diff options
| -rw-r--r-- | main/linux-grsec/APKBUILD | 16 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.11-201407072045.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.10-201407052031.patch) | 178 |
2 files changed, 80 insertions, 114 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index e91d727238..5cdf615c70 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.10 +pkgver=3.14.11 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.10-201407052031.patch + grsecurity-3.0-3.14.11-201407072045.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,24 +165,24 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -13d435d77d719cd845fb82627aa07974 patch-3.14.10.xz -08c26e89d09fb4cc0d41c159ea17bb24 grsecurity-3.0-3.14.10-201407052031.patch +5cf3d2cb0f552c2c6faf829b6630e84f patch-3.14.11.xz +53571da447f6543f8741e8c998a01e4f grsecurity-3.0-3.14.11-201407072045.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 83f0e1b1d2413bcb2dddcf87a10dc42b kernelconfig.x86 0b07cc6ece6232c631e2d55f2dd860d6 kernelconfig.x86_64 887980f603af6a1ac6f67edeae2e0d07 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -e93bcbbd4568449e771f420ddd281a797b8df92ff265d59f849c3f53172fd95e patch-3.14.10.xz -238f1499e7b6669b199e85cc334e01c9240665d65647b2ea0c30c230b88ac714 grsecurity-3.0-3.14.10-201407052031.patch +3f290fb547cb4afe23bf520c8c863b6d1e090814f4a6fa0080ed51b4afd9a409 patch-3.14.11.xz +b9f3eee998c12873b3b4263522c4faaf1c3a1536b513d553377d4b4dc07b9bb5 grsecurity-3.0-3.14.11-201407072045.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 5431d66b9c1af413b4dc6f91de00a6e830e3d780a79c5f85d2d8b013b151c169 kernelconfig.x86 9f420cee74896fd3578c3b342188438ac5d6b0f327586c108367abcfc3f1e6ff kernelconfig.x86_64 ab3e07f85f4dd090b2d22b485881031bd479a1c34fc9a2e9707cb8cdebfcfda4 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -807783caa9ff492b936b1deef2da96bfb4af5429adc4810de66fbc709ab1a707e26c03edb66a10e429ad5038697c0d522d7f63075382db5d65f622f727be5452 patch-3.14.10.xz -194d0b023eb9841c2784220ecd80eedd61b62ce1f971a8e5a4fe2f7dcc7a1cff304a4e1bbd7a69aaf5ac2dc9fe112e3d4618bfa8e9541770c8fd3c0dcfe1a358 grsecurity-3.0-3.14.10-201407052031.patch +fb4dca2cf832b04896f4c052ea84eab501c459bf27030b81a88b288d09d320b86254b7e995ae1931c6083ae4c88f62e4ba1976ce2254d88645f9e95a253d19e4 patch-3.14.11.xz +c02ef0f5df3231c3cdb9ebe4aae360ec950a2f6cb6ef11eccaf9736abe71c90cf4a163324ff515aaa1279a57ab70481cb9323dc5896563c716a5fd8461306632 grsecurity-3.0-3.14.11-201407072045.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 03f817222bf5812fa8363542e4ab108767212c67efe3994ea8fe9d0751215d9c3f166ce41de41f9070c855db6c04606828dc61265a1738920b984a24077347c4 kernelconfig.x86 diff --git a/main/linux-grsec/grsecurity-3.0-3.14.10-201407052031.patch b/main/linux-grsec/grsecurity-3.0-3.14.11-201407072045.patch index 5cd674b923..a883f759f7 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.10-201407052031.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.11-201407072045.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index bd5d673..00eaa40 100644 +index f1bbec5..d78810b 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -16136,7 +16136,7 @@ index 69bbb48..32517fe 100644 #define smp_load_acquire(p) \ diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h -index 9fc1af7..fc71228 100644 +index 9fc1af7..776d75a 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h @@ -49,7 +49,7 @@ @@ -16216,7 +16216,7 @@ index 9fc1af7..fc71228 100644 */ #ifdef CONFIG_X86_64 -static __always_inline int fls64(__u64 x) -+static __always_inline long fls64(__u64 x) ++static __always_inline __intentional_overflow(-1) int fls64(__u64 x) { int bitpos = -1; /* @@ -18734,7 +18734,7 @@ index fdedd38..95c02c2 100644 void df_debug(struct pt_regs *regs, long error_code); #endif /* _ASM_X86_PROCESSOR_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h -index 14fd6fd..b31a4a4 100644 +index 6205f0c..b31a4a4 100644 --- a/arch/x86/include/asm/ptrace.h +++ b/arch/x86/include/asm/ptrace.h @@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) @@ -18807,29 +18807,6 @@ index 14fd6fd..b31a4a4 100644 #endif return *(unsigned long *)((unsigned long)regs + offset); } -@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, - - #define ARCH_HAS_USER_SINGLE_STEP_INFO - -+/* -+ * When hitting ptrace_stop(), we cannot return using SYSRET because -+ * that does not restore the full CPU state, only a minimal set. The -+ * ptracer can change arbitrary register values, which is usually okay -+ * because the usual ptrace stops run off the signal delivery path which -+ * forces IRET; however, ptrace_event() stops happen in arbitrary places -+ * in the kernel and don't force IRET path. -+ * -+ * So force IRET path after a ptrace stop. -+ */ -+#define arch_ptrace_stop_needed(code, info) \ -+({ \ -+ set_thread_flag(TIF_NOTIFY_RESUME); \ -+ false; \ -+}) -+ - struct user_desc; - extern int do_get_thread_area(struct task_struct *p, int idx, - struct user_desc __user *info); diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 9c6b890..5305f53 100644 --- a/arch/x86/include/asm/realmode.h @@ -26887,7 +26864,7 @@ index 9c0280f..5bbb1c0 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 7461f50..1334029 100644 +index 7461f50..01d0b9c 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) @@ -26909,7 +26886,28 @@ index 7461f50..1334029 100644 return (unsigned long)regs; } -@@ -588,7 +587,7 @@ static void ptrace_triggered(struct perf_event *bp, +@@ -452,6 +451,20 @@ static int putreg(struct task_struct *child, + if (child->thread.gs != value) + return do_arch_prctl(child, ARCH_SET_GS, value); + return 0; ++ ++ case offsetof(struct user_regs_struct,ip): ++ /* ++ * Protect against any attempt to set ip to an ++ * impossible address. There are dragons lurking if the ++ * address is noncanonical. (This explicitly allows ++ * setting ip to TASK_SIZE_MAX, because user code can do ++ * that all by itself by running off the end of its ++ * address space. ++ */ ++ if (value > TASK_SIZE_MAX) ++ return -EIO; ++ break; ++ + #endif + } + +@@ -588,7 +601,7 @@ static void ptrace_triggered(struct perf_event *bp, static unsigned long ptrace_get_dr7(struct perf_event *bp[]) { int i; @@ -26918,7 +26916,7 @@ index 7461f50..1334029 100644 struct arch_hw_breakpoint *info; for (i = 0; i < HBP_NUM; i++) { -@@ -822,7 +821,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -822,7 +835,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -26927,7 +26925,7 @@ index 7461f50..1334029 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -907,14 +906,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -907,14 +920,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -26944,7 +26942,7 @@ index 7461f50..1334029 100644 break; #endif -@@ -1292,7 +1291,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, +@@ -1292,7 +1305,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, #ifdef CONFIG_X86_64 @@ -26953,7 +26951,7 @@ index 7461f50..1334029 100644 [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct) / sizeof(long), -@@ -1333,7 +1332,7 @@ static const struct user_regset_view user_x86_64_view = { +@@ -1333,7 +1346,7 @@ static const struct user_regset_view user_x86_64_view = { #endif /* CONFIG_X86_64 */ #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION @@ -26962,7 +26960,7 @@ index 7461f50..1334029 100644 [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct32) / sizeof(u32), -@@ -1386,7 +1385,7 @@ static const struct user_regset_view user_x86_32_view = { +@@ -1386,7 +1399,7 @@ static const struct user_regset_view user_x86_32_view = { */ u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; @@ -26971,7 +26969,7 @@ index 7461f50..1334029 100644 { #ifdef CONFIG_X86_64 x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); -@@ -1421,7 +1420,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1421,7 +1434,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -26980,7 +26978,7 @@ index 7461f50..1334029 100644 } void user_single_step_siginfo(struct task_struct *tsk, -@@ -1450,6 +1449,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, +@@ -1450,6 +1463,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, # define IS_IA32 0 #endif @@ -26991,7 +26989,7 @@ index 7461f50..1334029 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1460,6 +1463,11 @@ long syscall_trace_enter(struct pt_regs *regs) +@@ -1460,6 +1477,11 @@ long syscall_trace_enter(struct pt_regs *regs) user_exit(); @@ -27003,7 +27001,7 @@ index 7461f50..1334029 100644 /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1515,6 +1523,11 @@ void syscall_trace_leave(struct pt_regs *regs) +@@ -1515,6 +1537,11 @@ void syscall_trace_leave(struct pt_regs *regs) */ user_exit(); @@ -47099,6 +47097,19 @@ index a2515887..6d13233 100644 dev->net->dev_addr[ETH_ALEN-1] = ifacenum; /* we will have to manufacture ethernet headers, prepare template */ +diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c +index 841b608..198a8b7 100644 +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -47,7 +47,7 @@ module_param(gso, bool, 0444); + #define RECEIVE_AVG_WEIGHT 64 + + /* Minimum alignment for mergeable packet buffers. */ +-#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256) ++#define MERGEABLE_BUFFER_ALIGN max(L1_CACHE_BYTES, 256UL) + + #define VIRTNET_DRIVER_VERSION "1.0.0" + diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 40ad25d..8703023 100644 --- a/drivers/net/vxlan.c @@ -50909,10 +50920,10 @@ index 24884ca..26c8220 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 26416c1..e796a3d 100644 +index 6ea95d2..88607b4 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c -@@ -1524,7 +1524,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) +@@ -1525,7 +1525,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); sema_init(&dev->caw_sem, 1); @@ -62806,7 +62817,7 @@ index f4ccfe6..a5cf064 100644 static struct callback_op callback_ops[]; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 360114a..ac6e265 100644 +index 15f9d98..082c625 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1189,16 +1189,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt @@ -62843,7 +62854,7 @@ index 9a914e8..e89c0ea 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index 16e8fa7..b0803f6 100644 +index bc11bf6..324b058 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -1531,7 +1531,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) @@ -82100,20 +82111,6 @@ index 34a1e10..70f6bde 100644 struct proc_ns { void *ns; -diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h -index 077904c..cc79eff 100644 ---- a/include/linux/ptrace.h -+++ b/include/linux/ptrace.h -@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk, - * calling arch_ptrace_stop() when it would be superfluous. For example, - * if the thread has not been back to user mode since the last stop, the - * thread state might indicate that nothing needs to be done. -+ * -+ * This is guaranteed to be invoked once before a task stops for ptrace and -+ * may include arch-specific operations necessary prior to a ptrace stop. - */ - #define arch_ptrace_stop_needed(code, info) (0) - #endif diff --git a/include/linux/quota.h b/include/linux/quota.h index cc7494a..1e27036 100644 --- a/include/linux/quota.h @@ -86755,7 +86752,7 @@ index 81b3d67..ef189a4 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 45da005c..6581b2b 100644 +index c44bff8..a3c5876 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -180,6 +180,48 @@ void thread_info_cache_init(void) @@ -87137,7 +87134,7 @@ index 45da005c..6581b2b 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1537,6 +1647,8 @@ bad_fork_cleanup_count: +@@ -1539,6 +1649,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -87146,7 +87143,7 @@ index 45da005c..6581b2b 100644 return ERR_PTR(retval); } -@@ -1598,6 +1710,7 @@ long do_fork(unsigned long clone_flags, +@@ -1600,6 +1712,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -87154,7 +87151,7 @@ index 45da005c..6581b2b 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1614,6 +1727,8 @@ long do_fork(unsigned long clone_flags, +@@ -1616,6 +1729,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -87163,7 +87160,7 @@ index 45da005c..6581b2b 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1732,7 +1847,7 @@ void __init proc_caches_init(void) +@@ -1734,7 +1849,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -87172,7 +87169,7 @@ index 45da005c..6581b2b 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1772,7 +1887,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1774,7 +1889,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -87181,7 +87178,7 @@ index 45da005c..6581b2b 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1879,7 +1994,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1881,7 +1996,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -91701,10 +91698,10 @@ index fc4da2d..f3e800b 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 24c1f23..781fd73f 100644 +index f0831c22..4b19cb3 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -3399,7 +3399,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -3400,7 +3400,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } @@ -91894,7 +91891,7 @@ index 4f69f9a..7c6f8f8 100644 memcpy(&uts_table, table, sizeof(uts_table)); uts_table.data = get_uts(table, write); diff --git a/kernel/watchdog.c b/kernel/watchdog.c -index 4431610..4265616 100644 +index c9b6f01..37781d9 100644 --- a/kernel/watchdog.c +++ b/kernel/watchdog.c @@ -475,7 +475,7 @@ static int watchdog_nmi_enable(unsigned int cpu) { return 0; } @@ -92442,37 +92439,6 @@ index c24c2f7..f0296f4 100644 + pax_close_kernel(); +} +EXPORT_SYMBOL(pax_list_del_rcu); -diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c -index b74da44..7a85967 100644 ---- a/lib/lz4/lz4_decompress.c -+++ b/lib/lz4/lz4_decompress.c -@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, - int s = 255; - while ((ip < iend) && (s == 255)) { - s = *ip++; -+ if (unlikely(length > (size_t)(length + s))) -+ goto _output_error; - length += s; - } - } -@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, - if (length == ML_MASK) { - while (ip < iend) { - int s = *ip++; -+ if (unlikely(length > (size_t)(length + s))) -+ goto _output_error; - length += s; - if (s == 255) - continue; -@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, - - /* write overflow error detected */ - _output_error: -- return (int) (-(((char *) ip) - source)); -+ return -1; - } - - int lz4_decompress(const unsigned char *src, size_t *src_len, diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c index 963b703..438bc51 100644 --- a/lib/percpu-refcount.c @@ -101804,7 +101770,7 @@ index a8eb0a8..86f2de4 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 4f26ee4..6a9d7c3 100644 +index 3d2d2c8..c87e4d3 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -567,7 +567,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -101816,7 +101782,7 @@ index 4f26ee4..6a9d7c3 100644 ip_vs_conn_put(cp); return ret; } -@@ -1706,7 +1706,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) +@@ -1711,7 +1711,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) if (cp->flags & IP_VS_CONN_F_ONE_PACKET) pkts = sysctl_sync_threshold(ipvs); else @@ -101994,7 +101960,7 @@ index a4b5e2a..13b1de3 100644 table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 356bef5..99932cb 100644 +index 356bef5..163b56a 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1627,6 +1627,10 @@ void nf_conntrack_init_end(void) @@ -102013,7 +101979,7 @@ index 356bef5..99932cb 100644 } +#ifdef CONFIG_GRKERNSEC_HIDESYM -+ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return_unchecked(&conntrack_cache_id)); ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08x", atomic_inc_return_unchecked(&conntrack_cache_id)); +#else net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net); +#endif @@ -114733,7 +114699,7 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..8972f81 +index 0000000..4077712 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data @@ -0,0 +1,5988 @@ @@ -116547,8 +116513,8 @@ index 0000000..8972f81 +attach_hdlc_protocol_19986 attach_hdlc_protocol 3 19986 NULL +rtw_set_wps_probe_resp_19989 rtw_set_wps_probe_resp 3 19989 NULL +diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL -+lov_stripe_md_size_20009 lov_stripe_md_size 0-1 20009 NULL nohasharray -+event_trigger_write_20009 event_trigger_write 3 20009 &lov_stripe_md_size_20009 ++event_trigger_write_20009 event_trigger_write 3 20009 NULL nohasharray ++lov_stripe_md_size_20009 lov_stripe_md_size 0-1 20009 &event_trigger_write_20009 +tree_mod_log_eb_move_20011 tree_mod_log_eb_move 5 20011 NULL +SYSC_fgetxattr_20027 SYSC_fgetxattr 4 20027 NULL +split_scan_timeout_read_20029 split_scan_timeout_read 3 20029 NULL @@ -116915,8 +116881,8 @@ index 0000000..8972f81 +bin_to_hex_dup_23853 bin_to_hex_dup 2 23853 NULL +ocfs2_xattr_get_clusters_23857 ocfs2_xattr_get_clusters 0 23857 NULL +ieee80211_if_read_dot11MeshMaxPeerLinks_23878 ieee80211_if_read_dot11MeshMaxPeerLinks 3 23878 NULL -+nouveau_clock_create__23881 nouveau_clock_create_ 5 23881 NULL nohasharray -+writeback_single_inode_23881 writeback_single_inode 0 23881 &nouveau_clock_create__23881 ++writeback_single_inode_23881 writeback_single_inode 0 23881 NULL nohasharray ++nouveau_clock_create__23881 nouveau_clock_create_ 5 23881 &writeback_single_inode_23881 +tipc_snprintf_23893 tipc_snprintf 2-0 23893 NULL +add_new_gdb_meta_bg_23911 add_new_gdb_meta_bg 3 23911 NULL nohasharray +ieee80211_if_read_hw_queues_23911 ieee80211_if_read_hw_queues 3 23911 &add_new_gdb_meta_bg_23911 |