summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.6.9-201212061820.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.6.9-201212031851.patch)139
2 files changed, 130 insertions, 15 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index cff4e3f46..e695bc457 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.6.9
_kernver=3.6
-pkgrel=1
+pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.6.9-201212031851.patch
+ grsecurity-2.9.1-3.6.9-201212061820.patch
0004-arp-flush-arp-cache-on-device-change.patch
@@ -140,7 +140,7 @@ dev() {
md5sums="1a1760420eac802c541a20ab51a093d1 linux-3.6.tar.xz
a7c656034599f90dcbc50895b69022aa patch-3.6.9.xz
-f410ce5363d0681ba0d279eb3a5b1544 grsecurity-2.9.1-3.6.9-201212031851.patch
+5a7ac3d736bda40cd459865a13263e7d grsecurity-2.9.1-3.6.9-201212061820.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
373db5888708938c6b1baed6da781fcb kernelconfig.x86
190788fb10e79abce9d570d5e87ec3b4 kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212031851.patch b/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212061820.patch
index b057325d0..0ef6fd60e 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212031851.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212061820.patch
@@ -27019,7 +27019,7 @@ index fd41a92..9c33628 100644
/* parse all the mtimer info to a static mtimer array */
diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
-index 218cdb1..fd55c08 100644
+index 218cdb1..c1178eb 100644
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
@@ -132,7 +132,7 @@ static void do_fpu_end(void)
@@ -27031,16 +27031,15 @@ index 218cdb1..fd55c08 100644
set_tss_desc(cpu, t); /*
* This just modifies memory; should not be
-@@ -142,7 +142,9 @@ static void fix_processor_context(void)
+@@ -142,8 +142,6 @@ static void fix_processor_context(void)
*/
#ifdef CONFIG_X86_64
-+ pax_open_kernel();
- get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
-+ pax_close_kernel();
-
+- get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
+-
syscall_init(); /* This sets MSR_*STAR and related */
#endif
+ load_TR_desc(); /* This does ltr */
diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
index cbca565..bae7133 100644
--- a/arch/x86/realmode/init.c
@@ -28238,7 +28237,7 @@ index f9b983a..887b9d8 100644
return 0;
}
diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c
-index 89b30f3..7964211 100644
+index 89b30f3..7964211d4 100644
--- a/drivers/atm/ambassador.c
+++ b/drivers/atm/ambassador.c
@@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) {
@@ -63830,6 +63829,40 @@ index ff9a9f8..c715deb 100644
/*
* Kernel text modification mutex, used for code patching. Users of this lock
+diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
+index df08254..5f6c835 100644
+--- a/include/linux/mempolicy.h
++++ b/include/linux/mempolicy.h
+@@ -137,16 +137,6 @@ static inline void mpol_cond_put(struct mempolicy *pol)
+ __mpol_put(pol);
+ }
+
+-extern struct mempolicy *__mpol_cond_copy(struct mempolicy *tompol,
+- struct mempolicy *frompol);
+-static inline struct mempolicy *mpol_cond_copy(struct mempolicy *tompol,
+- struct mempolicy *frompol)
+-{
+- if (!frompol)
+- return frompol;
+- return __mpol_cond_copy(tompol, frompol);
+-}
+-
+ extern struct mempolicy *__mpol_dup(struct mempolicy *pol);
+ static inline struct mempolicy *mpol_dup(struct mempolicy *pol)
+ {
+@@ -270,12 +260,6 @@ static inline void mpol_cond_put(struct mempolicy *pol)
+ {
+ }
+
+-static inline struct mempolicy *mpol_cond_copy(struct mempolicy *to,
+- struct mempolicy *from)
+-{
+- return from;
+-}
+-
+ static inline void mpol_get(struct mempolicy *pol)
+ {
+ }
diff --git a/include/linux/mfd/abx500.h b/include/linux/mfd/abx500.h
index 1318ca6..7521340 100644
--- a/include/linux/mfd/abx500.h
@@ -73239,7 +73272,7 @@ index 5736170..8e04800 100644
return 0;
}
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 3d64b36..c6ab69c 100644
+index 3d64b36..5c2d5d3 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -655,6 +655,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -73318,6 +73351,35 @@ index 3d64b36..c6ab69c 100644
err = do_migrate_pages(mm, old, new,
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
+@@ -2035,28 +2069,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old)
+ return new;
+ }
+
+-/*
+- * If *frompol needs [has] an extra ref, copy *frompol to *tompol ,
+- * eliminate the * MPOL_F_* flags that require conditional ref and
+- * [NOTE!!!] drop the extra ref. Not safe to reference *frompol directly
+- * after return. Use the returned value.
+- *
+- * Allows use of a mempolicy for, e.g., multiple allocations with a single
+- * policy lookup, even if the policy needs/has extra ref on lookup.
+- * shmem_readahead needs this.
+- */
+-struct mempolicy *__mpol_cond_copy(struct mempolicy *tompol,
+- struct mempolicy *frompol)
+-{
+- if (!mpol_needs_cond_ref(frompol))
+- return frompol;
+-
+- *tompol = *frompol;
+- tompol->flags &= ~MPOL_F_SHARED; /* copy doesn't need unref */
+- __mpol_put(frompol);
+- return tompol;
+-}
+-
+ /* Slow path of a mempolicy comparison */
+ bool __mpol_equal(struct mempolicy *a, struct mempolicy *b)
+ {
diff --git a/mm/migrate.c b/mm/migrate.c
index 77ed2d7..317d528 100644
--- a/mm/migrate.c
@@ -75266,7 +75328,7 @@ index aa95e59..b681a63 100644
struct anon_vma_chain *avc;
struct anon_vma *anon_vma;
diff --git a/mm/shmem.c b/mm/shmem.c
-index 31e1506..dbf3647 100644
+index 31e1506..7b42549 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -31,7 +31,7 @@
@@ -75287,7 +75349,60 @@ index 31e1506..dbf3647 100644
struct shmem_xattr {
struct list_head list; /* anchored by shmem_inode_info->xattr_list */
-@@ -2219,6 +2219,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
+@@ -921,25 +921,29 @@ static struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo)
+ static struct page *shmem_swapin(swp_entry_t swap, gfp_t gfp,
+ struct shmem_inode_info *info, pgoff_t index)
+ {
+- struct mempolicy mpol, *spol;
+ struct vm_area_struct pvma;
+-
+- spol = mpol_cond_copy(&mpol,
+- mpol_shared_policy_lookup(&info->policy, index));
++ struct page *page;
+
+ /* Create a pseudo vma that just contains the policy */
+ pvma.vm_start = 0;
+ /* Bias interleave by inode number to distribute better across nodes */
+ pvma.vm_pgoff = index + info->vfs_inode.i_ino;
+ pvma.vm_ops = NULL;
+- pvma.vm_policy = spol;
+- return swapin_readahead(swap, gfp, &pvma, 0);
++ pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, index);
++
++ page = swapin_readahead(swap, gfp, &pvma, 0);
++
++ /* Drop reference taken by mpol_shared_policy_lookup() */
++ mpol_cond_put(pvma.vm_policy);
++
++ return page;
+ }
+
+ static struct page *shmem_alloc_page(gfp_t gfp,
+ struct shmem_inode_info *info, pgoff_t index)
+ {
+ struct vm_area_struct pvma;
++ struct page *page;
+
+ /* Create a pseudo vma that just contains the policy */
+ pvma.vm_start = 0;
+@@ -948,10 +952,12 @@ static struct page *shmem_alloc_page(gfp_t gfp,
+ pvma.vm_ops = NULL;
+ pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, index);
+
+- /*
+- * alloc_page_vma() will drop the shared policy reference
+- */
+- return alloc_page_vma(gfp, &pvma, 0);
++ page = alloc_page_vma(gfp, &pvma, 0);
++
++ /* Drop reference taken by mpol_shared_policy_lookup() */
++ mpol_cond_put(pvma.vm_policy);
++
++ return page;
+ }
+ #else /* !CONFIG_NUMA */
+ #ifdef CONFIG_TMPFS
+@@ -2219,6 +2225,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -75299,7 +75414,7 @@ index 31e1506..dbf3647 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -2272,6 +2277,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
+@@ -2272,6 +2283,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
if (err)
return err;
@@ -75315,7 +75430,7 @@ index 31e1506..dbf3647 100644
if (size == 0)
value = ""; /* empty EA, do not remove */
-@@ -2606,8 +2620,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
+@@ -2606,8 +2626,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */