5.15.25 hardened bump (#447)

Co-authored-by: amelia <farikoskillz2gmail.com>
2022-03-01 17:19:05 +00:00
parent 1861c35e67
commit 56dc6d4d00
3 changed files with 39 additions and 37 deletions
--- a/linux-tkg-patches/5.15/0012-linux-hardened.patch
+++ b/linux-tkg-patches/5.15/0012-linux-hardened.patch
@@ -102,13 +102,13 @@ index d91ab28718d4..4ead5cd52644 100644
 	If set, provide RFC2861 behavior and time out the congestion
 	window after an idle period.  An idle period is defined at
 diff --git a/Makefile b/Makefile
-index aed26e228dde..fd511db4d97f 100644
+index c50d4ec83be8..a88b0b67c745 100644
 --- a/Makefile
 +++ b/Makefile
@@ -2,7 +2,7 @@
 VERSION = 5
 PATCHLEVEL = 15
- SUBLEVEL = 15
+ SUBLEVEL = 25
 -EXTRAVERSION =
 +EXTRAVERSION = -hardened1
 NAME = Trick or Treat
@@ -242,7 +242,7 @@ index 1f96809606ac..5dc5b06d6955 100644
 	  Linux can allow user programs to install a per-process x86
 	  Local Descriptor Table (LDT) using the modify_ldt(2) system
 diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
-index e8a7a0af2bda..8e8947dceab4 100644
+index d7298b104a45..f65c7ca3602d 100644
 --- a/arch/x86/configs/x86_64_defconfig
 +++ b/arch/x86/configs/x86_64_defconfig
@@ -1,5 +1,4 @@
@@ -502,10 +502,10 @@ index 82de39926a9f..7363072fbcb4 100644
 	blk_complete_reqs(this_cpu_ptr(&blk_cpu_done));
 }
 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 4d848cfc406f..94427b7ee3b9 100644
+index 24b67d78cb83..bf5189847efe 100644
 --- a/drivers/ata/libata-core.c
 +++ b/drivers/ata/libata-core.c
-@@ -4599,7 +4599,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4600,7 +4600,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
 	struct ata_port *ap;
 	unsigned int tag;
 
@@ -514,7 +514,7 @@ index 4d848cfc406f..94427b7ee3b9 100644
 	ap = qc->ap;
 
 	qc->flags = 0;
-@@ -4616,7 +4616,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4617,7 +4617,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
 	struct ata_port *ap;
 	struct ata_link *link;
 
@@ -608,10 +608,10 @@ index 18e874b0441e..fc7a3a9aa72a 100644
 obj-$(CONFIG_USB)		+= usbcore.o
 
 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 3bc4a86c3d0a..16c451593031 100644
+index ac6c5ccfe1cb..dd810d902ea1 100644
 --- a/drivers/usb/core/hub.c
 +++ b/drivers/usb/core/hub.c
-@@ -5238,6 +5238,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
+@@ -5241,6 +5241,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
 			goto done;
 		return;
 	}
@@ -751,7 +751,7 @@ index 9abc88d7959c..4dae3fd45fdd 100644
 {
 	return -ENXIO;
 diff --git a/fs/namei.c b/fs/namei.c
-index 1946d9667790..d34d594154b6 100644
+index 3bb65f48fe1d..046e797c9663 100644
 --- a/fs/namei.c
 +++ b/fs/namei.c
@@ -1020,10 +1020,10 @@ static inline void put_link(struct nameidata *nd)
@@ -926,7 +926,7 @@ index 56eba723477e..bf53bd6efdc6 100644
 +
 #endif /* _LINUX_FS_H */
 diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
-index 12d3a7d308ab..c20fb1eb3f25 100644
+index a9477c14fad5..41129acd7507 100644
 --- a/include/linux/fsnotify.h
 +++ b/include/linux/fsnotify.h
@@ -96,6 +96,9 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
@@ -1007,7 +1007,7 @@ index 2b5b64256cf4..8cdce21dce0f 100644
 const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent);
 const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj);
 diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 73a52aba448f..26370aeee4b6 100644
+index 90c2d7f3c7a8..de4d4b976c5e 100644
 --- a/include/linux/mm.h
 +++ b/include/linux/mm.h
@@ -799,7 +799,7 @@ static inline int is_vmalloc_or_module_addr(const void *x)
@@ -1062,10 +1062,10 @@ index 5e76af742c80..9a6c682ec127 100644
 extern phys_addr_t per_cpu_ptr_to_phys(void *addr);
 
 diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index 9b60bb89d86a..32116e32809b 100644
+index 6cce33e7e7ac..5eb6522e017f 100644
 --- a/include/linux/perf_event.h
 +++ b/include/linux/perf_event.h
-@@ -1320,6 +1320,14 @@ static inline int perf_is_paranoid(void)
+@@ -1322,6 +1322,14 @@ static inline int perf_is_paranoid(void)
 	return sysctl_perf_event_paranoid > -1;
 }
 
@@ -1414,10 +1414,10 @@ index 11f8a845f259..a64ec536890d 100644
 	bool "Page allocator randomization"
 	default SLAB_FREELIST_RANDOM && ACPI_NUMA
 diff --git a/kernel/audit.c b/kernel/audit.c
-index 4cebadb5f30d..436931ce46a0 100644
+index 94ded5de9131..6b7e12855359 100644
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
-@@ -1692,6 +1692,9 @@ static int __init audit_enable(char *str)
+@@ -1730,6 +1730,9 @@ static int __init audit_enable(char *str)
 
 	if (audit_default == AUDIT_OFF)
 		audit_initialized = AUDIT_DISABLED;
@@ -1470,7 +1470,7 @@ index 46a361dde042..f0c387f421a0 100644
 
 /**
 diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 2931faf92a76..1638619f1afb 100644
+index b81652fc2cdd..fce3ec1a1e1b 100644
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
@@ -414,8 +414,13 @@ static struct kmem_cache *perf_event_cache;
@@ -1487,7 +1487,7 @@ index 2931faf92a76..1638619f1afb 100644
 
 /* Minimum for 512 kiB + 1 user control page */
 int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -12010,7 +12015,7 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -12094,7 +12099,7 @@ SYSCALL_DEFINE5(perf_event_open,
 		return -EINVAL;
 
 	/* Do we allow access to perf_event_open(2) ? */
@@ -1497,7 +1497,7 @@ index 2931faf92a76..1638619f1afb 100644
 		return err;
 
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 10885c649ca4..1c4b4598eb55 100644
+index 28aee1a8875b..475372883e06 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
@@ -82,6 +82,7 @@
@@ -1519,7 +1519,7 @@ index 10885c649ca4..1c4b4598eb55 100644
 	/*
 	 * Thread groups must share signals as well, and detached threads
 	 * can only be started up within the thread group.
-@@ -3056,6 +3061,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -3055,6 +3060,12 @@ int ksys_unshare(unsigned long unshare_flags)
 	if (unshare_flags & CLONE_NEWNS)
 		unshare_flags |= CLONE_FS;
 
@@ -1546,10 +1546,10 @@ index 340b3f8b090d..e0ef77dc0564 100644
 	struct rcu_head *next, *list;
 	unsigned long flags;
 diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
-index 7ae10fab68b8..c60b242913a0 100644
+index 4ca6d5b199e8..82639c274d65 100644
 --- a/kernel/rcu/tree.c
 +++ b/kernel/rcu/tree.c
-@@ -2751,7 +2751,7 @@ static __latent_entropy void rcu_core(void)
+@@ -2752,7 +2752,7 @@ static __latent_entropy void rcu_core(void)
 		queue_work_on(rdp->cpu, rcu_gp_wq, &rdp->strict_work);
 }
 
@@ -1559,10 +1559,10 @@ index 7ae10fab68b8..c60b242913a0 100644
 	rcu_core();
 }
 diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 6f16dfb74246..a01d70fb5697 100644
+index 6420580f2730..b9fe0e786cc6 100644
 --- a/kernel/sched/fair.c
 +++ b/kernel/sched/fair.c
-@@ -10883,7 +10883,7 @@ static int newidle_balance(struct rq *this_rq, struct rq_flags *rf)
+@@ -10895,7 +10895,7 @@ static int newidle_balance(struct rq *this_rq, struct rq_flags *rf)
  * run_rebalance_domains is triggered when needed from the scheduler tick.
  * Also triggered for nohz idle balancing (with nohz_balancing_kick set).
  */
@@ -2070,7 +2070,7 @@ index 88dcc5c25225..c903d803fe4e 100644
 		mm->brk = brk;
 		goto success;
 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 23d3339ac4e8..bf38b6559613 100644
+index 7773bae3b6ed..91e67c6e59ce 100644
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
@@ -155,6 +155,15 @@ struct pcpu_drain {
@@ -2711,7 +2711,7 @@ index bacabe446906..a3bcc8aef4b4 100644
 
 unsigned long arch_mmap_rnd(void)
 diff --git a/net/core/dev.c b/net/core/dev.c
-index e0878a500aa9..e6d9d916aa2c 100644
+index 33dc2a3ff7d7..657f746d78cd 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
@@ -4978,7 +4978,7 @@ int netif_rx_any_context(struct sk_buff *skb)
@@ -2792,7 +2792,7 @@ index 6f1e64d49232..96a5a252b750 100644
 };
 
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index f3b623967436..e6dc036f2c5e 100644
+index 509f577869d4..936f1b007861 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
@@ -82,6 +82,7 @@
@@ -2803,7 +2803,7 @@ index f3b623967436..e6dc036f2c5e 100644
 
 #define FLAG_DATA		0x01 /* Incoming frame contained data.		*/
 #define FLAG_WIN_UPDATE		0x02 /* Incoming ACK was a window update.	*/
-@@ -6253,7 +6254,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -6255,7 +6256,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb,
 	    tcp_paws_reject(&tp->rx_opt, 0))
 		goto discard_and_undo;
 
@@ -3112,7 +3112,7 @@ index 9e921fc72538..ae851a826c26 100644
 	int "NSA SELinux sidtab hashtable size"
 	depends on SECURITY_SELINUX
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 9309e62d46ed..87c3cb8babce 100644
+index baa12d1007c7..6378e2be49fa 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
@@ -136,21 +136,7 @@ static int __init selinux_enabled_setup(char *str)
@@ -3188,10 +3188,10 @@ index 4fe3b8b1958f..a7d88cc23a70 100644
    in /etc/sysctl.conf (e.g. kernel.perf_event_paranoid = <setting>)
 
 diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
-index dbfeceb2546c..53ab8d6b473e 100644
+index c87f9974c0c1..1c9afa8f7064 100644
 --- a/tools/perf/util/evsel.c
 +++ b/tools/perf/util/evsel.c
-@@ -2780,6 +2780,7 @@ int evsel__open_strerror(struct evsel *evsel, struct target *target,
+@@ -2789,6 +2789,7 @@ int evsel__open_strerror(struct evsel *evsel, struct target *target,
 		 ">= 0: Disallow raw and ftrace function tracepoint access\n"
 		 ">= 1: Disallow CPU event access\n"
 		 ">= 2: Disallow kernel profiling\n"