grsecurity-3.1-4.5.6-20160605164420160605

author: Anthony G. Basile <blueness@gentoo.org> 2016-06-06 10:22:25 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2016-06-06 10:22:25 -0400
commit: 713f3073603ed2b9ab0c16b36ad996bb8543cbef (patch)
tree: 9d16e2edb4c28e1c55630ad3f7ded9e207e8dd55
parent: grsecurity-3.1-4.5.5-201605291201 (diff)
download: hardened-patchset-713f3073603ed2b9ab0c16b36ad996bb8543cbef.tar.gz
hardened-patchset-713f3073603ed2b9ab0c16b36ad996bb8543cbef.tar.bz2
hardened-patchset-713f3073603ed2b9ab0c16b36ad996bb8543cbef.zip
11 files changed, 71 insertions, 65 deletions
diff --git a/4.5.5/0000_README b/4.5.6/0000_README
index 71dba33..48f38a5 100644
--- a/4.5.5/0000_README
+++ b/4.5.6/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.5-201605291201.patch
+Patch:	4420_grsecurity-3.1-4.5.6-201606051644.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch b/4.5.6/4420_grsecurity-3.1-4.5.6-201606051644.patch
index 1fb08ce..d2dfe90 100644
--- a/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch
+++ b/4.5.6/4420_grsecurity-3.1-4.5.6-201606051644.patch
@@ -408,7 +408,7 @@ index a93b414..f50a50b 100644
  
  A toggle value indicating if modules are allowed to be loaded
 diff --git a/Makefile b/Makefile
-index a23df41..db4f30b 100644
+index 07a1786..7f359da 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -456,7 +456,7 @@ index a23df41..db4f30b 100644
  ifdef CONFIG_READABLE_ASM
  # Disable optimizations that make assembler listings hard to read.
  # reorder blocks reorders the control in the function
-@@ -714,7 +727,7 @@ KBUILD_CFLAGS   += $(call cc-option, -gsplit-dwarf, -g)
+@@ -715,7 +728,7 @@ KBUILD_CFLAGS   += $(call cc-option, -gsplit-dwarf, -g)
  else
  KBUILD_CFLAGS	+= -g
  endif
@@ -465,7 +465,7 @@ index a23df41..db4f30b 100644
  endif
  ifdef CONFIG_DEBUG_INFO_DWARF4
  KBUILD_CFLAGS	+= $(call cc-option, -gdwarf-4,)
-@@ -886,7 +899,7 @@ export mod_sign_cmd
+@@ -887,7 +900,7 @@ export mod_sign_cmd
  
  
  ifeq ($(KBUILD_EXTMOD),)
@@ -474,7 +474,7 @@ index a23df41..db4f30b 100644
  
  vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
  		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -989,7 +1002,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -990,7 +1003,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
  
  archprepare: archheaders archscripts prepare1 scripts_basic
  
@@ -483,7 +483,7 @@ index a23df41..db4f30b 100644
  	$(Q)$(MAKE) $(build)=.
  
  # All the preparing..
-@@ -1184,7 +1197,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
+@@ -1185,7 +1198,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
  		  Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
  		  signing_key.pem signing_key.priv signing_key.x509	\
  		  x509.genkey extra_certificates signing_key.x509.keyid	\
@@ -496,7 +496,7 @@ index a23df41..db4f30b 100644
  
  # clean - Delete most, but leave enough to build external modules
  #
-@@ -1223,7 +1240,7 @@ distclean: mrproper
+@@ -1224,7 +1241,7 @@ distclean: mrproper
  	@find $(srctree) $(RCS_FIND_IGNORE) \
  		\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
  		-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -25822,7 +25822,7 @@ index 653f88d..11b6b78 100644
  	if (!insn.opcode.got)
  		return X86_BR_ABORT;
 diff --git a/arch/x86/kernel/cpu/perf_event_intel_pt.c b/arch/x86/kernel/cpu/perf_event_intel_pt.c
-index c0bbd10..53a5dc6 100644
+index a5286d0..79c220a 100644
 --- a/arch/x86/kernel/cpu/perf_event_intel_pt.c
 +++ b/arch/x86/kernel/cpu/perf_event_intel_pt.c
 @@ -133,14 +133,10 @@ static const struct attribute_group *pt_attr_groups[] = {
@@ -25890,7 +25890,7 @@ index c0bbd10..53a5dc6 100644
  }
  
  #define RTIT_CTL_CYC_PSB (RTIT_CTL_CYCLEACC	| \
-@@ -997,7 +979,7 @@ static void pt_event_start(struct perf_event *event, int mode)
+@@ -999,7 +981,7 @@ static void pt_event_start(struct perf_event *event, int mode)
  		return;
  	}
  
@@ -25899,7 +25899,7 @@ index c0bbd10..53a5dc6 100644
  	event->hw.state = 0;
  
  	pt_config_buffer(buf->cur->table, buf->cur_idx,
-@@ -1013,7 +995,7 @@ static void pt_event_stop(struct perf_event *event, int mode)
+@@ -1015,7 +997,7 @@ static void pt_event_stop(struct perf_event *event, int mode)
  	 * Protect against the PMI racing with disabling wrmsr,
  	 * see comment in intel_pt_interrupt().
  	 */
@@ -31435,7 +31435,7 @@ index dad5fe9..ce5f4ba 100644
  	.disable		= native_disable_io_apic,
  };
 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 6525e92..28559d2 100644
+index 2e1fd58..cc6d3d7 100644
 --- a/arch/x86/kvm/cpuid.c
 +++ b/arch/x86/kvm/cpuid.c
 @@ -206,15 +206,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
@@ -31701,7 +31701,7 @@ index c13a64b..2075a7c 100644
  	.disabled_by_bios = is_disabled,
  	.hardware_setup = svm_hardware_setup,
 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 539062e..0aa69ab 100644
+index 60946a5..0ac3003 100644
 --- a/arch/x86/kvm/vmx.c
 +++ b/arch/x86/kvm/vmx.c
 @@ -1575,14 +1575,14 @@ static __always_inline void vmcs_writel(unsigned long field, unsigned long value
@@ -39745,10 +39745,10 @@ index c68e724..e863008 100644
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
 diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c
-index cd2c3d6..2031a4a 100644
+index 993fd31..cc15d14 100644
 --- a/drivers/acpi/device_pm.c
 +++ b/drivers/acpi/device_pm.c
-@@ -1025,6 +1025,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
+@@ -1026,6 +1026,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
  
  #endif /* CONFIG_PM_SLEEP */
  
@@ -39757,7 +39757,7 @@ index cd2c3d6..2031a4a 100644
  static struct dev_pm_domain acpi_general_pm_domain = {
  	.ops = {
  		.runtime_suspend = acpi_subsys_runtime_suspend,
-@@ -1041,6 +1043,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
+@@ -1042,6 +1044,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
  		.restore_early = acpi_subsys_resume_early,
  #endif
  	},
@@ -39765,7 +39765,7 @@ index cd2c3d6..2031a4a 100644
  };
  
  /**
-@@ -1118,7 +1121,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
+@@ -1119,7 +1122,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
  		acpi_device_wakeup(adev, ACPI_STATE_S0, false);
  	}
  
@@ -51059,10 +51059,10 @@ index 8adaaea..99dab8e 100644
  
  void ir_ack_apic_edge(struct irq_data *data)
 diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
-index 8f9ebf7..e614150 100644
+index eef9500..71f7183 100644
 --- a/drivers/irqchip/irq-gic.c
 +++ b/drivers/irqchip/irq-gic.c
-@@ -379,7 +379,7 @@ static void gic_handle_cascade_irq(struct irq_desc *desc)
+@@ -387,7 +387,7 @@ static void gic_handle_cascade_irq(struct irq_desc *desc)
  	chained_irq_exit(chip, desc);
  }
  
@@ -58214,10 +58214,10 @@ index 1deb8ff..4e2b0c1 100644
  	struct bfin_can_priv *priv = netdev_priv(dev);
  	struct bfin_can_regs __iomem *reg = priv->membase;
 diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
-index 141c2a4..ca734ed 100644
+index 910c12e..b9c005d 100644
 --- a/drivers/net/can/dev.c
 +++ b/drivers/net/can/dev.c
-@@ -961,7 +961,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
+@@ -1008,7 +1008,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
  	return -EOPNOTSUPP;
  }
  
@@ -71818,7 +71818,7 @@ index 8c6e318..1c58581 100644
  	/* check if the device is still usable */
  	if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
 diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
-index 00bc721..7a16d8a 100644
+index 9e5f893..2bf2da8 100644
 --- a/drivers/scsi/scsi_sysfs.c
 +++ b/drivers/scsi/scsi_sysfs.c
 @@ -818,7 +818,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr,	\
@@ -75713,7 +75713,7 @@ index 92982d7..758ecfe 100644
  	tty_port_tty_set(&ch->port, tty);
  	mutex_lock(&ch->port.mutex);
 diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
-index c3fe026..66cd166 100644
+index 9aff371..2faef0d 100644
 --- a/drivers/tty/n_gsm.c
 +++ b/drivers/tty/n_gsm.c
 @@ -1644,7 +1644,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
@@ -75725,7 +75725,7 @@ index c3fe026..66cd166 100644
  		kfree(dlci);
  		return NULL;
  	}
-@@ -2665,7 +2665,7 @@ static inline void muxnet_put(struct gsm_mux_net *mux_net)
+@@ -2667,7 +2667,7 @@ static inline void muxnet_put(struct gsm_mux_net *mux_net)
  	kref_put(&mux_net->ref, net_free);
  }
  
@@ -75734,7 +75734,7 @@ index c3fe026..66cd166 100644
  				      struct net_device *net)
  {
  	struct gsm_mux_net *mux_net = netdev_priv(net);
-@@ -2957,7 +2957,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
+@@ -2959,7 +2959,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
  	struct gsm_dlci *dlci = tty->driver_data;
  	struct tty_port *port = &dlci->port;
  
@@ -75744,7 +75744,7 @@ index c3fe026..66cd166 100644
  
  	dlci->modem_rx = 0;
 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index b280abaa..3ccd7d1 100644
+index c12def7..4f1303d 100644
 --- a/drivers/tty/n_tty.c
 +++ b/drivers/tty/n_tty.c
 @@ -1515,7 +1515,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
@@ -75835,7 +75835,7 @@ index b280abaa..3ccd7d1 100644
  
  		n = min(count, room);
  		if (!n)
-@@ -2549,6 +2550,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2545,6 +2546,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
  {
  	*ops = tty_ldisc_N_TTY;
  	ops->owner = NULL;
@@ -75845,10 +75845,10 @@ index b280abaa..3ccd7d1 100644
  }
  EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
 diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index 2348fa6..490e407 100644
+index 6427a39..4ee0796 100644
 --- a/drivers/tty/pty.c
 +++ b/drivers/tty/pty.c
-@@ -879,8 +879,10 @@ static void __init unix98_pty_init(void)
+@@ -877,8 +877,10 @@ static void __init unix98_pty_init(void)
  		panic("Couldn't register Unix98 pts driver");
  
  	/* Now create the /dev/ptmx special device */
@@ -75921,10 +75921,10 @@ index c9720a9..964f2d9 100644
  	if (share_irqs)
  		irqflag = IRQF_SHARED;
 diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c
-index 7cd6f9a..d13ac0a 100644
+index c1d4a8f..a8e7167 100644
 --- a/drivers/tty/serial/8250/8250_pci.c
 +++ b/drivers/tty/serial/8250/8250_pci.c
-@@ -5656,7 +5656,7 @@ static struct pci_device_id serial_pci_tbl[] = {
+@@ -5659,7 +5659,7 @@ static struct pci_device_id serial_pci_tbl[] = {
  };
  
  static pci_ers_result_t serial8250_io_error_detected(struct pci_dev *dev,
@@ -76143,7 +76143,7 @@ index dcde955..920693f 100644
  	if (unlikely(line < 0 || line >= UART_NR))
  		return -ENXIO;
 diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
-index d72cd73..aac0435 100644
+index 8320173..fd1160b 100644
 --- a/drivers/tty/serial/samsung.c
 +++ b/drivers/tty/serial/samsung.c
 @@ -970,11 +970,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
@@ -96727,7 +96727,7 @@ index 3525ed7..ac8afb7 100644
  }
  
 diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
-index 42e1f44..017e7f6 100644
+index 8f38e33..90f716a 100644
 --- a/fs/cifs/smb2pdu.c
 +++ b/fs/cifs/smb2pdu.c
 @@ -2388,8 +2388,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
@@ -122536,10 +122536,10 @@ index 0000000..39645c9
 +}
 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
 new file mode 100644
-index 0000000..10f1617
+index 0000000..02c5a2b
 --- /dev/null
 +++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,304 @@
+@@ -0,0 +1,306 @@
 +#include <linux/kernel.h>
 +#include <linux/mm.h>
 +#include <asm/uaccess.h>
@@ -122752,9 +122752,11 @@ index 0000000..10f1617
 +
 +	if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
 +	    time_after(curr->expires, get_seconds())) {
++		int is_priv = is_privileged_binary(task->mm->exe_file->f_path.dentry);
++
 +		rcu_read_lock();
 +		cred = __task_cred(task);
-+		if (gr_is_global_nonroot(cred->uid) && is_privileged_binary(task->mm->exe_file->f_path.dentry)) {
++		if (gr_is_global_nonroot(cred->uid) && is_priv) {
 +			gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
 +			spin_lock(&gr_uid_lock);
 +			gr_insert_uid(cred->uid, curr->expires);
@@ -125147,10 +125149,10 @@ index 0000000..304c518
 +}
 diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c
 new file mode 100644
-index 0000000..a2b8b8f
+index 0000000..f072c9d
 --- /dev/null
 +++ b/grsecurity/grsec_sig.c
-@@ -0,0 +1,245 @@
+@@ -0,0 +1,248 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/fs.h>
@@ -125236,16 +125238,19 @@ index 0000000..a2b8b8f
 +#ifdef CONFIG_GRKERNSEC_BRUTE
 +	struct task_struct *p = current;
 +	kuid_t uid = GLOBAL_ROOT_UID;
++	int is_priv = 0;
 +	int daemon = 0;
 +
 +	if (!grsec_enable_brute)
 +		return;
 +
++	if (is_privileged_binary(p->mm->exe_file->f_path.dentry))
++		is_priv = 1;
++
 +	rcu_read_lock();
 +	read_lock(&tasklist_lock);
 +	read_lock(&grsec_exec_file_lock);
-+	if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file) &&
-+	    !is_privileged_binary(p->mm->exe_file->f_path.dentry)) {
++	if (!is_priv && p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file)) {
 +		p->real_parent->brute_expires = get_seconds() + GR_DAEMON_BRUTE_TIME;
 +		p->real_parent->brute = 1;
 +		daemon = 1;
@@ -126173,7 +126178,7 @@ index 0000000..61b514e
 +EXPORT_SYMBOL_GPL(gr_log_timechange);
 diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
 new file mode 100644
-index 0000000..9786671
+index 0000000..cbd2776
 --- /dev/null
 +++ b/grsecurity/grsec_tpe.c
 @@ -0,0 +1,78 @@
@@ -126221,7 +126226,7 @@ index 0000000..9786671
 +		msg2 = "file in non-root-owned directory";
 +	else if (inode->i_mode & S_IWOTH)
 +		msg2 = "file in world-writable directory";
-+	else if (inode->i_mode & S_IWGRP)
++	else if ((inode->i_mode & S_IWGRP) && gr_is_global_nonroot_gid(inode->i_gid))
 +		msg2 = "file in group-writable directory";
 +	else if (file_inode->i_mode & S_IWOTH)
 +		msg2 = "file is world-writable";
@@ -126242,7 +126247,7 @@ index 0000000..9786671
 +		msg = "directory not owned by user";
 +	else if (inode->i_mode & S_IWOTH)
 +		msg = "file in world-writable directory";
-+	else if (inode->i_mode & S_IWGRP)
++	else if ((inode->i_mode & S_IWGRP) && gr_is_global_nonroot_gid(inode->i_gid))
 +		msg = "file in group-writable directory";
 +	else if (file_inode->i_mode & S_IWOTH)
 +		msg = "file is world-writable";
@@ -133221,10 +133226,10 @@ index 04e8818..af85805 100644
  /* shm_mode upper byte flags */
  #define	SHM_DEST	01000	/* segment will be destroyed on last detach */
 diff --git a/include/linux/signal.h b/include/linux/signal.h
-index 92557bb..53fa513 100644
+index d80259a..41a639a 100644
 --- a/include/linux/signal.h
 +++ b/include/linux/signal.h
-@@ -288,7 +288,7 @@ static inline void allow_signal(int sig)
+@@ -303,7 +303,7 @@ static inline void allow_signal(int sig)
  	 * know it'll be handled, so that they don't get converted to
  	 * SIGKILL or just silently dropped.
  	 */
@@ -134184,7 +134189,7 @@ index b4c2a48..0a13f65 100644
  
  #endif /* _LINUX_THREAD_INFO_H */
 diff --git a/include/linux/tty.h b/include/linux/tty.h
-index 19199c2..e16a361 100644
+index e5b996d..65cd286 100644
 --- a/include/linux/tty.h
 +++ b/include/linux/tty.h
 @@ -225,7 +225,7 @@ struct tty_port {
@@ -134294,10 +134299,10 @@ index 3495578..f479218 100644
  #ifndef user_access_begin
  #define user_access_begin() do { } while (0)
 diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
-index 0383552..a0125dd 100644
+index 0383552..595969a 100644
 --- a/include/linux/uidgid.h
 +++ b/include/linux/uidgid.h
-@@ -187,4 +187,9 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
+@@ -187,4 +187,10 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
  
  #endif /* CONFIG_USER_NS */
  
@@ -134305,6 +134310,7 @@ index 0383552..a0125dd 100644
 +#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x))
 +#define gr_is_global_root(x) uid_eq((x), GLOBAL_ROOT_UID)
 +#define gr_is_global_nonroot(x) (!uid_eq((x), GLOBAL_ROOT_UID))
++#define gr_is_global_nonroot_gid(x) (!gid_eq((x), GLOBAL_ROOT_GID))
 +
  #endif /* _LINUX_UIDGID_H */
 diff --git a/include/linux/uio_driver.h b/include/linux/uio_driver.h
@@ -134372,7 +134378,7 @@ index 99c1b4d..562e6f3 100644
  
  static inline void put_unaligned_le16(u16 val, void *p)
 diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 89533ba..78c419a 100644
+index f3dbc21..a59a42a 100644
 --- a/include/linux/usb.h
 +++ b/include/linux/usb.h
 @@ -367,7 +367,7 @@ struct usb_bus {
@@ -135825,7 +135831,7 @@ index 93d14da..734b3d8 100644
  	u8			       qfull;
  	enum fc_lport_state	       state;
 diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index ba93c0f..90acd4d 100644
+index a5d31f7..e5ee774 100644
 --- a/include/scsi/scsi_device.h
 +++ b/include/scsi/scsi_device.h
 @@ -187,9 +187,9 @@ struct scsi_device {
@@ -137969,7 +137975,7 @@ index 2a20c0d..3eb7d03 100644
  #ifdef CONFIG_MODULE_UNLOAD
  		{
 diff --git a/kernel/events/core.c b/kernel/events/core.c
-index a0ef98b..c60fa0a 100644
+index 477fb6b..dcd02b5 100644
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
 @@ -350,8 +350,15 @@ static struct srcu_struct pmus_srcu;
@@ -138018,7 +138024,7 @@ index a0ef98b..c60fa0a 100644
  	struct hrtimer *timer = &cpuctx->hrtimer;
  	struct pmu *pmu = cpuctx->ctx.pmu;
  	unsigned long flags;
-@@ -2893,7 +2901,7 @@ void __perf_event_task_sched_in(struct task_struct *prev,
+@@ -2894,7 +2902,7 @@ void __perf_event_task_sched_in(struct task_struct *prev,
  		perf_pmu_sched_task(prev, task, true);
  }
  
@@ -138027,7 +138033,7 @@ index a0ef98b..c60fa0a 100644
  {
  	u64 frequency = event->attr.sample_freq;
  	u64 sec = NSEC_PER_SEC;
-@@ -3944,9 +3952,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3935,9 +3943,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
  	total += perf_event_count(event);
  
  	*enabled += event->total_time_enabled +
@@ -138039,7 +138045,7 @@ index a0ef98b..c60fa0a 100644
  
  	list_for_each_entry(child, &event->child_list, child_list) {
  		(void)perf_event_read(child, false);
-@@ -3978,12 +3986,12 @@ static int __perf_read_group_add(struct perf_event *leader,
+@@ -3969,12 +3977,12 @@ static int __perf_read_group_add(struct perf_event *leader,
  	 */
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] += leader->total_time_enabled +
@@ -138054,7 +138060,7 @@ index a0ef98b..c60fa0a 100644
  	}
  
  	/*
-@@ -4485,10 +4493,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -4476,10 +4484,10 @@ void perf_event_update_userpage(struct perf_event *event)
  		userpg->offset -= local64_read(&event->hw.prev_count);
  
  	userpg->time_enabled = enabled +
@@ -138067,7 +138073,7 @@ index a0ef98b..c60fa0a 100644
  
  	arch_perf_update_userpage(event, userpg, now);
  
-@@ -5163,7 +5171,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -5154,7 +5162,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
  
  		/* Data. */
  		sp = perf_user_stack_pointer(regs);
@@ -138076,7 +138082,7 @@ index a0ef98b..c60fa0a 100644
  		dyn_size = dump_size - rem;
  
  		perf_output_skip(handle, rem);
-@@ -5254,11 +5262,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -5245,11 +5253,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
  	values[n++] = perf_event_count(event);
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = enabled +
@@ -138090,7 +138096,7 @@ index a0ef98b..c60fa0a 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -7568,8 +7576,7 @@ perf_event_mux_interval_ms_store(struct device *dev,
+@@ -7559,8 +7567,7 @@ perf_event_mux_interval_ms_store(struct device *dev,
  		cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu);
  		cpuctx->hrtimer_interval = ns_to_ktime(NSEC_PER_MSEC * timer);
  
@@ -138100,7 +138106,7 @@ index a0ef98b..c60fa0a 100644
  	}
  	put_online_cpus();
  	mutex_unlock(&mux_interval_mutex);
-@@ -7938,7 +7945,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -7929,7 +7936,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
  	event->parent		= parent_event;
  
  	event->ns		= get_pid_ns(task_active_pid_ns(current));
@@ -138109,7 +138115,7 @@ index a0ef98b..c60fa0a 100644
  
  	event->state		= PERF_EVENT_STATE_INACTIVE;
  
-@@ -8300,6 +8307,11 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -8291,6 +8298,11 @@ SYSCALL_DEFINE5(perf_event_open,
  	if (flags & ~PERF_FLAG_ALL)
  		return -EINVAL;
  
@@ -138121,7 +138127,7 @@ index a0ef98b..c60fa0a 100644
  	err = perf_copy_attr(attr_uptr, &attr);
  	if (err)
  		return err;
-@@ -8788,10 +8800,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -8805,10 +8817,10 @@ static void sync_child_event(struct perf_event *child_event,
  	/*
  	 * Add back the child's count to the parent's count:
  	 */
@@ -143482,7 +143488,7 @@ index 57a6eea..168c21f 100644
  	/* make curr_ret_stack visible before we add the ret_stack */
  	smp_wmb();
 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index 95181e3..3b49321 100644
+index 9c14373..5ddd763 100644
 --- a/kernel/trace/ring_buffer.c
 +++ b/kernel/trace/ring_buffer.c
 @@ -296,9 +296,9 @@ struct buffer_data_page {
@@ -143535,7 +143541,7 @@ index 95181e3..3b49321 100644
  
  		/*
  		 * No need to worry about races with clearing out the commit.
-@@ -1411,12 +1411,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
+@@ -1412,12 +1412,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
  
  static inline unsigned long rb_page_entries(struct buffer_page *bpage)
  {
@@ -143550,7 +143556,7 @@ index 95181e3..3b49321 100644
  }
  
  static int
-@@ -1511,7 +1511,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
+@@ -1512,7 +1512,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages)
  			 * bytes consumed in ring buffer from here.
  			 * Increment overrun to account for the lost events.
  			 */
@@ -160909,10 +160915,10 @@ index 55c96cb..e4e88ab 100644
  __clean-files   := $(filter-out $(no-clean-files), $(__clean-files))
  
 diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
-index f9e47a7..b72022a 100644
+index 53449a6..c1fd180 100644
 --- a/scripts/Makefile.extrawarn
 +++ b/scripts/Makefile.extrawarn
-@@ -27,6 +27,10 @@ warning-1 += $(call cc-option, -Wunused-but-set-variable)
+@@ -28,6 +28,10 @@ warning-1 += $(call cc-option, -Wunused-const-variable)
  warning-1 += $(call cc-disable-warning, missing-field-initializers)
  warning-1 += $(call cc-disable-warning, sign-compare)
  
diff --git a/4.5.5/4425_grsec_remove_EI_PAX.patch b/4.5.6/4425_grsec_remove_EI_PAX.patch
index 2a1aa6c..2a1aa6c 100644
--- a/4.5.5/4425_grsec_remove_EI_PAX.patch
+++ b/4.5.6/4425_grsec_remove_EI_PAX.patch
diff --git a/4.5.5/4427_force_XATTR_PAX_tmpfs.patch b/4.5.6/4427_force_XATTR_PAX_tmpfs.patch
index aa2a091..aa2a091 100644
--- a/4.5.5/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.5.6/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.5.5/4430_grsec-remove-localversion-grsec.patch b/4.5.6/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.5.5/4430_grsec-remove-localversion-grsec.patch
+++ b/4.5.6/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.5.5/4435_grsec-mute-warnings.patch b/4.5.6/4435_grsec-mute-warnings.patch
index b7564e4..b7564e4 100644
--- a/4.5.5/4435_grsec-mute-warnings.patch
+++ b/4.5.6/4435_grsec-mute-warnings.patch
diff --git a/4.5.5/4440_grsec-remove-protected-paths.patch b/4.5.6/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.5.5/4440_grsec-remove-protected-paths.patch
+++ b/4.5.6/4440_grsec-remove-protected-paths.patch
diff --git a/4.5.5/4450_grsec-kconfig-default-gids.patch b/4.5.6/4450_grsec-kconfig-default-gids.patch
index 79a866b..79a866b 100644
--- a/4.5.5/4450_grsec-kconfig-default-gids.patch
+++ b/4.5.6/4450_grsec-kconfig-default-gids.patch
diff --git a/4.5.5/4465_selinux-avc_audit-log-curr_ip.patch b/4.5.6/4465_selinux-avc_audit-log-curr_ip.patch
index 7248385..7248385 100644
--- a/4.5.5/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.5.6/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.5.5/4470_disable-compat_vdso.patch b/4.5.6/4470_disable-compat_vdso.patch
index 4aba080..4aba080 100644
--- a/4.5.5/4470_disable-compat_vdso.patch
+++ b/4.5.6/4470_disable-compat_vdso.patch
diff --git a/4.5.5/4475_emutramp_default_on.patch b/4.5.6/4475_emutramp_default_on.patch
index afd6019..afd6019 100644
--- a/4.5.5/4475_emutramp_default_on.patch
+++ b/4.5.6/4475_emutramp_default_on.patch
author	Anthony G. Basile <blueness@gentoo.org>	2016-06-06 10:22:25 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2016-06-06 10:22:25 -0400
commit	713f3073603ed2b9ab0c16b36ad996bb8543cbef (patch)
tree	9d16e2edb4c28e1c55630ad3f7ded9e207e8dd55
parent	grsecurity-3.1-4.5.5-201605291201 (diff)
download	hardened-patchset-713f3073603ed2b9ab0c16b36ad996bb8543cbef.tar.gz hardened-patchset-713f3073603ed2b9ab0c16b36ad996bb8543cbef.tar.bz2 hardened-patchset-713f3073603ed2b9ab0c16b36ad996bb8543cbef.zip