diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-02-28 14:52:11 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-02-28 14:52:11 -0500 |
| commit | c9a0d6a9244b7424def3525bb719686354aed5f4 (patch) | |
| tree | ec850fdf0a7b1efb0fa7829a56d7b33454d739f5 | |
| parent | Grsec/PaX: 3.1-{3.2.67,3.14.33,3.18.7}-201502222138 (diff) | |
| download | hardened-patchset-c9a0d6a9244b7424def3525bb719686354aed5f4.tar.gz hardened-patchset-c9a0d6a9244b7424def3525bb719686354aed5f4.tar.bz2 hardened-patchset-c9a0d6a9244b7424def3525bb719686354aed5f4.zip | |
Grsec/PaX: 3.1-{3.2.67,3.14.34,3.18.8}-20150227184320150227
| -rw-r--r-- | 3.14.34/0000_README (renamed from 3.14.33/0000_README) | 2 | ||||
| -rw-r--r-- | 3.14.34/4420_grsecurity-3.1-3.14.34-201502271838.patch (renamed from 3.14.33/4420_grsecurity-3.1-3.14.33-201502222137.patch) | 468 | ||||
| -rw-r--r-- | 3.14.34/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.33/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.33/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.33/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4435_grsec-mute-warnings.patch (renamed from 3.14.33/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4440_grsec-remove-protected-paths.patch (renamed from 3.14.33/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.33/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.33/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4470_disable-compat_vdso.patch (renamed from 3.14.33/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.14.34/4475_emutramp_default_on.patch (renamed from 3.14.33/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/0000_README (renamed from 3.18.7/0000_README) | 2 | ||||
| -rw-r--r-- | 3.18.8/4420_grsecurity-3.1-3.18.8-201502271843.patch (renamed from 3.18.7/4420_grsecurity-3.1-3.18.7-201502222138.patch) | 495 | ||||
| -rw-r--r-- | 3.18.8/4425_grsec_remove_EI_PAX.patch (renamed from 3.18.7/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.18.7/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4430_grsec-remove-localversion-grsec.patch (renamed from 3.18.7/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4435_grsec-mute-warnings.patch (renamed from 3.18.7/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4440_grsec-remove-protected-paths.patch (renamed from 3.18.7/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4450_grsec-kconfig-default-gids.patch (renamed from 3.18.7/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.18.7/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4470_disable-compat_vdso.patch (renamed from 3.18.7/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.18.8/4475_emutramp_default_on.patch (renamed from 3.18.7/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.67/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.67/4420_grsecurity-3.1-3.2.67-201502271837.patch (renamed from 3.2.67/4420_grsecurity-3.1-3.2.67-201502222131.patch) | 105 |
24 files changed, 584 insertions, 490 deletions
diff --git a/3.14.33/0000_README b/3.14.34/0000_README index d79223a..a144723 100644 --- a/3.14.33/0000_README +++ b/3.14.34/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-3.14.33-201502222137.patch +Patch: 4420_grsecurity-3.1-3.14.34-201502271838.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.33/4420_grsecurity-3.1-3.14.33-201502222137.patch b/3.14.34/4420_grsecurity-3.1-3.14.34-201502271838.patch index ae236cc..40b1302 100644 --- a/3.14.33/4420_grsecurity-3.1-3.14.33-201502222137.patch +++ b/3.14.34/4420_grsecurity-3.1-3.14.34-201502271838.patch @@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index b0963ca..76c9099 100644 +index 5443481..47e9927 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -21636,10 +21636,22 @@ index 15c9876..0a43909 100644 }; diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c -index a276fa7..e66810f 100644 +index a276fa7..3ef18f0 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c -@@ -293,13 +293,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, +@@ -196,6 +196,11 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + struct microcode_header_intel mc_header; + unsigned int mc_size; + ++ if (leftover < sizeof(mc_header)) { ++ pr_err("error! Truncated header in microcode data file\n"); ++ break; ++ } ++ + if (get_ucode_data(&mc_header, ucode_ptr, sizeof(mc_header))) + break; + +@@ -293,13 +298,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, static int get_ucode_user(void *to, const void *from, size_t n) { @@ -21655,6 +21667,23 @@ index a276fa7..e66810f 100644 } static void microcode_fini_cpu(int cpu) +diff --git a/arch/x86/kernel/cpu/microcode/intel_early.c b/arch/x86/kernel/cpu/microcode/intel_early.c +index 18f7391..8c5225d 100644 +--- a/arch/x86/kernel/cpu/microcode/intel_early.c ++++ b/arch/x86/kernel/cpu/microcode/intel_early.c +@@ -321,7 +321,11 @@ get_matching_model_microcode(int cpu, unsigned long start, + unsigned int mc_saved_count = mc_saved_data->mc_saved_count; + int i; + +- while (leftover) { ++ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) { ++ ++ if (leftover < sizeof(mc_header)) ++ break; ++ + mc_header = (struct microcode_header_intel *)ucode_ptr; + + mc_size = get_totalsize(mc_header); diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c index f961de9..8a9d332 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c @@ -40367,7 +40396,7 @@ index e918b6d..f87ea80 100644 .name = "cpuidle", }; diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c -index 12fea3e..1e28f47 100644 +index 12fea3e2..1e28f47 100644 --- a/drivers/crypto/hifn_795x.c +++ b/drivers/crypto/hifn_795x.c @@ -51,7 +51,7 @@ module_param_string(hifn_pll_ref, hifn_pll_ref, sizeof(hifn_pll_ref), 0444); @@ -48377,19 +48406,6 @@ index d2bb12b..d6c921e 100644 .kind = "nlmon", .priv_size = sizeof(struct nlmon), .setup = nlmon_setup, -diff --git a/drivers/net/ppp/ppp_deflate.c b/drivers/net/ppp/ppp_deflate.c -index 602c625..b5edc7f 100644 ---- a/drivers/net/ppp/ppp_deflate.c -+++ b/drivers/net/ppp/ppp_deflate.c -@@ -246,7 +246,7 @@ static int z_compress(void *arg, unsigned char *rptr, unsigned char *obuf, - /* - * See if we managed to reduce the size of the packet. - */ -- if (olen < isize) { -+ if (olen < isize && olen <= osize) { - state->stats.comp_bytes += olen; - state->stats.comp_packets++; - } else { diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 5a1897d..e860630 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -58307,6 +58323,35 @@ index 6530ced..4a827e2 100644 if (limit != RLIM_INFINITY && offset > limit) goto out_sig; if (offset > inode->i_sb->s_maxbytes) +diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c +index 3182c0e..23b078e 100644 +--- a/fs/autofs4/dev-ioctl.c ++++ b/fs/autofs4/dev-ioctl.c +@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param) + */ + static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in) + { +- struct autofs_dev_ioctl tmp; ++ struct autofs_dev_ioctl tmp, *res; + + if (copy_from_user(&tmp, in, sizeof(tmp))) + return ERR_PTR(-EFAULT); +@@ -103,7 +103,14 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i + if (tmp.size < sizeof(tmp)) + return ERR_PTR(-EINVAL); + +- return memdup_user(in, tmp.size); ++ if (tmp.size > (PATH_MAX + sizeof(tmp))) ++ return ERR_PTR(-ENAMETOOLONG); ++ ++ res = memdup_user(in, tmp.size); ++ if (!IS_ERR(res)) ++ res->size = tmp.size; ++ ++ return res; + } + + static inline void free_dev_ioctl(struct autofs_dev_ioctl *param) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c index 116fd38..c04182da 100644 --- a/fs/autofs4/waitq.c @@ -60852,10 +60897,30 @@ index 4366127..b8c2cf9 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 1576195..49a19ae 100644 +index 1576195..5bf8b25 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c -@@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -245,10 +245,19 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root) + return 0; + } + ++static void debugfs_evict_inode(struct inode *inode) ++{ ++ truncate_inode_pages(&inode->i_data, 0); ++ clear_inode(inode); ++ if (S_ISLNK(inode->i_mode)) ++ kfree(inode->i_private); ++} ++ + static const struct super_operations debugfs_super_operations = { + .statfs = simple_statfs, + .remount_fs = debugfs_remount, + .show_options = debugfs_show_options, ++ .evict_inode = debugfs_evict_inode, + }; + + static int debug_fill_super(struct super_block *sb, void *data, int silent) +@@ -415,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); */ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { @@ -60867,6 +60932,38 @@ index 1576195..49a19ae 100644 parent, NULL, NULL); } EXPORT_SYMBOL_GPL(debugfs_create_dir); +@@ -465,23 +478,14 @@ static int __debugfs_remove(struct dentry *dentry, struct dentry *parent) + int ret = 0; + + if (debugfs_positive(dentry)) { +- if (dentry->d_inode) { +- dget(dentry); +- switch (dentry->d_inode->i_mode & S_IFMT) { +- case S_IFDIR: +- ret = simple_rmdir(parent->d_inode, dentry); +- break; +- case S_IFLNK: +- kfree(dentry->d_inode->i_private); +- /* fall through */ +- default: +- simple_unlink(parent->d_inode, dentry); +- break; +- } +- if (!ret) +- d_delete(dentry); +- dput(dentry); +- } ++ dget(dentry); ++ if (S_ISDIR(dentry->d_inode->i_mode)) ++ ret = simple_rmdir(parent->d_inode, dentry); ++ else ++ simple_unlink(parent->d_inode, dentry); ++ if (!ret) ++ d_delete(dentry); ++ dput(dentry); + } + return ret; + } diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index a85ceb7..5097313b 100644 --- a/fs/ecryptfs/inode.c @@ -60894,7 +60991,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index ea4449d..cbad96a 100644 +index ea4449d..c3fd55e 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -61639,7 +61736,7 @@ index ea4449d..cbad96a 100644 + const char *type; +#endif + -+#ifndef CONFIG_STACK_GROWSUP ++#if !defined(CONFIG_STACK_GROWSUP) && !defined(CONFIG_X86_64) + unsigned long stackstart = (unsigned long)task_stack_page(current); + unsigned long currentsp = (unsigned long)&stackstart; + if (unlikely((currentsp < stackstart + 512 || @@ -83908,6 +84005,19 @@ index 0ceb389..eed3fb8 100644 void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, u32 offset, struct device_node *); +diff --git a/include/linux/irqdesc.h b/include/linux/irqdesc.h +index 472c021..097cc8b 100644 +--- a/include/linux/irqdesc.h ++++ b/include/linux/irqdesc.h +@@ -54,7 +54,7 @@ struct irq_desc { + unsigned int irq_count; /* For detecting broken IRQs */ + unsigned long last_unhandled; /* Aging timer for unhandled count */ + unsigned int irqs_unhandled; +- atomic_t threads_handled; ++ atomic_unchecked_t threads_handled; + int threads_handled_last; + raw_spinlock_t lock; + struct cpumask *percpu_enabled; diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h index c367cbd..c9b79e6 100644 --- a/include/linux/jiffies.h @@ -87297,28 +87407,10 @@ index 823ec7b..44c938c 100644 struct rcu_head rcu; struct inet_peer *gc_next; diff --git a/include/net/ip.h b/include/net/ip.h -index 937f196..310a44f 100644 +index 3446cdd..e3d86f4 100644 --- a/include/net/ip.h +++ b/include/net/ip.h -@@ -38,11 +38,12 @@ struct inet_skb_parm { - struct ip_options opt; /* Compiled IP options */ - unsigned char flags; - --#define IPSKB_FORWARDED 1 --#define IPSKB_XFRM_TUNNEL_SIZE 2 --#define IPSKB_XFRM_TRANSFORMED 4 --#define IPSKB_FRAG_COMPLETE 8 --#define IPSKB_REROUTED 16 -+#define IPSKB_FORWARDED BIT(0) -+#define IPSKB_XFRM_TUNNEL_SIZE BIT(1) -+#define IPSKB_XFRM_TRANSFORMED BIT(2) -+#define IPSKB_FRAG_COMPLETE BIT(3) -+#define IPSKB_REROUTED BIT(4) -+#define IPSKB_DOREDIRECT BIT(5) - - u16 frag_max_size; - }; -@@ -214,7 +215,7 @@ static inline void snmp_mib_free(void __percpu *ptr[SNMP_ARRAY_SZ]) +@@ -215,7 +215,7 @@ static inline void snmp_mib_free(void __percpu *ptr[SNMP_ARRAY_SZ]) void inet_get_local_port_range(struct net *net, int *low, int *high); @@ -87327,7 +87419,7 @@ index 937f196..310a44f 100644 static inline int inet_is_reserved_local_port(int port) { return test_bit(port, sysctl_local_reserved_ports); -@@ -297,7 +298,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) +@@ -298,7 +298,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) } } @@ -87652,10 +87744,10 @@ index fbcc7fa..03c7e51 100644 }; diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h -index 80f500a..f0c23c2 100644 +index 57c2da9..c2fb630 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h -@@ -74,7 +74,7 @@ struct netns_ipv4 { +@@ -75,7 +75,7 @@ struct netns_ipv4 { kgid_t sysctl_ping_group_range[2]; @@ -87664,7 +87756,7 @@ index 80f500a..f0c23c2 100644 #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES -@@ -84,6 +84,6 @@ struct netns_ipv4 { +@@ -85,6 +85,6 @@ struct netns_ipv4 { struct fib_rules_ops *mr_rules_ops; #endif #endif @@ -90687,6 +90779,32 @@ index 04d0374..e7c3725 100644 { hrtimer_peek_ahead_timers(); } +diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c +index ebb8a9e..16769a5e 100644 +--- a/kernel/irq/manage.c ++++ b/kernel/irq/manage.c +@@ -857,7 +857,7 @@ static int irq_thread(void *data) + + action_ret = handler_fn(desc, action); + if (action_ret == IRQ_HANDLED) +- atomic_inc(&desc->threads_handled); ++ atomic_inc_unchecked(&desc->threads_handled); + + wake_threads_waitq(desc); + } +diff --git a/kernel/irq/spurious.c b/kernel/irq/spurious.c +index e2514b0..de3dfe0 100644 +--- a/kernel/irq/spurious.c ++++ b/kernel/irq/spurious.c +@@ -337,7 +337,7 @@ void note_interrupt(unsigned int irq, struct irq_desc *desc, + * count. We just care about the count being + * different than the one we saw before. + */ +- handled = atomic_read(&desc->threads_handled); ++ handled = atomic_read_unchecked(&desc->threads_handled); + handled |= SPURIOUS_DEFERRED; + if (handled != desc->threads_handled_last) { + action_ret = IRQ_HANDLED; diff --git a/kernel/irq_work.c b/kernel/irq_work.c index 55fcce6..0e4cf34 100644 --- a/kernel/irq_work.c @@ -102385,7 +102503,7 @@ index a16ed7b..eb44d17 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 86bb9cc..a4f25f3 100644 +index 4ed77d7..e1ef1c9 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -102801,7 +102919,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 4617586..d6ea668 100644 +index a6613ff..b258926 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -102839,7 +102957,7 @@ index 4617586..d6ea668 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); -@@ -2685,6 +2688,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -2689,6 +2692,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { @@ -102849,7 +102967,7 @@ index 4617586..d6ea668 100644 have_flags = true; flags = nla_get_u16(attr); break; -@@ -2755,6 +2761,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -2759,6 +2765,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { @@ -103532,20 +103650,6 @@ index bf2cb4a..d83ba8a 100644 p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; p->rate_tokens = 0; /* 60*HZ is arbitrary, but chosen enough high so that the first -diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c -index 1c6bd43..ecb34b5 100644 ---- a/net/ipv4/ip_forward.c -+++ b/net/ipv4/ip_forward.c -@@ -178,7 +178,8 @@ int ip_forward(struct sk_buff *skb) - * We now generate an ICMP HOST REDIRECT giving the route - * we calculated. - */ -- if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb_sec_path(skb)) -+ if (IPCB(skb)->flags & IPSKB_DOREDIRECT && !opt->srr && -+ !skb_sec_path(skb)) - ip_rt_send_redirect(skb); - - skb->priority = rt_tos2priority(iph->tos); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index c10a3ce..dd71f84 100644 --- a/net/ipv4/ip_fragment.c @@ -103653,42 +103757,11 @@ index 3d4da2c..40f9c29 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } -diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c -index 844323b..7c1b9ac 100644 ---- a/net/ipv4/ip_output.c -+++ b/net/ipv4/ip_output.c -@@ -1471,6 +1471,7 @@ static DEFINE_PER_CPU(struct inet_sock, unicast_sock) = { - .sk_wmem_alloc = ATOMIC_INIT(1), - .sk_allocation = GFP_ATOMIC, - .sk_flags = (1UL << SOCK_USE_WRITE_QUEUE), -+ .sk_pacing_rate = ~0U, - }, - .pmtudisc = IP_PMTUDISC_WANT, - .uc_ttl = -1, diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 580dd96..41e9720 100644 +index 135045e..f0dcc0d 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -426,15 +426,12 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) - - memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); - sin = &errhdr.offender; -- sin->sin_family = AF_UNSPEC; -+ memset(sin, 0, sizeof(*sin)); -+ - if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) { -- struct inet_sock *inet = inet_sk(sk); -- - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = ip_hdr(skb)->saddr; -- sin->sin_port = 0; -- memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); -- if (inet->cmsg_flags) -+ if (inet_sk(sk)->cmsg_flags) - ip_cmsg_recv(msg, skb); - } - -@@ -1171,7 +1168,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1167,7 +1167,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -103698,7 +103771,7 @@ index 580dd96..41e9720 100644 return -EFAULT; return 0; } -@@ -1302,7 +1300,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1298,7 +1299,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -103894,7 +103967,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 0d33f94..d0a62e6 100644 +index 04ce671..d0a62e6 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -103955,20 +104028,7 @@ index 0d33f94..d0a62e6 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -973,8 +973,11 @@ void ping_rcv(struct sk_buff *skb) - - sk = ping_lookup(net, skb, ntohs(icmph->un.echo.id)); - if (sk != NULL) { -+ struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); -+ - pr_debug("rcv on socket %p\n", sk); -- ping_queue_rcv_skb(sk, skb_get(skb)); -+ if (skb2) -+ ping_queue_rcv_skb(sk, skb2); - sock_put(sk); - return; - } -@@ -1113,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1116,7 +1116,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -104033,7 +104093,7 @@ index 11c8d81..d67116b 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 487bb62..31268ca 100644 +index b64330f..31268ca 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -234,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -104086,31 +104146,7 @@ index 487bb62..31268ca 100644 } EXPORT_SYMBOL(ip_idents_reserve); -@@ -1554,11 +1554,10 @@ static int __mkroute_input(struct sk_buff *skb, - - do_cache = res->fi && !itag; - if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) && -+ skb->protocol == htons(ETH_P_IP) && - (IN_DEV_SHARED_MEDIA(out_dev) || -- inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) { -- flags |= RTCF_DOREDIRECT; -- do_cache = false; -- } -+ inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) -+ IPCB(skb)->flags |= IPSKB_DOREDIRECT; - - if (skb->protocol != htons(ETH_P_IP)) { - /* Not IP (i.e. ARP). Do not create route, if it is -@@ -2305,6 +2304,8 @@ static int rt_fill_info(struct net *net, __be32 dst, __be32 src, - r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED; - if (rt->rt_flags & RTCF_NOTIFY) - r->rtm_flags |= RTM_F_NOTIFY; -+ if (IPCB(skb)->flags & IPSKB_DOREDIRECT) -+ r->rtm_flags |= RTCF_DOREDIRECT; - - if (nla_put_be32(skb, RTA_DST, dst)) - goto nla_put_failure; -@@ -2631,34 +2632,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -2632,34 +2632,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -104153,7 +104189,7 @@ index 487bb62..31268ca 100644 err_dup: return -ENOMEM; } -@@ -2681,8 +2682,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2682,8 +2682,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -104164,7 +104200,7 @@ index 487bb62..31268ca 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; -@@ -2725,11 +2726,7 @@ int __init ip_rt_init(void) +@@ -2726,11 +2726,7 @@ int __init ip_rt_init(void) { int rc = 0; @@ -104346,7 +104382,7 @@ index 2291791..7b62d2b 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index a782d5b..28f0ae5 100644 +index b7effad..70ddfe0 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -104360,7 +104396,7 @@ index a782d5b..28f0ae5 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1830,6 +1834,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1832,6 +1836,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -104370,7 +104406,7 @@ index a782d5b..28f0ae5 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1975,12 +1982,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1977,12 +1984,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -104393,7 +104429,7 @@ index a782d5b..28f0ae5 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -2034,6 +2048,10 @@ csum_error: +@@ -2036,6 +2050,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -104803,38 +104839,10 @@ index d935889..2f64330 100644 err = ipv6_init_mibs(net); if (err) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c -index c3bf2d2..c85df82 100644 +index 841cfa2..c85df82 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c -@@ -382,11 +382,10 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) - - memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); - sin = &errhdr.offender; -- sin->sin6_family = AF_UNSPEC; -+ memset(sin, 0, sizeof(*sin)); -+ - if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) { - sin->sin6_family = AF_INET6; -- sin->sin6_flowinfo = 0; -- sin->sin6_port = 0; - if (np->rxopt.all) - ip6_datagram_recv_common_ctl(sk, msg, skb); - if (skb->protocol == htons(ETH_P_IPV6)) { -@@ -397,12 +396,9 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) - ipv6_iface_scope_id(&sin->sin6_addr, - IP6CB(skb)->iif); - } else { -- struct inet_sock *inet = inet_sk(sk); -- - ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, - &sin->sin6_addr); -- sin->sin6_scope_id = 0; -- if (inet->cmsg_flags) -+ if (inet_sk(sk)->cmsg_flags) - ip_cmsg_recv(msg, skb); - } - } -@@ -938,5 +934,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, +@@ -934,5 +934,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -105263,25 +105271,10 @@ index cc85a9b..526a133 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 7cc1102..50e95c7 100644 +index 6f1b850..50e95c7 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -1160,12 +1160,9 @@ static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, - struct net *net = dev_net(dst->dev); - - rt6->rt6i_flags |= RTF_MODIFIED; -- if (mtu < IPV6_MIN_MTU) { -- u32 features = dst_metric(dst, RTAX_FEATURES); -+ if (mtu < IPV6_MIN_MTU) - mtu = IPV6_MIN_MTU; -- features |= RTAX_FEATURE_ALLFRAG; -- dst_metric_set(dst, RTAX_FEATURES, features); -- } -+ - dst_metric_set(dst, RTAX_MTU, mtu); - rt6_update_expires(rt6, net->ipv6.sysctl.ip6_rt_mtu_expires); - } -@@ -2973,7 +2970,7 @@ struct ctl_table ipv6_route_table_template[] = { +@@ -2970,7 +2970,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -105729,6 +105722,43 @@ index 1a3c7e0..80f8b0c 100644 if (!llc_proc_dir) goto out; +diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c +index 612a5dd..799bafc 100644 +--- a/net/llc/sysctl_net_llc.c ++++ b/net/llc/sysctl_net_llc.c +@@ -18,28 +18,28 @@ static struct ctl_table llc2_timeout_table[] = { + { + .procname = "ack", + .data = &sysctl_llc2_ack_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_ack_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "busy", + .data = &sysctl_llc2_busy_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_busy_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "p", + .data = &sysctl_llc2_p_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_p_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "rej", + .data = &sysctl_llc2_rej_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_rej_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 453e974..b3a43a5 100644 --- a/net/mac80211/cfg.c @@ -107274,18 +107304,6 @@ index 8e3cf49..4a8e322 100644 } static int cls_bpf_change(struct net *net, struct sk_buff *in_skb, -diff --git a/net/sctp/associola.c b/net/sctp/associola.c -index d477d47..abc0922 100644 ---- a/net/sctp/associola.c -+++ b/net/sctp/associola.c -@@ -1235,7 +1235,6 @@ void sctp_assoc_update(struct sctp_association *asoc, - asoc->peer.peer_hmacs = new->peer.peer_hmacs; - new->peer.peer_hmacs = NULL; - -- sctp_auth_key_put(asoc->asoc_shared_key); - sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC); - } - diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 2b1738e..a9d0fc9 100644 --- a/net/sctp/ipv6.c @@ -107545,7 +107563,7 @@ index dfa532f..1dcfb44 100644 } diff --git a/net/socket.c b/net/socket.c -index a19ae19..edb5c03 100644 +index 1b2c2d6..ba09864 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -107583,7 +107601,7 @@ index a19ae19..edb5c03 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1256,6 +1259,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1253,6 +1256,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -107592,7 +107610,7 @@ index a19ae19..edb5c03 100644 /* Compatibility. -@@ -1276,6 +1281,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1273,6 +1278,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, if (err) return err; @@ -107613,7 +107631,7 @@ index a19ae19..edb5c03 100644 /* * Allocate the socket and allow the family to set things up. if * the protocol is 0, the family is instructed to select an appropriate -@@ -1527,6 +1546,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1524,6 +1543,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -107628,7 +107646,7 @@ index a19ae19..edb5c03 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1535,6 +1562,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1532,6 +1559,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -107636,7 +107654,7 @@ index a19ae19..edb5c03 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1558,10 +1586,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1555,10 +1583,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -107657,7 +107675,7 @@ index a19ae19..edb5c03 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1605,6 +1643,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1602,6 +1640,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -107676,7 +107694,7 @@ index a19ae19..edb5c03 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1650,6 +1700,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1647,6 +1697,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -107685,7 +107703,7 @@ index a19ae19..edb5c03 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1682,6 +1734,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1679,6 +1731,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -107693,7 +107711,7 @@ index a19ae19..edb5c03 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1692,6 +1745,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1689,6 +1742,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -107711,7 +107729,7 @@ index a19ae19..edb5c03 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1773,6 +1837,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, +@@ -1770,6 +1834,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, * the protocol. */ @@ -107720,7 +107738,7 @@ index a19ae19..edb5c03 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1839,7 +1905,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1836,7 +1902,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -107729,7 +107747,7 @@ index a19ae19..edb5c03 100644 int err, err2; int fput_needed; -@@ -1987,6 +2053,9 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, +@@ -1984,6 +2050,9 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) return -EFAULT; @@ -107739,7 +107757,7 @@ index a19ae19..edb5c03 100644 if (kmsg->msg_namelen < 0) return -EINVAL; -@@ -2065,7 +2134,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2062,7 +2131,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -107748,7 +107766,7 @@ index a19ae19..edb5c03 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2216,7 +2285,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2213,7 +2282,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -107757,7 +107775,7 @@ index a19ae19..edb5c03 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2245,7 +2314,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2242,7 +2311,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -107766,7 +107784,7 @@ index a19ae19..edb5c03 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2889,7 +2958,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2886,7 +2955,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -107775,7 +107793,7 @@ index a19ae19..edb5c03 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -3000,7 +3069,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2997,7 +3066,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -107784,7 +107802,7 @@ index a19ae19..edb5c03 100644 set_fs(old_fs); return err; -@@ -3093,7 +3162,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3090,7 +3159,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -107793,7 +107811,7 @@ index a19ae19..edb5c03 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3177,7 +3246,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3174,7 +3243,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -107802,7 +107820,7 @@ index a19ae19..edb5c03 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3404,8 +3473,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3401,8 +3470,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -107813,7 +107831,7 @@ index a19ae19..edb5c03 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3425,7 +3494,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3422,7 +3491,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; diff --git a/3.14.33/4425_grsec_remove_EI_PAX.patch b/3.14.34/4425_grsec_remove_EI_PAX.patch index 86e242a..86e242a 100644 --- a/3.14.33/4425_grsec_remove_EI_PAX.patch +++ b/3.14.34/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.33/4427_force_XATTR_PAX_tmpfs.patch b/3.14.34/4427_force_XATTR_PAX_tmpfs.patch index 4c236cc..4c236cc 100644 --- a/3.14.33/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.34/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.33/4430_grsec-remove-localversion-grsec.patch b/3.14.34/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.33/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.34/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.33/4435_grsec-mute-warnings.patch b/3.14.34/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.33/4435_grsec-mute-warnings.patch +++ b/3.14.34/4435_grsec-mute-warnings.patch diff --git a/3.14.33/4440_grsec-remove-protected-paths.patch b/3.14.34/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.33/4440_grsec-remove-protected-paths.patch +++ b/3.14.34/4440_grsec-remove-protected-paths.patch diff --git a/3.14.33/4450_grsec-kconfig-default-gids.patch b/3.14.34/4450_grsec-kconfig-default-gids.patch index 8c878fc..8c878fc 100644 --- a/3.14.33/4450_grsec-kconfig-default-gids.patch +++ b/3.14.34/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.33/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.34/4465_selinux-avc_audit-log-curr_ip.patch index bba906e..bba906e 100644 --- a/3.14.33/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.34/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.33/4470_disable-compat_vdso.patch b/3.14.34/4470_disable-compat_vdso.patch index 3b3953b..3b3953b 100644 --- a/3.14.33/4470_disable-compat_vdso.patch +++ b/3.14.34/4470_disable-compat_vdso.patch diff --git a/3.14.33/4475_emutramp_default_on.patch b/3.14.34/4475_emutramp_default_on.patch index ad4967a..ad4967a 100644 --- a/3.14.33/4475_emutramp_default_on.patch +++ b/3.14.34/4475_emutramp_default_on.patch diff --git a/3.18.7/0000_README b/3.18.8/0000_README index 366e930..eca6688 100644 --- a/3.18.7/0000_README +++ b/3.18.8/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-3.18.7-201502222138.patch +Patch: 4420_grsecurity-3.1-3.18.8-201502271843.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.18.7/4420_grsecurity-3.1-3.18.7-201502222138.patch b/3.18.8/4420_grsecurity-3.1-3.18.8-201502271843.patch index 1db1bc3..70b99d6 100644 --- a/3.18.7/4420_grsecurity-3.1-3.18.7-201502222138.patch +++ b/3.18.8/4420_grsecurity-3.1-3.18.8-201502271843.patch @@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 0efae22..380e711 100644 +index 0b3f8a1..2b1f2b6 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -21646,10 +21646,22 @@ index 36a8361..e7058c2 100644 }; diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c -index c6826d1..ad18e14a 100644 +index c6826d1..8dc677e 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c -@@ -293,13 +293,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, +@@ -196,6 +196,11 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, + struct microcode_header_intel mc_header; + unsigned int mc_size; + ++ if (leftover < sizeof(mc_header)) { ++ pr_err("error! Truncated header in microcode data file\n"); ++ break; ++ } ++ + if (get_ucode_data(&mc_header, ucode_ptr, sizeof(mc_header))) + break; + +@@ -293,13 +298,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, static int get_ucode_user(void *to, const void *from, size_t n) { @@ -21665,6 +21677,23 @@ index c6826d1..ad18e14a 100644 } static void microcode_fini_cpu(int cpu) +diff --git a/arch/x86/kernel/cpu/microcode/intel_early.c b/arch/x86/kernel/cpu/microcode/intel_early.c +index ec9df6f..420eb93 100644 +--- a/arch/x86/kernel/cpu/microcode/intel_early.c ++++ b/arch/x86/kernel/cpu/microcode/intel_early.c +@@ -321,7 +321,11 @@ get_matching_model_microcode(int cpu, unsigned long start, + unsigned int mc_saved_count = mc_saved_data->mc_saved_count; + int i; + +- while (leftover) { ++ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) { ++ ++ if (leftover < sizeof(mc_header)) ++ break; ++ + mc_header = (struct microcode_header_intel *)ucode_ptr; + + mc_size = get_totalsize(mc_header); diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c index ea5f363..cb0e905 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c @@ -48414,42 +48443,6 @@ index 2f48f79..8ae1a1a 100644 spinlock_t request_lock; struct list_head req_list; -diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c -index 7d76c95..63d7a64 100644 ---- a/drivers/net/hyperv/netvsc.c -+++ b/drivers/net/hyperv/netvsc.c -@@ -716,7 +716,7 @@ int netvsc_send(struct hv_device *device, - u64 req_id; - unsigned int section_index = NETVSC_INVALID_INDEX; - u32 msg_size = 0; -- struct sk_buff *skb; -+ struct sk_buff *skb = NULL; - u16 q_idx = packet->q_idx; - - -@@ -743,8 +743,6 @@ int netvsc_send(struct hv_device *device, - packet); - skb = (struct sk_buff *) - (unsigned long)packet->send_completion_tid; -- if (skb) -- dev_kfree_skb_any(skb); - packet->page_buf_cnt = 0; - } - } -@@ -807,6 +805,13 @@ int netvsc_send(struct hv_device *device, - packet, ret); - } - -+ if (ret != 0) { -+ if (section_index != NETVSC_INVALID_INDEX) -+ netvsc_free_send_slot(net_device, section_index); -+ } else if (skb) { -+ dev_kfree_skb_any(skb); -+ } -+ - return ret; - } - diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c index 2b86f0b..ecc996f 100644 --- a/drivers/net/hyperv/rndis_filter.c @@ -48587,19 +48580,6 @@ index 34924df..a747360 100644 .kind = "nlmon", .priv_size = sizeof(struct nlmon), .setup = nlmon_setup, -diff --git a/drivers/net/ppp/ppp_deflate.c b/drivers/net/ppp/ppp_deflate.c -index 602c625..b5edc7f 100644 ---- a/drivers/net/ppp/ppp_deflate.c -+++ b/drivers/net/ppp/ppp_deflate.c -@@ -246,7 +246,7 @@ static int z_compress(void *arg, unsigned char *rptr, unsigned char *obuf, - /* - * See if we managed to reduce the size of the packet. - */ -- if (olen < isize) { -+ if (olen < isize && olen <= osize) { - state->stats.comp_bytes += olen; - state->stats.comp_packets++; - } else { diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 794a473..9fd437b 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -58395,6 +58375,32 @@ index 6530ced..4a827e2 100644 if (limit != RLIM_INFINITY && offset > limit) goto out_sig; if (offset > inode->i_sb->s_maxbytes) +diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c +index aaf96cb..ac7d921 100644 +--- a/fs/autofs4/dev-ioctl.c ++++ b/fs/autofs4/dev-ioctl.c +@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param) + */ + static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in) + { +- struct autofs_dev_ioctl tmp; ++ struct autofs_dev_ioctl tmp, *res; + + if (copy_from_user(&tmp, in, sizeof(tmp))) + return ERR_PTR(-EFAULT); +@@ -106,7 +106,11 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i + if (tmp.size > (PATH_MAX + sizeof(tmp))) + return ERR_PTR(-ENAMETOOLONG); + +- return memdup_user(in, tmp.size); ++ res = memdup_user(in, tmp.size); ++ if (!IS_ERR(res)) ++ res->size = tmp.size; ++ ++ return res; + } + + static inline void free_dev_ioctl(struct autofs_dev_ioctl *param) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c index 116fd38..c04182da 100644 --- a/fs/autofs4/waitq.c @@ -60908,10 +60914,30 @@ index 03dca3c..15f326d 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 05f2960..b012481 100644 +index 05f2960..780f4f8 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c -@@ -416,7 +416,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -246,10 +246,19 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root) + return 0; + } + ++static void debugfs_evict_inode(struct inode *inode) ++{ ++ truncate_inode_pages_final(&inode->i_data); ++ clear_inode(inode); ++ if (S_ISLNK(inode->i_mode)) ++ kfree(inode->i_private); ++} ++ + static const struct super_operations debugfs_super_operations = { + .statfs = simple_statfs, + .remount_fs = debugfs_remount, + .show_options = debugfs_show_options, ++ .evict_inode = debugfs_evict_inode, + }; + + static int debug_fill_super(struct super_block *sb, void *data, int silent) +@@ -416,7 +425,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); */ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { @@ -60923,6 +60949,38 @@ index 05f2960..b012481 100644 parent, NULL, NULL); } EXPORT_SYMBOL_GPL(debugfs_create_dir); +@@ -466,23 +479,14 @@ static int __debugfs_remove(struct dentry *dentry, struct dentry *parent) + int ret = 0; + + if (debugfs_positive(dentry)) { +- if (dentry->d_inode) { +- dget(dentry); +- switch (dentry->d_inode->i_mode & S_IFMT) { +- case S_IFDIR: +- ret = simple_rmdir(parent->d_inode, dentry); +- break; +- case S_IFLNK: +- kfree(dentry->d_inode->i_private); +- /* fall through */ +- default: +- simple_unlink(parent->d_inode, dentry); +- break; +- } +- if (!ret) +- d_delete(dentry); +- dput(dentry); +- } ++ dget(dentry); ++ if (S_ISDIR(dentry->d_inode->i_mode)) ++ ret = simple_rmdir(parent->d_inode, dentry); ++ else ++ simple_unlink(parent->d_inode, dentry); ++ if (!ret) ++ d_delete(dentry); ++ dput(dentry); + } + return ret; + } diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 1686dc2..9611c50 100644 --- a/fs/ecryptfs/inode.c @@ -60950,7 +61008,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 7302b75..b917171 100644 +index 7302b75..44eb2f8 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -61695,7 +61753,7 @@ index 7302b75..b917171 100644 + const char *type; +#endif + -+#ifndef CONFIG_STACK_GROWSUP ++#if !defined(CONFIG_STACK_GROWSUP) && !defined(CONFIG_X86_64) + unsigned long stackstart = (unsigned long)task_stack_page(current); + unsigned long currentsp = (unsigned long)&stackstart; + if (unlikely((currentsp < stackstart + 512 || @@ -62072,7 +62130,7 @@ index 8313ca3..8a37d08 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 2c9e686..6a40edc 100644 +index fc7391e..1927b04 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1254,7 +1254,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -83000,6 +83058,19 @@ index 13eed92..3261c86 100644 void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, u32 offset, struct device_node *); +diff --git a/include/linux/irqdesc.h b/include/linux/irqdesc.h +index faf433a..7dcb186 100644 +--- a/include/linux/irqdesc.h ++++ b/include/linux/irqdesc.h +@@ -61,7 +61,7 @@ struct irq_desc { + unsigned int irq_count; /* For detecting broken IRQs */ + unsigned long last_unhandled; /* Aging timer for unhandled count */ + unsigned int irqs_unhandled; +- atomic_t threads_handled; ++ atomic_unchecked_t threads_handled; + int threads_handled_last; + raw_spinlock_t lock; + struct cpumask *percpu_enabled; diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h index c367cbd..c9b79e6 100644 --- a/include/linux/jiffies.h @@ -86445,28 +86516,10 @@ index 80479ab..0c3f647 100644 struct rcu_head rcu; struct inet_peer *gc_next; diff --git a/include/net/ip.h b/include/net/ip.h -index 0bb6207..1f38247 100644 +index 09cf5ae..ab62fcf 100644 --- a/include/net/ip.h +++ b/include/net/ip.h -@@ -39,11 +39,12 @@ struct inet_skb_parm { - struct ip_options opt; /* Compiled IP options */ - unsigned char flags; - --#define IPSKB_FORWARDED 1 --#define IPSKB_XFRM_TUNNEL_SIZE 2 --#define IPSKB_XFRM_TRANSFORMED 4 --#define IPSKB_FRAG_COMPLETE 8 --#define IPSKB_REROUTED 16 -+#define IPSKB_FORWARDED BIT(0) -+#define IPSKB_XFRM_TUNNEL_SIZE BIT(1) -+#define IPSKB_XFRM_TRANSFORMED BIT(2) -+#define IPSKB_FRAG_COMPLETE BIT(3) -+#define IPSKB_REROUTED BIT(4) -+#define IPSKB_DOREDIRECT BIT(5) - - u16 frag_max_size; - }; -@@ -316,7 +317,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) +@@ -317,7 +317,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) } } @@ -86779,10 +86832,10 @@ index 29d6a94..235d3d84 100644 }; diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h -index 24945ce..f19e42f 100644 +index 0ffef1a..2ce1ceb 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h -@@ -83,7 +83,7 @@ struct netns_ipv4 { +@@ -84,7 +84,7 @@ struct netns_ipv4 { struct ping_group_range ping_group_range; @@ -86791,7 +86844,7 @@ index 24945ce..f19e42f 100644 #ifdef CONFIG_SYSCTL unsigned long *sysctl_local_reserved_ports; -@@ -97,6 +97,6 @@ struct netns_ipv4 { +@@ -98,6 +98,6 @@ struct netns_ipv4 { struct fib_rules_ops *mr_rules_ops; #endif #endif @@ -89732,6 +89785,32 @@ index b358a80..fc25240 100644 gcov_info_unlink(prev, info); if (gcov_events_enabled) gcov_event(GCOV_REMOVE, info); +diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c +index 0a9104b..fc260e4 100644 +--- a/kernel/irq/manage.c ++++ b/kernel/irq/manage.c +@@ -869,7 +869,7 @@ static int irq_thread(void *data) + + action_ret = handler_fn(desc, action); + if (action_ret == IRQ_HANDLED) +- atomic_inc(&desc->threads_handled); ++ atomic_inc_unchecked(&desc->threads_handled); + + wake_threads_waitq(desc); + } +diff --git a/kernel/irq/spurious.c b/kernel/irq/spurious.c +index e2514b0..de3dfe0 100644 +--- a/kernel/irq/spurious.c ++++ b/kernel/irq/spurious.c +@@ -337,7 +337,7 @@ void note_interrupt(unsigned int irq, struct irq_desc *desc, + * count. We just care about the count being + * different than the one we saw before. + */ +- handled = atomic_read(&desc->threads_handled); ++ handled = atomic_read_unchecked(&desc->threads_handled); + handled |= SPURIOUS_DEFERRED; + if (handled != desc->threads_handled_last) { + action_ret = IRQ_HANDLED; diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 9019f15..9a3c42e 100644 --- a/kernel/jump_label.c @@ -101597,7 +101676,7 @@ index fdbc9a8..cd6972c 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 8440968..e14d2b7 100644 +index 9704a5c..1f363d0d 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1683,14 +1683,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -101978,7 +102057,7 @@ index 443256b..bbff424 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 76321ea..3129bd6 100644 +index ca82629..66264f7 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -102655,20 +102734,6 @@ index 241afd7..31b95d5 100644 p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; p->rate_tokens = 0; /* 60*HZ is arbitrary, but chosen enough high so that the first -diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c -index 3a83ce5..787b3c2 100644 ---- a/net/ipv4/ip_forward.c -+++ b/net/ipv4/ip_forward.c -@@ -129,7 +129,8 @@ int ip_forward(struct sk_buff *skb) - * We now generate an ICMP HOST REDIRECT giving the route - * we calculated. - */ -- if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb_sec_path(skb)) -+ if (IPCB(skb)->flags & IPSKB_DOREDIRECT && !opt->srr && -+ !skb_sec_path(skb)) - ip_rt_send_redirect(skb); - - skb->priority = rt_tos2priority(iph->tos); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 2811cc1..ad5a534 100644 --- a/net/ipv4/ip_fragment.c @@ -102776,42 +102841,11 @@ index 3d4da2c..40f9c29 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } -diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c -index bc6471d..c5e8a0c 100644 ---- a/net/ipv4/ip_output.c -+++ b/net/ipv4/ip_output.c -@@ -1517,6 +1517,7 @@ static DEFINE_PER_CPU(struct inet_sock, unicast_sock) = { - .sk_wmem_alloc = ATOMIC_INIT(1), - .sk_allocation = GFP_ATOMIC, - .sk_flags = (1UL << SOCK_USE_WRITE_QUEUE), -+ .sk_pacing_rate = ~0U, - }, - .pmtudisc = IP_PMTUDISC_WANT, - .uc_ttl = -1, diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 9daf217..373d454 100644 +index 046fce0..4b28126 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -443,15 +443,12 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) - - memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); - sin = &errhdr.offender; -- sin->sin_family = AF_UNSPEC; -+ memset(sin, 0, sizeof(*sin)); -+ - if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP) { -- struct inet_sock *inet = inet_sk(sk); -- - sin->sin_family = AF_INET; - sin->sin_addr.s_addr = ip_hdr(skb)->saddr; -- sin->sin_port = 0; -- memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); -- if (inet->cmsg_flags) -+ if (inet_sk(sk)->cmsg_flags) - ip_cmsg_recv(msg, skb); - } - -@@ -1177,7 +1174,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1173,7 +1173,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -102821,7 +102855,7 @@ index 9daf217..373d454 100644 return -EFAULT; return 0; } -@@ -1308,7 +1306,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1304,7 +1305,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -103017,7 +103051,7 @@ index e90f83a..3e6acca 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 5d740cc..22c8e65 100644 +index 5638b17..22c8e65 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -103069,20 +103103,7 @@ index 5d740cc..22c8e65 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -965,8 +965,11 @@ void ping_rcv(struct sk_buff *skb) - - sk = ping_lookup(net, skb, ntohs(icmph->un.echo.id)); - if (sk != NULL) { -+ struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); -+ - pr_debug("rcv on socket %p\n", sk); -- ping_queue_rcv_skb(sk, skb_get(skb)); -+ if (skb2) -+ ping_queue_rcv_skb(sk, skb2); - sock_put(sk); - return; - } -@@ -1105,7 +1108,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1108,7 +1108,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -103147,7 +103168,7 @@ index 739db31..74f0210 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 6a2155b..47de388 100644 +index d58dd0e..47de388 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -103200,31 +103221,7 @@ index 6a2155b..47de388 100644 } EXPORT_SYMBOL(ip_idents_reserve); -@@ -1554,11 +1554,10 @@ static int __mkroute_input(struct sk_buff *skb, - - do_cache = res->fi && !itag; - if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) && -+ skb->protocol == htons(ETH_P_IP) && - (IN_DEV_SHARED_MEDIA(out_dev) || -- inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) { -- flags |= RTCF_DOREDIRECT; -- do_cache = false; -- } -+ inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) -+ IPCB(skb)->flags |= IPSKB_DOREDIRECT; - - if (skb->protocol != htons(ETH_P_IP)) { - /* Not IP (i.e. ARP). Do not create route, if it is -@@ -2303,6 +2302,8 @@ static int rt_fill_info(struct net *net, __be32 dst, __be32 src, - r->rtm_flags = (rt->rt_flags & ~0xFFFF) | RTM_F_CLONED; - if (rt->rt_flags & RTCF_NOTIFY) - r->rtm_flags |= RTM_F_NOTIFY; -+ if (IPCB(skb)->flags & IPSKB_DOREDIRECT) -+ r->rtm_flags |= RTCF_DOREDIRECT; - - if (nla_put_be32(skb, RTA_DST, dst)) - goto nla_put_failure; -@@ -2624,34 +2625,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -2625,34 +2625,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -103267,7 +103264,7 @@ index 6a2155b..47de388 100644 err_dup: return -ENOMEM; } -@@ -2674,8 +2675,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2675,8 +2675,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -103278,7 +103275,7 @@ index 6a2155b..47de388 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; -@@ -2718,11 +2719,7 @@ int __init ip_rt_init(void) +@@ -2719,11 +2719,7 @@ int __init ip_rt_init(void) { int rc = 0; @@ -103425,7 +103422,7 @@ index d107ee2..bcebf11 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index ef7089c..a3e65fb 100644 +index 944ce5e..5b83585 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -89,6 +89,10 @@ int sysctl_tcp_tw_reuse __read_mostly; @@ -103439,7 +103436,7 @@ index ef7089c..a3e65fb 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1469,6 +1473,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1471,6 +1475,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -103449,7 +103446,7 @@ index ef7089c..a3e65fb 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1633,12 +1640,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1635,12 +1642,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -103472,7 +103469,7 @@ index ef7089c..a3e65fb 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1694,6 +1708,10 @@ csum_error: +@@ -1696,6 +1710,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -103869,38 +103866,10 @@ index e8c4400..a4cd5da 100644 err = ipv6_init_mibs(net); if (err) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c -index 2cdc383..4f1b785 100644 +index 11e3945..4f1b785 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c -@@ -383,11 +383,10 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) - - memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err)); - sin = &errhdr.offender; -- sin->sin6_family = AF_UNSPEC; -+ memset(sin, 0, sizeof(*sin)); -+ - if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL) { - sin->sin6_family = AF_INET6; -- sin->sin6_flowinfo = 0; -- sin->sin6_port = 0; - if (np->rxopt.all) - ip6_datagram_recv_common_ctl(sk, msg, skb); - if (skb->protocol == htons(ETH_P_IPV6)) { -@@ -398,12 +397,9 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) - ipv6_iface_scope_id(&sin->sin6_addr, - IP6CB(skb)->iif); - } else { -- struct inet_sock *inet = inet_sk(sk); -- - ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, - &sin->sin6_addr); -- sin->sin6_scope_id = 0; -- if (inet->cmsg_flags) -+ if (inet_sk(sk)->cmsg_flags) - ip_cmsg_recv(msg, skb); - } - } -@@ -928,5 +924,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, +@@ -924,5 +924,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -103921,7 +103890,7 @@ index 97ae700..18dcae0 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c -index b2d1838..0194c04 100644 +index f1c6d5e..faabef6 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -99,9 +99,9 @@ static int fib6_new_sernum(struct net *net) @@ -104335,25 +104304,10 @@ index 1a157ca..9fc05f4 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index a318dd89..42a612c 100644 +index d02ee01..42a612c 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -1150,12 +1150,9 @@ static void ip6_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, - struct net *net = dev_net(dst->dev); - - rt6->rt6i_flags |= RTF_MODIFIED; -- if (mtu < IPV6_MIN_MTU) { -- u32 features = dst_metric(dst, RTAX_FEATURES); -+ if (mtu < IPV6_MIN_MTU) - mtu = IPV6_MIN_MTU; -- features |= RTAX_FEATURE_ALLFRAG; -- dst_metric_set(dst, RTAX_FEATURES, features); -- } -+ - dst_metric_set(dst, RTAX_MTU, mtu); - rt6_update_expires(rt6, net->ipv6.sysctl.ip6_rt_mtu_expires); - } -@@ -2965,7 +2962,7 @@ struct ctl_table ipv6_route_table_template[] = { +@@ -2962,7 +2962,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -104845,6 +104799,43 @@ index 1a3c7e0..80f8b0c 100644 if (!llc_proc_dir) goto out; +diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c +index 612a5dd..799bafc 100644 +--- a/net/llc/sysctl_net_llc.c ++++ b/net/llc/sysctl_net_llc.c +@@ -18,28 +18,28 @@ static struct ctl_table llc2_timeout_table[] = { + { + .procname = "ack", + .data = &sysctl_llc2_ack_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_ack_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "busy", + .data = &sysctl_llc2_busy_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_busy_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "p", + .data = &sysctl_llc2_p_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_p_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "rej", + .data = &sysctl_llc2_rej_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_rej_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 343da1e..509873f 100644 --- a/net/mac80211/cfg.c @@ -106361,18 +106352,6 @@ index 6efca30..1259f82 100644 linkwatch_fire_event(dev); } } -diff --git a/net/sctp/associola.c b/net/sctp/associola.c -index f791edd..26d06db 100644 ---- a/net/sctp/associola.c -+++ b/net/sctp/associola.c -@@ -1182,7 +1182,6 @@ void sctp_assoc_update(struct sctp_association *asoc, - asoc->peer.peer_hmacs = new->peer.peer_hmacs; - new->peer.peer_hmacs = NULL; - -- sctp_auth_key_put(asoc->asoc_shared_key); - sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC); - } - diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 0e4198e..f94193e 100644 --- a/net/sctp/ipv6.c @@ -106621,7 +106600,7 @@ index 2e9ada1..40f425d 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index fe20c31..83a0ed6 100644 +index cf9ebf1..9522714 100644 --- a/net/socket.c +++ b/net/socket.c @@ -89,6 +89,7 @@ @@ -106659,7 +106638,7 @@ index fe20c31..83a0ed6 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1263,6 +1266,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1260,6 +1263,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -106668,7 +106647,7 @@ index fe20c31..83a0ed6 100644 /* Compatibility. -@@ -1283,6 +1288,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1280,6 +1285,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, if (err) return err; @@ -106689,7 +106668,7 @@ index fe20c31..83a0ed6 100644 /* * Allocate the socket and allow the family to set things up. if * the protocol is 0, the family is instructed to select an appropriate -@@ -1534,6 +1553,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1531,6 +1550,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -106704,7 +106683,7 @@ index fe20c31..83a0ed6 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1542,6 +1569,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1539,6 +1566,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -106712,7 +106691,7 @@ index fe20c31..83a0ed6 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1565,10 +1593,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1562,10 +1590,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -106733,7 +106712,7 @@ index fe20c31..83a0ed6 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1612,6 +1650,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1609,6 +1647,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -106752,7 +106731,7 @@ index fe20c31..83a0ed6 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1657,6 +1707,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1654,6 +1704,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -106761,7 +106740,7 @@ index fe20c31..83a0ed6 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1689,6 +1741,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1686,6 +1738,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -106769,7 +106748,7 @@ index fe20c31..83a0ed6 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1699,6 +1752,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1696,6 +1749,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -106787,7 +106766,7 @@ index fe20c31..83a0ed6 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1780,6 +1844,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, +@@ -1777,6 +1841,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, * the protocol. */ @@ -106796,7 +106775,7 @@ index fe20c31..83a0ed6 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1846,7 +1912,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1843,7 +1909,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -106805,7 +106784,7 @@ index fe20c31..83a0ed6 100644 int err, err2; int fput_needed; -@@ -2075,7 +2141,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2072,7 +2138,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -106814,7 +106793,7 @@ index fe20c31..83a0ed6 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2226,7 +2292,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2223,7 +2289,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -106823,7 +106802,7 @@ index fe20c31..83a0ed6 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2255,7 +2321,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2252,7 +2318,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -106832,7 +106811,7 @@ index fe20c31..83a0ed6 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2896,7 +2962,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2893,7 +2959,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -106841,7 +106820,7 @@ index fe20c31..83a0ed6 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -3007,7 +3073,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -3004,7 +3070,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -106850,7 +106829,7 @@ index fe20c31..83a0ed6 100644 set_fs(old_fs); return err; -@@ -3100,7 +3166,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3097,7 +3163,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -106859,7 +106838,7 @@ index fe20c31..83a0ed6 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3184,7 +3250,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3181,7 +3247,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -106868,7 +106847,7 @@ index fe20c31..83a0ed6 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3411,8 +3477,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3408,8 +3474,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -106879,7 +106858,7 @@ index fe20c31..83a0ed6 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3432,7 +3498,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3429,7 +3495,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; diff --git a/3.18.7/4425_grsec_remove_EI_PAX.patch b/3.18.8/4425_grsec_remove_EI_PAX.patch index 86e242a..86e242a 100644 --- a/3.18.7/4425_grsec_remove_EI_PAX.patch +++ b/3.18.8/4425_grsec_remove_EI_PAX.patch diff --git a/3.18.7/4427_force_XATTR_PAX_tmpfs.patch b/3.18.8/4427_force_XATTR_PAX_tmpfs.patch index 22c9273..22c9273 100644 --- a/3.18.7/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.18.8/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.18.7/4430_grsec-remove-localversion-grsec.patch b/3.18.8/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.18.7/4430_grsec-remove-localversion-grsec.patch +++ b/3.18.8/4430_grsec-remove-localversion-grsec.patch diff --git a/3.18.7/4435_grsec-mute-warnings.patch b/3.18.8/4435_grsec-mute-warnings.patch index 0585e08..0585e08 100644 --- a/3.18.7/4435_grsec-mute-warnings.patch +++ b/3.18.8/4435_grsec-mute-warnings.patch diff --git a/3.18.7/4440_grsec-remove-protected-paths.patch b/3.18.8/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.18.7/4440_grsec-remove-protected-paths.patch +++ b/3.18.8/4440_grsec-remove-protected-paths.patch diff --git a/3.18.7/4450_grsec-kconfig-default-gids.patch b/3.18.8/4450_grsec-kconfig-default-gids.patch index 5c025da..5c025da 100644 --- a/3.18.7/4450_grsec-kconfig-default-gids.patch +++ b/3.18.8/4450_grsec-kconfig-default-gids.patch diff --git a/3.18.7/4465_selinux-avc_audit-log-curr_ip.patch b/3.18.8/4465_selinux-avc_audit-log-curr_ip.patch index ba89596..ba89596 100644 --- a/3.18.7/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.18.8/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.18.7/4470_disable-compat_vdso.patch b/3.18.8/4470_disable-compat_vdso.patch index 0a0c524..0a0c524 100644 --- a/3.18.7/4470_disable-compat_vdso.patch +++ b/3.18.8/4470_disable-compat_vdso.patch diff --git a/3.18.7/4475_emutramp_default_on.patch b/3.18.8/4475_emutramp_default_on.patch index ad4967a..ad4967a 100644 --- a/3.18.7/4475_emutramp_default_on.patch +++ b/3.18.8/4475_emutramp_default_on.patch diff --git a/3.2.67/0000_README b/3.2.67/0000_README index c7f6e15..54feb50 100644 --- a/3.2.67/0000_README +++ b/3.2.67/0000_README @@ -186,7 +186,7 @@ Patch: 1066_linux-3.2.67.patch From: http://www.kernel.org Desc: Linux 3.2.67 -Patch: 4420_grsecurity-3.1-3.2.67-201502222131.patch +Patch: 4420_grsecurity-3.1-3.2.67-201502271837.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.67/4420_grsecurity-3.1-3.2.67-201502222131.patch b/3.2.67/4420_grsecurity-3.1-3.2.67-201502271837.patch index f77ebd7..51ee248 100644 --- a/3.2.67/4420_grsecurity-3.1-3.2.67-201502222131.patch +++ b/3.2.67/4420_grsecurity-3.1-3.2.67-201502271837.patch @@ -56080,6 +56080,35 @@ index b8f55c4..4c2b80c 100644 if (limit != RLIM_INFINITY && offset > limit) goto out_sig; if (offset > inode->i_sb->s_maxbytes) +diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c +index de54271..62d7a6d 100644 +--- a/fs/autofs4/dev-ioctl.c ++++ b/fs/autofs4/dev-ioctl.c +@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param) + */ + static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in) + { +- struct autofs_dev_ioctl tmp; ++ struct autofs_dev_ioctl tmp, *res; + + if (copy_from_user(&tmp, in, sizeof(tmp))) + return ERR_PTR(-EFAULT); +@@ -103,7 +103,14 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i + if (tmp.size < sizeof(tmp)) + return ERR_PTR(-EINVAL); + +- return memdup_user(in, tmp.size); ++ if (tmp.size > (PATH_MAX + sizeof(tmp))) ++ return ERR_PTR(-ENAMETOOLONG); ++ ++ res = memdup_user(in, tmp.size); ++ if (!IS_ERR(res)) ++ res->size = tmp.size; ++ ++ return res; + } + + static inline void free_dev_ioctl(struct autofs_dev_ioctl *param) diff --git a/fs/autofs4/init.c b/fs/autofs4/init.c index c038727..4ba2927 100644 --- a/fs/autofs4/init.c @@ -58549,7 +58578,7 @@ index 451b9b8..12e5a03 100644 out_free_fd: diff --git a/fs/exec.c b/fs/exec.c -index 78199eb..a1fb382 100644 +index 78199eb..abce65a 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,12 +55,35 @@ @@ -59417,7 +59446,7 @@ index 78199eb..a1fb382 100644 + const char *type; +#endif + -+#ifndef CONFIG_STACK_GROWSUP ++#if !defined(CONFIG_STACK_GROWSUP) && !defined(CONFIG_X86_64) + unsigned long stackstart = (unsigned long)task_stack_page(current); + unsigned long currentsp = (unsigned long)&stackstart; + if (unlikely(currentsp < stackstart + 512 || @@ -82474,7 +82503,7 @@ index bff29c5..7437762 100644 /* * irq_chip specific flags diff --git a/include/linux/irqdesc.h b/include/linux/irqdesc.h -index e2e1ab5..1e1e417 100644 +index e2e1ab5..eef4751 100644 --- a/include/linux/irqdesc.h +++ b/include/linux/irqdesc.h @@ -41,7 +41,6 @@ struct module; @@ -82485,6 +82514,15 @@ index e2e1ab5..1e1e417 100644 unsigned int __percpu *kstat_irqs; irq_flow_handler_t handle_irq; #ifdef CONFIG_IRQ_PREFLOW_FASTEOI +@@ -55,7 +54,7 @@ struct irq_desc { + unsigned int irq_count; /* For detecting broken IRQs */ + unsigned long last_unhandled; /* Aging timer for unhandled count */ + unsigned int irqs_unhandled; +- atomic_t threads_handled; ++ atomic_unchecked_t threads_handled; + int threads_handled_last; + raw_spinlock_t lock; + struct cpumask *percpu_enabled; diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h index f4e8578..cbfc9fc 100644 --- a/include/linux/jiffies.h @@ -89994,9 +90032,18 @@ index 20e88af..ec1b0d2 100644 }; diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c -index 127a32e..6afe478 100644 +index 127a32e..129057f 100644 --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c +@@ -814,7 +814,7 @@ static int irq_thread(void *data) + raw_spin_unlock_irq(&desc->lock); + action_ret = handler_fn(desc, action); + if (action_ret == IRQ_HANDLED) +- atomic_inc(&desc->threads_handled); ++ atomic_inc_unchecked(&desc->threads_handled); + } + + wake = atomic_dec_and_test(&desc->threads_active); @@ -900,22 +900,6 @@ __setup_irq(unsigned int irq, struct irq_desc *desc, struct irqaction *new) return -ENOSYS; if (!try_module_get(desc->owner)) @@ -90028,6 +90075,19 @@ index 127a32e..6afe478 100644 * IRQF_TRIGGER_* Specify active edge(s) or level * */ +diff --git a/kernel/irq/spurious.c b/kernel/irq/spurious.c +index 6d426eb..01b2d87 100644 +--- a/kernel/irq/spurious.c ++++ b/kernel/irq/spurious.c +@@ -331,7 +331,7 @@ void note_interrupt(unsigned int irq, struct irq_desc *desc, + * count. We just care about the count being + * different than the one we saw before. + */ +- handled = atomic_read(&desc->threads_handled); ++ handled = atomic_read_unchecked(&desc->threads_handled); + handled |= SPURIOUS_DEFERRED; + if (handled != desc->threads_handled_last) { + action_ret = IRQ_HANDLED; diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 66ff710..794bc5a 100644 --- a/kernel/jump_label.c @@ -106653,6 +106713,43 @@ index a1839c0..4e06b9b 100644 if (!llc_proc_dir) goto out; +diff --git a/net/llc/sysctl_net_llc.c b/net/llc/sysctl_net_llc.c +index e2ebe35..be078ec 100644 +--- a/net/llc/sysctl_net_llc.c ++++ b/net/llc/sysctl_net_llc.c +@@ -17,28 +17,28 @@ static struct ctl_table llc2_timeout_table[] = { + { + .procname = "ack", + .data = &sysctl_llc2_ack_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_ack_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "busy", + .data = &sysctl_llc2_busy_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_busy_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "p", + .data = &sysctl_llc2_p_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_p_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, + { + .procname = "rej", + .data = &sysctl_llc2_rej_timeout, +- .maxlen = sizeof(long), ++ .maxlen = sizeof(sysctl_llc2_rej_timeout), + .mode = 0644, + .proc_handler = proc_dointvec_jiffies, + }, diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index a9cf593..b04a2d5 100644 --- a/net/mac80211/ieee80211_i.h |