diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-07-25 17:11:22 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-07-25 17:11:22 -0400 |
commit | cfbb25cd9d5d220938dc00cac44d60a576e79967 (patch) | |
tree | 53092d2ef6326dda07100d027a649db7a61205a8 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.61,3.2.48.3.10.1}-201307181236 (diff) | |
download | hardened-patchset-cfbb25cd9d5d220938dc00cac44d60a576e79967.tar.gz hardened-patchset-cfbb25cd9d5d220938dc00cac44d60a576e79967.tar.bz2 hardened-patchset-cfbb25cd9d5d220938dc00cac44d60a576e79967.zip |
Grsec/PaX: 2.9.1-{3.2.48,3.10.2}-201307212241
-rw-r--r-- | 3.10.2/0000_README (renamed from 3.10.1/0000_README) | 2 | ||||
-rw-r--r-- | 3.10.2/1000_linux-3.10.1.patch (renamed from 3.10.1/1000_linux-3.10.1.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4420_grsecurity-2.9.1-3.10.2-201307212247.patch (renamed from 3.10.1/4420_grsecurity-2.9.1-3.10.1-201307181236.patch) | 78 | ||||
-rw-r--r-- | 3.10.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.10.1/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.10.1/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.10.1/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4435_grsec-mute-warnings.patch (renamed from 3.10.1/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4440_grsec-remove-protected-paths.patch (renamed from 3.10.1/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.10.1/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.10.1/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4470_disable-compat_vdso.patch (renamed from 3.10.1/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.10.2/4475_emutramp_default_on.patch (renamed from 3.10.1/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.2.48/0000_README | 2 | ||||
-rw-r--r-- | 3.2.48/4420_grsecurity-2.9.1-3.2.48-201307212241.patch (renamed from 3.2.48/4420_grsecurity-2.9.1-3.2.48-201307181235.patch) | 51 |
14 files changed, 79 insertions, 54 deletions
diff --git a/3.10.1/0000_README b/3.10.2/0000_README index 67be42e..9f9962b 100644 --- a/3.10.1/0000_README +++ b/3.10.2/0000_README @@ -6,7 +6,7 @@ Patch: 1000_linux-3.10.1.patch From: http://www.kernel.org Desc: Linux 3.10.1 -Patch: 4420_grsecurity-2.9.1-3.10.1-201307181236.patch +Patch: 4420_grsecurity-2.9.1-3.10.2-201307212247.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.10.1/1000_linux-3.10.1.patch b/3.10.2/1000_linux-3.10.1.patch index 5dd0002..5dd0002 100644 --- a/3.10.1/1000_linux-3.10.1.patch +++ b/3.10.2/1000_linux-3.10.1.patch diff --git a/3.10.1/4420_grsecurity-2.9.1-3.10.1-201307181236.patch b/3.10.2/4420_grsecurity-2.9.1-3.10.2-201307212247.patch index 522a936..0a1f292 100644 --- a/3.10.1/4420_grsecurity-2.9.1-3.10.1-201307181236.patch +++ b/3.10.2/4420_grsecurity-2.9.1-3.10.2-201307212247.patch @@ -263,7 +263,7 @@ index 2fe6e76..3dd8184 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index b75cc30..6abd111 100644 +index 4336730..cb79194 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3795,7 +3795,7 @@ index cf08bdf..772656c 100644 unsigned long search_exception_table(unsigned long addr); diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c -index 9a5cdc0..a1182cf 100644 +index 0ecc43f..190b956 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c @@ -30,6 +30,8 @@ @@ -10437,7 +10437,7 @@ index 5ef205c..342191d 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index c205035..5853587 100644 +index d606463..b887794 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -150,7 +150,6 @@ again: @@ -32042,7 +32042,7 @@ index fcae5fa..e9f71ea 100644 static void delete_gpe_attr_array(void) { diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index a70ff15..f1ff44e 100644 +index 7b9bdd8..37638ca 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap) @@ -36668,11 +36668,24 @@ index 8a8725c2..afed796 100644 else { marker = list_first_entry(&queue->head, struct vmw_marker, head); +diff --git a/drivers/gpu/host1x/drm/dc.c b/drivers/gpu/host1x/drm/dc.c +index 8c04943..4370ed9 100644 +--- a/drivers/gpu/host1x/drm/dc.c ++++ b/drivers/gpu/host1x/drm/dc.c +@@ -999,7 +999,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor) + } + + for (i = 0; i < ARRAY_SIZE(debugfs_files); i++) +- dc->debugfs_files[i].data = dc; ++ *(void **)&dc->debugfs_files[i].data = dc; + + err = drm_debugfs_create_files(dc->debugfs_files, + ARRAY_SIZE(debugfs_files), diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 264f550..f92dd8c 100644 +index 402f486..f862d7e 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2269,7 +2269,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2275,7 +2275,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -36681,7 +36694,7 @@ index 264f550..f92dd8c 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2303,7 +2303,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2309,7 +2309,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -36745,7 +36758,7 @@ index 12f2f9e..679603c 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index bf421e0..ce2c897 100644 +index 4004e54..c2de226 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -668,10 +668,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) @@ -41570,7 +41583,7 @@ index d320df6..ca9a8f6 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 70f10fa..cb5e917 100644 +index ea37072..10e58e56 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -49586,7 +49599,7 @@ index 2091db8..81dafe9 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 02fae7f..48da375 100644 +index 7fb054b..ad36c67 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1076,9 +1076,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -51502,7 +51515,7 @@ index 22548f5..41521d8 100644 } return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index d0f13ea..4b2dadd 100644 +index 3742e4c..69a797f 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -528,8 +528,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, @@ -51551,7 +51564,7 @@ index 5aae3d1..b5da7f8 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index def8408..8253d11 100644 +index 59c6750..a549154 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1865,7 +1865,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -51681,7 +51694,7 @@ index 214461e..3614c89 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c -index b27c96d..6ed4df2 100644 +index 49d3c01..9579efd 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -79,12 +79,20 @@ static int verify_group_input(struct super_block *sb, @@ -51720,7 +51733,7 @@ index b27c96d..6ed4df2 100644 else if (input->reserved_blocks > input->blocks_count / 5) ext4_warning(sb, "Reserved blocks too high (%u)", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 94cc84d..2490974 100644 +index 6681c03..d88cd33 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1236,7 +1236,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -51732,7 +51745,7 @@ index 94cc84d..2490974 100644 "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; #ifdef CONFIG_QUOTA -@@ -2378,7 +2378,7 @@ struct ext4_attr { +@@ -2372,7 +2372,7 @@ struct ext4_attr { ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *, const char *, size_t); int offset; @@ -74968,10 +74981,10 @@ index f6c2ce5..982c0f9 100644 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +} diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index a7c9e6d..a16aa75 100644 +index c6e77ef..af531a0 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5378,7 +5378,7 @@ static int cgroup_css_links_read(struct cgroup *cont, +@@ -5391,7 +5391,7 @@ static int cgroup_css_links_read(struct cgroup *cont, struct css_set *cg = link->cg; struct task_struct *task; int count = 0; @@ -79871,10 +79884,10 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 15ffdb3..62d885c 100644 +index 15bc1b4..32da49c 100644 --- a/kernel/timer.c +++ b/kernel/timer.c -@@ -1364,7 +1364,7 @@ void update_process_times(int user_tick) +@@ -1366,7 +1366,7 @@ void update_process_times(int user_tick) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -79883,7 +79896,7 @@ index 15ffdb3..62d885c 100644 { struct tvec_base *base = __this_cpu_read(tvec_bases); -@@ -1427,7 +1427,7 @@ static void process_timeout(unsigned long __data) +@@ -1429,7 +1429,7 @@ static void process_timeout(unsigned long __data) * * In all cases the return value is guaranteed to be non-negative. */ @@ -79892,7 +79905,7 @@ index 15ffdb3..62d885c 100644 { struct timer_list timer; unsigned long expire; -@@ -1633,7 +1633,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self, +@@ -1635,7 +1635,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -81524,25 +81537,6 @@ index 7055883..aafb1ed 100644 error = 0; if (end == start) return error; -diff --git a/mm/memcontrol.c b/mm/memcontrol.c -index fd79df5..15b0409 100644 ---- a/mm/memcontrol.c -+++ b/mm/memcontrol.c -@@ -6296,14 +6296,6 @@ mem_cgroup_css_online(struct cgroup *cont) - - error = memcg_init_kmem(memcg, &mem_cgroup_subsys); - mutex_unlock(&memcg_create_mutex); -- if (error) { -- /* -- * We call put now because our (and parent's) refcnts -- * are already in place. mem_cgroup_put() will internally -- * call __mem_cgroup_free, so return directly -- */ -- mem_cgroup_put(memcg); -- } - return error; - } - diff --git a/mm/memory-failure.c b/mm/memory-failure.c index ceb0c7f..b2b8e94 100644 --- a/mm/memory-failure.c @@ -84245,7 +84239,7 @@ index 4514ad7..92eaa1c 100644 .next = NULL, }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index c3edb62..2d60097 100644 +index 2ee0fd3..6e2edfb 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -60,6 +60,7 @@ @@ -84568,7 +84562,7 @@ index 5e6a842..b41916e 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 8ccd296..012fe4e 100644 +index bd88411..8371a16 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -366,10 +366,10 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) diff --git a/3.10.1/4425_grsec_remove_EI_PAX.patch b/3.10.2/4425_grsec_remove_EI_PAX.patch index 415fda5..415fda5 100644 --- a/3.10.1/4425_grsec_remove_EI_PAX.patch +++ b/3.10.2/4425_grsec_remove_EI_PAX.patch diff --git a/3.10.1/4427_force_XATTR_PAX_tmpfs.patch b/3.10.2/4427_force_XATTR_PAX_tmpfs.patch index e2a9551..e2a9551 100644 --- a/3.10.1/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.10.2/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.10.1/4430_grsec-remove-localversion-grsec.patch b/3.10.2/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.10.1/4430_grsec-remove-localversion-grsec.patch +++ b/3.10.2/4430_grsec-remove-localversion-grsec.patch diff --git a/3.10.1/4435_grsec-mute-warnings.patch b/3.10.2/4435_grsec-mute-warnings.patch index ed941d5..ed941d5 100644 --- a/3.10.1/4435_grsec-mute-warnings.patch +++ b/3.10.2/4435_grsec-mute-warnings.patch diff --git a/3.10.1/4440_grsec-remove-protected-paths.patch b/3.10.2/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.10.1/4440_grsec-remove-protected-paths.patch +++ b/3.10.2/4440_grsec-remove-protected-paths.patch diff --git a/3.10.1/4450_grsec-kconfig-default-gids.patch b/3.10.2/4450_grsec-kconfig-default-gids.patch index f144c0e..f144c0e 100644 --- a/3.10.1/4450_grsec-kconfig-default-gids.patch +++ b/3.10.2/4450_grsec-kconfig-default-gids.patch diff --git a/3.10.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.10.2/4465_selinux-avc_audit-log-curr_ip.patch index b0786d4..b0786d4 100644 --- a/3.10.1/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.10.2/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.10.1/4470_disable-compat_vdso.patch b/3.10.2/4470_disable-compat_vdso.patch index 424d91f..424d91f 100644 --- a/3.10.1/4470_disable-compat_vdso.patch +++ b/3.10.2/4470_disable-compat_vdso.patch diff --git a/3.10.1/4475_emutramp_default_on.patch b/3.10.2/4475_emutramp_default_on.patch index 27bfc2d..27bfc2d 100644 --- a/3.10.1/4475_emutramp_default_on.patch +++ b/3.10.2/4475_emutramp_default_on.patch diff --git a/3.2.48/0000_README b/3.2.48/0000_README index 89dc967..5e1d7bc 100644 --- a/3.2.48/0000_README +++ b/3.2.48/0000_README @@ -110,7 +110,7 @@ Patch: 1047_linux-3.2.48.patch From: http://www.kernel.org Desc: Linux 3.2.48 -Patch: 4420_grsecurity-2.9.1-3.2.48-201307181235.patch +Patch: 4420_grsecurity-2.9.1-3.2.48-201307212241.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307181235.patch b/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307212241.patch index e2d1e33..d9a4f00 100644 --- a/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307181235.patch +++ b/3.2.48/4420_grsecurity-2.9.1-3.2.48-201307212241.patch @@ -68536,6 +68536,28 @@ index 73b0712..2e581af 100644 struct drm_connector_helper_funcs { int (*get_modes)(struct drm_connector *connector); +diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h +index 6bd325f..19a2404 100644 +--- a/include/drm/drm_mem_util.h ++++ b/include/drm/drm_mem_util.h +@@ -31,7 +31,7 @@ + + static __inline__ void *drm_calloc_large(size_t nmemb, size_t size) + { +- if (size != 0 && nmemb > ULONG_MAX / size) ++ if (size != 0 && nmemb > SIZE_MAX / size) + return NULL; + + if (size * nmemb <= PAGE_SIZE) +@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size) + /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */ + static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size) + { +- if (size != 0 && nmemb > ULONG_MAX / size) ++ if (size != 0 && nmemb > SIZE_MAX / size) + return NULL; + + if (size * nmemb <= PAGE_SIZE) diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h index 26c1f78..6722682 100644 --- a/include/drm/ttm/ttm_memory.h @@ -70948,10 +70970,18 @@ index 3875719..4cd454c 100644 /* This macro allows us to keep printk typechecking */ static __printf(1, 2) diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index a70783d..77f7750 100644 +index a70783d..bf1dd28 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h -@@ -696,24 +696,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { } +@@ -34,6 +34,7 @@ + #define LLONG_MAX ((long long)(~0ULL>>1)) + #define LLONG_MIN (-LLONG_MAX - 1) + #define ULLONG_MAX (~0ULL) ++#define SIZE_MAX (~(size_t)0) + + #define STACK_MAGIC 0xdeadbeef + +@@ -696,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { } * @condition: the condition which the compiler should know is false. * * If you have some code which relies on certain constants being equal, or @@ -72816,7 +72846,7 @@ index efe50af..0d0b145 100644 static inline void nf_reset_trace(struct sk_buff *skb) diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..59fadfb 100644 +index 573c809..c643b82 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -72866,15 +72896,16 @@ index 573c809..59fadfb 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -240,6 +253,7 @@ size_t ksize(const void *); - * for general use, and so are not documented here. For a full list of - * potential flags, always refer to linux/gfp.h. +@@ -242,7 +255,7 @@ size_t ksize(const void *); */ -+ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { - if (size != 0 && n > ULONG_MAX / size) -@@ -287,7 +301,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +- if (size != 0 && n > ULONG_MAX / size) ++ if (size != 0 && n > SIZE_MAX / size) + return NULL; + return __kmalloc(n * size, flags | __GFP_ZERO); + } +@@ -287,7 +300,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -72883,7 +72914,7 @@ index 573c809..59fadfb 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -306,7 +320,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -306,7 +319,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) |