[gentoo-commits] proj/hardened-patchset:master commit in: 4.7.10/
commit: 56df60d70f473e515a2b889709239ecc78bbf5c6
Author: Anthony G. Basile gentoo org>
AuthorDate: Wed Nov 2 08:22:12 2016 +
Commit: Anthony G. Basile gentoo org>
CommitDate: Wed Nov 2 08:22:12 2016 +
URL:
https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=56df60d7
grsecurity-3.1-4.7.10-201611011946
4.7.10/_README | 2 +-
... 4420_grsecurity-3.1-4.7.10-201611011946.patch} | 161 +++--
2 files changed, 151 insertions(+), 12 deletions(-)
diff --git a/4.7.10/_README b/4.7.10/_README
index 5c79278..c596497 100644
--- a/4.7.10/_README
+++ b/4.7.10/_README
@@ -14,7 +14,7 @@ Patch:1009_linux-4.7.10.patch
From: http://www.kernel.org
Desc: Linux 4.7.10
-Patch: 4420_grsecurity-3.1-4.7.10-201610262029.patch
+Patch: 4420_grsecurity-3.1-4.7.10-201611011946.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.7.10/4420_grsecurity-3.1-4.7.10-201610262029.patch
b/4.7.10/4420_grsecurity-3.1-4.7.10-201611011946.patch
similarity index 99%
rename from 4.7.10/4420_grsecurity-3.1-4.7.10-201610262029.patch
rename to 4.7.10/4420_grsecurity-3.1-4.7.10-201611011946.patch
index 2148028..15bb765 100644
--- a/4.7.10/4420_grsecurity-3.1-4.7.10-201610262029.patch
+++ b/4.7.10/4420_grsecurity-3.1-4.7.10-201611011946.patch
@@ -960,7 +960,7 @@ index d50430c..01cc53b 100644
# but it is being used too early to link to meaningful stack_chk logic.
nossp_flags := $(call cc-option, -fno-stack-protector)
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 9e10c45..5fbb312 100644
+index 9e10c45..e4cd000 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -18,17 +18,41 @@
@@ -1018,7 +1018,7 @@ index 9e10c45..5fbb312 100644
+ "3:\n"
+#define __OVERFLOW_POST_RETURN\
+ " bvc 3f\n" \
-+" mov %0, %1\n" \
++ " mov %0, %1\n" \
+ "2: " REFCOUNT_TRAP_INSN "\n"\
+ "3:\n"
+#define __OVERFLOW_EXTABLE\
@@ -24176,7 +24176,7 @@ index dee8a70..a2c1bda 100644
}
diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h
-index c3496619..3f3a7dc 100644
+index c3496619..a968182 100644
--- a/arch/x86/include/asm/traps.h
+++ b/arch/x86/include/asm/traps.h
@@ -10,7 +10,7 @@
@@ -24188,7 +24188,15 @@ index c3496619..3f3a7dc 100644
asmlinkage void nmi(void);
asmlinkage void int3(void);
asmlinkage void xen_debug(void);
-@@ -107,7 +107,7 @@ extern int panic_on_unrecovered_nmi;
+@@ -54,6 +54,7 @@ asmlinkage void trace_page_fault(void);
+ #define trace_alignment_check alignment_check
+ #define trace_simd_coprocessor_error simd_coprocessor_error
+ #define trace_async_page_fault async_page_fault
++#define trace_refcount_error refcount_error
+ #endif
+
+ dotraplinkage void do_divide_error(struct pt_regs *, long);
+@@ -107,7 +108,7 @@ extern int panic_on_unrecovered_nmi;
void math_emulate(struct math_emu_info *);
#ifndef CONFIG_X86_32
@@ -24198,7 +24206,7 @@ index c3496619..3f3a7dc 100644
asmlinkage void smp_deferred_error_interrupt(void);
#endif
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 0328c2cc..b65e680d 100644
+index 0328c2cc..fb12bf2 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -8,6 +8,7 @@
@@ -24294,7 +24302,7 @@ index 0328c2cc..b65e680d 100644
/**
* get_user: - Get a simple variable from user space.
-@@ -201,13 +247,11 @@ __typeof__(__builtin_choose_expr(sizeof(x) >
sizeof(0UL), 0ULL, 0UL))
+@@ -201,14 +247,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) >
sizeof(0UL), 0ULL, 0UL))
asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
: "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
@@ -24305,22 +24313,26 @@ index 0328c2cc..b65e680d 100644
asm volatile("\n" \
- "1:movl %%eax,0(%2)\n" \
- "2:movl %%edx,4(%2)\n" \
+- "3:" \
+ "1:"__copyuser_seg"movl %%eax,0(%2)\n" \
+ "2:"__copyuser_seg"movl %%edx,4(%2)\n" \
-"3:" \
++ "3:\n" \
".section .fixup,\"ax\"\n" \
"4:movl %3,%0\n" \
-@@ -220,8 +264,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL),
0ULL, 0UL))
+" jmp 3b\n" \
+@@ -220,9 +264,9 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL),
0ULL, 0UL))
[gentoo-commits] proj/hardened-patchset:master commit in: 4.7.10/, 4.7.9/
commit: 577ecfc11feb8d3835b6cc69bb57dac65d5957e6
Author: Anthony G. Basile gentoo org>
AuthorDate: Sun Oct 23 12:41:53 2016 +
Commit: Anthony G. Basile gentoo org>
CommitDate: Sun Oct 23 12:41:53 2016 +
URL:
https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=577ecfc1
grsecurity-3.1-4.7.10-201610222037
{4.7.9 => 4.7.10}/_README |6 +-
{4.7.9 => 4.7.10}/1007_linux-4.7.8.patch |0
{4.7.9 => 4.7.10}/1008_linux-4.7.9.patch |0
4.7.10/1009_linux-4.7.10.patch | 1630
.../4420_grsecurity-3.1-4.7.10-201610222037.patch | 270 ++--
{4.7.9 => 4.7.10}/4425_grsec_remove_EI_PAX.patch |0
{4.7.9 => 4.7.10}/4427_force_XATTR_PAX_tmpfs.patch |0
.../4430_grsec-remove-localversion-grsec.patch |0
{4.7.9 => 4.7.10}/4435_grsec-mute-warnings.patch |0
.../4440_grsec-remove-protected-paths.patch|0
.../4450_grsec-kconfig-default-gids.patch |0
.../4465_selinux-avc_audit-log-curr_ip.patch |0
{4.7.9 => 4.7.10}/4470_disable-compat_vdso.patch |0
{4.7.9 => 4.7.10}/4475_emutramp_default_on.patch |0
14 files changed, 1784 insertions(+), 122 deletions(-)
diff --git a/4.7.9/_README b/4.7.10/_README
similarity index 93%
rename from 4.7.9/_README
rename to 4.7.10/_README
index be33a95..f0806b3 100644
--- a/4.7.9/_README
+++ b/4.7.10/_README
@@ -10,7 +10,11 @@ Patch: 1008_linux-4.7.9.patch
From: http://www.kernel.org
Desc: Linux 4.7.9
-Patch: 4420_grsecurity-3.1-4.7.9-201610200819.patch
+Patch: 1009_linux-4.7.10.patch
+From: http://www.kernel.org
+Desc: Linux 4.7.10
+
+Patch: 4420_grsecurity-3.1-4.7.10-201610222037.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.7.9/1007_linux-4.7.8.patch b/4.7.10/1007_linux-4.7.8.patch
similarity index 100%
rename from 4.7.9/1007_linux-4.7.8.patch
rename to 4.7.10/1007_linux-4.7.8.patch
diff --git a/4.7.9/1008_linux-4.7.9.patch b/4.7.10/1008_linux-4.7.9.patch
similarity index 100%
rename from 4.7.9/1008_linux-4.7.9.patch
rename to 4.7.10/1008_linux-4.7.9.patch
diff --git a/4.7.10/1009_linux-4.7.10.patch b/4.7.10/1009_linux-4.7.10.patch
new file mode 100644
index 000..2e76abd
--- /dev/null
+++ b/4.7.10/1009_linux-4.7.10.patch
@@ -0,0 +1,1630 @@
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 8c20323..67c42db 100644
+--- a/MAINTAINERS
b/MAINTAINERS
+@@ -12620,11 +12620,10 @@ F: arch/x86/xen/*swiotlb*
+ F:drivers/xen/*swiotlb*
+
+ XFS FILESYSTEM
+-P:Silicon Graphics Inc
+ M:Dave Chinner
+-M:x...@oss.sgi.com
+-L:x...@oss.sgi.com
+-W:http://oss.sgi.com/projects/xfs
++M:linux-...@vger.kernel.org
++L:linux-...@vger.kernel.org
++W:http://xfs.org/
+ T:git git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs.git
+ S:Supported
+ F:Documentation/filesystems/xfs.txt
+diff --git a/Makefile b/Makefile
+index cb3f64e..219ab6d 100644
+--- a/Makefile
b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 7
+-SUBLEVEL = 9
++SUBLEVEL = 10
+ EXTRAVERSION =
+ NAME = Psychotic Stoned Sheep
+
+diff --git a/arch/arc/include/asm/irqflags-arcv2.h
b/arch/arc/include/asm/irqflags-arcv2.h
+index d1ec7f6..e880dfa 100644
+--- a/arch/arc/include/asm/irqflags-arcv2.h
b/arch/arc/include/asm/irqflags-arcv2.h
+@@ -112,7 +112,7 @@ static inline long arch_local_save_flags(void)
+*/
+ temp = (1 << 5) |
+ ((!!(temp & STATUS_IE_MASK)) << CLRI_STATUS_IE_BIT) |
+- (temp & CLRI_STATUS_E_MASK);
++ ((temp >> 1) & CLRI_STATUS_E_MASK);
+ return temp;
+ }
+
+diff --git a/arch/arc/kernel/intc-arcv2.c b/arch/arc/kernel/intc-arcv2.c
+index 6c24faf..62b59409 100644
+--- a/arch/arc/kernel/intc-arcv2.c
b/arch/arc/kernel/intc-arcv2.c
+@@ -74,7 +74,7 @@ void arc_init_IRQ(void)
+ tmp = read_aux_reg(0xa);
+ tmp |= STATUS_AD_MASK | (irq_prio << 1);
+ tmp &= ~STATUS_IE_MASK;
+- asm volatile("flag %0 \n"::"r"(tmp));
++ asm volatile("kflag %0 \n"::"r"(tmp));
+ }
+
+ static void arcv2_irq_mask(struct irq_data *data)
+diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
+index 4a34978..73a277d 100644
+--- a/block/cfq-iosched.c
b/block/cfq-iosched.c
+@@ -3021,7 +3021,6 @@ static struct request *cfq_check_fifo(struct cfq_queue
*cfqq)
+ if (time_before(jiffies, rq->fifo_time))
+ rq = NULL;
+
+- cfq_log_cfqq(cfqq->cfqd, cfqq, "fifo=%p", rq);
+ return rq;
+ }
+
+@@ -3395,6 +3394,9 @@ static bool cfq_may_dispatch(struct cfq_data *cfqd,
struct cfq_queue *cfqq)
+ {
+ unsigned int max_dispatch;
+
++ if (cfq_cfqq_must_dispatch(cfqq))
++ return true;
++
+ /*
+* Drain async requests before we start sync IO
+*/
+@@ -3486,15 +3488,20 @@ static bool
