Develop and Download Open Source Software

CaitSith

Browse Subversion Repository

/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-6.1.diff

Diff of /trunk/caitsith-patch/patches/ccs-patch-6.1.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 373 by kumaneko, Wed Nov 2 14:00:21 2022 UTC revision 374 by kumaneko, Sat Dec 31 14:39:10 2022 UTC
# Line 1  Line 1 
1  This is TOMOYO Linux patch for kernel 6.1-rc2.  This is TOMOYO Linux patch for kernel 6.1.1.
2    
3  Source code for this patch is https://git.kernel.org/torvalds/t/linux-6.1-rc2.tar.gz  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v6.x/linux-6.1.1.tar.xz
4  ---  ---
5   fs/exec.c                 |    2 -   fs/exec.c                 |    2 -
6   fs/open.c                 |    2 +   fs/open.c                 |    2 +
# Line 28  Source code for this patch is https://gi Line 28  Source code for this patch is https://gi
28   security/security.c       |    5 +++   security/security.c       |    5 +++
29   24 files changed, 150 insertions(+), 30 deletions(-)   24 files changed, 150 insertions(+), 30 deletions(-)
30    
31  --- linux-6.1-rc2.orig/fs/exec.c  --- linux-6.1.1.orig/fs/exec.c
32  +++ linux-6.1-rc2/fs/exec.c  +++ linux-6.1.1/fs/exec.c
33  @@ -1834,7 +1834,7 @@ static int bprm_execve(struct linux_binp  @@ -1834,7 +1834,7 @@ static int bprm_execve(struct linux_binp
34          if (retval)          if (retval)
35                  goto out;                  goto out;
# Line 39  Source code for this patch is https://gi Line 39  Source code for this patch is https://gi
39          if (retval < 0)          if (retval < 0)
40                  goto out;                  goto out;
41    
42  --- linux-6.1-rc2.orig/fs/open.c  --- linux-6.1.1.orig/fs/open.c
43  +++ linux-6.1-rc2/fs/open.c  +++ linux-6.1.1/fs/open.c
44  @@ -1471,6 +1471,8 @@ SYSCALL_DEFINE3(close_range, unsigned in  @@ -1471,6 +1471,8 @@ SYSCALL_DEFINE3(close_range, unsigned in
45    */    */
46   SYSCALL_DEFINE0(vhangup)   SYSCALL_DEFINE0(vhangup)
# Line 50  Source code for this patch is https://gi Line 50  Source code for this patch is https://gi
50          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
51                  tty_vhangup_self();                  tty_vhangup_self();
52                  return 0;                  return 0;
53  --- linux-6.1-rc2.orig/fs/proc/version.c  --- linux-6.1.1.orig/fs/proc/version.c
54  +++ linux-6.1-rc2/fs/proc/version.c  +++ linux-6.1.1/fs/proc/version.c
55  @@ -25,3 +25,10 @@ static int __init proc_version_init(void  @@ -25,3 +25,10 @@ static int __init proc_version_init(void
56          return 0;          return 0;
57   }   }
# Line 59  Source code for this patch is https://gi Line 59  Source code for this patch is https://gi
59  +  +
60  +static int __init ccs_show_version(void)  +static int __init ccs_show_version(void)
61  +{  +{
62  +       printk(KERN_INFO "Hook version: 6.1-rc2 2022/10/24\n");  +       printk(KERN_INFO "Hook version: 6.1.1 2022/12/29\n");
63  +       return 0;  +       return 0;
64  +}  +}
65  +fs_initcall(ccs_show_version);  +fs_initcall(ccs_show_version);
66  --- linux-6.1-rc2.orig/include/linux/sched.h  --- linux-6.1.1.orig/include/linux/sched.h
67  +++ linux-6.1-rc2/include/linux/sched.h  +++ linux-6.1.1/include/linux/sched.h
68  @@ -46,6 +46,7 @@ struct blk_plug;  @@ -46,6 +46,7 @@ struct blk_plug;
69   struct bpf_local_storage;   struct bpf_local_storage;
70   struct bpf_run_ctx;   struct bpf_run_ctx;
# Line 84  Source code for this patch is https://gi Line 84  Source code for this patch is https://gi
84    
85   #ifdef CONFIG_TRACING   #ifdef CONFIG_TRACING
86          /* Bitmask and counter of trace recursion: */          /* Bitmask and counter of trace recursion: */
87  --- linux-6.1-rc2.orig/include/linux/security.h  --- linux-6.1.1.orig/include/linux/security.h
88  +++ linux-6.1-rc2/include/linux/security.h  +++ linux-6.1.1/include/linux/security.h
89  @@ -59,6 +59,7 @@ struct fs_parameter;  @@ -59,6 +59,7 @@ struct fs_parameter;
90   enum fs_value_type;   enum fs_value_type;
91   struct watch;   struct watch;
# Line 305  Source code for this patch is https://gi Line 305  Source code for this patch is https://gi
305   }   }
306   #endif /* CONFIG_SECURITY_PATH */   #endif /* CONFIG_SECURITY_PATH */
307    
308  --- linux-6.1-rc2.orig/include/net/ip.h  --- linux-6.1.1.orig/include/net/ip.h
309  +++ linux-6.1-rc2/include/net/ip.h  +++ linux-6.1.1/include/net/ip.h
310  @@ -345,6 +345,8 @@ void inet_get_local_port_range(struct ne  @@ -345,6 +345,8 @@ void inet_get_local_port_range(struct ne
311   #ifdef CONFIG_SYSCTL   #ifdef CONFIG_SYSCTL
312   static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)   static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)
# Line 325  Source code for this patch is https://gi Line 325  Source code for this patch is https://gi
325          return false;          return false;
326   }   }
327    
328  --- linux-6.1-rc2.orig/init/init_task.c  --- linux-6.1.1.orig/init/init_task.c
329  +++ linux-6.1-rc2/init/init_task.c  +++ linux-6.1.1/init/init_task.c
330  @@ -210,6 +210,10 @@ struct task_struct init_task  @@ -210,6 +210,10 @@ struct task_struct init_task
331   #ifdef CONFIG_SECCOMP_FILTER   #ifdef CONFIG_SECCOMP_FILTER
332          .seccomp        = { .filter_count = ATOMIC_INIT(0) },          .seccomp        = { .filter_count = ATOMIC_INIT(0) },
# Line 338  Source code for this patch is https://gi Line 338  Source code for this patch is https://gi
338   };   };
339   EXPORT_SYMBOL(init_task);   EXPORT_SYMBOL(init_task);
340    
341  --- linux-6.1-rc2.orig/kernel/kexec.c  --- linux-6.1.1.orig/kernel/kexec.c
342  +++ linux-6.1-rc2/kernel/kexec.c  +++ linux-6.1.1/kernel/kexec.c
343  @@ -16,7 +16,7 @@  @@ -16,7 +16,7 @@
344   #include <linux/syscalls.h>   #include <linux/syscalls.h>
345   #include <linux/vmalloc.h>   #include <linux/vmalloc.h>
# Line 358  Source code for this patch is https://gi Line 358  Source code for this patch is https://gi
358    
359          /* Permit LSMs and IMA to fail the kexec */          /* Permit LSMs and IMA to fail the kexec */
360          result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);          result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);
361  --- linux-6.1-rc2.orig/kernel/module/main.c  --- linux-6.1.1.orig/kernel/module/main.c
362  +++ linux-6.1-rc2/kernel/module/main.c  +++ linux-6.1.1/kernel/module/main.c
363  @@ -59,6 +59,7 @@  @@ -59,6 +59,7 @@
364    
365   #define CREATE_TRACE_POINTS   #define CREATE_TRACE_POINTS
# Line 386  Source code for this patch is https://gi Line 386  Source code for this patch is https://gi
386    
387          return 0;          return 0;
388   }   }
389  --- linux-6.1-rc2.orig/kernel/ptrace.c  --- linux-6.1.1.orig/kernel/ptrace.c
390  +++ linux-6.1-rc2/kernel/ptrace.c  +++ linux-6.1.1/kernel/ptrace.c
391  @@ -1271,6 +1271,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l  @@ -1271,6 +1271,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
392   {   {
393          struct task_struct *child;          struct task_struct *child;
# Line 412  Source code for this patch is https://gi Line 412  Source code for this patch is https://gi
412    
413          if (request == PTRACE_TRACEME) {          if (request == PTRACE_TRACEME) {
414                  ret = ptrace_traceme();                  ret = ptrace_traceme();
415  --- linux-6.1-rc2.orig/kernel/reboot.c  --- linux-6.1.1.orig/kernel/reboot.c
416  +++ linux-6.1-rc2/kernel/reboot.c  +++ linux-6.1.1/kernel/reboot.c
417  @@ -18,6 +18,7 @@  @@ -18,6 +18,7 @@
418   #include <linux/syscalls.h>   #include <linux/syscalls.h>
419   #include <linux/syscore_ops.h>   #include <linux/syscore_ops.h>
# Line 431  Source code for this patch is https://gi Line 431  Source code for this patch is https://gi
431    
432          /*          /*
433           * If pid namespaces are enabled and the current task is in a child           * If pid namespaces are enabled and the current task is in a child
434  --- linux-6.1-rc2.orig/kernel/sched/core.c  --- linux-6.1.1.orig/kernel/sched/core.c
435  +++ linux-6.1-rc2/kernel/sched/core.c  +++ linux-6.1.1/kernel/sched/core.c
436  @@ -7084,6 +7084,8 @@ int can_nice(const struct task_struct *p  @@ -7102,6 +7102,8 @@ int can_nice(const struct task_struct *p
437   SYSCALL_DEFINE1(nice, int, increment)   SYSCALL_DEFINE1(nice, int, increment)
438   {   {
439          long nice, retval;          long nice, retval;
# Line 442  Source code for this patch is https://gi Line 442  Source code for this patch is https://gi
442    
443          /*          /*
444           * Setpriority might change our priority at the same moment.           * Setpriority might change our priority at the same moment.
445  --- linux-6.1-rc2.orig/kernel/signal.c  --- linux-6.1.1.orig/kernel/signal.c
446  +++ linux-6.1-rc2/kernel/signal.c  +++ linux-6.1.1/kernel/signal.c
447  @@ -3771,6 +3771,8 @@ static inline void prepare_kill_siginfo(  @@ -3771,6 +3771,8 @@ static inline void prepare_kill_siginfo(
448   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
449   {   {
# Line 511  Source code for this patch is https://gi Line 511  Source code for this patch is https://gi
511    
512          return do_send_specific(tgid, pid, sig, info);          return do_send_specific(tgid, pid, sig, info);
513   }   }
514  --- linux-6.1-rc2.orig/kernel/sys.c  --- linux-6.1.1.orig/kernel/sys.c
515  +++ linux-6.1-rc2/kernel/sys.c  +++ linux-6.1.1/kernel/sys.c
516  @@ -219,6 +219,10 @@ SYSCALL_DEFINE3(setpriority, int, which,  @@ -219,6 +219,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
517    
518          if (which > PRIO_USER || which < PRIO_PROCESS)          if (which > PRIO_USER || which < PRIO_PROCESS)
# Line 542  Source code for this patch is https://gi Line 542  Source code for this patch is https://gi
542    
543          errno = -EFAULT;          errno = -EFAULT;
544          if (!copy_from_user(tmp, name, len)) {          if (!copy_from_user(tmp, name, len)) {
545  --- linux-6.1-rc2.orig/kernel/time/timekeeping.c  --- linux-6.1.1.orig/kernel/time/timekeeping.c
546  +++ linux-6.1-rc2/kernel/time/timekeeping.c  +++ linux-6.1.1/kernel/time/timekeeping.c
547  @@ -24,6 +24,7 @@  @@ -24,6 +24,7 @@
548   #include <linux/compiler.h>   #include <linux/compiler.h>
549   #include <linux/audit.h>   #include <linux/audit.h>
# Line 577  Source code for this patch is https://gi Line 577  Source code for this patch is https://gi
577    
578                  /*                  /*
579                   * Validate if a timespec/timeval used to inject a time                   * Validate if a timespec/timeval used to inject a time
580  --- linux-6.1-rc2.orig/net/ipv4/raw.c  --- linux-6.1.1.orig/net/ipv4/raw.c
581  +++ linux-6.1-rc2/net/ipv4/raw.c  +++ linux-6.1.1/net/ipv4/raw.c
582  @@ -744,6 +744,10 @@ static int raw_recvmsg(struct sock *sk,  @@ -744,6 +744,10 @@ static int raw_recvmsg(struct sock *sk,
583          skb = skb_recv_datagram(sk, flags, &err);          skb = skb_recv_datagram(sk, flags, &err);
584          if (!skb)          if (!skb)
# Line 590  Source code for this patch is https://gi Line 590  Source code for this patch is https://gi
590    
591          copied = skb->len;          copied = skb->len;
592          if (len < copied) {          if (len < copied) {
593  --- linux-6.1-rc2.orig/net/ipv4/udp.c  --- linux-6.1.1.orig/net/ipv4/udp.c
594  +++ linux-6.1-rc2/net/ipv4/udp.c  +++ linux-6.1.1/net/ipv4/udp.c
595  @@ -1856,6 +1856,8 @@ try_again:  @@ -1856,6 +1856,8 @@ try_again:
596          skb = __skb_recv_udp(sk, flags, &off, &err);          skb = __skb_recv_udp(sk, flags, &off, &err);
597          if (!skb)          if (!skb)
# Line 601  Source code for this patch is https://gi Line 601  Source code for this patch is https://gi
601    
602          ulen = udp_skb_len(skb);          ulen = udp_skb_len(skb);
603          copied = len;          copied = len;
604  --- linux-6.1-rc2.orig/net/ipv6/raw.c  --- linux-6.1.1.orig/net/ipv6/raw.c
605  +++ linux-6.1-rc2/net/ipv6/raw.c  +++ linux-6.1.1/net/ipv6/raw.c
606  @@ -446,6 +446,10 @@ static int rawv6_recvmsg(struct sock *sk  @@ -446,6 +446,10 @@ static int rawv6_recvmsg(struct sock *sk
607          skb = skb_recv_datagram(sk, flags, &err);          skb = skb_recv_datagram(sk, flags, &err);
608          if (!skb)          if (!skb)
# Line 614  Source code for this patch is https://gi Line 614  Source code for this patch is https://gi
614    
615          copied = skb->len;          copied = skb->len;
616          if (copied > len) {          if (copied > len) {
617  --- linux-6.1-rc2.orig/net/ipv6/udp.c  --- linux-6.1.1.orig/net/ipv6/udp.c
618  +++ linux-6.1-rc2/net/ipv6/udp.c  +++ linux-6.1.1/net/ipv6/udp.c
619  @@ -359,6 +359,8 @@ try_again:  @@ -360,6 +360,8 @@ try_again:
620          skb = __skb_recv_udp(sk, flags, &off, &err);          skb = __skb_recv_udp(sk, flags, &off, &err);
621          if (!skb)          if (!skb)
622                  return err;                  return err;
# Line 625  Source code for this patch is https://gi Line 625  Source code for this patch is https://gi
625    
626          ulen = udp6_skb_len(skb);          ulen = udp6_skb_len(skb);
627          copied = len;          copied = len;
628  --- linux-6.1-rc2.orig/net/socket.c  --- linux-6.1.1.orig/net/socket.c
629  +++ linux-6.1-rc2/net/socket.c  +++ linux-6.1.1/net/socket.c
630  @@ -1858,6 +1858,10 @@ struct file *do_accept(struct file *file  @@ -1858,6 +1858,10 @@ struct file *do_accept(struct file *file
631          if (err < 0)          if (err < 0)
632                  goto out_fd;                  goto out_fd;
# Line 638  Source code for this patch is https://gi Line 638  Source code for this patch is https://gi
638          if (upeer_sockaddr) {          if (upeer_sockaddr) {
639                  len = newsock->ops->getname(newsock,                  len = newsock->ops->getname(newsock,
640                                          (struct sockaddr *)&address, 2);                                          (struct sockaddr *)&address, 2);
641  --- linux-6.1-rc2.orig/net/unix/af_unix.c  --- linux-6.1.1.orig/net/unix/af_unix.c
642  +++ linux-6.1-rc2/net/unix/af_unix.c  +++ linux-6.1.1/net/unix/af_unix.c
643  @@ -2466,6 +2466,10 @@ int __unix_dgram_recvmsg(struct sock *sk  @@ -2466,6 +2466,10 @@ int __unix_dgram_recvmsg(struct sock *sk
644                                                  EPOLLOUT | EPOLLWRNORM |                                                  EPOLLOUT | EPOLLWRNORM |
645                                                  EPOLLWRBAND);                                                  EPOLLWRBAND);
# Line 659  Source code for this patch is https://gi Line 659  Source code for this patch is https://gi
659          mutex_unlock(&u->iolock);          mutex_unlock(&u->iolock);
660   out:   out:
661          return err;          return err;
662  --- linux-6.1-rc2.orig/security/Kconfig  --- linux-6.1.1.orig/security/Kconfig
663  +++ linux-6.1-rc2/security/Kconfig  +++ linux-6.1.1/security/Kconfig
664  @@ -260,5 +260,7 @@ config LSM  @@ -260,5 +260,7 @@ config LSM
665    
666   source "security/Kconfig.hardening"   source "security/Kconfig.hardening"
# Line 669  Source code for this patch is https://gi Line 669  Source code for this patch is https://gi
669  +  +
670   endmenu   endmenu
671    
672  --- linux-6.1-rc2.orig/security/Makefile  --- linux-6.1.1.orig/security/Makefile
673  +++ linux-6.1-rc2/security/Makefile  +++ linux-6.1.1/security/Makefile
674  @@ -27,3 +27,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK)               += land  @@ -27,3 +27,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK)               += land
675    
676   # Object integrity file lists   # Object integrity file lists
# Line 678  Source code for this patch is https://gi Line 678  Source code for this patch is https://gi
678  +  +
679  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
680  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/
681  --- linux-6.1-rc2.orig/security/security.c  --- linux-6.1.1.orig/security/security.c
682  +++ linux-6.1-rc2/security/security.c  +++ linux-6.1.1/security/security.c
683  @@ -1658,7 +1658,9 @@ int security_task_alloc(struct task_stru  @@ -1658,7 +1658,9 @@ int security_task_alloc(struct task_stru
684    
685          if (rc)          if (rc)
Legend:
Removed from v.373  
changed lines
  Added in v.374
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help