diff options
| -rw-r--r-- | main/linux-grsec/APKBUILD | 8 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.12-unofficial.patch) | 103 |
2 files changed, 56 insertions, 55 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index f52c9d6d69..2044d6e1ee 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,9 +2,9 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.0.12 +pkgver=3.0.13 _kernver=3.0 -pkgrel=3 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -142,8 +142,8 @@ dev() { } md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2 -b3030035fcc87c55ede362a47113af5d patch-3.0.12.bz2 -a129184102c16a4ee39afe50cae43efd grsecurity-2.2.2-3.0.12-unofficial.patch +bf47382f0c923b8dc2b5e8e456c59cc9 patch-3.0.13.bz2 +d5c9b286a5a947fa25ccd386e5cd2387 grsecurity-2.2.2-3.0.13-unofficial.patch c41cf0ee9794f393423c6b2093072260 grsec-timblogiw-noconst.patch ebb99ef6ad8cd2d9fd8f49d5c5849057 0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.12-unofficial.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch index 8fad8f4f85..a63a19122c 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.0.12-unofficial.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.0.13-unofficial.patch @@ -158,7 +158,7 @@ index aa47be7..1fbd18f 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 993fe05..8ddd85b 100644 +index 5ccc962..f6e640e 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -708,7 +708,7 @@ index acca35a..f7debc1 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 5e1e541..6af2d90 100644 +index 74ae833..8749ecb 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -719,7 +719,7 @@ index 5e1e541..6af2d90 100644 #include <linux/hw_breakpoint.h> #include <asm/cacheflush.h> -@@ -479,12 +478,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -482,12 +481,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -15913,7 +15913,7 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 9242436..753954d 100644 +index d4a705f..ef8f1a9 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -35,7 +35,7 @@ void (*pm_power_off)(void); @@ -15925,7 +15925,7 @@ index 9242436..753954d 100644 enum reboot_type reboot_type = BOOT_ACPI; int reboot_force; -@@ -315,13 +315,17 @@ core_initcall(reboot_init); +@@ -324,13 +324,17 @@ core_initcall(reboot_init); extern const unsigned char machine_real_restart_asm[]; extern const u64 machine_real_restart_gdt[3]; @@ -15945,7 +15945,7 @@ index 9242436..753954d 100644 local_irq_disable(); /* Write zero to CMOS register number 0x0f, which the BIOS POST -@@ -347,14 +351,14 @@ void machine_real_restart(unsigned int type) +@@ -356,14 +360,14 @@ void machine_real_restart(unsigned int type) boot)". This seems like a fairly standard thing that gets set by REBOOT.COM programs, and the previous reset routine did this too. */ @@ -15962,7 +15962,7 @@ index 9242436..753954d 100644 /* GDT[0]: GDT self-pointer */ lowmem_gdt[0] = -@@ -365,7 +369,33 @@ void machine_real_restart(unsigned int type) +@@ -374,7 +378,33 @@ void machine_real_restart(unsigned int type) GDT_ENTRY(0x009b, restart_pa, 0xffff); /* Jump to the identity-mapped low memory code */ @@ -15996,7 +15996,7 @@ index 9242436..753954d 100644 } #ifdef CONFIG_APM_MODULE EXPORT_SYMBOL(machine_real_restart); -@@ -523,7 +553,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -532,7 +562,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -16005,7 +16005,7 @@ index 9242436..753954d 100644 { int i; int attempt = 0; -@@ -647,13 +677,13 @@ void native_machine_shutdown(void) +@@ -656,13 +686,13 @@ void native_machine_shutdown(void) #endif } @@ -16021,7 +16021,7 @@ index 9242436..753954d 100644 { printk("machine restart\n"); -@@ -662,7 +692,7 @@ static void native_machine_restart(char *__unused) +@@ -671,7 +701,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -16030,7 +16030,7 @@ index 9242436..753954d 100644 { /* stop other cpus and apics */ machine_shutdown(); -@@ -673,7 +703,7 @@ static void native_machine_halt(void) +@@ -682,7 +712,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -16039,7 +16039,7 @@ index 9242436..753954d 100644 { if (pm_power_off) { if (!reboot_force) -@@ -682,6 +712,7 @@ static void native_machine_power_off(void) +@@ -691,6 +721,7 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -21109,10 +21109,10 @@ index ea30585..b5e1508 100644 return 0; diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c -index b499626..6fd1882 100644 +index f4f29b1..5cac4fb 100644 --- a/arch/x86/mm/highmem_32.c +++ b/arch/x86/mm/highmem_32.c -@@ -44,7 +44,10 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) +@@ -44,7 +44,11 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) idx = type + KM_TYPE_NR*smp_processor_id(); vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx); BUG_ON(!pte_none(*(kmap_pte-idx))); @@ -21120,9 +21120,10 @@ index b499626..6fd1882 100644 + pax_open_kernel(); set_pte(kmap_pte-idx, mk_pte(page, prot)); + pax_close_kernel(); ++ + arch_flush_lazy_mmu_mode(); return (void *)vaddr; - } diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c index f581a18..29efd37 100644 --- a/arch/x86/mm/hugetlbpage.c @@ -26871,7 +26872,7 @@ index a365be0..a629755 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index 82db185..c935ce3 100644 +index 1367ced..f2ec98d 100644 --- a/drivers/gpu/drm/drm_crtc.c +++ b/drivers/gpu/drm/drm_crtc.c @@ -1372,7 +1372,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, @@ -26921,7 +26922,7 @@ index 82db185..c935ce3 100644 if (!num_clips != !clips_ptr) { ret = -EINVAL; -@@ -2270,7 +2270,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2274,7 +2274,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, out_resp->flags = property->flags; if ((out_resp->count_values >= value_count) && value_count) { @@ -26930,7 +26931,7 @@ index 82db185..c935ce3 100644 for (i = 0; i < value_count; i++) { if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) { ret = -EFAULT; -@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2287,7 +2287,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, if (property->flags & DRM_MODE_PROP_ENUM) { if ((out_resp->count_enum_blobs >= enum_count) && enum_count) { copied = 0; @@ -26939,7 +26940,7 @@ index 82db185..c935ce3 100644 list_for_each_entry(prop_enum, &property->enum_blob_list, head) { if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) { -@@ -2306,7 +2306,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2310,7 +2310,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, if ((out_resp->count_enum_blobs >= blob_count) && blob_count) { copied = 0; blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr; @@ -26948,7 +26949,7 @@ index 82db185..c935ce3 100644 list_for_each_entry(prop_blob, &property->enum_blob_list, head) { if (put_user(prop_blob->base.id, blob_id_ptr + copied)) { -@@ -2367,7 +2367,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, +@@ -2371,7 +2371,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, struct drm_mode_get_blob *out_resp = data; struct drm_property_blob *blob; int ret = 0; @@ -26957,7 +26958,7 @@ index 82db185..c935ce3 100644 if (!drm_core_check_feature(dev, DRIVER_MODESET)) return -EINVAL; -@@ -2381,7 +2381,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, +@@ -2385,7 +2385,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, blob = obj_to_blob(obj); if (out_resp->length == blob->length) { @@ -27355,7 +27356,7 @@ index 4934cf8..52e8e83 100644 /* The actual obj->write_domain will be updated with * pending_write_domain after we emit the accumulated flush for all diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 9b1d669..d88e72c 100644 +index 3635647..1ad5700 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -473,7 +473,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) @@ -27376,7 +27377,7 @@ index 9b1d669..d88e72c 100644 if (IS_GEN6(dev)) bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT; -@@ -1226,7 +1226,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) +@@ -1227,7 +1227,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) int ret = IRQ_NONE, pipe; bool blc_event = false; @@ -27385,7 +27386,7 @@ index 9b1d669..d88e72c 100644 iir = I915_READ(IIR); -@@ -1735,7 +1735,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1736,7 +1736,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -27394,7 +27395,7 @@ index 9b1d669..d88e72c 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1899,7 +1899,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) +@@ -1900,7 +1900,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -27404,7 +27405,7 @@ index 9b1d669..d88e72c 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 853bddb..6afec46 100644 +index fed87d6..f594763 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -1961,7 +1961,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, @@ -27777,10 +27778,10 @@ index 59d72d0..3621b94 100644 /* * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c -index bf2b615..c821ec8 100644 +index 285acc4..f4d909f 100644 --- a/drivers/gpu/drm/radeon/radeon_atombios.c +++ b/drivers/gpu/drm/radeon/radeon_atombios.c -@@ -545,6 +545,8 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev) +@@ -569,6 +569,8 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev) struct radeon_gpio_rec gpio; struct radeon_hpd hpd; @@ -28157,7 +28158,7 @@ index e92298a..f68f2d6 100644 for (;;) { diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 4f81d20..4b5f337 100644 +index 763797d..67a9f78 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1940,7 +1940,7 @@ static bool hid_ignore(struct hid_device *hdev) @@ -34062,7 +34063,7 @@ index dd87e86..bc0148c 100644 } diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c -index dccd863..8d35669 100644 +index f8c752e..28bf4fc 100644 --- a/drivers/oprofile/oprof.c +++ b/drivers/oprofile/oprof.c @@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work) @@ -35444,10 +35445,10 @@ index 6888b2c..45befa1 100644 return errsts; memset(arr, 0, sizeof(arr)); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index f97acff..0c53d1f 100644 +index 72ab1e6..ad69062 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1412,7 +1412,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1414,7 +1414,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -35456,7 +35457,7 @@ index f97acff..0c53d1f 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1438,9 +1438,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1440,9 +1440,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -36155,10 +36156,10 @@ index 76d7485..ab8524a 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index e42ce9d..b3ee231 100644 +index 5c4b5d9..fdfc7bf1 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c -@@ -76,7 +76,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, +@@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, if (!urb) { pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); pr_info("max seqnum %d\n", @@ -64929,10 +64930,10 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index a9205e3..1c6f5c0 100644 +index 2043c08..ec81a69 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c -@@ -1391,7 +1391,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1393,7 +1393,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } @@ -64942,7 +64943,7 @@ index a9205e3..1c6f5c0 100644 hrtimer_peek_ahead_timers(); } diff --git a/kernel/jump_label.c b/kernel/jump_label.c -index a8ce450..5519bce 100644 +index e6f1f24..6c19597 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c @@ -55,7 +55,9 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop) @@ -64955,7 +64956,7 @@ index a8ce450..5519bce 100644 } static void jump_label_update(struct jump_label_key *key, int enable); -@@ -297,10 +299,12 @@ static void jump_label_invalidate_module_init(struct module *mod) +@@ -298,10 +300,12 @@ static void jump_label_invalidate_module_init(struct module *mod) struct jump_entry *iter_stop = iter_start + mod->num_jump_entries; struct jump_entry *iter; @@ -67906,7 +67907,7 @@ index ea5e1a9..8b8df07 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index c7218d1..5f4ecc6 100644 +index 7a90d02..6d8585a 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c @@ -115,7 +115,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) @@ -67919,7 +67920,7 @@ index c7218d1..5f4ecc6 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 342408c..18c3098 100644 +index 5f45831..a62c75e 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -67930,7 +67931,7 @@ index 342408c..18c3098 100644 #include <linux/syscore_ops.h> #include <linux/clocksource.h> #include <linux/jiffies.h> -@@ -361,6 +362,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -365,6 +366,8 @@ int do_settimeofday(const struct timespec *tv) if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC) return -EINVAL; @@ -68180,10 +68181,10 @@ index 0731e81a..91f8a79 100644 struct dentry *d_tracer; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index 3e2a7c9..665bb9a 100644 +index 2d04936..7d78f18 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1318,10 +1318,6 @@ static LIST_HEAD(ftrace_module_file_list); +@@ -1317,10 +1317,6 @@ static LIST_HEAD(ftrace_module_file_list); struct ftrace_module_file_ops { struct list_head list; struct module *mod; @@ -68194,7 +68195,7 @@ index 3e2a7c9..665bb9a 100644 }; static struct ftrace_module_file_ops * -@@ -1342,17 +1338,12 @@ trace_create_file_ops(struct module *mod) +@@ -1341,17 +1337,12 @@ trace_create_file_ops(struct module *mod) file_ops->mod = mod; @@ -68218,7 +68219,7 @@ index 3e2a7c9..665bb9a 100644 list_add(&file_ops->list, &ftrace_module_file_list); -@@ -1376,8 +1367,8 @@ static void trace_module_add_events(struct module *mod) +@@ -1375,8 +1366,8 @@ static void trace_module_add_events(struct module *mod) for_each_event(call, start, end) { __trace_add_event_call(*call, mod, @@ -68738,7 +68739,7 @@ index cc5acf9..fd56cc0 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index bfcf153..1eff489 100644 +index 2b57cd9..8c89c5e 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2339,6 +2339,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, @@ -68769,7 +68770,7 @@ index bfcf153..1eff489 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. */ -@@ -2440,6 +2461,11 @@ retry_avoidcopy: +@@ -2442,6 +2463,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -68781,7 +68782,7 @@ index bfcf153..1eff489 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2591,6 +2617,10 @@ retry: +@@ -2593,6 +2619,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -68792,7 +68793,7 @@ index bfcf153..1eff489 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2620,6 +2650,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2622,6 +2652,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -68803,7 +68804,7 @@ index bfcf153..1eff489 100644 ptep = huge_pte_offset(mm, address); if (ptep) { entry = huge_ptep_get(ptep); -@@ -2631,6 +2665,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2633,6 +2667,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } |