* [gentoo-commits] proj/hardened-patchset:master commit in: 4.1.7/, 4.1.6/
@ 2015-09-15 6:04 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2015-09-15 6:04 UTC (permalink / raw
To: gentoo-commits
commit: 7d132b81e64c0d8144213e9dec6f36d9e0db839c
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 15 06:08:42 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep 15 06:08:42 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=7d132b81
grsecurity-3.1-4.1.7-201509131604
{4.1.6 => 4.1.7}/0000_README | 2 +-
.../4420_grsecurity-3.1-4.1.7-201509131604.patch | 373 +++++++--------------
{4.1.6 => 4.1.7}/4425_grsec_remove_EI_PAX.patch | 0
{4.1.6 => 4.1.7}/4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{4.1.6 => 4.1.7}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{4.1.6 => 4.1.7}/4470_disable-compat_vdso.patch | 0
{4.1.6 => 4.1.7}/4475_emutramp_default_on.patch | 0
11 files changed, 115 insertions(+), 260 deletions(-)
diff --git a/4.1.6/0000_README b/4.1.7/0000_README
similarity index 96%
rename from 4.1.6/0000_README
rename to 4.1.7/0000_README
index 1d2e649..a82b514 100644
--- a/4.1.6/0000_README
+++ b/4.1.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.1.6-201509112213.patch
+Patch: 4420_grsecurity-3.1-4.1.7-201509131604.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.1.6/4420_grsecurity-3.1-4.1.6-201509112213.patch b/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
similarity index 99%
rename from 4.1.6/4420_grsecurity-3.1-4.1.6-201509112213.patch
rename to 4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
index c1cfd1d..eb11268 100644
--- a/4.1.6/4420_grsecurity-3.1-4.1.6-201509112213.patch
+++ b/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
@@ -406,7 +406,7 @@ index c831001..1bfbbf6 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index 838dabc..90df77d 100644
+index b8591e5..1d9e8c0 100644
--- a/Makefile
+++ b/Makefile
@@ -299,7 +299,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3603,7 +3603,7 @@ index 5305ec7..6d74045 100644
#include <asm/smp_scu.h>
diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c
-index 3b56722..33ac281 100644
+index 6833df4..3e059b2 100644
--- a/arch/arm/mach-omap2/omap-wakeupgen.c
+++ b/arch/arm/mach-omap2/omap-wakeupgen.c
@@ -330,7 +330,7 @@ static int irq_cpu_hotplug_notify(struct notifier_block *self,
@@ -3776,7 +3776,7 @@ index 2dea8b5..6499da2 100644
extern void ux500_cpu_die(unsigned int cpu);
diff --git a/arch/arm/mach-zynq/platsmp.c b/arch/arm/mach-zynq/platsmp.c
-index 52d768f..5f93180 100644
+index f66816c..228b951 100644
--- a/arch/arm/mach-zynq/platsmp.c
+++ b/arch/arm/mach-zynq/platsmp.c
@@ -24,6 +24,7 @@
@@ -19044,23 +19044,6 @@ index 7d5a192..23ef1aa 100644
#define __USER32_CS (GDT_ENTRY_DEFAULT_USER32_CS*8 + 3)
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8 + 3)
#define __USER32_DS __USER_DS
-diff --git a/arch/x86/include/asm/sigcontext.h b/arch/x86/include/asm/sigcontext.h
-index 6fe6b18..9dfce4e 100644
---- a/arch/x86/include/asm/sigcontext.h
-+++ b/arch/x86/include/asm/sigcontext.h
-@@ -57,9 +57,9 @@ struct sigcontext {
- unsigned long ip;
- unsigned long flags;
- unsigned short cs;
-- unsigned short __pad2; /* Was called gs, but was always zero. */
-- unsigned short __pad1; /* Was called fs, but was always zero. */
-- unsigned short ss;
-+ unsigned short gs;
-+ unsigned short fs;
-+ unsigned short __pad0;
- unsigned long err;
- unsigned long trapno;
- unsigned long oldmask;
diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h
index ba665eb..0f72938 100644
--- a/arch/x86/include/asm/smap.h
@@ -20515,38 +20498,6 @@ index 960a8a9..404daf7 100644
#define BIOS_END 0x00100000
#define BIOS_ROM_BASE 0xffe00000
-diff --git a/arch/x86/include/uapi/asm/sigcontext.h b/arch/x86/include/uapi/asm/sigcontext.h
-index 16dc4e8..d8b9f908 100644
---- a/arch/x86/include/uapi/asm/sigcontext.h
-+++ b/arch/x86/include/uapi/asm/sigcontext.h
-@@ -177,24 +177,9 @@ struct sigcontext {
- __u64 rip;
- __u64 eflags; /* RFLAGS */
- __u16 cs;
--
-- /*
-- * Prior to 2.5.64 ("[PATCH] x86-64 updates for 2.5.64-bk3"),
-- * Linux saved and restored fs and gs in these slots. This
-- * was counterproductive, as fsbase and gsbase were never
-- * saved, so arch_prctl was presumably unreliable.
-- *
-- * If these slots are ever needed for any other purpose, there
-- * is some risk that very old 64-bit binaries could get
-- * confused. I doubt that many such binaries still work,
-- * though, since the same patch in 2.5.64 also removed the
-- * 64-bit set_thread_area syscall, so it appears that there is
-- * no TLS API that works in both pre- and post-2.5.64 kernels.
-- */
-- __u16 __pad2; /* Was gs. */
-- __u16 __pad1; /* Was fs. */
--
-- __u16 ss;
-+ __u16 gs;
-+ __u16 fs;
-+ __u16 __pad0;
- __u64 err;
- __u64 trapno;
- __u64 oldmask;
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 9bcd0b5..750f1b7 100644
--- a/arch/x86/kernel/Makefile
@@ -20870,7 +20821,7 @@ index aef6531..d7ca83a 100644
bp_int3_handler = handler;
bp_int3_addr = (u8 *)addr + sizeof(int3);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index dcb5285..cc79e9d 100644
+index cde732c..6365ac2 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -171,7 +171,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR;
@@ -26568,7 +26519,7 @@ index 77dd0ad..9ec4723 100644
dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs);
}
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 6e338e3..82f946e 100644
+index 9717437..44bc9aa 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -38,7 +38,8 @@
@@ -26635,7 +26586,7 @@ index 6e338e3..82f946e 100644
{
local_irq_disable();
/*
-@@ -531,16 +536,43 @@ static int __init idle_setup(char *str)
+@@ -533,16 +538,43 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
@@ -27343,38 +27294,10 @@ index e4fcb87..9c06c55 100644
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 1ea14fd..b551e66 100644
+index e0fd5f47..b551e66 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
-@@ -93,8 +93,15 @@ int restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc)
- COPY(r15);
- #endif /* CONFIG_X86_64 */
-
-+#ifdef CONFIG_X86_32
- COPY_SEG_CPL3(cs);
- COPY_SEG_CPL3(ss);
-+#else /* !CONFIG_X86_32 */
-+ /* Kernel saves and restores only the CS segment register on signals,
-+ * which is the bare minimum needed to allow mixed 32/64-bit code.
-+ * App's signal handler can save/restore other segments if needed. */
-+ COPY_SEG_CPL3(cs);
-+#endif /* CONFIG_X86_32 */
-
- get_user_ex(tmpflags, &sc->flags);
- regs->flags = (regs->flags & ~FIX_EFLAGS) | (tmpflags & FIX_EFLAGS);
-@@ -154,9 +161,8 @@ int setup_sigcontext(struct sigcontext __user *sc, void __user *fpstate,
- #else /* !CONFIG_X86_32 */
- put_user_ex(regs->flags, &sc->flags);
- put_user_ex(regs->cs, &sc->cs);
-- put_user_ex(0, &sc->__pad2);
-- put_user_ex(0, &sc->__pad1);
-- put_user_ex(regs->ss, &sc->ss);
-+ put_user_ex(0, &sc->gs);
-+ put_user_ex(0, &sc->fs);
- #endif /* CONFIG_X86_32 */
-
- put_user_ex(fpstate, &sc->fpstate);
-@@ -183,7 +189,7 @@ static unsigned long align_sigframe(unsigned long sp)
+@@ -189,7 +189,7 @@ static unsigned long align_sigframe(unsigned long sp)
* Align the stack pointer according to the i386 ABI,
* i.e. so that on function entry ((sp + 4) & 15) == 0.
*/
@@ -27383,7 +27306,7 @@ index 1ea14fd..b551e66 100644
#else /* !CONFIG_X86_32 */
sp = round_down(sp, 16) - 8;
#endif
-@@ -291,10 +297,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -297,10 +297,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
}
if (current->mm->context.vdso)
@@ -27396,7 +27319,7 @@ index 1ea14fd..b551e66 100644
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
-@@ -308,7 +313,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -314,7 +313,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
@@ -27405,7 +27328,7 @@ index 1ea14fd..b551e66 100644
if (err)
return -EFAULT;
-@@ -355,8 +360,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -361,8 +360,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
save_altstack_ex(&frame->uc.uc_stack, regs->sp);
/* Set up to return from userspace. */
@@ -27418,7 +27341,7 @@ index 1ea14fd..b551e66 100644
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
put_user_ex(restorer, &frame->pretcode);
-@@ -368,7 +375,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -374,7 +375,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
@@ -27427,29 +27350,7 @@ index 1ea14fd..b551e66 100644
} put_user_catch(err);
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
-@@ -450,19 +457,9 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
-
- regs->sp = (unsigned long)frame;
-
-- /*
-- * Set up the CS and SS registers to run signal handlers in
-- * 64-bit mode, even if the handler happens to be interrupting
-- * 32-bit or 16-bit code.
-- *
-- * SS is subtle. In 64-bit mode, we don't need any particular
-- * SS descriptor, but we do need SS to be valid. It's possible
-- * that the old SS is entirely bogus -- this can happen if the
-- * signal we're trying to deliver is #GP or #SS caused by a bad
-- * SS value.
-- */
-+ /* Set up the CS register to run signal handlers in 64-bit mode,
-+ even if the handler happens to be interrupting 32-bit code. */
- regs->cs = __USER_CS;
-- regs->ss = __USER_DS;
-
- return 0;
- }
-@@ -598,7 +595,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -594,7 +595,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
{
int usig = ksig->sig;
sigset_t *set = sigmask_to_save();
@@ -27463,7 +27364,7 @@ index 1ea14fd..b551e66 100644
/* Set up the stack frame */
if (is_ia32_frame()) {
-@@ -609,7 +611,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -605,7 +611,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
} else if (is_x32_frame()) {
return x32_setup_rt_frame(ksig, cset, regs);
} else {
@@ -35727,13 +35628,13 @@ index 1c9f750..cfddb1a 100644
{
int cpu = smp_processor_id();
diff --git a/arch/x86/xen/Kconfig b/arch/x86/xen/Kconfig
-index e88fda8..76ce7ce 100644
+index 4841453..d59a203 100644
--- a/arch/x86/xen/Kconfig
+++ b/arch/x86/xen/Kconfig
@@ -9,6 +9,7 @@ config XEN
select XEN_HAVE_PVMMU
depends on X86_64 || (X86_32 && X86_PAE)
- depends on X86_TSC
+ depends on X86_LOCAL_APIC && X86_TSC
+ depends on !GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_VIRT_XEN
help
This is the Linux Xen port. Enabling this will allow the
@@ -36015,7 +35916,7 @@ index 8afdfcc..79239db 100644
mov %rsi,xen_start_info
mov $init_thread_union+THREAD_SIZE,%rsp
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
-index 9e195c6..523ed36 100644
+index bef30cb..f1a0d68 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -16,8 +16,6 @@ void xen_syscall_target(void);
@@ -36650,7 +36551,7 @@ index 287c4ba..6a600bc 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 41c99be..f058d4a 100644
+index e0064d1..e53c75e 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -102,7 +102,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
@@ -36662,7 +36563,7 @@ index 41c99be..f058d4a 100644
struct ata_force_param {
const char *name;
-@@ -4816,7 +4816,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4800,7 +4800,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -36671,7 +36572,7 @@ index 41c99be..f058d4a 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4833,7 +4833,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4817,7 +4817,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -36680,7 +36581,7 @@ index 41c99be..f058d4a 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5940,6 +5940,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5924,6 +5924,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -36688,7 +36589,7 @@ index 41c99be..f058d4a 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5953,8 +5954,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5937,8 +5938,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -36699,7 +36600,7 @@ index 41c99be..f058d4a 100644
spin_unlock(&lock);
}
-@@ -6150,7 +6152,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+@@ -6134,7 +6136,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
/* give ports names and add SCSI hosts */
for (i = 0; i < host->n_ports; i++) {
@@ -36709,10 +36610,10 @@ index 41c99be..f058d4a 100644
}
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index 641a61a..8309252 100644
+index 0d7f0da..bc20aa6 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
-@@ -4210,7 +4210,7 @@ int ata_sas_port_init(struct ata_port *ap)
+@@ -4193,7 +4193,7 @@ int ata_sas_port_init(struct ata_port *ap)
if (rc)
return rc;
@@ -36722,7 +36623,7 @@ index 641a61a..8309252 100644
}
EXPORT_SYMBOL_GPL(ata_sas_port_init);
diff --git a/drivers/ata/libata.h b/drivers/ata/libata.h
-index a998a17..8de4bf4 100644
+index f840ca1..edd6ef3 100644
--- a/drivers/ata/libata.h
+++ b/drivers/ata/libata.h
@@ -53,7 +53,7 @@ enum {
@@ -42366,28 +42267,6 @@ index 722a925..594c312 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
-diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
-index 008e89b..32d52d2 100644
---- a/drivers/hid/hid-input.c
-+++ b/drivers/hid/hid-input.c
-@@ -462,12 +462,15 @@ out:
-
- static void hidinput_cleanup_battery(struct hid_device *dev)
- {
-+ const struct power_supply_desc *psy_desc;
-+
- if (!dev->battery)
- return;
-
-+ psy_desc = dev->battery->desc;
- power_supply_unregister(dev->battery);
-- kfree(dev->battery->desc->name);
-- kfree(dev->battery->desc);
-+ kfree(psy_desc->name);
-+ kfree(psy_desc);
- dev->battery = NULL;
- }
- #else /* !CONFIG_HID_BATTERY_STRENGTH */
diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c
index 5614fee..8301fbf 100644
--- a/drivers/hid/hid-sensor-custom.c
@@ -45348,7 +45227,7 @@ index 16ba55a..31af906 100644
"start=%llu, len=%llu, dev_size=%llu",
dm_device_name(ti->table->md), bdevname(bdev, b),
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
-index 79f6941..b33b4e0 100644
+index cde1d67..4c88a5ce 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -404,7 +404,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
@@ -50327,10 +50206,10 @@ index 0ffb6ff..c0b7f0e 100644
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index 37e6a6f..b3b0369 100644
+index 699a480..1801fc3 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1919,7 +1919,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1935,7 +1935,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
char buf[8];
@@ -50339,7 +50218,7 @@ index 37e6a6f..b3b0369 100644
u32 reset_flag;
memset(buf, 0, sizeof(buf));
-@@ -1940,7 +1940,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1956,7 +1956,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
{
struct iwl_trans *trans = file->private_data;
char buf[8];
@@ -52372,7 +52251,7 @@ index 6577130..955f9a4 100644
struct board_type {
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
-index 1b3a094..068e683 100644
+index 30f9ef0..a1e29ac 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -101,12 +101,12 @@ struct fc_exch_mgr {
@@ -52394,7 +52273,7 @@ index 1b3a094..068e683 100644
} stats;
};
-@@ -811,7 +811,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
+@@ -809,7 +809,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
/* allocate memory for exchange */
ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
if (!ep) {
@@ -52403,7 +52282,7 @@ index 1b3a094..068e683 100644
goto out;
}
memset(ep, 0, sizeof(*ep));
-@@ -874,7 +874,7 @@ out:
+@@ -872,7 +872,7 @@ out:
return ep;
err:
spin_unlock_bh(&pool->lock);
@@ -52412,7 +52291,7 @@ index 1b3a094..068e683 100644
mempool_free(ep, mp->ep_pool);
return NULL;
}
-@@ -1023,7 +1023,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1021,7 +1021,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
xid = ntohs(fh->fh_ox_id); /* we originated exch */
ep = fc_exch_find(mp, xid);
if (!ep) {
@@ -52421,7 +52300,7 @@ index 1b3a094..068e683 100644
reject = FC_RJT_OX_ID;
goto out;
}
-@@ -1053,7 +1053,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1051,7 +1051,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
ep = fc_exch_find(mp, xid);
if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
if (ep) {
@@ -52430,7 +52309,7 @@ index 1b3a094..068e683 100644
reject = FC_RJT_RX_ID;
goto rel;
}
-@@ -1064,7 +1064,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1062,7 +1062,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
}
xid = ep->xid; /* get our XID */
} else if (!ep) {
@@ -52439,7 +52318,7 @@ index 1b3a094..068e683 100644
reject = FC_RJT_RX_ID; /* XID not found */
goto out;
}
-@@ -1082,7 +1082,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1080,7 +1080,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
} else {
sp = &ep->seq;
if (sp->id != fh->fh_seq_id) {
@@ -52448,7 +52327,7 @@ index 1b3a094..068e683 100644
if (f_ctl & FC_FC_END_SEQ) {
/*
* Update sequence_id based on incoming last
-@@ -1533,22 +1533,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1531,22 +1531,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
if (!ep) {
@@ -52475,7 +52354,7 @@ index 1b3a094..068e683 100644
goto rel;
}
sof = fr_sof(fp);
-@@ -1557,7 +1557,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1555,7 +1555,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
sp->ssb_stat |= SSB_ST_RESP;
sp->id = fh->fh_seq_id;
} else if (sp->id != fh->fh_seq_id) {
@@ -52484,7 +52363,7 @@ index 1b3a094..068e683 100644
goto rel;
}
-@@ -1619,9 +1619,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1618,9 +1618,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */
if (!sp)
@@ -53102,7 +52981,7 @@ index f115f67..b80b2c1 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 7f9d65f..e856438 100644
+index 11ea52b..7968d4d 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -111,7 +111,7 @@ static int sd_resume(struct device *);
@@ -97424,7 +97303,7 @@ index 1eee6bc..9cf4912 100644
extern struct ipc_namespace init_ipc_ns;
extern atomic_t nr_ipc_ns;
diff --git a/include/linux/irq.h b/include/linux/irq.h
-index 62c6901..827f8f6 100644
+index 3532dca..03ffc0b 100644
--- a/include/linux/irq.h
+++ b/include/linux/irq.h
@@ -370,7 +370,8 @@ struct irq_chip {
@@ -102918,52 +102797,10 @@ index c3fc5c2..1f32fe2 100644
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
diff --git a/ipc/sem.c b/ipc/sem.c
-index d1a6edd..1a59db4 100644
+index c50aa57..07e9531 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
-@@ -253,6 +253,16 @@ static void sem_rcu_free(struct rcu_head *head)
- }
-
- /*
-+ * spin_unlock_wait() and !spin_is_locked() are not memory barriers, they
-+ * are only control barriers.
-+ * The code must pair with spin_unlock(&sem->lock) or
-+ * spin_unlock(&sem_perm.lock), thus just the control barrier is insufficient.
-+ *
-+ * smp_rmb() is sufficient, as writes cannot pass the control barrier.
-+ */
-+#define ipc_smp_acquire__after_spin_is_unlocked() smp_rmb()
-+
-+/*
- * Wait until all currently ongoing simple ops have completed.
- * Caller must own sem_perm.lock.
- * New simple ops cannot start, because simple ops first check
-@@ -275,6 +285,7 @@ static void sem_wait_array(struct sem_array *sma)
- sem = sma->sem_base + i;
- spin_unlock_wait(&sem->lock);
- }
-+ ipc_smp_acquire__after_spin_is_unlocked();
- }
-
- /*
-@@ -327,13 +338,12 @@ static inline int sem_lock(struct sem_array *sma, struct sembuf *sops,
- /* Then check that the global lock is free */
- if (!spin_is_locked(&sma->sem_perm.lock)) {
- /*
-- * The ipc object lock check must be visible on all
-- * cores before rechecking the complex count. Otherwise
-- * we can race with another thread that does:
-+ * We need a memory barrier with acquire semantics,
-+ * otherwise we can race with another thread that does:
- * complex_count++;
- * spin_unlock(sem_perm.lock);
- */
-- smp_rmb();
-+ ipc_smp_acquire__after_spin_is_unlocked();
-
- /*
- * Now repeat the test of complex_count:
-@@ -1780,7 +1790,7 @@ static int get_queue_result(struct sem_queue *q)
+@@ -1790,7 +1790,7 @@ static int get_queue_result(struct sem_queue *q)
}
SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
@@ -102972,7 +102809,7 @@ index d1a6edd..1a59db4 100644
{
int error = -EINVAL;
struct sem_array *sma;
-@@ -2015,7 +2025,7 @@ out_free:
+@@ -2025,7 +2025,7 @@ out_free:
}
SYSCALL_DEFINE3(semop, int, semid, struct sembuf __user *, tsops,
@@ -103729,7 +103566,7 @@ index 41213454..861e178 100644
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 0ceb386..ddaf008 100644
+index 9481749..5fbec5b 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -172,8 +172,15 @@ static struct srcu_struct pmus_srcu;
@@ -103779,7 +103616,7 @@ index 0ceb386..ddaf008 100644
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -4268,10 +4275,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -4303,10 +4310,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
@@ -103792,7 +103629,7 @@ index 0ceb386..ddaf008 100644
arch_perf_update_userpage(event, userpg, now);
-@@ -4946,7 +4953,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -4989,7 +4996,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
/* Data. */
sp = perf_user_stack_pointer(regs);
@@ -103801,7 +103638,7 @@ index 0ceb386..ddaf008 100644
dyn_size = dump_size - rem;
perf_output_skip(handle, rem);
-@@ -5037,11 +5044,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -5080,11 +5087,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
@@ -103815,7 +103652,7 @@ index 0ceb386..ddaf008 100644
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -7533,7 +7540,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -7576,7 +7583,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
event->ns = get_pid_ns(task_active_pid_ns(current));
@@ -103824,7 +103661,7 @@ index 0ceb386..ddaf008 100644
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -7892,6 +7899,11 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -7935,6 +7942,11 @@ SYSCALL_DEFINE5(perf_event_open,
if (flags & ~PERF_FLAG_ALL)
return -EINVAL;
@@ -103836,7 +103673,7 @@ index 0ceb386..ddaf008 100644
err = perf_copy_attr(attr_uptr, &attr);
if (err)
return err;
-@@ -8340,10 +8352,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -8383,10 +8395,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
@@ -108302,7 +108139,7 @@ index a4e372b..766810e 100644
if (!retval) {
if (old_rlim)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index c3eee4c..586e4a0 100644
+index c3eee4c..2e53ad1 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -94,7 +94,6 @@
@@ -108544,6 +108381,15 @@ index c3eee4c..586e4a0 100644
if (copy_to_user(*buf, tmp, len))
return -EFAULT;
*size -= len;
+@@ -1988,7 +2058,7 @@ static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp,
+ int val = *valp;
+ if (val < 0) {
+ *negp = true;
+- *lvalp = (unsigned long)-val;
++ *lvalp = -(unsigned long)val;
+ } else {
+ *negp = false;
+ *lvalp = (unsigned long)val;
@@ -2128,6 +2198,44 @@ int proc_dointvec(struct ctl_table *table, int write,
NULL,NULL);
}
@@ -108570,7 +108416,7 @@ index c3eee4c..586e4a0 100644
+ int val = *valp;
+ if (val < 0) {
+ *negp = true;
-+ *lvalp = (unsigned long)-val;
++ *lvalp = -(unsigned long)val;
+ } else {
+ *negp = false;
+ *lvalp = (unsigned long)val;
@@ -108617,10 +108463,20 @@ index c3eee4c..586e4a0 100644
struct do_proc_dointvec_minmax_conv_param {
int *min;
-@@ -2203,6 +2309,32 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
- return 0;
- }
-
+@@ -2194,7 +2300,33 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
+ int val = *valp;
+ if (val < 0) {
+ *negp = true;
+- *lvalp = (unsigned long)-val;
++ *lvalp = -(unsigned long)val;
++ } else {
++ *negp = false;
++ *lvalp = (unsigned long)val;
++ }
++ }
++ return 0;
++}
++
+static int do_proc_dointvec_minmax_conv_secure(bool *negp, unsigned long *lvalp,
+ int *valp,
+ int write, void *data)
@@ -108638,18 +108494,10 @@ index c3eee4c..586e4a0 100644
+ int val = *valp;
+ if (val < 0) {
+ *negp = true;
-+ *lvalp = (unsigned long)-val;
-+ } else {
-+ *negp = false;
-+ *lvalp = (unsigned long)val;
-+ }
-+ }
-+ return 0;
-+}
-+
- /**
- * proc_dointvec_minmax - read a vector of integers with min/max values
- * @table: the sysctl table
++ *lvalp = -(unsigned long)val;
+ } else {
+ *negp = false;
+ *lvalp = (unsigned long)val;
@@ -2230,6 +2362,17 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
do_proc_dointvec_minmax_conv, ¶m);
}
@@ -108668,6 +108516,33 @@ index c3eee4c..586e4a0 100644
static void validate_coredump_safety(void)
{
#ifdef CONFIG_COREDUMP
+@@ -2429,7 +2572,7 @@ static int do_proc_dointvec_jiffies_conv(bool *negp, unsigned long *lvalp,
+ unsigned long lval;
+ if (val < 0) {
+ *negp = true;
+- lval = (unsigned long)-val;
++ lval = -(unsigned long)val;
+ } else {
+ *negp = false;
+ lval = (unsigned long)val;
+@@ -2452,7 +2595,7 @@ static int do_proc_dointvec_userhz_jiffies_conv(bool *negp, unsigned long *lvalp
+ unsigned long lval;
+ if (val < 0) {
+ *negp = true;
+- lval = (unsigned long)-val;
++ lval = -(unsigned long)val;
+ } else {
+ *negp = false;
+ lval = (unsigned long)val;
+@@ -2477,7 +2620,7 @@ static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp,
+ unsigned long lval;
+ if (val < 0) {
+ *negp = true;
+- lval = (unsigned long)-val;
++ lval = -(unsigned long)val;
+ } else {
+ *negp = false;
+ lval = (unsigned long)val;
@@ -2732,6 +2875,12 @@ int proc_dostring(struct ctl_table *table, int write,
return -ENOSYS;
}
@@ -111259,7 +111134,7 @@ index d551475..8fdd7f3 100644
if (end == start)
return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 501820c..9612bcf 100644
+index 9f48145..60a2ac1 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -111342,7 +111217,7 @@ index 501820c..9612bcf 100644
freeit = 1;
if (PageHuge(page))
clear_page_hwpoison_huge_page(page);
-@@ -1616,11 +1616,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+@@ -1617,11 +1617,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
@@ -111356,7 +111231,7 @@ index 501820c..9612bcf 100644
}
}
return ret;
-@@ -1659,7 +1659,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1660,7 +1660,7 @@ static int __soft_offline_page(struct page *page, int flags)
put_page(page);
pr_info("soft_offline: %#lx: invalidated\n", pfn);
SetPageHWPoison(page);
@@ -111365,7 +111240,7 @@ index 501820c..9612bcf 100644
return 0;
}
-@@ -1708,7 +1708,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1709,7 +1709,7 @@ static int __soft_offline_page(struct page *page, int flags)
if (!is_free_buddy_page(page))
pr_info("soft offline: %#lx: page leaked\n",
pfn);
@@ -111374,7 +111249,7 @@ index 501820c..9612bcf 100644
}
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1778,11 +1778,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1779,11 +1779,11 @@ int soft_offline_page(struct page *page, int flags)
if (PageHuge(page)) {
set_page_hwpoison_huge_page(hpage);
if (!dequeue_hwpoisoned_huge_page(hpage))
@@ -116140,26 +116015,6 @@ index c92b52f..006c052 100644
.kind = "vlan",
.maxtype = IFLA_VLAN_MAX,
.policy = vlan_policy,
-diff --git a/net/9p/client.c b/net/9p/client.c
-index 81925b9..fcf6fe0 100644
---- a/net/9p/client.c
-+++ b/net/9p/client.c
-@@ -1541,6 +1541,7 @@ p9_client_read(struct p9_fid *fid, u64 offset, struct iov_iter *to, int *err)
- struct p9_client *clnt = fid->clnt;
- struct p9_req_t *req;
- int total = 0;
-+ *err = 0;
-
- p9_debug(P9_DEBUG_9P, ">>> TREAD fid %d offset %llu %d\n",
- fid->fid, (unsigned long long) offset, (int)iov_iter_count(to));
-@@ -1616,6 +1617,7 @@ p9_client_write(struct p9_fid *fid, u64 offset, struct iov_iter *from, int *err)
- struct p9_client *clnt = fid->clnt;
- struct p9_req_t *req;
- int total = 0;
-+ *err = 0;
-
- p9_debug(P9_DEBUG_9P, ">>> TWRITE fid %d offset %llu count %zd\n",
- fid->fid, (unsigned long long) offset,
diff --git a/net/9p/mod.c b/net/9p/mod.c
index 6ab36ae..6f1841b 100644
--- a/net/9p/mod.c
@@ -126025,7 +125880,7 @@ index 213a416..aeab5c9 100644
list_add(&s->list, &cs4297a_devs);
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
-index 5645481..63e53a2 100644
+index 36e8f12..9571f49 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -1946,7 +1946,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec,
diff --git a/4.1.6/4425_grsec_remove_EI_PAX.patch b/4.1.7/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 4.1.6/4425_grsec_remove_EI_PAX.patch
rename to 4.1.7/4425_grsec_remove_EI_PAX.patch
diff --git a/4.1.6/4427_force_XATTR_PAX_tmpfs.patch b/4.1.7/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 4.1.6/4427_force_XATTR_PAX_tmpfs.patch
rename to 4.1.7/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.1.6/4430_grsec-remove-localversion-grsec.patch b/4.1.7/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 4.1.6/4430_grsec-remove-localversion-grsec.patch
rename to 4.1.7/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.1.6/4435_grsec-mute-warnings.patch b/4.1.7/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 4.1.6/4435_grsec-mute-warnings.patch
rename to 4.1.7/4435_grsec-mute-warnings.patch
diff --git a/4.1.6/4440_grsec-remove-protected-paths.patch b/4.1.7/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 4.1.6/4440_grsec-remove-protected-paths.patch
rename to 4.1.7/4440_grsec-remove-protected-paths.patch
diff --git a/4.1.6/4450_grsec-kconfig-default-gids.patch b/4.1.7/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 4.1.6/4450_grsec-kconfig-default-gids.patch
rename to 4.1.7/4450_grsec-kconfig-default-gids.patch
diff --git a/4.1.6/4465_selinux-avc_audit-log-curr_ip.patch b/4.1.7/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 4.1.6/4465_selinux-avc_audit-log-curr_ip.patch
rename to 4.1.7/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.1.6/4470_disable-compat_vdso.patch b/4.1.7/4470_disable-compat_vdso.patch
similarity index 100%
rename from 4.1.6/4470_disable-compat_vdso.patch
rename to 4.1.7/4470_disable-compat_vdso.patch
diff --git a/4.1.6/4475_emutramp_default_on.patch b/4.1.7/4475_emutramp_default_on.patch
similarity index 100%
rename from 4.1.6/4475_emutramp_default_on.patch
rename to 4.1.7/4475_emutramp_default_on.patch
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-09-15 6:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-15 6:04 [gentoo-commits] proj/hardened-patchset:master commit in: 4.1.7/, 4.1.6/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox