grsecurity-3.1-4.4.8-20160425220620160425

author: Anthony G. Basile <blueness@gentoo.org> 2016-04-26 04:20:46 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2016-04-26 04:20:46 -0400
commit: 609ffe9ee3a9e872e67a7e811058ee837cd917dd (patch)
tree: 3935287af68fe000d32778c60f8e2b322778506d
parent: scripts/sendit.sh: helper to send patches to my dev space (diff)
download: hardened-patchset-609ffe9ee3a9e872e67a7e811058ee837cd917dd.tar.gz
hardened-patchset-609ffe9ee3a9e872e67a7e811058ee837cd917dd.tar.bz2
hardened-patchset-609ffe9ee3a9e872e67a7e811058ee837cd917dd.zip
2 files changed, 59 insertions, 6 deletions
diff --git a/4.4.8/0000_README b/4.4.8/0000_README
index 50bafae..31bb556 100644
--- a/4.4.8/0000_README
+++ b/4.4.8/0000_README
@@ -6,7 +6,7 @@ Patch:	1007_linux-4.4.8.patch
 From:	http://www.kernel.org
 Desc:	Linux 4.4.8
 
-Patch:	4420_grsecurity-3.1-4.4.8-201604201957.patch
+Patch:	4420_grsecurity-3.1-4.4.8-201604252206.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch b/4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch
index a90771e..a7a3280 100644
--- a/4.4.8/4420_grsecurity-3.1-4.4.8-201604201957.patch
+++ b/4.4.8/4420_grsecurity-3.1-4.4.8-201604252206.patch
@@ -56408,6 +56408,18 @@ index a14c784..6de6790 100644
  	}
  
  #define BFA_CACHELINE_SZ	(256)
+diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c
+index f3bb7af..ead83a2 100644
+--- a/drivers/scsi/cxgbi/libcxgbi.c
++++ b/drivers/scsi/cxgbi/libcxgbi.c
+@@ -688,6 +688,7 @@ static struct rt6_info *find_route_ipv6(const struct in6_addr *saddr,
+ {
+ 	struct flowi6 fl;
+ 
++	memset(&fl, 0, sizeof(fl));
+ 	if (saddr)
+ 		memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
+ 	if (daddr)
 diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c
 index 045c4e1..13de803 100644
 --- a/drivers/scsi/fcoe/fcoe_sysfs.c
@@ -59040,7 +59052,7 @@ index c3fe026..9cfe421 100644
  
  	dlci->modem_rx = 0;
 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index cf000b3..63baffa 100644
+index cf000b3..a399250 100644
 --- a/drivers/tty/n_tty.c
 +++ b/drivers/tty/n_tty.c
 @@ -1507,7 +1507,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
@@ -59110,7 +59122,28 @@ index cf000b3..63baffa 100644
  
  	down_read(&tty->termios_rwsem);
  
-@@ -2550,6 +2550,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -1723,15 +1723,16 @@ n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
+ 		room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
+ 		if (I_PARMRK(tty))
+ 			room = (room + 2) / 3;
+-		room--;
+-		if (room <= 0) {
++		if (room <= 1) {
+ 			overflow = ldata->icanon && ldata->canon_head == tail;
+-			if (overflow && room < 0)
++			if (overflow && room == 0)
+ 				ldata->read_head--;
+ 			room = overflow;
+ 			ldata->no_room = flow && !room;
+-		} else
++		} else {
++			room--;
+ 			overflow = 0;
++		}
+ 
+ 		n = min(count, room);
+ 		if (!n)
+@@ -2550,6 +2551,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
  {
  	*ops = tty_ldisc_N_TTY;
  	ops->owner = NULL;
@@ -86717,7 +86750,7 @@ index b6c00ce..ab37ad1 100644
  static struct pid *
  get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
 diff --git a/fs/proc/base.c b/fs/proc/base.c
-index b7de324..417bafe 100644
+index b7de324..c1235e2 100644
 --- a/fs/proc/base.c
 +++ b/fs/proc/base.c
 @@ -113,6 +113,14 @@ struct pid_entry {
@@ -86928,8 +86961,12 @@ index b7de324..417bafe 100644
  
  		if (write && copy_from_user(page, buf, this_len)) {
  			copied = -EFAULT;
-@@ -957,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
- 	if (!mm)
+@@ -954,9 +1034,16 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+ 	int ret = 0;
+ 	struct mm_struct *mm = file->private_data;
+ 
+-	if (!mm)
++	if (!mm || !mm->env_end)
  		return 0;
  
 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
@@ -115251,6 +115288,22 @@ index 70e5e09..87f2797 100644
  }
  #else
  static void register_sched_domain_sysctl(void)
+diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c
+index 6415117..7dc45dc 100644
+--- a/kernel/sched/debug.c
++++ b/kernel/sched/debug.c
+@@ -490,7 +490,11 @@ static int __init init_sched_debug_procfs(void)
+ {
+ 	struct proc_dir_entry *pe;
+ 
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++	pe = proc_create("sched_debug", 0400, NULL, &sched_debug_fops);
++#else
+ 	pe = proc_create("sched_debug", 0444, NULL, &sched_debug_fops);
++#endif
+ 	if (!pe)
+ 		return -ENOMEM;
+ 	return 0;
 diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
 index cfdc0e6..71f2abd 100644
 --- a/kernel/sched/fair.c
author	Anthony G. Basile <blueness@gentoo.org>	2016-04-26 04:20:46 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2016-04-26 04:20:46 -0400
commit	609ffe9ee3a9e872e67a7e811058ee837cd917dd (patch)
tree	3935287af68fe000d32778c60f8e2b322778506d
parent	scripts/sendit.sh: helper to send patches to my dev space (diff)
download	hardened-patchset-609ffe9ee3a9e872e67a7e811058ee837cd917dd.tar.gz hardened-patchset-609ffe9ee3a9e872e67a7e811058ee837cd917dd.tar.bz2 hardened-patchset-609ffe9ee3a9e872e67a7e811058ee837cd917dd.zip