Develop and Download Open Source Software

CaitSith

Browse Subversion Repository

/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-6.6.diff

Diff of /trunk/caitsith-patch/patches/ccs-patch-6.6.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 386 by kumaneko, Sat Nov 11 13:41:19 2023 UTC revision 387 by kumaneko, Mon Dec 25 14:08:19 2023 UTC
# Line 1  Line 1 
1  This is TOMOYO Linux patch for kernel 6.6.1.  This is TOMOYO Linux patch for kernel 6.6.8.
2    
3  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v6.x/linux-6.6.1.tar.xz  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v6.x/linux-6.6.8.tar.xz
4  ---  ---
5   fs/exec.c                 |    2 -   fs/exec.c                 |    2 -
6   fs/open.c                 |    2 +   fs/open.c                 |    2 +
# Line 28  Source code for this patch is https://ww Line 28  Source code for this patch is https://ww
28   security/security.c       |    5 ++-   security/security.c       |    5 ++-
29   24 files changed, 151 insertions(+), 31 deletions(-)   24 files changed, 151 insertions(+), 31 deletions(-)
30    
31  --- linux-6.6.1.orig/fs/exec.c  --- linux-6.6.8.orig/fs/exec.c
32  +++ linux-6.6.1/fs/exec.c  +++ linux-6.6.8/fs/exec.c
33  @@ -1853,7 +1853,7 @@ static int bprm_execve(struct linux_binp  @@ -1853,7 +1853,7 @@ static int bprm_execve(struct linux_binp
34          if (retval)          if (retval)
35                  goto out;                  goto out;
# Line 39  Source code for this patch is https://ww Line 39  Source code for this patch is https://ww
39          if (retval < 0)          if (retval < 0)
40                  goto out;                  goto out;
41    
42  --- linux-6.6.1.orig/fs/open.c  --- linux-6.6.8.orig/fs/open.c
43  +++ linux-6.6.1/fs/open.c  +++ linux-6.6.8/fs/open.c
44  @@ -1604,6 +1604,8 @@ SYSCALL_DEFINE3(close_range, unsigned in  @@ -1604,6 +1604,8 @@ SYSCALL_DEFINE3(close_range, unsigned in
45    */    */
46   SYSCALL_DEFINE0(vhangup)   SYSCALL_DEFINE0(vhangup)
# Line 50  Source code for this patch is https://ww Line 50  Source code for this patch is https://ww
50          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
51                  tty_vhangup_self();                  tty_vhangup_self();
52                  return 0;                  return 0;
53  --- linux-6.6.1.orig/fs/proc/version.c  --- linux-6.6.8.orig/fs/proc/version.c
54  +++ linux-6.6.1/fs/proc/version.c  +++ linux-6.6.8/fs/proc/version.c
55  @@ -25,3 +25,10 @@ static int __init proc_version_init(void  @@ -25,3 +25,10 @@ static int __init proc_version_init(void
56          return 0;          return 0;
57   }   }
# Line 59  Source code for this patch is https://ww Line 59  Source code for this patch is https://ww
59  +  +
60  +static int __init ccs_show_version(void)  +static int __init ccs_show_version(void)
61  +{  +{
62  +       printk(KERN_INFO "Hook version: 6.6.1 2023/11/11\n");  +       printk(KERN_INFO "Hook version: 6.6.8 2023/12/25\n");
63  +       return 0;  +       return 0;
64  +}  +}
65  +fs_initcall(ccs_show_version);  +fs_initcall(ccs_show_version);
66  --- linux-6.6.1.orig/include/linux/sched.h  --- linux-6.6.8.orig/include/linux/sched.h
67  +++ linux-6.6.1/include/linux/sched.h  +++ linux-6.6.8/include/linux/sched.h
68  @@ -46,6 +46,7 @@ struct blk_plug;  @@ -46,6 +46,7 @@ struct blk_plug;
69   struct bpf_local_storage;   struct bpf_local_storage;
70   struct bpf_run_ctx;   struct bpf_run_ctx;
# Line 84  Source code for this patch is https://ww Line 84  Source code for this patch is https://ww
84    
85   #ifdef CONFIG_TRACING   #ifdef CONFIG_TRACING
86          /* Bitmask and counter of trace recursion: */          /* Bitmask and counter of trace recursion: */
87  --- linux-6.6.1.orig/include/linux/security.h  --- linux-6.6.8.orig/include/linux/security.h
88  +++ linux-6.6.1/include/linux/security.h  +++ linux-6.6.8/include/linux/security.h
89  @@ -60,6 +60,7 @@ struct fs_parameter;  @@ -60,6 +60,7 @@ struct fs_parameter;
90   enum fs_value_type;   enum fs_value_type;
91   struct watch;   struct watch;
# Line 311  Source code for this patch is https://ww Line 311  Source code for this patch is https://ww
311   }   }
312   #endif /* CONFIG_SECURITY_PATH */   #endif /* CONFIG_SECURITY_PATH */
313    
314  --- linux-6.6.1.orig/include/net/ip.h  --- linux-6.6.8.orig/include/net/ip.h
315  +++ linux-6.6.1/include/net/ip.h  +++ linux-6.6.8/include/net/ip.h
316  @@ -355,6 +355,8 @@ void inet_sk_get_local_port_range(const  @@ -355,6 +355,8 @@ void inet_sk_get_local_port_range(const
317   #ifdef CONFIG_SYSCTL   #ifdef CONFIG_SYSCTL
318   static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)   static inline bool inet_is_local_reserved_port(struct net *net, unsigned short port)
# Line 331  Source code for this patch is https://ww Line 331  Source code for this patch is https://ww
331          return false;          return false;
332   }   }
333    
334  --- linux-6.6.1.orig/init/init_task.c  --- linux-6.6.8.orig/init/init_task.c
335  +++ linux-6.6.1/init/init_task.c  +++ linux-6.6.8/init/init_task.c
336  @@ -210,6 +210,10 @@ struct task_struct init_task  @@ -210,6 +210,10 @@ struct task_struct init_task
337   #ifdef CONFIG_SECCOMP_FILTER   #ifdef CONFIG_SECCOMP_FILTER
338          .seccomp        = { .filter_count = ATOMIC_INIT(0) },          .seccomp        = { .filter_count = ATOMIC_INIT(0) },
# Line 344  Source code for this patch is https://ww Line 344  Source code for this patch is https://ww
344   };   };
345   EXPORT_SYMBOL(init_task);   EXPORT_SYMBOL(init_task);
346    
347  --- linux-6.6.1.orig/kernel/kexec.c  --- linux-6.6.8.orig/kernel/kexec.c
348  +++ linux-6.6.1/kernel/kexec.c  +++ linux-6.6.8/kernel/kexec.c
349  @@ -16,7 +16,7 @@  @@ -16,7 +16,7 @@
350   #include <linux/syscalls.h>   #include <linux/syscalls.h>
351   #include <linux/vmalloc.h>   #include <linux/vmalloc.h>
# Line 364  Source code for this patch is https://ww Line 364  Source code for this patch is https://ww
364    
365          /* Permit LSMs and IMA to fail the kexec */          /* Permit LSMs and IMA to fail the kexec */
366          result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);          result = security_kernel_load_data(LOADING_KEXEC_IMAGE, false);
367  --- linux-6.6.1.orig/kernel/module/main.c  --- linux-6.6.8.orig/kernel/module/main.c
368  +++ linux-6.6.1/kernel/module/main.c  +++ linux-6.6.8/kernel/module/main.c
369  @@ -62,6 +62,7 @@  @@ -62,6 +62,7 @@
370    
371   #define CREATE_TRACE_POINTS   #define CREATE_TRACE_POINTS
# Line 392  Source code for this patch is https://ww Line 392  Source code for this patch is https://ww
392    
393          return 0;          return 0;
394   }   }
395  --- linux-6.6.1.orig/kernel/ptrace.c  --- linux-6.6.8.orig/kernel/ptrace.c
396  +++ linux-6.6.1/kernel/ptrace.c  +++ linux-6.6.8/kernel/ptrace.c
397  @@ -1280,6 +1280,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l  @@ -1280,6 +1280,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
398   {   {
399          struct task_struct *child;          struct task_struct *child;
# Line 418  Source code for this patch is https://ww Line 418  Source code for this patch is https://ww
418    
419          if (request == PTRACE_TRACEME) {          if (request == PTRACE_TRACEME) {
420                  ret = ptrace_traceme();                  ret = ptrace_traceme();
421  --- linux-6.6.1.orig/kernel/reboot.c  --- linux-6.6.8.orig/kernel/reboot.c
422  +++ linux-6.6.1/kernel/reboot.c  +++ linux-6.6.8/kernel/reboot.c
423  @@ -18,6 +18,7 @@  @@ -18,6 +18,7 @@
424   #include <linux/syscalls.h>   #include <linux/syscalls.h>
425   #include <linux/syscore_ops.h>   #include <linux/syscore_ops.h>
# Line 428  Source code for this patch is https://ww Line 428  Source code for this patch is https://ww
428    
429   /*   /*
430    * this indicates whether you can reboot with ctrl-alt-del: the default is yes    * this indicates whether you can reboot with ctrl-alt-del: the default is yes
431  @@ -715,6 +716,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int  @@ -716,6 +717,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
432                          magic2 != LINUX_REBOOT_MAGIC2B &&                          magic2 != LINUX_REBOOT_MAGIC2B &&
433                          magic2 != LINUX_REBOOT_MAGIC2C))                          magic2 != LINUX_REBOOT_MAGIC2C))
434                  return -EINVAL;                  return -EINVAL;
# Line 437  Source code for this patch is https://ww Line 437  Source code for this patch is https://ww
437    
438          /*          /*
439           * If pid namespaces are enabled and the current task is in a child           * If pid namespaces are enabled and the current task is in a child
440  --- linux-6.6.1.orig/kernel/sched/core.c  --- linux-6.6.8.orig/kernel/sched/core.c
441  +++ linux-6.6.1/kernel/sched/core.c  +++ linux-6.6.8/kernel/sched/core.c
442  @@ -7276,6 +7276,8 @@ int can_nice(const struct task_struct *p  @@ -7277,6 +7277,8 @@ int can_nice(const struct task_struct *p
443   SYSCALL_DEFINE1(nice, int, increment)   SYSCALL_DEFINE1(nice, int, increment)
444   {   {
445          long nice, retval;          long nice, retval;
# Line 448  Source code for this patch is https://ww Line 448  Source code for this patch is https://ww
448    
449          /*          /*
450           * Setpriority might change our priority at the same moment.           * Setpriority might change our priority at the same moment.
451  --- linux-6.6.1.orig/kernel/signal.c  --- linux-6.6.8.orig/kernel/signal.c
452  +++ linux-6.6.1/kernel/signal.c  +++ linux-6.6.8/kernel/signal.c
453  @@ -3807,6 +3807,8 @@ static inline void prepare_kill_siginfo(  @@ -3807,6 +3807,8 @@ static inline void prepare_kill_siginfo(
454   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
455   {   {
# Line 517  Source code for this patch is https://ww Line 517  Source code for this patch is https://ww
517    
518          return do_send_specific(tgid, pid, sig, info);          return do_send_specific(tgid, pid, sig, info);
519   }   }
520  --- linux-6.6.1.orig/kernel/sys.c  --- linux-6.6.8.orig/kernel/sys.c
521  +++ linux-6.6.1/kernel/sys.c  +++ linux-6.6.8/kernel/sys.c
522  @@ -226,6 +226,10 @@ SYSCALL_DEFINE3(setpriority, int, which,  @@ -226,6 +226,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
523    
524          if (which > PRIO_USER || which < PRIO_PROCESS)          if (which > PRIO_USER || which < PRIO_PROCESS)
# Line 548  Source code for this patch is https://ww Line 548  Source code for this patch is https://ww
548    
549          errno = -EFAULT;          errno = -EFAULT;
550          if (!copy_from_user(tmp, name, len)) {          if (!copy_from_user(tmp, name, len)) {
551  --- linux-6.6.1.orig/kernel/time/timekeeping.c  --- linux-6.6.8.orig/kernel/time/timekeeping.c
552  +++ linux-6.6.1/kernel/time/timekeeping.c  +++ linux-6.6.8/kernel/time/timekeeping.c
553  @@ -24,6 +24,7 @@  @@ -24,6 +24,7 @@
554   #include <linux/compiler.h>   #include <linux/compiler.h>
555   #include <linux/audit.h>   #include <linux/audit.h>
# Line 583  Source code for this patch is https://ww Line 583  Source code for this patch is https://ww
583    
584                  /*                  /*
585                   * Validate if a timespec/timeval used to inject a time                   * Validate if a timespec/timeval used to inject a time
586  --- linux-6.6.1.orig/net/ipv4/raw.c  --- linux-6.6.8.orig/net/ipv4/raw.c
587  +++ linux-6.6.1/net/ipv4/raw.c  +++ linux-6.6.8/net/ipv4/raw.c
588  @@ -744,6 +744,10 @@ static int raw_recvmsg(struct sock *sk,  @@ -744,6 +744,10 @@ static int raw_recvmsg(struct sock *sk,
589          skb = skb_recv_datagram(sk, flags, &err);          skb = skb_recv_datagram(sk, flags, &err);
590          if (!skb)          if (!skb)
# Line 596  Source code for this patch is https://ww Line 596  Source code for this patch is https://ww
596    
597          copied = skb->len;          copied = skb->len;
598          if (len < copied) {          if (len < copied) {
599  --- linux-6.6.1.orig/net/ipv4/udp.c  --- linux-6.6.8.orig/net/ipv4/udp.c
600  +++ linux-6.6.1/net/ipv4/udp.c  +++ linux-6.6.8/net/ipv4/udp.c
601  @@ -1806,6 +1806,8 @@ try_again:  @@ -1806,6 +1806,8 @@ try_again:
602          skb = __skb_recv_udp(sk, flags, &off, &err);          skb = __skb_recv_udp(sk, flags, &off, &err);
603          if (!skb)          if (!skb)
# Line 607  Source code for this patch is https://ww Line 607  Source code for this patch is https://ww
607    
608          ulen = udp_skb_len(skb);          ulen = udp_skb_len(skb);
609          copied = len;          copied = len;
610  --- linux-6.6.1.orig/net/ipv6/raw.c  --- linux-6.6.8.orig/net/ipv6/raw.c
611  +++ linux-6.6.1/net/ipv6/raw.c  +++ linux-6.6.8/net/ipv6/raw.c
612  @@ -444,6 +444,10 @@ static int rawv6_recvmsg(struct sock *sk  @@ -444,6 +444,10 @@ static int rawv6_recvmsg(struct sock *sk
613          skb = skb_recv_datagram(sk, flags, &err);          skb = skb_recv_datagram(sk, flags, &err);
614          if (!skb)          if (!skb)
# Line 620  Source code for this patch is https://ww Line 620  Source code for this patch is https://ww
620    
621          copied = skb->len;          copied = skb->len;
622          if (copied > len) {          if (copied > len) {
623  --- linux-6.6.1.orig/net/ipv6/udp.c  --- linux-6.6.8.orig/net/ipv6/udp.c
624  +++ linux-6.6.1/net/ipv6/udp.c  +++ linux-6.6.8/net/ipv6/udp.c
625  @@ -342,6 +342,8 @@ try_again:  @@ -342,6 +342,8 @@ try_again:
626          skb = __skb_recv_udp(sk, flags, &off, &err);          skb = __skb_recv_udp(sk, flags, &off, &err);
627          if (!skb)          if (!skb)
# Line 631  Source code for this patch is https://ww Line 631  Source code for this patch is https://ww
631    
632          ulen = udp6_skb_len(skb);          ulen = udp6_skb_len(skb);
633          copied = len;          copied = len;
634  --- linux-6.6.1.orig/net/socket.c  --- linux-6.6.8.orig/net/socket.c
635  +++ linux-6.6.1/net/socket.c  +++ linux-6.6.8/net/socket.c
636  @@ -1933,6 +1933,10 @@ struct file *do_accept(struct file *file  @@ -1933,6 +1933,10 @@ struct file *do_accept(struct file *file
637          if (err < 0)          if (err < 0)
638                  goto out_fd;                  goto out_fd;
# Line 644  Source code for this patch is https://ww Line 644  Source code for this patch is https://ww
644          if (upeer_sockaddr) {          if (upeer_sockaddr) {
645                  len = ops->getname(newsock, (struct sockaddr *)&address, 2);                  len = ops->getname(newsock, (struct sockaddr *)&address, 2);
646                  if (len < 0) {                  if (len < 0) {
647  --- linux-6.6.1.orig/net/unix/af_unix.c  --- linux-6.6.8.orig/net/unix/af_unix.c
648  +++ linux-6.6.1/net/unix/af_unix.c  +++ linux-6.6.8/net/unix/af_unix.c
649  @@ -2390,6 +2390,10 @@ int __unix_dgram_recvmsg(struct sock *sk  @@ -2388,6 +2388,10 @@ int __unix_dgram_recvmsg(struct sock *sk
650                                                  EPOLLOUT | EPOLLWRNORM |                                                  EPOLLOUT | EPOLLWRNORM |
651                                                  EPOLLWRBAND);                                                  EPOLLWRBAND);
652    
# Line 657  Source code for this patch is https://ww Line 657  Source code for this patch is https://ww
657          if (msg->msg_name)          if (msg->msg_name)
658                  unix_copy_addr(msg, skb->sk);                  unix_copy_addr(msg, skb->sk);
659    
660  @@ -2440,6 +2444,7 @@ int __unix_dgram_recvmsg(struct sock *sk  @@ -2438,6 +2442,7 @@ int __unix_dgram_recvmsg(struct sock *sk
661    
662   out_free:   out_free:
663          skb_free_datagram(sk, skb);          skb_free_datagram(sk, skb);
# Line 665  Source code for this patch is https://ww Line 665  Source code for this patch is https://ww
665          mutex_unlock(&u->iolock);          mutex_unlock(&u->iolock);
666   out:   out:
667          return err;          return err;
668  --- linux-6.6.1.orig/security/Kconfig  --- linux-6.6.8.orig/security/Kconfig
669  +++ linux-6.6.1/security/Kconfig  +++ linux-6.6.8/security/Kconfig
670  @@ -249,5 +249,7 @@ config LSM  @@ -249,5 +249,7 @@ config LSM
671    
672   source "security/Kconfig.hardening"   source "security/Kconfig.hardening"
# Line 675  Source code for this patch is https://ww Line 675  Source code for this patch is https://ww
675  +  +
676   endmenu   endmenu
677    
678  --- linux-6.6.1.orig/security/Makefile  --- linux-6.6.8.orig/security/Makefile
679  +++ linux-6.6.1/security/Makefile  +++ linux-6.6.8/security/Makefile
680  @@ -27,3 +27,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK)               += land  @@ -27,3 +27,6 @@ obj-$(CONFIG_SECURITY_LANDLOCK)               += land
681    
682   # Object integrity file lists   # Object integrity file lists
# Line 684  Source code for this patch is https://ww Line 684  Source code for this patch is https://ww
684  +  +
685  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
686  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/
687  --- linux-6.6.1.orig/security/security.c  --- linux-6.6.8.orig/security/security.c
688  +++ linux-6.6.1/security/security.c  +++ linux-6.6.8/security/security.c
689  @@ -2870,7 +2870,9 @@ int security_task_alloc(struct task_stru  @@ -2870,7 +2870,9 @@ int security_task_alloc(struct task_stru
690    
691          if (rc)          if (rc)
Legend:
Removed from v.386  
changed lines
  Added in v.387
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help