read 3 20029 NULL
@@ -116915,8 +116881,8 @@ index 0000000..8972f81
+bin_to_hex_dup_23853 bin_to_hex_dup 2 23853 NULL
+ocfs2_xattr_get_clusters_23857 ocfs2_xattr_get_clusters 0 23857 NULL
+ieee80211_if_read_dot11MeshMaxPeerLinks_23878 ieee80211_if_read_dot11MeshMaxPeerLinks 3 23878 NULL
-+nouveau_clock_create__23881 nouveau_clock_create_ 5 23881 NULL nohasharray
-+writeback_single_inode_23881 writeback_single_inode 0 23881 &nouveau_clock_create__23881
++writeback_single_inode_23881 writeback_single_inode 0 23881 NULL nohasharray
++nouveau_clock_create__23881 nouveau_clock_create_ 5 23881 &writeback_single_inode_23881
+tipc_snprintf_23893 tipc_snprintf 2-0 23893 NULL
+add_new_gdb_meta_bg_23911 add_new_gdb_meta_bg 3 23911 NULL nohasharray
+ieee80211_if_read_hw_queues_23911 ieee80211_if_read_hw_queues 3 23911 &add_new_gdb_meta_bg_23911
diff --git a/3.14.10/4425_grsec_remove_EI_PAX.patch b/3.14.11/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.14.10/4425_grsec_remove_EI_PAX.patch
rename to 3.14.11/4425_grsec_remove_EI_PAX.patch
diff --git a/3.14.10/4427_force_XATTR_PAX_tmpfs.patch b/3.14.11/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.14.10/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.14.11/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.14.10/4430_grsec-remove-localversion-grsec.patch b/3.14.11/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.14.10/4430_grsec-remove-localversion-grsec.patch
rename to 3.14.11/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.14.10/4435_grsec-mute-warnings.patch b/3.14.11/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.14.10/4435_grsec-mute-warnings.patch
rename to 3.14.11/4435_grsec-mute-warnings.patch
diff --git a/3.14.10/4440_grsec-remove-protected-paths.patch b/3.14.11/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.14.10/4440_grsec-remove-protected-paths.patch
rename to 3.14.11/4440_grsec-remove-protected-paths.patch
diff --git a/3.14.10/4450_grsec-kconfig-default-gids.patch b/3.14.11/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.14.10/4450_grsec-kconfig-default-gids.patch
rename to 3.14.11/4450_grsec-kconfig-default-gids.patch
diff --git a/3.14.10/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.11/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.14.10/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.14.11/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.14.10/4470_disable-compat_vdso.patch b/3.14.11/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.14.10/4470_disable-compat_vdso.patch
rename to 3.14.11/4470_disable-compat_vdso.patch
diff --git a/3.14.10/4475_emutramp_default_on.patch b/3.14.11/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.14.10/4475_emutramp_default_on.patch
rename to 3.14.11/4475_emutramp_default_on.patch
diff --git a/3.15.3/0000_README b/3.15.4/0000_README
similarity index 100%
rename from 3.15.3/0000_README
rename to 3.15.4/0000_README
diff --git a/3.15.3/4420_grsecurity-3.0-3.15.3-201407060933.patch b/3.15.4/4420_grsecurity-3.0-3.15.4-201407072046.patch
similarity index 99%
rename from 3.15.3/4420_grsecurity-3.0-3.15.3-201407060933.patch
rename to 3.15.4/4420_grsecurity-3.0-3.15.4-201407072046.patch
index 8f5bdcd..0dbb183 100644
--- a/3.15.3/4420_grsecurity-3.0-3.15.3-201407060933.patch
+++ b/3.15.4/4420_grsecurity-3.0-3.15.4-201407072046.patch
@@ -287,7 +287,7 @@ index 30a8ad0d..2ed9efd 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 2e37d8b..3904d75 100644
+index 25ecc1d..184bee9 100644
--- a/Makefile
+++ b/Makefile
@@ -246,7 +246,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -15755,7 +15755,7 @@ index 69bbb48..32517fe 100644
#define smp_load_acquire(p) \
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
-index 9fc1af7..fc71228 100644
+index 9fc1af7..776d75a 100644
--- a/arch/x86/include/asm/bitops.h
+++ b/arch/x86/include/asm/bitops.h
@@ -49,7 +49,7 @@
@@ -15835,7 +15835,7 @@ index 9fc1af7..fc71228 100644
*/
#ifdef CONFIG_X86_64
-static __always_inline int fls64(__u64 x)
-+static __always_inline long fls64(__u64 x)
++static __always_inline __intentional_overflow(-1) int fls64(__u64 x)
{
int bitpos = -1;
/*
@@ -18365,7 +18365,7 @@ index a4ea023..33aa874 100644
void df_debug(struct pt_regs *regs, long error_code);
#endif /* _ASM_X86_PROCESSOR_H */
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
-index 14fd6fd..b31a4a4 100644
+index 6205f0c..b31a4a4 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
@@ -18438,29 +18438,6 @@ index 14fd6fd..b31a4a4 100644
#endif
return *(unsigned long *)((unsigned long)regs + offset);
}
-@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs,
-
- #define ARCH_HAS_USER_SINGLE_STEP_INFO
-
-+/*
-+ * When hitting ptrace_stop(), we cannot return using SYSRET because
-+ * that does not restore the full CPU state, only a minimal set. The
-+ * ptracer can change arbitrary register values, which is usually okay
-+ * because the usual ptrace stops run off the signal delivery path which
-+ * forces IRET; however, ptrace_event() stops happen in arbitrary places
-+ * in the kernel and don't force IRET path.
-+ *
-+ * So force IRET path after a ptrace stop.
-+ */
-+#define arch_ptrace_stop_needed(code, info) \
-+({ \
-+ set_thread_flag(TIF_NOTIFY_RESUME); \
-+ false; \
-+})
-+
- struct user_desc;
- extern int do_get_thread_area(struct task_struct *p, int idx,
- struct user_desc __user *info);
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 9c6b890..5305f53 100644
--- a/arch/x86/include/asm/realmode.h
@@ -26431,7 +26408,7 @@ index 898d077..4c458ff 100644
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 678c0ad..d309ccb 100644
+index 678c0ad..2fc2a7b 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -186,10 +186,10 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
@@ -26447,7 +26424,28 @@ index 678c0ad..d309ccb 100644
if (prev_esp)
return (unsigned long)prev_esp;
-@@ -588,7 +588,7 @@ static void ptrace_triggered(struct perf_event *bp,
+@@ -452,6 +452,20 @@ static int putreg(struct task_struct *child,
+ if (child->thread.gs != value)
+ return do_arch_prctl(child, ARCH_SET_GS, value);
+ return 0;
++
++ case offsetof(struct user_regs_struct,ip):
++ /*
++ * Protect against any attempt to set ip to an
++ * impossible address. There are dragons lurking if the
++ * address is noncanonical. (This explicitly allows
++ * setting ip to TASK_SIZE_MAX, because user code can do
++ * that all by itself by running off the end of its
++ * address space.
++ */
++ if (value > TASK_SIZE_MAX)
++ return -EIO;
++ break;
++
+ #endif
+ }
+
+@@ -588,7 +602,7 @@ static void ptrace_triggered(struct perf_event *bp,
static unsigned long ptrace_get_dr7(struct perf_event *bp[])
{
int i;
@@ -26456,7 +26454,7 @@ index 678c0ad..d309ccb 100644
struct arch_hw_breakpoint *info;
for (i = 0; i < HBP_NUM; i++) {
-@@ -822,7 +822,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -822,7 +836,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
@@ -26465,7 +26463,7 @@ index 678c0ad..d309ccb 100644
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -907,14 +907,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -907,14 +921,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
@@ -26482,7 +26480,7 @@ index 678c0ad..d309ccb 100644
break;
#endif
-@@ -1292,7 +1292,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
+@@ -1292,7 +1306,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
#ifdef CONFIG_X86_64
@@ -26491,7 +26489,7 @@ index 678c0ad..d309ccb 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct) / sizeof(long),
-@@ -1333,7 +1333,7 @@ static const struct user_regset_view user_x86_64_view = {
+@@ -1333,7 +1347,7 @@ static const struct user_regset_view user_x86_64_view = {
#endif /* CONFIG_X86_64 */
#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
@@ -26500,7 +26498,7 @@ index 678c0ad..d309ccb 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct32) / sizeof(u32),
-@@ -1386,7 +1386,7 @@ static const struct user_regset_view user_x86_32_view = {
+@@ -1386,7 +1400,7 @@ static const struct user_regset_view user_x86_32_view = {
*/
u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
@@ -26509,7 +26507,7 @@ index 678c0ad..d309ccb 100644
{
#ifdef CONFIG_X86_64
x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
-@@ -1421,7 +1421,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+@@ -1421,7 +1435,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
@@ -26518,7 +26516,7 @@ index 678c0ad..d309ccb 100644
}
void user_single_step_siginfo(struct task_struct *tsk,
-@@ -1450,6 +1450,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+@@ -1450,6 +1464,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
# define IS_IA32 0
#endif
@@ -26529,7 +26527,7 @@ index 678c0ad..d309ccb 100644
/*
* We must return the syscall number to actually look up in the table.
* This can be -1L to skip running any syscall at all.
-@@ -1460,6 +1464,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1460,6 +1478,11 @@ long syscall_trace_enter(struct pt_regs *regs)
user_exit();
@@ -26541,7 +26539,7 @@ index 678c0ad..d309ccb 100644
/*
* If we stepped into a sysenter/syscall insn, it trapped in
* kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
-@@ -1515,6 +1524,11 @@ void syscall_trace_leave(struct pt_regs *regs)
+@@ -1515,6 +1538,11 @@ void syscall_trace_leave(struct pt_regs *regs)
*/
user_exit();
@@ -39039,7 +39037,7 @@ index 000e4e0..4770351 100644
cpu_notifier_register_begin();
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index abda660..f1d1de0 100644
+index 558224c..55e3b57 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -2022,7 +2022,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
@@ -39051,7 +39049,7 @@ index abda660..f1d1de0 100644
mutex_unlock(&cpufreq_governor_mutex);
return;
}
-@@ -2240,7 +2240,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2238,7 +2238,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -39060,7 +39058,7 @@ index abda660..f1d1de0 100644
.notifier_call = cpufreq_cpu_callback,
};
-@@ -2280,13 +2280,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2278,13 +2278,17 @@ int cpufreq_boost_trigger_state(int state)
return 0;
write_lock_irqsave(&cpufreq_driver_lock, flags);
@@ -39080,7 +39078,7 @@ index abda660..f1d1de0 100644
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
pr_err("%s: Cannot %s BOOST\n",
-@@ -2342,8 +2346,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2340,8 +2344,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
pr_debug("trying to register driver %s\n", driver_data->name);
@@ -39094,7 +39092,7 @@ index abda660..f1d1de0 100644
write_lock_irqsave(&cpufreq_driver_lock, flags);
if (cpufreq_driver) {
-@@ -2358,8 +2365,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2356,8 +2363,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
* Check if driver provides function to enable boost -
* if not, use cpufreq_boost_set_sw as default
*/
@@ -46464,6 +46462,19 @@ index a2515887..6d13233 100644
dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
/* we will have to manufacture ethernet headers, prepare template */
+diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
+index 8a852b5..668a4b6 100644
+--- a/drivers/net/virtio_net.c
++++ b/drivers/net/virtio_net.c
+@@ -47,7 +47,7 @@ module_param(gso, bool, 0444);
+ #define RECEIVE_AVG_WEIGHT 64
+
+ /* Minimum alignment for mergeable packet buffers. */
+-#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256)
++#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256UL)
+
+ #define VIRTNET_DRIVER_VERSION "1.0.0"
+
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 77dcf92..549924a 100644
--- a/drivers/net/vxlan.c
@@ -48745,10 +48756,10 @@ index 3cbb57a..95e47a3 100644
/* These three are default values which can be overridden */
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 9a6e4a2..27843b6 100644
+index fda6cf1..7a6b5d8 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
-@@ -687,10 +687,10 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
+@@ -699,10 +699,10 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
unsigned long flags;
if (h->transMethod & CFGTBL_Trans_io_accel1)
@@ -48761,7 +48772,7 @@ index 9a6e4a2..27843b6 100644
if ((rq->head[rq->current_entry] & 1) == rq->wraparound) {
a = rq->head[rq->current_entry];
-@@ -5448,7 +5448,7 @@ static void start_io(struct ctlr_info *h)
+@@ -5460,7 +5460,7 @@ static void start_io(struct ctlr_info *h)
while (!list_empty(&h->reqQ)) {
c = list_entry(h->reqQ.next, struct CommandList, list);
/* can't do anything if fifo is full */
@@ -48770,7 +48781,7 @@ index 9a6e4a2..27843b6 100644
h->fifo_recently_full = 1;
dev_warn(&h->pdev->dev, "fifo full\n");
break;
-@@ -5472,7 +5472,7 @@ static void start_io(struct ctlr_info *h)
+@@ -5484,7 +5484,7 @@ static void start_io(struct ctlr_info *h)
/* Tell the controller execute command */
spin_unlock_irqrestore(&h->lock, flags);
@@ -48779,7 +48790,7 @@ index 9a6e4a2..27843b6 100644
spin_lock_irqsave(&h->lock, flags);
}
spin_unlock_irqrestore(&h->lock, flags);
-@@ -5480,17 +5480,17 @@ static void start_io(struct ctlr_info *h)
+@@ -5492,17 +5492,17 @@ static void start_io(struct ctlr_info *h)
static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q)
{
@@ -48800,7 +48811,7 @@ index 9a6e4a2..27843b6 100644
(h->interrupts_enabled == 0);
}
-@@ -6444,7 +6444,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
+@@ -6456,7 +6456,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
@@ -48809,7 +48820,7 @@ index 9a6e4a2..27843b6 100644
pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S |
PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM);
-@@ -6723,7 +6723,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
+@@ -6735,7 +6735,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
{
unsigned long flags;
@@ -48818,7 +48829,7 @@ index 9a6e4a2..27843b6 100644
spin_lock_irqsave(&h->lock, flags);
h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
spin_unlock_irqrestore(&h->lock, flags);
-@@ -6951,7 +6951,7 @@ reinit_after_soft_reset:
+@@ -6963,7 +6963,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
@@ -48827,7 +48838,7 @@ index 9a6e4a2..27843b6 100644
if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx))
goto clean2;
-@@ -6986,7 +6986,7 @@ reinit_after_soft_reset:
+@@ -6998,7 +6998,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
@@ -48836,7 +48847,7 @@ index 9a6e4a2..27843b6 100644
spin_unlock_irqrestore(&h->lock, flags);
free_irqs(h);
rc = hpsa_request_irq(h, hpsa_msix_discard_completions,
-@@ -7005,9 +7005,9 @@ reinit_after_soft_reset:
+@@ -7017,9 +7017,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
@@ -48848,7 +48859,7 @@ index 9a6e4a2..27843b6 100644
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -7033,7 +7033,7 @@ reinit_after_soft_reset:
+@@ -7045,7 +7045,7 @@ reinit_after_soft_reset:
h->drv_req_rescan = 0;
/* Turn the interrupts on so we can service requests */
@@ -48857,7 +48868,7 @@ index 9a6e4a2..27843b6 100644
hpsa_hba_inquiry(h);
hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */
-@@ -7102,7 +7102,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
+@@ -7114,7 +7114,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
* To write all data in the battery backed cache to disks
*/
hpsa_flush_cache(h);
@@ -48866,7 +48877,7 @@ index 9a6e4a2..27843b6 100644
hpsa_free_irqs_and_disable_msix(h);
}
-@@ -7220,7 +7220,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support)
+@@ -7232,7 +7232,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support)
CFGTBL_Trans_enable_directed_msix |
(trans_support & (CFGTBL_Trans_io_accel1 |
CFGTBL_Trans_io_accel2));
@@ -48875,7 +48886,7 @@ index 9a6e4a2..27843b6 100644
/* This is a bit complicated. There are 8 registers on
* the controller which we write to to tell it 8 different
-@@ -7285,12 +7285,12 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support)
+@@ -7297,12 +7297,12 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support)
* enable outbound interrupt coalescing in accelerator mode;
*/
if (trans_support & CFGTBL_Trans_io_accel1) {
@@ -50293,10 +50304,10 @@ index e7e9372..161f530 100644
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 26416c1..e796a3d 100644
+index 6ea95d2..88607b4 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
-@@ -1524,7 +1524,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1525,7 +1525,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->se_tmr_lock);
spin_lock_init(&dev->qf_cmd_lock);
sema_init(&dev->caw_sem, 1);
@@ -62226,7 +62237,7 @@ index f4ccfe6..a5cf064 100644
static struct callback_op callback_ops[];
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 0c43897..0949f08 100644
+index c79f3e7..d61d671 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1209,16 +1209,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
@@ -62263,7 +62274,7 @@ index d543222..2cfa2a2 100644
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index 18881f3..40e5bef 100644
+index b4c4958..04687ad 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1530,7 +1530,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
@@ -81571,20 +81582,6 @@ index 34a1e10..70f6bde 100644
struct proc_ns {
void *ns;
-diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
-index 077904c..cc79eff 100644
---- a/include/linux/ptrace.h
-+++ b/include/linux/ptrace.h
-@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk,
- * calling arch_ptrace_stop() when it would be superfluous. For example,
- * if the thread has not been back to user mode since the last stop, the
- * thread state might indicate that nothing needs to be done.
-+ *
-+ * This is guaranteed to be invoked once before a task stops for ptrace and
-+ * may include arch-specific operations necessary prior to a ptrace stop.
- */
- #define arch_ptrace_stop_needed(code, info) (0)
- #endif
diff --git a/include/linux/quota.h b/include/linux/quota.h
index cc7494a..1e27036 100644
--- a/include/linux/quota.h
@@ -86219,7 +86216,7 @@ index 6ed6a1d..edecb0e 100644
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 1429043..9d95f16 100644
+index 68b9226..0700bf6 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -183,6 +183,48 @@ void thread_info_cache_init(void)
@@ -86601,7 +86598,7 @@ index 1429043..9d95f16 100644
if (likely(p->pid)) {
ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
-@@ -1539,6 +1649,8 @@ bad_fork_cleanup_count:
+@@ -1541,6 +1651,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -86610,7 +86607,7 @@ index 1429043..9d95f16 100644
return ERR_PTR(retval);
}
-@@ -1600,6 +1712,7 @@ long do_fork(unsigned long clone_flags,
+@@ -1602,6 +1714,7 @@ long do_fork(unsigned long clone_flags,
p = copy_process(clone_flags, stack_start, stack_size,
child_tidptr, NULL, trace);
@@ -86618,7 +86615,7 @@ index 1429043..9d95f16 100644
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
-@@ -1616,6 +1729,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1618,6 +1731,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -86627,7 +86624,7 @@ index 1429043..9d95f16 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1734,7 +1849,7 @@ void __init proc_caches_init(void)
+@@ -1736,7 +1851,7 @@ void __init proc_caches_init(void)
mm_cachep = kmem_cache_create("mm_struct",
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
@@ -86636,7 +86633,7 @@ index 1429043..9d95f16 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1774,7 +1889,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1776,7 +1891,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -86645,7 +86642,7 @@ index 1429043..9d95f16 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1881,7 +1996,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1883,7 +1998,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -91252,10 +91249,10 @@ index c634868..00d0d19 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 737b0ef..bd21ea6 100644
+index e916972..e87f285 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -3448,7 +3448,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+@@ -3449,7 +3449,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
return 0;
}
@@ -91445,7 +91442,7 @@ index 4f69f9a..7c6f8f8 100644
memcpy(&uts_table, table, sizeof(uts_table));
uts_table.data = get_uts(table, write);
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
-index 516203e..ecc58d1 100644
+index 30e4822..dd2b854 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -479,7 +479,7 @@ static int watchdog_nmi_enable(unsigned int cpu) { return 0; }
@@ -91971,37 +91968,6 @@ index c24c2f7..f0296f4 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
-diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
-index b74da44..7a85967 100644
---- a/lib/lz4/lz4_decompress.c
-+++ b/lib/lz4/lz4_decompress.c
-@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
- int s = 255;
- while ((ip < iend) && (s == 255)) {
- s = *ip++;
-+ if (unlikely(length > (size_t)(length + s)))
-+ goto _output_error;
- length += s;
- }
- }
-@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
- if (length == ML_MASK) {
- while (ip < iend) {
- int s = *ip++;
-+ if (unlikely(length > (size_t)(length + s)))
-+ goto _output_error;
- length += s;
- if (s == 255)
- continue;
-@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
-
- /* write overflow error detected */
- _output_error:
-- return (int) (-(((char *) ip) - source));
-+ return -1;
- }
-
- int lz4_decompress(const unsigned char *src, size_t *src_len,
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index 963b703..438bc51 100644
--- a/lib/percpu-refcount.c
@@ -101773,7 +101739,7 @@ index a4b5e2a..13b1de3 100644
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 75421f2..054c1fc 100644
+index 75421f2..0e69621 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1789,6 +1789,10 @@ void nf_conntrack_init_end(void)
@@ -101792,7 +101758,7 @@ index 75421f2..054c1fc 100644
goto err_pcpu_lists;
+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return_unchecked(&conntrack_cache_id));
++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08x", atomic_inc_return_unchecked(&conntrack_cache_id));
+#else
net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
+#endif
@@ -114525,10 +114491,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..2393acc
+index 0000000..386f2d1
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5800 @@
+@@ -0,0 +1,5801 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
+compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
@@ -119795,6 +119761,7 @@ index 0000000..2393acc
+btrfs_insert_dir_item_59304 btrfs_insert_dir_item 4 59304 NULL
+fd_copyout_59323 fd_copyout 3 59323 NULL
+read_9287_modal_eeprom_59327 read_9287_modal_eeprom 3 59327 NULL
++set_state_private_59336 set_state_private 0 59336 NULL
+rx_defrag_in_process_called_read_59338 rx_defrag_in_process_called_read 3 59338 NULL
+xfs_attrmulti_attr_set_59346 xfs_attrmulti_attr_set 4 59346 NULL
+f2fs_fallocate_59377 f2fs_fallocate 4-3 59377 NULL
diff --git a/3.15.3/4425_grsec_remove_EI_PAX.patch b/3.15.4/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.15.3/4425_grsec_remove_EI_PAX.patch
rename to 3.15.4/4425_grsec_remove_EI_PAX.patch
diff --git a/3.15.3/4427_force_XATTR_PAX_tmpfs.patch b/3.15.4/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.15.3/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.15.4/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.15.3/4430_grsec-remove-localversion-grsec.patch b/3.15.4/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.15.3/4430_grsec-remove-localversion-grsec.patch
rename to 3.15.4/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.15.3/4435_grsec-mute-warnings.patch b/3.15.4/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.15.3/4435_grsec-mute-warnings.patch
rename to 3.15.4/4435_grsec-mute-warnings.patch
diff --git a/3.15.3/4440_grsec-remove-protected-paths.patch b/3.15.4/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.15.3/4440_grsec-remove-protected-paths.patch
rename to 3.15.4/4440_grsec-remove-protected-paths.patch
diff --git a/3.15.3/4450_grsec-kconfig-default-gids.patch b/3.15.4/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.15.3/4450_grsec-kconfig-default-gids.patch
rename to 3.15.4/4450_grsec-kconfig-default-gids.patch
diff --git a/3.15.3/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.4/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.15.3/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.15.4/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.15.3/4470_disable-compat_vdso.patch b/3.15.4/4470_disable-compat_vdso.patch
similarity index 100%
rename from 3.15.3/4470_disable-compat_vdso.patch
rename to 3.15.4/4470_disable-compat_vdso.patch
diff --git a/3.15.3/4475_emutramp_default_on.patch b/3.15.4/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.15.3/4475_emutramp_default_on.patch
rename to 3.15.4/4475_emutramp_default_on.patch
diff --git a/3.2.60/0000_README b/3.2.60/0000_README
index ee22cb5..f6a6bee 100644
--- a/3.2.60/0000_README
+++ b/3.2.60/0000_README
@@ -158,7 +158,7 @@ Patch: 1059_linux-3.2.60.patch
From: http://www.kernel.org
Desc: Linux 3.2.60
-Patch: 4420_grsecurity-3.0-3.2.60-201407052028.patch
+Patch: 4420_grsecurity-3.0-3.2.60-201407072042.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch b/3.2.60/4420_grsecurity-3.0-3.2.60-201407072042.patch
similarity index 99%
rename from 3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
rename to 3.2.60/4420_grsecurity-3.0-3.2.60-201407072042.patch
index 2ddb90d..b3267bc 100644
--- a/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
+++ b/3.2.60/4420_grsecurity-3.0-3.2.60-201407072042.patch
@@ -22643,7 +22643,7 @@ index 6a364a6..b147d11 100644
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 2dc4121..60e1086 100644
+index 2dc4121..c7c8aac 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -181,14 +181,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
@@ -22665,7 +22665,28 @@ index 2dc4121..60e1086 100644
return (unsigned long)regs;
}
-@@ -585,7 +584,7 @@ static void ptrace_triggered(struct perf_event *bp,
+@@ -449,6 +448,20 @@ static int putreg(struct task_struct *child,
+ if (child->thread.gs != value)
+ return do_arch_prctl(child, ARCH_SET_GS, value);
+ return 0;
++
++ case offsetof(struct user_regs_struct,ip):
++ /*
++ * Protect against any attempt to set ip to an
++ * impossible address. There are dragons lurking if the
++ * address is noncanonical. (This explicitly allows
++ * setting ip to TASK_SIZE_MAX, because user code can do
++ * that all by itself by running off the end of its
++ * address space.
++ */
++ if (value > TASK_SIZE_MAX)
++ return -EIO;
++ break;
++
+ #endif
+ }
+
+@@ -585,7 +598,7 @@ static void ptrace_triggered(struct perf_event *bp,
static unsigned long ptrace_get_dr7(struct perf_event *bp[])
{
int i;
@@ -22674,7 +22695,7 @@ index 2dc4121..60e1086 100644
struct arch_hw_breakpoint *info;
for (i = 0; i < HBP_NUM; i++) {
-@@ -852,7 +851,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -852,7 +865,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
@@ -22683,7 +22704,7 @@ index 2dc4121..60e1086 100644
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -937,14 +936,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -937,14 +950,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
@@ -22700,7 +22721,7 @@ index 2dc4121..60e1086 100644
break;
#endif
-@@ -1229,7 +1228,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
+@@ -1229,7 +1242,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
#ifdef CONFIG_X86_64
@@ -22709,7 +22730,7 @@ index 2dc4121..60e1086 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct) / sizeof(long),
-@@ -1273,7 +1272,7 @@ static const struct user_regset_view user_x86_64_view = {
+@@ -1273,7 +1286,7 @@ static const struct user_regset_view user_x86_64_view = {
#endif /* CONFIG_X86_64 */
#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
@@ -22718,7 +22739,7 @@ index 2dc4121..60e1086 100644
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct32) / sizeof(u32),
-@@ -1326,7 +1325,7 @@ static const struct user_regset_view user_x86_32_view = {
+@@ -1326,7 +1339,7 @@ static const struct user_regset_view user_x86_32_view = {
*/
u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
@@ -22727,7 +22748,7 @@ index 2dc4121..60e1086 100644
{
#ifdef CONFIG_X86_64
x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
-@@ -1361,7 +1360,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+@@ -1361,7 +1374,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
@@ -22736,7 +22757,7 @@ index 2dc4121..60e1086 100644
}
void user_single_step_siginfo(struct task_struct *tsk,
-@@ -1390,6 +1389,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+@@ -1390,6 +1403,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
# define IS_IA32 0
#endif
@@ -22747,7 +22768,7 @@ index 2dc4121..60e1086 100644
/*
* We must return the syscall number to actually look up in the table.
* This can be -1L to skip running any syscall at all.
-@@ -1398,6 +1401,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1398,6 +1415,11 @@ long syscall_trace_enter(struct pt_regs *regs)
{
long ret = 0;
@@ -22759,7 +22780,7 @@ index 2dc4121..60e1086 100644
/*
* If we stepped into a sysenter/syscall insn, it trapped in
* kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
-@@ -1409,7 +1417,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1409,7 +1431,11 @@ long syscall_trace_enter(struct pt_regs *regs)
regs->flags |= X86_EFLAGS_TF;
/* do the secure computing check first */
@@ -22772,7 +22793,7 @@ index 2dc4121..60e1086 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_EMU)))
ret = -1L;
-@@ -1436,6 +1448,7 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1436,6 +1462,7 @@ long syscall_trace_enter(struct pt_regs *regs)
#endif
}
@@ -22780,7 +22801,7 @@ index 2dc4121..60e1086 100644
return ret ?: regs->orig_ax;
}
-@@ -1443,6 +1456,11 @@ void syscall_trace_leave(struct pt_regs *regs)
+@@ -1443,6 +1470,11 @@ void syscall_trace_leave(struct pt_regs *regs)
{
bool step;
@@ -104860,7 +104881,7 @@ index 369df3f..b660190 100644
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 7489bd3..5f4df88 100644
+index 7489bd3..b7a282c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1491,6 +1491,10 @@ err_proto:
@@ -104879,7 +104900,7 @@ index 7489bd3..5f4df88 100644
}
+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return_unchecked(&conntrack_cache_id));
++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08x", atomic_inc_return_unchecked(&conntrack_cache_id));
+#else
net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
+#endif
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-07-08 20:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-08 20:14 [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.11/, 3.14.10/, 3.15.4/, 3.2.60/, 3.15.3/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox