commit: a559b42a27e8937ad9d9345717820cd312f2ffc6
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 20 20:01:43 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Aug 20 20:01:43 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=a559b42a
Grsec/PaX: 3.0-{3.2.62,3.14.17,3.15.10}-201408192020
---
3.14.17/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.17-201408192019.patch} | 37 +++++++++++++++++++---
3.15.10/0000_README | 2 +-
...4420_grsecurity-3.0-3.15.10-201408192020.patch} | 37 +++++++++++++++++++---
3.2.62/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.62-201408191950.patch} | 11 ++++++-
6 files changed, 77 insertions(+), 14 deletions(-)
diff --git a/3.14.17/0000_README b/3.14.17/0000_README
index e4c4eb2..ce3685e 100644
--- a/3.14.17/0000_README
+++ b/3.14.17/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.17-201408140021.patch
+Patch: 4420_grsecurity-3.0-3.14.17-201408192019.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch
b/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
similarity index 99%
rename from 3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch
rename to 3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
index 1f1739c..73749ef 100644
--- a/3.14.17/4420_grsecurity-3.0-3.14.17-201408140021.patch
+++ b/3.14.17/4420_grsecurity-3.0-3.14.17-201408192019.patch
@@ -44456,7 +44456,7 @@ index 56e24c0..e1c8e1f 100644
"md/raid1:%s: read error
corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index cb882aa..9bd076e 100644
+index cb882aa..cb8aeca 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error)
@@ -44518,8 +44518,25 @@ index cb882aa..9bd076e 100644
}
rdev_dec_pending(rdev, mddev);
+@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev,
sector_t sector_nr,
+ */
+ if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) {
+ end_reshape(conf);
++ close_sync(conf);
+ return 0;
+ }
+
+@@ -4411,7 +4412,7 @@ read_more:
+ read_bio->bi_private = r10_bio;
+ read_bio->bi_end_io = end_sync_read;
+ read_bio->bi_rw = READ;
+- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1);
++ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS);
+ read_bio->bi_flags |= 1 << BIO_UPTODATE;
+ read_bio->bi_vcnt = 0;
+ read_bio->bi_iter.bi_size = 0;
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 16f5c21..522b82e 100644
+index 16f5c21..c5d72c7 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int
hash)
@@ -44580,6 +44597,15 @@ index 16f5c21..522b82e 100644
> conf->max_nr_stripes)
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing
device %s.\n",
+@@ -3779,6 +3787,8 @@ static void handle_stripe(struct stripe_head *sh)
+ set_bit(R5_Wantwrite, &dev->flags);
+ if (prexor)
+ continue;
++ if (s.failed > 1)
++ continue;
+ if (!test_bit(R5_Insync, &dev->flags) ||
+ ((i == sh->pd_idx || i == sh->qd_idx) &&
+ s.failed == 0))
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
index 983db75..ef9248c 100644
--- a/drivers/media/dvb-core/dvbdev.c
@@ -74698,10 +74724,10 @@ index 0000000..4d6fce8
+#endif
diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
new file mode 100644
-index 0000000..f35f454
+index 0000000..14638ff
--- /dev/null
+++ b/grsecurity/grsec_exec.c
-@@ -0,0 +1,187 @@
+@@ -0,0 +1,188 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -74836,7 +74862,8 @@ index 0000000..f35f454
+ "CAP_MAC_OVERRIDE",
+ "CAP_MAC_ADMIN",
+ "CAP_SYSLOG",
-+ "CAP_WAKE_ALARM"
++ "CAP_WAKE_ALARM",
++ "CAP_BLOCK_SUSPEND"
+};
+
+int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
diff --git a/3.15.10/0000_README b/3.15.10/0000_README
index 9e87c71..70556f5 100644
--- a/3.15.10/0000_README
+++ b/3.15.10/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.15.10-201408140023.patch
+Patch: 4420_grsecurity-3.0-3.15.10-201408192020.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch
b/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
similarity index 99%
rename from 3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch
rename to 3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
index 500720d..08568e5 100644
--- a/3.15.10/4420_grsecurity-3.0-3.15.10-201408140023.patch
+++ b/3.15.10/4420_grsecurity-3.0-3.15.10-201408192020.patch
@@ -44189,7 +44189,7 @@ index 56e24c0..e1c8e1f 100644
"md/raid1:%s: read error
corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index cb882aa..9bd076e 100644
+index cb882aa..cb8aeca 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error)
@@ -44251,8 +44251,25 @@ index cb882aa..9bd076e 100644
}
rdev_dec_pending(rdev, mddev);
+@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev,
sector_t sector_nr,
+ */
+ if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) {
+ end_reshape(conf);
++ close_sync(conf);
+ return 0;
+ }
+
+@@ -4411,7 +4412,7 @@ read_more:
+ read_bio->bi_private = r10_bio;
+ read_bio->bi_end_io = end_sync_read;
+ read_bio->bi_rw = READ;
+- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1);
++ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS);
+ read_bio->bi_flags |= 1 << BIO_UPTODATE;
+ read_bio->bi_vcnt = 0;
+ read_bio->bi_iter.bi_size = 0;
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index ad1b9be..b417412 100644
+index ad1b9be..c6316b5 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1702,6 +1702,10 @@ static int grow_one_stripe(struct r5conf *conf, int
hash)
@@ -44313,6 +44330,15 @@ index ad1b9be..b417412 100644
> conf->max_nr_stripes)
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing
device %s.\n",
+@@ -3774,6 +3782,8 @@ static void handle_stripe(struct stripe_head *sh)
+ set_bit(R5_Wantwrite, &dev->flags);
+ if (prexor)
+ continue;
++ if (s.failed > 1)
++ continue;
+ if (!test_bit(R5_Insync, &dev->flags) ||
+ ((i == sh->pd_idx || i == sh->qd_idx) &&
+ s.failed == 0))
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
index 983db75..ef9248c 100644
--- a/drivers/media/dvb-core/dvbdev.c
@@ -74555,10 +74581,10 @@ index 0000000..de31e65
+#endif
diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
new file mode 100644
-index 0000000..f35f454
+index 0000000..14638ff
--- /dev/null
+++ b/grsecurity/grsec_exec.c
-@@ -0,0 +1,187 @@
+@@ -0,0 +1,188 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -74693,7 +74719,8 @@ index 0000000..f35f454
+ "CAP_MAC_OVERRIDE",
+ "CAP_MAC_ADMIN",
+ "CAP_SYSLOG",
-+ "CAP_WAKE_ALARM"
++ "CAP_WAKE_ALARM",
++ "CAP_BLOCK_SUSPEND"
+};
+
+int captab_log_entries = sizeof(captab_log)/sizeof(captab_log[0]);
diff --git a/3.2.62/0000_README b/3.2.62/0000_README
index aed2e0b..9bf751a 100644
--- a/3.2.62/0000_README
+++ b/3.2.62/0000_README
@@ -166,7 +166,7 @@ Patch: 1061_linux-3.2.62.patch
From: http://www.kernel.org
Desc: Linux 3.2.62
-Patch: 4420_grsecurity-3.0-3.2.62-201408110020.patch
+Patch: 4420_grsecurity-3.0-3.2.62-201408191950.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
b/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
similarity index 99%
rename from 3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
index 0c9beb1..0e00b6a 100644
--- a/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
+++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408191950.patch
@@ -42245,7 +42245,7 @@ index 6d05e26..a579e8c 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 7c963c4..8d07287e 100644
+index 7c963c4..73e0cd7 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1364,6 +1364,10 @@ static int grow_one_stripe(struct r5conf *conf)
@@ -42304,6 +42304,15 @@ index 7c963c4..8d07287e 100644
> conf->max_nr_stripes)
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing
device %s.\n",
+@@ -3240,6 +3248,8 @@ static void handle_stripe(struct stripe_head *sh)
+ set_bit(R5_Wantwrite, &dev->flags);
+ if (prexor)
+ continue;
++ if (s.failed > 1)
++ continue;
+ if (!test_bit(R5_Insync, &dev->flags) ||
+ ((i == sh->pd_idx || i == sh->qd_idx) &&
+ s.failed == 0))
diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c
b/drivers/media/dvb/ddbridge/ddbridge-core.c
index ba9a643..e474ab5 100644
--- a/drivers/media/dvb/ddbridge/ddbridge-core.c
