1 |
commit: 2772388a89963ed7cbc9e11c738288028110d9be |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Sep 22 15:30:14 2016 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Sep 22 15:30:14 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=2772388a |
7 |
|
8 |
grsecurity-3.1-4.7.4-201609211951 |
9 |
|
10 |
4.7.4/0000_README | 2 +- |
11 |
...> 4420_grsecurity-3.1-4.7.4-201609211951.patch} | 154 ++++++++++++--------- |
12 |
2 files changed, 90 insertions(+), 66 deletions(-) |
13 |
|
14 |
diff --git a/4.7.4/0000_README b/4.7.4/0000_README |
15 |
index 6374649..a9515bb 100644 |
16 |
--- a/4.7.4/0000_README |
17 |
+++ b/4.7.4/0000_README |
18 |
@@ -18,7 +18,7 @@ Patch: 1003_linux-4.7.4.patch |
19 |
From: http://www.kernel.org |
20 |
Desc: Linux 4.7.4 |
21 |
|
22 |
-Patch: 4420_grsecurity-3.1-4.7.4-201609152234.patch |
23 |
+Patch: 4420_grsecurity-3.1-4.7.4-201609211951.patch |
24 |
From: http://www.grsecurity.net |
25 |
Desc: hardened-sources base patch from upstream grsecurity |
26 |
|
27 |
|
28 |
diff --git a/4.7.4/4420_grsecurity-3.1-4.7.4-201609152234.patch b/4.7.4/4420_grsecurity-3.1-4.7.4-201609211951.patch |
29 |
similarity index 99% |
30 |
rename from 4.7.4/4420_grsecurity-3.1-4.7.4-201609152234.patch |
31 |
rename to 4.7.4/4420_grsecurity-3.1-4.7.4-201609211951.patch |
32 |
index 84d74fa..5bddf8c 100644 |
33 |
--- a/4.7.4/4420_grsecurity-3.1-4.7.4-201609152234.patch |
34 |
+++ b/4.7.4/4420_grsecurity-3.1-4.7.4-201609211951.patch |
35 |
@@ -956,7 +956,7 @@ index d50430c..01cc53b 100644 |
36 |
# but it is being used too early to link to meaningful stack_chk logic. |
37 |
nossp_flags := $(call cc-option, -fno-stack-protector) |
38 |
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h |
39 |
-index 9e10c45..688ea8b 100644 |
40 |
+index 9e10c45..285d152 100644 |
41 |
--- a/arch/arm/include/asm/atomic.h |
42 |
+++ b/arch/arm/include/asm/atomic.h |
43 |
@@ -18,17 +18,41 @@ |
44 |
@@ -1404,59 +1404,29 @@ index 9e10c45..688ea8b 100644 |
45 |
|
46 |
static inline long long |
47 |
atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) |
48 |
-@@ -361,6 +555,30 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) |
49 |
+@@ -360,7 +554,14 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) |
50 |
+ |
51 |
return oldval; |
52 |
} |
53 |
- #define atomic64_cmpxchg_relaxed atomic64_cmpxchg_relaxed |
54 |
-+#define atomic64_cmpxchg_unchecked_relaxed atomic64_cmpxchg_unchecked_relaxed |
55 |
+ |
56 |
+static inline long long |
57 |
+atomic64_cmpxchg_unchecked_relaxed(atomic64_unchecked_t *ptr, long long old, long long new) |
58 |
+{ |
59 |
-+ long long oldval; |
60 |
-+ unsigned long res; |
61 |
-+ |
62 |
-+ prefetchw(&ptr->counter); |
63 |
-+ |
64 |
-+ do { |
65 |
-+ __asm__ __volatile__("@ atomic64_cmpxchg_unchecked\n" |
66 |
-+ "ldrexd %1, %H1, [%3]\n" |
67 |
-+ "mov %0, #0\n" |
68 |
-+ "teq %1, %4\n" |
69 |
-+ "teqeq %H1, %H4\n" |
70 |
-+ "strexdeq %0, %5, %H5, [%3]" |
71 |
-+ : "=&r" (res), "=&r" (oldval), "+Qo" (ptr->counter) |
72 |
-+ : "r" (&ptr->counter), "r" (old), "r" (new) |
73 |
-+ : "cc"); |
74 |
-+ } while (res); |
75 |
-+ |
76 |
-+ return oldval; |
77 |
++ return atomic64_cmpxchg_relaxed((atomic64_t *)ptr, old, new); |
78 |
+} |
79 |
+ #define atomic64_cmpxchg_relaxed atomic64_cmpxchg_relaxed |
80 |
++#define atomic64_cmpxchg_unchecked_relaxed atomic64_cmpxchg_unchecked_relaxed |
81 |
|
82 |
static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) |
83 |
{ |
84 |
-@@ -380,26 +598,60 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) |
85 |
+@@ -380,26 +581,46 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) |
86 |
|
87 |
return result; |
88 |
} |
89 |
+ |
90 |
+static inline long long atomic64_xchg_unchecked_relaxed(atomic64_unchecked_t *ptr, long long new) |
91 |
+{ |
92 |
-+ long long result; |
93 |
-+ unsigned long tmp; |
94 |
-+ |
95 |
-+ prefetchw(&ptr->counter); |
96 |
-+ |
97 |
-+ __asm__ __volatile__("@ atomic64_xchg_unchecked\n" |
98 |
-+"1: ldrexd %0, %H0, [%3]\n" |
99 |
-+" strexd %1, %4, %H4, [%3]\n" |
100 |
-+" teq %1, #0\n" |
101 |
-+" bne 1b" |
102 |
-+ : "=&r" (result), "=&r" (tmp), "+Qo" (ptr->counter) |
103 |
-+ : "r" (&ptr->counter), "r" (new) |
104 |
-+ : "cc"); |
105 |
-+ |
106 |
-+ return result; |
107 |
++ return atomic64_xchg_relaxed((atomic64_t *)ptr, new); |
108 |
+} |
109 |
#define atomic64_xchg_relaxed atomic64_xchg_relaxed |
110 |
+#define atomic64_xchg_unchecked_relaxed atomic64_xchg_unchecked_relaxed |
111 |
@@ -1502,7 +1472,7 @@ index 9e10c45..688ea8b 100644 |
112 |
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) |
113 |
: "r" (&v->counter) |
114 |
: "cc"); |
115 |
-@@ -423,13 +675,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
116 |
+@@ -423,13 +644,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
117 |
" teq %0, %5\n" |
118 |
" teqeq %H0, %H5\n" |
119 |
" moveq %1, #0\n" |
120 |
@@ -1531,7 +1501,7 @@ index 9e10c45..688ea8b 100644 |
121 |
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) |
122 |
: "r" (&v->counter), "r" (u), "r" (a) |
123 |
: "cc"); |
124 |
-@@ -442,10 +706,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
125 |
+@@ -442,10 +675,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
126 |
|
127 |
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) |
128 |
#define atomic64_inc(v) atomic64_add(1LL, (v)) |
129 |
@@ -25839,7 +25809,7 @@ index a972ac4..938c163 100644 |
130 |
|
131 |
/* |
132 |
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
133 |
-index 0fe6953..a253a78 100644 |
134 |
+index 0fe6953f..a253a78 100644 |
135 |
--- a/arch/x86/kernel/cpu/common.c |
136 |
+++ b/arch/x86/kernel/cpu/common.c |
137 |
@@ -93,60 +93,6 @@ static const struct cpu_dev default_cpu = { |
138 |
@@ -26641,7 +26611,7 @@ index ef8017c..1543ef8 100644 |
139 |
NOKPROBE_SYMBOL(oops_end); |
140 |
|
141 |
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c |
142 |
-index fef917e..01f2cda 100644 |
143 |
+index fef917e..be394e2 100644 |
144 |
--- a/arch/x86/kernel/dumpstack_32.c |
145 |
+++ b/arch/x86/kernel/dumpstack_32.c |
146 |
@@ -61,13 +61,14 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, |
147 |
@@ -26702,7 +26672,7 @@ index fef917e..01f2cda 100644 |
148 |
return ud2 == 0x0b0f; |
149 |
} |
150 |
+ |
151 |
-+#if defined(CONFIG_PAX_MEMORY_STACKLEAK) || defined(CONFIG_PAX_USERCOPY) |
152 |
++#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
153 |
+void __used pax_check_alloca(unsigned long size) |
154 |
+{ |
155 |
+ unsigned long sp = (unsigned long)&sp, stack_left; |
156 |
@@ -26714,7 +26684,7 @@ index fef917e..01f2cda 100644 |
157 |
+EXPORT_SYMBOL(pax_check_alloca); |
158 |
+#endif |
159 |
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c |
160 |
-index d558a8a..059e830 100644 |
161 |
+index d558a8a..c30e5a9 100644 |
162 |
--- a/arch/x86/kernel/dumpstack_64.c |
163 |
+++ b/arch/x86/kernel/dumpstack_64.c |
164 |
@@ -158,6 +158,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, |
165 |
@@ -26791,7 +26761,7 @@ index d558a8a..059e830 100644 |
166 |
return ud2 == 0x0b0f; |
167 |
} |
168 |
+ |
169 |
-+#if defined(CONFIG_PAX_MEMORY_STACKLEAK) || defined(CONFIG_PAX_USERCOPY) |
170 |
++#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
171 |
+void __used pax_check_alloca(unsigned long size) |
172 |
+{ |
173 |
+ unsigned long sp = (unsigned long)&sp, stack_start, stack_end; |
174 |
@@ -41630,7 +41600,7 @@ index ddc4ceb..36e29aa 100644 |
175 |
} |
176 |
|
177 |
diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c |
178 |
-index 6ac2b2b..6373ebd 100644 |
179 |
+index 6ac2b2b..6373ebdc 100644 |
180 |
--- a/drivers/atm/solos-pci.c |
181 |
+++ b/drivers/atm/solos-pci.c |
182 |
@@ -849,7 +849,7 @@ static void solos_bh(unsigned long card_arg) |
183 |
@@ -64024,9 +63994,18 @@ index fdee772..6c3ba123 100644 |
184 |
}; |
185 |
|
186 |
diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
187 |
-index e16487c..95eee32 100644 |
188 |
+index e16487c..c0987f1 100644 |
189 |
--- a/drivers/net/tun.c |
190 |
+++ b/drivers/net/tun.c |
191 |
+@@ -960,7 +960,7 @@ static void tun_set_headroom(struct net_device *dev, int new_hr) |
192 |
+ { |
193 |
+ struct tun_struct *tun = netdev_priv(dev); |
194 |
+ |
195 |
+- if (new_hr < NET_SKB_PAD) |
196 |
++ if (new_hr < 0 || new_hr < NET_SKB_PAD) |
197 |
+ new_hr = NET_SKB_PAD; |
198 |
+ |
199 |
+ tun->align = new_hr; |
200 |
@@ -1558,7 +1558,7 @@ static int tun_validate(struct nlattr *tb[], struct nlattr *data[]) |
201 |
return -EINVAL; |
202 |
} |
203 |
@@ -70839,6 +70818,32 @@ index 109e2c9..7d3c9b5 100644 |
204 |
u_long s; |
205 |
int enint_coal; |
206 |
|
207 |
+diff --git a/drivers/scsi/arcmsr/arcmsr_hba.c b/drivers/scsi/arcmsr/arcmsr_hba.c |
208 |
+index 7640498..110eca9 100644 |
209 |
+--- a/drivers/scsi/arcmsr/arcmsr_hba.c |
210 |
++++ b/drivers/scsi/arcmsr/arcmsr_hba.c |
211 |
+@@ -2388,7 +2388,8 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, |
212 |
+ } |
213 |
+ case ARCMSR_MESSAGE_WRITE_WQBUFFER: { |
214 |
+ unsigned char *ver_addr; |
215 |
+- int32_t user_len, cnt2end; |
216 |
++ uint32_t user_len; |
217 |
++ int32_t cnt2end; |
218 |
+ uint8_t *pQbuffer, *ptmpuserbuffer; |
219 |
+ ver_addr = kmalloc(ARCMSR_API_DATA_BUFLEN, GFP_ATOMIC); |
220 |
+ if (!ver_addr) { |
221 |
+@@ -2397,6 +2398,11 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, |
222 |
+ } |
223 |
+ ptmpuserbuffer = ver_addr; |
224 |
+ user_len = pcmdmessagefld->cmdmessage.Length; |
225 |
++ if (user_len > ARCMSR_API_DATA_BUFLEN) { |
226 |
++ retvalue = ARCMSR_MESSAGE_FAIL; |
227 |
++ kfree(ver_addr); |
228 |
++ goto message_out; |
229 |
++ } |
230 |
+ memcpy(ptmpuserbuffer, |
231 |
+ pcmdmessagefld->messagedatabuffer, user_len); |
232 |
+ spin_lock_irqsave(&acb->wqbuffer_lock, flags); |
233 |
diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c |
234 |
index f05e773..b48c418 100644 |
235 |
--- a/drivers/scsi/be2iscsi/be_main.c |
236 |
@@ -129314,7 +129319,7 @@ index c1da539..1dcec55 100644 |
237 |
struct atmphy_ops { |
238 |
int (*start)(struct atm_dev *dev); |
239 |
diff --git a/include/linux/atomic.h b/include/linux/atomic.h |
240 |
-index e451534..1f808cc 100644 |
241 |
+index e451534..9fc0c28 100644 |
242 |
--- a/include/linux/atomic.h |
243 |
+++ b/include/linux/atomic.h |
244 |
@@ -91,6 +91,13 @@ |
245 |
@@ -129379,7 +129384,7 @@ index e451534..1f808cc 100644 |
246 |
#endif /* atomic64_xchg_relaxed */ |
247 |
|
248 |
/* atomic64_cmpxchg_relaxed */ |
249 |
-@@ -362,6 +389,12 @@ |
250 |
+@@ -362,8 +389,23 @@ |
251 |
#define atomic64_cmpxchg(...) \ |
252 |
__atomic_op_fence(atomic64_cmpxchg, __VA_ARGS__) |
253 |
#endif |
254 |
@@ -129391,8 +129396,19 @@ index e451534..1f808cc 100644 |
255 |
+ |
256 |
#endif /* atomic64_cmpxchg_relaxed */ |
257 |
|
258 |
++#ifndef atomic64_cmpxchg_unchecked_relaxed |
259 |
++#define atomic64_cmpxchg_unchecked_relaxed atomic64_cmpxchg_unchecked |
260 |
++#else |
261 |
++#ifndef atomic64_cmpxchg_unchecked |
262 |
++#define atomic64_cmpxchg_unchecked(...) \ |
263 |
++ __atomic_op_fence(atomic64_cmpxchg_unchecked, __VA_ARGS__) |
264 |
++#endif |
265 |
++#endif |
266 |
++ |
267 |
/* cmpxchg_relaxed */ |
268 |
-@@ -431,6 +464,10 @@ |
269 |
+ #ifndef cmpxchg_relaxed |
270 |
+ #define cmpxchg_relaxed cmpxchg |
271 |
+@@ -431,6 +473,10 @@ |
272 |
#ifndef xchg |
273 |
#define xchg(...) __atomic_op_fence(xchg, __VA_ARGS__) |
274 |
#endif |
275 |
@@ -129403,7 +129419,7 @@ index e451534..1f808cc 100644 |
276 |
#endif /* xchg_relaxed */ |
277 |
|
278 |
/** |
279 |
-@@ -442,7 +479,7 @@ |
280 |
+@@ -442,7 +488,7 @@ |
281 |
* Atomically adds @a to @v, so long as @v was not already @u. |
282 |
* Returns non-zero if @v was not @u, and zero otherwise. |
283 |
*/ |
284 |
@@ -149321,7 +149337,7 @@ index 5b72266..dc04ce5 100644 |
285 |
.priority = IPC_CALLBACK_PRI, /* use lowest priority */ |
286 |
}; |
287 |
diff --git a/mm/mmap.c b/mm/mmap.c |
288 |
-index de2c176..d5c0b5f 100644 |
289 |
+index de2c176..57c6313 100644 |
290 |
--- a/mm/mmap.c |
291 |
+++ b/mm/mmap.c |
292 |
@@ -43,6 +43,7 @@ |
293 |
@@ -149765,13 +149781,7 @@ index de2c176..d5c0b5f 100644 |
294 |
{ |
295 |
/* |
296 |
* We implement the search by looking for an rbtree node that |
297 |
-@@ -1630,11 +1853,20 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) |
298 |
- } |
299 |
- } |
300 |
- |
301 |
-- gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; |
302 |
-+ gap_start = vma->vm_prev ? vma->vm_prev->vm_end: 0; |
303 |
- check_current: |
304 |
+@@ -1635,6 +1858,15 @@ check_current: |
305 |
/* Check if current node has a suitable gap */ |
306 |
if (gap_start > high_limit) |
307 |
return -ENOMEM; |
308 |
@@ -161810,10 +161820,23 @@ index 9d88c62..53396b6 100644 |
309 |
#define gssx_dec_release_handle NULL |
310 |
#define gssx_enc_get_mic NULL |
311 |
diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c |
312 |
-index e085f5a..1132fd2 100644 |
313 |
+index e085f5a..c947fa5 100644 |
314 |
--- a/net/sunrpc/auth_gss/svcauth_gss.c |
315 |
+++ b/net/sunrpc/auth_gss/svcauth_gss.c |
316 |
-@@ -1141,7 +1141,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, |
317 |
+@@ -569,9 +569,10 @@ gss_svc_searchbyctx(struct cache_detail *cd, struct xdr_netobj *handle) |
318 |
+ struct rsc *found; |
319 |
+ |
320 |
+ memset(&rsci, 0, sizeof(rsci)); |
321 |
+- rsci.handle.data = handle->data; |
322 |
+- rsci.handle.len = handle->len; |
323 |
++ if (dup_to_netobj(&rsci.handle, handle->data, handle->len)) |
324 |
++ return NULL; |
325 |
+ found = rsc_lookup(cd, &rsci); |
326 |
++ rsc_free(&rsci); |
327 |
+ if (!found) |
328 |
+ return NULL; |
329 |
+ if (cache_check(cd, &found->h, NULL)) |
330 |
+@@ -1141,7 +1142,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, |
331 |
uint64_t *handle) |
332 |
{ |
333 |
struct rsc rsci, *rscp = NULL; |
334 |
@@ -161822,7 +161845,7 @@ index e085f5a..1132fd2 100644 |
335 |
long long ctxh; |
336 |
struct gss_api_mech *gm = NULL; |
337 |
time_t expiry; |
338 |
-@@ -1152,7 +1152,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, |
339 |
+@@ -1152,7 +1153,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, |
340 |
status = -ENOMEM; |
341 |
/* the handle needs to be just a unique id, |
342 |
* use a static counter */ |
343 |
@@ -213303,10 +213326,10 @@ index f72f48f..769a657 100755 |
344 |
# Find all available archs |
345 |
find_all_archs() |
346 |
diff --git a/security/Kconfig b/security/Kconfig |
347 |
-index 176758c..1222b4a 100644 |
348 |
+index 176758c..f682e8b 100644 |
349 |
--- a/security/Kconfig |
350 |
+++ b/security/Kconfig |
351 |
-@@ -4,6 +4,1021 @@ |
352 |
+@@ -4,6 +4,1022 @@ |
353 |
|
354 |
menu "Security options" |
355 |
|
356 |
@@ -214202,6 +214225,7 @@ index 176758c..1222b4a 100644 |
357 |
+config PAX_CONSTIFY_PLUGIN |
358 |
+ bool "Automatically constify eligible structures" |
359 |
+ default y |
360 |
++ depends on GCC_PLUGINS |
361 |
+ depends on !UML && PAX_KERNEXEC |
362 |
+ help |
363 |
+ By saying Y here the compiler will automatically constify a class |
364 |
@@ -214328,7 +214352,7 @@ index 176758c..1222b4a 100644 |
365 |
source security/keys/Kconfig |
366 |
|
367 |
config SECURITY_DMESG_RESTRICT |
368 |
-@@ -104,7 +1119,7 @@ config INTEL_TXT |
369 |
+@@ -104,7 +1120,7 @@ config INTEL_TXT |
370 |
config LSM_MMAP_MIN_ADDR |
371 |
int "Low address space for LSM to protect from user allocation" |
372 |
depends on SECURITY && SECURITY_SELINUX |