Develop and Download Open Source Software

CaitSith

Browse Subversion Repository

/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-5.15.diff

Diff of /trunk/caitsith-patch/patches/ccs-patch-5.15.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 386 by kumaneko, Sat Nov 11 13:41:19 2023 UTC revision 387 by kumaneko, Mon Dec 25 14:08:19 2023 UTC
# Line 1  Line 1 
1  This is TOMOYO Linux patch for kernel 5.15.138.  This is TOMOYO Linux patch for kernel 5.15.145.
2    
3  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.15.138.tar.xz  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.15.145.tar.xz
4  ---  ---
5   fs/exec.c                 |    2 -   fs/exec.c                 |    2 -
6   fs/open.c                 |    2 +   fs/open.c                 |    2 +
# Line 28  Source code for this patch is https://ww Line 28  Source code for this patch is https://ww
28   security/security.c       |    5 ++-   security/security.c       |    5 ++-
29   24 files changed, 160 insertions(+), 30 deletions(-)   24 files changed, 160 insertions(+), 30 deletions(-)
30    
31  --- linux-5.15.138.orig/fs/exec.c  --- linux-5.15.145.orig/fs/exec.c
32  +++ linux-5.15.138/fs/exec.c  +++ linux-5.15.145/fs/exec.c
33  @@ -1841,7 +1841,7 @@ static int bprm_execve(struct linux_binp  @@ -1841,7 +1841,7 @@ static int bprm_execve(struct linux_binp
34          if (retval)          if (retval)
35                  goto out;                  goto out;
# Line 39  Source code for this patch is https://ww Line 39  Source code for this patch is https://ww
39          if (retval < 0)          if (retval < 0)
40                  goto out;                  goto out;
41    
42  --- linux-5.15.138.orig/fs/open.c  --- linux-5.15.145.orig/fs/open.c
43  +++ linux-5.15.138/fs/open.c  +++ linux-5.15.145/fs/open.c
44  @@ -1370,6 +1370,8 @@ SYSCALL_DEFINE3(close_range, unsigned in  @@ -1370,6 +1370,8 @@ SYSCALL_DEFINE3(close_range, unsigned in
45    */    */
46   SYSCALL_DEFINE0(vhangup)   SYSCALL_DEFINE0(vhangup)
# Line 50  Source code for this patch is https://ww Line 50  Source code for this patch is https://ww
50          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
51                  tty_vhangup_self();                  tty_vhangup_self();
52                  return 0;                  return 0;
53  --- linux-5.15.138.orig/fs/proc/version.c  --- linux-5.15.145.orig/fs/proc/version.c
54  +++ linux-5.15.138/fs/proc/version.c  +++ linux-5.15.145/fs/proc/version.c
55  @@ -21,3 +21,10 @@ static int __init proc_version_init(void  @@ -21,3 +21,10 @@ static int __init proc_version_init(void
56          return 0;          return 0;
57   }   }
# Line 59  Source code for this patch is https://ww Line 59  Source code for this patch is https://ww
59  +  +
60  +static int __init ccs_show_version(void)  +static int __init ccs_show_version(void)
61  +{  +{
62  +       printk(KERN_INFO "Hook version: 5.15.138 2023/11/11\n");  +       printk(KERN_INFO "Hook version: 5.15.145 2023/12/25\n");
63  +       return 0;  +       return 0;
64  +}  +}
65  +fs_initcall(ccs_show_version);  +fs_initcall(ccs_show_version);
66  --- linux-5.15.138.orig/include/linux/sched.h  --- linux-5.15.145.orig/include/linux/sched.h
67  +++ linux-5.15.138/include/linux/sched.h  +++ linux-5.15.145/include/linux/sched.h
68  @@ -44,6 +44,7 @@ struct blk_plug;  @@ -44,6 +44,7 @@ struct blk_plug;
69   struct bpf_local_storage;   struct bpf_local_storage;
70   struct bpf_run_ctx;   struct bpf_run_ctx;
# Line 84  Source code for this patch is https://ww Line 84  Source code for this patch is https://ww
84    
85   #ifdef CONFIG_TRACING   #ifdef CONFIG_TRACING
86          /* State flags for use by tracers: */          /* State flags for use by tracers: */
87  --- linux-5.15.138.orig/include/linux/security.h  --- linux-5.15.145.orig/include/linux/security.h
88  +++ linux-5.15.138/include/linux/security.h  +++ linux-5.15.145/include/linux/security.h
89  @@ -59,6 +59,7 @@ struct fs_parameter;  @@ -59,6 +59,7 @@ struct fs_parameter;
90   enum fs_value_type;   enum fs_value_type;
91   struct watch;   struct watch;
# Line 315  Source code for this patch is https://ww Line 315  Source code for this patch is https://ww
315   }   }
316   #endif /* CONFIG_SECURITY_PATH */   #endif /* CONFIG_SECURITY_PATH */
317    
318  --- linux-5.15.138.orig/include/net/ip.h  --- linux-5.15.145.orig/include/net/ip.h
319  +++ linux-5.15.138/include/net/ip.h  +++ linux-5.15.145/include/net/ip.h
320  @@ -343,6 +343,8 @@ void inet_get_local_port_range(struct ne  @@ -343,6 +343,8 @@ void inet_get_local_port_range(struct ne
321   #ifdef CONFIG_SYSCTL   #ifdef CONFIG_SYSCTL
322   static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)   static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)
# Line 335  Source code for this patch is https://ww Line 335  Source code for this patch is https://ww
335          return false;          return false;
336   }   }
337    
338  --- linux-5.15.138.orig/init/init_task.c  --- linux-5.15.145.orig/init/init_task.c
339  +++ linux-5.15.138/init/init_task.c  +++ linux-5.15.145/init/init_task.c
340  @@ -214,6 +214,10 @@ struct task_struct init_task  @@ -214,6 +214,10 @@ struct task_struct init_task
341   #ifdef CONFIG_SECCOMP_FILTER   #ifdef CONFIG_SECCOMP_FILTER
342          .seccomp        = { .filter_count = ATOMIC_INIT(0) },          .seccomp        = { .filter_count = ATOMIC_INIT(0) },
# Line 348  Source code for this patch is https://ww Line 348  Source code for this patch is https://ww
348   };   };
349   EXPORT_SYMBOL(init_task);   EXPORT_SYMBOL(init_task);
350    
351  --- linux-5.15.138.orig/kernel/kexec.c  --- linux-5.15.145.orig/kernel/kexec.c
352  +++ linux-5.15.138/kernel/kexec.c  +++ linux-5.15.145/kernel/kexec.c
353  @@ -16,7 +16,7 @@  @@ -16,7 +16,7 @@
354   #include <linux/syscalls.h>   #include <linux/syscalls.h>
355   #include <linux/vmalloc.h>   #include <linux/vmalloc.h>
# Line 368  Source code for this patch is https://ww Line 368  Source code for this patch is https://ww
368    
369          /* Permit LSMs and IMA to fail the kexec */          /* Permit LSMs and IMA to fail the kexec */
370          result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);          result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);
371  --- linux-5.15.138.orig/kernel/module.c  --- linux-5.15.145.orig/kernel/module.c
372  +++ linux-5.15.138/kernel/module.c  +++ linux-5.15.145/kernel/module.c
373  @@ -59,6 +59,7 @@  @@ -59,6 +59,7 @@
374   #include <linux/audit.h>   #include <linux/audit.h>
375   #include <uapi/linux/module.h>   #include <uapi/linux/module.h>
# Line 396  Source code for this patch is https://ww Line 396  Source code for this patch is https://ww
396    
397          return 0;          return 0;
398   }   }
399  --- linux-5.15.138.orig/kernel/ptrace.c  --- linux-5.15.145.orig/kernel/ptrace.c
400  +++ linux-5.15.138/kernel/ptrace.c  +++ linux-5.15.145/kernel/ptrace.c
401  @@ -1295,6 +1295,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l  @@ -1295,6 +1295,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402   {   {
403          struct task_struct *child;          struct task_struct *child;
# Line 422  Source code for this patch is https://ww Line 422  Source code for this patch is https://ww
422    
423          if (request == PTRACE_TRACEME) {          if (request == PTRACE_TRACEME) {
424                  ret = ptrace_traceme();                  ret = ptrace_traceme();
425  --- linux-5.15.138.orig/kernel/reboot.c  --- linux-5.15.145.orig/kernel/reboot.c
426  +++ linux-5.15.138/kernel/reboot.c  +++ linux-5.15.145/kernel/reboot.c
427  @@ -18,6 +18,7 @@  @@ -18,6 +18,7 @@
428   #include <linux/syscalls.h>   #include <linux/syscalls.h>
429   #include <linux/syscore_ops.h>   #include <linux/syscore_ops.h>
# Line 432  Source code for this patch is https://ww Line 432  Source code for this patch is https://ww
432    
433   /*   /*
434    * this indicates whether you can reboot with ctrl-alt-del: the default is yes    * this indicates whether you can reboot with ctrl-alt-del: the default is yes
435  @@ -326,6 +327,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int  @@ -327,6 +328,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
436                          magic2 != LINUX_REBOOT_MAGIC2B &&                          magic2 != LINUX_REBOOT_MAGIC2B &&
437                          magic2 != LINUX_REBOOT_MAGIC2C))                          magic2 != LINUX_REBOOT_MAGIC2C))
438                  return -EINVAL;                  return -EINVAL;
# Line 441  Source code for this patch is https://ww Line 441  Source code for this patch is https://ww
441    
442          /*          /*
443           * If pid namespaces are enabled and the current task is in a child           * If pid namespaces are enabled and the current task is in a child
444  --- linux-5.15.138.orig/kernel/sched/core.c  --- linux-5.15.145.orig/kernel/sched/core.c
445  +++ linux-5.15.138/kernel/sched/core.c  +++ linux-5.15.145/kernel/sched/core.c
446  @@ -7033,6 +7033,8 @@ int can_nice(const struct task_struct *p  @@ -7037,6 +7037,8 @@ int can_nice(const struct task_struct *p
447   SYSCALL_DEFINE1(nice, int, increment)   SYSCALL_DEFINE1(nice, int, increment)
448   {   {
449          long nice, retval;          long nice, retval;
# Line 452  Source code for this patch is https://ww Line 452  Source code for this patch is https://ww
452    
453          /*          /*
454           * Setpriority might change our priority at the same moment.           * Setpriority might change our priority at the same moment.
455  --- linux-5.15.138.orig/kernel/signal.c  --- linux-5.15.145.orig/kernel/signal.c
456  +++ linux-5.15.138/kernel/signal.c  +++ linux-5.15.145/kernel/signal.c
457  @@ -3800,6 +3800,8 @@ static inline void prepare_kill_siginfo(  @@ -3800,6 +3800,8 @@ static inline void prepare_kill_siginfo(
458   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459   {   {
# Line 521  Source code for this patch is https://ww Line 521  Source code for this patch is https://ww
521    
522          return do_send_specific(tgid, pid, sig, info);          return do_send_specific(tgid, pid, sig, info);
523   }   }
524  --- linux-5.15.138.orig/kernel/sys.c  --- linux-5.15.145.orig/kernel/sys.c
525  +++ linux-5.15.138/kernel/sys.c  +++ linux-5.15.145/kernel/sys.c
526  @@ -211,6 +211,10 @@ SYSCALL_DEFINE3(setpriority, int, which,  @@ -211,6 +211,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527    
528          if (which > PRIO_USER || which < PRIO_PROCESS)          if (which > PRIO_USER || which < PRIO_PROCESS)
# Line 552  Source code for this patch is https://ww Line 552  Source code for this patch is https://ww
552    
553          errno = -EFAULT;          errno = -EFAULT;
554          if (!copy_from_user(tmp, name, len)) {          if (!copy_from_user(tmp, name, len)) {
555  --- linux-5.15.138.orig/kernel/time/timekeeping.c  --- linux-5.15.145.orig/kernel/time/timekeeping.c
556  +++ linux-5.15.138/kernel/time/timekeeping.c  +++ linux-5.15.145/kernel/time/timekeeping.c
557  @@ -24,6 +24,7 @@  @@ -24,6 +24,7 @@
558   #include <linux/compiler.h>   #include <linux/compiler.h>
559   #include <linux/audit.h>   #include <linux/audit.h>
# Line 587  Source code for this patch is https://ww Line 587  Source code for this patch is https://ww
587    
588                  /*                  /*
589                   * Validate if a timespec/timeval used to inject a time                   * Validate if a timespec/timeval used to inject a time
590  --- linux-5.15.138.orig/net/ipv4/raw.c  --- linux-5.15.145.orig/net/ipv4/raw.c
591  +++ linux-5.15.138/net/ipv4/raw.c  +++ linux-5.15.145/net/ipv4/raw.c
592  @@ -774,6 +774,10 @@ static int raw_recvmsg(struct sock *sk,  @@ -774,6 +774,10 @@ static int raw_recvmsg(struct sock *sk,
593          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
594          if (!skb)          if (!skb)
# Line 600  Source code for this patch is https://ww Line 600  Source code for this patch is https://ww
600    
601          copied = skb->len;          copied = skb->len;
602          if (len < copied) {          if (len < copied) {
603  --- linux-5.15.138.orig/net/ipv4/udp.c  --- linux-5.15.145.orig/net/ipv4/udp.c
604  +++ linux-5.15.138/net/ipv4/udp.c  +++ linux-5.15.145/net/ipv4/udp.c
605  @@ -1877,6 +1877,8 @@ try_again:  @@ -1877,6 +1877,8 @@ try_again:
606          skb = __skb_recv_udp(sk, flags, noblock, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607          if (!skb)          if (!skb)
# Line 611  Source code for this patch is https://ww Line 611  Source code for this patch is https://ww
611    
612          ulen = udp_skb_len(skb);          ulen = udp_skb_len(skb);
613          copied = len;          copied = len;
614  --- linux-5.15.138.orig/net/ipv6/raw.c  --- linux-5.15.145.orig/net/ipv6/raw.c
615  +++ linux-5.15.138/net/ipv6/raw.c  +++ linux-5.15.145/net/ipv6/raw.c
616  @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk  @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
618          if (!skb)          if (!skb)
# Line 624  Source code for this patch is https://ww Line 624  Source code for this patch is https://ww
624    
625          copied = skb->len;          copied = skb->len;
626          if (copied > len) {          if (copied > len) {
627  --- linux-5.15.138.orig/net/ipv6/udp.c  --- linux-5.15.145.orig/net/ipv6/udp.c
628  +++ linux-5.15.138/net/ipv6/udp.c  +++ linux-5.15.145/net/ipv6/udp.c
629  @@ -366,6 +366,8 @@ try_again:  @@ -366,6 +366,8 @@ try_again:
630          skb = __skb_recv_udp(sk, flags, noblock, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631          if (!skb)          if (!skb)
# Line 635  Source code for this patch is https://ww Line 635  Source code for this patch is https://ww
635    
636          ulen = udp6_skb_len(skb);          ulen = udp6_skb_len(skb);
637          copied = len;          copied = len;
638  --- linux-5.15.138.orig/net/socket.c  --- linux-5.15.145.orig/net/socket.c
639  +++ linux-5.15.138/net/socket.c  +++ linux-5.15.145/net/socket.c
640  @@ -1795,6 +1795,10 @@ struct file *do_accept(struct file *file  @@ -1795,6 +1795,10 @@ struct file *do_accept(struct file *file
641          if (err < 0)          if (err < 0)
642                  goto out_fd;                  goto out_fd;
# Line 648  Source code for this patch is https://ww Line 648  Source code for this patch is https://ww
648          if (upeer_sockaddr) {          if (upeer_sockaddr) {
649                  len = newsock->ops->getname(newsock,                  len = newsock->ops->getname(newsock,
650                                          (struct sockaddr *)&address, 2);                                          (struct sockaddr *)&address, 2);
651  --- linux-5.15.138.orig/net/unix/af_unix.c  --- linux-5.15.145.orig/net/unix/af_unix.c
652  +++ linux-5.15.138/net/unix/af_unix.c  +++ linux-5.15.145/net/unix/af_unix.c
653  @@ -2344,6 +2344,10 @@ int __unix_dgram_recvmsg(struct sock *sk  @@ -2344,6 +2344,10 @@ int __unix_dgram_recvmsg(struct sock *sk
654                                                  EPOLLOUT | EPOLLWRNORM |                                                  EPOLLOUT | EPOLLWRNORM |
655                                                  EPOLLWRBAND);                                                  EPOLLWRBAND);
# Line 669  Source code for this patch is https://ww Line 669  Source code for this patch is https://ww
669          mutex_unlock(&u->iolock);          mutex_unlock(&u->iolock);
670   out:   out:
671          return err;          return err;
672  --- linux-5.15.138.orig/security/Kconfig  --- linux-5.15.145.orig/security/Kconfig
673  +++ linux-5.15.138/security/Kconfig  +++ linux-5.15.145/security/Kconfig
674  @@ -284,5 +284,7 @@ config LSM  @@ -284,5 +284,7 @@ config LSM
675    
676   source "security/Kconfig.hardening"   source "security/Kconfig.hardening"
# Line 679  Source code for this patch is https://ww Line 679  Source code for this patch is https://ww
679  +  +
680   endmenu   endmenu
681    
682  --- linux-5.15.138.orig/security/Makefile  --- linux-5.15.145.orig/security/Makefile
683  +++ linux-5.15.138/security/Makefile  +++ linux-5.15.145/security/Makefile
684  @@ -27,3 +27,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK)               += land  @@ -27,3 +27,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK)               += land
685    
686   # Object integrity file lists   # Object integrity file lists
# Line 688  Source code for this patch is https://ww Line 688  Source code for this patch is https://ww
688  +  +
689  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
690  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/
691  --- linux-5.15.138.orig/security/security.c  --- linux-5.15.145.orig/security/security.c
692  +++ linux-5.15.138/security/security.c  +++ linux-5.15.145/security/security.c
693  @@ -1660,7 +1660,9 @@ int security_task_alloc(struct task_stru  @@ -1660,7 +1660,9 @@ int security_task_alloc(struct task_stru
694    
695          if (rc)          if (rc)
Legend:
Removed from v.386  
changed lines
  Added in v.387
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help