diff options
| -rw-r--r-- | main/linux-virt-grsec/APKBUILD | 14 | ||||
| -rw-r--r-- | main/linux-virt-grsec/grsecurity-2.9.1-3.10.44-unofficial.patch (renamed from main/linux-virt-grsec/grsecurity-2.9.1-3.10.43-unofficial.patch) | 136 |
2 files changed, 77 insertions, 73 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD index 9cadce32d7..879c5f4528 100644 --- a/main/linux-virt-grsec/APKBUILD +++ b/main/linux-virt-grsec/APKBUILD @@ -3,7 +3,7 @@ _flavor=virt-grsec pkgname=linux-${_flavor} -pkgver=3.10.43 +pkgver=3.10.44 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -154,8 +154,8 @@ dev() { } md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz -3395365459b5a907a0425f260bc60e10 patch-3.10.43.xz -157ad1fb61302669afff96bdff14eebb grsecurity-2.9.1-3.10.43-unofficial.patch +775e8b7a3d0890bff5952eb9e7c42cd8 patch-3.10.44.xz +f1e906ad953a274e1d4cab130310cd0d grsecurity-2.9.1-3.10.44-unofficial.patch a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -168,8 +168,8 @@ b3c0153d53e508e03d73b94d15b24a96 sysctl_lxc.patch 539c848d541c1656851fe865018273df kernelconfig.x86 82cd965fc82651f2e6b35e75c17d8031 kernelconfig.x86_64" sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz -3d2f5d06ef28985f691d0aaa457d066f0d9c4e2c02acc5cfe6bdacd42180d839 patch-3.10.43.xz -7a25c79bd80b2157a88ba176b3a837151f5eeb25b2a6a841c8ab6ecb4cf9fb3d grsecurity-2.9.1-3.10.43-unofficial.patch +86086660ac02cb5d6dd4ace3593e5e185fd3c04a8de4bd5cf7adb70e28be8d8b patch-3.10.44.xz +7cd9a1b7dae8360d90a86dc60703609612ee3c070bb1592c7fcba1fc4d58362b grsecurity-2.9.1-3.10.44-unofficial.patch 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -182,8 +182,8 @@ fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use- 997d4c8a5a2b911047d26fe1bf8ee8d5cd3b7133e6abdc07b7deacd0b3eb2330 kernelconfig.x86 7845194551137fbc3b69a75249696bc843bb7fe7f4a4e6b0582c0ca0856caa64 kernelconfig.x86_64" sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz -e4449c1bb88fcd92aec56882ba21fed2da40b9512996a50916123043507e3223aed0586bc43f15b1c73af9d1e18183637136d2e26a0d60bafb4ead1786d8f0d9 patch-3.10.43.xz -0b5b5368b4dcf64502700c6b96af35694b0cfa86688dd944ad43edfe9630717a176f0b60b3b2e9b04ad6b5cc062363f7a36e55ccd92831194539e45fdb848017 grsecurity-2.9.1-3.10.43-unofficial.patch +0ff596c562c76be03cdac321307294925b2978e9f991e133bab54386cee8a9a2069300d3eec3a1512ed621e0acdaf89769e3f24c21e3954785a5655d425c9107 patch-3.10.44.xz +d0c65b05b4c6f846b5347e64a5eff857427b25aa5e17ec7c74659573fc547dbcf2a2b9868a0183b8b317a8d20bd443fbe3b4f8e9dba67b402c2f0dd161cbaefe grsecurity-2.9.1-3.10.44-unofficial.patch 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch diff --git a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.43-unofficial.patch b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.44-unofficial.patch index dadf7b7bb4..39c0e4ec66 100644 --- a/main/linux-virt-grsec/grsecurity-2.9.1-3.10.43-unofficial.patch +++ b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.44-unofficial.patch @@ -281,7 +281,7 @@ index 1311a48..f233324 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 9cf5138..b85cc95 100644 +index e55476c..36e2242 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -43535,7 +43535,7 @@ index 0b74189..818358f 100644 +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c -index c6f6246..60760a8 100644 +index c6f6246a4..60760a8 100644 --- a/drivers/mmc/host/sdhci-s3c.c +++ b/drivers/mmc/host/sdhci-s3c.c @@ -664,9 +664,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) @@ -52578,7 +52578,7 @@ index ebd06fd..41c850d 100644 kiocb->ki_nbytes = ret; return 0; diff --git a/fs/attr.c b/fs/attr.c -index 8dd5825..a90e189 100644 +index 66fa625..aeb65ff 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -57733,7 +57733,7 @@ index 4e5f332..3cb6350 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index 00d5fc3..98ce7d7 100644 +index 1b300a0..105e7c4 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -878,8 +878,8 @@ unsigned int get_next_ino(void) @@ -57873,10 +57873,10 @@ index 0274c95..3b9f6e5 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 1211ee5..0e8539c 100644 +index 6ac16a3..de9c550 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) +@@ -319,17 +319,34 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -57888,14 +57888,16 @@ index 1211ee5..0e8539c 100644 + if (S_ISDIR(inode->i_mode)) { /* DACs are overridable for directories */ -- if (inode_capable(inode, CAP_DAC_OVERRIDE)) +- if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) - return 0; if (!(mask & MAY_WRITE)) -- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) -+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) || -+ inode_capable(inode, CAP_DAC_READ_SEARCH)) +- if (capable_wrt_inode_uidgid(inode, ++ if (capable_wrt_inode_uidgid_nolog(inode, ++ CAP_DAC_OVERRIDE) || ++ capable_wrt_inode_uidgid(inode, + CAP_DAC_READ_SEARCH)) return 0; -+ if (inode_capable(inode, CAP_DAC_OVERRIDE)) ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) + return 0; return -EACCES; } @@ -57904,16 +57906,16 @@ index 1211ee5..0e8539c 100644 + */ + mask &= MAY_READ | MAY_WRITE | MAY_EXEC; + if (mask == MAY_READ) -+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) || -+ inode_capable(inode, CAP_DAC_READ_SEARCH)) ++ if (capable_wrt_inode_uidgid_nolog(inode, CAP_DAC_OVERRIDE) || ++ capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) + return 0; + + /* * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -337,14 +353,6 @@ int generic_permission(struct inode *inode, int mask) - if (inode_capable(inode, CAP_DAC_OVERRIDE)) +@@ -338,14 +355,6 @@ int generic_permission(struct inode *inode, int mask) + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; - /* @@ -57921,13 +57923,13 @@ index 1211ee5..0e8539c 100644 - */ - mask &= MAY_READ | MAY_WRITE | MAY_EXEC; - if (mask == MAY_READ) -- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) +- if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) - return 0; - return -EACCES; } -@@ -820,7 +828,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -821,7 +830,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -57936,7 +57938,7 @@ index 1211ee5..0e8539c 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -841,6 +849,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -842,6 +851,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -57949,7 +57951,7 @@ index 1211ee5..0e8539c 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1588,6 +1602,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1589,6 +1604,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -57958,7 +57960,7 @@ index 1211ee5..0e8539c 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1686,7 +1702,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1687,7 +1704,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -57967,7 +57969,7 @@ index 1211ee5..0e8539c 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1968,6 +1984,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1969,6 +1986,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -57976,7 +57978,7 @@ index 1211ee5..0e8539c 100644 put_link(nd, &link, cookie); } } -@@ -1975,6 +1993,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1976,6 +1995,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -57990,7 +57992,7 @@ index 1211ee5..0e8539c 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!can_lookup(nd->inode)) { path_put(&nd->path); -@@ -2002,8 +2027,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -2003,8 +2029,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -58007,7 +58009,7 @@ index 1211ee5..0e8539c 100644 return retval; } -@@ -2382,6 +2414,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2383,6 +2416,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -58021,7 +58023,7 @@ index 1211ee5..0e8539c 100644 return 0; } -@@ -2603,7 +2642,7 @@ looked_up: +@@ -2604,7 +2644,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -58030,7 +58032,7 @@ index 1211ee5..0e8539c 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2638,6 +2677,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2639,6 +2679,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -58048,7 +58050,7 @@ index 1211ee5..0e8539c 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2659,6 +2709,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2660,6 +2711,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -58057,7 +58059,7 @@ index 1211ee5..0e8539c 100644 } out_no_open: path->dentry = dentry; -@@ -2673,7 +2725,7 @@ out_dput: +@@ -2674,7 +2727,7 @@ out_dput: /* * Handle the last step of open() */ @@ -58066,7 +58068,7 @@ index 1211ee5..0e8539c 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2702,16 +2754,32 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2703,16 +2756,32 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; @@ -58099,7 +58101,7 @@ index 1211ee5..0e8539c 100644 audit_inode(name, dir, 0); goto finish_open; } -@@ -2760,7 +2828,7 @@ retry_lookup: +@@ -2761,7 +2830,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -58108,7 +58110,7 @@ index 1211ee5..0e8539c 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2784,11 +2852,28 @@ retry_lookup: +@@ -2785,11 +2854,28 @@ retry_lookup: goto finish_open_created; } @@ -58138,7 +58140,7 @@ index 1211ee5..0e8539c 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2829,6 +2914,11 @@ finish_lookup: +@@ -2830,6 +2916,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -58150,7 +58152,7 @@ index 1211ee5..0e8539c 100644 return 1; } -@@ -2838,7 +2928,6 @@ finish_lookup: +@@ -2839,7 +2930,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -58158,7 +58160,7 @@ index 1211ee5..0e8539c 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -2847,6 +2936,16 @@ finish_lookup: +@@ -2848,6 +2938,16 @@ finish_lookup: path_put(&save_parent); return error; } @@ -58175,7 +58177,7 @@ index 1211ee5..0e8539c 100644 error = -EISDIR; if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode)) goto out; -@@ -2945,7 +3044,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -2946,7 +3046,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -58184,7 +58186,7 @@ index 1211ee5..0e8539c 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -2963,7 +3062,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -2964,7 +3064,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -58193,7 +58195,7 @@ index 1211ee5..0e8539c 100644 put_link(nd, &link, cookie); } out: -@@ -3063,8 +3162,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3064,8 +3164,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -58207,7 +58209,7 @@ index 1211ee5..0e8539c 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3116,6 +3219,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3117,6 +3221,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -58228,7 +58230,7 @@ index 1211ee5..0e8539c 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3178,6 +3295,17 @@ retry: +@@ -3179,6 +3297,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -58246,7 +58248,7 @@ index 1211ee5..0e8539c 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3194,6 +3322,8 @@ retry: +@@ -3195,6 +3324,8 @@ retry: break; } out: @@ -58255,7 +58257,7 @@ index 1211ee5..0e8539c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3246,9 +3376,16 @@ retry: +@@ -3247,9 +3378,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -58272,7 +58274,7 @@ index 1211ee5..0e8539c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3329,6 +3466,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3330,6 +3468,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -58281,7 +58283,7 @@ index 1211ee5..0e8539c 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3361,10 +3500,21 @@ retry: +@@ -3362,10 +3502,21 @@ retry: error = -ENOENT; goto exit3; } @@ -58303,7 +58305,7 @@ index 1211ee5..0e8539c 100644 exit3: dput(dentry); exit2: -@@ -3430,6 +3580,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3431,6 +3582,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -58312,7 +58314,7 @@ index 1211ee5..0e8539c 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3456,10 +3608,22 @@ retry: +@@ -3457,10 +3610,22 @@ retry: if (!inode) goto slashes; ihold(inode); @@ -58335,7 +58337,7 @@ index 1211ee5..0e8539c 100644 exit2: dput(dentry); } -@@ -3537,9 +3701,17 @@ retry: +@@ -3538,9 +3703,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -58353,7 +58355,7 @@ index 1211ee5..0e8539c 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3613,6 +3785,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3614,6 +3787,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -58361,7 +58363,7 @@ index 1211ee5..0e8539c 100644 int how = 0; int error; -@@ -3636,7 +3809,7 @@ retry: +@@ -3637,7 +3811,7 @@ retry: if (error) return error; @@ -58370,7 +58372,7 @@ index 1211ee5..0e8539c 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3648,11 +3821,28 @@ retry: +@@ -3649,11 +3823,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -58399,7 +58401,7 @@ index 1211ee5..0e8539c 100644 done_path_create(&new_path, new_dentry); if (retry_estale(error, how)) { path_put(&old_path); -@@ -3899,12 +4089,21 @@ retry: +@@ -3900,12 +4091,21 @@ retry: if (new_dentry == trap) goto exit5; @@ -58421,7 +58423,7 @@ index 1211ee5..0e8539c 100644 exit5: dput(new_dentry); exit4: -@@ -3936,6 +4135,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3937,6 +4137,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -58430,7 +58432,7 @@ index 1211ee5..0e8539c 100644 int len; len = PTR_ERR(link); -@@ -3945,7 +4146,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3946,7 +4148,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -73103,16 +73105,16 @@ index 4c57065..4307975 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index d9a4f7f4..19f77d6 100644 +index 15f9092..d52b825 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -213,8 +213,13 @@ extern bool ns_capable(struct user_namespace *ns, int cap); extern bool nsown_capable(int cap); - extern bool inode_capable(const struct inode *inode, int cap); + extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); +extern bool capable_nolog(int cap); +extern bool ns_capable_nolog(struct user_namespace *ns, int cap); -+extern bool inode_capable_nolog(const struct inode *inode, int cap); ++extern bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap); /* audit system wants to get cap info from files as well */ extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); @@ -78594,7 +78596,7 @@ index 37a3bbd..55a4241 100644 extern int llc_sap_action_unitdata_ind(struct llc_sap *sap, struct sk_buff *skb); diff --git a/include/net/llc_s_st.h b/include/net/llc_s_st.h -index 567c681..cd73ac0 100644 +index 567c681..cd73ac02 100644 --- a/include/net/llc_s_st.h +++ b/include/net/llc_s_st.h @@ -20,7 +20,7 @@ struct llc_sap_state_trans { @@ -80281,10 +80283,10 @@ index 6bd4a90..0ee9eff 100644 f->val = 0; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 9845cb3..3ec9369 100644 +index 03a3af8..7139042 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -1962,7 +1962,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -1971,7 +1971,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -80293,7 +80295,7 @@ index 9845cb3..3ec9369 100644 /** * audit_set_loginuid - set current task's audit_context loginuid -@@ -1986,7 +1986,7 @@ int audit_set_loginuid(kuid_t loginuid) +@@ -1995,7 +1995,7 @@ int audit_set_loginuid(kuid_t loginuid) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ @@ -80303,7 +80305,7 @@ index 9845cb3..3ec9369 100644 struct audit_buffer *ab; diff --git a/kernel/capability.c b/kernel/capability.c -index f6c2ce5..982c0f9 100644 +index d52eecc..b59d93d 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -80387,17 +80389,19 @@ index f6c2ce5..982c0f9 100644 /** * nsown_capable - Check superior capability to one's own user_ns * @cap: The capability in question -@@ -464,3 +489,10 @@ bool inode_capable(const struct inode *inode, int cap) - - return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +@@ -460,3 +485,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) + return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) && + kgid_has_mapping(ns, inode->i_gid); } + -+bool inode_capable_nolog(const struct inode *inode, int cap) ++bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap) +{ + struct user_namespace *ns = current_user_ns(); + -+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); ++ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid) && ++ kgid_has_mapping(ns, inode->i_gid); +} ++EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c index d0def7f..ff3a63e 100644 --- a/kernel/cgroup.c @@ -111698,7 +111702,7 @@ index b0f164b..63c9f7d 100644 endif diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h -index 6789d78..4afd019e 100644 +index 6789d788..4afd019e 100644 --- a/tools/perf/util/include/asm/alternative-asm.h +++ b/tools/perf/util/include/asm/alternative-asm.h @@ -5,4 +5,7 @@ |