diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-12-23 18:33:49 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-12-23 18:33:49 -0500 |
commit | 82d2c36cc22e9a10732b6279952d085c72230d17 (patch) | |
tree | 929cb7333e78804e1bfb99c78986ed866f10f862 | |
parent | Updated .gitignore for master branch (diff) | |
download | hardened-patchset-82d2c36cc22e9a10732b6279952d085c72230d17.tar.gz hardened-patchset-82d2c36cc22e9a10732b6279952d085c72230d17.tar.bz2 hardened-patchset-82d2c36cc22e9a10732b6279952d085c72230d17.zip |
Grsec/PaX: 2.6.32.51-201112222105 + 3.1.6-201112222105
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch) | 121 | ||||
-rw-r--r-- | 3.1.6/0000_README (renamed from 3.1.5/0000_README) | 2 | ||||
-rw-r--r-- | 3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch (renamed from 3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch) | 431 | ||||
-rw-r--r-- | 3.1.6/4421_grsec-remove-localversion-grsec.patch (renamed from 3.1.5/4421_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4422_grsec-mute-warnings.patch (renamed from 3.1.5/4422_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4423_grsec-remove-protected-paths.patch (renamed from 3.1.5/4423_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4425_grsec-pax-without-grsec.patch (renamed from 3.1.5/4425_grsec-pax-without-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4430_grsec-kconfig-default-gids.patch (renamed from 3.1.5/4430_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4435_grsec-kconfig-gentoo.patch (renamed from 3.1.5/4435_grsec-kconfig-gentoo.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4437-grsec-kconfig-proc-user.patch (renamed from 3.1.5/4437-grsec-kconfig-proc-user.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4440_selinux-avc_audit-log-curr_ip.patch (renamed from 3.1.5/4440_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.1.6/4445_disable-compat_vdso.patch (renamed from 3.1.5/4445_disable-compat_vdso.patch) | 0 |
13 files changed, 250 insertions, 306 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 60b9d80..22c2947 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch index bb97e13..1a4e34c 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch @@ -185,7 +185,7 @@ index c840e7d..f4c451c 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index f38986c..46a251b 100644 +index 1c640ea..b545bdc 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -26002,19 +26002,10 @@ index 36fe08e..b123d3a 100644 EXPORT_SYMBOL_GPL(leave_mm); diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c -index 044897b..a195924 100644 +index 829edf0..672adb3 100644 --- a/arch/x86/oprofile/backtrace.c +++ b/arch/x86/oprofile/backtrace.c -@@ -57,7 +57,7 @@ static struct frame_head *dump_user_backtrace(struct frame_head *head) - struct frame_head bufhead[2]; - - /* Also check accessibility of one struct frame_head beyond */ -- if (!access_ok(VERIFY_READ, head, sizeof(bufhead))) -+ if (!__access_ok(VERIFY_READ, head, sizeof(bufhead))) - return NULL; - if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead))) - return NULL; -@@ -77,7 +77,7 @@ x86_backtrace(struct pt_regs * const regs, unsigned int depth) +@@ -115,7 +115,7 @@ x86_backtrace(struct pt_regs * const regs, unsigned int depth) { struct frame_head *head = (struct frame_head *)frame_pointer(regs); @@ -39601,10 +39592,10 @@ index 2ecbedb..42704f0 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c -index 5c4df24..3b42925 100644 +index 334ccd6..47f8944 100644 --- a/drivers/oprofile/buffer_sync.c +++ b/drivers/oprofile/buffer_sync.c -@@ -341,7 +341,7 @@ static void add_data(struct op_entry *entry, struct mm_struct *mm) +@@ -342,7 +342,7 @@ static void add_data(struct op_entry *entry, struct mm_struct *mm) if (cookie == NO_COOKIE) offset = pc; if (cookie == INVALID_COOKIE) { @@ -39613,7 +39604,7 @@ index 5c4df24..3b42925 100644 offset = pc; } if (cookie != last_cookie) { -@@ -385,14 +385,14 @@ add_sample(struct mm_struct *mm, struct op_sample *s, int in_kernel) +@@ -386,14 +386,14 @@ add_sample(struct mm_struct *mm, struct op_sample *s, int in_kernel) /* add userspace sample */ if (!mm) { @@ -39630,7 +39621,7 @@ index 5c4df24..3b42925 100644 return 0; } -@@ -561,7 +561,7 @@ void sync_buffer(int cpu) +@@ -562,7 +562,7 @@ void sync_buffer(int cpu) /* ignore backtraces if failed to add a sample */ if (state == sb_bt_start) { state = sb_bt_ignore; @@ -50470,50 +50461,6 @@ index 4463297..4fed53b 100644 .uevent = gfs2_uevent, }; -diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c -index 052f214..2462c5b 100644 ---- a/fs/hfs/btree.c -+++ b/fs/hfs/btree.c -@@ -45,11 +45,27 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - case HFS_EXT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize, - mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz)); -+ -+ if (HFS_I(tree->inode)->alloc_blocks > -+ HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - case HFS_CAT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize, - mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz)); -+ -+ if (!HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records " -+ "(0 size).\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - default: -@@ -58,11 +74,6 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - } - unlock_new_inode(tree->inode); - -- if (!HFS_I(tree->inode)->first_blocks) { -- printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n"); -- goto free_inode; -- } -- - mapping = tree->inode->i_mapping; - page = read_mapping_page(mapping, 0, NULL); - if (IS_ERR(page)) diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c index f6874ac..7cd98a8 100644 --- a/fs/hfsplus/catalog.c @@ -71032,7 +70979,7 @@ index 4bde56f..29a9bab 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index fb98c9f..f158c0c 100644 +index fb98c9f..333faec 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -71082,34 +71029,18 @@ index fb98c9f..f158c0c 100644 if (!bitset) return -EINVAL; -@@ -2407,7 +2417,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, - { - struct robust_list_head __user *head; - unsigned long ret; -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP - const struct cred *cred = current_cred(), *pcred; -+#endif - - if (!futex_cmpxchg_enabled) - return -ENOSYS; -@@ -2423,11 +2435,16 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, +@@ -2423,6 +2433,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, if (!p) goto err_unlock; ret = -EPERM; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (!ptrace_may_access(p, PTRACE_MODE_READ)) + goto err_unlock; -+#else ++#endif pcred = __task_cred(p); if (cred->euid != pcred->euid && cred->euid != pcred->uid && - !capable(CAP_SYS_PTRACE)) - goto err_unlock; -+#endif - head = p->robust_list; - rcu_read_unlock(); - } -@@ -2489,7 +2506,7 @@ retry: +@@ -2489,7 +2503,7 @@ retry: */ static inline int fetch_robust_entry(struct robust_list __user **entry, struct robust_list __user * __user *head, @@ -71118,7 +71049,7 @@ index fb98c9f..f158c0c 100644 { unsigned long uentry; -@@ -2670,6 +2687,7 @@ static int __init futex_init(void) +@@ -2670,6 +2684,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -71126,7 +71057,7 @@ index fb98c9f..f158c0c 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2681,7 +2699,10 @@ static int __init futex_init(void) +@@ -2681,7 +2696,10 @@ static int __init futex_init(void) * implementation, the non functional ones will return * -ENOSYS. */ @@ -71138,7 +71069,7 @@ index fb98c9f..f158c0c 100644 futex_cmpxchg_enabled = 1; diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c -index 2357165..8d70cee 100644 +index 2357165..eb25501 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c @@ -10,6 +10,7 @@ @@ -71149,35 +71080,27 @@ index 2357165..8d70cee 100644 #include <asm/uaccess.h> -@@ -135,7 +136,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, +@@ -135,7 +136,8 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, { struct compat_robust_list_head __user *head; unsigned long ret; - const struct cred *cred = current_cred(), *pcred; -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP + const struct cred *cred = current_cred(); + const struct cred *pcred; -+#endif if (!futex_cmpxchg_enabled) return -ENOSYS; -@@ -151,11 +155,16 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, +@@ -151,6 +153,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, if (!p) goto err_unlock; ret = -EPERM; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (!ptrace_may_access(p, PTRACE_MODE_READ)) + goto err_unlock; -+#else ++#endif pcred = __task_cred(p); if (cred->euid != pcred->euid && cred->euid != pcred->uid && - !capable(CAP_SYS_PTRACE)) - goto err_unlock; -+#endif - head = p->compat_robust_list; - read_unlock(&tasklist_lock); - } diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c index 9b22d03..6295b62 100644 --- a/kernel/gcov/base.c @@ -74411,7 +74334,7 @@ index 469193c..ea3ecb2 100644 (table->proc_handler == proc_dointvec_minmax) || (table->proc_handler == proc_dointvec_jiffies) || diff --git a/kernel/taskstats.c b/kernel/taskstats.c -index b080920..d344f89 100644 +index a4ef542..798bcd7 100644 --- a/kernel/taskstats.c +++ b/kernel/taskstats.c @@ -26,9 +26,12 @@ @@ -78051,11 +77974,11 @@ index 3ecab7e..594a471 100644 #endif /* CONFIG_SPARSEMEM */ diff --git a/mm/percpu.c b/mm/percpu.c -index 3bfd6e2..60404b9 100644 +index c90614a..5f7b7b8 100644 --- a/mm/percpu.c +++ b/mm/percpu.c -@@ -115,7 +115,7 @@ static unsigned int pcpu_first_unit_cpu __read_mostly; - static unsigned int pcpu_last_unit_cpu __read_mostly; +@@ -115,7 +115,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; + static unsigned int pcpu_high_unit_cpu __read_mostly; /* the address of the first chunk which starts with the kernel static area */ -void *pcpu_base_addr __read_mostly; @@ -78943,7 +78866,7 @@ index 308e57d..5de19c0 100644 } } diff --git a/mm/util.c b/mm/util.c -index b377ce4..3a891af 100644 +index e48b493..24a601d 100644 --- a/mm/util.c +++ b/mm/util.c @@ -228,6 +228,12 @@ EXPORT_SYMBOL(strndup_user); diff --git a/3.1.5/0000_README b/3.1.6/0000_README index 613b71d..29427c6 100644 --- a/3.1.5/0000_README +++ b/3.1.6/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-3.1.5-201112101853.patch +Patch: 4420_grsecurity-2.2.2-3.1.6-201112222105.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch b/3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch index 67dea05..5c91c1a 100644 --- a/3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch +++ b/3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch @@ -186,7 +186,7 @@ index d6e6724..a024ce8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 94ab2ad..1e4a6e8 100644 +index 2d6e0a8..d1d2564 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -10212,7 +10212,7 @@ index cb23852..2dde194 100644 asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h -index c2ff2a1..4349184 100644 +index 2d2f01c..f985723 100644 --- a/arch/x86/include/asm/system.h +++ b/arch/x86/include/asm/system.h @@ -129,7 +129,7 @@ do { \ @@ -10242,7 +10242,7 @@ index c2ff2a1..4349184 100644 } static inline void native_clts(void) -@@ -397,12 +397,12 @@ void enable_hlt(void); +@@ -397,13 +397,13 @@ void enable_hlt(void); void cpu_idle_wait(void); @@ -10251,6 +10251,7 @@ index c2ff2a1..4349184 100644 extern void free_init_pages(char *what, unsigned long begin, unsigned long end); void default_idle(void); + bool set_pm_idle_to_default(void); -void stop_this_cpu(void *dummy); +void stop_this_cpu(void *dummy) __noreturn; @@ -16136,7 +16137,7 @@ index 35ccf75..67e7d4d 100644 for (p = start; p < finish; p++) { q = find_dependents_of(start, finish, p); diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index e7e3b01..43c5af3 100644 +index 30eb651..0758167 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk) @@ -16219,16 +16220,17 @@ index e7e3b01..43c5af3 100644 #else regs.ss = __KERNEL_DS; #endif -@@ -403,7 +423,7 @@ void default_idle(void) - EXPORT_SYMBOL(default_idle); - #endif +@@ -411,7 +431,8 @@ bool set_pm_idle_to_default(void) + return ret; + } -void stop_this_cpu(void *dummy) ++ +__noreturn void stop_this_cpu(void *dummy) { local_irq_disable(); /* -@@ -645,16 +665,37 @@ static int __init idle_setup(char *str) +@@ -653,16 +674,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -22066,19 +22068,10 @@ index 0d17c8c..4f4764f 100644 + return ret ? -EFAULT : 0; +} diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index ea30585..7d26398 100644 +index dd74e46..7d26398 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c -@@ -201,6 +201,8 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr, - do { - VM_BUG_ON(compound_head(page) != head); - pages[*nr] = page; -+ if (PageTail(page)) -+ get_huge_page_tail(page); - (*nr)++; - page++; - refs++; -@@ -253,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, +@@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, addr = start; len = (unsigned long) nr_pages << PAGE_SHIFT; end = start + len; @@ -28728,10 +28721,10 @@ index b51e157..8f14fb9 100644 return can_switch; } diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c -index 6adb3e5..b91553e2 100644 +index 07ac481..41cb437 100644 --- a/drivers/gpu/drm/radeon/radeon_display.c +++ b/drivers/gpu/drm/radeon/radeon_display.c -@@ -925,6 +925,8 @@ void radeon_compute_pll_legacy(struct radeon_pll *pll, +@@ -926,6 +926,8 @@ void radeon_compute_pll_legacy(struct radeon_pll *pll, uint32_t post_div; u32 pll_out_min, pll_out_max; @@ -37356,10 +37349,10 @@ index ed147c4..94fc3c6 100644 /* core tmem accessor functions */ diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 26a5d8b..74434f8 100644 +index c4ac6f6..4f90f53 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c -@@ -1368,7 +1368,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) +@@ -1370,7 +1370,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) * outstanding_r2ts reaches zero, go ahead and send the delayed * TASK_ABORTED status. */ @@ -37391,7 +37384,7 @@ index 8badcb4..94c9ac6 100644 memset(wwn, 0, ALUA_SECONDARY_METADATA_WWN_LEN); diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c -index f04d4ef..7de212b 100644 +index 5f91397..dcc2d25 100644 --- a/drivers/target/target_core_cdb.c +++ b/drivers/target/target_core_cdb.c @@ -933,6 +933,8 @@ target_emulate_modesense(struct se_cmd *cmd, int ten) @@ -37479,7 +37472,7 @@ index 5c1b8c5..0cb7d0e 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 013c100..8fd2e57 100644 +index e2added..ccb5251 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1445,7 +1445,7 @@ struct se_device *transport_add_device_to_core_hba( @@ -37521,7 +37514,7 @@ index 013c100..8fd2e57 100644 cmd->t_task_list_num) atomic_set(&cmd->transport_sent, 1); -@@ -4665,7 +4665,7 @@ static void transport_generic_wait_for_tasks( +@@ -4682,7 +4682,7 @@ static void transport_generic_wait_for_tasks( atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || @@ -37530,7 +37523,7 @@ index 013c100..8fd2e57 100644 goto remove; atomic_set(&cmd->t_transport_stop, 1); -@@ -4900,7 +4900,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +@@ -4917,7 +4917,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -37539,7 +37532,7 @@ index 013c100..8fd2e57 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4937,7 +4937,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4954,7 +4954,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) != 0) { @@ -37548,7 +37541,7 @@ index 013c100..8fd2e57 100644 smp_mb__after_atomic_inc(); cmd->scsi_status = SAM_STAT_TASK_ABORTED; transport_new_cmd_failure(cmd); -@@ -5051,7 +5051,7 @@ static void transport_processing_shutdown(struct se_device *dev) +@@ -5068,7 +5068,7 @@ static void transport_processing_shutdown(struct se_device *dev) cmd->se_tfo->get_task_tag(cmd), cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -43434,10 +43427,10 @@ index 9a37a9b..35792b6 100644 /* * We'll have a dentry and an inode for diff --git a/fs/dcache.c b/fs/dcache.c -index a88948b..1e32160 100644 +index 8b732a2..6db6c27 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -2998,7 +2998,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3015,7 +3015,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -45976,7 +45969,7 @@ index b6cca47..ec782c3 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 5cb8614..6865b11 100644 +index 2aaf3ea..8e50863 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, @@ -46014,50 +46007,6 @@ index 900cf98..3896726 100644 if (!IS_ERR(s)) kfree(s); } -diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c -index 3ebc437..eb23952 100644 ---- a/fs/hfs/btree.c -+++ b/fs/hfs/btree.c -@@ -46,11 +46,27 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - case HFS_EXT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize, - mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz)); -+ -+ if (HFS_I(tree->inode)->alloc_blocks > -+ HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - case HFS_CAT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize, - mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz)); -+ -+ if (!HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records " -+ "(0 size).\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - default: -@@ -59,11 +75,6 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - } - unlock_new_inode(tree->inode); - -- if (!HFS_I(tree->inode)->first_blocks) { -- printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n"); -- goto free_inode; -- } -- - mapping = tree->inode->i_mapping; - page = read_mapping_page(mapping, 0, NULL); - if (IS_ERR(page)) diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c index 4dfbfec..947c9c2 100644 --- a/fs/hfsplus/catalog.c @@ -47015,10 +46964,10 @@ index 3d15072..c1ddf9c 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index e5e1c7d..019609e 100644 +index 5e7f2e9..cd13685 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1329,6 +1329,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -47028,7 +46977,7 @@ index e5e1c7d..019609e 100644 return retval; } -@@ -1348,6 +1351,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags) br_write_unlock(vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -47038,7 +46987,7 @@ index e5e1c7d..019609e 100644 return retval; } -@@ -2339,6 +2345,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -47055,7 +47004,7 @@ index e5e1c7d..019609e 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2353,6 +2369,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, dev_name, data_page); dput_out: path_put(&path); @@ -47065,7 +47014,7 @@ index e5e1c7d..019609e 100644 return retval; } -@@ -2576,6 +2595,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2573,6 +2592,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -48470,7 +48419,7 @@ index d245cb2..7e645bd 100644 return -EPERM; if (kcore_need_update) diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c -index 5861741..32c53bc 100644 +index 80e4645..d2689e9 100644 --- a/fs/proc/meminfo.c +++ b/fs/proc/meminfo.c @@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_file *m, void *v) @@ -48482,7 +48431,7 @@ index 5861741..32c53bc 100644 /* * display in kilobytes. */ -@@ -157,7 +159,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) +@@ -158,7 +160,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE @@ -49098,7 +49047,7 @@ index d33418f..f8e06bc 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index 05d6b0e..ee96362 100644 +index dba43c3..a99fb63 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -76,7 +76,8 @@ static int traverse(struct seq_file *m, loff_t offset) @@ -49591,10 +49540,10 @@ index 474920b..97169a9 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..9629731 +index 0000000..4639511 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1037 @@ +@@ -0,0 +1,1051 @@ +# +# grecurity configuration +# @@ -49729,6 +49678,7 @@ index 0000000..9629731 + select GRKERNSEC_PROC_ADD + select GRKERNSEC_CHROOT_CHMOD + select GRKERNSEC_CHROOT_NICE ++ select GRKERNSEC_SETXID + select GRKERNSEC_AUDIT_MOUNT + select GRKERNSEC_MODHARDEN if (MODULES) + select GRKERNSEC_HARDEN_PTRACE @@ -50394,6 +50344,19 @@ index 0000000..9629731 + option is enabled, a sysctl option with name "harden_ptrace" is + created. + ++config GRKERNSEC_SETXID ++ bool "Enforce consistent multithreaded privileges" ++ help ++ If you say Y here, a change from a root uid to a non-root uid ++ in a multithreaded application will cause the resulting uids, ++ gids, supplementary groups, and capabilities in that thread ++ to be propagated to the other threads of the process. In most ++ cases this is unnecessary, as glibc will emulate this behavior ++ on behalf of the application. Other libcs do not act in the ++ same way, allowing the other threads of the process to continue ++ running with root privileges. If the sysctl option is enabled, ++ a sysctl option with name "consistent_setxid" is created. ++ +config GRKERNSEC_TPE + bool "Trusted Path Execution (TPE)" + help @@ -57558,10 +57521,10 @@ index 0000000..8ca18bf +} diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c new file mode 100644 -index 0000000..356ef00 +index 0000000..cb8e5a1 --- /dev/null +++ b/grsecurity/grsec_init.c -@@ -0,0 +1,269 @@ +@@ -0,0 +1,273 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/mm.h> @@ -57571,6 +57534,7 @@ index 0000000..356ef00 +#include <linux/percpu.h> +#include <linux/module.h> + ++int grsec_enable_setxid; +int grsec_enable_brute; +int grsec_enable_link; +int grsec_enable_dmesg; @@ -57751,6 +57715,9 @@ index 0000000..356ef00 +#ifdef CONFIG_GRKERNSEC_EXECLOG + grsec_enable_execlog = 1; +#endif ++#ifdef CONFIG_GRKERNSEC_SETXID ++ grsec_enable_setxid = 1; ++#endif +#ifdef CONFIG_GRKERNSEC_SIGNAL + grsec_enable_signal = 1; +#endif @@ -58841,10 +58808,10 @@ index 0000000..4030d57 +} diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c new file mode 100644 -index 0000000..174668f +index 0000000..bceef2f --- /dev/null +++ b/grsecurity/grsec_sysctl.c -@@ -0,0 +1,433 @@ +@@ -0,0 +1,442 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/sysctl.h> @@ -58908,6 +58875,15 @@ index 0000000..174668f + .proc_handler = &proc_dointvec, + }, +#endif ++#ifdef CONFIG_GRKERNSEC_SETXID ++ { ++ .procname = "consistent_setxid", ++ .data = &grsec_enable_setxid, ++ .maxlen = sizeof(int), ++ .mode = 0600, ++ .proc_handler = &proc_dointvec, ++ }, ++#endif +#ifdef CONFIG_GRKERNSEC_BLACKHOLE + { + .procname = "ip_blackhole", @@ -60533,7 +60509,7 @@ index 84ccf8e..2e9b14c 100644 }; diff --git a/include/linux/fs.h b/include/linux/fs.h -index 277f497..9be66a4 100644 +index cf7bc25..0d2babf 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1588,7 +1588,8 @@ struct file_operations { @@ -61455,10 +61431,10 @@ index 0000000..9d5fd4a +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..bd25f72 +index 0000000..4620f36 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,228 @@ +@@ -0,0 +1,231 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -61684,6 +61660,9 @@ index 0000000..bd25f72 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK +extern int grsec_enable_chroot_findtask; +#endif ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern int grsec_enable_setxid; ++#endif +#endif + +#endif @@ -65202,7 +65181,7 @@ index 42e8fa0..9e7406b 100644 return -ENOMEM; diff --git a/kernel/cred.c b/kernel/cred.c -index 8ef31f5..f63d997 100644 +index 8ef31f5..d7d50d8 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -158,6 +158,8 @@ static void put_cred_rcu(struct rcu_head *rcu) @@ -65241,7 +65220,15 @@ index 8ef31f5..f63d997 100644 new = kmem_cache_zalloc(cred_jar, GFP_KERNEL); if (!new) return NULL; -@@ -287,6 +295,8 @@ struct cred *prepare_creds(void) +@@ -281,12 +289,14 @@ error: + * + * Call commit_creds() or abort_creds() to clean up. + */ +-struct cred *prepare_creds(void) ++ ++static struct cred *__prepare_creds(struct task_struct *task) + { +- struct task_struct *task = current; const struct cred *old; struct cred *new; @@ -65250,7 +65237,19 @@ index 8ef31f5..f63d997 100644 validate_process_creds(); new = kmem_cache_alloc(cred_jar, GFP_KERNEL); -@@ -333,6 +343,8 @@ struct cred *prepare_exec_creds(void) +@@ -322,6 +332,11 @@ error: + abort_creds(new); + return NULL; + } ++ ++struct cred *prepare_creds(void) ++{ ++ return __prepare_creds(current); ++} + EXPORT_SYMBOL(prepare_creds); + + /* +@@ -333,6 +348,8 @@ struct cred *prepare_exec_creds(void) struct thread_group_cred *tgcred = NULL; struct cred *new; @@ -65259,7 +65258,7 @@ index 8ef31f5..f63d997 100644 #ifdef CONFIG_KEYS tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); if (!tgcred) -@@ -385,6 +397,8 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags) +@@ -385,6 +402,8 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags) struct cred *new; int ret; @@ -65268,8 +65267,14 @@ index 8ef31f5..f63d997 100644 if ( #ifdef CONFIG_KEYS !p->cred->thread_keyring && -@@ -475,6 +489,8 @@ int commit_creds(struct cred *new) - struct task_struct *task = current; +@@ -470,11 +489,12 @@ error_put: + * Always returns 0 thus allowing this function to be tail-called at the end + * of, say, sys_setgid(). + */ +-int commit_creds(struct cred *new) ++static int __commit_creds(struct task_struct *task, struct cred *new) + { +- struct task_struct *task = current; const struct cred *old = task->real_cred; + pax_track_stack(); @@ -65277,7 +65282,7 @@ index 8ef31f5..f63d997 100644 kdebug("commit_creds(%p{%d,%d})", new, atomic_read(&new->usage), read_cred_subscribers(new)); -@@ -489,6 +505,8 @@ int commit_creds(struct cred *new) +@@ -489,6 +509,8 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ @@ -65286,7 +65291,72 @@ index 8ef31f5..f63d997 100644 /* dumpability changes */ if (old->euid != new->euid || old->egid != new->egid || -@@ -549,6 +567,8 @@ EXPORT_SYMBOL(commit_creds); +@@ -538,6 +560,64 @@ int commit_creds(struct cred *new) + put_cred(old); + return 0; + } ++ ++int commit_creds(struct cred *new) ++{ ++#ifdef CONFIG_GRKERNSEC_SETXID ++ struct task_struct *t; ++ struct cred *ncred; ++ const struct cred *old; ++ ++ if (grsec_enable_setxid && !current_is_single_threaded() && ++ !current_uid() && new->uid) { ++ rcu_read_lock(); ++ read_lock(&tasklist_lock); ++ for (t = next_thread(current); t != current; ++ t = next_thread(t)) { ++ old = __task_cred(t); ++ if (old->uid) ++ continue; ++ ncred = __prepare_creds(t); ++ if (!ncred) ++ goto die; ++ // uids ++ ncred->uid = new->uid; ++ ncred->euid = new->euid; ++ ncred->suid = new->suid; ++ ncred->fsuid = new->fsuid; ++ // gids ++ ncred->gid = new->gid; ++ ncred->egid = new->egid; ++ ncred->sgid = new->sgid; ++ ncred->fsgid = new->fsgid; ++ // groups ++ if (set_groups(ncred, new->group_info) < 0) { ++ abort_creds(ncred); ++ goto die; ++ } ++ // caps ++ ncred->securebits = new->securebits; ++ ncred->cap_inheritable = new->cap_inheritable; ++ ncred->cap_permitted = new->cap_permitted; ++ ncred->cap_effective = new->cap_effective; ++ ncred->cap_bset = new->cap_bset; ++ ++ __commit_creds(t, ncred); ++ } ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ } ++#endif ++ return __commit_creds(current, new); ++#ifdef CONFIG_GRKERNSEC_SETXID ++die: ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ abort_creds(new); ++ do_group_exit(SIGKILL); ++#endif ++} ++ + EXPORT_SYMBOL(commit_creds); + + /** +@@ -549,6 +629,8 @@ EXPORT_SYMBOL(commit_creds); */ void abort_creds(struct cred *new) { @@ -65295,7 +65365,7 @@ index 8ef31f5..f63d997 100644 kdebug("abort_creds(%p{%d,%d})", new, atomic_read(&new->usage), read_cred_subscribers(new)); -@@ -572,6 +592,8 @@ const struct cred *override_creds(const struct cred *new) +@@ -572,6 +654,8 @@ const struct cred *override_creds(const struct cred *new) { const struct cred *old = current->cred; @@ -65304,7 +65374,7 @@ index 8ef31f5..f63d997 100644 kdebug("override_creds(%p{%d,%d})", new, atomic_read(&new->usage), read_cred_subscribers(new)); -@@ -601,6 +623,8 @@ void revert_creds(const struct cred *old) +@@ -601,6 +685,8 @@ void revert_creds(const struct cred *old) { const struct cred *override = current->cred; @@ -65313,7 +65383,7 @@ index 8ef31f5..f63d997 100644 kdebug("revert_creds(%p{%d,%d})", old, atomic_read(&old->usage), read_cred_subscribers(old)); -@@ -647,6 +671,8 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon) +@@ -647,6 +733,8 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon) const struct cred *old; struct cred *new; @@ -65322,7 +65392,7 @@ index 8ef31f5..f63d997 100644 new = kmem_cache_alloc(cred_jar, GFP_KERNEL); if (!new) return NULL; -@@ -701,6 +727,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); +@@ -701,6 +789,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); */ int set_security_override(struct cred *new, u32 secid) { @@ -65331,7 +65401,7 @@ index 8ef31f5..f63d997 100644 return security_kernel_act_as(new, secid); } EXPORT_SYMBOL(set_security_override); -@@ -720,6 +748,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) +@@ -720,6 +810,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) u32 secid; int ret; @@ -65896,7 +65966,7 @@ index 8e6b6f4..9dccf00 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 11cbe05..9ff191b 100644 +index 11cbe05..c5dab58 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -65937,36 +66007,18 @@ index 11cbe05..9ff191b 100644 if (!bitset) return -EINVAL; -@@ -2431,7 +2441,9 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, - { - struct robust_list_head __user *head; - unsigned long ret; -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP - const struct cred *cred = current_cred(), *pcred; -+#endif - - if (!futex_cmpxchg_enabled) - return -ENOSYS; -@@ -2447,6 +2459,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, +@@ -2447,6 +2457,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, if (!p) goto err_unlock; ret = -EPERM; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (!ptrace_may_access(p, PTRACE_MODE_READ)) + goto err_unlock; -+#else ++#endif pcred = __task_cred(p); /* If victim is in different user_ns, then uids are not comparable, so we must have CAP_SYS_PTRACE */ -@@ -2461,6 +2477,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, - !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) - goto err_unlock; - ok: -+#endif - head = p->robust_list; - rcu_read_unlock(); - } -@@ -2712,6 +2729,7 @@ static int __init futex_init(void) +@@ -2712,6 +2726,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -65974,7 +66026,7 @@ index 11cbe05..9ff191b 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2723,8 +2741,11 @@ static int __init futex_init(void) +@@ -2723,8 +2738,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -65987,7 +66039,7 @@ index 11cbe05..9ff191b 100644 for (i = 0; i < ARRAY_SIZE(futex_queues); i++) { plist_head_init(&futex_queues[i].chain); diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c -index 5f9e689..03afa21 100644 +index 5f9e689..582d46d 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c @@ -10,6 +10,7 @@ @@ -65998,37 +66050,27 @@ index 5f9e689..03afa21 100644 #include <asm/uaccess.h> -@@ -136,7 +137,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, +@@ -136,7 +137,8 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, { struct compat_robust_list_head __user *head; unsigned long ret; - const struct cred *cred = current_cred(), *pcred; -+#ifndef CONFIG_GRKERNSEC_PROC_MEMMAP + const struct cred *cred = current_cred(); + const struct cred *pcred; -+#endif if (!futex_cmpxchg_enabled) return -ENOSYS; -@@ -152,6 +156,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, +@@ -152,6 +154,10 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, if (!p) goto err_unlock; ret = -EPERM; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (!ptrace_may_access(p, PTRACE_MODE_READ)) + goto err_unlock; -+#else ++#endif pcred = __task_cred(p); /* If victim is in different user_ns, then uids are not comparable, so we must have CAP_SYS_PTRACE */ -@@ -166,6 +174,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, - !ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE)) - goto err_unlock; - ok: -+#endif - head = p->compat_robust_list; - rcu_read_unlock(); - } diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c index 9b22d03..6295b62 100644 --- a/kernel/gcov/base.c @@ -66364,10 +66406,10 @@ index b30fd54..11821ec 100644 head = &kprobe_table[i]; preempt_disable(); diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index 91d67ce..ac259df 100644 +index 4479606..4036bea 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c -@@ -583,6 +583,10 @@ static int static_obj(void *obj) +@@ -584,6 +584,10 @@ static int static_obj(void *obj) end = (unsigned long) &_end, addr = (unsigned long) obj; @@ -66378,7 +66420,7 @@ index 91d67ce..ac259df 100644 /* * static variable? */ -@@ -718,6 +722,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) +@@ -719,6 +723,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) if (!static_obj(lock->key)) { debug_locks_off(); printk("INFO: trying to register non-static key.\n"); @@ -66386,7 +66428,7 @@ index 91d67ce..ac259df 100644 printk("the code is fine but needs lockdep annotation.\n"); printk("turning off the locking correctness validator.\n"); dump_stack(); -@@ -2948,7 +2953,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, +@@ -2954,7 +2959,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, if (!class) return 0; } @@ -69057,7 +69099,7 @@ index d776062..fa8d186 100644 sys_tz = *tz; update_vsyscall_tz(); diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index ea5e1a9..8b8df07 100644 +index 8b70c76..923e9f5 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c @@ -693,7 +693,7 @@ static int __init alarmtimer_init(void) @@ -69679,6 +69721,20 @@ index 013a761..c28f3fc 100644 #define free(a) kfree(a) #endif +diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c +index bd2bea9..6b3c95e 100644 +--- a/lib/is_single_threaded.c ++++ b/lib/is_single_threaded.c +@@ -22,6 +22,9 @@ bool current_is_single_threaded(void) + struct task_struct *p, *t; + bool ret; + ++ if (!mm) ++ return true; ++ + if (atomic_read(&task->signal->live) != 1) + return false; + diff --git a/lib/kref.c b/lib/kref.c index 3efb882..8492f4c 100644 --- a/lib/kref.c @@ -69916,18 +69972,10 @@ index d819d93..468e18f 100644 cond_resched(); } diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index bb28a5f..fef0140 100644 +index 73f17c0..fef0140 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -576,6 +576,7 @@ static void prep_compound_gigantic_page(struct page *page, unsigned long order) - __SetPageHead(page); - for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) { - __SetPageTail(p); -+ set_page_count(p, 0); - p->first_page = page; - } - } -@@ -2346,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2347,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -69955,7 +70003,7 @@ index bb28a5f..fef0140 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. */ -@@ -2449,6 +2471,11 @@ retry_avoidcopy: +@@ -2450,6 +2471,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -69967,7 +70015,7 @@ index bb28a5f..fef0140 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2600,6 +2627,10 @@ retry: +@@ -2601,6 +2627,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -69978,7 +70026,7 @@ index bb28a5f..fef0140 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2629,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2630,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -69989,7 +70037,7 @@ index bb28a5f..fef0140 100644 ptep = huge_pte_offset(mm, address); if (ptep) { entry = huge_ptep_get(ptep); -@@ -2640,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2641,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -72683,7 +72731,7 @@ index 626303b..e9a1785 100644 if (oom_unkillable_task(p, mem, nodemask)) return 0; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 6e8ecb6..d9e3d7a 100644 +index e8fae15..18c0442 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -340,7 +340,7 @@ out: @@ -72695,16 +72743,6 @@ index 6e8ecb6..d9e3d7a 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -355,8 +355,8 @@ void prep_compound_page(struct page *page, unsigned long order) - __SetPageHead(page); - for (i = 1; i < nr_pages; i++) { - struct page *p = page + i; -- - __SetPageTail(p); -+ set_page_count(p, 0); - p->first_page = page; - } - } @@ -653,6 +653,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -72763,20 +72801,12 @@ index 6e8ecb6..d9e3d7a 100644 return 1; } return 0; -@@ -3373,6 +3393,7 @@ static void setup_zone_migrate_reserve(struct zone *zone) - /* Get the start pfn, end pfn and the number of blocks to reserve */ - start_pfn = zone->zone_start_pfn; - end_pfn = start_pfn + zone->spanned_pages; -+ start_pfn = roundup(start_pfn, pageblock_nr_pages); - reserve = roundup(min_wmark_pages(zone), pageblock_nr_pages) >> - pageblock_order; - diff --git a/mm/percpu.c b/mm/percpu.c -index bf80e55..c7c3f9a 100644 +index 93b5a7c..28d642c 100644 --- a/mm/percpu.c +++ b/mm/percpu.c -@@ -121,7 +121,7 @@ static unsigned int pcpu_first_unit_cpu __read_mostly; - static unsigned int pcpu_last_unit_cpu __read_mostly; +@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; + static unsigned int pcpu_high_unit_cpu __read_mostly; /* the address of the first chunk which starts with the kernel static area */ -void *pcpu_base_addr __read_mostly; @@ -73806,7 +73836,7 @@ index 88ea1bd..0f1dfdb 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 56faf31..862c072 100644 +index 3a65d6f7..862c072 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -73955,16 +73985,7 @@ index 56faf31..862c072 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); -@@ -1634,6 +1696,8 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, - return NULL; - - addr = __vmalloc_area_node(area, gfp_mask, prot, node, caller); -+ if (!addr) -+ return NULL; - - /* - * In this function, newly allocated vm_struct is not added -@@ -1672,6 +1736,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, +@@ -1674,6 +1736,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, gfp_mask, prot, node, caller); } @@ -73972,7 +73993,7 @@ index 56faf31..862c072 100644 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) { return __vmalloc_node(size, 1, gfp_mask, prot, -1, -@@ -1695,6 +1760,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, +@@ -1697,6 +1760,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -73980,7 +74001,7 @@ index 56faf31..862c072 100644 void *vmalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM); -@@ -1711,6 +1777,7 @@ EXPORT_SYMBOL(vmalloc); +@@ -1713,6 +1777,7 @@ EXPORT_SYMBOL(vmalloc); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -73988,7 +74009,7 @@ index 56faf31..862c072 100644 void *vzalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, -@@ -1725,6 +1792,7 @@ EXPORT_SYMBOL(vzalloc); +@@ -1727,6 +1792,7 @@ EXPORT_SYMBOL(vzalloc); * The resulting memory area is zeroed so it can be mapped to userspace * without leaking data. */ @@ -73996,7 +74017,7 @@ index 56faf31..862c072 100644 void *vmalloc_user(unsigned long size) { struct vm_struct *area; -@@ -1752,6 +1820,7 @@ EXPORT_SYMBOL(vmalloc_user); +@@ -1754,6 +1820,7 @@ EXPORT_SYMBOL(vmalloc_user); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74004,7 +74025,7 @@ index 56faf31..862c072 100644 void *vmalloc_node(unsigned long size, int node) { return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, -@@ -1771,6 +1840,7 @@ EXPORT_SYMBOL(vmalloc_node); +@@ -1773,6 +1840,7 @@ EXPORT_SYMBOL(vmalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc_node() instead. */ @@ -74012,7 +74033,7 @@ index 56faf31..862c072 100644 void *vzalloc_node(unsigned long size, int node) { return __vmalloc_node_flags(size, node, -@@ -1793,10 +1863,10 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1795,10 +1863,10 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74025,7 +74046,7 @@ index 56faf31..862c072 100644 -1, __builtin_return_address(0)); } -@@ -1815,6 +1885,7 @@ void *vmalloc_exec(unsigned long size) +@@ -1817,6 +1885,7 @@ void *vmalloc_exec(unsigned long size) * Allocate enough 32bit PA addressable pages to cover @size from the * page level allocator and map them into contiguous kernel virtual space. */ @@ -74033,7 +74054,7 @@ index 56faf31..862c072 100644 void *vmalloc_32(unsigned long size) { return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, -@@ -1829,6 +1900,7 @@ EXPORT_SYMBOL(vmalloc_32); +@@ -1831,6 +1900,7 @@ EXPORT_SYMBOL(vmalloc_32); * The resulting memory area is 32bit addressable and zeroed so it can be * mapped to userspace without leaking data. */ @@ -74041,7 +74062,7 @@ index 56faf31..862c072 100644 void *vmalloc_32_user(unsigned long size) { struct vm_struct *area; -@@ -2091,6 +2163,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2093,6 +2163,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; diff --git a/3.1.5/4421_grsec-remove-localversion-grsec.patch b/3.1.6/4421_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.1.5/4421_grsec-remove-localversion-grsec.patch +++ b/3.1.6/4421_grsec-remove-localversion-grsec.patch diff --git a/3.1.5/4422_grsec-mute-warnings.patch b/3.1.6/4422_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.1.5/4422_grsec-mute-warnings.patch +++ b/3.1.6/4422_grsec-mute-warnings.patch diff --git a/3.1.5/4423_grsec-remove-protected-paths.patch b/3.1.6/4423_grsec-remove-protected-paths.patch index 4afb3e2..4afb3e2 100644 --- a/3.1.5/4423_grsec-remove-protected-paths.patch +++ b/3.1.6/4423_grsec-remove-protected-paths.patch diff --git a/3.1.5/4425_grsec-pax-without-grsec.patch b/3.1.6/4425_grsec-pax-without-grsec.patch index 97e8837..97e8837 100644 --- a/3.1.5/4425_grsec-pax-without-grsec.patch +++ b/3.1.6/4425_grsec-pax-without-grsec.patch diff --git a/3.1.5/4430_grsec-kconfig-default-gids.patch b/3.1.6/4430_grsec-kconfig-default-gids.patch index 453cb8d..453cb8d 100644 --- a/3.1.5/4430_grsec-kconfig-default-gids.patch +++ b/3.1.6/4430_grsec-kconfig-default-gids.patch diff --git a/3.1.5/4435_grsec-kconfig-gentoo.patch b/3.1.6/4435_grsec-kconfig-gentoo.patch index d9083f4..d9083f4 100644 --- a/3.1.5/4435_grsec-kconfig-gentoo.patch +++ b/3.1.6/4435_grsec-kconfig-gentoo.patch diff --git a/3.1.5/4437-grsec-kconfig-proc-user.patch b/3.1.6/4437-grsec-kconfig-proc-user.patch index fb20d59..fb20d59 100644 --- a/3.1.5/4437-grsec-kconfig-proc-user.patch +++ b/3.1.6/4437-grsec-kconfig-proc-user.patch diff --git a/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch index 56c8ef1..56c8ef1 100644 --- a/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch +++ b/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch diff --git a/3.1.5/4445_disable-compat_vdso.patch b/3.1.6/4445_disable-compat_vdso.patch index 737dcca..737dcca 100644 --- a/3.1.5/4445_disable-compat_vdso.patch +++ b/3.1.6/4445_disable-compat_vdso.patch |