[gentoo-commits] proj/hardened-patchset:master commit in: 4.7.10/
commit: 56df60d70f473e515a2b889709239ecc78bbf5c6 Author: Anthony G. Basile gentoo org> AuthorDate: Wed Nov 2 08:22:12 2016 + Commit: Anthony G. Basile gentoo org> CommitDate: Wed Nov 2 08:22:12 2016 + URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=56df60d7 grsecurity-3.1-4.7.10-201611011946 4.7.10/_README | 2 +- ... 4420_grsecurity-3.1-4.7.10-201611011946.patch} | 161 +++-- 2 files changed, 151 insertions(+), 12 deletions(-) diff --git a/4.7.10/_README b/4.7.10/_README index 5c79278..c596497 100644 --- a/4.7.10/_README +++ b/4.7.10/_README @@ -14,7 +14,7 @@ Patch:1009_linux-4.7.10.patch From: http://www.kernel.org Desc: Linux 4.7.10 -Patch: 4420_grsecurity-3.1-4.7.10-201610262029.patch +Patch: 4420_grsecurity-3.1-4.7.10-201611011946.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.7.10/4420_grsecurity-3.1-4.7.10-201610262029.patch b/4.7.10/4420_grsecurity-3.1-4.7.10-201611011946.patch similarity index 99% rename from 4.7.10/4420_grsecurity-3.1-4.7.10-201610262029.patch rename to 4.7.10/4420_grsecurity-3.1-4.7.10-201611011946.patch index 2148028..15bb765 100644 --- a/4.7.10/4420_grsecurity-3.1-4.7.10-201610262029.patch +++ b/4.7.10/4420_grsecurity-3.1-4.7.10-201611011946.patch @@ -960,7 +960,7 @@ index d50430c..01cc53b 100644 # but it is being used too early to link to meaningful stack_chk logic. nossp_flags := $(call cc-option, -fno-stack-protector) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 9e10c45..5fbb312 100644 +index 9e10c45..e4cd000 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -18,17 +18,41 @@ @@ -1018,7 +1018,7 @@ index 9e10c45..5fbb312 100644 + "3:\n" +#define __OVERFLOW_POST_RETURN\ + " bvc 3f\n" \ -+" mov %0, %1\n" \ ++ " mov %0, %1\n" \ + "2: " REFCOUNT_TRAP_INSN "\n"\ + "3:\n" +#define __OVERFLOW_EXTABLE\ @@ -24176,7 +24176,7 @@ index dee8a70..a2c1bda 100644 } diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h -index c3496619..3f3a7dc 100644 +index c3496619..a968182 100644 --- a/arch/x86/include/asm/traps.h +++ b/arch/x86/include/asm/traps.h @@ -10,7 +10,7 @@ @@ -24188,7 +24188,15 @@ index c3496619..3f3a7dc 100644 asmlinkage void nmi(void); asmlinkage void int3(void); asmlinkage void xen_debug(void); -@@ -107,7 +107,7 @@ extern int panic_on_unrecovered_nmi; +@@ -54,6 +54,7 @@ asmlinkage void trace_page_fault(void); + #define trace_alignment_check alignment_check + #define trace_simd_coprocessor_error simd_coprocessor_error + #define trace_async_page_fault async_page_fault ++#define trace_refcount_error refcount_error + #endif + + dotraplinkage void do_divide_error(struct pt_regs *, long); +@@ -107,7 +108,7 @@ extern int panic_on_unrecovered_nmi; void math_emulate(struct math_emu_info *); #ifndef CONFIG_X86_32 @@ -24198,7 +24206,7 @@ index c3496619..3f3a7dc 100644 asmlinkage void smp_deferred_error_interrupt(void); #endif diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 0328c2cc..b65e680d 100644 +index 0328c2cc..fb12bf2 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -8,6 +8,7 @@ @@ -24294,7 +24302,7 @@ index 0328c2cc..b65e680d 100644 /** * get_user: - Get a simple variable from user space. -@@ -201,13 +247,11 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) +@@ -201,14 +247,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") @@ -24305,22 +24313,26 @@ index 0328c2cc..b65e680d 100644 asm volatile("\n" \ - "1:movl %%eax,0(%2)\n" \ - "2:movl %%edx,4(%2)\n" \ +- "3:" \ + "1:"__copyuser_seg"movl %%eax,0(%2)\n" \ + "2:"__copyuser_seg"movl %%edx,4(%2)\n" \ -"3:" \ ++ "3:\n" \ ".section .fixup,\"ax\"\n" \ "4:movl %3,%0\n" \ -@@ -220,8 +264,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) +" jmp 3b\n" \ +@@ -220,9 +264,9 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) #
[gentoo-commits] proj/hardened-patchset:master commit in: 4.7.10/, 4.7.9/
commit: 577ecfc11feb8d3835b6cc69bb57dac65d5957e6 Author: Anthony G. Basile gentoo org> AuthorDate: Sun Oct 23 12:41:53 2016 + Commit: Anthony G. Basile gentoo org> CommitDate: Sun Oct 23 12:41:53 2016 + URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=577ecfc1 grsecurity-3.1-4.7.10-201610222037 {4.7.9 => 4.7.10}/_README |6 +- {4.7.9 => 4.7.10}/1007_linux-4.7.8.patch |0 {4.7.9 => 4.7.10}/1008_linux-4.7.9.patch |0 4.7.10/1009_linux-4.7.10.patch | 1630 .../4420_grsecurity-3.1-4.7.10-201610222037.patch | 270 ++-- {4.7.9 => 4.7.10}/4425_grsec_remove_EI_PAX.patch |0 {4.7.9 => 4.7.10}/4427_force_XATTR_PAX_tmpfs.patch |0 .../4430_grsec-remove-localversion-grsec.patch |0 {4.7.9 => 4.7.10}/4435_grsec-mute-warnings.patch |0 .../4440_grsec-remove-protected-paths.patch|0 .../4450_grsec-kconfig-default-gids.patch |0 .../4465_selinux-avc_audit-log-curr_ip.patch |0 {4.7.9 => 4.7.10}/4470_disable-compat_vdso.patch |0 {4.7.9 => 4.7.10}/4475_emutramp_default_on.patch |0 14 files changed, 1784 insertions(+), 122 deletions(-) diff --git a/4.7.9/_README b/4.7.10/_README similarity index 93% rename from 4.7.9/_README rename to 4.7.10/_README index be33a95..f0806b3 100644 --- a/4.7.9/_README +++ b/4.7.10/_README @@ -10,7 +10,11 @@ Patch: 1008_linux-4.7.9.patch From: http://www.kernel.org Desc: Linux 4.7.9 -Patch: 4420_grsecurity-3.1-4.7.9-201610200819.patch +Patch: 1009_linux-4.7.10.patch +From: http://www.kernel.org +Desc: Linux 4.7.10 + +Patch: 4420_grsecurity-3.1-4.7.10-201610222037.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.7.9/1007_linux-4.7.8.patch b/4.7.10/1007_linux-4.7.8.patch similarity index 100% rename from 4.7.9/1007_linux-4.7.8.patch rename to 4.7.10/1007_linux-4.7.8.patch diff --git a/4.7.9/1008_linux-4.7.9.patch b/4.7.10/1008_linux-4.7.9.patch similarity index 100% rename from 4.7.9/1008_linux-4.7.9.patch rename to 4.7.10/1008_linux-4.7.9.patch diff --git a/4.7.10/1009_linux-4.7.10.patch b/4.7.10/1009_linux-4.7.10.patch new file mode 100644 index 000..2e76abd --- /dev/null +++ b/4.7.10/1009_linux-4.7.10.patch @@ -0,0 +1,1630 @@ +diff --git a/MAINTAINERS b/MAINTAINERS +index 8c20323..67c42db 100644 +--- a/MAINTAINERS b/MAINTAINERS +@@ -12620,11 +12620,10 @@ F: arch/x86/xen/*swiotlb* + F:drivers/xen/*swiotlb* + + XFS FILESYSTEM +-P:Silicon Graphics Inc + M:Dave Chinner +-M:x...@oss.sgi.com +-L:x...@oss.sgi.com +-W:http://oss.sgi.com/projects/xfs ++M:linux-...@vger.kernel.org ++L:linux-...@vger.kernel.org ++W:http://xfs.org/ + T:git git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs.git + S:Supported + F:Documentation/filesystems/xfs.txt +diff --git a/Makefile b/Makefile +index cb3f64e..219ab6d 100644 +--- a/Makefile b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 7 +-SUBLEVEL = 9 ++SUBLEVEL = 10 + EXTRAVERSION = + NAME = Psychotic Stoned Sheep + +diff --git a/arch/arc/include/asm/irqflags-arcv2.h b/arch/arc/include/asm/irqflags-arcv2.h +index d1ec7f6..e880dfa 100644 +--- a/arch/arc/include/asm/irqflags-arcv2.h b/arch/arc/include/asm/irqflags-arcv2.h +@@ -112,7 +112,7 @@ static inline long arch_local_save_flags(void) +*/ + temp = (1 << 5) | + ((!!(temp & STATUS_IE_MASK)) << CLRI_STATUS_IE_BIT) | +- (temp & CLRI_STATUS_E_MASK); ++ ((temp >> 1) & CLRI_STATUS_E_MASK); + return temp; + } + +diff --git a/arch/arc/kernel/intc-arcv2.c b/arch/arc/kernel/intc-arcv2.c +index 6c24faf..62b59409 100644 +--- a/arch/arc/kernel/intc-arcv2.c b/arch/arc/kernel/intc-arcv2.c +@@ -74,7 +74,7 @@ void arc_init_IRQ(void) + tmp = read_aux_reg(0xa); + tmp |= STATUS_AD_MASK | (irq_prio << 1); + tmp &= ~STATUS_IE_MASK; +- asm volatile("flag %0 \n"::"r"(tmp)); ++ asm volatile("kflag %0 \n"::"r"(tmp)); + } + + static void arcv2_irq_mask(struct irq_data *data) +diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c +index 4a34978..73a277d 100644 +--- a/block/cfq-iosched.c b/block/cfq-iosched.c +@@ -3021,7 +3021,6 @@ static struct request *cfq_check_fifo(struct cfq_queue *cfqq) + if (time_before(jiffies, rq->fifo_time)) + rq = NULL; + +- cfq_log_cfqq(cfqq->cfqd, cfqq, "fifo=%p", rq); + return rq; + } + +@@ -3395,6 +3394,9 @@ static bool cfq_may_dispatch(struct cfq_data *cfqd, struct cfq_queue *cfqq) + { + unsigned int max_dispatch; + ++ if (cfq_cfqq_must_dispatch(cfqq)) ++ return true; ++ + /* +* Drain async requests before we start sync IO +*/ +@@ -3486,15 +3488,20 @@ static bool cfq_dispatch_request(struct cfq_data *cfqd, st