summaryrefslogtreecommitdiff
path: root/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch')
-rw-r--r--sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch90
1 files changed, 45 insertions, 45 deletions
diff --git a/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch b/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch
index ce442fa8..a393911d 100644
--- a/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch
+++ b/sys-kernel/linux-image-redcore-lts-legacy/files/5.4-linux-hardened.patch
@@ -98,13 +98,13 @@ index 8af3771a3ebf..5ae781e17da6 100644
If set, provide RFC2861 behavior and time out the congestion
window after an idle period. An idle period is defined at
diff --git a/Makefile b/Makefile
-index 9b64ebcf4531..6aef436ab64e 100644
+index 802520ad08cc..974fb55be147 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@
VERSION = 5
PATCHLEVEL = 4
- SUBLEVEL = 122
+ SUBLEVEL = 129
-EXTRAVERSION =
+EXTRAVERSION = -hardened1
NAME = Kleptomaniac Octopus
@@ -644,10 +644,10 @@ index 18e874b0441e..a010a4a5830e 100644
obj-$(CONFIG_USB) += usbcore.o
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 6c89d714adb6..4b32b4c8b529 100644
+index 3a2d9318604b..bfc6769f7bc6 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
-@@ -5014,6 +5014,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
+@@ -5016,6 +5016,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
goto done;
return;
}
@@ -1047,7 +1047,7 @@ index 069aa2ebef90..cb9e3637a620 100644
const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent);
const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj);
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 5565d11f9542..0802188c8daa 100644
+index a7d626b4cad1..94f832e11bc5 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -664,7 +664,7 @@ static inline int is_vmalloc_or_module_addr(const void *x)
@@ -1362,10 +1362,10 @@ index b914959cd2c6..419154fee6a2 100644
#define TCP_RACK_LOSS_DETECTION 0x1 /* Use RACK to detect losses */
#define TCP_RACK_STATIC_REO_WND 0x2 /* Use static RACK reo wnd */
diff --git a/init/Kconfig b/init/Kconfig
-index 4f9fd78e2200..1fc8302d56f2 100644
+index f23e90d9935f..26da03017b59 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -345,6 +345,7 @@ config USELIB
+@@ -348,6 +348,7 @@ config USELIB
config AUDIT
bool "Auditing support"
depends on NET
@@ -1373,7 +1373,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
help
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
-@@ -1083,6 +1084,22 @@ config USER_NS
+@@ -1086,6 +1087,22 @@ config USER_NS
If unsure, say N.
@@ -1396,7 +1396,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
config PID_NS
bool "PID Namespaces"
default y
-@@ -1295,9 +1312,8 @@ menuconfig EXPERT
+@@ -1298,9 +1315,8 @@ menuconfig EXPERT
Only use this if you really know what you are doing.
config UID16
@@ -1407,7 +1407,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
help
This enables the legacy 16-bit UID syscall wrappers.
-@@ -1326,14 +1342,13 @@ config SGETMASK_SYSCALL
+@@ -1329,14 +1345,13 @@ config SGETMASK_SYSCALL
If unsure, leave the default option here.
config SYSFS_SYSCALL
@@ -1424,7 +1424,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
config SYSCTL_SYSCALL
bool "Sysctl syscall support" if EXPERT
-@@ -1501,8 +1516,7 @@ config SHMEM
+@@ -1504,8 +1519,7 @@ config SHMEM
which may be appropriate on small systems without swap.
config AIO
@@ -1434,7 +1434,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
help
This option enables POSIX asynchronous I/O which may by used
by some high performance threaded applications. Disabling
-@@ -1613,6 +1627,23 @@ config USERFAULTFD
+@@ -1616,6 +1630,23 @@ config USERFAULTFD
Enable the userfaultfd() system call that allows to intercept and
handle page faults in userland.
@@ -1458,7 +1458,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
config ARCH_HAS_MEMBARRIER_CALLBACKS
bool
-@@ -1725,7 +1756,7 @@ config VM_EVENT_COUNTERS
+@@ -1728,7 +1759,7 @@ config VM_EVENT_COUNTERS
config SLUB_DEBUG
default y
@@ -1467,7 +1467,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
depends on SLUB && SYSFS
help
SLUB has extensive debug support features. Disabling these can
-@@ -1749,7 +1780,6 @@ config SLUB_MEMCG_SYSFS_ON
+@@ -1752,7 +1783,6 @@ config SLUB_MEMCG_SYSFS_ON
config COMPAT_BRK
bool "Disable heap randomization"
@@ -1475,7 +1475,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
help
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
-@@ -1796,7 +1826,6 @@ endchoice
+@@ -1799,7 +1829,6 @@ endchoice
config SLAB_MERGE_DEFAULT
bool "Allow slab caches to be merged"
@@ -1483,7 +1483,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
help
For reduced kernel memory fragmentation, slab caches can be
merged when they share the same size and other characteristics.
-@@ -1809,9 +1838,9 @@ config SLAB_MERGE_DEFAULT
+@@ -1812,9 +1841,9 @@ config SLAB_MERGE_DEFAULT
command line.
config SLAB_FREELIST_RANDOM
@@ -1494,7 +1494,7 @@ index 4f9fd78e2200..1fc8302d56f2 100644
help
Randomizes the freelist order used on creating new pages. This
security feature reduces the predictability of the kernel slab
-@@ -1820,12 +1849,30 @@ config SLAB_FREELIST_RANDOM
+@@ -1823,12 +1852,30 @@ config SLAB_FREELIST_RANDOM
config SLAB_FREELIST_HARDENED
bool "Harden slab freelist metadata"
depends on SLUB
@@ -1583,7 +1583,7 @@ index 1444f3954d75..8cc9dd7992f2 100644
/**
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index ec1add9e7f3a..917f5f3da06a 100644
+index 2f848123cdae..b96b5f4b0b83 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -404,8 +404,13 @@ static cpumask_var_t perf_online_mask;
@@ -1600,7 +1600,7 @@ index ec1add9e7f3a..917f5f3da06a 100644
/* Minimum for 512 kiB + 1 user control page */
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -10926,6 +10931,9 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -10928,6 +10933,9 @@ SYSCALL_DEFINE5(perf_event_open,
if (flags & ~PERF_FLAG_ALL)
return -EINVAL;
@@ -1677,7 +1677,7 @@ index 4dfa9dd47223..4263b6181c29 100644
rcu_core();
}
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 092aa5e47251..a2f1b57a2ad6 100644
+index d3f4113e87de..b2e48e6d6d70 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -9972,7 +9972,7 @@ int newidle_balance(struct rq *this_rq, struct rq_flags *rf)
@@ -2338,7 +2338,7 @@ index b2b01694dc43..b531661095a2 100644
}
diff --git a/mm/slab_common.c b/mm/slab_common.c
-index e36dd36c7076..94cb3eed189c 100644
+index 636cd496417c..02a6876088fa 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -28,10 +28,10 @@
@@ -2364,10 +2364,10 @@ index e36dd36c7076..94cb3eed189c 100644
static int __init setup_slab_nomerge(char *str)
{
diff --git a/mm/slub.c b/mm/slub.c
-index 52ded855b4ed..d7d59072b3ff 100644
+index ca7143fe25b5..eba3e48bd5fe 100644
--- a/mm/slub.c
+++ b/mm/slub.c
-@@ -125,6 +125,12 @@ static inline int kmem_cache_debug(struct kmem_cache *s)
+@@ -126,6 +126,12 @@ static inline int kmem_cache_debug(struct kmem_cache *s)
#endif
}
@@ -2380,7 +2380,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
void *fixup_red_left(struct kmem_cache *s, void *p)
{
if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE)
-@@ -309,6 +315,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
+@@ -310,6 +316,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
*(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr);
}
@@ -2416,7 +2416,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
/* Loop over all objects in a slab */
#define for_each_object(__p, __s, __addr, __objects) \
for (__p = fixup_red_left(__s, __addr); \
-@@ -476,13 +511,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p)
+@@ -477,13 +512,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p)
* Debug settings:
*/
#if defined(CONFIG_SLUB_DEBUG_ON)
@@ -2434,7 +2434,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
/*
* slub is about to manipulate internal object metadata. This memory lies
-@@ -560,6 +595,9 @@ static struct track *get_track(struct kmem_cache *s, void *object,
+@@ -561,6 +596,9 @@ static struct track *get_track(struct kmem_cache *s, void *object,
p = object + get_info_end(s);
@@ -2444,7 +2444,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
return p + alloc;
}
-@@ -701,6 +739,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
+@@ -702,6 +740,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
off = get_info_end(s);
@@ -2454,7 +2454,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
if (s->flags & SLAB_STORE_USER)
off += 2 * sizeof(struct track);
-@@ -826,6 +867,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
+@@ -827,6 +868,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
{
unsigned long off = get_info_end(s); /* The end of info */
@@ -2464,7 +2464,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
if (s->flags & SLAB_STORE_USER)
/* We also have user information there */
off += 2 * sizeof(struct track);
-@@ -1470,6 +1514,8 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
+@@ -1471,6 +1515,8 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
object = next;
next = get_freepointer(s, object);
@@ -2473,7 +2473,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
if (slab_want_init_on_free(s)) {
/*
* Clear the object and the metadata, but don't touch
-@@ -1480,8 +1526,12 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
+@@ -1481,8 +1527,12 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
: 0;
memset((char *)object + s->inuse, 0,
s->size - s->inuse - rsize);
@@ -2487,7 +2487,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
/* If object's reuse doesn't have to be delayed */
if (!slab_free_hook(s, object)) {
/* Move object to the new freelist */
-@@ -1489,6 +1539,17 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
+@@ -1490,6 +1540,17 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
*head = object;
if (!*tail)
*tail = object;
@@ -2505,7 +2505,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
}
} while (object != old_tail);
-@@ -1502,8 +1563,9 @@ static void *setup_object(struct kmem_cache *s, struct page *page,
+@@ -1503,8 +1564,9 @@ static void *setup_object(struct kmem_cache *s, struct page *page,
void *object)
{
setup_object_debug(s, page, object);
@@ -2516,7 +2516,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
kasan_unpoison_object_data(s, object);
s->ctor(object);
kasan_poison_object_data(s, object);
-@@ -2797,8 +2859,28 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s,
+@@ -2798,8 +2860,28 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s,
maybe_wipe_obj_freeptr(s, object);
@@ -2546,7 +2546,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
slab_post_alloc_hook(s, gfpflags, 1, &object);
-@@ -3183,7 +3265,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
+@@ -3184,7 +3266,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
void **p)
{
struct kmem_cache_cpu *c;
@@ -2555,7 +2555,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
/* memcg and kmem_cache debug support */
s = slab_pre_alloc_hook(s, flags);
-@@ -3232,11 +3314,35 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
+@@ -3233,11 +3315,35 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
local_irq_enable();
/* Clear memory outside IRQ disabled fastpath loop */
@@ -2593,7 +2593,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
}
/* memcg and kmem_cache debug support */
-@@ -3270,9 +3376,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk);
+@@ -3271,9 +3377,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk);
* and increases the number of allocations possible without having to
* take the list_lock.
*/
@@ -2606,7 +2606,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
/*
* Calculate the order of allocation given an slab object size.
-@@ -3440,6 +3546,7 @@ static void early_kmem_cache_node_alloc(int node)
+@@ -3441,6 +3547,7 @@ static void early_kmem_cache_node_alloc(int node)
init_object(kmem_cache_node, n, SLUB_RED_ACTIVE);
init_tracking(kmem_cache_node, n);
#endif
@@ -2614,7 +2614,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
n = kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node),
GFP_KERNEL);
page->freelist = get_freepointer(kmem_cache_node, n);
-@@ -3605,6 +3712,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
+@@ -3608,6 +3715,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
size += sizeof(void *);
}
@@ -2624,7 +2624,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
#ifdef CONFIG_SLUB_DEBUG
if (flags & SLAB_STORE_USER)
/*
-@@ -3677,6 +3787,10 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags)
+@@ -3680,6 +3790,10 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags)
#ifdef CONFIG_SLAB_FREELIST_HARDENED
s->random = get_random_long();
#endif
@@ -2635,7 +2635,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
if (!calculate_sizes(s, -1))
goto error;
-@@ -3952,6 +4066,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page,
+@@ -3955,6 +4069,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page,
offset -= s->red_left_pad;
}
@@ -2644,7 +2644,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
/* Allow address range falling entirely within usercopy region. */
if (offset >= s->useroffset &&
offset - s->useroffset <= s->usersize &&
-@@ -3985,7 +4101,11 @@ size_t __ksize(const void *object)
+@@ -3988,7 +4104,11 @@ size_t __ksize(const void *object)
page = virt_to_head_page(object);
if (unlikely(!PageSlab(page))) {
@@ -2656,7 +2656,7 @@ index 52ded855b4ed..d7d59072b3ff 100644
return page_size(page);
}
-@@ -4830,7 +4950,7 @@ enum slab_stat_type {
+@@ -4833,7 +4953,7 @@ enum slab_stat_type {
#define SO_TOTAL (1 << SL_TOTAL)
#ifdef CONFIG_MEMCG
@@ -2700,10 +2700,10 @@ index ab358c64bbd3..afb474c171f7 100644
unsigned long arch_mmap_rnd(void)
diff --git a/net/core/dev.c b/net/core/dev.c
-index a30878346f54..52144816209a 100644
+index e226f266da9e..be4ff6ef2de3 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -4474,7 +4474,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -4475,7 +4475,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
@@ -2712,7 +2712,7 @@ index a30878346f54..52144816209a 100644
{
struct softnet_data *sd = this_cpu_ptr(&softnet_data);
-@@ -6351,7 +6351,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll)
+@@ -6370,7 +6370,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll)
return work;
}