main/linux-grsec: upgrade to 3.14.32

author: Timo Teräs <timo.teras@iki.fi> 2015-02-09 09:43:49 +0000
committer: Timo Teräs <timo.teras@iki.fi> 2015-02-09 09:43:49 +0000
commit: 99359ed67be6571c9ec8400dc5723bb244ab9928 (patch)
tree: 2e55ad23faa9e7063f2c69d245fca6f0c27b34c8 /main/linux-grsec
parent: 791f57c188c7b24928433e6ea0104de0273c8a1e (diff)
download: aports-99359ed67be6571c9ec8400dc5723bb244ab9928.tar.bz2
aports-99359ed67be6571c9ec8400dc5723bb244ab9928.tar.xz
2 files changed, 320 insertions, 40 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 10cc5636c..80f993d7d 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
 
 _flavor=grsec
 pkgname=linux-${_flavor}
-pkgver=3.14.31
+pkgver=3.14.32
 case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-	grsecurity-3.0-3.14.31-201502021853.patch
+	grsecurity-3.0-3.14.32-201502062101.patch
 
 	fix-memory-map-for-PIE-applications.patch
 	imx6q-no-unclocked-sleep.patch
@@ -165,24 +165,24 @@ dev() {
 }
 
 md5sums="b621207b3f6ecbb67db18b13258f8ea8  linux-3.14.tar.xz
-be2e0f3f1ebc124940571ca6130dc478  patch-3.14.31.xz
-228c15c924d4a1d9091a41bf9919ce36  grsecurity-3.0-3.14.31-201502021853.patch
+64519f60de7b12ef5bf2df4d323cee9c  patch-3.14.32.xz
+c2ba768d23f52cb8ee025ad92bd0375a  grsecurity-3.0-3.14.32-201502062101.patch
 c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
 1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
 870b91f0eb07294ba453ac61b052c0b6  kernelconfig.x86
 38b50cd1a7670f886c5e9fe9f1f91496  kernelconfig.x86_64
 6709c83fbbd38d40f31d39f0022d4ce9  kernelconfig.armhf"
 sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa  linux-3.14.tar.xz
-4eb7743905bad80c8502d88913cfb5424c1772dbe44af30da97ed4198b12e4a1  patch-3.14.31.xz
-8584450f656fe28e621eac2946f0f9cf20250a6a5c8a228f3e51989a449bd90a  grsecurity-3.0-3.14.31-201502021853.patch
+601ea355f71435b19421d7eabd7b92b2bb25bf5598f419ac548f46e416e162e9  patch-3.14.32.xz
+528dfd709203fb6ec09c2cf1ce79f3c29f5f2d4f5580cae1c20f663e4d1fd1e2  grsecurity-3.0-3.14.32-201502062101.patch
 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
 bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78  kernelconfig.x86
 d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6  kernelconfig.x86_64
 01a6c90cf0643f8727d120aede2267ca7303c4ebe548c5d19222d4387ceb98cc  kernelconfig.armhf"
 sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e  linux-3.14.tar.xz
-93db5af7a604ebc5012efa7864fb2583db8ff0ca985e0f4194d688808ced3c666ff5271a6a19cf1de8102834bd512370d613bd7d33e186c16069220cf54c16ad  patch-3.14.31.xz
-2cdd0a767e01b8ed05cae5409a956aae82cf16fde662552e5c77a13a106ad00b94cbae50a746b7da0d4b20ed4b2d918f4c0cd57f1740393afc45d47ac1f83755  grsecurity-3.0-3.14.31-201502021853.patch
+b5105f88d982fef656cae9e232457e24a49efc59717ff3511a0d08544beae88644a2a03644361f2f56e5d5e9dcdb8de51da12d8c3ccb8c4e2712abc391d608b9  patch-3.14.32.xz
+9a34575ae4a827bbd201eb679dc3554ac391ebf3c6cc1aadd2e40598d55396bee80df36a1739cb676689e35153ca0822e3f7cab5123ef8b19a8a1671f00fe134  grsecurity-3.0-3.14.32-201502062101.patch
 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
 dde402be39f68955f9395f807631f1457e90cda76a80e0e198695c8f946cdba02a00fe12a59a77bf5e8b40f5ecb52efbe364449f3e58d8996f27e07b719ac6a4  kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.31-201502021853.patch b/main/linux-grsec/grsecurity-3.0-3.14.32-201502062101.patch
index 7d0e977e5..65a470aea 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.31-201502021853.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.32-201502062101.patch
@@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index 5abf670..9b24a3b 100644
+index 00fffa3..1dc26b3 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3896,7 +3896,7 @@ index 7abde2c..9df495f 100644
  static bool of_init = false;
  
 diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c
-index 6eb97b3..ac509f6 100644
+index 6eb97b3..e77848e 100644
 --- a/arch/arm/mm/context.c
 +++ b/arch/arm/mm/context.c
 @@ -43,7 +43,7 @@
@@ -3908,7 +3908,40 @@ index 6eb97b3..ac509f6 100644
  static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS);
  
  static DEFINE_PER_CPU(atomic64_t, active_asids);
-@@ -182,7 +182,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -144,21 +144,17 @@ static void flush_context(unsigned int cpu)
+ 	/* Update the list of reserved ASIDs and the ASID bitmap. */
+ 	bitmap_clear(asid_map, 0, NUM_USER_ASIDS);
+ 	for_each_possible_cpu(i) {
+-		if (i == cpu) {
+-			asid = 0;
+-		} else {
+-			asid = atomic64_xchg(&per_cpu(active_asids, i), 0);
+-			/*
+-			 * If this CPU has already been through a
+-			 * rollover, but hasn't run another task in
+-			 * the meantime, we must preserve its reserved
+-			 * ASID, as this is the only trace we have of
+-			 * the process it is still running.
+-			 */
+-			if (asid == 0)
+-				asid = per_cpu(reserved_asids, i);
+-			__set_bit(asid & ~ASID_MASK, asid_map);
+-		}
++		asid = atomic64_xchg(&per_cpu(active_asids, i), 0);
++		/*
++		 * If this CPU has already been through a
++		 * rollover, but hasn't run another task in
++		 * the meantime, we must preserve its reserved
++		 * ASID, as this is the only trace we have of
++		 * the process it is still running.
++		 */
++		if (asid == 0)
++			asid = per_cpu(reserved_asids, i);
++		__set_bit(asid & ~ASID_MASK, asid_map);
+ 		per_cpu(reserved_asids, i) = asid;
+ 	}
+ 
+@@ -182,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
  {
  	static u32 cur_idx = 1;
  	u64 asid = atomic64_read(&mm->context.id);
@@ -3917,7 +3950,7 @@ index 6eb97b3..ac509f6 100644
  
  	if (asid != 0 && is_reserved_asid(asid)) {
  		/*
-@@ -203,7 +203,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
+@@ -203,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
  		 */
  		asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
  		if (asid == NUM_USER_ASIDS) {
@@ -3926,7 +3959,7 @@ index 6eb97b3..ac509f6 100644
  							 &asid_generation);
  			flush_context(cpu);
  			asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1);
-@@ -234,14 +234,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
+@@ -234,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
  	cpu_set_reserved_ttbr0();
  
  	asid = atomic64_read(&mm->context.id);
@@ -12602,7 +12635,7 @@ index 50f8c5e..4f84fff 100644
  	return diff;
  }
 diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index b5bb498..74110e8 100644
+index 67e9f5c..2af15db 100644
 --- a/arch/x86/boot/compressed/Makefile
 +++ b/arch/x86/boot/compressed/Makefile
 @@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
@@ -22121,7 +22154,7 @@ index f2a1770..10fa52d 100644
 +EXPORT_SYMBOL(pax_check_alloca);
 +#endif
 diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index 66e274a..99080e6 100644
+index 66e274a..81f4ebf 100644
 --- a/arch/x86/kernel/dumpstack_64.c
 +++ b/arch/x86/kernel/dumpstack_64.c
 @@ -118,9 +118,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
@@ -22185,7 +22218,13 @@ index 66e274a..99080e6 100644
  	put_cpu();
  }
  EXPORT_SYMBOL(dump_trace);
-@@ -299,3 +303,50 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -294,8 +298,55 @@ int is_valid_bugaddr(unsigned long ip)
+ {
+ 	unsigned short ud2;
+ 
+-	if (__copy_from_user(&ud2, (const void __user *) ip, sizeof(ud2)))
++	if (probe_kernel_address((unsigned short *)ip, ud2))
+ 		return 0;
  
  	return ud2 == 0x0b0f;
  }
@@ -44542,6 +44581,19 @@ index 4d9b195..455075c 100644
  				return -EFAULT;
  		} else {
  			memcpy(buf, dp, left);
+diff --git a/drivers/isdn/hardware/eicon/message.c b/drivers/isdn/hardware/eicon/message.c
+index a82e542..f766a79 100644
+--- a/drivers/isdn/hardware/eicon/message.c
++++ b/drivers/isdn/hardware/eicon/message.c
+@@ -1474,7 +1474,7 @@ static byte connect_res(dword Id, word Number, DIVA_CAPI_ADAPTER *a,
+ 					add_ai(plci, &parms[5]);
+ 					sig_req(plci, REJECT, 0);
+ 				}
+-				else if (Reject == 1 || Reject > 9)
++				else if (Reject == 1 || Reject >= 9)
+ 				{
+ 					add_ai(plci, &parms[5]);
+ 					sig_req(plci, HANGUP, 0);
 diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c
 index 9bb12ba..d4262f7 100644
 --- a/drivers/isdn/i4l/isdn_common.c
@@ -47957,6 +48009,19 @@ index 8be5b40..081bc1b 100644
  
  #include "ftmac100.h"
  
+diff --git a/drivers/net/ethernet/freescale/gianfar_ethtool.c b/drivers/net/ethernet/freescale/gianfar_ethtool.c
+index 63d2344..65b62c47 100644
+--- a/drivers/net/ethernet/freescale/gianfar_ethtool.c
++++ b/drivers/net/ethernet/freescale/gianfar_ethtool.c
+@@ -1614,7 +1614,7 @@ static int gfar_write_filer_table(struct gfar_private *priv,
+ 	lock_rx_qs(priv);
+ 
+ 	/* Fill regular entries */
+-	for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].ctrl);
++	for (; i < MAX_FILER_IDX - 1 && (tab->fe[i].ctrl | tab->fe[i].prop);
+ 	     i++)
+ 		gfar_write_filer(priv, i, tab->fe[i].ctrl, tab->fe[i].prop);
+ 	/* Fill the rest with fall-troughs */
 diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c
 index e33ec6c..f54cfe7 100644
 --- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c
@@ -50509,10 +50574,10 @@ index 84419af..268ede8 100644
  					&dev_attr_energy_uj.attr;
  	}
 diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
-index afca1bc..86840b8 100644
+index b798404..cd11618 100644
 --- a/drivers/regulator/core.c
 +++ b/drivers/regulator/core.c
-@@ -3366,7 +3366,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3368,7 +3368,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
  {
  	const struct regulation_constraints *constraints = NULL;
  	const struct regulator_init_data *init_data;
@@ -50521,7 +50586,7 @@ index afca1bc..86840b8 100644
  	struct regulator_dev *rdev;
  	struct device *dev;
  	int ret, i;
-@@ -3436,7 +3436,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3438,7 +3438,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
  	rdev->dev.of_node = config->of_node;
  	rdev->dev.parent = dev;
  	dev_set_name(&rdev->dev, "regulator.%d",
@@ -52558,7 +52623,7 @@ index 24884ca..26c8220 100644
  	login->tgt_agt = sbp_target_agent_register(login);
  	if (IS_ERR(login->tgt_agt)) {
 diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 38b4be2..c68af1c 100644
+index 26ae688..ca12181 100644
 --- a/drivers/target/target_core_device.c
 +++ b/drivers/target/target_core_device.c
 @@ -1526,7 +1526,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
@@ -59791,7 +59856,7 @@ index 10a4ccb..92dbc5e 100644
  		sb->s_bdi = &fsc->backing_dev_info;
  	return err;
 diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
-index f3ac415..3d2420c 100644
+index f3ac415..e26bd76 100644
 --- a/fs/cifs/cifs_debug.c
 +++ b/fs/cifs/cifs_debug.c
 @@ -286,8 +286,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
@@ -59834,6 +59899,20 @@ index f3ac415..3d2420c 100644
  				if (server->ops->print_stats)
  					server->ops->print_stats(m, tcon);
  			}
+@@ -615,9 +615,11 @@ cifs_security_flags_handle_must_flags(unsigned int *flags)
+ 		*flags = CIFSSEC_MUST_NTLMV2;
+ 	else if ((*flags & CIFSSEC_MUST_NTLM) == CIFSSEC_MUST_NTLM)
+ 		*flags = CIFSSEC_MUST_NTLM;
+-	else if ((*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN)
++	else if (CIFSSEC_MUST_LANMAN &&
++		 (*flags & CIFSSEC_MUST_LANMAN) == CIFSSEC_MUST_LANMAN)
+ 		*flags = CIFSSEC_MUST_LANMAN;
+-	else if ((*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT)
++	else if (CIFSSEC_MUST_PLNTXT &&
++		 (*flags & CIFSSEC_MUST_PLNTXT) == CIFSSEC_MUST_PLNTXT)
+ 		*flags = CIFSSEC_MUST_PLNTXT;
+ 
+ 	*flags |= signflags;
 diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
 index 7c6b73c..a8f0db2 100644
 --- a/fs/cifs/cifsfs.c
@@ -59952,10 +60031,37 @@ index 5d12d69..161d0ce 100644
  GLOBAL_EXTERN atomic_t smBufAllocCount;
  GLOBAL_EXTERN atomic_t midCount;
 diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index d375322..88c3ead 100644
+index d375322..2f1ac75 100644
 --- a/fs/cifs/file.c
 +++ b/fs/cifs/file.c
-@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping,
+@@ -366,6 +366,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
+ 	struct cifsLockInfo *li, *tmp;
+ 	struct cifs_fid fid;
+ 	struct cifs_pending_open open;
++	bool oplock_break_cancelled;
+ 
+ 	spin_lock(&cifs_file_list_lock);
+ 	if (--cifs_file->count > 0) {
+@@ -397,7 +398,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
+ 	}
+ 	spin_unlock(&cifs_file_list_lock);
+ 
+-	cancel_work_sync(&cifs_file->oplock_break);
++	oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break);
+ 
+ 	if (!tcon->need_reconnect && !cifs_file->invalidHandle) {
+ 		struct TCP_Server_Info *server = tcon->ses->server;
+@@ -409,6 +410,9 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file)
+ 		_free_xid(xid);
+ 	}
+ 
++	if (oplock_break_cancelled)
++		cifs_done_oplock_break(cifsi);
++
+ 	cifs_del_pending_open(&open);
+ 
+ 	/*
+@@ -1900,10 +1904,14 @@ static int cifs_writepages(struct address_space *mapping,
  		index = mapping->writeback_index; /* Start from prev offset */
  		end = -1;
  	} else {
@@ -60239,6 +60345,19 @@ index 3487929..47a6ebf2 100644
  	}
  
  	req->FileIndex = cpu_to_le32(index);
+diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
+index 43eb136..f17e718 100644
+--- a/fs/cifs/smbencrypt.c
++++ b/fs/cifs/smbencrypt.c
+@@ -220,7 +220,7 @@ E_md4hash(const unsigned char *passwd, unsigned char *p16,
+ 	}
+ 
+ 	rc = mdfour(p16, (unsigned char *) wpwd, len * sizeof(__le16));
+-	memset(wpwd, 0, 129 * sizeof(__le16));
++	memzero_explicit(wpwd, sizeof(wpwd));
+ 
+ 	return rc;
+ }
 diff --git a/fs/coda/cache.c b/fs/coda/cache.c
 index 1da168c..8bc7ff6 100644
 --- a/fs/coda/cache.c
@@ -95086,10 +95205,10 @@ index c9b6f01..37781d9 100644
  	.thread_should_run	= watchdog_should_run,
  	.thread_fn		= watchdog,
 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
-index b4defde..f092808 100644
+index f6f31d8..bbe30db 100644
 --- a/kernel/workqueue.c
 +++ b/kernel/workqueue.c
-@@ -4703,7 +4703,7 @@ static void rebind_workers(struct worker_pool *pool)
+@@ -4687,7 +4687,7 @@ static void rebind_workers(struct worker_pool *pool)
  		WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
  		worker_flags |= WORKER_REBOUND;
  		worker_flags &= ~WORKER_UNBOUND;
@@ -102032,7 +102151,7 @@ index a16ed7b..eb44d17 100644
  
  	return err;
 diff --git a/net/core/dev.c b/net/core/dev.c
-index 86bb9cc..8814d50 100644
+index 86bb9cc..a4f25f3 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
 @@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -102097,6 +102216,24 @@ index 86bb9cc..8814d50 100644
  {
  	struct softnet_data *sd = &__get_cpu_var(softnet_data);
  	unsigned long time_limit = jiffies + 2;
+@@ -5066,7 +5066,7 @@ void netdev_upper_dev_unlink(struct net_device *dev,
+ }
+ EXPORT_SYMBOL(netdev_upper_dev_unlink);
+ 
+-void netdev_adjacent_add_links(struct net_device *dev)
++static void netdev_adjacent_add_links(struct net_device *dev)
+ {
+ 	struct netdev_adjacent *iter;
+ 
+@@ -5091,7 +5091,7 @@ void netdev_adjacent_add_links(struct net_device *dev)
+ 	}
+ }
+ 
+-void netdev_adjacent_del_links(struct net_device *dev)
++static void netdev_adjacent_del_links(struct net_device *dev)
+ {
+ 	struct netdev_adjacent *iter;
+ 
 @@ -6376,7 +6376,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
  	} else {
  		netdev_stats_to_stats64(storage, &dev->stats);
@@ -102106,6 +102243,15 @@ index 86bb9cc..8814d50 100644
  	return storage;
  }
  EXPORT_SYMBOL(dev_get_stats);
+@@ -6392,7 +6392,7 @@ struct netdev_queue *dev_ingress_queue_create(struct net_device *dev)
+ 	if (!queue)
+ 		return NULL;
+ 	netdev_init_one_queue(dev, queue, NULL);
+-	queue->qdisc = &noop_qdisc;
++	RCU_INIT_POINTER(queue->qdisc, &noop_qdisc);
+ 	queue->qdisc_sleeping = &noop_qdisc;
+ 	rcu_assign_pointer(dev->ingress_queue, queue);
+ #endif
 diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
 index cf999e0..c59a9754 100644
 --- a/net/core/dev_ioctl.c
@@ -104265,7 +104411,7 @@ index e1a6393..f634ce5 100644
  	return -ENOMEM;
  }
 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 3f0ec06..5aad945 100644
+index 3f0ec06..230c2c5 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -170,7 +170,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
@@ -104338,7 +104484,29 @@ index 3f0ec06..5aad945 100644
  	for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
  		idx = 0;
  		head = &net->dev_index_head[h];
-@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4512,6 +4519,21 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
+ 	return 0;
+ }
+ 
++static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = {
++	[IFLA_INET6_TOKEN]		= { .len = sizeof(struct in6_addr) },
++};
++
++static int inet6_validate_link_af(const struct net_device *dev,
++				  const struct nlattr *nla)
++{
++	struct nlattr *tb[IFLA_INET6_MAX + 1];
++
++	if (dev && !__in6_dev_get(dev))
++		return -EAFNOSUPPORT;
++
++	return nla_parse_nested(tb, IFLA_INET6_MAX, nla, inet6_af_policy);
++}
++
+ static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
+ {
+ 	int err = -EINVAL;
+@@ -4741,11 +4763,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
  
  			rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
  					dev->ifindex, 1);
@@ -104352,7 +104520,7 @@ index 3f0ec06..5aad945 100644
  		}
  		dst_hold(&ifp->rt->dst);
  
-@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4753,7 +4772,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
  			dst_free(&ifp->rt->dst);
  		break;
  	}
@@ -104361,7 +104529,7 @@ index 3f0ec06..5aad945 100644
  	rt_genid_bump_ipv6(net);
  }
  
-@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -4774,7 +4793,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
  	int *valp = ctl->data;
  	int val = *valp;
  	loff_t pos = *ppos;
@@ -104370,7 +104538,7 @@ index 3f0ec06..5aad945 100644
  	int ret;
  
  	/*
-@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -4859,7 +4878,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
  	int *valp = ctl->data;
  	int val = *valp;
  	loff_t pos = *ppos;
@@ -104379,6 +104547,14 @@ index 3f0ec06..5aad945 100644
  	int ret;
  
  	/*
+@@ -5299,6 +5318,7 @@ static struct rtnl_af_ops inet6_ops = {
+ 	.family		  = AF_INET6,
+ 	.fill_link_af	  = inet6_fill_link_af,
+ 	.get_link_af_size = inet6_get_link_af_size,
++	.validate_link_af = inet6_validate_link_af,
+ 	.set_link_af	  = inet6_set_link_af,
+ };
+ 
 diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
 index d935889..2f64330 100644
 --- a/net/ipv6/af_inet6.c
@@ -104445,7 +104621,7 @@ index 7b32652..0bc348b 100644
  	table = kmemdup(ipv6_icmp_table_template,
  			sizeof(ipv6_icmp_table_template),
 diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index 4a230b1..a1d47b8 100644
+index 4a230b1..42d6ab42 100644
 --- a/net/ipv6/ip6_gre.c
 +++ b/net/ipv6/ip6_gre.c
 @@ -71,7 +71,7 @@ struct ip6gre_net {
@@ -104457,6 +104633,24 @@ index 4a230b1..a1d47b8 100644
  static int ip6gre_tunnel_init(struct net_device *dev);
  static void ip6gre_tunnel_setup(struct net_device *dev);
  static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
+@@ -413,7 +413,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ 		if (code == ICMPV6_HDR_FIELD)
+ 			teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data);
+ 
+-		if (teli && teli == info - 2) {
++		if (teli && teli == be32_to_cpu(info) - 2) {
+ 			tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
+ 			if (tel->encap_limit == 0) {
+ 				net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n",
+@@ -425,7 +425,7 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+ 		}
+ 		break;
+ 	case ICMPV6_PKT_TOOBIG:
+-		mtu = info - offset;
++		mtu = be32_to_cpu(info) - offset;
+ 		if (mtu < IPV6_MIN_MTU)
+ 			mtu = IPV6_MIN_MTU;
+ 		t->dev->mtu = mtu;
 @@ -1290,7 +1290,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
  }
  
@@ -105938,7 +106132,7 @@ index f042ae5..30ea486 100644
  }
  EXPORT_SYMBOL(nf_unregister_sockopt);
 diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
-index c68e5e0..8d52d50 100644
+index c68e5e0..3bed3f0 100644
 --- a/net/netfilter/nf_tables_api.c
 +++ b/net/netfilter/nf_tables_api.c
 @@ -152,8 +152,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi,
@@ -105952,6 +106146,18 @@ index c68e5e0..8d52d50 100644
  		nfnl_lock(NFNL_SUBSYS_NFTABLES);
  		type = __nf_tables_chain_type_lookup(afi->family, nla);
  		if (type != NULL)
+@@ -789,9 +789,11 @@ nf_tables_counters(struct nft_base_chain *chain, const struct nlattr *attr)
+ 	/* Restore old counters on this cpu, no problem. Per-cpu statistics
+ 	 * are not exposed to userspace.
+ 	 */
++	preempt_disable();
+ 	stats = this_cpu_ptr(newstats);
+ 	stats->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]));
+ 	stats->pkts = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]));
++	preempt_enable();
+ 
+ 	if (chain->stats) {
+ 		/* nfnl_lock is held, add some nfnl function for this, later */
 diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
 index 6ff12a1..d1815b6 100644
 --- a/net/netfilter/nfnetlink_log.c
@@ -106462,6 +106668,27 @@ index a82fb66..1ea9251 100644
  			continue;
  		}
  		list_del_init(&rm->m_conn_item);
+diff --git a/net/rds/sysctl.c b/net/rds/sysctl.c
+index b5cb2aa..35773ad 100644
+--- a/net/rds/sysctl.c
++++ b/net/rds/sysctl.c
+@@ -71,14 +71,14 @@ static struct ctl_table rds_sysctl_rds_table[] = {
+ 	{
+ 		.procname	= "max_unacked_packets",
+ 		.data		= &rds_sysctl_max_unacked_packets,
+-		.maxlen         = sizeof(unsigned long),
++		.maxlen         = sizeof(int),
+ 		.mode           = 0644,
+ 		.proc_handler   = proc_dointvec,
+ 	},
+ 	{
+ 		.procname	= "max_unacked_bytes",
+ 		.data		= &rds_sysctl_max_unacked_bytes,
+-		.maxlen         = sizeof(unsigned long),
++		.maxlen         = sizeof(int),
+ 		.mode           = 0644,
+ 		.proc_handler   = proc_dointvec,
+ 	},
 diff --git a/net/rds/tcp.c b/net/rds/tcp.c
 index edac9ef..16bcb98 100644
 --- a/net/rds/tcp.c
@@ -106748,6 +106975,31 @@ index f226709..0e735a8 100644
  	_proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
  
  	ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
+diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
+index bdbdb1a..1afc85f 100644
+--- a/net/sched/cls_api.c
++++ b/net/sched/cls_api.c
+@@ -555,8 +555,9 @@ void tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst,
+ }
+ EXPORT_SYMBOL(tcf_exts_change);
+ 
+-#define tcf_exts_first_act(ext) \
+-		list_first_entry(&(exts)->actions, struct tc_action, list)
++#define tcf_exts_first_act(ext)					\
++	list_first_entry_or_null(&(exts)->actions,		\
++				 struct tc_action, list)
+ 
+ int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts)
+ {
+@@ -597,7 +598,7 @@ int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts)
+ {
+ #ifdef CONFIG_NET_CLS_ACT
+ 	struct tc_action *a = tcf_exts_first_act(exts);
+-	if (tcf_action_copy_stats(skb, a, 1) < 0)
++	if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0)
+ 		return -1;
+ #endif
+ 	return 0;
 diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c
 index 8e3cf49..4a8e322 100644
 --- a/net/sched/cls_bpf.c
@@ -106888,10 +107140,38 @@ index fef2acd..c705c4f 100644
  	sctp_generate_t1_cookie_event,
  	sctp_generate_t1_init_event,
 diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 604a6ac..f87f0a3 100644
+index 604a6ac..990354d 100644
 --- a/net/sctp/socket.c
 +++ b/net/sctp/socket.c
-@@ -2175,11 +2175,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
+@@ -1605,6 +1605,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ 	sctp_scope_t scope;
+ 	long timeo;
+ 	__u16 sinfo_flags = 0;
++	bool wait_connect = false;
+ 	struct sctp_datamsg *datamsg;
+ 	int msg_flags = msg->msg_flags;
+ 
+@@ -1924,6 +1925,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ 		if (err < 0)
+ 			goto out_free;
+ 
++		wait_connect = true;
+ 		pr_debug("%s: we associated primitively\n", __func__);
+ 	}
+ 
+@@ -1961,6 +1963,11 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk,
+ 	sctp_datamsg_put(datamsg);
+ 	err = msg_len;
+ 
++	if (unlikely(wait_connect)) {
++		timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT);
++		sctp_wait_for_connect(asoc, &timeo);
++	}
++
+ 	/* If we are already past ASSOCIATE, the lower
+ 	 * layers are responsible for association cleanup.
+ 	 */
+@@ -2175,11 +2182,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
  {
  	struct sctp_association *asoc;
  	struct sctp_ulpevent *event;
@@ -106906,7 +107186,7 @@ index 604a6ac..f87f0a3 100644
  
  	/*
  	 * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
-@@ -4259,13 +4261,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
+@@ -4259,13 +4268,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
  static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
  				  int __user *optlen)
  {
@@ -106924,7 +107204,7 @@ index 604a6ac..f87f0a3 100644
  		return -EFAULT;
  	return 0;
  }
-@@ -4283,6 +4288,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
+@@ -4283,6 +4295,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
   */
  static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
  {
@@ -106933,7 +107213,7 @@ index 604a6ac..f87f0a3 100644
  	/* Applicable to UDP-style socket only */
  	if (sctp_style(sk, TCP))
  		return -EOPNOTSUPP;
-@@ -4291,7 +4298,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
+@@ -4291,7 +4305,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
  	len = sizeof(int);
  	if (put_user(len, optlen))
  		return -EFAULT;
@@ -106943,7 +107223,7 @@ index 604a6ac..f87f0a3 100644
  		return -EFAULT;
  	return 0;
  }
-@@ -4666,12 +4674,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
+@@ -4666,12 +4681,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
   */
  static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
  {
@@ -106960,7 +107240,7 @@ index 604a6ac..f87f0a3 100644
  		return -EFAULT;
  	return 0;
  }
-@@ -4712,6 +4723,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4712,6 +4730,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
  		addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
  		if (space_left < addrlen)
  			return -ENOMEM;
author	Timo Teräs <timo.teras@iki.fi>	2015-02-09 09:43:49 +0000
committer	Timo Teräs <timo.teras@iki.fi>	2015-02-09 09:43:49 +0000
commit	99359ed67be6571c9ec8400dc5723bb244ab9928 (patch)
tree	2e55ad23faa9e7063f2c69d245fca6f0c27b34c8 /main/linux-grsec
parent	791f57c188c7b24928433e6ea0104de0273c8a1e (diff)
download	aports-99359ed67be6571c9ec8400dc5723bb244ab9928.tar.bz2 aports-99359ed67be6571c9ec8400dc5723bb244ab9928.tar.xz