diff options
Diffstat (limited to 'sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch')
-rw-r--r-- | sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch | 90 |
1 files changed, 45 insertions, 45 deletions
diff --git a/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch b/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch index ce442fa8..a393911d 100644 --- a/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch +++ b/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch @@ -98,13 +98,13 @@ index 8af3771a3ebf..5ae781e17da6 100644 If set, provide RFC2861 behavior and time out the congestion window after an idle period. An idle period is defined at diff --git a/Makefile b/Makefile -index 9b64ebcf4531..6aef436ab64e 100644 +index 802520ad08cc..974fb55be147 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ VERSION = 5 PATCHLEVEL = 4 - SUBLEVEL = 122 + SUBLEVEL = 129 -EXTRAVERSION = +EXTRAVERSION = -hardened1 NAME = Kleptomaniac Octopus @@ -644,10 +644,10 @@ index 18e874b0441e..a010a4a5830e 100644 obj-$(CONFIG_USB) += usbcore.o diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 6c89d714adb6..4b32b4c8b529 100644 +index 3a2d9318604b..bfc6769f7bc6 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c -@@ -5014,6 +5014,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, +@@ -5016,6 +5016,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, goto done; return; } @@ -1047,7 +1047,7 @@ index 069aa2ebef90..cb9e3637a620 100644 const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); diff --git a/include/linux/mm.h b/include/linux/mm.h -index 5565d11f9542..0802188c8daa 100644 +index a7d626b4cad1..94f832e11bc5 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -664,7 +664,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) @@ -1362,10 +1362,10 @@ index b914959cd2c6..419154fee6a2 100644 #define TCP_RACK_LOSS_DETECTION 0x1 /* Use RACK to detect losses */ #define TCP_RACK_STATIC_REO_WND 0x2 /* Use static RACK reo wnd */ diff --git a/init/Kconfig b/init/Kconfig -index 4f9fd78e2200..1fc8302d56f2 100644 +index f23e90d9935f..26da03017b59 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -345,6 +345,7 @@ config USELIB +@@ -348,6 +348,7 @@ config USELIB config AUDIT bool "Auditing support" depends on NET @@ -1373,7 +1373,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for -@@ -1083,6 +1084,22 @@ config USER_NS +@@ -1086,6 +1087,22 @@ config USER_NS If unsure, say N. @@ -1396,7 +1396,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 config PID_NS bool "PID Namespaces" default y -@@ -1295,9 +1312,8 @@ menuconfig EXPERT +@@ -1298,9 +1315,8 @@ menuconfig EXPERT Only use this if you really know what you are doing. config UID16 @@ -1407,7 +1407,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 help This enables the legacy 16-bit UID syscall wrappers. -@@ -1326,14 +1342,13 @@ config SGETMASK_SYSCALL +@@ -1329,14 +1345,13 @@ config SGETMASK_SYSCALL If unsure, leave the default option here. config SYSFS_SYSCALL @@ -1424,7 +1424,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 config SYSCTL_SYSCALL bool "Sysctl syscall support" if EXPERT -@@ -1501,8 +1516,7 @@ config SHMEM +@@ -1504,8 +1519,7 @@ config SHMEM which may be appropriate on small systems without swap. config AIO @@ -1434,7 +1434,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 help This option enables POSIX asynchronous I/O which may by used by some high performance threaded applications. Disabling -@@ -1613,6 +1627,23 @@ config USERFAULTFD +@@ -1616,6 +1630,23 @@ config USERFAULTFD Enable the userfaultfd() system call that allows to intercept and handle page faults in userland. @@ -1458,7 +1458,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 config ARCH_HAS_MEMBARRIER_CALLBACKS bool -@@ -1725,7 +1756,7 @@ config VM_EVENT_COUNTERS +@@ -1728,7 +1759,7 @@ config VM_EVENT_COUNTERS config SLUB_DEBUG default y @@ -1467,7 +1467,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 depends on SLUB && SYSFS help SLUB has extensive debug support features. Disabling these can -@@ -1749,7 +1780,6 @@ config SLUB_MEMCG_SYSFS_ON +@@ -1752,7 +1783,6 @@ config SLUB_MEMCG_SYSFS_ON config COMPAT_BRK bool "Disable heap randomization" @@ -1475,7 +1475,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1796,7 +1826,6 @@ endchoice +@@ -1799,7 +1829,6 @@ endchoice config SLAB_MERGE_DEFAULT bool "Allow slab caches to be merged" @@ -1483,7 +1483,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 help For reduced kernel memory fragmentation, slab caches can be merged when they share the same size and other characteristics. -@@ -1809,9 +1838,9 @@ config SLAB_MERGE_DEFAULT +@@ -1812,9 +1841,9 @@ config SLAB_MERGE_DEFAULT command line. config SLAB_FREELIST_RANDOM @@ -1494,7 +1494,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644 help Randomizes the freelist order used on creating new pages. This security feature reduces the predictability of the kernel slab -@@ -1820,12 +1849,30 @@ config SLAB_FREELIST_RANDOM +@@ -1823,12 +1852,30 @@ config SLAB_FREELIST_RANDOM config SLAB_FREELIST_HARDENED bool "Harden slab freelist metadata" depends on SLUB @@ -1583,7 +1583,7 @@ index 1444f3954d75..8cc9dd7992f2 100644 /** diff --git a/kernel/events/core.c b/kernel/events/core.c -index ec1add9e7f3a..917f5f3da06a 100644 +index 2f848123cdae..b96b5f4b0b83 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -404,8 +404,13 @@ static cpumask_var_t perf_online_mask; @@ -1600,7 +1600,7 @@ index ec1add9e7f3a..917f5f3da06a 100644 /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -10926,6 +10931,9 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -10928,6 +10933,9 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -1677,7 +1677,7 @@ index 4dfa9dd47223..4263b6181c29 100644 rcu_core(); } diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 092aa5e47251..a2f1b57a2ad6 100644 +index d3f4113e87de..b2e48e6d6d70 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -9972,7 +9972,7 @@ int newidle_balance(struct rq *this_rq, struct rq_flags *rf) @@ -2338,7 +2338,7 @@ index b2b01694dc43..b531661095a2 100644 } diff --git a/mm/slab_common.c b/mm/slab_common.c -index e36dd36c7076..94cb3eed189c 100644 +index 636cd496417c..02a6876088fa 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -28,10 +28,10 @@ @@ -2364,10 +2364,10 @@ index e36dd36c7076..94cb3eed189c 100644 static int __init setup_slab_nomerge(char *str) { diff --git a/mm/slub.c b/mm/slub.c -index 52ded855b4ed..d7d59072b3ff 100644 +index ca7143fe25b5..eba3e48bd5fe 100644 --- a/mm/slub.c +++ b/mm/slub.c -@@ -125,6 +125,12 @@ static inline int kmem_cache_debug(struct kmem_cache *s) +@@ -126,6 +126,12 @@ static inline int kmem_cache_debug(struct kmem_cache *s) #endif } @@ -2380,7 +2380,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 void *fixup_red_left(struct kmem_cache *s, void *p) { if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) -@@ -309,6 +315,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) +@@ -310,6 +316,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); } @@ -2416,7 +2416,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 /* Loop over all objects in a slab */ #define for_each_object(__p, __s, __addr, __objects) \ for (__p = fixup_red_left(__s, __addr); \ -@@ -476,13 +511,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) +@@ -477,13 +512,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) * Debug settings: */ #if defined(CONFIG_SLUB_DEBUG_ON) @@ -2434,7 +2434,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 /* * slub is about to manipulate internal object metadata. This memory lies -@@ -560,6 +595,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, +@@ -561,6 +596,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, p = object + get_info_end(s); @@ -2444,7 +2444,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 return p + alloc; } -@@ -701,6 +739,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) +@@ -702,6 +740,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) off = get_info_end(s); @@ -2454,7 +2454,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 if (s->flags & SLAB_STORE_USER) off += 2 * sizeof(struct track); -@@ -826,6 +867,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) +@@ -827,6 +868,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) { unsigned long off = get_info_end(s); /* The end of info */ @@ -2464,7 +2464,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 if (s->flags & SLAB_STORE_USER) /* We also have user information there */ off += 2 * sizeof(struct track); -@@ -1470,6 +1514,8 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, +@@ -1471,6 +1515,8 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, object = next; next = get_freepointer(s, object); @@ -2473,7 +2473,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 if (slab_want_init_on_free(s)) { /* * Clear the object and the metadata, but don't touch -@@ -1480,8 +1526,12 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, +@@ -1481,8 +1527,12 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, : 0; memset((char *)object + s->inuse, 0, s->size - s->inuse - rsize); @@ -2487,7 +2487,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 /* If object's reuse doesn't have to be delayed */ if (!slab_free_hook(s, object)) { /* Move object to the new freelist */ -@@ -1489,6 +1539,17 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, +@@ -1490,6 +1540,17 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, *head = object; if (!*tail) *tail = object; @@ -2505,7 +2505,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 } } while (object != old_tail); -@@ -1502,8 +1563,9 @@ static void *setup_object(struct kmem_cache *s, struct page *page, +@@ -1503,8 +1564,9 @@ static void *setup_object(struct kmem_cache *s, struct page *page, void *object) { setup_object_debug(s, page, object); @@ -2516,7 +2516,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 kasan_unpoison_object_data(s, object); s->ctor(object); kasan_poison_object_data(s, object); -@@ -2797,8 +2859,28 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, +@@ -2798,8 +2860,28 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, maybe_wipe_obj_freeptr(s, object); @@ -2546,7 +2546,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 slab_post_alloc_hook(s, gfpflags, 1, &object); -@@ -3183,7 +3265,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, +@@ -3184,7 +3266,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, void **p) { struct kmem_cache_cpu *c; @@ -2555,7 +2555,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 /* memcg and kmem_cache debug support */ s = slab_pre_alloc_hook(s, flags); -@@ -3232,11 +3314,35 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, +@@ -3233,11 +3315,35 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, local_irq_enable(); /* Clear memory outside IRQ disabled fastpath loop */ @@ -2593,7 +2593,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 } /* memcg and kmem_cache debug support */ -@@ -3270,9 +3376,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); +@@ -3271,9 +3377,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); * and increases the number of allocations possible without having to * take the list_lock. */ @@ -2606,7 +2606,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3440,6 +3546,7 @@ static void early_kmem_cache_node_alloc(int node) +@@ -3441,6 +3547,7 @@ static void early_kmem_cache_node_alloc(int node) init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); init_tracking(kmem_cache_node, n); #endif @@ -2614,7 +2614,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 n = kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), GFP_KERNEL); page->freelist = get_freepointer(kmem_cache_node, n); -@@ -3605,6 +3712,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) +@@ -3608,6 +3715,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) size += sizeof(void *); } @@ -2624,7 +2624,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 #ifdef CONFIG_SLUB_DEBUG if (flags & SLAB_STORE_USER) /* -@@ -3677,6 +3787,10 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags) +@@ -3680,6 +3790,10 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags) #ifdef CONFIG_SLAB_FREELIST_HARDENED s->random = get_random_long(); #endif @@ -2635,7 +2635,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 if (!calculate_sizes(s, -1)) goto error; -@@ -3952,6 +4066,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, +@@ -3955,6 +4069,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, offset -= s->red_left_pad; } @@ -2644,7 +2644,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 /* Allow address range falling entirely within usercopy region. */ if (offset >= s->useroffset && offset - s->useroffset <= s->usersize && -@@ -3985,7 +4101,11 @@ size_t __ksize(const void *object) +@@ -3988,7 +4104,11 @@ size_t __ksize(const void *object) page = virt_to_head_page(object); if (unlikely(!PageSlab(page))) { @@ -2656,7 +2656,7 @@ index 52ded855b4ed..d7d59072b3ff 100644 return page_size(page); } -@@ -4830,7 +4950,7 @@ enum slab_stat_type { +@@ -4833,7 +4953,7 @@ enum slab_stat_type { #define SO_TOTAL (1 << SL_TOTAL) #ifdef CONFIG_MEMCG @@ -2700,10 +2700,10 @@ index ab358c64bbd3..afb474c171f7 100644 unsigned long arch_mmap_rnd(void) diff --git a/net/core/dev.c b/net/core/dev.c -index a30878346f54..52144816209a 100644 +index e226f266da9e..be4ff6ef2de3 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -4474,7 +4474,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -4475,7 +4475,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -2712,7 +2712,7 @@ index a30878346f54..52144816209a 100644 { struct softnet_data *sd = this_cpu_ptr(&softnet_data); -@@ -6351,7 +6351,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) +@@ -6370,7 +6370,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) return work; } |