main/linux-grsec: upgrade to grsecurity-2.9.1-3.9.8-201306302052

(cherry picked from commit 99142aeaac41d3fa49f8af96ffd547719a515352)

2 files changed, 108 insertions, 17 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index ebbddba2a3..7e148c4015 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
 *.*.*)  _kernver=${pkgver%.*};;
 *.*)    _kernver=${pkgver};;
 esac
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
         http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-        grsecurity-2.9.1-3.9.8-201306272057.patch
+        grsecurity-2.9.1-3.9.8-201306302052.patch
 
         0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
         0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
@@ -150,7 +150,7 @@ dev() {
 
 md5sums="4348c9b6b2eb3144d601e87c19d5d909  linux-3.9.tar.xz
 c5f2166686a913abf550bfed8b77df27  patch-3.9.8.xz
-53d60133a86b812060b048275f928041  grsecurity-2.9.1-3.9.8-201306272057.patch
+647f77555169969b4245c62c0fd0f1ab  grsecurity-2.9.1-3.9.8-201306302052.patch
 a16f11b12381efb3bec79b9bfb329836  0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
 656ae7b10dd2f18dbfa1011041d08d60  0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
 aa454ffb96428586447775c21449e284  0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -161,7 +161,7 @@ d89089b3c7eb94dd9f65cf8a357fc36d  kernelconfig.x86
 eb147f09fef5996a488c247790205cd6  kernelconfig.x86_64"
 sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541  linux-3.9.tar.xz
 2eda9068e81269467e3c247f3343a146731fc45284b12b4bc546bc44dbb263e7  patch-3.9.8.xz
-587022b1fc72157e43011551404c7d664dcc3b6c95b72a853ef2ce721e474057  grsecurity-2.9.1-3.9.8-201306272057.patch
+b111346072b7907d3a284f12a08c490cbfe35592537bc59442014c95080c3a33  grsecurity-2.9.1-3.9.8-201306302052.patch
 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3  0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
 dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0  0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892  0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -172,7 +172,7 @@ de3c17420664ae4e52826c6e602aade0deeae94f72253f85b3e48771491ed5d6  kernelconfig.x
 e1cce320f207cc2ba72b9d154c7060c8cbed52c664319dfd21f24e8956d0bf3e  kernelconfig.x86_64"
 sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790  linux-3.9.tar.xz
 60b7d694d39faf937e7b732eb3117b8442059c5c8857c9d439eec8a87d5bc185505e64062f5ae02c3512acf5af778caf615c35d3499cb8089a4569c05da65b9c  patch-3.9.8.xz
-4ca36180a1fc325a558acf73ec9fe3808542498a8f808f73b87a9f6b05ff290d5a5ab20ce39c547a18ce37d093a9857f5c77c495796e62fef986dfa301a9e566  grsecurity-2.9.1-3.9.8-201306272057.patch
+81912f5c19b8bc891a1ad8ed57bfe91d79c6c301410eb4ef9e58f57caefba2661d9732b306d695e712fd8e7c9b5bbb67659759fade26f4ec853d9cb96d347df9  grsecurity-2.9.1-3.9.8-201306302052.patch
 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02  0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c  0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e  0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306302052.patch
index 3efd0e4c4b..9c80933310 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306302052.patch
@@ -2312,7 +2312,7 @@ index 60d3b73..d27ee09 100644
  EXPORT_SYMBOL(__get_user_1);
  EXPORT_SYMBOL(__get_user_2);
 diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
-index 0f82098..3dbd3ee 100644
+index 0f82098..fb3d3d5 100644
 --- a/arch/arm/kernel/entry-armv.S
 +++ b/arch/arm/kernel/entry-armv.S
 @@ -47,6 +47,87 @@
@@ -2484,7 +2484,7 @@ index 0f82098..3dbd3ee 100644
   THUMB(        str     sp, [ip], #4               )
   THUMB(        str     lr, [ip], #4               )
 -#ifdef CONFIG_CPU_USE_DOMAINS
-+#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
         ldr     r6, [r2, #TI_CPU_DOMAIN]
  #endif
         set_tls r3, r4, r5
@@ -2493,7 +2493,7 @@ index 0f82098..3dbd3ee 100644
         ldr     r7, [r7, #TSK_STACK_CANARY]
  #endif
 -#ifdef CONFIG_CPU_USE_DOMAINS
-+#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
         mcr     p15, 0, r6, c3, c0, 0           @ Set domain register
  #endif
         mov     r5, r0
@@ -50560,7 +50560,7 @@ index 6a16053..2155147 100644
         return rc;
  }
 diff --git a/fs/exec.c b/fs/exec.c
-index 6d56ff2..3bc6638 100644
+index 6d56ff2..f65b4ca 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -55,8 +55,20 @@
@@ -50862,7 +50862,37 @@ index 6d56ff2..3bc6638 100644
         set_fs(old_fs);
         return result;
  }
-@@ -1250,7 +1325,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1136,13 +1211,6 @@ void setup_new_exec(struct linux_binprm * bprm)
+                        set_dumpable(current->mm, suid_dumpable);
+        }
+ 
+-       /*
+-        * Flush performance counters when crossing a
+-        * security domain:
+-        */
+-       if (!get_dumpable(current->mm))
+-               perf_event_exit_task(current);
+-
+        /* An exec changes our domain. We are no longer part of the thread
+           group */
+ 
+@@ -1206,6 +1274,15 @@ void install_exec_creds(struct linux_binprm *bprm)
+ 
+        commit_creds(bprm->cred);
+        bprm->cred = NULL;
++
++       /*
++        * Disable monitoring for regular users
++        * when executing setuid binaries. Must
++        * wait until new credentials are committed
++        * by commit_creds() above
++        */
++       if (get_dumpable(current->mm) != SUID_DUMP_USER)
++               perf_event_exit_task(current);
+        /*
+         * cred_guard_mutex must be held at least to this point to prevent
+         * ptrace_attach() from altering our determination of the task's
+@@ -1250,7 +1327,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
         }
         rcu_read_unlock();
  
@@ -50871,7 +50901,7 @@ index 6d56ff2..3bc6638 100644
                 bprm->unsafe |= LSM_UNSAFE_SHARE;
         } else {
                 res = -EAGAIN;
-@@ -1450,6 +1525,31 @@ int search_binary_handler(struct linux_binprm *bprm)
+@@ -1450,6 +1527,31 @@ int search_binary_handler(struct linux_binprm *bprm)
  
  EXPORT_SYMBOL(search_binary_handler);
  
@@ -50903,7 +50933,7 @@ index 6d56ff2..3bc6638 100644
  /*
   * sys_execve() executes a new program.
   */
-@@ -1457,6 +1557,11 @@ static int do_execve_common(const char *filename,
+@@ -1457,6 +1559,11 @@ static int do_execve_common(const char *filename,
                                 struct user_arg_ptr argv,
                                 struct user_arg_ptr envp)
  {
@@ -50915,7 +50945,7 @@ index 6d56ff2..3bc6638 100644
         struct linux_binprm *bprm;
         struct file *file;
         struct files_struct *displaced;
-@@ -1464,6 +1569,8 @@ static int do_execve_common(const char *filename,
+@@ -1464,6 +1571,8 @@ static int do_execve_common(const char *filename,
         int retval;
         const struct cred *cred = current_cred();
  
@@ -50924,7 +50954,7 @@ index 6d56ff2..3bc6638 100644
         /*
          * We move the actual failure in case of RLIMIT_NPROC excess from
          * set*uid() to execve() because too many poorly written programs
-@@ -1504,12 +1611,27 @@ static int do_execve_common(const char *filename,
+@@ -1504,12 +1613,27 @@ static int do_execve_common(const char *filename,
         if (IS_ERR(file))
                 goto out_unmark;
  
@@ -50952,7 +50982,7 @@ index 6d56ff2..3bc6638 100644
         retval = bprm_mm_init(bprm);
         if (retval)
                 goto out_file;
-@@ -1526,24 +1648,65 @@ static int do_execve_common(const char *filename,
+@@ -1526,24 +1650,65 @@ static int do_execve_common(const char *filename,
         if (retval < 0)
                 goto out;
  
@@ -51022,7 +51052,7 @@ index 6d56ff2..3bc6638 100644
         current->fs->in_exec = 0;
         current->in_execve = 0;
         acct_update_integrals(current);
-@@ -1552,6 +1715,14 @@ static int do_execve_common(const char *filename,
+@@ -1552,6 +1717,14 @@ static int do_execve_common(const char *filename,
                 put_files_struct(displaced);
         return retval;
  
@@ -51037,7 +51067,7 @@ index 6d56ff2..3bc6638 100644
  out:
         if (bprm->mm) {
                 acct_arg_size(bprm, 0);
-@@ -1700,3 +1871,283 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+@@ -1700,3 +1873,283 @@ asmlinkage long compat_sys_execve(const char __user * filename,
         return error;
  }
  #endif
@@ -56758,6 +56788,67 @@ index 69d4889..a810bd4 100644
  {
         if (sbi->s_bytesex == BYTESEX_PDP)
                 return PDP_swab((__force __u32)n);
+diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
+index de08c92f..732cd63 100644
+--- a/fs/ubifs/dir.c
++++ b/fs/ubifs/dir.c
+@@ -364,6 +364,24 @@ static int ubifs_readdir(struct file *file, void *dirent, filldir_t filldir)
+                 */
+                return 0;
+ 
++       if (file->f_version == 0) {
++               /*
++                * The file was seek'ed, which means that @file->private_data
++                * is now invalid. This may also be just the first
++                * 'ubifs_readdir()' invocation, in which case
++                * @file->private_data is NULL, and the below code is
++                * basically a no-op.
++                */
++               kfree(file->private_data);
++               file->private_data = NULL;
++       }
++
++       /*
++        * 'generic_file_llseek()' unconditionally sets @file->f_version to
++        * zero, and we use this for detecting whether the file was seek'ed.
++        */
++       file->f_version = 1;
++
+        /* File positions 0 and 1 correspond to "." and ".." */
+        if (file->f_pos == 0) {
+                ubifs_assert(!file->private_data);
+@@ -438,6 +456,14 @@ static int ubifs_readdir(struct file *file, void *dirent, filldir_t filldir)
+                file->f_pos = key_hash_flash(c, &dent->key);
+                file->private_data = dent;
+                cond_resched();
++
++               if (file->f_version == 0)
++                       /*
++                        * The file was seek'ed meanwhile, lets return and start
++                        * reading direntries from the new position on the next
++                        * invocation.
++                        */
++                       return 0;
+        }
+ 
+ out:
+@@ -448,15 +474,13 @@ out:
+ 
+        kfree(file->private_data);
+        file->private_data = NULL;
++       /* 2 is a special value indicating that there are no more direntries */
+        file->f_pos = 2;
+        return 0;
+ }
+ 
+-/* If a directory is seeked, we have to free saved readdir() state */
+ static loff_t ubifs_dir_llseek(struct file *file, loff_t offset, int whence)
+ {
+-       kfree(file->private_data);
+-       file->private_data = NULL;
+        return generic_file_llseek(file, offset, whence);
+ }
+ 
 diff --git a/fs/ubifs/io.c b/fs/ubifs/io.c
 index e18b988..f1d4ad0f 100644
 --- a/fs/ubifs/io.c