* [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.63/
@ 2014-10-24 2:11 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2014-10-24 2:11 UTC (permalink / raw
To: gentoo-commits
commit: 36f319f3594aef8461ee3d000bcbcbcfec8e47d8
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 24 02:12:48 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Oct 24 02:12:48 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=36f319f3
Grsec/PaX: 3.0-3.2.63-201410201736
---
3.2.63/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.63-201410201736.patch} | 61 +++++-----------------
2 files changed, 13 insertions(+), 50 deletions(-)
diff --git a/3.2.63/0000_README b/3.2.63/0000_README
index 35112a1..860a604 100644
--- a/3.2.63/0000_README
+++ b/3.2.63/0000_README
@@ -170,7 +170,7 @@ Patch: 1062_linux-3.2.63.patch
From: http://www.kernel.org
Desc: Linux 3.2.63
-Patch: 4420_grsecurity-3.0-3.2.63-201410192044.patch
+Patch: 4420_grsecurity-3.0-3.2.63-201410201736.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch b/3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch
similarity index 99%
rename from 3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch
rename to 3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch
index 7b7e1d2..045f3ce 100644
--- a/3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch
+++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch
@@ -24704,18 +24704,10 @@ index 2102a17..16e1531 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index a4f6bda..a02a77c 100644
+index a4f6bda..40eb721 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -390,6 +390,7 @@ struct vcpu_vmx {
- u16 fs_sel, gs_sel, ldt_sel;
- int gs_ldt_reload_needed;
- int fs_reload_needed;
-+ unsigned long vmcs_host_cr4; /* May not match real cr4 */
- } host_state;
- struct {
- int vm86_active;
-@@ -1099,12 +1100,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+@@ -1099,12 +1099,12 @@ static void vmcs_write64(unsigned long field, u64 value)
#endif
}
@@ -24730,7 +24722,7 @@ index a4f6bda..a02a77c 100644
{
vmcs_writel(field, vmcs_readl(field) | mask);
}
-@@ -1305,7 +1306,11 @@ static void reload_tss(void)
+@@ -1305,7 +1305,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
@@ -24742,7 +24734,7 @@ index a4f6bda..a02a77c 100644
load_TR_desc();
}
-@@ -1504,6 +1509,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -1504,6 +1508,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
@@ -24753,7 +24745,7 @@ index a4f6bda..a02a77c 100644
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
vmx->loaded_vmcs->cpu = cpu;
-@@ -2634,8 +2643,11 @@ static __init int hardware_setup(void)
+@@ -2634,8 +2642,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
@@ -24767,26 +24759,18 @@ index a4f6bda..a02a77c 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -3634,10 +3646,17 @@ static void vmx_set_constant_host_state(void)
- u32 low32, high32;
- unsigned long tmpl;
- struct desc_ptr dt;
-+ unsigned long cr4;
+@@ -3637,7 +3648,10 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_CR0, read_cr0() | X86_CR0_TS); /* 22.2.3 */
-- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
+ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
++
+#ifndef CONFIG_PAX_PER_CPU_PGD
vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
+#endif
-+
-+ /* Save the most likely value for this task's CR4 in the VMCS. */
-+ cr4 = read_cr4();
-+ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */
-+ vmx->host_state.vmcs_host_cr4 = cr4;
vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */
-@@ -3649,7 +3668,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3649,7 +3663,7 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl));
@@ -24795,28 +24779,7 @@ index a4f6bda..a02a77c 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6093,6 +6112,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
- static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
- {
- struct vcpu_vmx *vmx = to_vmx(vcpu);
-+ unsigned long cr4;
-
- if (is_guest_mode(vcpu) && !vmx->nested.nested_run_pending) {
- struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
-@@ -6123,6 +6143,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
- if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
- vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
-
-+ cr4 = read_cr4();
-+ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) {
-+ vmcs_writel(HOST_CR4, cr4);
-+ vmx->host_state.vmcs_host_cr4 = cr4;
-+ }
-+
- /* When single-stepping over STI and MOV SS, we must clear the
- * corresponding interruptibility bits in the guest state. Otherwise
- * vmentry fails as it then expects bit 14 (BS) in pending debug
-@@ -6178,6 +6204,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6178,6 +6192,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp .Lkvm_vmx_return \n\t"
".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
".Lkvm_vmx_return: "
@@ -24829,7 +24792,7 @@ index a4f6bda..a02a77c 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%"R"sp) \n\t"
"pop %0 \n\t"
-@@ -6226,6 +6258,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6226,6 +6246,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -24841,7 +24804,7 @@ index a4f6bda..a02a77c 100644
: "cc", "memory"
, R"ax", R"bx", R"di", R"si"
#ifdef CONFIG_X86_64
-@@ -6254,7 +6291,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6254,7 +6279,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
}
}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.63/
@ 2014-11-04 14:58 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2014-11-04 14:58 UTC (permalink / raw
To: gentoo-commits
commit: ab05af49d04c811aae4fe293282f819540e22288
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 4 14:59:52 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Nov 4 14:59:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=ab05af49
Grsec/PaX: 3.0-3.2.63-201411020808
---
3.2.63/0000_README | 2 +-
...11.patch => 4420_grsecurity-3.0-3.2.63-201411020808.patch} | 11 ++++++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/3.2.63/0000_README b/3.2.63/0000_README
index 1c94b09..dc58512 100644
--- a/3.2.63/0000_README
+++ b/3.2.63/0000_README
@@ -170,7 +170,7 @@ Patch: 1062_linux-3.2.63.patch
From: http://www.kernel.org
Desc: Linux 3.2.63
-Patch: 4420_grsecurity-3.0-3.2.63-201410312211.patch
+Patch: 4420_grsecurity-3.0-3.2.63-201411020808.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201410312211.patch b/3.2.63/4420_grsecurity-3.0-3.2.63-201411020808.patch
similarity index 99%
rename from 3.2.63/4420_grsecurity-3.0-3.2.63-201410312211.patch
rename to 3.2.63/4420_grsecurity-3.0-3.2.63-201411020808.patch
index 82f3ff6..ab7ff79 100644
--- a/3.2.63/4420_grsecurity-3.0-3.2.63-201410312211.patch
+++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201411020808.patch
@@ -105155,7 +105155,7 @@ index c69358c..d1e5855 100644
static int tcp6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index f8bec1e..8628321 100644
+index f8bec1e..e2c60f8 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -50,6 +50,10 @@
@@ -105206,6 +105206,15 @@ index f8bec1e..8628321 100644
bh_unlock_sock(sk);
sock_put(sk);
goto discard;
+@@ -1362,7 +1369,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, u32 features)
+ fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);
+ fptr->nexthdr = nexthdr;
+ fptr->reserved = 0;
+- ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb));
++ fptr->identification = skb_shinfo(skb)->ip6_frag_id;
+
+ /* Fragment the skb. ipv6 header and the remaining fields of the
+ * fragment header are updated in ipv6_gso_segment()
@@ -1409,8 +1416,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
0, 0L, 0,
sock_i_uid(sp), 0,
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-11-04 14:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-04 14:58 [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.63/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2014-10-24 2:11 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox