diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.6.9-201212061820.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.6.9-201212031851.patch) | 139 |
2 files changed, 130 insertions, 15 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index cff4e3f46..e695bc457 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.6.9 _kernver=3.6 -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-3.6.9-201212031851.patch + grsecurity-2.9.1-3.6.9-201212061820.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -140,7 +140,7 @@ dev() { md5sums="1a1760420eac802c541a20ab51a093d1 linux-3.6.tar.xz a7c656034599f90dcbc50895b69022aa patch-3.6.9.xz -f410ce5363d0681ba0d279eb3a5b1544 grsecurity-2.9.1-3.6.9-201212031851.patch +5a7ac3d736bda40cd459865a13263e7d grsecurity-2.9.1-3.6.9-201212061820.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 373db5888708938c6b1baed6da781fcb kernelconfig.x86 190788fb10e79abce9d570d5e87ec3b4 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212031851.patch b/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212061820.patch index b057325d0..0ef6fd60e 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212031851.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.6.9-201212061820.patch @@ -27019,7 +27019,7 @@ index fd41a92..9c33628 100644 /* parse all the mtimer info to a static mtimer array */ diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 218cdb1..fd55c08 100644 +index 218cdb1..c1178eb 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c @@ -132,7 +132,7 @@ static void do_fpu_end(void) @@ -27031,16 +27031,15 @@ index 218cdb1..fd55c08 100644 set_tss_desc(cpu, t); /* * This just modifies memory; should not be -@@ -142,7 +142,9 @@ static void fix_processor_context(void) +@@ -142,8 +142,6 @@ static void fix_processor_context(void) */ #ifdef CONFIG_X86_64 -+ pax_open_kernel(); - get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9; -+ pax_close_kernel(); - +- get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9; +- syscall_init(); /* This sets MSR_*STAR and related */ #endif + load_TR_desc(); /* This does ltr */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index cbca565..bae7133 100644 --- a/arch/x86/realmode/init.c @@ -28238,7 +28237,7 @@ index f9b983a..887b9d8 100644 return 0; } diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c -index 89b30f3..7964211 100644 +index 89b30f3..7964211d4 100644 --- a/drivers/atm/ambassador.c +++ b/drivers/atm/ambassador.c @@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) { @@ -63830,6 +63829,40 @@ index ff9a9f8..c715deb 100644 /* * Kernel text modification mutex, used for code patching. Users of this lock +diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h +index df08254..5f6c835 100644 +--- a/include/linux/mempolicy.h ++++ b/include/linux/mempolicy.h +@@ -137,16 +137,6 @@ static inline void mpol_cond_put(struct mempolicy *pol) + __mpol_put(pol); + } + +-extern struct mempolicy *__mpol_cond_copy(struct mempolicy *tompol, +- struct mempolicy *frompol); +-static inline struct mempolicy *mpol_cond_copy(struct mempolicy *tompol, +- struct mempolicy *frompol) +-{ +- if (!frompol) +- return frompol; +- return __mpol_cond_copy(tompol, frompol); +-} +- + extern struct mempolicy *__mpol_dup(struct mempolicy *pol); + static inline struct mempolicy *mpol_dup(struct mempolicy *pol) + { +@@ -270,12 +260,6 @@ static inline void mpol_cond_put(struct mempolicy *pol) + { + } + +-static inline struct mempolicy *mpol_cond_copy(struct mempolicy *to, +- struct mempolicy *from) +-{ +- return from; +-} +- + static inline void mpol_get(struct mempolicy *pol) + { + } diff --git a/include/linux/mfd/abx500.h b/include/linux/mfd/abx500.h index 1318ca6..7521340 100644 --- a/include/linux/mfd/abx500.h @@ -73239,7 +73272,7 @@ index 5736170..8e04800 100644 return 0; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 3d64b36..c6ab69c 100644 +index 3d64b36..5c2d5d3 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -655,6 +655,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -73318,6 +73351,35 @@ index 3d64b36..c6ab69c 100644 err = do_migrate_pages(mm, old, new, capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); +@@ -2035,28 +2069,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old) + return new; + } + +-/* +- * If *frompol needs [has] an extra ref, copy *frompol to *tompol , +- * eliminate the * MPOL_F_* flags that require conditional ref and +- * [NOTE!!!] drop the extra ref. Not safe to reference *frompol directly +- * after return. Use the returned value. +- * +- * Allows use of a mempolicy for, e.g., multiple allocations with a single +- * policy lookup, even if the policy needs/has extra ref on lookup. +- * shmem_readahead needs this. +- */ +-struct mempolicy *__mpol_cond_copy(struct mempolicy *tompol, +- struct mempolicy *frompol) +-{ +- if (!mpol_needs_cond_ref(frompol)) +- return frompol; +- +- *tompol = *frompol; +- tompol->flags &= ~MPOL_F_SHARED; /* copy doesn't need unref */ +- __mpol_put(frompol); +- return tompol; +-} +- + /* Slow path of a mempolicy comparison */ + bool __mpol_equal(struct mempolicy *a, struct mempolicy *b) + { diff --git a/mm/migrate.c b/mm/migrate.c index 77ed2d7..317d528 100644 --- a/mm/migrate.c @@ -75266,7 +75328,7 @@ index aa95e59..b681a63 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index 31e1506..dbf3647 100644 +index 31e1506..7b42549 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -75287,7 +75349,60 @@ index 31e1506..dbf3647 100644 struct shmem_xattr { struct list_head list; /* anchored by shmem_inode_info->xattr_list */ -@@ -2219,6 +2219,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +@@ -921,25 +921,29 @@ static struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo) + static struct page *shmem_swapin(swp_entry_t swap, gfp_t gfp, + struct shmem_inode_info *info, pgoff_t index) + { +- struct mempolicy mpol, *spol; + struct vm_area_struct pvma; +- +- spol = mpol_cond_copy(&mpol, +- mpol_shared_policy_lookup(&info->policy, index)); ++ struct page *page; + + /* Create a pseudo vma that just contains the policy */ + pvma.vm_start = 0; + /* Bias interleave by inode number to distribute better across nodes */ + pvma.vm_pgoff = index + info->vfs_inode.i_ino; + pvma.vm_ops = NULL; +- pvma.vm_policy = spol; +- return swapin_readahead(swap, gfp, &pvma, 0); ++ pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, index); ++ ++ page = swapin_readahead(swap, gfp, &pvma, 0); ++ ++ /* Drop reference taken by mpol_shared_policy_lookup() */ ++ mpol_cond_put(pvma.vm_policy); ++ ++ return page; + } + + static struct page *shmem_alloc_page(gfp_t gfp, + struct shmem_inode_info *info, pgoff_t index) + { + struct vm_area_struct pvma; ++ struct page *page; + + /* Create a pseudo vma that just contains the policy */ + pvma.vm_start = 0; +@@ -948,10 +952,12 @@ static struct page *shmem_alloc_page(gfp_t gfp, + pvma.vm_ops = NULL; + pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, index); + +- /* +- * alloc_page_vma() will drop the shared policy reference +- */ +- return alloc_page_vma(gfp, &pvma, 0); ++ page = alloc_page_vma(gfp, &pvma, 0); ++ ++ /* Drop reference taken by mpol_shared_policy_lookup() */ ++ mpol_cond_put(pvma.vm_policy); ++ ++ return page; + } + #else /* !CONFIG_NUMA */ + #ifdef CONFIG_TMPFS +@@ -2219,6 +2225,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -75299,7 +75414,7 @@ index 31e1506..dbf3647 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2272,6 +2277,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2272,6 +2283,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -75315,7 +75430,7 @@ index 31e1506..dbf3647 100644 if (size == 0) value = ""; /* empty EA, do not remove */ -@@ -2606,8 +2620,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2606,8 +2626,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ |