Commit 971ff223 authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: upgrade to grsecurity-3.0-3.14.28-201501142323

and update the gre fix inner mac header in nbma tunnel xmit patch
parent 3a796f8c
......@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=0
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -17,11 +17,11 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
grsecurity-3.0-3.14.28-201501120819.patch
grsecurity-3.0-3.14.28-201501142323.patch
fix-memory-map-for-PIE-applications.patch
imx6q-no-unclocked-sleep.patch
gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch
net-v2-gre-fix-the-inner-mac-header-in-nbma-tunnel-xmit-path.patch
kernelconfig.x86
kernelconfig.x86_64
......@@ -167,28 +167,28 @@ dev() {
md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz
502a4ee34af04e9b9e375e254f7b9a8f patch-3.14.28.xz
14277edb3cc6b593f80bf0e62ba8ec70 grsecurity-3.0-3.14.28-201501120819.patch
ec66b87cfa54e5b5bc5b1a3f762d7441 grsecurity-3.0-3.14.28-201501142323.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
59a78a67677e25540028414bb5eb6330 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch
1ced4011e09c6e0a72101d65670f0b5c net-v2-gre-fix-the-inner-mac-header-in-nbma-tunnel-xmit-path.patch
870b91f0eb07294ba453ac61b052c0b6 kernelconfig.x86
38b50cd1a7670f886c5e9fe9f1f91496 kernelconfig.x86_64
6709c83fbbd38d40f31d39f0022d4ce9 kernelconfig.armhf"
sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz
e3c79a30ac959c84c329be5461da88a5c79c6463da30d376c27bb103aee79b51 patch-3.14.28.xz
487f4b17658ab037586e9106bca355ad35195d1e78e73ceb2cc7feb55c54ef46 grsecurity-3.0-3.14.28-201501120819.patch
55484132973b1c65a335a2f42cd87b59d45c7044fcaddae9698ce8e5c6d47373 grsecurity-3.0-3.14.28-201501142323.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
f04d0f6610398f3657ddb2e6926113c43ec331ae256704bca4de11f432881ec5 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch
2c8158a2a4042ac1bcbfa046eb1c7966de56d3797eee99d153d2b176dfff165c net-v2-gre-fix-the-inner-mac-header-in-nbma-tunnel-xmit-path.patch
bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78 kernelconfig.x86
d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x86_64
01a6c90cf0643f8727d120aede2267ca7303c4ebe548c5d19222d4387ceb98cc kernelconfig.armhf"
sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz
ae4dc86ff594f1a4c1a2a8786a1ad1293e539c8225ae202b87ad474c22dbe1906cd919566307a69ae48f2e3819d1024e6997adaff48a2184ac87ec61a38b6a34 patch-3.14.28.xz
633acca6d98d8a33ee34fcc5c4e51dffe30a682d39ad55bddcee196c15773dc410a59fa70691a73a638cfff7c74379b178952c69e30606435cc6dfae21775ef7 grsecurity-3.0-3.14.28-201501120819.patch
4e5d53f2a15011e51b538863cd9d36619bd6452151d99275b67f5942537b03f0e1d5cb06594e301ae3ee294461d891656023b793eeafcabcaec9e55a26bdfae2 grsecurity-3.0-3.14.28-201501142323.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
ddc32533bd519db5298895eb2da5eb95390999bd3f6d27b5eee38551387df4a43f537235d6a9be859ee1f433420f3afbf01e2c1e7ca0175b27460598c5c385f9 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch
ce0429ba660fa010252e09fc812680b8dafb7b6b213c8eabde89e289f3db536253b81841ec1a73de5408e5556dd5e99c3536dc48457750bfdf7845a3df2b9a79 net-v2-gre-fix-the-inner-mac-header-in-nbma-tunnel-xmit-path.patch
dde402be39f68955f9395f807631f1457e90cda76a80e0e198695c8f946cdba02a00fe12a59a77bf5e8b40f5ecb52efbe364449f3e58d8996f27e07b719ac6a4 kernelconfig.x86
f23749a1cd59c1de769141cef1a358ba3be0985abbfb2fdd065e033c5166f30728192fbf8805b150cf0b1b72a794990da2d9e6e511213cf00d2f0dc47ca61135 kernelconfig.x86_64
64e421a07bd42e83553338bfdbe16a68dbe94fdb3cb1b3658311f79e002345cc9c8edfcc807d4f989a64f8be4b3a48b4a0b7582ac860f5eacb9ff325a3d36fc5 kernelconfig.armhf"
......@@ -51781,7 +51781,7 @@ index 236ed66..dd9cd74 100644
goto err_busy;
}
diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
index 7a6d85e..4c55a18 100644
index 7a6d85e..1304fbe 100644
--- a/drivers/staging/line6/driver.c
+++ b/drivers/staging/line6/driver.c
@@ -458,7 +458,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
......@@ -51832,6 +51832,89 @@ index 7a6d85e..4c55a18 100644
/* receive the result: */
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
@@ -515,7 +522,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
{
struct usb_device *usbdev = line6->usbdev;
int ret;
- unsigned char status;
+ unsigned char *status;
ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
@@ -528,26 +535,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
return ret;
}
+ status = kmalloc(1, GFP_KERNEL);
+ if (status == NULL)
+ return -ENOMEM;
+
do {
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
0x67,
USB_TYPE_VENDOR | USB_RECIP_DEVICE |
USB_DIR_IN,
0x0012, 0x0000,
- &status, 1, LINE6_TIMEOUT * HZ);
+ status, 1, LINE6_TIMEOUT * HZ);
if (ret < 0) {
dev_err(line6->ifcdev,
"receiving status failed (error %d)\n", ret);
+ kfree(status);
return ret;
}
- } while (status == 0xff);
+ } while (*status == 0xff);
- if (status != 0) {
+ if (*status != 0) {
dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
+ kfree(status);
return -EINVAL;
}
+ kfree(status);
+
return 0;
}
diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
index af2e7e5..e558d65 100644
--- a/drivers/staging/line6/toneport.c
+++ b/drivers/staging/line6/toneport.c
@@ -11,6 +11,7 @@
*/
#include <linux/wait.h>
+#include <linux/slab.h>
#include <sound/control.h>
#include "audio.h"
@@ -304,14 +305,20 @@ static void toneport_destruct(struct usb_interface *interface)
*/
static void toneport_setup(struct usb_line6_toneport *toneport)
{
- int ticks;
+ int *ticks;
struct usb_line6 *line6 = &toneport->line6;
struct usb_device *usbdev = line6->usbdev;
u16 idProduct = le16_to_cpu(usbdev->descriptor.idProduct);
+ ticks = kmalloc(sizeof(int), GFP_KERNEL);
+ if (ticks == NULL)
+ return;
+
/* sync time on device with host: */
- ticks = (int)get_seconds();
- line6_write_data(line6, 0x80c6, &ticks, 4);
+ *ticks = (int)get_seconds();
+ line6_write_data(line6, 0x80c6, ticks, sizeof(int));
+
+ kfree(ticks);
/* enable device: */
toneport_send_cmd(usbdev, 0x0301, 0x0000);
diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
index 3f8020c..649fded 100644
--- a/drivers/staging/lustre/lnet/selftest/brw_test.c
......@@ -73265,10 +73348,10 @@ index 0000000..ca25605
+
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
index 0000000..a89b1f4
index 0000000..4c7e00a
--- /dev/null
+++ b/grsecurity/gracl_fs.c
@@ -0,0 +1,437 @@
@@ -0,0 +1,439 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/types.h>
......@@ -73701,7 +73784,9 @@ index 0000000..a89b1f4
+ if (unlikely(!gr_acl_is_enabled()))
+ return 0;
+
+ if (task != current && task->acl->mode & GR_PROTPROCFD)
+ if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
+ !(current->acl->mode & GR_POVERRIDE) &&
+ !(current->role->roletype & GR_ROLE_GOD))
+ return -EACCES;
+
+ return 0;
From a09d1e25a3f333dfb0034f2812750fdb0506ba5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 10 Dec 2014 08:57:23 +0200
Subject: [PATCH] gre: fix the inner mac header in nbma gre tunnels xmit path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The NBMA GRE tunnels temporarily push GRE header that contain the
per-packet NBMA destination on the skb via header ops early in xmit
path. It is the later pulled before the real GRE header is constructed.
The inner mac was thus set differently in nbma case. Fix this be
reordering the pull before calling offload handler to make sure
both tunnel types have inner mac header set same way.
Fixes: 14051f0452a2 ("gre: Use inner mac length when computing tunnel length"
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
net/ipv4/ip_gre.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 94213c8..afedb52 100644
index 94213c8..b40b90d 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -250,10 +250,6 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
......@@ -35,7 +13,15 @@ index 94213c8..afedb52 100644
if (dev->header_ops) {
/* Need space for new headers */
if (skb_cow_head(skb, dev->needed_headroom -
@@ -273,6 +269,10 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
@@ -266,6 +262,7 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
* to gre header.
*/
skb_pull(skb, tunnel->hlen + sizeof(struct iphdr));
+ skb_reset_mac_header(skb);
} else {
if (skb_cow_head(skb, dev->needed_headroom))
goto free_skb;
@@ -273,6 +270,10 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
tnl_params = &tunnel->parms.iph;
}
......@@ -46,7 +32,3 @@ index 94213c8..afedb52 100644
__gre_xmit(skb, dev, tnl_params, skb->protocol);
return NETDEV_TX_OK;
--
2.2.0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment