From e60feda2fa2454e00dd01f51d5ec3473bcb2ce61 Mon Sep 17 00:00:00 2001
From: Marcin Deranek <marcin.deranek@slonko.net>
Date: Fri, 25 Mar 2022 19:11:47 +0100
Subject: sys-kernel/hardened-sources added 5.16 branch

---
 .../files/9999_revert-conflicts-v1.patch           | 27 ++++++++++++++++++++++
 .../files/9999_revert-conflicts-v2.patch           | 23 ++++++++++++++++++
 .../files/9999_revert-conflicts.patch              | 27 ----------------------
 .../files/linux-hardened-gentoo-v1.patch           | 11 +++++++++
 .../files/linux-hardened-gentoo-v2.patch           | 10 ++++++++
 .../files/linux-hardened-gentoo.patch              | 11 ---------
 6 files changed, 71 insertions(+), 38 deletions(-)
 create mode 100644 sys-kernel/hardened-sources/files/9999_revert-conflicts-v1.patch
 create mode 100644 sys-kernel/hardened-sources/files/9999_revert-conflicts-v2.patch
 delete mode 100644 sys-kernel/hardened-sources/files/9999_revert-conflicts.patch
 create mode 100644 sys-kernel/hardened-sources/files/linux-hardened-gentoo-v1.patch
 create mode 100644 sys-kernel/hardened-sources/files/linux-hardened-gentoo-v2.patch
 delete mode 100644 sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch

(limited to 'sys-kernel/hardened-sources/files')

diff --git a/sys-kernel/hardened-sources/files/9999_revert-conflicts-v1.patch b/sys-kernel/hardened-sources/files/9999_revert-conflicts-v1.patch
new file mode 100644
index 0000000..b46aa1c
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/9999_revert-conflicts-v1.patch
@@ -0,0 +1,27 @@
+Reverse conflicting patches
+
+diff --git a/mm/Kconfig b/mm/Kconfig
+index 24c045b24..e13fc740c 100644
+--- a/mm/Kconfig
++++ b/mm/Kconfig
+@@ -321,8 +321,6 @@ config KSM
+ config DEFAULT_MMAP_MIN_ADDR
+ 	int "Low address space to protect from user allocation"
+ 	depends on MMU
+-	default 65536 if ( X86_64 || X86_32 || PPC64 || IA64 ) && GENTOO_KERNEL_SELF_PROTECTION
+-	default 32768 if ( ARM64 || ARM ) && GENTOO_KERNEL_SELF_PROTECTION
+ 	default 4096
+ 	help
+ 	  This is the portion of low virtual memory which should be protected
+diff --git a/security/Kconfig b/security/Kconfig
+index 7561f6f99..01f0bf73f 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -166,7 +166,6 @@ config HARDENED_USERCOPY
+ config HARDENED_USERCOPY_FALLBACK
+ 	bool "Allow usercopy whitelist violations to fallback to object size"
+ 	depends on HARDENED_USERCOPY
+-	depends on !GENTOO_KERNEL_SELF_PROTECTION
+ 	default y
+ 	help
+ 	  This is a temporary option that allows missing usercopy whitelists
diff --git a/sys-kernel/hardened-sources/files/9999_revert-conflicts-v2.patch b/sys-kernel/hardened-sources/files/9999_revert-conflicts-v2.patch
new file mode 100644
index 0000000..fabe571
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/9999_revert-conflicts-v2.patch
@@ -0,0 +1,23 @@
+Reverse conflicting patches
+
+--- a/mm/Kconfig
++++ b/mm/Kconfig
+@@ -321,8 +321,6 @@ config KSM
+ config DEFAULT_MMAP_MIN_ADDR
+ 	int "Low address space to protect from user allocation"
+ 	depends on MMU
+-	default 65536 if ( X86_64 || X86_32 || PPC64 || IA64 ) && GENTOO_KERNEL_SELF_PROTECTION
+-	default 32768 if ( ARM64 || ARM ) && GENTOO_KERNEL_SELF_PROTECTION
+ 	default 4096
+ 	help
+ 	  This is the portion of low virtual memory which should be protected
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -167,7 +167,6 @@ config HARDENED_USERCOPY_PAGESPAN
+ 	bool "Refuse to copy allocations that span multiple pages"
+ 	depends on HARDENED_USERCOPY
+ 	depends on EXPERT
+-	depends on !GENTOO_KERNEL_SELF_PROTECTION
+ 	help
+ 	  When a multi-page allocation is done without __GFP_COMP,
+ 	  hardened usercopy will reject attempts to copy it. There are,
diff --git a/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch b/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch
deleted file mode 100644
index b46aa1c..0000000
--- a/sys-kernel/hardened-sources/files/9999_revert-conflicts.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Reverse conflicting patches
-
-diff --git a/mm/Kconfig b/mm/Kconfig
-index 24c045b24..e13fc740c 100644
---- a/mm/Kconfig
-+++ b/mm/Kconfig
-@@ -321,8 +321,6 @@ config KSM
- config DEFAULT_MMAP_MIN_ADDR
- 	int "Low address space to protect from user allocation"
- 	depends on MMU
--	default 65536 if ( X86_64 || X86_32 || PPC64 || IA64 ) && GENTOO_KERNEL_SELF_PROTECTION
--	default 32768 if ( ARM64 || ARM ) && GENTOO_KERNEL_SELF_PROTECTION
- 	default 4096
- 	help
- 	  This is the portion of low virtual memory which should be protected
-diff --git a/security/Kconfig b/security/Kconfig
-index 7561f6f99..01f0bf73f 100644
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -166,7 +166,6 @@ config HARDENED_USERCOPY
- config HARDENED_USERCOPY_FALLBACK
- 	bool "Allow usercopy whitelist violations to fallback to object size"
- 	depends on HARDENED_USERCOPY
--	depends on !GENTOO_KERNEL_SELF_PROTECTION
- 	default y
- 	help
- 	  This is a temporary option that allows missing usercopy whitelists
diff --git a/sys-kernel/hardened-sources/files/linux-hardened-gentoo-v1.patch b/sys-kernel/hardened-sources/files/linux-hardened-gentoo-v1.patch
new file mode 100644
index 0000000..5bd9820
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/linux-hardened-gentoo-v1.patch
@@ -0,0 +1,11 @@
+diff --git a/security/Kconfig b/security/Kconfig
+index 7561f6f99..01f0bf73f 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -166,5 +166,6 @@ config HARDENED_USERCOPY
+ config HARDENED_USERCOPY_FALLBACK
+ 	bool "Allow usercopy whitelist violations to fallback to object size"
+ 	depends on HARDENED_USERCOPY
++	depends on !GENTOO_KERNEL_SELF_PROTECTION
+ 	help
+ 	  This is a temporary option that allows missing usercopy whitelists
diff --git a/sys-kernel/hardened-sources/files/linux-hardened-gentoo-v2.patch b/sys-kernel/hardened-sources/files/linux-hardened-gentoo-v2.patch
new file mode 100644
index 0000000..6e32cd1
--- /dev/null
+++ b/sys-kernel/hardened-sources/files/linux-hardened-gentoo-v2.patch
@@ -0,0 +1,10 @@
+--- a/security/Kconfig	2021-12-05 18:20:55.655677710 -0500
++++ b/security/Kconfig	2021-12-05 18:23:42.404251618 -0500
+@@ -167,6 +167,7 @@ config HARDENED_USERCOPY_PAGESPAN
+ 	bool "Refuse to copy allocations that span multiple pages"
+ 	depends on HARDENED_USERCOPY
+ 	depends on EXPERT
++	depends on !GENTOO_KERNEL_SELF_PROTECTION
+ 	help
+ 	  When a multi-page allocation is done without __GFP_COMP,
+ 	  hardened usercopy will reject attempts to copy it. There are,
diff --git a/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch b/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch
deleted file mode 100644
index 5bd9820..0000000
--- a/sys-kernel/hardened-sources/files/linux-hardened-gentoo.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff --git a/security/Kconfig b/security/Kconfig
-index 7561f6f99..01f0bf73f 100644
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -166,5 +166,6 @@ config HARDENED_USERCOPY
- config HARDENED_USERCOPY_FALLBACK
- 	bool "Allow usercopy whitelist violations to fallback to object size"
- 	depends on HARDENED_USERCOPY
-+	depends on !GENTOO_KERNEL_SELF_PROTECTION
- 	help
- 	  This is a temporary option that allows missing usercopy whitelists
-- 
cgit v1.2.3