diff options
| -rw-r--r-- | 3.12.8/0000_README (renamed from 3.12.7/0000_README) | 2 | ||||
| -rw-r--r-- | 3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch (renamed from 3.12.7/4420_grsecurity-3.0-3.12.7-201401131812.patch) | 263 | ||||
| -rw-r--r-- | 3.12.8/4425_grsec_remove_EI_PAX.patch (renamed from 3.12.7/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.12.7/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4430_grsec-remove-localversion-grsec.patch (renamed from 3.12.7/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4435_grsec-mute-warnings.patch (renamed from 3.12.7/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4440_grsec-remove-protected-paths.patch (renamed from 3.12.7/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4450_grsec-kconfig-default-gids.patch (renamed from 3.12.7/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.12.7/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4470_disable-compat_vdso.patch (renamed from 3.12.7/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.12.8/4475_emutramp_default_on.patch (renamed from 3.12.7/4475_emutramp_default_on.patch) | 0 |
11 files changed, 102 insertions, 163 deletions
diff --git a/3.12.7/0000_README b/3.12.8/0000_README index 6d218ae..9b6bc77 100644 --- a/3.12.7/0000_README +++ b/3.12.8/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.12.7-201401131812.patch +Patch: 4420_grsecurity-3.0-3.12.8-201401160931.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.12.7/4420_grsecurity-3.0-3.12.7-201401131812.patch b/3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch index ef22dd5..7bb3c7f 100644 --- a/3.12.7/4420_grsecurity-3.0-3.12.7-201401131812.patch +++ b/3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index b89a739..79768fb 100644 +index b89a739..903b673 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -61,7 +61,7 @@ index b89a739..79768fb 100644 asm-offsets.h asm_offsets.h autoconf.h* -@@ -92,19 +101,24 @@ bounds.h +@@ -92,32 +101,40 @@ bounds.h bsetup btfixupprep build @@ -86,7 +86,11 @@ index b89a739..79768fb 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -115,9 +129,11 @@ devlist.h* + crc32table.h* + cscope.* + defkeymap.c ++devicetable-offsets.h + devlist.h* dnotify_test docproc dslm @@ -98,7 +102,7 @@ index b89a739..79768fb 100644 fixdep flask.h fore200e_mkfirm -@@ -125,12 +141,15 @@ fore200e_pca_fw.c* +@@ -125,12 +142,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -114,7 +118,7 @@ index b89a739..79768fb 100644 hpet_example hugepage-mmap hugepage-shm -@@ -145,14 +164,14 @@ int32.c +@@ -145,14 +165,14 @@ int32.c int4.c int8.c kallsyms @@ -131,7 +135,7 @@ index b89a739..79768fb 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -162,14 +181,15 @@ mach-types.h +@@ -162,14 +182,15 @@ mach-types.h machtypes.h map map_hugetlb @@ -148,7 +152,7 @@ index b89a739..79768fb 100644 mkprep mkregtable mktables -@@ -185,6 +205,8 @@ oui.c* +@@ -185,6 +206,8 @@ oui.c* page-types parse.c parse.h @@ -157,7 +161,7 @@ index b89a739..79768fb 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -194,6 +216,7 @@ perf-archive +@@ -194,6 +217,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -165,7 +169,7 @@ index b89a739..79768fb 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -203,7 +226,10 @@ r200_reg_safe.h +@@ -203,7 +227,10 @@ r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h @@ -176,7 +180,7 @@ index b89a739..79768fb 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -213,8 +239,12 @@ series +@@ -213,8 +240,12 @@ series setup setup.bin setup.elf @@ -189,7 +193,7 @@ index b89a739..79768fb 100644 split-include syscalltab.h tables.c -@@ -224,6 +254,7 @@ tftpboot.img +@@ -224,6 +255,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -197,7 +201,7 @@ index b89a739..79768fb 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -235,13 +266,17 @@ vdso32.lds +@@ -235,13 +267,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -215,7 +219,7 @@ index b89a739..79768fb 100644 vmlinuz voffset.h vsyscall.lds -@@ -249,9 +284,12 @@ vsyscall_32.lds +@@ -249,9 +285,12 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -281,7 +285,7 @@ index 4f7c57c..a2dc685 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index c2f0b79..2e5e090 100644 +index 5d0ec13..d3dcef2 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -400,7 +404,13 @@ index c2f0b79..2e5e090 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -838,6 +900,7 @@ prepare0: archprepare FORCE +@@ -834,10 +896,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ + + archprepare: archheaders archscripts prepare1 scripts_basic + ++prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) + prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -408,7 +418,7 @@ index c2f0b79..2e5e090 100644 prepare: prepare0 # Generate some files -@@ -945,6 +1008,8 @@ all: modules +@@ -945,6 +1010,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -417,7 +427,7 @@ index c2f0b79..2e5e090 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -960,7 +1025,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -960,7 +1027,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -426,7 +436,7 @@ index c2f0b79..2e5e090 100644 # Target to install modules PHONY += modules_install -@@ -1026,7 +1091,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1026,7 +1093,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -435,7 +445,7 @@ index c2f0b79..2e5e090 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1066,6 +1131,7 @@ distclean: mrproper +@@ -1066,6 +1133,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -443,7 +453,7 @@ index c2f0b79..2e5e090 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1227,6 +1293,8 @@ PHONY += $(module-dirs) modules +@@ -1227,6 +1295,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -452,7 +462,7 @@ index c2f0b79..2e5e090 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1366,17 +1434,21 @@ else +@@ -1366,17 +1436,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -478,7 +488,7 @@ index c2f0b79..2e5e090 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1386,11 +1458,15 @@ endif +@@ -1386,11 +1460,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -3083,10 +3093,10 @@ index 72024ea..ae302dd 100644 void __init smp_set_ops(struct smp_operations *ops) { diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 65ed63f..430c478 100644 +index 1f735aa..08af6f7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c -@@ -55,7 +55,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); +@@ -61,7 +61,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame) { #ifdef CONFIG_KALLSYMS @@ -3095,7 +3105,7 @@ index 65ed63f..430c478 100644 #else printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from); #endif -@@ -257,6 +257,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; +@@ -263,6 +263,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; static int die_owner = -1; static unsigned int die_nest_count; @@ -3104,7 +3114,7 @@ index 65ed63f..430c478 100644 static unsigned long oops_begin(void) { int cpu; -@@ -299,6 +301,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) +@@ -305,6 +307,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -3114,7 +3124,7 @@ index 65ed63f..430c478 100644 if (signr) do_exit(signr); } -@@ -629,7 +634,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) +@@ -635,7 +640,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) * The user helper at 0xffff0fe0 must be used instead. * (see entry-armv.S for details) */ @@ -3124,7 +3134,7 @@ index 65ed63f..430c478 100644 } return 0; -@@ -886,7 +893,11 @@ void __init early_trap_init(void *vectors_base) +@@ -892,7 +899,11 @@ void __init early_trap_init(void *vectors_base) kuser_init(vectors_base); flush_icache_range(vectors, vectors + PAGE_SIZE * 2); @@ -15990,7 +16000,7 @@ index 77a99ac..39ff7f5 100644 #endif /* _ASM_X86_EMERGENCY_RESTART_H */ diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h -index 4d0bda7..221da4d 100644 +index 5be9f87..0320912 100644 --- a/arch/x86/include/asm/fpu-internal.h +++ b/arch/x86/include/asm/fpu-internal.h @@ -124,8 +124,11 @@ static inline void sanitize_i387_state(struct task_struct *tsk) @@ -16015,14 +16025,14 @@ index 4d0bda7..221da4d 100644 }) @@ -298,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) - "emms\n\t" /* clear stack tags */ - "fildl %P[addr]", /* set F?P to defined value */ - X86_FEATURE_FXSAVE_LEAK, -- [addr] "m" (tsk->thread.fpu.has_fpu)); -+ [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0)); + "fnclex\n\t" + "emms\n\t" + "fildl %P[addr]" /* set F?P to defined value */ +- : : [addr] "m" (tsk->thread.fpu.has_fpu)); ++ : : [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0)); + } return fpu_restore_checking(&tsk->thread.fpu); - } diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h index be27ba1..04a8801 100644 --- a/arch/x86/include/asm/futex.h @@ -24240,7 +24250,7 @@ index 22d0687..e07b2a5 100644 } diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c -index 4186755..784efa0 100644 +index 4186755..18d6a9e 100644 --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c @@ -39,7 +39,7 @@ static int check_stack_overflow(void) @@ -24310,7 +24320,7 @@ index 4186755..784efa0 100644 return 1; } -@@ -121,29 +125,14 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -121,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) */ void irq_ctx_init(int cpu) { @@ -24326,9 +24336,7 @@ index 4186755..784efa0 100644 - irqctx->tinfo.cpu = cpu; - irqctx->tinfo.preempt_count = HARDIRQ_OFFSET; - irqctx->tinfo.addr_limit = MAKE_MM_SEG(0); -+ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); -+ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); - +- - per_cpu(hardirq_ctx, cpu) = irqctx; - - irqctx = page_address(alloc_pages_node(cpu_to_node(cpu), @@ -24339,12 +24347,12 @@ index 4186755..784efa0 100644 - irqctx->tinfo.addr_limit = MAKE_MM_SEG(0); - - per_cpu(softirq_ctx, cpu) = irqctx; -+ printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", -+ cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); ++ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); ++ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -152,7 +141,6 @@ void irq_ctx_init(int cpu) +@@ -152,7 +138,6 @@ void irq_ctx_init(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -24352,7 +24360,7 @@ index 4186755..784efa0 100644 union irq_ctx *irqctx; u32 *isp; -@@ -162,15 +150,22 @@ asmlinkage void do_softirq(void) +@@ -162,15 +147,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); if (local_softirq_pending()) { @@ -24379,7 +24387,7 @@ index 4186755..784efa0 100644 /* * Shouldn't happen, we returned above if in_interrupt(): */ -@@ -191,7 +186,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs) +@@ -191,7 +183,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs) if (unlikely(!desc)) return false; @@ -44335,10 +44343,10 @@ index fb3f8dc..9d2ff38 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c -index 03acf57..e1251ff 100644 +index 3dd39dc..85efa46 100644 --- a/drivers/net/ethernet/sfc/ptp.c +++ b/drivers/net/ethernet/sfc/ptp.c -@@ -539,7 +539,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) +@@ -541,7 +541,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) ptp->start.dma_addr); /* Clear flag that signals MC ready */ @@ -44362,19 +44370,6 @@ index 50617c5..b13724c 100644 } /* To mask all all interrupts.*/ -diff --git a/drivers/net/hamradio/hdlcdrv.c b/drivers/net/hamradio/hdlcdrv.c -index 3169252..5d78c1d 100644 ---- a/drivers/net/hamradio/hdlcdrv.c -+++ b/drivers/net/hamradio/hdlcdrv.c -@@ -571,6 +571,8 @@ static int hdlcdrv_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) - case HDLCDRVCTL_CALIBRATE: - if(!capable(CAP_SYS_RAWIO)) - return -EPERM; -+ if (bi.data.calibrate > INT_MAX / s->par.bitrate) -+ return -EINVAL; - s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16; - return 0; - diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h index e6fe0d8..2b7d752 100644 --- a/drivers/net/hyperv/hyperv_net.h @@ -44460,10 +44455,10 @@ index 9bf46bd..bfdaa84 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index dc76670..e18f39c 100644 +index 5895e4d..0343d45 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1189,7 +1189,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1182,7 +1182,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -44533,10 +44528,10 @@ index 6327df2..e6e1ebe 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 782e38b..d076fdc 100644 +index 7c8343a..80d1e69 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1834,7 +1834,7 @@ unlock: +@@ -1838,7 +1838,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -44545,7 +44540,7 @@ index 782e38b..d076fdc 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1847,6 +1847,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1851,6 +1851,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned int ifindex; int ret; @@ -44669,7 +44664,7 @@ index a79e9d3..78cd4fa 100644 /* we will have to manufacture ethernet headers, prepare template */ diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 2ef5b62..6fa0ec3 100644 +index 1462368..578941c 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -2615,7 +2615,7 @@ nla_put_failure: @@ -47377,10 +47372,10 @@ index f379c7f..e8fc69c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 2634d69..fcf7a81 100644 +index dbc024b..6e3b837 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2940,7 +2940,7 @@ static int sd_probe(struct device *dev) +@@ -2943,7 +2943,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -77611,7 +77606,7 @@ index 8e47bc7..c70fd73 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/net.h b/include/linux/net.h -index 8bd9d92..08b1c20 100644 +index 41103f8..631edff 100644 --- a/include/linux/net.h +++ b/include/linux/net.h @@ -191,7 +191,7 @@ struct net_proto_family { @@ -77624,7 +77619,7 @@ index 8bd9d92..08b1c20 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 25f5d2d1..5cf2120 100644 +index 21eae43..4fff130 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1098,6 +1098,7 @@ struct net_device_ops { @@ -78610,7 +78605,7 @@ index 429c199..4d42e38 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index f66f346..2e304d5 100644 +index efa1649..ff898ac 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -639,7 +639,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -78649,7 +78644,7 @@ index f66f346..2e304d5 100644 } /** -@@ -1741,7 +1741,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1746,7 +1746,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -78658,7 +78653,7 @@ index f66f346..2e304d5 100644 #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2339,7 +2339,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, +@@ -2344,7 +2344,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); extern unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -78667,7 +78662,7 @@ index f66f346..2e304d5 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, -@@ -2618,6 +2618,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2623,6 +2623,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -85655,7 +85650,7 @@ index 4a07353..66b5291 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 5ac63c9..d912786 100644 +index ceae65e..3ac1344 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2868,7 +2868,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible); @@ -85827,7 +85822,7 @@ index 5ac63c9..d912786 100644 #else static void register_sched_domain_sysctl(void) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 7765ad8..774519f 100644 +index 4117323..91c91ac 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated) @@ -85839,7 +85834,7 @@ index 7765ad8..774519f 100644 p->mm->numa_scan_offset = 0; } -@@ -5847,7 +5847,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -5864,7 +5864,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -85849,7 +85844,7 @@ index 7765ad8..774519f 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h -index b3c5653..a4d192a 100644 +index a6208af..a2d7bb5 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -1004,7 +1004,7 @@ struct sched_class { @@ -93741,7 +93736,7 @@ index 7d84ea1..55385ae 100644 m->msg_iov = iov; diff --git a/net/core/neighbour.c b/net/core/neighbour.c -index 6072610..7374c18 100644 +index 11af243..7357d84 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -2774,7 +2774,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write, @@ -93825,10 +93820,10 @@ index 81d3a9a..a0bd7a8 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index fc75c9e..8c8e9be 100644 +index 0c1482c..f7ae314 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c -@@ -428,7 +428,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) +@@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) struct udphdr *udph; struct iphdr *iph; struct ethhdr *eth; @@ -93837,7 +93832,7 @@ index fc75c9e..8c8e9be 100644 struct ipv6hdr *ip6h; udp_len = len + sizeof(*udph); -@@ -499,7 +499,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) +@@ -506,7 +506,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) put_unaligned(0x45, (unsigned char *)iph); iph->tos = 0; put_unaligned(htons(ip_len), &(iph->tot_len)); @@ -93926,7 +93921,7 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index c28c7fe..a399a6d 100644 +index 743e6eb..a399a6d 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -3104,13 +3104,15 @@ void __init skb_init(void) @@ -93947,16 +93942,8 @@ index c28c7fe..a399a6d 100644 NULL); } -@@ -3541,6 +3543,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet) - skb->tstamp.tv64 = 0; - skb->pkt_type = PACKET_HOST; - skb->skb_iif = 0; -+ skb->local_df = 0; - skb_dst_drop(skb); - skb->mark = 0; - secpath_reset(skb); diff --git a/net/core/sock.c b/net/core/sock.c -index 0b39e7a..5e9f91e 100644 +index 5cec994..81aa1dd 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -94401,55 +94388,6 @@ index 6acb541..9ea617d 100644 EXPORT_SYMBOL(sysctl_local_reserved_ports); void inet_get_local_port_range(int *low, int *high) -diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c -index 5f64875..31cf54d 100644 ---- a/net/ipv4/inet_diag.c -+++ b/net/ipv4/inet_diag.c -@@ -106,6 +106,10 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, - - r->id.idiag_sport = inet->inet_sport; - r->id.idiag_dport = inet->inet_dport; -+ -+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); -+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); -+ - r->id.idiag_src[0] = inet->inet_rcv_saddr; - r->id.idiag_dst[0] = inet->inet_daddr; - -@@ -240,12 +244,19 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw, - - r->idiag_family = tw->tw_family; - r->idiag_retrans = 0; -+ - r->id.idiag_if = tw->tw_bound_dev_if; - sock_diag_save_cookie(tw, r->id.idiag_cookie); -+ - r->id.idiag_sport = tw->tw_sport; - r->id.idiag_dport = tw->tw_dport; -+ -+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); -+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); -+ - r->id.idiag_src[0] = tw->tw_rcv_saddr; - r->id.idiag_dst[0] = tw->tw_daddr; -+ - r->idiag_state = tw->tw_substate; - r->idiag_timer = 3; - r->idiag_expires = DIV_ROUND_UP(tmo * 1000, HZ); -@@ -732,8 +743,13 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk, - - r->id.idiag_sport = inet->inet_sport; - r->id.idiag_dport = ireq->rmt_port; -+ -+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); -+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); -+ - r->id.idiag_src[0] = ireq->loc_addr; - r->id.idiag_dst[0] = ireq->rmt_addr; -+ - r->idiag_expires = jiffies_to_msecs(tmo); - r->idiag_rqueue = 0; - r->idiag_wqueue = 0; diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 96da9c7..b956690 100644 --- a/net/ipv4/inet_hashtables.c @@ -94546,7 +94484,7 @@ index b66910a..cfe416e 100644 return -ENOMEM; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c -index d7aea4c..a8ee872 100644 +index e560ef3..218c5c5 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -115,7 +115,7 @@ static bool log_ecn_error = true; @@ -94558,7 +94496,7 @@ index d7aea4c..a8ee872 100644 static int ipgre_tunnel_init(struct net_device *dev); static int ipgre_net_id __read_mostly; -@@ -731,7 +731,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { +@@ -732,7 +732,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, }; @@ -94567,7 +94505,7 @@ index d7aea4c..a8ee872 100644 .kind = "gre", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, -@@ -745,7 +745,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { +@@ -746,7 +746,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { .fill_info = ipgre_fill_info, }; @@ -95294,7 +95232,7 @@ index 4b85e6f..22f9ac9 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 5e2c2f1..6473c22 100644 +index 6ca9907..a1e6c00 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -95929,10 +95867,10 @@ index 1aeb473..bea761c 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 77308af..36ed509 100644 +index 0accb13..f793130 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -3009,7 +3009,7 @@ struct ctl_table ipv6_route_table_template[] = { +@@ -3003,7 +3003,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -97128,10 +97066,10 @@ index 53c19a3..b0ac04a 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index ba2548b..1a4e98e 100644 +index 88cfbc1..05d73f5 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1699,7 +1699,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1720,7 +1720,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_packets++; @@ -97140,7 +97078,7 @@ index ba2548b..1a4e98e 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1708,7 +1708,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1729,7 +1729,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_drops++; @@ -97149,7 +97087,7 @@ index ba2548b..1a4e98e 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -3261,7 +3261,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3275,7 +3275,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -97158,7 +97096,7 @@ index ba2548b..1a4e98e 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3304,7 +3304,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3318,7 +3318,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -98456,10 +98394,10 @@ index d38bb45..4fd6ac6 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 01625cc..d486b64 100644 +index a427623..387c80b 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -784,6 +784,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -790,6 +790,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -98472,7 +98410,7 @@ index 01625cc..d486b64 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -804,6 +810,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -810,6 +816,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->path.dentry; @@ -98486,7 +98424,7 @@ index 01625cc..d486b64 100644 if (dentry) touch_atime(&unix_sk(u)->path); } else -@@ -837,12 +850,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) +@@ -843,12 +856,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) */ err = security_path_mknod(&path, dentry, mode, 0); if (!err) { @@ -98505,7 +98443,7 @@ index 01625cc..d486b64 100644 done_path_create(&path, dentry); return err; } -@@ -2328,9 +2347,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2336,9 +2355,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -98520,7 +98458,7 @@ index 01625cc..d486b64 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2357,8 +2380,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2365,8 +2388,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -101691,10 +101629,10 @@ index 0000000..414fe5e +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..ba59e50 +index 0000000..3e46b2f --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,558 @@ +@@ -0,0 +1,559 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011-2013 by PaX Team <pageexec@freemail.hu> @@ -101741,7 +101679,7 @@ index 0000000..ba59e50 +int plugin_is_GPL_compatible; + +static struct plugin_info const_plugin_info = { -+ .version = "201312032345", ++ .version = "201401121315", + .help = "no-constify\tturn off constification\n", +}; + @@ -101921,7 +101859,6 @@ index 0000000..ba59e50 + } + + if (TYPE_P(*node)) { -+ *no_add_attrs = false; + type = *node; + } else { + gcc_assert(TREE_CODE(*node) == TYPE_DECL); @@ -101941,6 +101878,8 @@ index 0000000..ba59e50 + if (TYPE_P(*node)) { + if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) + error("%qE attribute used on type %qT is incompatible with 'do_const'", name, type); ++ else ++ *no_add_attrs = false; + return NULL_TREE; + } + diff --git a/3.12.7/4425_grsec_remove_EI_PAX.patch b/3.12.8/4425_grsec_remove_EI_PAX.patch index cf65d90..cf65d90 100644 --- a/3.12.7/4425_grsec_remove_EI_PAX.patch +++ b/3.12.8/4425_grsec_remove_EI_PAX.patch diff --git a/3.12.7/4427_force_XATTR_PAX_tmpfs.patch b/3.12.8/4427_force_XATTR_PAX_tmpfs.patch index 23e60cd..23e60cd 100644 --- a/3.12.7/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.12.8/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.12.7/4430_grsec-remove-localversion-grsec.patch b/3.12.8/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.12.7/4430_grsec-remove-localversion-grsec.patch +++ b/3.12.8/4430_grsec-remove-localversion-grsec.patch diff --git a/3.12.7/4435_grsec-mute-warnings.patch b/3.12.8/4435_grsec-mute-warnings.patch index ed941d5..ed941d5 100644 --- a/3.12.7/4435_grsec-mute-warnings.patch +++ b/3.12.8/4435_grsec-mute-warnings.patch diff --git a/3.12.7/4440_grsec-remove-protected-paths.patch b/3.12.8/4440_grsec-remove-protected-paths.patch index 05710b1..05710b1 100644 --- a/3.12.7/4440_grsec-remove-protected-paths.patch +++ b/3.12.8/4440_grsec-remove-protected-paths.patch diff --git a/3.12.7/4450_grsec-kconfig-default-gids.patch b/3.12.8/4450_grsec-kconfig-default-gids.patch index cdd1703..cdd1703 100644 --- a/3.12.7/4450_grsec-kconfig-default-gids.patch +++ b/3.12.8/4450_grsec-kconfig-default-gids.patch diff --git a/3.12.7/4465_selinux-avc_audit-log-curr_ip.patch b/3.12.8/4465_selinux-avc_audit-log-curr_ip.patch index 04ec3fb..04ec3fb 100644 --- a/3.12.7/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.12.8/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.12.7/4470_disable-compat_vdso.patch b/3.12.8/4470_disable-compat_vdso.patch index 209dfae..209dfae 100644 --- a/3.12.7/4470_disable-compat_vdso.patch +++ b/3.12.8/4470_disable-compat_vdso.patch diff --git a/3.12.7/4475_emutramp_default_on.patch b/3.12.8/4475_emutramp_default_on.patch index cfde6f8..cfde6f8 100644 --- a/3.12.7/4475_emutramp_default_on.patch +++ b/3.12.8/4475_emutramp_default_on.patch |