grsecurity-3.1-4.1.7-20150913160420150913

author: Anthony G. Basile <blueness@gentoo.org> 2015-09-15 02:08:42 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2015-09-15 02:08:42 -0400
commit: 7d132b81e64c0d8144213e9dec6f36d9e0db839c (patch)
tree: 0fb85ec06dd088a65ac6d9dbe59c1f6a5c40e878
parent: grsecurity-3.1-4.1.6-201509112213 (diff)
download: hardened-patchset-7d132b81e64c0d8144213e9dec6f36d9e0db839c.tar.gz
hardened-patchset-7d132b81e64c0d8144213e9dec6f36d9e0db839c.tar.bz2
hardened-patchset-7d132b81e64c0d8144213e9dec6f36d9e0db839c.zip
11 files changed, 115 insertions, 260 deletions
diff --git a/4.1.6/0000_README b/4.1.7/0000_README
index 1d2e649..a82b514 100644
--- a/4.1.6/0000_README
+++ b/4.1.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.1.6-201509112213.patch
+Patch:	4420_grsecurity-3.1-4.1.7-201509131604.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.1.6/4420_grsecurity-3.1-4.1.6-201509112213.patch b/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
index c1cfd1d..eb11268 100644
--- a/4.1.6/4420_grsecurity-3.1-4.1.6-201509112213.patch
+++ b/4.1.7/4420_grsecurity-3.1-4.1.7-201509131604.patch
@@ -406,7 +406,7 @@ index c831001..1bfbbf6 100644
  
  A toggle value indicating if modules are allowed to be loaded
 diff --git a/Makefile b/Makefile
-index 838dabc..90df77d 100644
+index b8591e5..1d9e8c0 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -299,7 +299,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3603,7 +3603,7 @@ index 5305ec7..6d74045 100644
  
  #include <asm/smp_scu.h>
 diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c
-index 3b56722..33ac281 100644
+index 6833df4..3e059b2 100644
 --- a/arch/arm/mach-omap2/omap-wakeupgen.c
 +++ b/arch/arm/mach-omap2/omap-wakeupgen.c
 @@ -330,7 +330,7 @@ static int irq_cpu_hotplug_notify(struct notifier_block *self,
@@ -3776,7 +3776,7 @@ index 2dea8b5..6499da2 100644
  extern void ux500_cpu_die(unsigned int cpu);
  
 diff --git a/arch/arm/mach-zynq/platsmp.c b/arch/arm/mach-zynq/platsmp.c
-index 52d768f..5f93180 100644
+index f66816c..228b951 100644
 --- a/arch/arm/mach-zynq/platsmp.c
 +++ b/arch/arm/mach-zynq/platsmp.c
 @@ -24,6 +24,7 @@
@@ -19044,23 +19044,6 @@ index 7d5a192..23ef1aa 100644
  #define __USER32_CS			(GDT_ENTRY_DEFAULT_USER32_CS*8 + 3)
  #define __USER_DS			(GDT_ENTRY_DEFAULT_USER_DS*8 + 3)
  #define __USER32_DS			__USER_DS
-diff --git a/arch/x86/include/asm/sigcontext.h b/arch/x86/include/asm/sigcontext.h
-index 6fe6b18..9dfce4e 100644
---- a/arch/x86/include/asm/sigcontext.h
-+++ b/arch/x86/include/asm/sigcontext.h
-@@ -57,9 +57,9 @@ struct sigcontext {
- 	unsigned long ip;
- 	unsigned long flags;
- 	unsigned short cs;
--	unsigned short __pad2;	/* Was called gs, but was always zero. */
--	unsigned short __pad1;	/* Was called fs, but was always zero. */
--	unsigned short ss;
-+	unsigned short gs;
-+	unsigned short fs;
-+	unsigned short __pad0;
- 	unsigned long err;
- 	unsigned long trapno;
- 	unsigned long oldmask;
 diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h
 index ba665eb..0f72938 100644
 --- a/arch/x86/include/asm/smap.h
@@ -20515,38 +20498,6 @@ index 960a8a9..404daf7 100644
  #define BIOS_END		0x00100000
  
  #define BIOS_ROM_BASE		0xffe00000
-diff --git a/arch/x86/include/uapi/asm/sigcontext.h b/arch/x86/include/uapi/asm/sigcontext.h
-index 16dc4e8..d8b9f908 100644
---- a/arch/x86/include/uapi/asm/sigcontext.h
-+++ b/arch/x86/include/uapi/asm/sigcontext.h
-@@ -177,24 +177,9 @@ struct sigcontext {
- 	__u64 rip;
- 	__u64 eflags;		/* RFLAGS */
- 	__u16 cs;
--
--	/*
--	 * Prior to 2.5.64 ("[PATCH] x86-64 updates for 2.5.64-bk3"),
--	 * Linux saved and restored fs and gs in these slots.  This
--	 * was counterproductive, as fsbase and gsbase were never
--	 * saved, so arch_prctl was presumably unreliable.
--	 *
--	 * If these slots are ever needed for any other purpose, there
--	 * is some risk that very old 64-bit binaries could get
--	 * confused.  I doubt that many such binaries still work,
--	 * though, since the same patch in 2.5.64 also removed the
--	 * 64-bit set_thread_area syscall, so it appears that there is
--	 * no TLS API that works in both pre- and post-2.5.64 kernels.
--	 */
--	__u16 __pad2;		/* Was gs. */
--	__u16 __pad1;		/* Was fs. */
--
--	__u16 ss;
-+	__u16 gs;
-+	__u16 fs;
-+	__u16 __pad0;
- 	__u64 err;
- 	__u64 trapno;
- 	__u64 oldmask;
 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
 index 9bcd0b5..750f1b7 100644
 --- a/arch/x86/kernel/Makefile
@@ -20870,7 +20821,7 @@ index aef6531..d7ca83a 100644
  	bp_int3_handler = handler;
  	bp_int3_addr = (u8 *)addr + sizeof(int3);
 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index dcb5285..cc79e9d 100644
+index cde732c..6365ac2 100644
 --- a/arch/x86/kernel/apic/apic.c
 +++ b/arch/x86/kernel/apic/apic.c
 @@ -171,7 +171,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR;
@@ -26568,7 +26519,7 @@ index 77dd0ad..9ec4723 100644
  		dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs);
  }
 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 6e338e3..82f946e 100644
+index 9717437..44bc9aa 100644
 --- a/arch/x86/kernel/process.c
 +++ b/arch/x86/kernel/process.c
 @@ -38,7 +38,8 @@
@@ -26635,7 +26586,7 @@ index 6e338e3..82f946e 100644
  {
  	local_irq_disable();
  	/*
-@@ -531,16 +536,43 @@ static int __init idle_setup(char *str)
+@@ -533,16 +538,43 @@ static int __init idle_setup(char *str)
  }
  early_param("idle", idle_setup);
  
@@ -27343,38 +27294,10 @@ index e4fcb87..9c06c55 100644
  		 * Up to this point, the boot CPU has been using .init.data
  		 * area.  Reload any changed state for the boot CPU.
 diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 1ea14fd..b551e66 100644
+index e0fd5f47..b551e66 100644
 --- a/arch/x86/kernel/signal.c
 +++ b/arch/x86/kernel/signal.c
-@@ -93,8 +93,15 @@ int restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc)
- 		COPY(r15);
- #endif /* CONFIG_X86_64 */
- 
-+#ifdef CONFIG_X86_32
- 		COPY_SEG_CPL3(cs);
- 		COPY_SEG_CPL3(ss);
-+#else /* !CONFIG_X86_32 */
-+		/* Kernel saves and restores only the CS segment register on signals,
-+		 * which is the bare minimum needed to allow mixed 32/64-bit code.
-+		 * App's signal handler can save/restore other segments if needed. */
-+		COPY_SEG_CPL3(cs);
-+#endif /* CONFIG_X86_32 */
- 
- 		get_user_ex(tmpflags, &sc->flags);
- 		regs->flags = (regs->flags & ~FIX_EFLAGS) | (tmpflags & FIX_EFLAGS);
-@@ -154,9 +161,8 @@ int setup_sigcontext(struct sigcontext __user *sc, void __user *fpstate,
- #else /* !CONFIG_X86_32 */
- 		put_user_ex(regs->flags, &sc->flags);
- 		put_user_ex(regs->cs, &sc->cs);
--		put_user_ex(0, &sc->__pad2);
--		put_user_ex(0, &sc->__pad1);
--		put_user_ex(regs->ss, &sc->ss);
-+		put_user_ex(0, &sc->gs);
-+		put_user_ex(0, &sc->fs);
- #endif /* CONFIG_X86_32 */
- 
- 		put_user_ex(fpstate, &sc->fpstate);
-@@ -183,7 +189,7 @@ static unsigned long align_sigframe(unsigned long sp)
+@@ -189,7 +189,7 @@ static unsigned long align_sigframe(unsigned long sp)
  	 * Align the stack pointer according to the i386 ABI,
  	 * i.e. so that on function entry ((sp + 4) & 15) == 0.
  	 */
@@ -27383,7 +27306,7 @@ index 1ea14fd..b551e66 100644
  #else /* !CONFIG_X86_32 */
  	sp = round_down(sp, 16) - 8;
  #endif
-@@ -291,10 +297,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -297,10 +297,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
  	}
  
  	if (current->mm->context.vdso)
@@ -27396,7 +27319,7 @@ index 1ea14fd..b551e66 100644
  	if (ksig->ka.sa.sa_flags & SA_RESTORER)
  		restorer = ksig->ka.sa.sa_restorer;
  
-@@ -308,7 +313,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -314,7 +313,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
  	 * reasons and because gdb uses it as a signature to notice
  	 * signal handler stack frames.
  	 */
@@ -27405,7 +27328,7 @@ index 1ea14fd..b551e66 100644
  
  	if (err)
  		return -EFAULT;
-@@ -355,8 +360,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -361,8 +360,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
  		save_altstack_ex(&frame->uc.uc_stack, regs->sp);
  
  		/* Set up to return from userspace.  */
@@ -27418,7 +27341,7 @@ index 1ea14fd..b551e66 100644
  		if (ksig->ka.sa.sa_flags & SA_RESTORER)
  			restorer = ksig->ka.sa.sa_restorer;
  		put_user_ex(restorer, &frame->pretcode);
-@@ -368,7 +375,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -374,7 +375,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
  		 * reasons and because gdb uses it as a signature to notice
  		 * signal handler stack frames.
  		 */
@@ -27427,29 +27350,7 @@ index 1ea14fd..b551e66 100644
  	} put_user_catch(err);
  	
  	err |= copy_siginfo_to_user(&frame->info, &ksig->info);
-@@ -450,19 +457,9 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
- 
- 	regs->sp = (unsigned long)frame;
- 
--	/*
--	 * Set up the CS and SS registers to run signal handlers in
--	 * 64-bit mode, even if the handler happens to be interrupting
--	 * 32-bit or 16-bit code.
--	 *
--	 * SS is subtle.  In 64-bit mode, we don't need any particular
--	 * SS descriptor, but we do need SS to be valid.  It's possible
--	 * that the old SS is entirely bogus -- this can happen if the
--	 * signal we're trying to deliver is #GP or #SS caused by a bad
--	 * SS value.
--	 */
-+	/* Set up the CS register to run signal handlers in 64-bit mode,
-+	   even if the handler happens to be interrupting 32-bit code. */
- 	regs->cs = __USER_CS;
--	regs->ss = __USER_DS;
- 
- 	return 0;
- }
-@@ -598,7 +595,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -594,7 +595,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
  {
  	int usig = ksig->sig;
  	sigset_t *set = sigmask_to_save();
@@ -27463,7 +27364,7 @@ index 1ea14fd..b551e66 100644
  
  	/* Set up the stack frame */
  	if (is_ia32_frame()) {
-@@ -609,7 +611,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -605,7 +611,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
  	} else if (is_x32_frame()) {
  		return x32_setup_rt_frame(ksig, cset, regs);
  	} else {
@@ -35727,13 +35628,13 @@ index 1c9f750..cfddb1a 100644
  {
  	int cpu = smp_processor_id();
 diff --git a/arch/x86/xen/Kconfig b/arch/x86/xen/Kconfig
-index e88fda8..76ce7ce 100644
+index 4841453..d59a203 100644
 --- a/arch/x86/xen/Kconfig
 +++ b/arch/x86/xen/Kconfig
 @@ -9,6 +9,7 @@ config XEN
  	select XEN_HAVE_PVMMU
  	depends on X86_64 || (X86_32 && X86_PAE)
- 	depends on X86_TSC
+ 	depends on X86_LOCAL_APIC && X86_TSC
 +	depends on !GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_VIRT_XEN
  	help
  	  This is the Linux Xen port.  Enabling this will allow the
@@ -36015,7 +35916,7 @@ index 8afdfcc..79239db 100644
  	mov %rsi,xen_start_info
  	mov $init_thread_union+THREAD_SIZE,%rsp
 diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
-index 9e195c6..523ed36 100644
+index bef30cb..f1a0d68 100644
 --- a/arch/x86/xen/xen-ops.h
 +++ b/arch/x86/xen/xen-ops.h
 @@ -16,8 +16,6 @@ void xen_syscall_target(void);
@@ -36650,7 +36551,7 @@ index 287c4ba..6a600bc 100644
  				unsigned long timeout_msec)
  {
 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 41c99be..f058d4a 100644
+index e0064d1..e53c75e 100644
 --- a/drivers/ata/libata-core.c
 +++ b/drivers/ata/libata-core.c
 @@ -102,7 +102,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
@@ -36662,7 +36563,7 @@ index 41c99be..f058d4a 100644
  
  struct ata_force_param {
  	const char	*name;
-@@ -4816,7 +4816,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4800,7 +4800,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
  	struct ata_port *ap;
  	unsigned int tag;
  
@@ -36671,7 +36572,7 @@ index 41c99be..f058d4a 100644
  	ap = qc->ap;
  
  	qc->flags = 0;
-@@ -4833,7 +4833,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4817,7 +4817,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
  	struct ata_port *ap;
  	struct ata_link *link;
  
@@ -36680,7 +36581,7 @@ index 41c99be..f058d4a 100644
  	WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
  	ap = qc->ap;
  	link = qc->dev->link;
-@@ -5940,6 +5940,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5924,6 +5924,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
  		return;
  
  	spin_lock(&lock);
@@ -36688,7 +36589,7 @@ index 41c99be..f058d4a 100644
  
  	for (cur = ops->inherits; cur; cur = cur->inherits) {
  		void **inherit = (void **)cur;
-@@ -5953,8 +5954,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5937,8 +5938,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
  		if (IS_ERR(*pp))
  			*pp = NULL;
  
@@ -36699,7 +36600,7 @@ index 41c99be..f058d4a 100644
  	spin_unlock(&lock);
  }
  
-@@ -6150,7 +6152,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+@@ -6134,7 +6136,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
  
  	/* give ports names and add SCSI hosts */
  	for (i = 0; i < host->n_ports; i++) {
@@ -36709,10 +36610,10 @@ index 41c99be..f058d4a 100644
  	}
  
 diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index 641a61a..8309252 100644
+index 0d7f0da..bc20aa6 100644
 --- a/drivers/ata/libata-scsi.c
 +++ b/drivers/ata/libata-scsi.c
-@@ -4210,7 +4210,7 @@ int ata_sas_port_init(struct ata_port *ap)
+@@ -4193,7 +4193,7 @@ int ata_sas_port_init(struct ata_port *ap)
  
  	if (rc)
  		return rc;
@@ -36722,7 +36623,7 @@ index 641a61a..8309252 100644
  }
  EXPORT_SYMBOL_GPL(ata_sas_port_init);
 diff --git a/drivers/ata/libata.h b/drivers/ata/libata.h
-index a998a17..8de4bf4 100644
+index f840ca1..edd6ef3 100644
 --- a/drivers/ata/libata.h
 +++ b/drivers/ata/libata.h
 @@ -53,7 +53,7 @@ enum {
@@ -42366,28 +42267,6 @@ index 722a925..594c312 100644
  
  	hid_debug_register(hdev, dev_name(&hdev->dev));
  	ret = device_add(&hdev->dev);
-diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
-index 008e89b..32d52d2 100644
---- a/drivers/hid/hid-input.c
-+++ b/drivers/hid/hid-input.c
-@@ -462,12 +462,15 @@ out:
- 
- static void hidinput_cleanup_battery(struct hid_device *dev)
- {
-+	const struct power_supply_desc *psy_desc;
-+
- 	if (!dev->battery)
- 		return;
- 
-+	psy_desc = dev->battery->desc;
- 	power_supply_unregister(dev->battery);
--	kfree(dev->battery->desc->name);
--	kfree(dev->battery->desc);
-+	kfree(psy_desc->name);
-+	kfree(psy_desc);
- 	dev->battery = NULL;
- }
- #else  /* !CONFIG_HID_BATTERY_STRENGTH */
 diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c
 index 5614fee..8301fbf 100644
 --- a/drivers/hid/hid-sensor-custom.c
@@ -45348,7 +45227,7 @@ index 16ba55a..31af906 100644
  		       "start=%llu, len=%llu, dev_size=%llu",
  		       dm_device_name(ti->table->md), bdevname(bdev, b),
 diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
-index 79f6941..b33b4e0 100644
+index cde1d67..4c88a5ce 100644
 --- a/drivers/md/dm-thin-metadata.c
 +++ b/drivers/md/dm-thin-metadata.c
 @@ -404,7 +404,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
@@ -50327,10 +50206,10 @@ index 0ffb6ff..c0b7f0e 100644
  	memset(buf, 0, sizeof(buf));
  	buf_size = min(count, sizeof(buf) - 1);
 diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index 37e6a6f..b3b0369 100644
+index 699a480..1801fc3 100644
 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c
 +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1919,7 +1919,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1935,7 +1935,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
  	struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
  
  	char buf[8];
@@ -50339,7 +50218,7 @@ index 37e6a6f..b3b0369 100644
  	u32 reset_flag;
  
  	memset(buf, 0, sizeof(buf));
-@@ -1940,7 +1940,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1956,7 +1956,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
  {
  	struct iwl_trans *trans = file->private_data;
  	char buf[8];
@@ -52372,7 +52251,7 @@ index 6577130..955f9a4 100644
  
  struct board_type {
 diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
-index 1b3a094..068e683 100644
+index 30f9ef0..a1e29ac 100644
 --- a/drivers/scsi/libfc/fc_exch.c
 +++ b/drivers/scsi/libfc/fc_exch.c
 @@ -101,12 +101,12 @@ struct fc_exch_mgr {
@@ -52394,7 +52273,7 @@ index 1b3a094..068e683 100644
  	} stats;
  };
  
-@@ -811,7 +811,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
+@@ -809,7 +809,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
  	/* allocate memory for exchange */
  	ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
  	if (!ep) {
@@ -52403,7 +52282,7 @@ index 1b3a094..068e683 100644
  		goto out;
  	}
  	memset(ep, 0, sizeof(*ep));
-@@ -874,7 +874,7 @@ out:
+@@ -872,7 +872,7 @@ out:
  	return ep;
  err:
  	spin_unlock_bh(&pool->lock);
@@ -52412,7 +52291,7 @@ index 1b3a094..068e683 100644
  	mempool_free(ep, mp->ep_pool);
  	return NULL;
  }
-@@ -1023,7 +1023,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1021,7 +1021,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
  		xid = ntohs(fh->fh_ox_id);	/* we originated exch */
  		ep = fc_exch_find(mp, xid);
  		if (!ep) {
@@ -52421,7 +52300,7 @@ index 1b3a094..068e683 100644
  			reject = FC_RJT_OX_ID;
  			goto out;
  		}
-@@ -1053,7 +1053,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1051,7 +1051,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
  		ep = fc_exch_find(mp, xid);
  		if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
  			if (ep) {
@@ -52430,7 +52309,7 @@ index 1b3a094..068e683 100644
  				reject = FC_RJT_RX_ID;
  				goto rel;
  			}
-@@ -1064,7 +1064,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1062,7 +1062,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
  			}
  			xid = ep->xid;	/* get our XID */
  		} else if (!ep) {
@@ -52439,7 +52318,7 @@ index 1b3a094..068e683 100644
  			reject = FC_RJT_RX_ID;	/* XID not found */
  			goto out;
  		}
-@@ -1082,7 +1082,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -1080,7 +1080,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
  	} else {
  		sp = &ep->seq;
  		if (sp->id != fh->fh_seq_id) {
@@ -52448,7 +52327,7 @@ index 1b3a094..068e683 100644
  			if (f_ctl & FC_FC_END_SEQ) {
  				/*
  				 * Update sequence_id based on incoming last
-@@ -1533,22 +1533,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1531,22 +1531,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
  
  	ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
  	if (!ep) {
@@ -52475,7 +52354,7 @@ index 1b3a094..068e683 100644
  		goto rel;
  	}
  	sof = fr_sof(fp);
-@@ -1557,7 +1557,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1555,7 +1555,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
  		sp->ssb_stat |= SSB_ST_RESP;
  		sp->id = fh->fh_seq_id;
  	} else if (sp->id != fh->fh_seq_id) {
@@ -52484,7 +52363,7 @@ index 1b3a094..068e683 100644
  		goto rel;
  	}
  
-@@ -1619,9 +1619,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1618,9 +1618,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
  	sp = fc_seq_lookup_orig(mp, fp);	/* doesn't hold sequence */
  
  	if (!sp)
@@ -53102,7 +52981,7 @@ index f115f67..b80b2c1 100644
  
  	transport_setup_device(&rport->dev);
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 7f9d65f..e856438 100644
+index 11ea52b..7968d4d 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
 @@ -111,7 +111,7 @@ static int sd_resume(struct device *);
@@ -97424,7 +97303,7 @@ index 1eee6bc..9cf4912 100644
  extern struct ipc_namespace init_ipc_ns;
  extern atomic_t nr_ipc_ns;
 diff --git a/include/linux/irq.h b/include/linux/irq.h
-index 62c6901..827f8f6 100644
+index 3532dca..03ffc0b 100644
 --- a/include/linux/irq.h
 +++ b/include/linux/irq.h
 @@ -370,7 +370,8 @@ struct irq_chip {
@@ -102918,52 +102797,10 @@ index c3fc5c2..1f32fe2 100644
  		if (u->mq_bytes + mq_bytes < u->mq_bytes ||
  		    u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
 diff --git a/ipc/sem.c b/ipc/sem.c
-index d1a6edd..1a59db4 100644
+index c50aa57..07e9531 100644
 --- a/ipc/sem.c
 +++ b/ipc/sem.c
-@@ -253,6 +253,16 @@ static void sem_rcu_free(struct rcu_head *head)
- }
- 
- /*
-+ * spin_unlock_wait() and !spin_is_locked() are not memory barriers, they
-+ * are only control barriers.
-+ * The code must pair with spin_unlock(&sem->lock) or
-+ * spin_unlock(&sem_perm.lock), thus just the control barrier is insufficient.
-+ *
-+ * smp_rmb() is sufficient, as writes cannot pass the control barrier.
-+ */
-+#define ipc_smp_acquire__after_spin_is_unlocked()	smp_rmb()
-+
-+/*
-  * Wait until all currently ongoing simple ops have completed.
-  * Caller must own sem_perm.lock.
-  * New simple ops cannot start, because simple ops first check
-@@ -275,6 +285,7 @@ static void sem_wait_array(struct sem_array *sma)
- 		sem = sma->sem_base + i;
- 		spin_unlock_wait(&sem->lock);
- 	}
-+	ipc_smp_acquire__after_spin_is_unlocked();
- }
- 
- /*
-@@ -327,13 +338,12 @@ static inline int sem_lock(struct sem_array *sma, struct sembuf *sops,
- 		/* Then check that the global lock is free */
- 		if (!spin_is_locked(&sma->sem_perm.lock)) {
- 			/*
--			 * The ipc object lock check must be visible on all
--			 * cores before rechecking the complex count.  Otherwise
--			 * we can race with  another thread that does:
-+			 * We need a memory barrier with acquire semantics,
-+			 * otherwise we can race with another thread that does:
- 			 *	complex_count++;
- 			 *	spin_unlock(sem_perm.lock);
- 			 */
--			smp_rmb();
-+			ipc_smp_acquire__after_spin_is_unlocked();
- 
- 			/*
- 			 * Now repeat the test of complex_count:
-@@ -1780,7 +1790,7 @@ static int get_queue_result(struct sem_queue *q)
+@@ -1790,7 +1790,7 @@ static int get_queue_result(struct sem_queue *q)
  }
  
  SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops,
@@ -102972,7 +102809,7 @@ index d1a6edd..1a59db4 100644
  {
  	int error = -EINVAL;
  	struct sem_array *sma;
-@@ -2015,7 +2025,7 @@ out_free:
+@@ -2025,7 +2025,7 @@ out_free:
  }
  
  SYSCALL_DEFINE3(semop, int, semid, struct sembuf __user *, tsops,
@@ -103729,7 +103566,7 @@ index 41213454..861e178 100644
  #ifdef CONFIG_MODULE_UNLOAD
  		{
 diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 0ceb386..ddaf008 100644
+index 9481749..5fbec5b 100644
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
 @@ -172,8 +172,15 @@ static struct srcu_struct pmus_srcu;
@@ -103779,7 +103616,7 @@ index 0ceb386..ddaf008 100644
  
  	list_for_each_entry(child, &event->child_list, child_list) {
  		total += perf_event_read(child);
-@@ -4268,10 +4275,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -4303,10 +4310,10 @@ void perf_event_update_userpage(struct perf_event *event)
  		userpg->offset -= local64_read(&event->hw.prev_count);
  
  	userpg->time_enabled = enabled +
@@ -103792,7 +103629,7 @@ index 0ceb386..ddaf008 100644
  
  	arch_perf_update_userpage(event, userpg, now);
  
-@@ -4946,7 +4953,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -4989,7 +4996,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
  
  		/* Data. */
  		sp = perf_user_stack_pointer(regs);
@@ -103801,7 +103638,7 @@ index 0ceb386..ddaf008 100644
  		dyn_size = dump_size - rem;
  
  		perf_output_skip(handle, rem);
-@@ -5037,11 +5044,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -5080,11 +5087,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
  	values[n++] = perf_event_count(event);
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = enabled +
@@ -103815,7 +103652,7 @@ index 0ceb386..ddaf008 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -7533,7 +7540,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -7576,7 +7583,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
  	event->parent		= parent_event;
  
  	event->ns		= get_pid_ns(task_active_pid_ns(current));
@@ -103824,7 +103661,7 @@ index 0ceb386..ddaf008 100644
  
  	event->state		= PERF_EVENT_STATE_INACTIVE;
  
-@@ -7892,6 +7899,11 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -7935,6 +7942,11 @@ SYSCALL_DEFINE5(perf_event_open,
  	if (flags & ~PERF_FLAG_ALL)
  		return -EINVAL;
  
@@ -103836,7 +103673,7 @@ index 0ceb386..ddaf008 100644
  	err = perf_copy_attr(attr_uptr, &attr);
  	if (err)
  		return err;
-@@ -8340,10 +8352,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -8383,10 +8395,10 @@ static void sync_child_event(struct perf_event *child_event,
  	/*
  	 * Add back the child's count to the parent's count:
  	 */
@@ -108302,7 +108139,7 @@ index a4e372b..766810e 100644
  	if (!retval) {
  		if (old_rlim)
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index c3eee4c..586e4a0 100644
+index c3eee4c..2e53ad1 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
 @@ -94,7 +94,6 @@
@@ -108544,6 +108381,15 @@ index c3eee4c..586e4a0 100644
  	if (copy_to_user(*buf, tmp, len))
  		return -EFAULT;
  	*size -= len;
+@@ -1988,7 +2058,7 @@ static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp,
+ 		int val = *valp;
+ 		if (val < 0) {
+ 			*negp = true;
+-			*lvalp = (unsigned long)-val;
++			*lvalp = -(unsigned long)val;
+ 		} else {
+ 			*negp = false;
+ 			*lvalp = (unsigned long)val;
 @@ -2128,6 +2198,44 @@ int proc_dointvec(struct ctl_table *table, int write,
  		    	    NULL,NULL);
  }
@@ -108570,7 +108416,7 @@ index c3eee4c..586e4a0 100644
 +		int val = *valp;
 +		if (val < 0) {
 +			*negp = true;
-+			*lvalp = (unsigned long)-val;
++			*lvalp = -(unsigned long)val;
 +		} else {
 +			*negp = false;
 +			*lvalp = (unsigned long)val;
@@ -108617,10 +108463,20 @@ index c3eee4c..586e4a0 100644
  
  struct do_proc_dointvec_minmax_conv_param {
  	int *min;
-@@ -2203,6 +2309,32 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
- 	return 0;
- }
- 
+@@ -2194,7 +2300,33 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
+ 		int val = *valp;
+ 		if (val < 0) {
+ 			*negp = true;
+-			*lvalp = (unsigned long)-val;
++			*lvalp = -(unsigned long)val;
++		} else {
++			*negp = false;
++			*lvalp = (unsigned long)val;
++		}
++	}
++	return 0;
++}
++
 +static int do_proc_dointvec_minmax_conv_secure(bool *negp, unsigned long *lvalp,
 +					int *valp,
 +					int write, void *data)
@@ -108638,18 +108494,10 @@ index c3eee4c..586e4a0 100644
 +		int val = *valp;
 +		if (val < 0) {
 +			*negp = true;
-+			*lvalp = (unsigned long)-val;
-+		} else {
-+			*negp = false;
-+			*lvalp = (unsigned long)val;
-+		}
-+	}
-+	return 0;
-+}
-+
- /**
-  * proc_dointvec_minmax - read a vector of integers with min/max values
-  * @table: the sysctl table
++			*lvalp = -(unsigned long)val;
+ 		} else {
+ 			*negp = false;
+ 			*lvalp = (unsigned long)val;
 @@ -2230,6 +2362,17 @@ int proc_dointvec_minmax(struct ctl_table *table, int write,
  				do_proc_dointvec_minmax_conv, &param);
  }
@@ -108668,6 +108516,33 @@ index c3eee4c..586e4a0 100644
  static void validate_coredump_safety(void)
  {
  #ifdef CONFIG_COREDUMP
+@@ -2429,7 +2572,7 @@ static int do_proc_dointvec_jiffies_conv(bool *negp, unsigned long *lvalp,
+ 		unsigned long lval;
+ 		if (val < 0) {
+ 			*negp = true;
+-			lval = (unsigned long)-val;
++			lval = -(unsigned long)val;
+ 		} else {
+ 			*negp = false;
+ 			lval = (unsigned long)val;
+@@ -2452,7 +2595,7 @@ static int do_proc_dointvec_userhz_jiffies_conv(bool *negp, unsigned long *lvalp
+ 		unsigned long lval;
+ 		if (val < 0) {
+ 			*negp = true;
+-			lval = (unsigned long)-val;
++			lval = -(unsigned long)val;
+ 		} else {
+ 			*negp = false;
+ 			lval = (unsigned long)val;
+@@ -2477,7 +2620,7 @@ static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp,
+ 		unsigned long lval;
+ 		if (val < 0) {
+ 			*negp = true;
+-			lval = (unsigned long)-val;
++			lval = -(unsigned long)val;
+ 		} else {
+ 			*negp = false;
+ 			lval = (unsigned long)val;
 @@ -2732,6 +2875,12 @@ int proc_dostring(struct ctl_table *table, int write,
  	return -ENOSYS;
  }
@@ -111259,7 +111134,7 @@ index d551475..8fdd7f3 100644
  	if (end == start)
  		return error;
 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 501820c..9612bcf 100644
+index 9f48145..60a2ac1 100644
 --- a/mm/memory-failure.c
 +++ b/mm/memory-failure.c
 @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -111342,7 +111217,7 @@ index 501820c..9612bcf 100644
  		freeit = 1;
  		if (PageHuge(page))
  			clear_page_hwpoison_huge_page(page);
-@@ -1616,11 +1616,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
+@@ -1617,11 +1617,11 @@ static int soft_offline_huge_page(struct page *page, int flags)
  		if (PageHuge(page)) {
  			set_page_hwpoison_huge_page(hpage);
  			dequeue_hwpoisoned_huge_page(hpage);
@@ -111356,7 +111231,7 @@ index 501820c..9612bcf 100644
  		}
  	}
  	return ret;
-@@ -1659,7 +1659,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1660,7 +1660,7 @@ static int __soft_offline_page(struct page *page, int flags)
  		put_page(page);
  		pr_info("soft_offline: %#lx: invalidated\n", pfn);
  		SetPageHWPoison(page);
@@ -111365,7 +111240,7 @@ index 501820c..9612bcf 100644
  		return 0;
  	}
  
-@@ -1708,7 +1708,7 @@ static int __soft_offline_page(struct page *page, int flags)
+@@ -1709,7 +1709,7 @@ static int __soft_offline_page(struct page *page, int flags)
  			if (!is_free_buddy_page(page))
  				pr_info("soft offline: %#lx: page leaked\n",
  					pfn);
@@ -111374,7 +111249,7 @@ index 501820c..9612bcf 100644
  		}
  	} else {
  		pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
-@@ -1778,11 +1778,11 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1779,11 +1779,11 @@ int soft_offline_page(struct page *page, int flags)
  		if (PageHuge(page)) {
  			set_page_hwpoison_huge_page(hpage);
  			if (!dequeue_hwpoisoned_huge_page(hpage))
@@ -116140,26 +116015,6 @@ index c92b52f..006c052 100644
  	.kind		= "vlan",
  	.maxtype	= IFLA_VLAN_MAX,
  	.policy		= vlan_policy,
-diff --git a/net/9p/client.c b/net/9p/client.c
-index 81925b9..fcf6fe0 100644
---- a/net/9p/client.c
-+++ b/net/9p/client.c
-@@ -1541,6 +1541,7 @@ p9_client_read(struct p9_fid *fid, u64 offset, struct iov_iter *to, int *err)
- 	struct p9_client *clnt = fid->clnt;
- 	struct p9_req_t *req;
- 	int total = 0;
-+	*err = 0;
- 
- 	p9_debug(P9_DEBUG_9P, ">>> TREAD fid %d offset %llu %d\n",
- 		   fid->fid, (unsigned long long) offset, (int)iov_iter_count(to));
-@@ -1616,6 +1617,7 @@ p9_client_write(struct p9_fid *fid, u64 offset, struct iov_iter *from, int *err)
- 	struct p9_client *clnt = fid->clnt;
- 	struct p9_req_t *req;
- 	int total = 0;
-+	*err = 0;
- 
- 	p9_debug(P9_DEBUG_9P, ">>> TWRITE fid %d offset %llu count %zd\n",
- 				fid->fid, (unsigned long long) offset,
 diff --git a/net/9p/mod.c b/net/9p/mod.c
 index 6ab36ae..6f1841b 100644
 --- a/net/9p/mod.c
@@ -126025,7 +125880,7 @@ index 213a416..aeab5c9 100644
                  list_add(&s->list, &cs4297a_devs);
  
 diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
-index 5645481..63e53a2 100644
+index 36e8f12..9571f49 100644
 --- a/sound/pci/hda/hda_codec.c
 +++ b/sound/pci/hda/hda_codec.c
 @@ -1946,7 +1946,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec,
diff --git a/4.1.6/4425_grsec_remove_EI_PAX.patch b/4.1.7/4425_grsec_remove_EI_PAX.patch
index a80a5d7..a80a5d7 100644
--- a/4.1.6/4425_grsec_remove_EI_PAX.patch
+++ b/4.1.7/4425_grsec_remove_EI_PAX.patch
diff --git a/4.1.6/4427_force_XATTR_PAX_tmpfs.patch b/4.1.7/4427_force_XATTR_PAX_tmpfs.patch
index a789f0b..a789f0b 100644
--- a/4.1.6/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.1.7/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.1.6/4430_grsec-remove-localversion-grsec.patch b/4.1.7/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.1.6/4430_grsec-remove-localversion-grsec.patch
+++ b/4.1.7/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.1.6/4435_grsec-mute-warnings.patch b/4.1.7/4435_grsec-mute-warnings.patch
index b7564e4..b7564e4 100644
--- a/4.1.6/4435_grsec-mute-warnings.patch
+++ b/4.1.7/4435_grsec-mute-warnings.patch
diff --git a/4.1.6/4440_grsec-remove-protected-paths.patch b/4.1.7/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.1.6/4440_grsec-remove-protected-paths.patch
+++ b/4.1.7/4440_grsec-remove-protected-paths.patch
diff --git a/4.1.6/4450_grsec-kconfig-default-gids.patch b/4.1.7/4450_grsec-kconfig-default-gids.patch
index 61d903e..61d903e 100644
--- a/4.1.6/4450_grsec-kconfig-default-gids.patch
+++ b/4.1.7/4450_grsec-kconfig-default-gids.patch
diff --git a/4.1.6/4465_selinux-avc_audit-log-curr_ip.patch b/4.1.7/4465_selinux-avc_audit-log-curr_ip.patch
index ba89596..ba89596 100644
--- a/4.1.6/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.1.7/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.1.6/4470_disable-compat_vdso.patch b/4.1.7/4470_disable-compat_vdso.patch
index 7aefa02..7aefa02 100644
--- a/4.1.6/4470_disable-compat_vdso.patch
+++ b/4.1.7/4470_disable-compat_vdso.patch
diff --git a/4.1.6/4475_emutramp_default_on.patch b/4.1.7/4475_emutramp_default_on.patch
index a128205..a128205 100644
--- a/4.1.6/4475_emutramp_default_on.patch
+++ b/4.1.7/4475_emutramp_default_on.patch
author	Anthony G. Basile <blueness@gentoo.org>	2015-09-15 02:08:42 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2015-09-15 02:08:42 -0400
commit	7d132b81e64c0d8144213e9dec6f36d9e0db839c (patch)
tree	0fb85ec06dd088a65ac6d9dbe59c1f6a5c40e878
parent	grsecurity-3.1-4.1.6-201509112213 (diff)
download	hardened-patchset-7d132b81e64c0d8144213e9dec6f36d9e0db839c.tar.gz hardened-patchset-7d132b81e64c0d8144213e9dec6f36d9e0db839c.tar.bz2 hardened-patchset-7d132b81e64c0d8144213e9dec6f36d9e0db839c.zip