From: "Anthony G. Basile" <blueness@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.39/, 2.6.32/
Date: Wed, 24 Aug 2011 09:02:16 +0000 (UTC) [thread overview]
Message-ID: <22102caf72a2ba344bc84da64f789414179259fa.blueness@gentoo> (raw)
commit: 22102caf72a2ba344bc84da64f789414179259fa
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 24 09:02:02 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Aug 24 09:02:02 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=22102caf
Grsec/PaX: 2.2.2-2.6.32.45-201108211939 2.2.2-2.6.39.4-201108211939
---
2.6.32/0000_README | 2 +-
..._grsecurity-2.2.2-2.6.32.45-201108211939.patch} | 297 ++++++++++++++++++--
2.6.39/0000_README | 2 +-
...0_grsecurity-2.2.2-2.6.39.4-201108211939.patch} | 7 +-
4 files changed, 272 insertions(+), 36 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index f4bf114..e5ee171 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -11,7 +11,7 @@ Patch: 1044_linux-2.6.32.45.patch
From: http://www.kernel.org
Desc: Linux 2.6.39.45
-Patch: 4420_grsecurity-2.2.2-2.6.32.45-201108192305.patch
+Patch: 4420_grsecurity-2.2.2-2.6.32.45-201108211939.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.45-201108192305.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.45-201108211939.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.2.2-2.6.32.45-201108192305.patch
rename to 2.6.32/4420_grsecurity-2.2.2-2.6.32.45-201108211939.patch
index 26eb4f1..78cefe3 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.45-201108192305.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.45-201108211939.patch
@@ -1484,6 +1484,19 @@ diff -urNp linux-2.6.32.45/arch/mips/include/asm/page.h linux-2.6.32.45/arch/mip
#else
typedef struct { unsigned long long pte; } pte_t;
#define pte_val(x) ((x).pte)
+diff -urNp linux-2.6.32.45/arch/mips/include/asm/reboot.h linux-2.6.32.45/arch/mips/include/asm/reboot.h
+--- linux-2.6.32.45/arch/mips/include/asm/reboot.h 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/arch/mips/include/asm/reboot.h 2011-08-21 17:35:02.000000000 -0400
+@@ -9,7 +9,7 @@
+ #ifndef _ASM_REBOOT_H
+ #define _ASM_REBOOT_H
+
+-extern void (*_machine_restart)(char *command);
+-extern void (*_machine_halt)(void);
++extern void (*__noreturn _machine_restart)(char *command);
++extern void (*__noreturn _machine_halt)(void);
+
+ #endif /* _ASM_REBOOT_H */
diff -urNp linux-2.6.32.45/arch/mips/include/asm/system.h linux-2.6.32.45/arch/mips/include/asm/system.h
--- linux-2.6.32.45/arch/mips/include/asm/system.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/arch/mips/include/asm/system.h 2011-04-17 15:56:45.000000000 -0400
@@ -1559,6 +1572,40 @@ diff -urNp linux-2.6.32.45/arch/mips/kernel/process.c linux-2.6.32.45/arch/mips/
-
- return sp & ALMASK;
-}
+diff -urNp linux-2.6.32.45/arch/mips/kernel/reset.c linux-2.6.32.45/arch/mips/kernel/reset.c
+--- linux-2.6.32.45/arch/mips/kernel/reset.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/arch/mips/kernel/reset.c 2011-08-21 17:35:26.000000000 -0400
+@@ -19,8 +19,8 @@
+ * So handle all using function pointers to machine specific
+ * functions.
+ */
+-void (*_machine_restart)(char *command);
+-void (*_machine_halt)(void);
++void (*__noreturn _machine_restart)(char *command);
++void (*__noreturn _machine_halt)(void);
+ void (*pm_power_off)(void);
+
+ EXPORT_SYMBOL(pm_power_off);
+@@ -29,16 +29,19 @@ void machine_restart(char *command)
+ {
+ if (_machine_restart)
+ _machine_restart(command);
++ BUG();
+ }
+
+ void machine_halt(void)
+ {
+ if (_machine_halt)
+ _machine_halt();
++ BUG();
+ }
+
+ void machine_power_off(void)
+ {
+ if (pm_power_off)
+ pm_power_off();
++ BUG();
+ }
diff -urNp linux-2.6.32.45/arch/mips/kernel/syscall.c linux-2.6.32.45/arch/mips/kernel/syscall.c
--- linux-2.6.32.45/arch/mips/kernel/syscall.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/arch/mips/kernel/syscall.c 2011-04-17 15:56:45.000000000 -0400
@@ -1596,6 +1643,18 @@ diff -urNp linux-2.6.32.45/arch/mips/kernel/syscall.c linux-2.6.32.45/arch/mips/
return addr;
addr = vmm->vm_end;
if (do_color_align)
+diff -urNp linux-2.6.32.45/arch/mips/Makefile linux-2.6.32.45/arch/mips/Makefile
+--- linux-2.6.32.45/arch/mips/Makefile 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/arch/mips/Makefile 2011-08-21 19:26:52.000000000 -0400
+@@ -51,6 +51,8 @@ endif
+ cflags-y := -ffunction-sections
+ cflags-y += $(call cc-option, -mno-check-zero-division)
+
++cflags-y += -Wno-sign-compare -Wno-extra
++
+ ifdef CONFIG_32BIT
+ ld-emul = $(32bit-emul)
+ vmlinux-32 = vmlinux
diff -urNp linux-2.6.32.45/arch/mips/mm/fault.c linux-2.6.32.45/arch/mips/mm/fault.c
--- linux-2.6.32.45/arch/mips/mm/fault.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/arch/mips/mm/fault.c 2011-04-17 15:56:45.000000000 -0400
@@ -2146,7 +2205,7 @@ diff -urNp linux-2.6.32.45/arch/powerpc/include/asm/page_64.h linux-2.6.32.45/ar
diff -urNp linux-2.6.32.45/arch/powerpc/include/asm/page.h linux-2.6.32.45/arch/powerpc/include/asm/page.h
--- linux-2.6.32.45/arch/powerpc/include/asm/page.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.45/arch/powerpc/include/asm/page.h 2011-04-17 15:56:45.000000000 -0400
++++ linux-2.6.32.45/arch/powerpc/include/asm/page.h 2011-08-21 16:07:39.000000000 -0400
@@ -116,8 +116,9 @@ extern phys_addr_t kernstart_addr;
* and needs to be executable. This means the whole heap ends
* up being executable.
@@ -2205,6 +2264,18 @@ diff -urNp linux-2.6.32.45/arch/powerpc/include/asm/pte-hash32.h linux-2.6.32.45
#define _PAGE_COHERENT 0x010 /* M: enforce memory coherence (SMP systems) */
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
+diff -urNp linux-2.6.32.45/arch/powerpc/include/asm/ptrace.h linux-2.6.32.45/arch/powerpc/include/asm/ptrace.h
+--- linux-2.6.32.45/arch/powerpc/include/asm/ptrace.h 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/arch/powerpc/include/asm/ptrace.h 2011-08-21 15:53:58.000000000 -0400
+@@ -103,7 +103,7 @@ extern unsigned long profile_pc(struct p
+ } while(0)
+
+ struct task_struct;
+-extern unsigned long ptrace_get_reg(struct task_struct *task, int regno);
++extern unsigned long ptrace_get_reg(struct task_struct *task, unsigned int regno);
+ extern int ptrace_put_reg(struct task_struct *task, int regno,
+ unsigned long data);
+
diff -urNp linux-2.6.32.45/arch/powerpc/include/asm/reg.h linux-2.6.32.45/arch/powerpc/include/asm/reg.h
--- linux-2.6.32.45/arch/powerpc/include/asm/reg.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/arch/powerpc/include/asm/reg.h 2011-04-17 15:56:45.000000000 -0400
@@ -2727,6 +2798,27 @@ diff -urNp linux-2.6.32.45/arch/powerpc/kernel/process.c linux-2.6.32.45/arch/po
-
- return ret;
-}
+diff -urNp linux-2.6.32.45/arch/powerpc/kernel/ptrace.c linux-2.6.32.45/arch/powerpc/kernel/ptrace.c
+--- linux-2.6.32.45/arch/powerpc/kernel/ptrace.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/arch/powerpc/kernel/ptrace.c 2011-08-21 15:53:39.000000000 -0400
+@@ -86,7 +86,7 @@ static int set_user_trap(struct task_str
+ /*
+ * Get contents of register REGNO in task TASK.
+ */
+-unsigned long ptrace_get_reg(struct task_struct *task, int regno)
++unsigned long ptrace_get_reg(struct task_struct *task, unsigned int regno)
+ {
+ if (task->thread.regs == NULL)
+ return -EIO;
+@@ -894,7 +894,7 @@ long arch_ptrace(struct task_struct *chi
+
+ CHECK_FULL_REGS(child->thread.regs);
+ if (index < PT_FPR0) {
+- tmp = ptrace_get_reg(child, (int) index);
++ tmp = ptrace_get_reg(child, index);
+ } else {
+ flush_fp_to_thread(child);
+ tmp = ((unsigned long *)child->thread.fpr)
diff -urNp linux-2.6.32.45/arch/powerpc/kernel/signal_32.c linux-2.6.32.45/arch/powerpc/kernel/signal_32.c
--- linux-2.6.32.45/arch/powerpc/kernel/signal_32.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/arch/powerpc/kernel/signal_32.c 2011-04-17 15:56:45.000000000 -0400
@@ -2876,6 +2968,18 @@ diff -urNp linux-2.6.32.45/arch/powerpc/lib/usercopy_64.c linux-2.6.32.45/arch/p
-EXPORT_SYMBOL(copy_to_user);
EXPORT_SYMBOL(copy_in_user);
+diff -urNp linux-2.6.32.45/arch/powerpc/Makefile linux-2.6.32.45/arch/powerpc/Makefile
+--- linux-2.6.32.45/arch/powerpc/Makefile 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/arch/powerpc/Makefile 2011-08-21 19:27:08.000000000 -0400
+@@ -74,6 +74,8 @@ KBUILD_AFLAGS += -Iarch/$(ARCH)
+ KBUILD_CFLAGS += -msoft-float -pipe -Iarch/$(ARCH) $(CFLAGS-y)
+ CPP = $(CC) -E $(KBUILD_CFLAGS)
+
++cflags-y += -Wno-sign-compare -Wno-extra
++
+ CHECKFLAGS += -m$(CONFIG_WORD_SIZE) -D__powerpc__ -D__powerpc$(CONFIG_WORD_SIZE)__
+
+ ifeq ($(CONFIG_PPC64),y)
diff -urNp linux-2.6.32.45/arch/powerpc/mm/fault.c linux-2.6.32.45/arch/powerpc/mm/fault.c
--- linux-2.6.32.45/arch/powerpc/mm/fault.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/arch/powerpc/mm/fault.c 2011-04-17 15:56:45.000000000 -0400
@@ -2983,6 +3087,18 @@ diff -urNp linux-2.6.32.45/arch/powerpc/mm/fault.c linux-2.6.32.45/arch/powerpc/
_exception(SIGSEGV, regs, code, address);
return 0;
}
+diff -urNp linux-2.6.32.45/arch/powerpc/mm/mem.c linux-2.6.32.45/arch/powerpc/mm/mem.c
+--- linux-2.6.32.45/arch/powerpc/mm/mem.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/arch/powerpc/mm/mem.c 2011-08-21 15:50:39.000000000 -0400
+@@ -250,7 +250,7 @@ static int __init mark_nonram_nosave(voi
+ {
+ unsigned long lmb_next_region_start_pfn,
+ lmb_region_max_pfn;
+- int i;
++ unsigned int i;
+
+ for (i = 0; i < lmb.memory.cnt - 1; i++) {
+ lmb_region_max_pfn =
diff -urNp linux-2.6.32.45/arch/powerpc/mm/mmap_64.c linux-2.6.32.45/arch/powerpc/mm/mmap_64.c
--- linux-2.6.32.45/arch/powerpc/mm/mmap_64.c 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/arch/powerpc/mm/mmap_64.c 2011-04-17 15:56:45.000000000 -0400
@@ -24064,7 +24180,7 @@ diff -urNp linux-2.6.32.45/crypto/serpent.c linux-2.6.32.45/crypto/serpent.c
for (i = 0; i < keylen; ++i)
diff -urNp linux-2.6.32.45/Documentation/dontdiff linux-2.6.32.45/Documentation/dontdiff
--- linux-2.6.32.45/Documentation/dontdiff 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.45/Documentation/dontdiff 2011-05-18 20:09:36.000000000 -0400
++++ linux-2.6.32.45/Documentation/dontdiff 2011-08-21 18:59:02.000000000 -0400
@@ -1,13 +1,16 @@
*.a
*.aux
@@ -24122,7 +24238,14 @@ diff -urNp linux-2.6.32.45/Documentation/dontdiff linux-2.6.32.45/Documentation/
comp*.log
compile.h*
conf
-@@ -103,13 +117,14 @@ gen_crc32table
+@@ -97,19 +111,21 @@ elfconfig.h*
+ fixdep
+ fore200e_mkfirm
+ fore200e_pca_fw.c*
++gate.lds
+ gconf
+ gen-devlist
+ gen_crc32table
gen_init_cpio
genksyms
*_gray256.c
@@ -24138,7 +24261,7 @@ diff -urNp linux-2.6.32.45/Documentation/dontdiff linux-2.6.32.45/Documentation/
keywords.c
ksym.c*
ksym.h*
-@@ -133,7 +148,9 @@ mkboot
+@@ -133,7 +149,9 @@ mkboot
mkbugboot
mkcpustr
mkdep
@@ -24148,7 +24271,7 @@ diff -urNp linux-2.6.32.45/Documentation/dontdiff linux-2.6.32.45/Documentation/
mktables
mktree
modpost
-@@ -149,6 +166,7 @@ patches*
+@@ -149,6 +167,7 @@ patches*
pca200e.bin
pca200e_ecd.bin2
piggy.gz
@@ -24156,7 +24279,7 @@ diff -urNp linux-2.6.32.45/Documentation/dontdiff linux-2.6.32.45/Documentation/
piggyback
pnmtologo
ppc_defs.h*
-@@ -157,12 +175,15 @@ qconf
+@@ -157,12 +176,15 @@ qconf
raid6altivec*.c
raid6int*.c
raid6tables.c
@@ -24172,7 +24295,7 @@ diff -urNp linux-2.6.32.45/Documentation/dontdiff linux-2.6.32.45/Documentation/
sm_tbl*
split-include
syscalltab.h
-@@ -186,14 +207,20 @@ version.h*
+@@ -186,14 +208,20 @@ version.h*
vmlinux
vmlinux-*
vmlinux.aout
@@ -56645,8 +56768,8 @@ diff -urNp linux-2.6.32.45/grsecurity/Kconfig linux-2.6.32.45/grsecurity/Kconfig
+endmenu
diff -urNp linux-2.6.32.45/grsecurity/Makefile linux-2.6.32.45/grsecurity/Makefile
--- linux-2.6.32.45/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.45/grsecurity/Makefile 2011-08-17 19:02:41.000000000 -0400
-@@ -0,0 +1,33 @@
++++ linux-2.6.32.45/grsecurity/Makefile 2011-08-21 18:54:34.000000000 -0400
+@@ -0,0 +1,34 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
+# into an RBAC system
@@ -56665,7 +56788,8 @@ diff -urNp linux-2.6.32.45/grsecurity/Makefile linux-2.6.32.45/grsecurity/Makefi
+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
+
+ifdef CONFIG_NET
-+obj-$(CONFIG_GRKERNSEC) += gracl_ip.o grsec_sock.o
++obj-y += grsec_sock.o
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
+endif
+
+ifndef CONFIG_GRKERNSEC
@@ -56993,6 +57117,23 @@ diff -urNp linux-2.6.32.45/include/asm-generic/atomic-long.h linux-2.6.32.45/inc
+#endif
+
#endif /* _ASM_GENERIC_ATOMIC_LONG_H */
+diff -urNp linux-2.6.32.45/include/asm-generic/bug.h linux-2.6.32.45/include/asm-generic/bug.h
+--- linux-2.6.32.45/include/asm-generic/bug.h 2011-07-13 17:23:04.000000000 -0400
++++ linux-2.6.32.45/include/asm-generic/bug.h 2011-08-21 17:56:07.000000000 -0400
+@@ -105,11 +105,11 @@ extern void warn_slowpath_null(const cha
+
+ #else /* !CONFIG_BUG */
+ #ifndef HAVE_ARCH_BUG
+-#define BUG() do {} while(0)
++#define BUG() do { for (;;) ; } while(0)
+ #endif
+
+ #ifndef HAVE_ARCH_BUG_ON
+-#define BUG_ON(condition) do { if (condition) ; } while(0)
++#define BUG_ON(condition) do { if (condition) for (;;) ; } while(0)
+ #endif
+
+ #ifndef HAVE_ARCH_WARN_ON
diff -urNp linux-2.6.32.45/include/asm-generic/cache.h linux-2.6.32.45/include/asm-generic/cache.h
--- linux-2.6.32.45/include/asm-generic/cache.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/include/asm-generic/cache.h 2011-07-06 19:53:33.000000000 -0400
@@ -57117,6 +57258,18 @@ diff -urNp linux-2.6.32.45/include/asm-generic/dma-mapping-common.h linux-2.6.32
BUG_ON(!valid_dma_direction(dir));
if (ops->sync_sg_for_device)
+diff -urNp linux-2.6.32.45/include/asm-generic/emergency-restart.h linux-2.6.32.45/include/asm-generic/emergency-restart.h
+--- linux-2.6.32.45/include/asm-generic/emergency-restart.h 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/include/asm-generic/emergency-restart.h 2011-08-21 19:17:17.000000000 -0400
+@@ -1,7 +1,7 @@
+ #ifndef _ASM_GENERIC_EMERGENCY_RESTART_H
+ #define _ASM_GENERIC_EMERGENCY_RESTART_H
+
+-static inline void machine_emergency_restart(void)
++static inline __noreturn void machine_emergency_restart(void)
+ {
+ machine_restart(NULL);
+ }
diff -urNp linux-2.6.32.45/include/asm-generic/futex.h linux-2.6.32.45/include/asm-generic/futex.h
--- linux-2.6.32.45/include/asm-generic/futex.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/include/asm-generic/futex.h 2011-04-17 15:56:46.000000000 -0400
@@ -60528,8 +60681,16 @@ diff -urNp linux-2.6.32.45/include/linux/shm.h linux-2.6.32.45/include/linux/shm
/* shm_mode upper byte flags */
diff -urNp linux-2.6.32.45/include/linux/skbuff.h linux-2.6.32.45/include/linux/skbuff.h
--- linux-2.6.32.45/include/linux/skbuff.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.45/include/linux/skbuff.h 2011-07-06 19:53:33.000000000 -0400
-@@ -544,7 +544,7 @@ static inline union skb_shared_tx *skb_t
++++ linux-2.6.32.45/include/linux/skbuff.h 2011-08-21 15:27:56.000000000 -0400
+@@ -14,6 +14,7 @@
+ #ifndef _LINUX_SKBUFF_H
+ #define _LINUX_SKBUFF_H
+
++#include <linux/const.h>
+ #include <linux/kernel.h>
+ #include <linux/kmemcheck.h>
+ #include <linux/compiler.h>
+@@ -544,7 +545,7 @@ static inline union skb_shared_tx *skb_t
*/
static inline int skb_queue_empty(const struct sk_buff_head *list)
{
@@ -60538,7 +60699,7 @@ diff -urNp linux-2.6.32.45/include/linux/skbuff.h linux-2.6.32.45/include/linux/
}
/**
-@@ -557,7 +557,7 @@ static inline int skb_queue_empty(const
+@@ -557,7 +558,7 @@ static inline int skb_queue_empty(const
static inline bool skb_queue_is_last(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -60547,7 +60708,7 @@ diff -urNp linux-2.6.32.45/include/linux/skbuff.h linux-2.6.32.45/include/linux/
}
/**
-@@ -570,7 +570,7 @@ static inline bool skb_queue_is_last(con
+@@ -570,7 +571,7 @@ static inline bool skb_queue_is_last(con
static inline bool skb_queue_is_first(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -60556,7 +60717,7 @@ diff -urNp linux-2.6.32.45/include/linux/skbuff.h linux-2.6.32.45/include/linux/
}
/**
-@@ -1367,7 +1367,7 @@ static inline int skb_network_offset(con
+@@ -1367,7 +1368,7 @@ static inline int skb_network_offset(con
* headroom, you should not reduce this.
*/
#ifndef NET_SKB_PAD
@@ -61369,7 +61530,16 @@ diff -urNp linux-2.6.32.45/include/net/neighbour.h linux-2.6.32.45/include/net/n
struct pneigh_entry
diff -urNp linux-2.6.32.45/include/net/netlink.h linux-2.6.32.45/include/net/netlink.h
--- linux-2.6.32.45/include/net/netlink.h 2011-07-13 17:23:04.000000000 -0400
-+++ linux-2.6.32.45/include/net/netlink.h 2011-07-13 17:23:19.000000000 -0400
++++ linux-2.6.32.45/include/net/netlink.h 2011-08-21 18:08:11.000000000 -0400
+@@ -335,7 +335,7 @@ static inline int nlmsg_ok(const struct
+ {
+ return (remaining >= (int) sizeof(struct nlmsghdr) &&
+ nlh->nlmsg_len >= sizeof(struct nlmsghdr) &&
+- nlh->nlmsg_len <= remaining);
++ nlh->nlmsg_len <= (unsigned int)remaining);
+ }
+
+ /**
@@ -558,7 +558,7 @@ static inline void *nlmsg_get_pos(struct
static inline void nlmsg_trim(struct sk_buff *skb, const void *mark)
{
@@ -61429,7 +61599,7 @@ diff -urNp linux-2.6.32.45/include/net/secure_seq.h linux-2.6.32.45/include/net/
#endif /* _NET_SECURE_SEQ */
diff -urNp linux-2.6.32.45/include/net/sock.h linux-2.6.32.45/include/net/sock.h
--- linux-2.6.32.45/include/net/sock.h 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.45/include/net/sock.h 2011-05-04 17:56:28.000000000 -0400
++++ linux-2.6.32.45/include/net/sock.h 2011-08-21 17:24:37.000000000 -0400
@@ -272,7 +272,7 @@ struct sock {
rwlock_t sk_callback_lock;
int sk_err,
@@ -61439,6 +61609,15 @@ diff -urNp linux-2.6.32.45/include/net/sock.h linux-2.6.32.45/include/net/sock.h
unsigned short sk_ack_backlog;
unsigned short sk_max_ack_backlog;
__u32 sk_priority;
+@@ -737,7 +737,7 @@ static inline void sk_refcnt_debug_relea
+ extern void sock_prot_inuse_add(struct net *net, struct proto *prot, int inc);
+ extern int sock_prot_inuse_get(struct net *net, struct proto *proto);
+ #else
+-static void inline sock_prot_inuse_add(struct net *net, struct proto *prot,
++static inline void sock_prot_inuse_add(struct net *net, struct proto *prot,
+ int inc)
+ {
+ }
diff -urNp linux-2.6.32.45/include/net/tcp.h linux-2.6.32.45/include/net/tcp.h
--- linux-2.6.32.45/include/net/tcp.h 2011-03-27 14:31:47.000000000 -0400
+++ linux-2.6.32.45/include/net/tcp.h 2011-04-17 15:56:46.000000000 -0400
@@ -64600,7 +64779,7 @@ diff -urNp linux-2.6.32.45/kernel/perf_event.c linux-2.6.32.45/kernel/perf_event
/*
diff -urNp linux-2.6.32.45/kernel/pid.c linux-2.6.32.45/kernel/pid.c
--- linux-2.6.32.45/kernel/pid.c 2011-04-22 19:16:29.000000000 -0400
-+++ linux-2.6.32.45/kernel/pid.c 2011-07-14 19:15:33.000000000 -0400
++++ linux-2.6.32.45/kernel/pid.c 2011-08-21 19:11:29.000000000 -0400
@@ -33,6 +33,7 @@
#include <linux/rculist.h>
#include <linux/bootmem.h>
@@ -64634,14 +64813,12 @@ diff -urNp linux-2.6.32.45/kernel/pid.c linux-2.6.32.45/kernel/pid.c
}
struct task_struct *find_task_by_vpid(pid_t vnr)
-@@ -391,6 +399,13 @@ struct task_struct *find_task_by_vpid(pi
+@@ -391,6 +399,11 @@ struct task_struct *find_task_by_vpid(pi
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
+struct task_struct *find_task_by_vpid_unrestricted(pid_t vnr)
+{
-+ struct task_struct *task;
-+
+ return pid_task(find_pid_ns(vnr, current->nsproxy->pid_ns), PIDTYPE_PID);
+}
+
@@ -65486,8 +65663,20 @@ diff -urNp linux-2.6.32.45/kernel/rtmutex-tester.c linux-2.6.32.45/kernel/rtmute
case RTTEST_LOCKBKL:
diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
--- linux-2.6.32.45/kernel/sched.c 2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.45/kernel/sched.c 2011-05-22 23:02:06.000000000 -0400
-@@ -5043,7 +5043,7 @@ out:
++++ linux-2.6.32.45/kernel/sched.c 2011-08-21 19:29:25.000000000 -0400
+@@ -2764,9 +2764,10 @@ void wake_up_new_task(struct task_struct
+ {
+ unsigned long flags;
+ struct rq *rq;
+- int cpu = get_cpu();
+
+ #ifdef CONFIG_SMP
++ int cpu = get_cpu();
++
+ rq = task_rq_lock(p, &flags);
+ p->state = TASK_WAKING;
+
+@@ -5043,7 +5044,7 @@ out:
* In CONFIG_NO_HZ case, the idle load balance owner will do the
* rebalancing for all the cpus for whom scheduler ticks are stopped.
*/
@@ -65496,7 +65685,7 @@ diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
{
int this_cpu = smp_processor_id();
struct rq *this_rq = cpu_rq(this_cpu);
-@@ -5700,6 +5700,8 @@ asmlinkage void __sched schedule(void)
+@@ -5700,6 +5701,8 @@ asmlinkage void __sched schedule(void)
struct rq *rq;
int cpu;
@@ -65505,7 +65694,7 @@ diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
need_resched:
preempt_disable();
cpu = smp_processor_id();
-@@ -5770,7 +5772,7 @@ EXPORT_SYMBOL(schedule);
+@@ -5770,7 +5773,7 @@ EXPORT_SYMBOL(schedule);
* Look out! "owner" is an entirely speculative pointer
* access and not reliable.
*/
@@ -65514,7 +65703,7 @@ diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
{
unsigned int cpu;
struct rq *rq;
-@@ -5784,10 +5786,10 @@ int mutex_spin_on_owner(struct mutex *lo
+@@ -5784,10 +5787,10 @@ int mutex_spin_on_owner(struct mutex *lo
* DEBUG_PAGEALLOC could have unmapped it if
* the mutex owner just released it and exited.
*/
@@ -65527,7 +65716,7 @@ diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
#endif
/*
-@@ -5816,7 +5818,7 @@ int mutex_spin_on_owner(struct mutex *lo
+@@ -5816,7 +5819,7 @@ int mutex_spin_on_owner(struct mutex *lo
/*
* Is that owner really running on that cpu?
*/
@@ -65536,7 +65725,7 @@ diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
return 0;
cpu_relax();
-@@ -6359,6 +6361,8 @@ int can_nice(const struct task_struct *p
+@@ -6359,6 +6362,8 @@ int can_nice(const struct task_struct *p
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = 20 - nice;
@@ -65545,7 +65734,7 @@ diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
capable(CAP_SYS_NICE));
}
-@@ -6392,7 +6396,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -6392,7 +6397,8 @@ SYSCALL_DEFINE1(nice, int, increment)
if (nice > 19)
nice = 19;
@@ -65555,7 +65744,7 @@ diff -urNp linux-2.6.32.45/kernel/sched.c linux-2.6.32.45/kernel/sched.c
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -8774,7 +8779,7 @@ static void init_sched_groups_power(int
+@@ -8774,7 +8780,7 @@ static void init_sched_groups_power(int
long power;
int weight;
@@ -66970,7 +67159,7 @@ diff -urNp linux-2.6.32.45/localversion-grsec linux-2.6.32.45/localversion-grsec
+-grsec
diff -urNp linux-2.6.32.45/Makefile linux-2.6.32.45/Makefile
--- linux-2.6.32.45/Makefile 2011-08-16 20:37:25.000000000 -0400
-+++ linux-2.6.32.45/Makefile 2011-08-16 20:42:28.000000000 -0400
++++ linux-2.6.32.45/Makefile 2011-08-21 19:35:55.000000000 -0400
@@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
HOSTCC = gcc
@@ -71623,6 +71812,29 @@ diff -urNp linux-2.6.32.45/net/ipv4/netfilter/arp_tables.c linux-2.6.32.45/net/i
info.valid_hooks = t->valid_hooks;
memcpy(info.hook_entry, private->hook_entry,
sizeof(info.hook_entry));
+diff -urNp linux-2.6.32.45/net/ipv4/netfilter/ip_queue.c linux-2.6.32.45/net/ipv4/netfilter/ip_queue.c
+--- linux-2.6.32.45/net/ipv4/netfilter/ip_queue.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/net/ipv4/netfilter/ip_queue.c 2011-08-21 18:42:53.000000000 -0400
+@@ -286,6 +286,9 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, st
+
+ if (v->data_len < sizeof(*user_iph))
+ return 0;
++ if (v->data_len > 65535)
++ return -EMSGSIZE;
++
+ diff = v->data_len - e->skb->len;
+ if (diff < 0) {
+ if (pskb_trim(e->skb, v->data_len))
+@@ -409,7 +412,8 @@ ipq_dev_drop(int ifindex)
+ static inline void
+ __ipq_rcv_skb(struct sk_buff *skb)
+ {
+- int status, type, pid, flags, nlmsglen, skblen;
++ int status, type, pid, flags;
++ unsigned int nlmsglen, skblen;
+ struct nlmsghdr *nlh;
+
+ skblen = skb->len;
diff -urNp linux-2.6.32.45/net/ipv4/netfilter/ip_tables.c linux-2.6.32.45/net/ipv4/netfilter/ip_tables.c
--- linux-2.6.32.45/net/ipv4/netfilter/ip_tables.c 2011-04-17 17:00:52.000000000 -0400
+++ linux-2.6.32.45/net/ipv4/netfilter/ip_tables.c 2011-04-17 17:04:18.000000000 -0400
@@ -72142,6 +72354,29 @@ diff -urNp linux-2.6.32.45/net/ipv6/ipv6_sockglue.c linux-2.6.32.45/net/ipv6/ipv
if (ip6_mroute_opt(optname))
return ip6_mroute_getsockopt(sk, optname, optval, optlen);
+diff -urNp linux-2.6.32.45/net/ipv6/netfilter/ip6_queue.c linux-2.6.32.45/net/ipv6/netfilter/ip6_queue.c
+--- linux-2.6.32.45/net/ipv6/netfilter/ip6_queue.c 2011-03-27 14:31:47.000000000 -0400
++++ linux-2.6.32.45/net/ipv6/netfilter/ip6_queue.c 2011-08-21 18:43:32.000000000 -0400
+@@ -287,6 +287,9 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, st
+
+ if (v->data_len < sizeof(*user_iph))
+ return 0;
++ if (v->data_len > 65535)
++ return -EMSGSIZE;
++
+ diff = v->data_len - e->skb->len;
+ if (diff < 0) {
+ if (pskb_trim(e->skb, v->data_len))
+@@ -411,7 +414,8 @@ ipq_dev_drop(int ifindex)
+ static inline void
+ __ipq_rcv_skb(struct sk_buff *skb)
+ {
+- int status, type, pid, flags, nlmsglen, skblen;
++ int status, type, pid, flags;
++ unsigned int nlmsglen, skblen;
+ struct nlmsghdr *nlh;
+
+ skblen = skb->len;
diff -urNp linux-2.6.32.45/net/ipv6/netfilter/ip6_tables.c linux-2.6.32.45/net/ipv6/netfilter/ip6_tables.c
--- linux-2.6.32.45/net/ipv6/netfilter/ip6_tables.c 2011-04-17 17:00:52.000000000 -0400
+++ linux-2.6.32.45/net/ipv6/netfilter/ip6_tables.c 2011-04-17 17:04:18.000000000 -0400
diff --git a/2.6.39/0000_README b/2.6.39/0000_README
index 38058ed..3af2064 100644
--- a/2.6.39/0000_README
+++ b/2.6.39/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.2-2.6.39.4-201108192305.patch
+Patch: 4420_grsecurity-2.2.2-2.6.39.4-201108211939.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108192305.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108211939.patch
similarity index 99%
rename from 2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108192305.patch
rename to 2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108211939.patch
index 6d92b4a..9fd74be 100644
--- a/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108192305.patch
+++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39.4-201108211939.patch
@@ -51118,8 +51118,8 @@ diff -urNp linux-2.6.39.4/grsecurity/Kconfig linux-2.6.39.4/grsecurity/Kconfig
+endmenu
diff -urNp linux-2.6.39.4/grsecurity/Makefile linux-2.6.39.4/grsecurity/Makefile
--- linux-2.6.39.4/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.39.4/grsecurity/Makefile 2011-08-17 19:03:10.000000000 -0400
-@@ -0,0 +1,33 @@
++++ linux-2.6.39.4/grsecurity/Makefile 2011-08-21 18:54:57.000000000 -0400
+@@ -0,0 +1,34 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
+# into an RBAC system
@@ -51138,7 +51138,8 @@ diff -urNp linux-2.6.39.4/grsecurity/Makefile linux-2.6.39.4/grsecurity/Makefile
+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
+
+ifdef CONFIG_NET
-+obj-$(CONFIG_GRKERNSEC) += gracl_ip.o grsec_sock.o
++obj-y += grsec_sock.o
++obj-$(CONFIG_GRKERNSEC) += gracl_ip.o
+endif
+
+ifndef CONFIG_GRKERNSEC
next reply other threads:[~2011-08-24 9:02 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-24 9:02 Anthony G. Basile [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-08-20 18:41 [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.39/, 2.6.32/ Anthony G. Basile
2011-08-18 10:29 Anthony G. Basile
2011-08-18 2:13 Anthony G. Basile
2011-08-15 16:35 Anthony G. Basile
2011-08-09 14:33 Anthony G. Basile
2011-08-07 13:30 Anthony G. Basile
2011-08-06 23:51 Anthony G. Basile
2011-07-25 0:45 Anthony G. Basile
2011-07-25 0:42 Anthony G. Basile
2011-07-25 0:41 Anthony G. Basile
2011-07-25 0:39 Anthony G. Basile
2011-07-18 12:25 Anthony G. Basile
2011-07-12 21:26 Anthony G. Basile
2011-07-05 2:25 Anthony G. Basile
2011-06-29 14:38 Anthony G. Basile
2011-06-26 11:36 Anthony G. Basile
2011-06-24 9:28 Anthony G. Basile
2011-06-15 16:42 Anthony G. Basile
2011-06-09 18:03 Anthony G. Basile
2011-06-07 19:02 Anthony G. Basile
2011-06-06 5:40 Anthony G. Basile
2011-05-26 10:39 Anthony G. Basile
2011-05-25 13:02 Anthony G. Basile
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22102caf72a2ba344bc84da64f789414179259fa.blueness@gentoo \
--to=blueness@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox