1 |
commit: 6945acd26a70cab18361185055af47ca9257acd4 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jul 8 14:06:25 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jul 8 14:06:25 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=6945acd2 |
7 |
|
8 |
Grsec/PaX: 2.9-{2.6.32.59,3.2.22,3.4.4}-201207080925 |
9 |
|
10 |
--- |
11 |
2.6.32/0000_README | 2 +- |
12 |
..._grsecurity-2.9.1-2.6.32.59-201207080923.patch} | 2189 +++++++++++++++++--- |
13 |
{3.2.21 => 3.2.22}/0000_README | 2 +- |
14 |
...4420_grsecurity-2.9.1-3.2.22-201207080924.patch | 1063 ++++++---- |
15 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
16 |
{3.2.21 => 3.2.22}/4435_grsec-mute-warnings.patch | 0 |
17 |
.../4440_grsec-remove-protected-paths.patch | 0 |
18 |
.../4445_grsec-pax-without-grsec.patch | 0 |
19 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
20 |
{3.2.21 => 3.2.22}/4455_grsec-kconfig-gentoo.patch | 0 |
21 |
.../4460-grsec-kconfig-proc-user.patch | 0 |
22 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
23 |
{3.2.21 => 3.2.22}/4470_disable-compat_vdso.patch | 0 |
24 |
3.4.4/0000_README | 2 +- |
25 |
...4420_grsecurity-2.9.1-3.4.4-201207080925.patch} | 101 +- |
26 |
scripts/just_fetch.pl | 4 +- |
27 |
16 files changed, 2637 insertions(+), 726 deletions(-) |
28 |
|
29 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
30 |
index 8f54317..2011830 100644 |
31 |
--- a/2.6.32/0000_README |
32 |
+++ b/2.6.32/0000_README |
33 |
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch |
34 |
From: http://www.kernel.org |
35 |
Desc: Linux 2.6.32.59 |
36 |
|
37 |
-Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch |
38 |
+Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch |
39 |
From: http://www.grsecurity.net |
40 |
Desc: hardened-sources base patch from upstream grsecurity |
41 |
|
42 |
|
43 |
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch |
44 |
similarity index 98% |
45 |
rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch |
46 |
rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch |
47 |
index 8602df6..2ebb2bb 100644 |
48 |
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207021919.patch |
49 |
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207080923.patch |
50 |
@@ -185,10 +185,22 @@ index e1efc40..e7a5667 100644 |
51 |
zconf.hash.c |
52 |
+zoffset.h |
53 |
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt |
54 |
-index c840e7d..f4c451c 100644 |
55 |
+index c840e7d..ad11cac 100644 |
56 |
--- a/Documentation/kernel-parameters.txt |
57 |
+++ b/Documentation/kernel-parameters.txt |
58 |
-@@ -1837,6 +1837,13 @@ and is between 256 and 4096 characters. It is defined in the file |
59 |
+@@ -1725,6 +1725,11 @@ and is between 256 and 4096 characters. It is defined in the file |
60 |
+ |
61 |
+ noresidual [PPC] Don't use residual data on PReP machines. |
62 |
+ |
63 |
++ nordrand [X86] Disable the direct use of the RDRAND |
64 |
++ instruction even if it is supported by the |
65 |
++ processor. RDRAND is still available to user |
66 |
++ space applications. |
67 |
++ |
68 |
+ noresume [SWSUSP] Disables resume and restores original swap |
69 |
+ space. |
70 |
+ |
71 |
+@@ -1837,6 +1842,13 @@ and is between 256 and 4096 characters. It is defined in the file |
72 |
the specified number of seconds. This is to be used if |
73 |
your oopses keep scrolling off the screen. |
74 |
|
75 |
@@ -8557,7 +8569,7 @@ index d1b93c4..ae1b7fd 100644 |
76 |
void default_idle(void); |
77 |
|
78 |
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
79 |
-index 73ae02a..f932de5 100644 |
80 |
+index 73ae02a..1468e63 100644 |
81 |
--- a/arch/x86/Kconfig |
82 |
+++ b/arch/x86/Kconfig |
83 |
@@ -223,7 +223,7 @@ config X86_TRAMPOLINE |
84 |
@@ -8596,7 +8608,23 @@ index 73ae02a..f932de5 100644 |
85 |
default 0x40000000 if VMSPLIT_1G |
86 |
default 0xC0000000 |
87 |
depends on X86_32 |
88 |
-@@ -1460,6 +1460,7 @@ config SECCOMP |
89 |
+@@ -1428,6 +1428,15 @@ config ARCH_USES_PG_UNCACHED |
90 |
+ def_bool y |
91 |
+ depends on X86_PAT |
92 |
+ |
93 |
++config ARCH_RANDOM |
94 |
++ def_bool y |
95 |
++ prompt "x86 architectural random number generator" if EXPERT |
96 |
++ ---help--- |
97 |
++ Enable the x86 architectural RDRAND instruction |
98 |
++ (Intel Bull Mountain technology) to generate random numbers. |
99 |
++ If supported, this is a high bandwidth, cryptographically |
100 |
++ secure hardware random number generator. |
101 |
++ |
102 |
+ config EFI |
103 |
+ bool "EFI runtime service support" |
104 |
+ depends on ACPI |
105 |
+@@ -1460,6 +1469,7 @@ config SECCOMP |
106 |
|
107 |
config CC_STACKPROTECTOR |
108 |
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" |
109 |
@@ -8604,7 +8632,7 @@ index 73ae02a..f932de5 100644 |
110 |
---help--- |
111 |
This option turns on the -fstack-protector GCC feature. This |
112 |
feature puts, at the beginning of functions, a canary value on |
113 |
-@@ -1517,6 +1518,7 @@ config KEXEC_JUMP |
114 |
+@@ -1517,6 +1527,7 @@ config KEXEC_JUMP |
115 |
config PHYSICAL_START |
116 |
hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP) |
117 |
default "0x1000000" |
118 |
@@ -8612,7 +8640,7 @@ index 73ae02a..f932de5 100644 |
119 |
---help--- |
120 |
This gives the physical address where the kernel is loaded. |
121 |
|
122 |
-@@ -1581,6 +1583,7 @@ config PHYSICAL_ALIGN |
123 |
+@@ -1581,6 +1592,7 @@ config PHYSICAL_ALIGN |
124 |
hex |
125 |
prompt "Alignment value to which kernel should be aligned" if X86_32 |
126 |
default "0x1000000" |
127 |
@@ -8620,7 +8648,7 @@ index 73ae02a..f932de5 100644 |
128 |
range 0x2000 0x1000000 |
129 |
---help--- |
130 |
This value puts the alignment restrictions on physical address |
131 |
-@@ -1612,9 +1615,10 @@ config HOTPLUG_CPU |
132 |
+@@ -1612,9 +1624,10 @@ config HOTPLUG_CPU |
133 |
Say N if you want to disable CPU hotplug. |
134 |
|
135 |
config COMPAT_VDSO |
136 |
@@ -8806,7 +8834,7 @@ index f543b70..b60fba8 100644 |
137 |
jmp 1b |
138 |
2: |
139 |
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S |
140 |
-index 077e1b6..2c6b13b 100644 |
141 |
+index 077e1b6..2c6b13b5 100644 |
142 |
--- a/arch/x86/boot/compressed/head_64.S |
143 |
+++ b/arch/x86/boot/compressed/head_64.S |
144 |
@@ -91,7 +91,7 @@ ENTRY(startup_32) |
145 |
@@ -10067,6 +10095,87 @@ index 20370c6..a2eb9b0 100644 |
146 |
"setc %%bl\n\t" |
147 |
"popl %%ebp\n\t" |
148 |
"popl %%edi\n\t" |
149 |
+diff --git a/arch/x86/include/asm/archrandom.h b/arch/x86/include/asm/archrandom.h |
150 |
+new file mode 100644 |
151 |
+index 0000000..0d9ec77 |
152 |
+--- /dev/null |
153 |
++++ b/arch/x86/include/asm/archrandom.h |
154 |
+@@ -0,0 +1,75 @@ |
155 |
++/* |
156 |
++ * This file is part of the Linux kernel. |
157 |
++ * |
158 |
++ * Copyright (c) 2011, Intel Corporation |
159 |
++ * Authors: Fenghua Yu <fenghua.yu@×××××.com>, |
160 |
++ * H. Peter Anvin <hpa@×××××××××××.com> |
161 |
++ * |
162 |
++ * This program is free software; you can redistribute it and/or modify it |
163 |
++ * under the terms and conditions of the GNU General Public License, |
164 |
++ * version 2, as published by the Free Software Foundation. |
165 |
++ * |
166 |
++ * This program is distributed in the hope it will be useful, but WITHOUT |
167 |
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
168 |
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
169 |
++ * more details. |
170 |
++ * |
171 |
++ * You should have received a copy of the GNU General Public License along with |
172 |
++ * this program; if not, write to the Free Software Foundation, Inc., |
173 |
++ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. |
174 |
++ * |
175 |
++ */ |
176 |
++ |
177 |
++#ifndef ASM_X86_ARCHRANDOM_H |
178 |
++#define ASM_X86_ARCHRANDOM_H |
179 |
++ |
180 |
++#include <asm/processor.h> |
181 |
++#include <asm/cpufeature.h> |
182 |
++#include <asm/alternative.h> |
183 |
++#include <asm/nops.h> |
184 |
++ |
185 |
++#define RDRAND_RETRY_LOOPS 10 |
186 |
++ |
187 |
++#define RDRAND_INT ".byte 0x0f,0xc7,0xf0" |
188 |
++#ifdef CONFIG_X86_64 |
189 |
++# define RDRAND_LONG ".byte 0x48,0x0f,0xc7,0xf0" |
190 |
++#else |
191 |
++# define RDRAND_LONG RDRAND_INT |
192 |
++#endif |
193 |
++ |
194 |
++#ifdef CONFIG_ARCH_RANDOM |
195 |
++ |
196 |
++#define GET_RANDOM(name, type, rdrand, nop) \ |
197 |
++static inline int name(type *v) \ |
198 |
++{ \ |
199 |
++ int ok; \ |
200 |
++ alternative_io("movl $0, %0\n\t" \ |
201 |
++ nop, \ |
202 |
++ "\n1: " rdrand "\n\t" \ |
203 |
++ "jc 2f\n\t" \ |
204 |
++ "decl %0\n\t" \ |
205 |
++ "jnz 1b\n\t" \ |
206 |
++ "2:", \ |
207 |
++ X86_FEATURE_RDRAND, \ |
208 |
++ ASM_OUTPUT2("=r" (ok), "=a" (*v)), \ |
209 |
++ "0" (RDRAND_RETRY_LOOPS)); \ |
210 |
++ return ok; \ |
211 |
++} |
212 |
++ |
213 |
++#ifdef CONFIG_X86_64 |
214 |
++ |
215 |
++GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP5); |
216 |
++GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP4); |
217 |
++ |
218 |
++#else |
219 |
++ |
220 |
++GET_RANDOM(arch_get_random_long, unsigned long, RDRAND_LONG, ASM_NOP3); |
221 |
++GET_RANDOM(arch_get_random_int, unsigned int, RDRAND_INT, ASM_NOP3); |
222 |
++ |
223 |
++#endif /* CONFIG_X86_64 */ |
224 |
++ |
225 |
++#endif /* CONFIG_ARCH_RANDOM */ |
226 |
++ |
227 |
++extern void x86_init_rdrand(struct cpuinfo_x86 *c); |
228 |
++ |
229 |
++#endif /* ASM_X86_ARCHRANDOM_H */ |
230 |
diff --git a/arch/x86/include/asm/atomic_32.h b/arch/x86/include/asm/atomic_32.h |
231 |
index dc5a667..939040c 100644 |
232 |
--- a/arch/x86/include/asm/atomic_32.h |
233 |
@@ -11428,6 +11537,18 @@ index 46fc474..b02b0f9 100644 |
234 |
len, sum, NULL, err_ptr); |
235 |
|
236 |
if (len) |
237 |
+diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h |
238 |
+index 1efb1fa..9e2957c 100644 |
239 |
+--- a/arch/x86/include/asm/cpufeature.h |
240 |
++++ b/arch/x86/include/asm/cpufeature.h |
241 |
+@@ -124,6 +124,7 @@ |
242 |
+ #define X86_FEATURE_XSAVE (4*32+26) /* XSAVE/XRSTOR/XSETBV/XGETBV */ |
243 |
+ #define X86_FEATURE_OSXSAVE (4*32+27) /* "" XSAVE enabled in the OS */ |
244 |
+ #define X86_FEATURE_AVX (4*32+28) /* Advanced Vector Extensions */ |
245 |
++#define X86_FEATURE_RDRAND (4*32+30) /* The RDRAND instruction */ |
246 |
+ #define X86_FEATURE_HYPERVISOR (4*32+31) /* Running on a hypervisor */ |
247 |
+ |
248 |
+ /* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 */ |
249 |
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h |
250 |
index 617bd56..7b047a1 100644 |
251 |
--- a/arch/x86/include/asm/desc.h |
252 |
@@ -15476,10 +15597,10 @@ index 4a6aeed..371de20 100644 |
253 |
BLANK(); |
254 |
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask); |
255 |
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile |
256 |
-index ff502cc..dc5133e 100644 |
257 |
+index ff502cc..a7cb6c6 100644 |
258 |
--- a/arch/x86/kernel/cpu/Makefile |
259 |
+++ b/arch/x86/kernel/cpu/Makefile |
260 |
-@@ -7,10 +7,6 @@ ifdef CONFIG_FUNCTION_TRACER |
261 |
+@@ -7,13 +7,10 @@ ifdef CONFIG_FUNCTION_TRACER |
262 |
CFLAGS_REMOVE_common.o = -pg |
263 |
endif |
264 |
|
265 |
@@ -15490,6 +15611,10 @@ index ff502cc..dc5133e 100644 |
266 |
obj-y := intel_cacheinfo.o addon_cpuid_features.o |
267 |
obj-y += proc.o capflags.o powerflags.o common.o |
268 |
obj-y += vmware.o hypervisor.o sched.o |
269 |
++obj-y += rdrand.o |
270 |
+ |
271 |
+ obj-$(CONFIG_X86_32) += bugs.o cmpxchg.o |
272 |
+ obj-$(CONFIG_X86_64) += bugs_64.o |
273 |
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c |
274 |
index 6e082dc..a0b5f36 100644 |
275 |
--- a/arch/x86/kernel/cpu/amd.c |
276 |
@@ -15504,10 +15629,18 @@ index 6e082dc..a0b5f36 100644 |
277 |
if (c->x86_model == 3 && c->x86_mask == 0) |
278 |
size = 64; |
279 |
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
280 |
-index 4e34d10..ba6bc97 100644 |
281 |
+index 4e34d10..1a4b0af 100644 |
282 |
--- a/arch/x86/kernel/cpu/common.c |
283 |
+++ b/arch/x86/kernel/cpu/common.c |
284 |
-@@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { |
285 |
+@@ -15,6 +15,7 @@ |
286 |
+ #include <asm/stackprotector.h> |
287 |
+ #include <asm/perf_event.h> |
288 |
+ #include <asm/mmu_context.h> |
289 |
++#include <asm/archrandom.h> |
290 |
+ #include <asm/hypervisor.h> |
291 |
+ #include <asm/processor.h> |
292 |
+ #include <asm/sections.h> |
293 |
+@@ -83,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { |
294 |
|
295 |
static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu; |
296 |
|
297 |
@@ -15568,7 +15701,7 @@ index 4e34d10..ba6bc97 100644 |
298 |
static int __init x86_xsave_setup(char *s) |
299 |
{ |
300 |
setup_clear_cpu_cap(X86_FEATURE_XSAVE); |
301 |
-@@ -344,7 +290,7 @@ void switch_to_new_gdt(int cpu) |
302 |
+@@ -344,7 +291,7 @@ void switch_to_new_gdt(int cpu) |
303 |
{ |
304 |
struct desc_ptr gdt_descr; |
305 |
|
306 |
@@ -15577,7 +15710,7 @@ index 4e34d10..ba6bc97 100644 |
307 |
gdt_descr.size = GDT_SIZE - 1; |
308 |
load_gdt(&gdt_descr); |
309 |
/* Reload the per-cpu base */ |
310 |
-@@ -798,6 +744,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) |
311 |
+@@ -798,6 +745,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) |
312 |
/* Filter out anything that depends on CPUID levels we don't have */ |
313 |
filter_cpuid_features(c, true); |
314 |
|
315 |
@@ -15588,7 +15721,15 @@ index 4e34d10..ba6bc97 100644 |
316 |
/* If the model name is still unset, do table lookup. */ |
317 |
if (!c->x86_model_id[0]) { |
318 |
const char *p; |
319 |
-@@ -980,6 +930,9 @@ static __init int setup_disablecpuid(char *arg) |
320 |
+@@ -815,6 +766,7 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) |
321 |
+ #endif |
322 |
+ |
323 |
+ init_hypervisor(c); |
324 |
++ x86_init_rdrand(c); |
325 |
+ |
326 |
+ /* |
327 |
+ * Clear/Set all flags overriden by options, need do it |
328 |
+@@ -980,6 +932,9 @@ static __init int setup_disablecpuid(char *arg) |
329 |
} |
330 |
__setup("clearcpuid=", setup_disablecpuid); |
331 |
|
332 |
@@ -15598,7 +15739,7 @@ index 4e34d10..ba6bc97 100644 |
333 |
#ifdef CONFIG_X86_64 |
334 |
struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table }; |
335 |
|
336 |
-@@ -995,7 +948,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = |
337 |
+@@ -995,7 +950,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = |
338 |
EXPORT_PER_CPU_SYMBOL(current_task); |
339 |
|
340 |
DEFINE_PER_CPU(unsigned long, kernel_stack) = |
341 |
@@ -15607,7 +15748,7 @@ index 4e34d10..ba6bc97 100644 |
342 |
EXPORT_PER_CPU_SYMBOL(kernel_stack); |
343 |
|
344 |
DEFINE_PER_CPU(char *, irq_stack_ptr) = |
345 |
-@@ -1060,7 +1013,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) |
346 |
+@@ -1060,7 +1015,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) |
347 |
{ |
348 |
memset(regs, 0, sizeof(struct pt_regs)); |
349 |
regs->fs = __KERNEL_PERCPU; |
350 |
@@ -15616,7 +15757,7 @@ index 4e34d10..ba6bc97 100644 |
351 |
|
352 |
return regs; |
353 |
} |
354 |
-@@ -1101,7 +1054,7 @@ void __cpuinit cpu_init(void) |
355 |
+@@ -1101,7 +1056,7 @@ void __cpuinit cpu_init(void) |
356 |
int i; |
357 |
|
358 |
cpu = stack_smp_processor_id(); |
359 |
@@ -15625,7 +15766,7 @@ index 4e34d10..ba6bc97 100644 |
360 |
orig_ist = &per_cpu(orig_ist, cpu); |
361 |
|
362 |
#ifdef CONFIG_NUMA |
363 |
-@@ -1127,7 +1080,7 @@ void __cpuinit cpu_init(void) |
364 |
+@@ -1127,7 +1082,7 @@ void __cpuinit cpu_init(void) |
365 |
switch_to_new_gdt(cpu); |
366 |
loadsegment(fs, 0); |
367 |
|
368 |
@@ -15634,7 +15775,7 @@ index 4e34d10..ba6bc97 100644 |
369 |
|
370 |
memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); |
371 |
syscall_init(); |
372 |
-@@ -1136,7 +1089,6 @@ void __cpuinit cpu_init(void) |
373 |
+@@ -1136,7 +1091,6 @@ void __cpuinit cpu_init(void) |
374 |
wrmsrl(MSR_KERNEL_GS_BASE, 0); |
375 |
barrier(); |
376 |
|
377 |
@@ -15642,7 +15783,7 @@ index 4e34d10..ba6bc97 100644 |
378 |
if (cpu != 0) |
379 |
enable_x2apic(); |
380 |
|
381 |
-@@ -1199,7 +1151,7 @@ void __cpuinit cpu_init(void) |
382 |
+@@ -1199,7 +1153,7 @@ void __cpuinit cpu_init(void) |
383 |
{ |
384 |
int cpu = smp_processor_id(); |
385 |
struct task_struct *curr = current; |
386 |
@@ -16062,6 +16203,85 @@ index 898df97..9e82503 100644 |
387 |
static struct wd_ops intel_arch_wd_ops __read_mostly = { |
388 |
.reserve = single_msr_reserve, |
389 |
.unreserve = single_msr_unreserve, |
390 |
+diff --git a/arch/x86/kernel/cpu/rdrand.c b/arch/x86/kernel/cpu/rdrand.c |
391 |
+new file mode 100644 |
392 |
+index 0000000..feca286 |
393 |
+--- /dev/null |
394 |
++++ b/arch/x86/kernel/cpu/rdrand.c |
395 |
+@@ -0,0 +1,73 @@ |
396 |
++/* |
397 |
++ * This file is part of the Linux kernel. |
398 |
++ * |
399 |
++ * Copyright (c) 2011, Intel Corporation |
400 |
++ * Authors: Fenghua Yu <fenghua.yu@×××××.com>, |
401 |
++ * H. Peter Anvin <hpa@×××××××××××.com> |
402 |
++ * |
403 |
++ * This program is free software; you can redistribute it and/or modify it |
404 |
++ * under the terms and conditions of the GNU General Public License, |
405 |
++ * version 2, as published by the Free Software Foundation. |
406 |
++ * |
407 |
++ * This program is distributed in the hope it will be useful, but WITHOUT |
408 |
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
409 |
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
410 |
++ * more details. |
411 |
++ * |
412 |
++ * You should have received a copy of the GNU General Public License along with |
413 |
++ * this program; if not, write to the Free Software Foundation, Inc., |
414 |
++ * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. |
415 |
++ * |
416 |
++ */ |
417 |
++ |
418 |
++#include <asm/processor.h> |
419 |
++#include <asm/archrandom.h> |
420 |
++#include <asm/sections.h> |
421 |
++ |
422 |
++static int __init x86_rdrand_setup(char *s) |
423 |
++{ |
424 |
++ setup_clear_cpu_cap(X86_FEATURE_RDRAND); |
425 |
++ return 1; |
426 |
++} |
427 |
++__setup("nordrand", x86_rdrand_setup); |
428 |
++ |
429 |
++/* We can't use arch_get_random_long() here since alternatives haven't run */ |
430 |
++static inline int rdrand_long(unsigned long *v) |
431 |
++{ |
432 |
++ int ok; |
433 |
++ asm volatile("1: " RDRAND_LONG "\n\t" |
434 |
++ "jc 2f\n\t" |
435 |
++ "decl %0\n\t" |
436 |
++ "jnz 1b\n\t" |
437 |
++ "2:" |
438 |
++ : "=r" (ok), "=a" (*v) |
439 |
++ : "0" (RDRAND_RETRY_LOOPS)); |
440 |
++ return ok; |
441 |
++} |
442 |
++ |
443 |
++/* |
444 |
++ * Force a reseed cycle; we are architecturally guaranteed a reseed |
445 |
++ * after no more than 512 128-bit chunks of random data. This also |
446 |
++ * acts as a test of the CPU capability. |
447 |
++ */ |
448 |
++#define RESEED_LOOP ((512*128)/sizeof(unsigned long)) |
449 |
++ |
450 |
++void __cpuinit x86_init_rdrand(struct cpuinfo_x86 *c) |
451 |
++{ |
452 |
++#ifdef CONFIG_ARCH_RANDOM |
453 |
++ unsigned long tmp; |
454 |
++ int i, count, ok; |
455 |
++ |
456 |
++ if (!cpu_has(c, X86_FEATURE_RDRAND)) |
457 |
++ return; /* Nothing to do */ |
458 |
++ |
459 |
++ for (count = i = 0; i < RESEED_LOOP; i++) { |
460 |
++ ok = rdrand_long(&tmp); |
461 |
++ if (ok) |
462 |
++ count++; |
463 |
++ } |
464 |
++ |
465 |
++ if (count != RESEED_LOOP) |
466 |
++ clear_cpu_cap(c, X86_FEATURE_RDRAND); |
467 |
++#endif |
468 |
++} |
469 |
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c |
470 |
index ff95824..2ffdcb5 100644 |
471 |
--- a/arch/x86/kernel/crash.c |
472 |
@@ -33842,10 +34062,65 @@ index 62f282e..e45c45c 100644 |
473 |
cdev_init(&ptmx_cdev, &ptmx_fops); |
474 |
if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || |
475 |
diff --git a/drivers/char/random.c b/drivers/char/random.c |
476 |
-index 3a19e2d..1b8116a3 100644 |
477 |
+index 3a19e2d..8eb80fc 100644 |
478 |
--- a/drivers/char/random.c |
479 |
+++ b/drivers/char/random.c |
480 |
-@@ -254,8 +254,13 @@ |
481 |
+@@ -125,20 +125,32 @@ |
482 |
+ * The current exported interfaces for gathering environmental noise |
483 |
+ * from the devices are: |
484 |
+ * |
485 |
++ * void add_device_randomness(const void *buf, unsigned int size); |
486 |
+ * void add_input_randomness(unsigned int type, unsigned int code, |
487 |
+ * unsigned int value); |
488 |
+- * void add_interrupt_randomness(int irq); |
489 |
++ * void add_interrupt_randomness(int irq, int irq_flags); |
490 |
++ * void add_disk_randomness(struct gendisk *disk); |
491 |
++ * |
492 |
++ * add_device_randomness() is for adding data to the random pool that |
493 |
++ * is likely to differ between two devices (or possibly even per boot). |
494 |
++ * This would be things like MAC addresses or serial numbers, or the |
495 |
++ * read-out of the RTC. This does *not* add any actual entropy to the |
496 |
++ * pool, but it initializes the pool to different values for devices |
497 |
++ * that might otherwise be identical and have very little entropy |
498 |
++ * available to them (particularly common in the embedded world). |
499 |
+ * |
500 |
+ * add_input_randomness() uses the input layer interrupt timing, as well as |
501 |
+ * the event type information from the hardware. |
502 |
+ * |
503 |
+- * add_interrupt_randomness() uses the inter-interrupt timing as random |
504 |
+- * inputs to the entropy pool. Note that not all interrupts are good |
505 |
+- * sources of randomness! For example, the timer interrupts is not a |
506 |
+- * good choice, because the periodicity of the interrupts is too |
507 |
+- * regular, and hence predictable to an attacker. Disk interrupts are |
508 |
+- * a better measure, since the timing of the disk interrupts are more |
509 |
+- * unpredictable. |
510 |
++ * add_interrupt_randomness() uses the interrupt timing as random |
511 |
++ * inputs to the entropy pool. Using the cycle counters and the irq source |
512 |
++ * as inputs, it feeds the randomness roughly once a second. |
513 |
++ * |
514 |
++ * add_disk_randomness() uses what amounts to the seek time of block |
515 |
++ * layer request events, on a per-disk_devt basis, as input to the |
516 |
++ * entropy pool. Note that high-speed solid state drives with very low |
517 |
++ * seek times do not make for good sources of entropy, as their seek |
518 |
++ * times are usually fairly consistent. |
519 |
+ * |
520 |
+ * All of these routines try to estimate how many bits of randomness a |
521 |
+ * particular randomness source. They do this by keeping track of the |
522 |
+@@ -241,6 +253,7 @@ |
523 |
+ #include <linux/percpu.h> |
524 |
+ #include <linux/cryptohash.h> |
525 |
+ #include <linux/fips.h> |
526 |
++#include <linux/ptrace.h> |
527 |
+ |
528 |
+ #ifdef CONFIG_GENERIC_HARDIRQS |
529 |
+ # include <linux/irq.h> |
530 |
+@@ -249,14 +262,21 @@ |
531 |
+ #include <asm/processor.h> |
532 |
+ #include <asm/uaccess.h> |
533 |
+ #include <asm/irq.h> |
534 |
++#include <asm/irq_regs.h> |
535 |
+ #include <asm/io.h> |
536 |
+ |
537 |
/* |
538 |
* Configuration information |
539 |
*/ |
540 |
@@ -33857,9 +34132,11 @@ index 3a19e2d..1b8116a3 100644 |
541 |
#define OUTPUT_POOL_WORDS 32 |
542 |
+#endif |
543 |
#define SEC_XFER_SIZE 512 |
544 |
++#define EXTRACT_SIZE 10 |
545 |
|
546 |
/* |
547 |
-@@ -292,10 +297,17 @@ static struct poolinfo { |
548 |
+ * The minimum number of bits of entropy before we wake up a read on |
549 |
+@@ -292,10 +312,17 @@ static struct poolinfo { |
550 |
int poolwords; |
551 |
int tap1, tap2, tap3, tap4, tap5; |
552 |
} poolinfo_table[] = { |
553 |
@@ -33877,7 +34154,414 @@ index 3a19e2d..1b8116a3 100644 |
554 |
#if 0 |
555 |
/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ |
556 |
{ 2048, 1638, 1231, 819, 411, 1 }, |
557 |
-@@ -1209,7 +1221,7 @@ EXPORT_SYMBOL(generate_random_uuid); |
558 |
+@@ -412,9 +439,11 @@ struct entropy_store { |
559 |
+ /* read-write data: */ |
560 |
+ spinlock_t lock; |
561 |
+ unsigned add_ptr; |
562 |
++ unsigned input_rotate; |
563 |
+ int entropy_count; |
564 |
+- int input_rotate; |
565 |
+- __u8 *last_data; |
566 |
++ int entropy_total; |
567 |
++ unsigned int initialized:1; |
568 |
++ __u8 last_data[EXTRACT_SIZE]; |
569 |
+ }; |
570 |
+ |
571 |
+ static __u32 input_pool_data[INPUT_POOL_WORDS]; |
572 |
+@@ -446,6 +475,10 @@ static struct entropy_store nonblocking_pool = { |
573 |
+ .pool = nonblocking_pool_data |
574 |
+ }; |
575 |
+ |
576 |
++static __u32 const twist_table[8] = { |
577 |
++ 0x00000000, 0x3b6e20c8, 0x76dc4190, 0x4db26158, |
578 |
++ 0xedb88320, 0xd6d6a3e8, 0x9b64c2b0, 0xa00ae278 }; |
579 |
++ |
580 |
+ /* |
581 |
+ * This function adds bytes into the entropy "pool". It does not |
582 |
+ * update the entropy estimate. The caller should call |
583 |
+@@ -456,29 +489,24 @@ static struct entropy_store nonblocking_pool = { |
584 |
+ * it's cheap to do so and helps slightly in the expected case where |
585 |
+ * the entropy is concentrated in the low-order bits. |
586 |
+ */ |
587 |
+-static void mix_pool_bytes_extract(struct entropy_store *r, const void *in, |
588 |
+- int nbytes, __u8 out[64]) |
589 |
++static void __mix_pool_bytes(struct entropy_store *r, const void *in, |
590 |
++ int nbytes, __u8 out[64]) |
591 |
+ { |
592 |
+- static __u32 const twist_table[8] = { |
593 |
+- 0x00000000, 0x3b6e20c8, 0x76dc4190, 0x4db26158, |
594 |
+- 0xedb88320, 0xd6d6a3e8, 0x9b64c2b0, 0xa00ae278 }; |
595 |
+ unsigned long i, j, tap1, tap2, tap3, tap4, tap5; |
596 |
+ int input_rotate; |
597 |
+ int wordmask = r->poolinfo->poolwords - 1; |
598 |
+ const char *bytes = in; |
599 |
+ __u32 w; |
600 |
+- unsigned long flags; |
601 |
+ |
602 |
+- /* Taps are constant, so we can load them without holding r->lock. */ |
603 |
+ tap1 = r->poolinfo->tap1; |
604 |
+ tap2 = r->poolinfo->tap2; |
605 |
+ tap3 = r->poolinfo->tap3; |
606 |
+ tap4 = r->poolinfo->tap4; |
607 |
+ tap5 = r->poolinfo->tap5; |
608 |
+ |
609 |
+- spin_lock_irqsave(&r->lock, flags); |
610 |
+- input_rotate = r->input_rotate; |
611 |
+- i = r->add_ptr; |
612 |
++ smp_rmb(); |
613 |
++ input_rotate = ACCESS_ONCE(r->input_rotate); |
614 |
++ i = ACCESS_ONCE(r->add_ptr); |
615 |
+ |
616 |
+ /* mix one byte at a time to simplify size handling and churn faster */ |
617 |
+ while (nbytes--) { |
618 |
+@@ -505,19 +533,53 @@ static void mix_pool_bytes_extract(struct entropy_store *r, const void *in, |
619 |
+ input_rotate += i ? 7 : 14; |
620 |
+ } |
621 |
+ |
622 |
+- r->input_rotate = input_rotate; |
623 |
+- r->add_ptr = i; |
624 |
++ ACCESS_ONCE_RW(r->input_rotate) = input_rotate; |
625 |
++ ACCESS_ONCE_RW(r->add_ptr) = i; |
626 |
++ smp_wmb(); |
627 |
+ |
628 |
+ if (out) |
629 |
+ for (j = 0; j < 16; j++) |
630 |
+ ((__u32 *)out)[j] = r->pool[(i - j) & wordmask]; |
631 |
++} |
632 |
+ |
633 |
++static void mix_pool_bytes(struct entropy_store *r, const void *in, |
634 |
++ int nbytes, __u8 out[64]) |
635 |
++{ |
636 |
++ unsigned long flags; |
637 |
++ |
638 |
++ spin_lock_irqsave(&r->lock, flags); |
639 |
++ __mix_pool_bytes(r, in, nbytes, out); |
640 |
+ spin_unlock_irqrestore(&r->lock, flags); |
641 |
+ } |
642 |
+ |
643 |
+-static void mix_pool_bytes(struct entropy_store *r, const void *in, int bytes) |
644 |
++struct fast_pool { |
645 |
++ __u32 pool[4]; |
646 |
++ unsigned long last; |
647 |
++ unsigned short count; |
648 |
++ unsigned char rotate; |
649 |
++ unsigned char last_timer_intr; |
650 |
++}; |
651 |
++ |
652 |
++/* |
653 |
++ * This is a fast mixing routine used by the interrupt randomness |
654 |
++ * collector. It's hardcoded for an 128 bit pool and assumes that any |
655 |
++ * locks that might be needed are taken by the caller. |
656 |
++ */ |
657 |
++static void fast_mix(struct fast_pool *f, const void *in, int nbytes) |
658 |
+ { |
659 |
+- mix_pool_bytes_extract(r, in, bytes, NULL); |
660 |
++ const char *bytes = in; |
661 |
++ __u32 w; |
662 |
++ unsigned i = f->count; |
663 |
++ unsigned input_rotate = f->rotate; |
664 |
++ |
665 |
++ while (nbytes--) { |
666 |
++ w = rol32(*bytes++, input_rotate & 31) ^ f->pool[i & 3] ^ |
667 |
++ f->pool[(i + 1) & 3]; |
668 |
++ f->pool[i & 3] = (w >> 3) ^ twist_table[w & 7]; |
669 |
++ input_rotate += (i++ & 3) ? 7 : 14; |
670 |
++ } |
671 |
++ f->count = i; |
672 |
++ f->rotate = input_rotate; |
673 |
+ } |
674 |
+ |
675 |
+ /* |
676 |
+@@ -525,30 +587,34 @@ static void mix_pool_bytes(struct entropy_store *r, const void *in, int bytes) |
677 |
+ */ |
678 |
+ static void credit_entropy_bits(struct entropy_store *r, int nbits) |
679 |
+ { |
680 |
+- unsigned long flags; |
681 |
+- int entropy_count; |
682 |
++ int entropy_count, orig; |
683 |
+ |
684 |
+ if (!nbits) |
685 |
+ return; |
686 |
+ |
687 |
+- spin_lock_irqsave(&r->lock, flags); |
688 |
+- |
689 |
+ DEBUG_ENT("added %d entropy credits to %s\n", nbits, r->name); |
690 |
+- entropy_count = r->entropy_count; |
691 |
++retry: |
692 |
++ entropy_count = orig = ACCESS_ONCE(r->entropy_count); |
693 |
+ entropy_count += nbits; |
694 |
+ if (entropy_count < 0) { |
695 |
+ DEBUG_ENT("negative entropy/overflow\n"); |
696 |
+ entropy_count = 0; |
697 |
+ } else if (entropy_count > r->poolinfo->POOLBITS) |
698 |
+ entropy_count = r->poolinfo->POOLBITS; |
699 |
+- r->entropy_count = entropy_count; |
700 |
++ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) |
701 |
++ goto retry; |
702 |
++ |
703 |
++ if (!r->initialized && nbits > 0) { |
704 |
++ r->entropy_total += nbits; |
705 |
++ if (r->entropy_total > 128) |
706 |
++ r->initialized = 1; |
707 |
++ } |
708 |
+ |
709 |
+ /* should we wake readers? */ |
710 |
+ if (r == &input_pool && entropy_count >= random_read_wakeup_thresh) { |
711 |
+ wake_up_interruptible(&random_read_wait); |
712 |
+ kill_fasync(&fasync, SIGIO, POLL_IN); |
713 |
+ } |
714 |
+- spin_unlock_irqrestore(&r->lock, flags); |
715 |
+ } |
716 |
+ |
717 |
+ /********************************************************************* |
718 |
+@@ -601,6 +667,25 @@ static void set_timer_rand_state(unsigned int irq, |
719 |
+ } |
720 |
+ #endif |
721 |
+ |
722 |
++/* |
723 |
++ * Add device- or boot-specific data to the input and nonblocking |
724 |
++ * pools to help initialize them to unique values. |
725 |
++ * |
726 |
++ * None of this adds any entropy, it is meant to avoid the |
727 |
++ * problem of the nonblocking pool having similar initial state |
728 |
++ * across largely identical devices. |
729 |
++ */ |
730 |
++void add_device_randomness(const void *buf, unsigned int size) |
731 |
++{ |
732 |
++ unsigned long time = get_cycles() ^ jiffies; |
733 |
++ |
734 |
++ mix_pool_bytes(&input_pool, buf, size, NULL); |
735 |
++ mix_pool_bytes(&input_pool, &time, sizeof(time), NULL); |
736 |
++ mix_pool_bytes(&nonblocking_pool, buf, size, NULL); |
737 |
++ mix_pool_bytes(&nonblocking_pool, &time, sizeof(time), NULL); |
738 |
++} |
739 |
++EXPORT_SYMBOL(add_device_randomness); |
740 |
++ |
741 |
+ static struct timer_rand_state input_timer_state; |
742 |
+ |
743 |
+ /* |
744 |
+@@ -631,7 +716,7 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) |
745 |
+ sample.jiffies = jiffies; |
746 |
+ sample.cycles = get_cycles(); |
747 |
+ sample.num = num; |
748 |
+- mix_pool_bytes(&input_pool, &sample, sizeof(sample)); |
749 |
++ mix_pool_bytes(&input_pool, &sample, sizeof(sample), NULL); |
750 |
+ |
751 |
+ /* |
752 |
+ * Calculate number of bits of randomness we probably added. |
753 |
+@@ -688,17 +773,48 @@ void add_input_randomness(unsigned int type, unsigned int code, |
754 |
+ } |
755 |
+ EXPORT_SYMBOL_GPL(add_input_randomness); |
756 |
+ |
757 |
+-void add_interrupt_randomness(int irq) |
758 |
++static DEFINE_PER_CPU(struct fast_pool, irq_randomness); |
759 |
++ |
760 |
++void add_interrupt_randomness(int irq, int irq_flags) |
761 |
+ { |
762 |
+- struct timer_rand_state *state; |
763 |
++ struct entropy_store *r; |
764 |
++ struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness); |
765 |
++ struct pt_regs *regs = get_irq_regs(); |
766 |
++ unsigned long now = jiffies; |
767 |
++ __u32 input[4], cycles = get_cycles(); |
768 |
+ |
769 |
+- state = get_timer_rand_state(irq); |
770 |
++ input[0] = cycles ^ jiffies; |
771 |
++ input[1] = irq; |
772 |
++ if (regs) { |
773 |
++ __u64 ip = instruction_pointer(regs); |
774 |
++ input[2] = ip; |
775 |
++ input[3] = ip >> 32; |
776 |
++ } |
777 |
+ |
778 |
+- if (state == NULL) |
779 |
++ fast_mix(fast_pool, input, sizeof(input)); |
780 |
++ |
781 |
++ if ((fast_pool->count & 255) && |
782 |
++ !time_after(now, fast_pool->last + HZ)) |
783 |
+ return; |
784 |
+ |
785 |
+- DEBUG_ENT("irq event %d\n", irq); |
786 |
+- add_timer_randomness(state, 0x100 + irq); |
787 |
++ fast_pool->last = now; |
788 |
++ |
789 |
++ r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool; |
790 |
++ __mix_pool_bytes(r, &fast_pool->pool, sizeof(fast_pool->pool), NULL); |
791 |
++ /* |
792 |
++ * If we don't have a valid cycle counter, and we see |
793 |
++ * back-to-back timer interrupts, then skip giving credit for |
794 |
++ * any entropy. |
795 |
++ */ |
796 |
++ if (cycles == 0) { |
797 |
++ if (irq_flags & __IRQF_TIMER) { |
798 |
++ if (fast_pool->last_timer_intr) |
799 |
++ return; |
800 |
++ fast_pool->last_timer_intr = 1; |
801 |
++ } else |
802 |
++ fast_pool->last_timer_intr = 0; |
803 |
++ } |
804 |
++ credit_entropy_bits(r, 1); |
805 |
+ } |
806 |
+ |
807 |
+ #ifdef CONFIG_BLOCK |
808 |
+@@ -714,8 +830,6 @@ void add_disk_randomness(struct gendisk *disk) |
809 |
+ } |
810 |
+ #endif |
811 |
+ |
812 |
+-#define EXTRACT_SIZE 10 |
813 |
+- |
814 |
+ /********************************************************************* |
815 |
+ * |
816 |
+ * Entropy extraction routines |
817 |
+@@ -732,7 +846,11 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
818 |
+ */ |
819 |
+ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes) |
820 |
+ { |
821 |
+- __u32 tmp[OUTPUT_POOL_WORDS]; |
822 |
++ union { |
823 |
++ __u32 tmp[OUTPUT_POOL_WORDS]; |
824 |
++ long hwrand[4]; |
825 |
++ } u; |
826 |
++ int i; |
827 |
+ |
828 |
+ if (r->pull && r->entropy_count < nbytes * 8 && |
829 |
+ r->entropy_count < r->poolinfo->POOLBITS) { |
830 |
+@@ -743,17 +861,22 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes) |
831 |
+ /* pull at least as many as BYTES as wakeup BITS */ |
832 |
+ bytes = max_t(int, bytes, random_read_wakeup_thresh / 8); |
833 |
+ /* but never more than the buffer size */ |
834 |
+- bytes = min_t(int, bytes, sizeof(tmp)); |
835 |
++ bytes = min_t(int, bytes, sizeof(u.tmp)); |
836 |
+ |
837 |
+ DEBUG_ENT("going to reseed %s with %d bits " |
838 |
+ "(%d of %d requested)\n", |
839 |
+ r->name, bytes * 8, nbytes * 8, r->entropy_count); |
840 |
+ |
841 |
+- bytes = extract_entropy(r->pull, tmp, bytes, |
842 |
++ bytes = extract_entropy(r->pull, u.tmp, bytes, |
843 |
+ random_read_wakeup_thresh / 8, rsvd); |
844 |
+- mix_pool_bytes(r, tmp, bytes); |
845 |
++ mix_pool_bytes(r, u.tmp, bytes, NULL); |
846 |
+ credit_entropy_bits(r, bytes*8); |
847 |
+ } |
848 |
++ for (i = 0; i < 4; i++) |
849 |
++ if (arch_get_random_long(&u.hwrand[i])) |
850 |
++ break; |
851 |
++ if (i) |
852 |
++ mix_pool_bytes(r, &u.hwrand, sizeof(u.hwrand), 0); |
853 |
+ } |
854 |
+ |
855 |
+ /* |
856 |
+@@ -812,9 +935,11 @@ static void extract_buf(struct entropy_store *r, __u8 *out) |
857 |
+ int i; |
858 |
+ __u32 hash[5], workspace[SHA_WORKSPACE_WORDS]; |
859 |
+ __u8 extract[64]; |
860 |
++ unsigned long flags; |
861 |
+ |
862 |
+ /* Generate a hash across the pool, 16 words (512 bits) at a time */ |
863 |
+ sha_init(hash); |
864 |
++ spin_lock_irqsave(&r->lock, flags); |
865 |
+ for (i = 0; i < r->poolinfo->poolwords; i += 16) |
866 |
+ sha_transform(hash, (__u8 *)(r->pool + i), workspace); |
867 |
+ |
868 |
+@@ -827,7 +952,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out) |
869 |
+ * brute-forcing the feedback as hard as brute-forcing the |
870 |
+ * hash. |
871 |
+ */ |
872 |
+- mix_pool_bytes_extract(r, hash, sizeof(hash), extract); |
873 |
++ __mix_pool_bytes(r, hash, sizeof(hash), extract); |
874 |
++ spin_unlock_irqrestore(&r->lock, flags); |
875 |
+ |
876 |
+ /* |
877 |
+ * To avoid duplicates, we atomically extract a portion of the |
878 |
+@@ -850,11 +976,10 @@ static void extract_buf(struct entropy_store *r, __u8 *out) |
879 |
+ } |
880 |
+ |
881 |
+ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
882 |
+- size_t nbytes, int min, int reserved) |
883 |
++ size_t nbytes, int min, int reserved) |
884 |
+ { |
885 |
+ ssize_t ret = 0, i; |
886 |
+ __u8 tmp[EXTRACT_SIZE]; |
887 |
+- unsigned long flags; |
888 |
+ |
889 |
+ xfer_secondary_pool(r, nbytes); |
890 |
+ nbytes = account(r, nbytes, min, reserved); |
891 |
+@@ -862,7 +987,9 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
892 |
+ while (nbytes) { |
893 |
+ extract_buf(r, tmp); |
894 |
+ |
895 |
+- if (r->last_data) { |
896 |
++ if (fips_enabled) { |
897 |
++ unsigned long flags; |
898 |
++ |
899 |
+ spin_lock_irqsave(&r->lock, flags); |
900 |
+ if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) |
901 |
+ panic("Hardware RNG duplicated output!\n"); |
902 |
+@@ -926,7 +1053,21 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
903 |
+ */ |
904 |
+ void get_random_bytes(void *buf, int nbytes) |
905 |
+ { |
906 |
+- extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0); |
907 |
++ char *p = buf; |
908 |
++ |
909 |
++ while (nbytes) { |
910 |
++ unsigned long v; |
911 |
++ int chunk = min(nbytes, (int)sizeof(unsigned long)); |
912 |
++ |
913 |
++ if (!arch_get_random_long(&v)) |
914 |
++ break; |
915 |
++ |
916 |
++ memcpy(buf, &v, chunk); |
917 |
++ p += chunk; |
918 |
++ nbytes -= chunk; |
919 |
++ } |
920 |
++ |
921 |
++ extract_entropy(&nonblocking_pool, p, nbytes, 0, 0); |
922 |
+ } |
923 |
+ EXPORT_SYMBOL(get_random_bytes); |
924 |
+ |
925 |
+@@ -941,19 +1082,19 @@ EXPORT_SYMBOL(get_random_bytes); |
926 |
+ */ |
927 |
+ static void init_std_data(struct entropy_store *r) |
928 |
+ { |
929 |
+- ktime_t now; |
930 |
+- unsigned long flags; |
931 |
++ int i; |
932 |
++ ktime_t now = ktime_get_real(); |
933 |
++ unsigned long rv; |
934 |
+ |
935 |
+- spin_lock_irqsave(&r->lock, flags); |
936 |
+ r->entropy_count = 0; |
937 |
+- spin_unlock_irqrestore(&r->lock, flags); |
938 |
+- |
939 |
+- now = ktime_get_real(); |
940 |
+- mix_pool_bytes(r, &now, sizeof(now)); |
941 |
+- mix_pool_bytes(r, utsname(), sizeof(*(utsname()))); |
942 |
+- /* Enable continuous test in fips mode */ |
943 |
+- if (fips_enabled) |
944 |
+- r->last_data = kmalloc(EXTRACT_SIZE, GFP_KERNEL); |
945 |
++ r->entropy_total = 0; |
946 |
++ mix_pool_bytes(r, &now, sizeof(now), NULL); |
947 |
++ for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) { |
948 |
++ if (!arch_get_random_long(&rv)) |
949 |
++ break; |
950 |
++ mix_pool_bytes(r, &rv, sizeof(rv), NULL); |
951 |
++ } |
952 |
++ mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL); |
953 |
+ } |
954 |
+ |
955 |
+ static int rand_initialize(void) |
956 |
+@@ -1090,7 +1231,7 @@ write_pool(struct entropy_store *r, const char __user *buffer, size_t count) |
957 |
+ count -= bytes; |
958 |
+ p += bytes; |
959 |
+ |
960 |
+- mix_pool_bytes(r, buf, bytes); |
961 |
++ mix_pool_bytes(r, buf, bytes, NULL); |
962 |
+ cond_resched(); |
963 |
+ } |
964 |
+ |
965 |
+@@ -1209,7 +1350,7 @@ EXPORT_SYMBOL(generate_random_uuid); |
966 |
#include <linux/sysctl.h> |
967 |
|
968 |
static int min_read_thresh = 8, min_write_thresh; |
969 |
@@ -33886,7 +34570,7 @@ index 3a19e2d..1b8116a3 100644 |
970 |
static int max_write_thresh = INPUT_POOL_WORDS * 32; |
971 |
static char sysctl_bootid[16]; |
972 |
|
973 |
-@@ -1231,10 +1243,15 @@ static int proc_do_uuid(ctl_table *table, int write, |
974 |
+@@ -1231,10 +1372,15 @@ static int proc_do_uuid(ctl_table *table, int write, |
975 |
uuid = table->data; |
976 |
if (!uuid) { |
977 |
uuid = tmp_uuid; |
978 |
@@ -33905,6 +34589,34 @@ index 3a19e2d..1b8116a3 100644 |
979 |
|
980 |
sprintf(buf, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-" |
981 |
"%02x%02x%02x%02x%02x%02x", |
982 |
+@@ -1279,6 +1425,7 @@ static int uuid_strategy(ctl_table *table, |
983 |
+ } |
984 |
+ |
985 |
+ static int sysctl_poolsize = INPUT_POOL_WORDS * 32; |
986 |
++extern ctl_table random_table[]; |
987 |
+ ctl_table random_table[] = { |
988 |
+ { |
989 |
+ .ctl_name = RANDOM_POOLSIZE, |
990 |
+@@ -1354,12 +1501,17 @@ late_initcall(random_int_secret_init); |
991 |
+ * value is not cryptographically secure but for several uses the cost of |
992 |
+ * depleting entropy is too high |
993 |
+ */ |
994 |
+-DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash); |
995 |
++static DEFINE_PER_CPU(__u32 [MD5_DIGEST_WORDS], get_random_int_hash); |
996 |
+ unsigned int get_random_int(void) |
997 |
+ { |
998 |
+- __u32 *hash = get_cpu_var(get_random_int_hash); |
999 |
++ __u32 *hash; |
1000 |
+ unsigned int ret; |
1001 |
+ |
1002 |
++ if (arch_get_random_int(&ret)) |
1003 |
++ return ret; |
1004 |
++ |
1005 |
++ hash = get_cpu_var(get_random_int_hash); |
1006 |
++ |
1007 |
+ hash[0] += current->pid + jiffies + get_cycles(); |
1008 |
+ md5_transform(hash, random_int_secret); |
1009 |
+ ret = hash[0]; |
1010 |
diff --git a/drivers/char/rocket.c b/drivers/char/rocket.c |
1011 |
index 0e29a23..0efc2c2 100644 |
1012 |
--- a/drivers/char/rocket.c |
1013 |
@@ -40059,6 +40771,19 @@ index 726a1b8..f46b460 100644 |
1014 |
DEBUG(MTD_DEBUG_LEVEL0, "MTD_ioctl\n"); |
1015 |
|
1016 |
size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; |
1017 |
+diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c |
1018 |
+index c828d9a..97b9c7b 100644 |
1019 |
+--- a/drivers/mtd/nand/cafe_nand.c |
1020 |
++++ b/drivers/mtd/nand/cafe_nand.c |
1021 |
+@@ -103,7 +103,7 @@ static const char *part_probes[] = { "cmdlinepart", "RedBoot", NULL }; |
1022 |
+ static int cafe_device_ready(struct mtd_info *mtd) |
1023 |
+ { |
1024 |
+ struct cafe_priv *cafe = mtd->priv; |
1025 |
+- int result = !!(cafe_readl(cafe, NAND_STATUS) | 0x40000000); |
1026 |
++ int result = !!(cafe_readl(cafe, NAND_STATUS) & 0x40000000); |
1027 |
+ uint32_t irqs = cafe_readl(cafe, NAND_IRQ); |
1028 |
+ |
1029 |
+ cafe_writel(cafe, irqs, NAND_IRQ); |
1030 |
diff --git a/drivers/mtd/nftlcore.c b/drivers/mtd/nftlcore.c |
1031 |
index 1002e18..26d82d5 100644 |
1032 |
--- a/drivers/mtd/nftlcore.c |
1033 |
@@ -61822,6 +62547,33 @@ index bcbe104..9cfd1c6 100644 |
1034 |
void usb_mon_deregister(void); |
1035 |
|
1036 |
#else |
1037 |
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c |
1038 |
+index 2b428fc..f0b27f8 100644 |
1039 |
+--- a/drivers/usb/core/hub.c |
1040 |
++++ b/drivers/usb/core/hub.c |
1041 |
+@@ -23,6 +23,7 @@ |
1042 |
+ #include <linux/mutex.h> |
1043 |
+ #include <linux/freezer.h> |
1044 |
+ #include <linux/usb/quirks.h> |
1045 |
++#include <linux/random.h> |
1046 |
+ |
1047 |
+ #include <asm/uaccess.h> |
1048 |
+ #include <asm/byteorder.h> |
1049 |
+@@ -1812,6 +1813,14 @@ int usb_new_device(struct usb_device *udev) |
1050 |
+ /* Tell the world! */ |
1051 |
+ announce_device(udev); |
1052 |
+ |
1053 |
++ if (udev->serial) |
1054 |
++ add_device_randomness(udev->serial, strlen(udev->serial)); |
1055 |
++ if (udev->product) |
1056 |
++ add_device_randomness(udev->product, strlen(udev->product)); |
1057 |
++ if (udev->manufacturer) |
1058 |
++ add_device_randomness(udev->manufacturer, |
1059 |
++ strlen(udev->manufacturer)); |
1060 |
++ |
1061 |
+ /* Register the device. The device driver is responsible |
1062 |
+ * for configuring the device and invoking the add-device |
1063 |
+ * notifier chain (used by usbfs and possibly others). |
1064 |
diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c |
1065 |
index 62ff5e7..530b74e 100644 |
1066 |
--- a/drivers/usb/misc/appledisplay.c |
1067 |
@@ -67733,6 +68485,366 @@ index 90a6087..fa05803 100644 |
1068 |
set_fs(old_fs); |
1069 |
if (rc < 0) |
1070 |
goto out_free; |
1071 |
+diff --git a/fs/eventpoll.c b/fs/eventpoll.c |
1072 |
+index f539204..068db1f 100644 |
1073 |
+--- a/fs/eventpoll.c |
1074 |
++++ b/fs/eventpoll.c |
1075 |
+@@ -200,6 +200,12 @@ struct eventpoll { |
1076 |
+ |
1077 |
+ /* The user that created the eventpoll descriptor */ |
1078 |
+ struct user_struct *user; |
1079 |
++ |
1080 |
++ struct file *file; |
1081 |
++ |
1082 |
++ /* used to optimize loop detection check */ |
1083 |
++ int visited; |
1084 |
++ struct list_head visited_list_link; |
1085 |
+ }; |
1086 |
+ |
1087 |
+ /* Wait structure used by the poll hooks */ |
1088 |
+@@ -258,6 +264,15 @@ static struct kmem_cache *epi_cache __read_mostly; |
1089 |
+ /* Slab cache used to allocate "struct eppoll_entry" */ |
1090 |
+ static struct kmem_cache *pwq_cache __read_mostly; |
1091 |
+ |
1092 |
++/* Visited nodes during ep_loop_check(), so we can unset them when we finish */ |
1093 |
++static LIST_HEAD(visited_list); |
1094 |
++ |
1095 |
++/* |
1096 |
++ * List of files with newly added links, where we may need to limit the number |
1097 |
++ * of emanating paths. Protected by the epmutex. |
1098 |
++ */ |
1099 |
++static LIST_HEAD(tfile_check_list); |
1100 |
++ |
1101 |
+ #ifdef CONFIG_SYSCTL |
1102 |
+ |
1103 |
+ #include <linux/sysctl.h> |
1104 |
+@@ -277,6 +292,12 @@ ctl_table epoll_table[] = { |
1105 |
+ }; |
1106 |
+ #endif /* CONFIG_SYSCTL */ |
1107 |
+ |
1108 |
++static const struct file_operations eventpoll_fops; |
1109 |
++ |
1110 |
++static inline int is_file_epoll(struct file *f) |
1111 |
++{ |
1112 |
++ return f->f_op == &eventpoll_fops; |
1113 |
++} |
1114 |
+ |
1115 |
+ /* Setup the structure that is used as key for the RB tree */ |
1116 |
+ static inline void ep_set_ffd(struct epoll_filefd *ffd, |
1117 |
+@@ -698,12 +719,6 @@ static const struct file_operations eventpoll_fops = { |
1118 |
+ .poll = ep_eventpoll_poll |
1119 |
+ }; |
1120 |
+ |
1121 |
+-/* Fast test to see if the file is an evenpoll file */ |
1122 |
+-static inline int is_file_epoll(struct file *f) |
1123 |
+-{ |
1124 |
+- return f->f_op == &eventpoll_fops; |
1125 |
+-} |
1126 |
+- |
1127 |
+ /* |
1128 |
+ * This is called from eventpoll_release() to unlink files from the eventpoll |
1129 |
+ * interface. We need to have this facility to cleanup correctly files that are |
1130 |
+@@ -913,6 +928,103 @@ static void ep_rbtree_insert(struct eventpoll *ep, struct epitem *epi) |
1131 |
+ rb_insert_color(&epi->rbn, &ep->rbr); |
1132 |
+ } |
1133 |
+ |
1134 |
++ |
1135 |
++ |
1136 |
++#define PATH_ARR_SIZE 5 |
1137 |
++/* |
1138 |
++ * These are the number paths of length 1 to 5, that we are allowing to emanate |
1139 |
++ * from a single file of interest. For example, we allow 1000 paths of length |
1140 |
++ * 1, to emanate from each file of interest. This essentially represents the |
1141 |
++ * potential wakeup paths, which need to be limited in order to avoid massive |
1142 |
++ * uncontrolled wakeup storms. The common use case should be a single ep which |
1143 |
++ * is connected to n file sources. In this case each file source has 1 path |
1144 |
++ * of length 1. Thus, the numbers below should be more than sufficient. These |
1145 |
++ * path limits are enforced during an EPOLL_CTL_ADD operation, since a modify |
1146 |
++ * and delete can't add additional paths. Protected by the epmutex. |
1147 |
++ */ |
1148 |
++static const int path_limits[PATH_ARR_SIZE] = { 1000, 500, 100, 50, 10 }; |
1149 |
++static int path_count[PATH_ARR_SIZE]; |
1150 |
++ |
1151 |
++static int path_count_inc(int nests) |
1152 |
++{ |
1153 |
++ /* Allow an arbitrary number of depth 1 paths */ |
1154 |
++ if (nests == 0) |
1155 |
++ return 0; |
1156 |
++ |
1157 |
++ if (++path_count[nests] > path_limits[nests]) |
1158 |
++ return -1; |
1159 |
++ return 0; |
1160 |
++} |
1161 |
++ |
1162 |
++static void path_count_init(void) |
1163 |
++{ |
1164 |
++ int i; |
1165 |
++ |
1166 |
++ for (i = 0; i < PATH_ARR_SIZE; i++) |
1167 |
++ path_count[i] = 0; |
1168 |
++} |
1169 |
++ |
1170 |
++static int reverse_path_check_proc(void *priv, void *cookie, int call_nests) |
1171 |
++{ |
1172 |
++ int error = 0; |
1173 |
++ struct file *file = priv; |
1174 |
++ struct file *child_file; |
1175 |
++ struct epitem *epi; |
1176 |
++ |
1177 |
++ list_for_each_entry(epi, &file->f_ep_links, fllink) { |
1178 |
++ child_file = epi->ep->file; |
1179 |
++ if (is_file_epoll(child_file)) { |
1180 |
++ if (list_empty(&child_file->f_ep_links)) { |
1181 |
++ if (path_count_inc(call_nests)) { |
1182 |
++ error = -1; |
1183 |
++ break; |
1184 |
++ } |
1185 |
++ } else { |
1186 |
++ error = ep_call_nested(&poll_loop_ncalls, |
1187 |
++ EP_MAX_NESTS, |
1188 |
++ reverse_path_check_proc, |
1189 |
++ child_file, child_file, |
1190 |
++ current); |
1191 |
++ } |
1192 |
++ if (error != 0) |
1193 |
++ break; |
1194 |
++ } else { |
1195 |
++ printk(KERN_ERR "reverse_path_check_proc: " |
1196 |
++ "file is not an ep!\n"); |
1197 |
++ } |
1198 |
++ } |
1199 |
++ return error; |
1200 |
++} |
1201 |
++ |
1202 |
++/** |
1203 |
++ * reverse_path_check - The tfile_check_list is list of file *, which have |
1204 |
++ * links that are proposed to be newly added. We need to |
1205 |
++ * make sure that those added links don't add too many |
1206 |
++ * paths such that we will spend all our time waking up |
1207 |
++ * eventpoll objects. |
1208 |
++ * |
1209 |
++ * Returns: Returns zero if the proposed links don't create too many paths, |
1210 |
++ * -1 otherwise. |
1211 |
++ */ |
1212 |
++static int reverse_path_check(void) |
1213 |
++{ |
1214 |
++ int length = 0; |
1215 |
++ int error = 0; |
1216 |
++ struct file *current_file; |
1217 |
++ |
1218 |
++ /* let's call this for all tfiles */ |
1219 |
++ list_for_each_entry(current_file, &tfile_check_list, f_tfile_llink) { |
1220 |
++ length++; |
1221 |
++ path_count_init(); |
1222 |
++ error = ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS, |
1223 |
++ reverse_path_check_proc, current_file, |
1224 |
++ current_file, current); |
1225 |
++ if (error) |
1226 |
++ break; |
1227 |
++ } |
1228 |
++ return error; |
1229 |
++} |
1230 |
++ |
1231 |
+ /* |
1232 |
+ * Must be called with "mtx" held. |
1233 |
+ */ |
1234 |
+@@ -973,6 +1085,11 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, |
1235 |
+ */ |
1236 |
+ ep_rbtree_insert(ep, epi); |
1237 |
+ |
1238 |
++ /* now check if we've created too many backpaths */ |
1239 |
++ error = -EINVAL; |
1240 |
++ if (reverse_path_check()) |
1241 |
++ goto error_remove_epi; |
1242 |
++ |
1243 |
+ /* We have to drop the new item inside our item list to keep track of it */ |
1244 |
+ spin_lock_irqsave(&ep->lock, flags); |
1245 |
+ |
1246 |
+@@ -997,6 +1114,14 @@ static int ep_insert(struct eventpoll *ep, struct epoll_event *event, |
1247 |
+ |
1248 |
+ return 0; |
1249 |
+ |
1250 |
++error_remove_epi: |
1251 |
++ spin_lock(&tfile->f_lock); |
1252 |
++ if (ep_is_linked(&epi->fllink)) |
1253 |
++ list_del_init(&epi->fllink); |
1254 |
++ spin_unlock(&tfile->f_lock); |
1255 |
++ |
1256 |
++ rb_erase(&epi->rbn, &ep->rbr); |
1257 |
++ |
1258 |
+ error_unregister: |
1259 |
+ ep_unregister_pollwait(ep, epi); |
1260 |
+ |
1261 |
+@@ -1223,18 +1348,36 @@ static int ep_loop_check_proc(void *priv, void *cookie, int call_nests) |
1262 |
+ int error = 0; |
1263 |
+ struct file *file = priv; |
1264 |
+ struct eventpoll *ep = file->private_data; |
1265 |
++ struct eventpoll *ep_tovisit; |
1266 |
+ struct rb_node *rbp; |
1267 |
+ struct epitem *epi; |
1268 |
+ |
1269 |
+ mutex_lock_nested(&ep->mtx, call_nests + 1); |
1270 |
++ ep->visited = 1; |
1271 |
++ list_add(&ep->visited_list_link, &visited_list); |
1272 |
+ for (rbp = rb_first(&ep->rbr); rbp; rbp = rb_next(rbp)) { |
1273 |
+ epi = rb_entry(rbp, struct epitem, rbn); |
1274 |
+ if (unlikely(is_file_epoll(epi->ffd.file))) { |
1275 |
++ ep_tovisit = epi->ffd.file->private_data; |
1276 |
++ if (ep_tovisit->visited) |
1277 |
++ continue; |
1278 |
+ error = ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS, |
1279 |
+- ep_loop_check_proc, epi->ffd.file, |
1280 |
+- epi->ffd.file->private_data, current); |
1281 |
++ ep_loop_check_proc, epi->ffd.file, |
1282 |
++ ep_tovisit, current); |
1283 |
+ if (error != 0) |
1284 |
+ break; |
1285 |
++ } else { |
1286 |
++ /* |
1287 |
++ * If we've reached a file that is not associated with |
1288 |
++ * an ep, then we need to check if the newly added |
1289 |
++ * links are going to add too many wakeup paths. We do |
1290 |
++ * this by adding it to the tfile_check_list, if it's |
1291 |
++ * not already there, and calling reverse_path_check() |
1292 |
++ * during ep_insert(). |
1293 |
++ */ |
1294 |
++ if (list_empty(&epi->ffd.file->f_tfile_llink)) |
1295 |
++ list_add(&epi->ffd.file->f_tfile_llink, |
1296 |
++ &tfile_check_list); |
1297 |
+ } |
1298 |
+ } |
1299 |
+ mutex_unlock(&ep->mtx); |
1300 |
+@@ -1255,8 +1398,31 @@ static int ep_loop_check_proc(void *priv, void *cookie, int call_nests) |
1301 |
+ */ |
1302 |
+ static int ep_loop_check(struct eventpoll *ep, struct file *file) |
1303 |
+ { |
1304 |
+- return ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS, |
1305 |
++ int ret; |
1306 |
++ struct eventpoll *ep_cur, *ep_next; |
1307 |
++ |
1308 |
++ ret = ep_call_nested(&poll_loop_ncalls, EP_MAX_NESTS, |
1309 |
+ ep_loop_check_proc, file, ep, current); |
1310 |
++ /* clear visited list */ |
1311 |
++ list_for_each_entry_safe(ep_cur, ep_next, &visited_list, |
1312 |
++ visited_list_link) { |
1313 |
++ ep_cur->visited = 0; |
1314 |
++ list_del(&ep_cur->visited_list_link); |
1315 |
++ } |
1316 |
++ return ret; |
1317 |
++} |
1318 |
++ |
1319 |
++static void clear_tfile_check_list(void) |
1320 |
++{ |
1321 |
++ struct file *file; |
1322 |
++ |
1323 |
++ /* first clear the tfile_check_list */ |
1324 |
++ while (!list_empty(&tfile_check_list)) { |
1325 |
++ file = list_first_entry(&tfile_check_list, struct file, |
1326 |
++ f_tfile_llink); |
1327 |
++ list_del_init(&file->f_tfile_llink); |
1328 |
++ } |
1329 |
++ INIT_LIST_HEAD(&tfile_check_list); |
1330 |
+ } |
1331 |
+ |
1332 |
+ /* |
1333 |
+@@ -1264,8 +1430,9 @@ static int ep_loop_check(struct eventpoll *ep, struct file *file) |
1334 |
+ */ |
1335 |
+ SYSCALL_DEFINE1(epoll_create1, int, flags) |
1336 |
+ { |
1337 |
+- int error; |
1338 |
++ int error, fd; |
1339 |
+ struct eventpoll *ep = NULL; |
1340 |
++ struct file *file; |
1341 |
+ |
1342 |
+ /* Check the EPOLL_* constant for consistency. */ |
1343 |
+ BUILD_BUG_ON(EPOLL_CLOEXEC != O_CLOEXEC); |
1344 |
+@@ -1282,11 +1449,25 @@ SYSCALL_DEFINE1(epoll_create1, int, flags) |
1345 |
+ * Creates all the items needed to setup an eventpoll file. That is, |
1346 |
+ * a file structure and a free file descriptor. |
1347 |
+ */ |
1348 |
+- error = anon_inode_getfd("[eventpoll]", &eventpoll_fops, ep, |
1349 |
+- flags & O_CLOEXEC); |
1350 |
+- if (error < 0) |
1351 |
+- ep_free(ep); |
1352 |
++ fd = get_unused_fd_flags(O_RDWR | (flags & O_CLOEXEC)); |
1353 |
++ if (fd < 0) { |
1354 |
++ error = fd; |
1355 |
++ goto out_free_ep; |
1356 |
++ } |
1357 |
++ file = anon_inode_getfile("[eventpoll]", &eventpoll_fops, ep, |
1358 |
++ O_RDWR | (flags & O_CLOEXEC)); |
1359 |
++ if (IS_ERR(file)) { |
1360 |
++ error = PTR_ERR(file); |
1361 |
++ goto out_free_fd; |
1362 |
++ } |
1363 |
++ fd_install(fd, file); |
1364 |
++ ep->file = file; |
1365 |
++ return fd; |
1366 |
+ |
1367 |
++out_free_fd: |
1368 |
++ put_unused_fd(fd); |
1369 |
++out_free_ep: |
1370 |
++ ep_free(ep); |
1371 |
+ return error; |
1372 |
+ } |
1373 |
+ |
1374 |
+@@ -1352,21 +1533,29 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd, |
1375 |
+ /* |
1376 |
+ * When we insert an epoll file descriptor, inside another epoll file |
1377 |
+ * descriptor, there is the change of creating closed loops, which are |
1378 |
+- * better be handled here, than in more critical paths. |
1379 |
++ * better be handled here, than in more critical paths. While we are |
1380 |
++ * checking for loops we also determine the list of files reachable |
1381 |
++ * and hang them on the tfile_check_list, so we can check that we |
1382 |
++ * haven't created too many possible wakeup paths. |
1383 |
+ * |
1384 |
+- * We hold epmutex across the loop check and the insert in this case, in |
1385 |
+- * order to prevent two separate inserts from racing and each doing the |
1386 |
+- * insert "at the same time" such that ep_loop_check passes on both |
1387 |
+- * before either one does the insert, thereby creating a cycle. |
1388 |
++ * We need to hold the epmutex across both ep_insert and ep_remove |
1389 |
++ * b/c we want to make sure we are looking at a coherent view of |
1390 |
++ * epoll network. |
1391 |
+ */ |
1392 |
+- if (unlikely(is_file_epoll(tfile) && op == EPOLL_CTL_ADD)) { |
1393 |
++ if (op == EPOLL_CTL_ADD || op == EPOLL_CTL_DEL) { |
1394 |
+ mutex_lock(&epmutex); |
1395 |
+ did_lock_epmutex = 1; |
1396 |
+- error = -ELOOP; |
1397 |
+- if (ep_loop_check(ep, tfile) != 0) |
1398 |
+- goto error_tgt_fput; |
1399 |
+ } |
1400 |
+- |
1401 |
++ if (op == EPOLL_CTL_ADD) { |
1402 |
++ if (is_file_epoll(tfile)) { |
1403 |
++ error = -ELOOP; |
1404 |
++ if (ep_loop_check(ep, tfile) != 0) { |
1405 |
++ clear_tfile_check_list(); |
1406 |
++ goto error_tgt_fput; |
1407 |
++ } |
1408 |
++ } else |
1409 |
++ list_add(&tfile->f_tfile_llink, &tfile_check_list); |
1410 |
++ } |
1411 |
+ |
1412 |
+ mutex_lock_nested(&ep->mtx, 0); |
1413 |
+ |
1414 |
+@@ -1385,6 +1574,7 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd, |
1415 |
+ error = ep_insert(ep, &epds, tfile, fd); |
1416 |
+ } else |
1417 |
+ error = -EEXIST; |
1418 |
++ clear_tfile_check_list(); |
1419 |
+ break; |
1420 |
+ case EPOLL_CTL_DEL: |
1421 |
+ if (epi) |
1422 |
+@@ -1403,7 +1593,7 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd, |
1423 |
+ mutex_unlock(&ep->mtx); |
1424 |
+ |
1425 |
+ error_tgt_fput: |
1426 |
+- if (unlikely(did_lock_epmutex)) |
1427 |
++ if (did_lock_epmutex) |
1428 |
+ mutex_unlock(&epmutex); |
1429 |
+ |
1430 |
+ fput(tfile); |
1431 |
diff --git a/fs/exec.c b/fs/exec.c |
1432 |
index 86fafc6..574abd3 100644 |
1433 |
--- a/fs/exec.c |
1434 |
@@ -70811,7 +71923,7 @@ index ec88ff3..b843a82 100644 |
1435 |
cache->c_bucket_bits = bucket_bits; |
1436 |
#ifdef MB_CACHE_INDEXES_COUNT |
1437 |
diff --git a/fs/namei.c b/fs/namei.c |
1438 |
-index b0afbd4..8d065a1 100644 |
1439 |
+index b0afbd4..6579ccc 100644 |
1440 |
--- a/fs/namei.c |
1441 |
+++ b/fs/namei.c |
1442 |
@@ -224,6 +224,14 @@ int generic_permission(struct inode *inode, int mask, |
1443 |
@@ -70854,7 +71966,7 @@ index b0afbd4..8d065a1 100644 |
1444 |
goto ok; |
1445 |
|
1446 |
return ret; |
1447 |
-@@ -638,7 +639,7 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata |
1448 |
+@@ -638,13 +639,17 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata |
1449 |
cookie = dentry->d_inode->i_op->follow_link(dentry, nd); |
1450 |
error = PTR_ERR(cookie); |
1451 |
if (!IS_ERR(cookie)) { |
1452 |
@@ -70863,7 +71975,17 @@ index b0afbd4..8d065a1 100644 |
1453 |
error = 0; |
1454 |
if (s) |
1455 |
error = __vfs_follow_link(nd, s); |
1456 |
-@@ -669,6 +670,13 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd) |
1457 |
+ if (dentry->d_inode->i_op->put_link) |
1458 |
+ dentry->d_inode->i_op->put_link(dentry, nd, cookie); |
1459 |
+ } |
1460 |
++ |
1461 |
++ if (!error && gr_handle_symlink_owner(path, nd->path.dentry->d_inode)) |
1462 |
++ error = -EACCES; |
1463 |
++ |
1464 |
+ path_put(path); |
1465 |
+ |
1466 |
+ return error; |
1467 |
+@@ -669,6 +674,13 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd) |
1468 |
err = security_inode_follow_link(path->dentry, nd); |
1469 |
if (err) |
1470 |
goto loop; |
1471 |
@@ -70877,7 +71999,7 @@ index b0afbd4..8d065a1 100644 |
1472 |
current->link_count++; |
1473 |
current->total_link_count++; |
1474 |
nd->depth++; |
1475 |
-@@ -1016,11 +1024,19 @@ return_reval: |
1476 |
+@@ -1016,11 +1028,19 @@ return_reval: |
1477 |
break; |
1478 |
} |
1479 |
return_base: |
1480 |
@@ -70897,7 +72019,7 @@ index b0afbd4..8d065a1 100644 |
1481 |
path_put(&nd->path); |
1482 |
return_err: |
1483 |
return err; |
1484 |
-@@ -1091,13 +1107,20 @@ static int do_path_lookup(int dfd, const char *name, |
1485 |
+@@ -1091,13 +1111,20 @@ static int do_path_lookup(int dfd, const char *name, |
1486 |
int retval = path_init(dfd, name, flags, nd); |
1487 |
if (!retval) |
1488 |
retval = path_walk(name, nd); |
1489 |
@@ -70921,7 +72043,7 @@ index b0afbd4..8d065a1 100644 |
1490 |
return retval; |
1491 |
} |
1492 |
|
1493 |
-@@ -1576,6 +1599,20 @@ int may_open(struct path *path, int acc_mode, int flag) |
1494 |
+@@ -1576,6 +1603,20 @@ int may_open(struct path *path, int acc_mode, int flag) |
1495 |
if (error) |
1496 |
goto err_out; |
1497 |
|
1498 |
@@ -70942,7 +72064,7 @@ index b0afbd4..8d065a1 100644 |
1499 |
if (flag & O_TRUNC) { |
1500 |
error = get_write_access(inode); |
1501 |
if (error) |
1502 |
-@@ -1620,6 +1657,17 @@ static int __open_namei_create(struct nameidata *nd, struct path *path, |
1503 |
+@@ -1620,6 +1661,17 @@ static int __open_namei_create(struct nameidata *nd, struct path *path, |
1504 |
{ |
1505 |
int error; |
1506 |
struct dentry *dir = nd->path.dentry; |
1507 |
@@ -70960,7 +72082,7 @@ index b0afbd4..8d065a1 100644 |
1508 |
|
1509 |
if (!IS_POSIXACL(dir->d_inode)) |
1510 |
mode &= ~current_umask(); |
1511 |
-@@ -1627,6 +1675,8 @@ static int __open_namei_create(struct nameidata *nd, struct path *path, |
1512 |
+@@ -1627,6 +1679,8 @@ static int __open_namei_create(struct nameidata *nd, struct path *path, |
1513 |
if (error) |
1514 |
goto out_unlock; |
1515 |
error = vfs_create(dir->d_inode, path->dentry, mode, nd); |
1516 |
@@ -70969,7 +72091,15 @@ index b0afbd4..8d065a1 100644 |
1517 |
out_unlock: |
1518 |
mutex_unlock(&dir->d_inode->i_mutex); |
1519 |
dput(nd->path.dentry); |
1520 |
-@@ -1709,6 +1759,22 @@ struct file *do_filp_open(int dfd, const char *pathname, |
1521 |
+@@ -1684,6 +1738,7 @@ struct file *do_filp_open(int dfd, const char *pathname, |
1522 |
+ struct nameidata nd; |
1523 |
+ int error; |
1524 |
+ struct path path; |
1525 |
++ struct path link_path; |
1526 |
+ struct dentry *dir; |
1527 |
+ int count = 0; |
1528 |
+ int will_write; |
1529 |
+@@ -1709,6 +1764,22 @@ struct file *do_filp_open(int dfd, const char *pathname, |
1530 |
&nd, flag); |
1531 |
if (error) |
1532 |
return ERR_PTR(error); |
1533 |
@@ -70992,7 +72122,7 @@ index b0afbd4..8d065a1 100644 |
1534 |
goto ok; |
1535 |
} |
1536 |
|
1537 |
-@@ -1795,6 +1861,19 @@ do_last: |
1538 |
+@@ -1795,6 +1866,19 @@ do_last: |
1539 |
/* |
1540 |
* It already exists. |
1541 |
*/ |
1542 |
@@ -71012,7 +72142,7 @@ index b0afbd4..8d065a1 100644 |
1543 |
mutex_unlock(&dir->d_inode->i_mutex); |
1544 |
audit_inode(pathname, path.dentry); |
1545 |
|
1546 |
-@@ -1887,6 +1966,13 @@ do_link: |
1547 |
+@@ -1887,6 +1971,13 @@ do_link: |
1548 |
error = security_inode_follow_link(path.dentry, &nd); |
1549 |
if (error) |
1550 |
goto exit_dput; |
1551 |
@@ -71026,7 +72156,23 @@ index b0afbd4..8d065a1 100644 |
1552 |
error = __do_follow_link(&path, &nd); |
1553 |
if (error) { |
1554 |
/* Does someone understand code flow here? Or it is only |
1555 |
-@@ -1984,6 +2070,10 @@ struct dentry *lookup_create(struct nameidata *nd, int is_dir) |
1556 |
+@@ -1915,9 +2006,15 @@ do_link: |
1557 |
+ } |
1558 |
+ dir = nd.path.dentry; |
1559 |
+ mutex_lock(&dir->d_inode->i_mutex); |
1560 |
++ link_path.dentry = path.dentry; |
1561 |
++ link_path.mnt = path.mnt; |
1562 |
+ path.dentry = lookup_hash(&nd); |
1563 |
+ path.mnt = nd.path.mnt; |
1564 |
+ __putname(nd.last.name); |
1565 |
++ if (!IS_ERR(path.dentry) && gr_handle_symlink_owner(&link_path, path.dentry->d_inode)) { |
1566 |
++ error = -EACCES; |
1567 |
++ goto exit_mutex_unlock; |
1568 |
++ } |
1569 |
+ goto do_last; |
1570 |
+ } |
1571 |
+ |
1572 |
+@@ -1984,6 +2081,10 @@ struct dentry *lookup_create(struct nameidata *nd, int is_dir) |
1573 |
} |
1574 |
return dentry; |
1575 |
eexist: |
1576 |
@@ -71037,7 +72183,7 @@ index b0afbd4..8d065a1 100644 |
1577 |
dput(dentry); |
1578 |
dentry = ERR_PTR(-EEXIST); |
1579 |
fail: |
1580 |
-@@ -2061,6 +2151,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
1581 |
+@@ -2061,6 +2162,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
1582 |
error = may_mknod(mode); |
1583 |
if (error) |
1584 |
goto out_dput; |
1585 |
@@ -71055,7 +72201,7 @@ index b0afbd4..8d065a1 100644 |
1586 |
error = mnt_want_write(nd.path.mnt); |
1587 |
if (error) |
1588 |
goto out_dput; |
1589 |
-@@ -2081,6 +2182,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
1590 |
+@@ -2081,6 +2193,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
1591 |
} |
1592 |
out_drop_write: |
1593 |
mnt_drop_write(nd.path.mnt); |
1594 |
@@ -71065,7 +72211,7 @@ index b0afbd4..8d065a1 100644 |
1595 |
out_dput: |
1596 |
dput(dentry); |
1597 |
out_unlock: |
1598 |
-@@ -2134,6 +2238,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) |
1599 |
+@@ -2134,6 +2249,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) |
1600 |
if (IS_ERR(dentry)) |
1601 |
goto out_unlock; |
1602 |
|
1603 |
@@ -71077,7 +72223,7 @@ index b0afbd4..8d065a1 100644 |
1604 |
if (!IS_POSIXACL(nd.path.dentry->d_inode)) |
1605 |
mode &= ~current_umask(); |
1606 |
error = mnt_want_write(nd.path.mnt); |
1607 |
-@@ -2145,6 +2254,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) |
1608 |
+@@ -2145,6 +2265,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) |
1609 |
error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode); |
1610 |
out_drop_write: |
1611 |
mnt_drop_write(nd.path.mnt); |
1612 |
@@ -71088,7 +72234,7 @@ index b0afbd4..8d065a1 100644 |
1613 |
out_dput: |
1614 |
dput(dentry); |
1615 |
out_unlock: |
1616 |
-@@ -2226,6 +2339,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
1617 |
+@@ -2226,6 +2350,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
1618 |
char * name; |
1619 |
struct dentry *dentry; |
1620 |
struct nameidata nd; |
1621 |
@@ -71097,7 +72243,7 @@ index b0afbd4..8d065a1 100644 |
1622 |
|
1623 |
error = user_path_parent(dfd, pathname, &nd, &name); |
1624 |
if (error) |
1625 |
-@@ -2250,6 +2365,17 @@ static long do_rmdir(int dfd, const char __user *pathname) |
1626 |
+@@ -2250,6 +2376,17 @@ static long do_rmdir(int dfd, const char __user *pathname) |
1627 |
error = PTR_ERR(dentry); |
1628 |
if (IS_ERR(dentry)) |
1629 |
goto exit2; |
1630 |
@@ -71115,7 +72261,7 @@ index b0afbd4..8d065a1 100644 |
1631 |
error = mnt_want_write(nd.path.mnt); |
1632 |
if (error) |
1633 |
goto exit3; |
1634 |
-@@ -2257,6 +2383,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
1635 |
+@@ -2257,6 +2394,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
1636 |
if (error) |
1637 |
goto exit4; |
1638 |
error = vfs_rmdir(nd.path.dentry->d_inode, dentry); |
1639 |
@@ -71124,7 +72270,7 @@ index b0afbd4..8d065a1 100644 |
1640 |
exit4: |
1641 |
mnt_drop_write(nd.path.mnt); |
1642 |
exit3: |
1643 |
-@@ -2318,6 +2446,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
1644 |
+@@ -2318,6 +2457,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
1645 |
struct dentry *dentry; |
1646 |
struct nameidata nd; |
1647 |
struct inode *inode = NULL; |
1648 |
@@ -71133,7 +72279,7 @@ index b0afbd4..8d065a1 100644 |
1649 |
|
1650 |
error = user_path_parent(dfd, pathname, &nd, &name); |
1651 |
if (error) |
1652 |
-@@ -2337,8 +2467,19 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
1653 |
+@@ -2337,8 +2478,19 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
1654 |
if (nd.last.name[nd.last.len]) |
1655 |
goto slashes; |
1656 |
inode = dentry->d_inode; |
1657 |
@@ -71154,7 +72300,7 @@ index b0afbd4..8d065a1 100644 |
1658 |
error = mnt_want_write(nd.path.mnt); |
1659 |
if (error) |
1660 |
goto exit2; |
1661 |
-@@ -2346,6 +2487,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
1662 |
+@@ -2346,6 +2498,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
1663 |
if (error) |
1664 |
goto exit3; |
1665 |
error = vfs_unlink(nd.path.dentry->d_inode, dentry); |
1666 |
@@ -71163,7 +72309,7 @@ index b0afbd4..8d065a1 100644 |
1667 |
exit3: |
1668 |
mnt_drop_write(nd.path.mnt); |
1669 |
exit2: |
1670 |
-@@ -2424,6 +2567,11 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, |
1671 |
+@@ -2424,6 +2578,11 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, |
1672 |
if (IS_ERR(dentry)) |
1673 |
goto out_unlock; |
1674 |
|
1675 |
@@ -71175,7 +72321,7 @@ index b0afbd4..8d065a1 100644 |
1676 |
error = mnt_want_write(nd.path.mnt); |
1677 |
if (error) |
1678 |
goto out_dput; |
1679 |
-@@ -2431,6 +2579,8 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, |
1680 |
+@@ -2431,6 +2590,8 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, |
1681 |
if (error) |
1682 |
goto out_drop_write; |
1683 |
error = vfs_symlink(nd.path.dentry->d_inode, dentry, from); |
1684 |
@@ -71184,7 +72330,7 @@ index b0afbd4..8d065a1 100644 |
1685 |
out_drop_write: |
1686 |
mnt_drop_write(nd.path.mnt); |
1687 |
out_dput: |
1688 |
-@@ -2524,6 +2674,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
1689 |
+@@ -2524,6 +2685,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
1690 |
error = PTR_ERR(new_dentry); |
1691 |
if (IS_ERR(new_dentry)) |
1692 |
goto out_unlock; |
1693 |
@@ -71205,7 +72351,7 @@ index b0afbd4..8d065a1 100644 |
1694 |
error = mnt_want_write(nd.path.mnt); |
1695 |
if (error) |
1696 |
goto out_dput; |
1697 |
-@@ -2531,6 +2695,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
1698 |
+@@ -2531,6 +2706,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
1699 |
if (error) |
1700 |
goto out_drop_write; |
1701 |
error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry); |
1702 |
@@ -71214,7 +72360,7 @@ index b0afbd4..8d065a1 100644 |
1703 |
out_drop_write: |
1704 |
mnt_drop_write(nd.path.mnt); |
1705 |
out_dput: |
1706 |
-@@ -2708,6 +2874,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
1707 |
+@@ -2708,6 +2885,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
1708 |
char *to; |
1709 |
int error; |
1710 |
|
1711 |
@@ -71223,7 +72369,7 @@ index b0afbd4..8d065a1 100644 |
1712 |
error = user_path_parent(olddfd, oldname, &oldnd, &from); |
1713 |
if (error) |
1714 |
goto exit; |
1715 |
-@@ -2764,6 +2932,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
1716 |
+@@ -2764,6 +2943,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
1717 |
if (new_dentry == trap) |
1718 |
goto exit5; |
1719 |
|
1720 |
@@ -71236,7 +72382,7 @@ index b0afbd4..8d065a1 100644 |
1721 |
error = mnt_want_write(oldnd.path.mnt); |
1722 |
if (error) |
1723 |
goto exit5; |
1724 |
-@@ -2773,6 +2947,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
1725 |
+@@ -2773,6 +2958,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
1726 |
goto exit6; |
1727 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
1728 |
new_dir->d_inode, new_dentry); |
1729 |
@@ -71246,7 +72392,7 @@ index b0afbd4..8d065a1 100644 |
1730 |
exit6: |
1731 |
mnt_drop_write(oldnd.path.mnt); |
1732 |
exit5: |
1733 |
-@@ -2798,6 +2975,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
1734 |
+@@ -2798,6 +2986,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
1735 |
|
1736 |
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) |
1737 |
{ |
1738 |
@@ -71255,7 +72401,7 @@ index b0afbd4..8d065a1 100644 |
1739 |
int len; |
1740 |
|
1741 |
len = PTR_ERR(link); |
1742 |
-@@ -2807,7 +2986,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c |
1743 |
+@@ -2807,7 +2997,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c |
1744 |
len = strlen(link); |
1745 |
if (len > (unsigned) buflen) |
1746 |
len = buflen; |
1747 |
@@ -74187,6 +75333,150 @@ index 9215700..bf1f68e 100644 |
1748 |
u8 checksum = 0; |
1749 |
int i; |
1750 |
for (i = 0; i < sizeof(struct tag); ++i) |
1751 |
+diff --git a/fs/udf/super.c b/fs/udf/super.c |
1752 |
+index ee6b3af..ab17bcd 100644 |
1753 |
+--- a/fs/udf/super.c |
1754 |
++++ b/fs/udf/super.c |
1755 |
+@@ -57,6 +57,7 @@ |
1756 |
+ #include <linux/seq_file.h> |
1757 |
+ #include <linux/bitmap.h> |
1758 |
+ #include <linux/crc-itu-t.h> |
1759 |
++#include <linux/log2.h> |
1760 |
+ #include <asm/byteorder.h> |
1761 |
+ |
1762 |
+ #include "udf_sb.h" |
1763 |
+@@ -1239,16 +1240,65 @@ out_bh: |
1764 |
+ return ret; |
1765 |
+ } |
1766 |
+ |
1767 |
++static int udf_load_sparable_map(struct super_block *sb, |
1768 |
++ struct udf_part_map *map, |
1769 |
++ struct sparablePartitionMap *spm) |
1770 |
++{ |
1771 |
++ uint32_t loc; |
1772 |
++ uint16_t ident; |
1773 |
++ struct sparingTable *st; |
1774 |
++ struct udf_sparing_data *sdata = &map->s_type_specific.s_sparing; |
1775 |
++ int i; |
1776 |
++ struct buffer_head *bh; |
1777 |
++ |
1778 |
++ map->s_partition_type = UDF_SPARABLE_MAP15; |
1779 |
++ sdata->s_packet_len = le16_to_cpu(spm->packetLength); |
1780 |
++ if (!is_power_of_2(sdata->s_packet_len)) { |
1781 |
++ udf_error(sb, __func__, "error loading logical volume descriptor: " |
1782 |
++ "Invalid packet length %u\n", |
1783 |
++ (unsigned)sdata->s_packet_len); |
1784 |
++ return -EIO; |
1785 |
++ } |
1786 |
++ if (spm->numSparingTables > 4) { |
1787 |
++ udf_error(sb, __func__, "error loading logical volume descriptor: " |
1788 |
++ "Too many sparing tables (%d)\n", |
1789 |
++ (int)spm->numSparingTables); |
1790 |
++ return -EIO; |
1791 |
++ } |
1792 |
++ |
1793 |
++ for (i = 0; i < spm->numSparingTables; i++) { |
1794 |
++ loc = le32_to_cpu(spm->locSparingTable[i]); |
1795 |
++ bh = udf_read_tagged(sb, loc, loc, &ident); |
1796 |
++ if (!bh) |
1797 |
++ continue; |
1798 |
++ |
1799 |
++ st = (struct sparingTable *)bh->b_data; |
1800 |
++ if (ident != 0 || |
1801 |
++ strncmp(st->sparingIdent.ident, UDF_ID_SPARING, |
1802 |
++ strlen(UDF_ID_SPARING)) || |
1803 |
++ sizeof(*st) + le16_to_cpu(st->reallocationTableLen) > |
1804 |
++ sb->s_blocksize) { |
1805 |
++ brelse(bh); |
1806 |
++ continue; |
1807 |
++ } |
1808 |
++ |
1809 |
++ sdata->s_spar_map[i] = bh; |
1810 |
++ } |
1811 |
++ map->s_partition_func = udf_get_pblock_spar15; |
1812 |
++ return 0; |
1813 |
++} |
1814 |
++ |
1815 |
+ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
1816 |
+ struct kernel_lb_addr *fileset) |
1817 |
+ { |
1818 |
+ struct logicalVolDesc *lvd; |
1819 |
+- int i, j, offset; |
1820 |
++ int i, offset; |
1821 |
+ uint8_t type; |
1822 |
+ struct udf_sb_info *sbi = UDF_SB(sb); |
1823 |
+ struct genericPartitionMap *gpm; |
1824 |
+ uint16_t ident; |
1825 |
+ struct buffer_head *bh; |
1826 |
++ unsigned int table_len; |
1827 |
+ int ret = 0; |
1828 |
+ |
1829 |
+ bh = udf_read_tagged(sb, block, block, &ident); |
1830 |
+@@ -1256,6 +1306,13 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
1831 |
+ return 1; |
1832 |
+ BUG_ON(ident != TAG_IDENT_LVD); |
1833 |
+ lvd = (struct logicalVolDesc *)bh->b_data; |
1834 |
++ table_len = le32_to_cpu(lvd->mapTableLength); |
1835 |
++ if (sizeof(*lvd) + table_len > sb->s_blocksize) { |
1836 |
++ udf_error(sb, __func__, "error loading logical volume descriptor: " |
1837 |
++ "Partition table too long (%u > %lu)\n", table_len, |
1838 |
++ sb->s_blocksize - sizeof(*lvd)); |
1839 |
++ goto out_bh; |
1840 |
++ } |
1841 |
+ |
1842 |
+ i = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps)); |
1843 |
+ if (i != 0) { |
1844 |
+@@ -1264,7 +1321,7 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
1845 |
+ } |
1846 |
+ |
1847 |
+ for (i = 0, offset = 0; |
1848 |
+- i < sbi->s_partitions && offset < le32_to_cpu(lvd->mapTableLength); |
1849 |
++ i < sbi->s_partitions && offset < table_len; |
1850 |
+ i++, offset += gpm->partitionMapLength) { |
1851 |
+ struct udf_part_map *map = &sbi->s_partmaps[i]; |
1852 |
+ gpm = (struct genericPartitionMap *) |
1853 |
+@@ -1299,38 +1356,9 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
1854 |
+ } else if (!strncmp(upm2->partIdent.ident, |
1855 |
+ UDF_ID_SPARABLE, |
1856 |
+ strlen(UDF_ID_SPARABLE))) { |
1857 |
+- uint32_t loc; |
1858 |
+- struct sparingTable *st; |
1859 |
+- struct sparablePartitionMap *spm = |
1860 |
+- (struct sparablePartitionMap *)gpm; |
1861 |
+- |
1862 |
+- map->s_partition_type = UDF_SPARABLE_MAP15; |
1863 |
+- map->s_type_specific.s_sparing.s_packet_len = |
1864 |
+- le16_to_cpu(spm->packetLength); |
1865 |
+- for (j = 0; j < spm->numSparingTables; j++) { |
1866 |
+- struct buffer_head *bh2; |
1867 |
+- |
1868 |
+- loc = le32_to_cpu( |
1869 |
+- spm->locSparingTable[j]); |
1870 |
+- bh2 = udf_read_tagged(sb, loc, loc, |
1871 |
+- &ident); |
1872 |
+- map->s_type_specific.s_sparing. |
1873 |
+- s_spar_map[j] = bh2; |
1874 |
+- |
1875 |
+- if (bh2 == NULL) |
1876 |
+- continue; |
1877 |
+- |
1878 |
+- st = (struct sparingTable *)bh2->b_data; |
1879 |
+- if (ident != 0 || strncmp( |
1880 |
+- st->sparingIdent.ident, |
1881 |
+- UDF_ID_SPARING, |
1882 |
+- strlen(UDF_ID_SPARING))) { |
1883 |
+- brelse(bh2); |
1884 |
+- map->s_type_specific.s_sparing. |
1885 |
+- s_spar_map[j] = NULL; |
1886 |
+- } |
1887 |
+- } |
1888 |
+- map->s_partition_func = udf_get_pblock_spar15; |
1889 |
++ if (udf_load_sparable_map(sb, map, |
1890 |
++ (struct sparablePartitionMap *)gpm) < 0) |
1891 |
++ goto out_bh; |
1892 |
+ } else if (!strncmp(upm2->partIdent.ident, |
1893 |
+ UDF_ID_METADATA, |
1894 |
+ strlen(UDF_ID_METADATA))) { |
1895 |
diff --git a/fs/utimes.c b/fs/utimes.c |
1896 |
index e4c75db..b4df0e0 100644 |
1897 |
--- a/fs/utimes.c |
1898 |
@@ -74411,221 +75701,19 @@ index 8f32f50..b6a41e8 100644 |
1899 |
link[pathlen] = '\0'; |
1900 |
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
1901 |
new file mode 100644 |
1902 |
-index 0000000..5be91c0 |
1903 |
+index 0000000..c20c1db |
1904 |
--- /dev/null |
1905 |
+++ b/grsecurity/Kconfig |
1906 |
-@@ -0,0 +1,1078 @@ |
1907 |
+@@ -0,0 +1,939 @@ |
1908 |
+# |
1909 |
+# grecurity configuration |
1910 |
+# |
1911 |
-+ |
1912 |
-+menu "Grsecurity" |
1913 |
-+ |
1914 |
-+config GRKERNSEC |
1915 |
-+ bool "Grsecurity" |
1916 |
-+ select CRYPTO |
1917 |
-+ select CRYPTO_SHA256 |
1918 |
-+ help |
1919 |
-+ If you say Y here, you will be able to configure many features |
1920 |
-+ that will enhance the security of your system. It is highly |
1921 |
-+ recommended that you say Y here and read through the help |
1922 |
-+ for each option so that you fully understand the features and |
1923 |
-+ can evaluate their usefulness for your machine. |
1924 |
-+ |
1925 |
-+choice |
1926 |
-+ prompt "Security Level" |
1927 |
-+ depends on GRKERNSEC |
1928 |
-+ default GRKERNSEC_CUSTOM |
1929 |
-+ |
1930 |
-+config GRKERNSEC_LOW |
1931 |
-+ bool "Low" |
1932 |
-+ select GRKERNSEC_LINK |
1933 |
-+ select GRKERNSEC_FIFO |
1934 |
-+ select GRKERNSEC_RANDNET |
1935 |
-+ select GRKERNSEC_DMESG |
1936 |
-+ select GRKERNSEC_CHROOT |
1937 |
-+ select GRKERNSEC_CHROOT_CHDIR |
1938 |
-+ |
1939 |
-+ help |
1940 |
-+ If you choose this option, several of the grsecurity options will |
1941 |
-+ be enabled that will give you greater protection against a number |
1942 |
-+ of attacks, while assuring that none of your software will have any |
1943 |
-+ conflicts with the additional security measures. If you run a lot |
1944 |
-+ of unusual software, or you are having problems with the higher |
1945 |
-+ security levels, you should say Y here. With this option, the |
1946 |
-+ following features are enabled: |
1947 |
-+ |
1948 |
-+ - Linking restrictions |
1949 |
-+ - FIFO restrictions |
1950 |
-+ - Restricted dmesg |
1951 |
-+ - Enforced chdir("/") on chroot |
1952 |
-+ - Runtime module disabling |
1953 |
-+ |
1954 |
-+config GRKERNSEC_MEDIUM |
1955 |
-+ bool "Medium" |
1956 |
-+ select PAX |
1957 |
-+ select PAX_EI_PAX |
1958 |
-+ select PAX_PT_PAX_FLAGS |
1959 |
-+ select PAX_HAVE_ACL_FLAGS |
1960 |
-+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) |
1961 |
-+ select GRKERNSEC_CHROOT |
1962 |
-+ select GRKERNSEC_CHROOT_SYSCTL |
1963 |
-+ select GRKERNSEC_LINK |
1964 |
-+ select GRKERNSEC_FIFO |
1965 |
-+ select GRKERNSEC_DMESG |
1966 |
-+ select GRKERNSEC_RANDNET |
1967 |
-+ select GRKERNSEC_FORKFAIL |
1968 |
-+ select GRKERNSEC_TIME |
1969 |
-+ select GRKERNSEC_SIGNAL |
1970 |
-+ select GRKERNSEC_CHROOT |
1971 |
-+ select GRKERNSEC_CHROOT_UNIX |
1972 |
-+ select GRKERNSEC_CHROOT_MOUNT |
1973 |
-+ select GRKERNSEC_CHROOT_PIVOT |
1974 |
-+ select GRKERNSEC_CHROOT_DOUBLE |
1975 |
-+ select GRKERNSEC_CHROOT_CHDIR |
1976 |
-+ select GRKERNSEC_CHROOT_MKNOD |
1977 |
-+ select GRKERNSEC_PROC |
1978 |
-+ select GRKERNSEC_PROC_USERGROUP |
1979 |
-+ select PAX_RANDUSTACK |
1980 |
-+ select PAX_ASLR |
1981 |
-+ select PAX_RANDMMAP |
1982 |
-+ select PAX_REFCOUNT if (X86 || SPARC64) |
1983 |
-+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB)) |
1984 |
-+ |
1985 |
-+ help |
1986 |
-+ If you say Y here, several features in addition to those included |
1987 |
-+ in the low additional security level will be enabled. These |
1988 |
-+ features provide even more security to your system, though in rare |
1989 |
-+ cases they may be incompatible with very old or poorly written |
1990 |
-+ software. If you enable this option, make sure that your auth |
1991 |
-+ service (identd) is running as gid 1001. With this option, |
1992 |
-+ the following features (in addition to those provided in the |
1993 |
-+ low additional security level) will be enabled: |
1994 |
-+ |
1995 |
-+ - Failed fork logging |
1996 |
-+ - Time change logging |
1997 |
-+ - Signal logging |
1998 |
-+ - Deny mounts in chroot |
1999 |
-+ - Deny double chrooting |
2000 |
-+ - Deny sysctl writes in chroot |
2001 |
-+ - Deny mknod in chroot |
2002 |
-+ - Deny access to abstract AF_UNIX sockets out of chroot |
2003 |
-+ - Deny pivot_root in chroot |
2004 |
-+ - Denied reads/writes of /dev/kmem, /dev/mem, and /dev/port |
2005 |
-+ - /proc restrictions with special GID set to 10 (usually wheel) |
2006 |
-+ - Address Space Layout Randomization (ASLR) |
2007 |
-+ - Prevent exploitation of most refcount overflows |
2008 |
-+ - Bounds checking of copying between the kernel and userland |
2009 |
-+ |
2010 |
-+config GRKERNSEC_HIGH |
2011 |
-+ bool "High" |
2012 |
-+ select GRKERNSEC_LINK |
2013 |
-+ select GRKERNSEC_FIFO |
2014 |
-+ select GRKERNSEC_DMESG |
2015 |
-+ select GRKERNSEC_FORKFAIL |
2016 |
-+ select GRKERNSEC_TIME |
2017 |
-+ select GRKERNSEC_SIGNAL |
2018 |
-+ select GRKERNSEC_CHROOT |
2019 |
-+ select GRKERNSEC_CHROOT_SHMAT |
2020 |
-+ select GRKERNSEC_CHROOT_UNIX |
2021 |
-+ select GRKERNSEC_CHROOT_MOUNT |
2022 |
-+ select GRKERNSEC_CHROOT_FCHDIR |
2023 |
-+ select GRKERNSEC_CHROOT_PIVOT |
2024 |
-+ select GRKERNSEC_CHROOT_DOUBLE |
2025 |
-+ select GRKERNSEC_CHROOT_CHDIR |
2026 |
-+ select GRKERNSEC_CHROOT_MKNOD |
2027 |
-+ select GRKERNSEC_CHROOT_CAPS |
2028 |
-+ select GRKERNSEC_CHROOT_SYSCTL |
2029 |
-+ select GRKERNSEC_CHROOT_FINDTASK |
2030 |
-+ select GRKERNSEC_SYSFS_RESTRICT |
2031 |
-+ select GRKERNSEC_PROC |
2032 |
-+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) |
2033 |
-+ select GRKERNSEC_HIDESYM |
2034 |
-+ select GRKERNSEC_BRUTE |
2035 |
-+ select GRKERNSEC_PROC_USERGROUP |
2036 |
-+ select GRKERNSEC_KMEM |
2037 |
-+ select GRKERNSEC_RESLOG |
2038 |
-+ select GRKERNSEC_RANDNET |
2039 |
-+ select GRKERNSEC_PROC_ADD |
2040 |
-+ select GRKERNSEC_CHROOT_CHMOD |
2041 |
-+ select GRKERNSEC_CHROOT_NICE |
2042 |
-+ select GRKERNSEC_SETXID if (X86 || SPARC64 || PPC || ARM || MIPS) |
2043 |
-+ select GRKERNSEC_AUDIT_MOUNT |
2044 |
-+ select GRKERNSEC_MODHARDEN if (MODULES) |
2045 |
-+ select GRKERNSEC_HARDEN_PTRACE |
2046 |
-+ select GRKERNSEC_PTRACE_READEXEC |
2047 |
-+ select GRKERNSEC_VM86 if (X86_32) |
2048 |
-+ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC) |
2049 |
-+ select PAX |
2050 |
-+ select PAX_RANDUSTACK |
2051 |
-+ select PAX_ASLR |
2052 |
-+ select PAX_RANDMMAP |
2053 |
-+ select PAX_NOEXEC |
2054 |
-+ select PAX_MPROTECT |
2055 |
-+ select PAX_EI_PAX |
2056 |
-+ select PAX_PT_PAX_FLAGS |
2057 |
-+ select PAX_HAVE_ACL_FLAGS |
2058 |
-+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN) |
2059 |
-+ select PAX_MEMORY_UDEREF if (X86 && !XEN) |
2060 |
-+ select PAX_RANDKSTACK if (X86_TSC && X86) |
2061 |
-+ select PAX_SEGMEXEC if (X86_32) |
2062 |
-+ select PAX_PAGEEXEC |
2063 |
-+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC) |
2064 |
-+ select PAX_EMUTRAMP if (PARISC) |
2065 |
-+ select PAX_EMUSIGRT if (PARISC) |
2066 |
-+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) |
2067 |
-+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) |
2068 |
-+ select PAX_REFCOUNT if (X86 || SPARC64) |
2069 |
-+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB)) |
2070 |
-+ help |
2071 |
-+ If you say Y here, many of the features of grsecurity will be |
2072 |
-+ enabled, which will protect you against many kinds of attacks |
2073 |
-+ against your system. The heightened security comes at a cost |
2074 |
-+ of an increased chance of incompatibilities with rare software |
2075 |
-+ on your machine. Since this security level enables PaX, you should |
2076 |
-+ view <http://pax.grsecurity.net> and read about the PaX |
2077 |
-+ project. While you are there, download chpax and run it on |
2078 |
-+ binaries that cause problems with PaX. Also remember that |
2079 |
-+ since the /proc restrictions are enabled, you must run your |
2080 |
-+ identd as gid 1001. This security level enables the following |
2081 |
-+ features in addition to those listed in the low and medium |
2082 |
-+ security levels: |
2083 |
-+ |
2084 |
-+ - Additional /proc restrictions |
2085 |
-+ - Chmod restrictions in chroot |
2086 |
-+ - No signals, ptrace, or viewing of processes outside of chroot |
2087 |
-+ - Capability restrictions in chroot |
2088 |
-+ - Deny fchdir out of chroot |
2089 |
-+ - Priority restrictions in chroot |
2090 |
-+ - Segmentation-based implementation of PaX |
2091 |
-+ - Mprotect restrictions |
2092 |
-+ - Removal of addresses from /proc/<pid>/[smaps|maps|stat] |
2093 |
-+ - Kernel stack randomization |
2094 |
-+ - Mount/unmount/remount logging |
2095 |
-+ - Kernel symbol hiding |
2096 |
-+ - Hardening of module auto-loading |
2097 |
-+ - Ptrace restrictions |
2098 |
-+ - Restricted vm86 mode |
2099 |
-+ - Restricted sysfs/debugfs |
2100 |
-+ - Active kernel exploit response |
2101 |
-+ |
2102 |
-+config GRKERNSEC_CUSTOM |
2103 |
-+ bool "Custom" |
2104 |
-+ help |
2105 |
-+ If you say Y here, you will be able to configure every grsecurity |
2106 |
-+ option, which allows you to enable many more features that aren't |
2107 |
-+ covered in the basic security levels. These additional features |
2108 |
-+ include TPE, socket restrictions, and the sysctl system for |
2109 |
-+ grsecurity. It is advised that you read through the help for |
2110 |
-+ each option to determine its usefulness in your situation. |
2111 |
-+ |
2112 |
-+endchoice |
2113 |
-+ |
2114 |
+menu "Memory Protections" |
2115 |
+depends on GRKERNSEC |
2116 |
+ |
2117 |
+config GRKERNSEC_KMEM |
2118 |
+ bool "Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port" |
2119 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2120 |
+ select STRICT_DEVMEM if (X86 || ARM || TILE || S390) |
2121 |
+ help |
2122 |
+ If you say Y here, /dev/kmem and /dev/mem won't be allowed to |
2123 |
@@ -74647,6 +75735,7 @@ index 0000000..5be91c0 |
2124 |
+ |
2125 |
+config GRKERNSEC_VM86 |
2126 |
+ bool "Restrict VM86 mode" |
2127 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER) |
2128 |
+ depends on X86_32 |
2129 |
+ |
2130 |
+ help |
2131 |
@@ -74660,6 +75749,7 @@ index 0000000..5be91c0 |
2132 |
+ |
2133 |
+config GRKERNSEC_IO |
2134 |
+ bool "Disable privileged I/O" |
2135 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER) |
2136 |
+ depends on X86 |
2137 |
+ select RTC_CLASS |
2138 |
+ select RTC_INTF_DEV |
2139 |
@@ -74679,7 +75769,7 @@ index 0000000..5be91c0 |
2140 |
+ |
2141 |
+config GRKERNSEC_PROC_MEMMAP |
2142 |
+ bool "Harden ASLR against information leaks and entropy reduction" |
2143 |
-+ default y if (PAX_NOEXEC || PAX_ASLR) |
2144 |
++ default y if (GRKERNSEC_CONFIG_AUTO || PAX_NOEXEC || PAX_ASLR) |
2145 |
+ depends on PAX_NOEXEC || PAX_ASLR |
2146 |
+ help |
2147 |
+ If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will |
2148 |
@@ -74699,6 +75789,7 @@ index 0000000..5be91c0 |
2149 |
+ |
2150 |
+config GRKERNSEC_BRUTE |
2151 |
+ bool "Deter exploit bruteforcing" |
2152 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2153 |
+ help |
2154 |
+ If you say Y here, attempts to bruteforce exploits against forking |
2155 |
+ daemons such as apache or sshd, as well as against suid/sgid binaries |
2156 |
@@ -74718,6 +75809,7 @@ index 0000000..5be91c0 |
2157 |
+ |
2158 |
+config GRKERNSEC_MODHARDEN |
2159 |
+ bool "Harden module auto-loading" |
2160 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2161 |
+ depends on MODULES |
2162 |
+ help |
2163 |
+ If you say Y here, module auto-loading in response to use of some |
2164 |
@@ -74739,6 +75831,7 @@ index 0000000..5be91c0 |
2165 |
+ |
2166 |
+config GRKERNSEC_HIDESYM |
2167 |
+ bool "Hide kernel symbols" |
2168 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2169 |
+ help |
2170 |
+ If you say Y here, getting information on loaded modules, and |
2171 |
+ displaying all kernel symbols through a syscall will be restricted |
2172 |
@@ -74764,11 +75857,12 @@ index 0000000..5be91c0 |
2173 |
+ |
2174 |
+config GRKERNSEC_KERN_LOCKOUT |
2175 |
+ bool "Active kernel exploit response" |
2176 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2177 |
+ depends on X86 || ARM || PPC || SPARC |
2178 |
+ help |
2179 |
+ If you say Y here, when a PaX alert is triggered due to suspicious |
2180 |
+ activity in the kernel (from KERNEXEC/UDEREF/USERCOPY) |
2181 |
-+ or an OOPs occurs due to bad memory accesses, instead of just |
2182 |
++ or an OOPS occurs due to bad memory accesses, instead of just |
2183 |
+ terminating the offending process (and potentially allowing |
2184 |
+ a subsequent exploit from the same user), we will take one of two |
2185 |
+ actions: |
2186 |
@@ -74827,6 +75921,7 @@ index 0000000..5be91c0 |
2187 |
+ |
2188 |
+config GRKERNSEC_PROC |
2189 |
+ bool "Proc restrictions" |
2190 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2191 |
+ help |
2192 |
+ If you say Y here, the permissions of the /proc filesystem |
2193 |
+ will be altered to enhance system security and privacy. You MUST |
2194 |
@@ -74848,6 +75943,7 @@ index 0000000..5be91c0 |
2195 |
+ |
2196 |
+config GRKERNSEC_PROC_USERGROUP |
2197 |
+ bool "Allow special group" |
2198 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2199 |
+ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER |
2200 |
+ help |
2201 |
+ If you say Y here, you will be able to select a group that will be |
2202 |
@@ -74863,6 +75959,7 @@ index 0000000..5be91c0 |
2203 |
+ |
2204 |
+config GRKERNSEC_PROC_ADD |
2205 |
+ bool "Additional restrictions" |
2206 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2207 |
+ depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP |
2208 |
+ help |
2209 |
+ If you say Y here, additional restrictions will be placed on |
2210 |
@@ -74871,6 +75968,7 @@ index 0000000..5be91c0 |
2211 |
+ |
2212 |
+config GRKERNSEC_LINK |
2213 |
+ bool "Linking restrictions" |
2214 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2215 |
+ help |
2216 |
+ If you say Y here, /tmp race exploits will be prevented, since users |
2217 |
+ will no longer be able to follow symlinks owned by other users in |
2218 |
@@ -74879,8 +75977,34 @@ index 0000000..5be91c0 |
2219 |
+ able to hardlink to files they do not own. If the sysctl option is |
2220 |
+ enabled, a sysctl option with name "linking_restrictions" is created. |
2221 |
+ |
2222 |
++config GRKERNSEC_SYMLINKOWN |
2223 |
++ bool "Kernel-enforced SymlinksIfOwnerMatch" |
2224 |
++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER |
2225 |
++ help |
2226 |
++ Apache's SymlinksIfOwnerMatch option has an inherent race condition |
2227 |
++ that prevents it from being used as a security feature. As Apache |
2228 |
++ verifies the symlink by performing a stat() against the target of |
2229 |
++ the symlink before it is followed, an attacker can setup a symlink |
2230 |
++ to point to a same-owned file, then replace the symlink with one |
2231 |
++ that targets another user's file just after Apache "validates" the |
2232 |
++ symlink -- a classic TOCTOU race. If you say Y here, a complete, |
2233 |
++ race-free replacement for Apache's "SymlinksIfOwnerMatch" option |
2234 |
++ will be in place for the group you specify. If the sysctl option |
2235 |
++ is enabled, a sysctl option with name "enforce_symlinksifowner" is |
2236 |
++ created. |
2237 |
++ |
2238 |
++config GRKERNSEC_SYMLINKOWN_GID |
2239 |
++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch" |
2240 |
++ depends on GRKERNSEC_SYMLINKOWN |
2241 |
++ default 1006 |
2242 |
++ help |
2243 |
++ Setting this GID determines what group kernel-enforced |
2244 |
++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option |
2245 |
++ is enabled, a sysctl option with name "symlinkown_gid" is created. |
2246 |
++ |
2247 |
+config GRKERNSEC_FIFO |
2248 |
+ bool "FIFO restrictions" |
2249 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2250 |
+ help |
2251 |
+ If you say Y here, users will not be able to write to FIFOs they don't |
2252 |
+ own in world-writable +t directories (e.g. /tmp), unless the owner of |
2253 |
@@ -74890,6 +76014,7 @@ index 0000000..5be91c0 |
2254 |
+ |
2255 |
+config GRKERNSEC_SYSFS_RESTRICT |
2256 |
+ bool "Sysfs/debugfs restriction" |
2257 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER) |
2258 |
+ depends on SYSFS |
2259 |
+ help |
2260 |
+ If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and |
2261 |
@@ -74923,6 +76048,7 @@ index 0000000..5be91c0 |
2262 |
+ |
2263 |
+config GRKERNSEC_CHROOT |
2264 |
+ bool "Chroot jail restrictions" |
2265 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2266 |
+ help |
2267 |
+ If you say Y here, you will be able to choose several options that will |
2268 |
+ make breaking out of a chrooted jail much more difficult. If you |
2269 |
@@ -74931,6 +76057,7 @@ index 0000000..5be91c0 |
2270 |
+ |
2271 |
+config GRKERNSEC_CHROOT_MOUNT |
2272 |
+ bool "Deny mounts" |
2273 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2274 |
+ depends on GRKERNSEC_CHROOT |
2275 |
+ help |
2276 |
+ If you say Y here, processes inside a chroot will not be able to |
2277 |
@@ -74939,6 +76066,7 @@ index 0000000..5be91c0 |
2278 |
+ |
2279 |
+config GRKERNSEC_CHROOT_DOUBLE |
2280 |
+ bool "Deny double-chroots" |
2281 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2282 |
+ depends on GRKERNSEC_CHROOT |
2283 |
+ help |
2284 |
+ If you say Y here, processes inside a chroot will not be able to chroot |
2285 |
@@ -74949,6 +76077,7 @@ index 0000000..5be91c0 |
2286 |
+ |
2287 |
+config GRKERNSEC_CHROOT_PIVOT |
2288 |
+ bool "Deny pivot_root in chroot" |
2289 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2290 |
+ depends on GRKERNSEC_CHROOT |
2291 |
+ help |
2292 |
+ If you say Y here, processes inside a chroot will not be able to use |
2293 |
@@ -74961,6 +76090,7 @@ index 0000000..5be91c0 |
2294 |
+ |
2295 |
+config GRKERNSEC_CHROOT_CHDIR |
2296 |
+ bool "Enforce chdir(\"/\") on all chroots" |
2297 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2298 |
+ depends on GRKERNSEC_CHROOT |
2299 |
+ help |
2300 |
+ If you say Y here, the current working directory of all newly-chrooted |
2301 |
@@ -74977,6 +76107,7 @@ index 0000000..5be91c0 |
2302 |
+ |
2303 |
+config GRKERNSEC_CHROOT_CHMOD |
2304 |
+ bool "Deny (f)chmod +s" |
2305 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2306 |
+ depends on GRKERNSEC_CHROOT |
2307 |
+ help |
2308 |
+ If you say Y here, processes inside a chroot will not be able to chmod |
2309 |
@@ -74987,6 +76118,7 @@ index 0000000..5be91c0 |
2310 |
+ |
2311 |
+config GRKERNSEC_CHROOT_FCHDIR |
2312 |
+ bool "Deny fchdir out of chroot" |
2313 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2314 |
+ depends on GRKERNSEC_CHROOT |
2315 |
+ help |
2316 |
+ If you say Y here, a well-known method of breaking chroots by fchdir'ing |
2317 |
@@ -74996,6 +76128,7 @@ index 0000000..5be91c0 |
2318 |
+ |
2319 |
+config GRKERNSEC_CHROOT_MKNOD |
2320 |
+ bool "Deny mknod" |
2321 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2322 |
+ depends on GRKERNSEC_CHROOT |
2323 |
+ help |
2324 |
+ If you say Y here, processes inside a chroot will not be allowed to |
2325 |
@@ -75010,6 +76143,7 @@ index 0000000..5be91c0 |
2326 |
+ |
2327 |
+config GRKERNSEC_CHROOT_SHMAT |
2328 |
+ bool "Deny shmat() out of chroot" |
2329 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2330 |
+ depends on GRKERNSEC_CHROOT |
2331 |
+ help |
2332 |
+ If you say Y here, processes inside a chroot will not be able to attach |
2333 |
@@ -75019,6 +76153,7 @@ index 0000000..5be91c0 |
2334 |
+ |
2335 |
+config GRKERNSEC_CHROOT_UNIX |
2336 |
+ bool "Deny access to abstract AF_UNIX sockets out of chroot" |
2337 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2338 |
+ depends on GRKERNSEC_CHROOT |
2339 |
+ help |
2340 |
+ If you say Y here, processes inside a chroot will not be able to |
2341 |
@@ -75029,6 +76164,7 @@ index 0000000..5be91c0 |
2342 |
+ |
2343 |
+config GRKERNSEC_CHROOT_FINDTASK |
2344 |
+ bool "Protect outside processes" |
2345 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2346 |
+ depends on GRKERNSEC_CHROOT |
2347 |
+ help |
2348 |
+ If you say Y here, processes inside a chroot will not be able to |
2349 |
@@ -75039,6 +76175,7 @@ index 0000000..5be91c0 |
2350 |
+ |
2351 |
+config GRKERNSEC_CHROOT_NICE |
2352 |
+ bool "Restrict priority changes" |
2353 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2354 |
+ depends on GRKERNSEC_CHROOT |
2355 |
+ help |
2356 |
+ If you say Y here, processes inside a chroot will not be able to raise |
2357 |
@@ -75050,6 +76187,7 @@ index 0000000..5be91c0 |
2358 |
+ |
2359 |
+config GRKERNSEC_CHROOT_SYSCTL |
2360 |
+ bool "Deny sysctl writes" |
2361 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2362 |
+ depends on GRKERNSEC_CHROOT |
2363 |
+ help |
2364 |
+ If you say Y here, an attacker in a chroot will not be able to |
2365 |
@@ -75060,6 +76198,7 @@ index 0000000..5be91c0 |
2366 |
+ |
2367 |
+config GRKERNSEC_CHROOT_CAPS |
2368 |
+ bool "Capability restrictions" |
2369 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2370 |
+ depends on GRKERNSEC_CHROOT |
2371 |
+ help |
2372 |
+ If you say Y here, the capabilities on all processes within a |
2373 |
@@ -75102,6 +76241,7 @@ index 0000000..5be91c0 |
2374 |
+ |
2375 |
+config GRKERNSEC_RESLOG |
2376 |
+ bool "Resource logging" |
2377 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2378 |
+ help |
2379 |
+ If you say Y here, all attempts to overstep resource limits will |
2380 |
+ be logged with the resource name, the requested size, and the current |
2381 |
@@ -75140,6 +76280,7 @@ index 0000000..5be91c0 |
2382 |
+ |
2383 |
+config GRKERNSEC_SIGNAL |
2384 |
+ bool "Signal logging" |
2385 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2386 |
+ help |
2387 |
+ If you say Y here, certain important signals will be logged, such as |
2388 |
+ SIGSEGV, which will as a result inform you of when a error in a program |
2389 |
@@ -75157,6 +76298,7 @@ index 0000000..5be91c0 |
2390 |
+ |
2391 |
+config GRKERNSEC_TIME |
2392 |
+ bool "Time change logging" |
2393 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2394 |
+ help |
2395 |
+ If you say Y here, any changes of the system clock will be logged. |
2396 |
+ If the sysctl option is enabled, a sysctl option with name |
2397 |
@@ -75164,6 +76306,7 @@ index 0000000..5be91c0 |
2398 |
+ |
2399 |
+config GRKERNSEC_PROC_IPADDR |
2400 |
+ bool "/proc/<pid>/ipaddr support" |
2401 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2402 |
+ help |
2403 |
+ If you say Y here, a new entry will be added to each /proc/<pid> |
2404 |
+ directory that contains the IP address of the person using the task. |
2405 |
@@ -75175,6 +76318,7 @@ index 0000000..5be91c0 |
2406 |
+ |
2407 |
+config GRKERNSEC_RWXMAP_LOG |
2408 |
+ bool 'Denied RWX mmap/mprotect logging' |
2409 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2410 |
+ depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT |
2411 |
+ help |
2412 |
+ If you say Y here, calls to mmap() and mprotect() with explicit |
2413 |
@@ -75203,6 +76347,7 @@ index 0000000..5be91c0 |
2414 |
+ |
2415 |
+config GRKERNSEC_DMESG |
2416 |
+ bool "Dmesg(8) restriction" |
2417 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2418 |
+ help |
2419 |
+ If you say Y here, non-root users will not be able to use dmesg(8) |
2420 |
+ to view up to the last 4kb of messages in the kernel's log buffer. |
2421 |
@@ -75214,6 +76359,7 @@ index 0000000..5be91c0 |
2422 |
+ |
2423 |
+config GRKERNSEC_HARDEN_PTRACE |
2424 |
+ bool "Deter ptrace-based process snooping" |
2425 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2426 |
+ help |
2427 |
+ If you say Y here, TTY sniffers and other malicious monitoring |
2428 |
+ programs implemented through ptrace will be defeated. If you |
2429 |
@@ -75230,6 +76376,7 @@ index 0000000..5be91c0 |
2430 |
+ |
2431 |
+config GRKERNSEC_PTRACE_READEXEC |
2432 |
+ bool "Require read access to ptrace sensitive binaries" |
2433 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2434 |
+ help |
2435 |
+ If you say Y here, unprivileged users will not be able to ptrace unreadable |
2436 |
+ binaries. This option is useful in environments that |
2437 |
@@ -75243,6 +76390,7 @@ index 0000000..5be91c0 |
2438 |
+ |
2439 |
+config GRKERNSEC_SETXID |
2440 |
+ bool "Enforce consistent multithreaded privileges" |
2441 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2442 |
+ depends on (X86 || SPARC64 || PPC || ARM || MIPS) |
2443 |
+ help |
2444 |
+ If you say Y here, a change from a root uid to a non-root uid |
2445 |
@@ -75257,6 +76405,7 @@ index 0000000..5be91c0 |
2446 |
+ |
2447 |
+config GRKERNSEC_TPE |
2448 |
+ bool "Trusted Path Execution (TPE)" |
2449 |
++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER |
2450 |
+ help |
2451 |
+ If you say Y here, you will be able to choose a gid to add to the |
2452 |
+ supplementary groups of users you want to mark as "untrusted." |
2453 |
@@ -75313,6 +76462,7 @@ index 0000000..5be91c0 |
2454 |
+ |
2455 |
+config GRKERNSEC_RANDNET |
2456 |
+ bool "Larger entropy pools" |
2457 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2458 |
+ help |
2459 |
+ If you say Y here, the entropy pools used for many features of Linux |
2460 |
+ and grsecurity will be doubled in size. Since several grsecurity |
2461 |
@@ -75322,6 +76472,7 @@ index 0000000..5be91c0 |
2462 |
+ |
2463 |
+config GRKERNSEC_BLACKHOLE |
2464 |
+ bool "TCP/UDP blackhole and LAST_ACK DoS prevention" |
2465 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2466 |
+ depends on NET |
2467 |
+ help |
2468 |
+ If you say Y here, neither TCP resets nor ICMP |
2469 |
@@ -75421,11 +76572,12 @@ index 0000000..5be91c0 |
2470 |
+ option with name "socket_server_gid" is created. |
2471 |
+ |
2472 |
+endmenu |
2473 |
-+menu "Sysctl support" |
2474 |
++menu "Sysctl Support" |
2475 |
+depends on GRKERNSEC && SYSCTL |
2476 |
+ |
2477 |
+config GRKERNSEC_SYSCTL |
2478 |
+ bool "Sysctl support" |
2479 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2480 |
+ help |
2481 |
+ If you say Y here, you will be able to change the options that |
2482 |
+ grsecurity runs with at bootup, without having to recompile your |
2483 |
@@ -75456,6 +76608,7 @@ index 0000000..5be91c0 |
2484 |
+ |
2485 |
+config GRKERNSEC_SYSCTL_ON |
2486 |
+ bool "Turn on features by default" |
2487 |
++ default y if GRKERNSEC_CONFIG_AUTO |
2488 |
+ depends on GRKERNSEC_SYSCTL |
2489 |
+ help |
2490 |
+ If you say Y here, instead of having all features enabled in the |
2491 |
@@ -75491,8 +76644,6 @@ index 0000000..5be91c0 |
2492 |
+ raise this value. |
2493 |
+ |
2494 |
+endmenu |
2495 |
-+ |
2496 |
-+endmenu |
2497 |
diff --git a/grsecurity/Makefile b/grsecurity/Makefile |
2498 |
new file mode 100644 |
2499 |
index 0000000..1b9afa9 |
2500 |
@@ -82522,10 +83673,10 @@ index 0000000..8ca18bf |
2501 |
+} |
2502 |
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c |
2503 |
new file mode 100644 |
2504 |
-index 0000000..1e995d3 |
2505 |
+index 0000000..13e8574 |
2506 |
--- /dev/null |
2507 |
+++ b/grsecurity/grsec_init.c |
2508 |
-@@ -0,0 +1,278 @@ |
2509 |
+@@ -0,0 +1,284 @@ |
2510 |
+#include <linux/kernel.h> |
2511 |
+#include <linux/sched.h> |
2512 |
+#include <linux/mm.h> |
2513 |
@@ -82538,6 +83689,8 @@ index 0000000..1e995d3 |
2514 |
+ |
2515 |
+int grsec_enable_ptrace_readexec; |
2516 |
+int grsec_enable_setxid; |
2517 |
++int grsec_enable_symlinkown; |
2518 |
++int grsec_symlinkown_gid; |
2519 |
+int grsec_enable_brute; |
2520 |
+int grsec_enable_link; |
2521 |
+int grsec_enable_dmesg; |
2522 |
@@ -82781,6 +83934,10 @@ index 0000000..1e995d3 |
2523 |
+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL |
2524 |
+ grsec_enable_chroot_sysctl = 1; |
2525 |
+#endif |
2526 |
++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
2527 |
++ grsec_enable_symlinkown = 1; |
2528 |
++ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID; |
2529 |
++#endif |
2530 |
+#ifdef CONFIG_GRKERNSEC_TPE |
2531 |
+ grsec_enable_tpe = 1; |
2532 |
+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID; |
2533 |
@@ -82806,16 +83963,32 @@ index 0000000..1e995d3 |
2534 |
+} |
2535 |
diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c |
2536 |
new file mode 100644 |
2537 |
-index 0000000..3efe141 |
2538 |
+index 0000000..35a96d1 |
2539 |
--- /dev/null |
2540 |
+++ b/grsecurity/grsec_link.c |
2541 |
-@@ -0,0 +1,43 @@ |
2542 |
+@@ -0,0 +1,59 @@ |
2543 |
+#include <linux/kernel.h> |
2544 |
+#include <linux/sched.h> |
2545 |
+#include <linux/fs.h> |
2546 |
+#include <linux/file.h> |
2547 |
+#include <linux/grinternal.h> |
2548 |
+ |
2549 |
++int gr_handle_symlink_owner(const struct path *link, const struct inode *target) |
2550 |
++{ |
2551 |
++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
2552 |
++ const struct inode *link_inode = link->dentry->d_inode; |
2553 |
++ |
2554 |
++ if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) && |
2555 |
++ /* ignore root-owned links, e.g. /proc/self */ |
2556 |
++ link_inode->i_uid && |
2557 |
++ link_inode->i_uid != target->i_uid) { |
2558 |
++ gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid); |
2559 |
++ return 1; |
2560 |
++ } |
2561 |
++#endif |
2562 |
++ return 0; |
2563 |
++} |
2564 |
++ |
2565 |
+int |
2566 |
+gr_handle_follow_link(const struct inode *parent, |
2567 |
+ const struct inode *inode, |
2568 |
@@ -83868,10 +85041,10 @@ index 0000000..7512ea9 |
2569 |
+} |
2570 |
diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c |
2571 |
new file mode 100644 |
2572 |
-index 0000000..31f3258 |
2573 |
+index 0000000..f33decd |
2574 |
--- /dev/null |
2575 |
+++ b/grsecurity/grsec_sysctl.c |
2576 |
-@@ -0,0 +1,499 @@ |
2577 |
+@@ -0,0 +1,517 @@ |
2578 |
+#include <linux/kernel.h> |
2579 |
+#include <linux/sched.h> |
2580 |
+#include <linux/sysctl.h> |
2581 |
@@ -83919,6 +85092,24 @@ index 0000000..31f3258 |
2582 |
+ .proc_handler = &proc_dointvec, |
2583 |
+ }, |
2584 |
+#endif |
2585 |
++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
2586 |
++ { |
2587 |
++ .ctl_name = CTL_UNNUMBERED, |
2588 |
++ .procname = "enforce_symlinksifowner", |
2589 |
++ .data = &grsec_enable_symlinkown, |
2590 |
++ .maxlen = sizeof(int), |
2591 |
++ .mode = 0600, |
2592 |
++ .proc_handler = &proc_dointvec, |
2593 |
++ }, |
2594 |
++ { |
2595 |
++ .ctl_name = CTL_UNNUMBERED, |
2596 |
++ .procname = "symlinkown_gid", |
2597 |
++ .data = &grsec_symlinkown_gid, |
2598 |
++ .maxlen = sizeof(int), |
2599 |
++ .mode = 0600, |
2600 |
++ .proc_handler = &proc_dointvec, |
2601 |
++ }, |
2602 |
++#endif |
2603 |
+#ifdef CONFIG_GRKERNSEC_BRUTE |
2604 |
+ { |
2605 |
+ .ctl_name = CTL_UNNUMBERED, |
2606 |
@@ -85933,8 +87124,20 @@ index 90a4ed0..d652617 100644 |
2607 |
|
2608 |
#endif |
2609 |
|
2610 |
+diff --git a/include/linux/eventpoll.h b/include/linux/eventpoll.h |
2611 |
+index f6856a5..ca399c5 100644 |
2612 |
+--- a/include/linux/eventpoll.h |
2613 |
++++ b/include/linux/eventpoll.h |
2614 |
+@@ -61,6 +61,7 @@ struct file; |
2615 |
+ static inline void eventpoll_init_file(struct file *file) |
2616 |
+ { |
2617 |
+ INIT_LIST_HEAD(&file->f_ep_links); |
2618 |
++ INIT_LIST_HEAD(&file->f_tfile_llink); |
2619 |
+ } |
2620 |
+ |
2621 |
+ |
2622 |
diff --git a/include/linux/fs.h b/include/linux/fs.h |
2623 |
-index 1b9a47a..6fe2934 100644 |
2624 |
+index 1b9a47a..e17111d 100644 |
2625 |
--- a/include/linux/fs.h |
2626 |
+++ b/include/linux/fs.h |
2627 |
@@ -568,41 +568,41 @@ typedef int (*read_actor_t)(read_descriptor_t *, struct page *, |
2628 |
@@ -85996,7 +87199,15 @@ index 1b9a47a..6fe2934 100644 |
2629 |
}; |
2630 |
|
2631 |
/* |
2632 |
-@@ -1031,19 +1031,19 @@ static inline int file_check_writeable(struct file *filp) |
2633 |
+@@ -941,6 +941,7 @@ struct file { |
2634 |
+ #ifdef CONFIG_EPOLL |
2635 |
+ /* Used by fs/eventpoll.c to link all the hooks to this file */ |
2636 |
+ struct list_head f_ep_links; |
2637 |
++ struct list_head f_tfile_llink; |
2638 |
+ #endif /* #ifdef CONFIG_EPOLL */ |
2639 |
+ struct address_space *f_mapping; |
2640 |
+ #ifdef CONFIG_DEBUG_WRITECOUNT |
2641 |
+@@ -1031,19 +1032,19 @@ static inline int file_check_writeable(struct file *filp) |
2642 |
typedef struct files_struct *fl_owner_t; |
2643 |
|
2644 |
struct file_lock_operations { |
2645 |
@@ -86026,7 +87237,7 @@ index 1b9a47a..6fe2934 100644 |
2646 |
}; |
2647 |
|
2648 |
struct lock_manager { |
2649 |
-@@ -1442,7 +1442,7 @@ struct fiemap_extent_info { |
2650 |
+@@ -1442,7 +1443,7 @@ struct fiemap_extent_info { |
2651 |
unsigned int fi_flags; /* Flags as passed from user */ |
2652 |
unsigned int fi_extents_mapped; /* Number of mapped extents */ |
2653 |
unsigned int fi_extents_max; /* Size of fiemap_extent array */ |
2654 |
@@ -86035,7 +87246,7 @@ index 1b9a47a..6fe2934 100644 |
2655 |
* array */ |
2656 |
}; |
2657 |
int fiemap_fill_next_extent(struct fiemap_extent_info *info, u64 logical, |
2658 |
-@@ -1512,7 +1512,8 @@ struct file_operations { |
2659 |
+@@ -1512,7 +1513,8 @@ struct file_operations { |
2660 |
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); |
2661 |
ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); |
2662 |
int (*setlease)(struct file *, long, struct file_lock **); |
2663 |
@@ -86045,7 +87256,7 @@ index 1b9a47a..6fe2934 100644 |
2664 |
|
2665 |
struct inode_operations { |
2666 |
int (*create) (struct inode *,struct dentry *,int, struct nameidata *); |
2667 |
-@@ -1559,30 +1560,30 @@ extern ssize_t vfs_writev(struct file *, const struct iovec __user *, |
2668 |
+@@ -1559,30 +1561,30 @@ extern ssize_t vfs_writev(struct file *, const struct iovec __user *, |
2669 |
unsigned long, loff_t *); |
2670 |
|
2671 |
struct super_operations { |
2672 |
@@ -86658,10 +87869,10 @@ index 0000000..70d6cd5 |
2673 |
+#endif |
2674 |
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h |
2675 |
new file mode 100644 |
2676 |
-index 0000000..3826b91 |
2677 |
+index 0000000..3322652 |
2678 |
--- /dev/null |
2679 |
+++ b/include/linux/grinternal.h |
2680 |
-@@ -0,0 +1,219 @@ |
2681 |
+@@ -0,0 +1,221 @@ |
2682 |
+#ifndef __GRINTERNAL_H |
2683 |
+#define __GRINTERNAL_H |
2684 |
+ |
2685 |
@@ -86722,6 +87933,8 @@ index 0000000..3826b91 |
2686 |
+extern int grsec_enable_chroot_caps; |
2687 |
+extern int grsec_enable_chroot_sysctl; |
2688 |
+extern int grsec_enable_chroot_unix; |
2689 |
++extern int grsec_enable_symlinkown; |
2690 |
++extern int grsec_symlinkown_gid; |
2691 |
+extern int grsec_enable_tpe; |
2692 |
+extern int grsec_tpe_gid; |
2693 |
+extern int grsec_enable_tpe_all; |
2694 |
@@ -86883,10 +88096,10 @@ index 0000000..3826b91 |
2695 |
+#endif |
2696 |
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h |
2697 |
new file mode 100644 |
2698 |
-index 0000000..f885406 |
2699 |
+index 0000000..ac88734 |
2700 |
--- /dev/null |
2701 |
+++ b/include/linux/grmsg.h |
2702 |
-@@ -0,0 +1,109 @@ |
2703 |
+@@ -0,0 +1,110 @@ |
2704 |
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" |
2705 |
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" |
2706 |
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " |
2707 |
@@ -86996,12 +88209,13 @@ index 0000000..f885406 |
2708 |
+#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by " |
2709 |
+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by " |
2710 |
+#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by " |
2711 |
++#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by " |
2712 |
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h |
2713 |
new file mode 100644 |
2714 |
-index 0000000..c1793ae |
2715 |
+index 0000000..29ccfc4 |
2716 |
--- /dev/null |
2717 |
+++ b/include/linux/grsecurity.h |
2718 |
-@@ -0,0 +1,219 @@ |
2719 |
+@@ -0,0 +1,220 @@ |
2720 |
+#ifndef GR_SECURITY_H |
2721 |
+#define GR_SECURITY_H |
2722 |
+#include <linux/fs.h> |
2723 |
@@ -87173,6 +88387,7 @@ index 0000000..c1793ae |
2724 |
+ const struct vfsmount *parent_mnt, |
2725 |
+ const struct dentry *old_dentry, |
2726 |
+ const struct vfsmount *old_mnt, const char *to); |
2727 |
++int gr_handle_symlink_owner(const struct path *link, const struct inode *target); |
2728 |
+int gr_acl_handle_rename(struct dentry *new_dentry, |
2729 |
+ struct dentry *parent_dentry, |
2730 |
+ const struct vfsmount *parent_mnt, |
2731 |
@@ -88327,10 +89542,22 @@ index 7456d7d..6c1cfc9 100644 |
2732 |
static inline int ptrace_reparented(struct task_struct *child) |
2733 |
{ |
2734 |
diff --git a/include/linux/random.h b/include/linux/random.h |
2735 |
-index 2948046..3262567 100644 |
2736 |
+index 2948046..6fe7065 100644 |
2737 |
--- a/include/linux/random.h |
2738 |
+++ b/include/linux/random.h |
2739 |
-@@ -63,6 +63,11 @@ unsigned long randomize_range(unsigned long start, unsigned long end, unsigned l |
2740 |
+@@ -46,9 +46,10 @@ struct rand_pool_info { |
2741 |
+ |
2742 |
+ extern void rand_initialize_irq(int irq); |
2743 |
+ |
2744 |
++extern void add_device_randomness(const void *, unsigned int); |
2745 |
+ extern void add_input_randomness(unsigned int type, unsigned int code, |
2746 |
+ unsigned int value); |
2747 |
+-extern void add_interrupt_randomness(int irq); |
2748 |
++extern void add_interrupt_randomness(int irq, int irq_flags); |
2749 |
+ |
2750 |
+ extern void get_random_bytes(void *buf, int nbytes); |
2751 |
+ void generate_random_uuid(unsigned char uuid_out[16]); |
2752 |
+@@ -63,6 +64,24 @@ unsigned long randomize_range(unsigned long start, unsigned long end, unsigned l |
2753 |
u32 random32(void); |
2754 |
void srandom32(u32 seed); |
2755 |
|
2756 |
@@ -88339,6 +89566,19 @@ index 2948046..3262567 100644 |
2757 |
+ return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0); |
2758 |
+} |
2759 |
+ |
2760 |
++#ifdef CONFIG_ARCH_RANDOM |
2761 |
++# include <asm/archrandom.h> |
2762 |
++#else |
2763 |
++static inline int arch_get_random_long(unsigned long *v) |
2764 |
++{ |
2765 |
++ return 0; |
2766 |
++} |
2767 |
++static inline int arch_get_random_int(unsigned int *v) |
2768 |
++{ |
2769 |
++ return 0; |
2770 |
++} |
2771 |
++#endif |
2772 |
++ |
2773 |
#endif /* __KERNEL___ */ |
2774 |
|
2775 |
#endif /* _LINUX_RANDOM_H */ |
2776 |
@@ -89440,7 +90680,7 @@ index a8cc4e1..98d3b85 100644 |
2777 |
u32 flags; |
2778 |
u32 bitset; |
2779 |
diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h |
2780 |
-index 1eb44a9..f582df3 100644 |
2781 |
+index 1eb44a9..f582df31 100644 |
2782 |
--- a/include/linux/tracehook.h |
2783 |
+++ b/include/linux/tracehook.h |
2784 |
@@ -69,12 +69,12 @@ static inline int tracehook_expect_breakpoints(struct task_struct *task) |
2785 |
@@ -92140,6 +93380,38 @@ index a6e9d00..a0da4f9 100644 |
2786 |
{ |
2787 |
hrtimer_peek_ahead_timers(); |
2788 |
} |
2789 |
+diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c |
2790 |
+index 17c71bb..27fd0a6 100644 |
2791 |
+--- a/kernel/irq/handle.c |
2792 |
++++ b/kernel/irq/handle.c |
2793 |
+@@ -370,7 +370,7 @@ static void warn_no_thread(unsigned int irq, struct irqaction *action) |
2794 |
+ irqreturn_t handle_IRQ_event(unsigned int irq, struct irqaction *action) |
2795 |
+ { |
2796 |
+ irqreturn_t ret, retval = IRQ_NONE; |
2797 |
+- unsigned int status = 0; |
2798 |
++ unsigned int flags = 0; |
2799 |
+ |
2800 |
+ if (!(action->flags & IRQF_DISABLED)) |
2801 |
+ local_irq_enable_in_hardirq(); |
2802 |
+@@ -413,7 +413,7 @@ irqreturn_t handle_IRQ_event(unsigned int irq, struct irqaction *action) |
2803 |
+ |
2804 |
+ /* Fall through to add to randomness */ |
2805 |
+ case IRQ_HANDLED: |
2806 |
+- status |= action->flags; |
2807 |
++ flags |= action->flags; |
2808 |
+ break; |
2809 |
+ |
2810 |
+ default: |
2811 |
+@@ -424,8 +424,7 @@ irqreturn_t handle_IRQ_event(unsigned int irq, struct irqaction *action) |
2812 |
+ action = action->next; |
2813 |
+ } while (action); |
2814 |
+ |
2815 |
+- if (status & IRQF_SAMPLE_RANDOM) |
2816 |
+- add_interrupt_randomness(irq); |
2817 |
++ add_interrupt_randomness(irq, flags); |
2818 |
+ local_irq_disable(); |
2819 |
+ |
2820 |
+ return retval; |
2821 |
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c |
2822 |
index 8b6b8b6..6bc87df 100644 |
2823 |
--- a/kernel/kallsyms.c |
2824 |
@@ -96661,10 +97933,19 @@ index 9073695..1127f348 100644 |
2825 |
set_fs(old_fs); |
2826 |
|
2827 |
diff --git a/mm/madvise.c b/mm/madvise.c |
2828 |
-index 35b1479..499f7d4 100644 |
2829 |
+index 35b1479..d5de85b 100644 |
2830 |
--- a/mm/madvise.c |
2831 |
+++ b/mm/madvise.c |
2832 |
-@@ -44,6 +44,10 @@ static long madvise_behavior(struct vm_area_struct * vma, |
2833 |
+@@ -12,6 +12,8 @@ |
2834 |
+ #include <linux/hugetlb.h> |
2835 |
+ #include <linux/sched.h> |
2836 |
+ #include <linux/ksm.h> |
2837 |
++#include <linux/fs.h> |
2838 |
++#include <linux/file.h> |
2839 |
+ |
2840 |
+ /* |
2841 |
+ * Any behaviour which results in changes to the vma->vm_flags needs to |
2842 |
+@@ -44,6 +46,10 @@ static long madvise_behavior(struct vm_area_struct * vma, |
2843 |
pgoff_t pgoff; |
2844 |
unsigned long new_flags = vma->vm_flags; |
2845 |
|
2846 |
@@ -96675,7 +97956,7 @@ index 35b1479..499f7d4 100644 |
2847 |
switch (behavior) { |
2848 |
case MADV_NORMAL: |
2849 |
new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ; |
2850 |
-@@ -103,6 +107,13 @@ success: |
2851 |
+@@ -103,6 +109,13 @@ success: |
2852 |
/* |
2853 |
* vm_flags is protected by the mmap_sem held in write mode. |
2854 |
*/ |
2855 |
@@ -96689,7 +97970,7 @@ index 35b1479..499f7d4 100644 |
2856 |
vma->vm_flags = new_flags; |
2857 |
|
2858 |
out: |
2859 |
-@@ -161,6 +172,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
2860 |
+@@ -161,6 +174,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
2861 |
struct vm_area_struct ** prev, |
2862 |
unsigned long start, unsigned long end) |
2863 |
{ |
2864 |
@@ -96701,7 +97982,7 @@ index 35b1479..499f7d4 100644 |
2865 |
*prev = vma; |
2866 |
if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP)) |
2867 |
return -EINVAL; |
2868 |
-@@ -173,6 +189,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
2869 |
+@@ -173,6 +191,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
2870 |
zap_page_range(vma, start, end - start, &details); |
2871 |
} else |
2872 |
zap_page_range(vma, start, end - start, NULL); |
2873 |
@@ -96723,7 +98004,47 @@ index 35b1479..499f7d4 100644 |
2874 |
return 0; |
2875 |
} |
2876 |
|
2877 |
-@@ -359,6 +390,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) |
2878 |
+@@ -190,16 +223,17 @@ static long madvise_remove(struct vm_area_struct *vma, |
2879 |
+ struct address_space *mapping; |
2880 |
+ loff_t offset, endoff; |
2881 |
+ int error; |
2882 |
++ struct file *f; |
2883 |
+ |
2884 |
+ *prev = NULL; /* tell sys_madvise we drop mmap_sem */ |
2885 |
+ |
2886 |
+ if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB)) |
2887 |
+ return -EINVAL; |
2888 |
+ |
2889 |
+- if (!vma->vm_file || !vma->vm_file->f_mapping |
2890 |
+- || !vma->vm_file->f_mapping->host) { |
2891 |
+- return -EINVAL; |
2892 |
+- } |
2893 |
++ f = vma->vm_file; |
2894 |
++ |
2895 |
++ if (!f || !f->f_mapping || !f->f_mapping->host) |
2896 |
++ return -EINVAL; |
2897 |
+ |
2898 |
+ if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE)) |
2899 |
+ return -EACCES; |
2900 |
+@@ -211,10 +245,16 @@ static long madvise_remove(struct vm_area_struct *vma, |
2901 |
+ endoff = (loff_t)(end - vma->vm_start - 1) |
2902 |
+ + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); |
2903 |
+ |
2904 |
+- /* vmtruncate_range needs to take i_mutex and i_alloc_sem */ |
2905 |
++ /* vmtruncate_range needs to take i_mutex and i_alloc_sem. We need to |
2906 |
++ * explicitly grab a reference because the vma (and hence the |
2907 |
++ * vma's reference to the file) can go away as soon as we drop |
2908 |
++ * mmap_sem. |
2909 |
++ */ |
2910 |
++ get_file(f); |
2911 |
+ up_read(¤t->mm->mmap_sem); |
2912 |
+ error = vmtruncate_range(mapping->host, offset, endoff); |
2913 |
+ down_read(¤t->mm->mmap_sem); |
2914 |
++ fput(f); |
2915 |
+ return error; |
2916 |
+ } |
2917 |
+ |
2918 |
+@@ -359,6 +399,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) |
2919 |
if (end < start) |
2920 |
goto out; |
2921 |
|
2922 |
@@ -100961,7 +102282,7 @@ index 9559afc..ccd74e1 100644 |
2923 |
u32 interface, fmode, numsrc; |
2924 |
|
2925 |
diff --git a/net/core/dev.c b/net/core/dev.c |
2926 |
-index 84a0705..575db4c 100644 |
2927 |
+index 84a0705..fb849b8 100644 |
2928 |
--- a/net/core/dev.c |
2929 |
+++ b/net/core/dev.c |
2930 |
@@ -1047,10 +1047,14 @@ void dev_load(struct net *net, const char *name) |
2931 |
@@ -100979,7 +102300,19 @@ index 84a0705..575db4c 100644 |
2932 |
} |
2933 |
} |
2934 |
EXPORT_SYMBOL(dev_load); |
2935 |
-@@ -1654,7 +1658,7 @@ static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb) |
2936 |
+@@ -1129,10 +1133,7 @@ int dev_open(struct net_device *dev) |
2937 |
+ * Wakeup transmit queue engine |
2938 |
+ */ |
2939 |
+ dev_activate(dev); |
2940 |
+- |
2941 |
+- /* |
2942 |
+- * ... and announce new interface. |
2943 |
+- */ |
2944 |
++ add_device_randomness(dev->dev_addr, dev->addr_len); |
2945 |
+ call_netdevice_notifiers(NETDEV_UP, dev); |
2946 |
+ } |
2947 |
+ |
2948 |
+@@ -1654,7 +1655,7 @@ static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb) |
2949 |
|
2950 |
struct dev_gso_cb { |
2951 |
void (*destructor)(struct sk_buff *skb); |
2952 |
@@ -100988,7 +102321,7 @@ index 84a0705..575db4c 100644 |
2953 |
|
2954 |
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) |
2955 |
|
2956 |
-@@ -2063,7 +2067,7 @@ int netif_rx_ni(struct sk_buff *skb) |
2957 |
+@@ -2063,7 +2064,7 @@ int netif_rx_ni(struct sk_buff *skb) |
2958 |
} |
2959 |
EXPORT_SYMBOL(netif_rx_ni); |
2960 |
|
2961 |
@@ -100997,7 +102330,7 @@ index 84a0705..575db4c 100644 |
2962 |
{ |
2963 |
struct softnet_data *sd = &__get_cpu_var(softnet_data); |
2964 |
|
2965 |
-@@ -2827,7 +2831,7 @@ void netif_napi_del(struct napi_struct *napi) |
2966 |
+@@ -2827,7 +2828,7 @@ void netif_napi_del(struct napi_struct *napi) |
2967 |
EXPORT_SYMBOL(netif_napi_del); |
2968 |
|
2969 |
|
2970 |
@@ -101006,6 +102339,22 @@ index 84a0705..575db4c 100644 |
2971 |
{ |
2972 |
struct list_head *list = &__get_cpu_var(softnet_data).poll_list; |
2973 |
unsigned long time_limit = jiffies + 2; |
2974 |
+@@ -4268,6 +4269,7 @@ int dev_set_mac_address(struct net_device *dev, struct sockaddr *sa) |
2975 |
+ err = ops->ndo_set_mac_address(dev, sa); |
2976 |
+ if (!err) |
2977 |
+ call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); |
2978 |
++ add_device_randomness(dev->dev_addr, dev->addr_len); |
2979 |
+ return err; |
2980 |
+ } |
2981 |
+ EXPORT_SYMBOL(dev_set_mac_address); |
2982 |
+@@ -4871,6 +4873,7 @@ int register_netdevice(struct net_device *dev) |
2983 |
+ dev_init_scheduler(dev); |
2984 |
+ dev_hold(dev); |
2985 |
+ list_netdevice(dev); |
2986 |
++ add_device_randomness(dev->dev_addr, dev->addr_len); |
2987 |
+ |
2988 |
+ /* Notify protocols, that a new device appeared. */ |
2989 |
+ ret = call_netdevice_notifiers(NETDEV_REGISTER, dev); |
2990 |
diff --git a/net/core/flow.c b/net/core/flow.c |
2991 |
index 9601587..8c4824e 100644 |
2992 |
--- a/net/core/flow.c |
2993 |
@@ -101070,7 +102419,7 @@ index 9601587..8c4824e 100644 |
2994 |
if (!fle->object || fle->genid == genid) |
2995 |
continue; |
2996 |
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
2997 |
-index d4fd895..ac9b1e6 100644 |
2998 |
+index d4fd895..9adcdc5 100644 |
2999 |
--- a/net/core/rtnetlink.c |
3000 |
+++ b/net/core/rtnetlink.c |
3001 |
@@ -57,7 +57,7 @@ struct rtnl_link |
3002 |
@@ -101082,6 +102431,14 @@ index d4fd895..ac9b1e6 100644 |
3003 |
|
3004 |
static DEFINE_MUTEX(rtnl_mutex); |
3005 |
|
3006 |
+@@ -817,6 +817,7 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm, |
3007 |
+ goto errout; |
3008 |
+ send_addr_notify = 1; |
3009 |
+ modified = 1; |
3010 |
++ add_device_randomness(dev->dev_addr, dev->addr_len); |
3011 |
+ } |
3012 |
+ |
3013 |
+ if (tb[IFLA_MTU]) { |
3014 |
diff --git a/net/core/scm.c b/net/core/scm.c |
3015 |
index d98eafc..1a190a9 100644 |
3016 |
--- a/net/core/scm.c |
3017 |
@@ -104831,16 +106188,14 @@ index d52f7a0..b66cdd9 100755 |
3018 |
rm -f tags |
3019 |
xtags ctags |
3020 |
diff --git a/security/Kconfig b/security/Kconfig |
3021 |
-index fb363cd..c2c0a96 100644 |
3022 |
+index fb363cd..6ef754f 100644 |
3023 |
--- a/security/Kconfig |
3024 |
+++ b/security/Kconfig |
3025 |
-@@ -4,6 +4,634 @@ |
3026 |
+@@ -4,6 +4,854 @@ |
3027 |
|
3028 |
menu "Security options" |
3029 |
|
3030 |
-+source grsecurity/Kconfig |
3031 |
-+ |
3032 |
-+menu "PaX" |
3033 |
++menu "Grsecurity" |
3034 |
+ |
3035 |
+ config ARCH_TRACK_EXEC_LIMIT |
3036 |
+ bool |
3037 |
@@ -104861,8 +106216,205 @@ index fb363cd..c2c0a96 100644 |
3038 |
+ bool |
3039 |
+ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM)) |
3040 |
+ |
3041 |
++config GRKERNSEC |
3042 |
++ bool "Grsecurity" |
3043 |
++ select CRYPTO |
3044 |
++ select CRYPTO_SHA256 |
3045 |
++ help |
3046 |
++ If you say Y here, you will be able to configure many features |
3047 |
++ that will enhance the security of your system. It is highly |
3048 |
++ recommended that you say Y here and read through the help |
3049 |
++ for each option so that you fully understand the features and |
3050 |
++ can evaluate their usefulness for your machine. |
3051 |
++ |
3052 |
++choice |
3053 |
++ prompt "Configuration Method" |
3054 |
++ depends on GRKERNSEC |
3055 |
++ default GRKERNSEC_CONFIG_CUSTOM |
3056 |
++ help |
3057 |
++ |
3058 |
++config GRKERNSEC_CONFIG_AUTO |
3059 |
++ bool "Automatic" |
3060 |
++ help |
3061 |
++ If you choose this configuration method, you'll be able to answer a small |
3062 |
++ number of simple questions about how you plan to use this kernel. |
3063 |
++ The settings of grsecurity and PaX will be automatically configured for |
3064 |
++ the highest commonly-used settings within the provided constraints. |
3065 |
++ |
3066 |
++ If you require additional configuration, custom changes can still be made |
3067 |
++ from the "custom configuration" menu. |
3068 |
++ |
3069 |
++config GRKERNSEC_CONFIG_CUSTOM |
3070 |
++ bool "Custom" |
3071 |
++ help |
3072 |
++ If you choose this configuration method, you'll be able to configure all |
3073 |
++ grsecurity and PaX settings manually. Via this method, no options are |
3074 |
++ automatically enabled. |
3075 |
++ |
3076 |
++endchoice |
3077 |
++ |
3078 |
++choice |
3079 |
++ prompt "Usage Type" |
3080 |
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) |
3081 |
++ default GRKERNSEC_CONFIG_SERVER |
3082 |
++ help |
3083 |
++ |
3084 |
++config GRKERNSEC_CONFIG_SERVER |
3085 |
++ bool "Server" |
3086 |
++ help |
3087 |
++ Choose this option if you plan to use this kernel on a server. |
3088 |
++ |
3089 |
++config GRKERNSEC_CONFIG_DESKTOP |
3090 |
++ bool "Desktop" |
3091 |
++ help |
3092 |
++ Choose this option if you plan to use this kernel on a desktop. |
3093 |
++ |
3094 |
++endchoice |
3095 |
++ |
3096 |
++choice |
3097 |
++ prompt "Virtualization Type" |
3098 |
++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO) |
3099 |
++ default GRKERNSEC_CONFIG_VIRT_NONE |
3100 |
++ help |
3101 |
++ |
3102 |
++config GRKERNSEC_CONFIG_VIRT_NONE |
3103 |
++ bool "None" |
3104 |
++ help |
3105 |
++ Choose this option if this kernel will be run on bare metal. |
3106 |
++ |
3107 |
++config GRKERNSEC_CONFIG_VIRT_GUEST |
3108 |
++ bool "Guest" |
3109 |
++ help |
3110 |
++ Choose this option if this kernel will be run as a VM guest. |
3111 |
++ |
3112 |
++config GRKERNSEC_CONFIG_VIRT_HOST |
3113 |
++ bool "Host" |
3114 |
++ help |
3115 |
++ Choose this option if this kernel will be run as a VM host. |
3116 |
++ |
3117 |
++endchoice |
3118 |
++ |
3119 |
++choice |
3120 |
++ prompt "Virtualization Hardware" |
3121 |
++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) |
3122 |
++ help |
3123 |
++ |
3124 |
++config GRKERNSEC_CONFIG_VIRT_EPT |
3125 |
++ bool "EPT/RVI Processor Support" |
3126 |
++ depends on X86 |
3127 |
++ help |
3128 |
++ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen |
3129 |
++ hardware virtualization. This allows for additional kernel hardening protections |
3130 |
++ to operate without additional performance impact. |
3131 |
++ |
3132 |
++ To see if your Intel processor supports EPT, see: |
3133 |
++ http://ark.intel.com/Products/VirtualizationTechnology |
3134 |
++ (Most Core i3/5/7 support EPT) |
3135 |
++ |
3136 |
++ To see if your AMD processor supports RVI, see: |
3137 |
++ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx |
3138 |
++ |
3139 |
++config GRKERNSEC_CONFIG_VIRT_SOFT |
3140 |
++ bool "First-gen/No Hardware Virtualization" |
3141 |
++ help |
3142 |
++ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't |
3143 |
++ support hardware virtualization or doesn't support the EPT/RVI extensions. |
3144 |
++ |
3145 |
++endchoice |
3146 |
++ |
3147 |
++choice |
3148 |
++ prompt "Virtualization Software" |
3149 |
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) |
3150 |
++ help |
3151 |
++ |
3152 |
++config GRKERNSEC_CONFIG_VIRT_XEN |
3153 |
++ bool "Xen" |
3154 |
++ help |
3155 |
++ Choose this option if this kernel is running as a Xen guest or host. |
3156 |
++ |
3157 |
++config GRKERNSEC_CONFIG_VIRT_VMWARE |
3158 |
++ bool "VMWare" |
3159 |
++ help |
3160 |
++ Choose this option if this kernel is running as a VMWare guest or host. |
3161 |
++ |
3162 |
++config GRKERNSEC_CONFIG_VIRT_KVM |
3163 |
++ bool "KVM" |
3164 |
++ help |
3165 |
++ Choose this option if this kernel is running as a KVM guest or host. |
3166 |
++ |
3167 |
++config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX |
3168 |
++ bool "VirtualBox" |
3169 |
++ help |
3170 |
++ Choose this option if this kernel is running as a VirtualBox guest or host. |
3171 |
++ |
3172 |
++endchoice |
3173 |
++ |
3174 |
++choice |
3175 |
++ prompt "Required Priorities" |
3176 |
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) |
3177 |
++ default GRKERNSEC_CONFIG_PRIORITY_PERF |
3178 |
++ help |
3179 |
++ |
3180 |
++config GRKERNSEC_CONFIG_PRIORITY_PERF |
3181 |
++ bool "Performance" |
3182 |
++ help |
3183 |
++ Choose this option if performance is of highest priority for this deployment |
3184 |
++ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing, |
3185 |
++ and freed memory sanitizing will be disabled. |
3186 |
++ |
3187 |
++config GRKERNSEC_CONFIG_PRIORITY_SECURITY |
3188 |
++ bool "Security" |
3189 |
++ help |
3190 |
++ Choose this option if security is of highest priority for this deployment of |
3191 |
++ grsecurity. UDEREF, kernel stack clearing, and freed memory sanitizing will |
3192 |
++ be enabled for this kernel. In a worst-case scenario, these features can |
3193 |
++ introduce a 20% performance hit (UDEREF on x64 contributing half of this hit). |
3194 |
++ |
3195 |
++endchoice |
3196 |
++ |
3197 |
++menu "Default Special Groups" |
3198 |
++depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) |
3199 |
++ |
3200 |
++config GRKERNSEC_PROC_GID |
3201 |
++ int "GID exempted from /proc restrictions" |
3202 |
++ default 1001 |
3203 |
++ help |
3204 |
++ Setting this GID determines which group will be exempted from |
3205 |
++ grsecurity's /proc restrictions, allowing users of the specified |
3206 |
++ group to view network statistics and the existence of other users' |
3207 |
++ processes on the system. |
3208 |
++ |
3209 |
++config GRKERNSEC_TPE_GID |
3210 |
++ int "GID for untrusted users" |
3211 |
++ depends on GRKERNSEC_CONFIG_SERVER |
3212 |
++ default 1005 |
3213 |
++ help |
3214 |
++ Setting this GID determines which group untrusted users should |
3215 |
++ be added to. These users will be placed under grsecurity's Trusted Path |
3216 |
++ Execution mechanism, preventing them from executing their own binaries. |
3217 |
++ The users will only be able to execute binaries in directories owned and |
3218 |
++ writable only by the root user. |
3219 |
++ |
3220 |
++config GRKERNSEC_SYMLINKOWN_GID |
3221 |
++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch" |
3222 |
++ depends on GRKERNSEC_CONFIG_SERVER |
3223 |
++ default 1006 |
3224 |
++ help |
3225 |
++ Setting this GID determines what group kernel-enforced |
3226 |
++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option |
3227 |
++ is enabled, a sysctl option with name "symlinkown_gid" is created. |
3228 |
++ |
3229 |
++ |
3230 |
++endmenu |
3231 |
++ |
3232 |
++menu "Customize Configuration" |
3233 |
++depends on GRKERNSEC |
3234 |
++ |
3235 |
++menu "PaX" |
3236 |
++ |
3237 |
+config PAX |
3238 |
+ bool "Enable various PaX features" |
3239 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3240 |
+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86) |
3241 |
+ help |
3242 |
+ This allows you to enable various PaX features. PaX adds |
3243 |
@@ -104886,6 +106438,7 @@ index fb363cd..c2c0a96 100644 |
3244 |
+ |
3245 |
+config PAX_EI_PAX |
3246 |
+ bool 'Use legacy ELF header marking' |
3247 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3248 |
+ help |
3249 |
+ Enabling this option will allow you to control PaX features on |
3250 |
+ a per executable basis via the 'chpax' utility available at |
3251 |
@@ -104905,6 +106458,7 @@ index fb363cd..c2c0a96 100644 |
3252 |
+ |
3253 |
+config PAX_PT_PAX_FLAGS |
3254 |
+ bool 'Use ELF program header marking' |
3255 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3256 |
+ help |
3257 |
+ Enabling this option will allow you to control PaX features on |
3258 |
+ a per executable basis via the 'paxctl' utility available at |
3259 |
@@ -104926,6 +106480,7 @@ index fb363cd..c2c0a96 100644 |
3260 |
+ |
3261 |
+config PAX_XATTR_PAX_FLAGS |
3262 |
+ bool 'Use filesystem extended attributes marking' |
3263 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3264 |
+ select CIFS_XATTR if CIFS |
3265 |
+ select EXT2_FS_XATTR if EXT2_FS |
3266 |
+ select EXT3_FS_XATTR if EXT3_FS |
3267 |
@@ -104985,6 +106540,7 @@ index fb363cd..c2c0a96 100644 |
3268 |
+ |
3269 |
+config PAX_NOEXEC |
3270 |
+ bool "Enforce non-executable pages" |
3271 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3272 |
+ depends on ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 |
3273 |
+ help |
3274 |
+ By design some architectures do not allow for protecting memory |
3275 |
@@ -105013,6 +106569,7 @@ index fb363cd..c2c0a96 100644 |
3276 |
+ |
3277 |
+config PAX_PAGEEXEC |
3278 |
+ bool "Paging based non-executable pages" |
3279 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3280 |
+ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) |
3281 |
+ select S390_SWITCH_AMODE if S390 |
3282 |
+ select S390_EXEC_PROTECT if S390 |
3283 |
@@ -105035,6 +106592,7 @@ index fb363cd..c2c0a96 100644 |
3284 |
+ |
3285 |
+config PAX_SEGMEXEC |
3286 |
+ bool "Segmentation based non-executable pages" |
3287 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3288 |
+ depends on PAX_NOEXEC && X86_32 |
3289 |
+ help |
3290 |
+ This implementation is based on the segmentation feature of the |
3291 |
@@ -105101,6 +106659,7 @@ index fb363cd..c2c0a96 100644 |
3292 |
+ |
3293 |
+config PAX_MPROTECT |
3294 |
+ bool "Restrict mprotect()" |
3295 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3296 |
+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) |
3297 |
+ help |
3298 |
+ Enabling this option will prevent programs from |
3299 |
@@ -105118,8 +106677,8 @@ index fb363cd..c2c0a96 100644 |
3300 |
+ |
3301 |
+config PAX_MPROTECT_COMPAT |
3302 |
+ bool "Use legacy/compat protection demoting (read help)" |
3303 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) |
3304 |
+ depends on PAX_MPROTECT |
3305 |
-+ default n |
3306 |
+ help |
3307 |
+ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects |
3308 |
+ by sending the proper error code to the application. For some broken |
3309 |
@@ -105194,6 +106753,7 @@ index fb363cd..c2c0a96 100644 |
3310 |
+ |
3311 |
+config PAX_KERNEXEC |
3312 |
+ bool "Enforce non-executable kernel pages" |
3313 |
++ default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) |
3314 |
+ depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN |
3315 |
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) |
3316 |
+ select PAX_KERNEXEC_PLUGIN if X86_64 |
3317 |
@@ -105235,7 +106795,8 @@ index fb363cd..c2c0a96 100644 |
3318 |
+ |
3319 |
+config PAX_KERNEXEC_MODULE_TEXT |
3320 |
+ int "Minimum amount of memory reserved for module code" |
3321 |
-+ default "4" |
3322 |
++ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) |
3323 |
++ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) |
3324 |
+ depends on PAX_KERNEXEC && X86_32 && MODULES |
3325 |
+ help |
3326 |
+ Due to implementation details the kernel must reserve a fixed |
3327 |
@@ -105260,6 +106821,7 @@ index fb363cd..c2c0a96 100644 |
3328 |
+ |
3329 |
+config PAX_ASLR |
3330 |
+ bool "Address Space Layout Randomization" |
3331 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3332 |
+ help |
3333 |
+ Many if not most exploit techniques rely on the knowledge of |
3334 |
+ certain addresses in the attacked program. The following options |
3335 |
@@ -105289,6 +106851,7 @@ index fb363cd..c2c0a96 100644 |
3336 |
+ |
3337 |
+config PAX_RANDKSTACK |
3338 |
+ bool "Randomize kernel stack base" |
3339 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3340 |
+ depends on X86_TSC && X86 |
3341 |
+ help |
3342 |
+ By saying Y here the kernel will randomize every task's kernel |
3343 |
@@ -105303,6 +106866,7 @@ index fb363cd..c2c0a96 100644 |
3344 |
+ |
3345 |
+config PAX_RANDUSTACK |
3346 |
+ bool "Randomize user stack base" |
3347 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3348 |
+ depends on PAX_ASLR |
3349 |
+ help |
3350 |
+ By saying Y here the kernel will randomize every task's userland |
3351 |
@@ -105315,6 +106879,7 @@ index fb363cd..c2c0a96 100644 |
3352 |
+ |
3353 |
+config PAX_RANDMMAP |
3354 |
+ bool "Randomize mmap() base" |
3355 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3356 |
+ depends on PAX_ASLR |
3357 |
+ help |
3358 |
+ By saying Y here the kernel will use a randomized base address for |
3359 |
@@ -105341,6 +106906,7 @@ index fb363cd..c2c0a96 100644 |
3360 |
+ |
3361 |
+config PAX_MEMORY_SANITIZE |
3362 |
+ bool "Sanitize all freed memory" |
3363 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) |
3364 |
+ depends on !HIBERNATION |
3365 |
+ help |
3366 |
+ By saying Y here the kernel will erase memory pages as soon as they |
3367 |
@@ -105363,6 +106929,7 @@ index fb363cd..c2c0a96 100644 |
3368 |
+ |
3369 |
+config PAX_MEMORY_STACKLEAK |
3370 |
+ bool "Sanitize kernel stack" |
3371 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) |
3372 |
+ depends on X86 |
3373 |
+ help |
3374 |
+ By saying Y here the kernel will erase the kernel stack before it |
3375 |
@@ -105387,6 +106954,7 @@ index fb363cd..c2c0a96 100644 |
3376 |
+ |
3377 |
+config PAX_MEMORY_UDEREF |
3378 |
+ bool "Prevent invalid userland pointer dereference" |
3379 |
++ default y if GRKERNSEC_CONFIG_AUTO && (X86_32 || (X86_64 && GRKERNSEC_CONFIG_PRIORITY_SECURITY)) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) |
3380 |
+ depends on X86 && !UML_X86 && !XEN |
3381 |
+ select PAX_PER_CPU_PGD if X86_64 |
3382 |
+ help |
3383 |
@@ -105406,6 +106974,7 @@ index fb363cd..c2c0a96 100644 |
3384 |
+ |
3385 |
+config PAX_REFCOUNT |
3386 |
+ bool "Prevent various kernel object reference counter overflows" |
3387 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3388 |
+ depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86) |
3389 |
+ help |
3390 |
+ By saying Y here the kernel will detect and prevent overflowing |
3391 |
@@ -105425,6 +106994,7 @@ index fb363cd..c2c0a96 100644 |
3392 |
+ |
3393 |
+config PAX_USERCOPY |
3394 |
+ bool "Harden heap object copies between kernel and userland" |
3395 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3396 |
+ depends on X86 || PPC || SPARC || ARM |
3397 |
+ depends on GRKERNSEC && (SLAB || SLUB || SLOB) |
3398 |
+ help |
3399 |
@@ -105450,6 +107020,7 @@ index fb363cd..c2c0a96 100644 |
3400 |
+ |
3401 |
+config PAX_SIZE_OVERFLOW |
3402 |
+ bool "Prevent various integer overflows in function size parameters" |
3403 |
++ default y if GRKERNSEC_CONFIG_AUTO |
3404 |
+ depends on X86 |
3405 |
+ help |
3406 |
+ By saying Y here the kernel recomputes expressions of function |
3407 |
@@ -105466,10 +107037,16 @@ index fb363cd..c2c0a96 100644 |
3408 |
+ |
3409 |
+endmenu |
3410 |
+ |
3411 |
++source grsecurity/Kconfig |
3412 |
++ |
3413 |
++endmenu |
3414 |
++ |
3415 |
++endmenu |
3416 |
++ |
3417 |
config KEYS |
3418 |
bool "Enable access key retention support" |
3419 |
help |
3420 |
-@@ -146,7 +774,7 @@ config INTEL_TXT |
3421 |
+@@ -146,7 +994,7 @@ config INTEL_TXT |
3422 |
config LSM_MMAP_MIN_ADDR |
3423 |
int "Low address space for LSM to protect from user allocation" |
3424 |
depends on SECURITY && SECURITY_SELINUX |
3425 |
|
3426 |
diff --git a/3.2.21/0000_README b/3.2.22/0000_README |
3427 |
similarity index 97% |
3428 |
rename from 3.2.21/0000_README |
3429 |
rename to 3.2.22/0000_README |
3430 |
index 7ab9ec3..b314927 100644 |
3431 |
--- a/3.2.21/0000_README |
3432 |
+++ b/3.2.22/0000_README |
3433 |
@@ -2,7 +2,7 @@ README |
3434 |
----------------------------------------------------------------------------- |
3435 |
Individual Patch Descriptions: |
3436 |
----------------------------------------------------------------------------- |
3437 |
-Patch: 4420_grsecurity-2.9.1-3.2.21-201207021920.patch |
3438 |
+Patch: 4420_grsecurity-2.9.1-3.2.22-201207080924.patch |
3439 |
From: http://www.grsecurity.net |
3440 |
Desc: hardened-sources base patch from upstream grsecurity |
3441 |
|
3442 |
|
3443 |
diff --git a/3.2.21/4420_grsecurity-2.9.1-3.2.21-201207021920.patch b/3.2.22/4420_grsecurity-2.9.1-3.2.22-201207080924.patch |
3444 |
similarity index 99% |
3445 |
rename from 3.2.21/4420_grsecurity-2.9.1-3.2.21-201207021920.patch |
3446 |
rename to 3.2.22/4420_grsecurity-2.9.1-3.2.22-201207080924.patch |
3447 |
index 094317f..166b633 100644 |
3448 |
--- a/3.2.21/4420_grsecurity-2.9.1-3.2.21-201207021920.patch |
3449 |
+++ b/3.2.22/4420_grsecurity-2.9.1-3.2.22-201207080924.patch |
3450 |
@@ -205,7 +205,7 @@ index 81c287f..d456d02 100644 |
3451 |
|
3452 |
pcd. [PARIDE] |
3453 |
diff --git a/Makefile b/Makefile |
3454 |
-index 7eb465e..90a703a 100644 |
3455 |
+index 9a7d921..c10f64e 100644 |
3456 |
--- a/Makefile |
3457 |
+++ b/Makefile |
3458 |
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
3459 |
@@ -10184,7 +10184,7 @@ index 5d3acdf..6447a02 100644 |
3460 |
+ |
3461 |
#endif /* ASM_X86_CMPXCHG_H */ |
3462 |
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h |
3463 |
-index f3444f7..051a196 100644 |
3464 |
+index 0c3b775..0d7a608 100644 |
3465 |
--- a/arch/x86/include/asm/cpufeature.h |
3466 |
+++ b/arch/x86/include/asm/cpufeature.h |
3467 |
@@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) |
3468 |
@@ -11276,67 +11276,10 @@ index 98391db..8f6984e 100644 |
3469 |
|
3470 |
static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) |
3471 |
diff --git a/arch/x86/include/asm/pgtable-3level.h b/arch/x86/include/asm/pgtable-3level.h |
3472 |
-index effff47..bbb8295 100644 |
3473 |
+index cb00ccc..17e9054 100644 |
3474 |
--- a/arch/x86/include/asm/pgtable-3level.h |
3475 |
+++ b/arch/x86/include/asm/pgtable-3level.h |
3476 |
-@@ -31,6 +31,56 @@ static inline void native_set_pte(pte_t *ptep, pte_t pte) |
3477 |
- ptep->pte_low = pte.pte_low; |
3478 |
- } |
3479 |
- |
3480 |
-+#define __HAVE_ARCH_READ_PMD_ATOMIC |
3481 |
-+/* |
3482 |
-+ * pte_offset_map_lock on 32bit PAE kernels was reading the pmd_t with |
3483 |
-+ * a "*pmdp" dereference done by gcc. Problem is, in certain places |
3484 |
-+ * where pte_offset_map_lock is called, concurrent page faults are |
3485 |
-+ * allowed, if the mmap_sem is hold for reading. An example is mincore |
3486 |
-+ * vs page faults vs MADV_DONTNEED. On the page fault side |
3487 |
-+ * pmd_populate rightfully does a set_64bit, but if we're reading the |
3488 |
-+ * pmd_t with a "*pmdp" on the mincore side, a SMP race can happen |
3489 |
-+ * because gcc will not read the 64bit of the pmd atomically. To fix |
3490 |
-+ * this all places running pmd_offset_map_lock() while holding the |
3491 |
-+ * mmap_sem in read mode, shall read the pmdp pointer using this |
3492 |
-+ * function to know if the pmd is null nor not, and in turn to know if |
3493 |
-+ * they can run pmd_offset_map_lock or pmd_trans_huge or other pmd |
3494 |
-+ * operations. |
3495 |
-+ * |
3496 |
-+ * Without THP if the mmap_sem is hold for reading, the |
3497 |
-+ * pmd can only transition from null to not null while read_pmd_atomic runs. |
3498 |
-+ * So there's no need of literally reading it atomically. |
3499 |
-+ * |
3500 |
-+ * With THP if the mmap_sem is hold for reading, the pmd can become |
3501 |
-+ * THP or null or point to a pte (and in turn become "stable") at any |
3502 |
-+ * time under read_pmd_atomic, so it's mandatory to read it atomically |
3503 |
-+ * with cmpxchg8b. |
3504 |
-+ */ |
3505 |
-+#ifndef CONFIG_TRANSPARENT_HUGEPAGE |
3506 |
-+static inline pmd_t read_pmd_atomic(pmd_t *pmdp) |
3507 |
-+{ |
3508 |
-+ pmdval_t ret; |
3509 |
-+ u32 *tmp = (u32 *)pmdp; |
3510 |
-+ |
3511 |
-+ ret = (pmdval_t) (*tmp); |
3512 |
-+ if (ret) { |
3513 |
-+ /* |
3514 |
-+ * If the low part is null, we must not read the high part |
3515 |
-+ * or we can end up with a partial pmd. |
3516 |
-+ */ |
3517 |
-+ smp_rmb(); |
3518 |
-+ ret |= ((pmdval_t)*(tmp + 1)) << 32; |
3519 |
-+ } |
3520 |
-+ |
3521 |
-+ return __pmd(ret); |
3522 |
-+} |
3523 |
-+#else /* CONFIG_TRANSPARENT_HUGEPAGE */ |
3524 |
-+static inline pmd_t read_pmd_atomic(pmd_t *pmdp) |
3525 |
-+{ |
3526 |
-+ return __pmd(atomic64_read((atomic64_t *)pmdp)); |
3527 |
-+} |
3528 |
-+#endif /* CONFIG_TRANSPARENT_HUGEPAGE */ |
3529 |
-+ |
3530 |
- static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) |
3531 |
- { |
3532 |
- set_64bit((unsigned long long *)(ptep), native_pte_val(pte)); |
3533 |
-@@ -38,12 +88,16 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) |
3534 |
+@@ -92,12 +92,16 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) |
3535 |
|
3536 |
static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) |
3537 |
{ |
3538 |
@@ -30195,7 +30138,7 @@ index 6104dba..e7ea8e1 100644 |
3539 |
{0,} /* 0 terminated list. */ |
3540 |
}; |
3541 |
diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c |
3542 |
-index 70ad892..178943c 100644 |
3543 |
+index b3ccefa..d39303b 100644 |
3544 |
--- a/drivers/edac/i7core_edac.c |
3545 |
+++ b/drivers/edac/i7core_edac.c |
3546 |
@@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = { |
3547 |
@@ -30286,7 +30229,7 @@ index b153674..ad2ba9b 100644 |
3548 |
PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID) |
3549 |
}, |
3550 |
diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c |
3551 |
-index 7a402bf..af0b211 100644 |
3552 |
+index 18a1293..58a5c6b4c 100644 |
3553 |
--- a/drivers/edac/sb_edac.c |
3554 |
+++ b/drivers/edac/sb_edac.c |
3555 |
@@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbridge_table[] = { |
3556 |
@@ -30888,10 +30831,10 @@ index a6c2f7a..0eea25d 100644 |
3557 |
for (i = 0; i < count; i++) { |
3558 |
char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; |
3559 |
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c |
3560 |
-index d3820c2..23c575f 100644 |
3561 |
+index 578ddfc..86ac0d0 100644 |
3562 |
--- a/drivers/gpu/drm/i915/i915_irq.c |
3563 |
+++ b/drivers/gpu/drm/i915/i915_irq.c |
3564 |
-@@ -472,7 +472,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) |
3565 |
+@@ -496,7 +496,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) |
3566 |
u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; |
3567 |
struct drm_i915_master_private *master_priv; |
3568 |
|
3569 |
@@ -30900,7 +30843,7 @@ index d3820c2..23c575f 100644 |
3570 |
|
3571 |
/* disable master interrupt before clearing iir */ |
3572 |
de_ier = I915_READ(DEIER); |
3573 |
-@@ -563,7 +563,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) |
3574 |
+@@ -579,7 +579,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) |
3575 |
struct drm_i915_master_private *master_priv; |
3576 |
u32 bsd_usr_interrupt = GT_BSD_USER_INTERRUPT; |
3577 |
|
3578 |
@@ -30909,7 +30852,7 @@ index d3820c2..23c575f 100644 |
3579 |
|
3580 |
if (IS_GEN6(dev)) |
3581 |
bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT; |
3582 |
-@@ -1228,7 +1228,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) |
3583 |
+@@ -1227,7 +1227,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) |
3584 |
int ret = IRQ_NONE, pipe; |
3585 |
bool blc_event = false; |
3586 |
|
3587 |
@@ -30918,7 +30861,7 @@ index d3820c2..23c575f 100644 |
3588 |
|
3589 |
iir = I915_READ(IIR); |
3590 |
|
3591 |
-@@ -1747,7 +1747,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) |
3592 |
+@@ -1746,7 +1746,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) |
3593 |
{ |
3594 |
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; |
3595 |
|
3596 |
@@ -30927,7 +30870,7 @@ index d3820c2..23c575f 100644 |
3597 |
|
3598 |
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); |
3599 |
INIT_WORK(&dev_priv->error_work, i915_error_work_func); |
3600 |
-@@ -1935,7 +1935,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) |
3601 |
+@@ -1934,7 +1934,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) |
3602 |
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; |
3603 |
int pipe; |
3604 |
|
3605 |
@@ -30937,19 +30880,19 @@ index d3820c2..23c575f 100644 |
3606 |
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); |
3607 |
INIT_WORK(&dev_priv->error_work, i915_error_work_func); |
3608 |
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c |
3609 |
-index 5c1cdb8..317de24 100644 |
3610 |
+index 6aa7716..8e5a304 100644 |
3611 |
--- a/drivers/gpu/drm/i915/intel_display.c |
3612 |
+++ b/drivers/gpu/drm/i915/intel_display.c |
3613 |
-@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, |
3614 |
+@@ -2196,7 +2196,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) |
3615 |
|
3616 |
- wait_event(dev_priv->pending_flip_queue, |
3617 |
- atomic_read(&dev_priv->mm.wedged) || |
3618 |
-- atomic_read(&obj->pending_flip) == 0); |
3619 |
-+ atomic_read_unchecked(&obj->pending_flip) == 0); |
3620 |
+ wait_event(dev_priv->pending_flip_queue, |
3621 |
+ atomic_read(&dev_priv->mm.wedged) || |
3622 |
+- atomic_read(&obj->pending_flip) == 0); |
3623 |
++ atomic_read_unchecked(&obj->pending_flip) == 0); |
3624 |
|
3625 |
- /* Big Hammer, we also need to ensure that any pending |
3626 |
- * MI_WAIT_FOR_EVENT inside a user batch buffer on the |
3627 |
-@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) |
3628 |
+ /* Big Hammer, we also need to ensure that any pending |
3629 |
+ * MI_WAIT_FOR_EVENT inside a user batch buffer on the |
3630 |
+@@ -2861,7 +2861,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) |
3631 |
obj = to_intel_framebuffer(crtc->fb)->obj; |
3632 |
dev_priv = crtc->dev->dev_private; |
3633 |
wait_event(dev_priv->pending_flip_queue, |
3634 |
@@ -30958,7 +30901,7 @@ index 5c1cdb8..317de24 100644 |
3635 |
} |
3636 |
|
3637 |
static bool intel_crtc_driving_pch(struct drm_crtc *crtc) |
3638 |
-@@ -6955,7 +6955,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, |
3639 |
+@@ -6982,7 +6982,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, |
3640 |
|
3641 |
atomic_clear_mask(1 << intel_crtc->plane, |
3642 |
&obj->pending_flip.counter); |
3643 |
@@ -30967,7 +30910,7 @@ index 5c1cdb8..317de24 100644 |
3644 |
wake_up(&dev_priv->pending_flip_queue); |
3645 |
|
3646 |
schedule_work(&work->work); |
3647 |
-@@ -7150,7 +7150,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, |
3648 |
+@@ -7177,7 +7177,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, |
3649 |
OUT_RING(fb->pitch | obj->tiling_mode); |
3650 |
OUT_RING(obj->gtt_offset); |
3651 |
|
3652 |
@@ -30982,7 +30925,7 @@ index 5c1cdb8..317de24 100644 |
3653 |
pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; |
3654 |
OUT_RING(pf | pipesrc); |
3655 |
ADVANCE_LP_RING(); |
3656 |
-@@ -7282,7 +7288,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
3657 |
+@@ -7309,7 +7315,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
3658 |
/* Block clients from rendering to the new back buffer until |
3659 |
* the flip occurs and the object is no longer visible. |
3660 |
*/ |
3661 |
@@ -30991,7 +30934,7 @@ index 5c1cdb8..317de24 100644 |
3662 |
|
3663 |
ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); |
3664 |
if (ret) |
3665 |
-@@ -7296,7 +7302,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
3666 |
+@@ -7323,7 +7329,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
3667 |
return 0; |
3668 |
|
3669 |
cleanup_pending: |
3670 |
@@ -35064,6 +35007,19 @@ index a3f7a27..234016e 100644 |
3671 |
return -EINVAL; |
3672 |
|
3673 |
/* Don't allow a single read to cross a 512-byte block boundary */ |
3674 |
+diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c |
3675 |
+index 72d3f23..68ecf48 100644 |
3676 |
+--- a/drivers/mtd/nand/cafe_nand.c |
3677 |
++++ b/drivers/mtd/nand/cafe_nand.c |
3678 |
+@@ -102,7 +102,7 @@ static const char *part_probes[] = { "cmdlinepart", "RedBoot", NULL }; |
3679 |
+ static int cafe_device_ready(struct mtd_info *mtd) |
3680 |
+ { |
3681 |
+ struct cafe_priv *cafe = mtd->priv; |
3682 |
+- int result = !!(cafe_readl(cafe, NAND_STATUS) | 0x40000000); |
3683 |
++ int result = !!(cafe_readl(cafe, NAND_STATUS) & 0x40000000); |
3684 |
+ uint32_t irqs = cafe_readl(cafe, NAND_IRQ); |
3685 |
+ |
3686 |
+ cafe_writel(cafe, irqs, NAND_IRQ); |
3687 |
diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c |
3688 |
index 3984d48..28aa897 100644 |
3689 |
--- a/drivers/mtd/nand/denali.c |
3690 |
@@ -35266,7 +35222,7 @@ index e1159e5..e18684d 100644 |
3691 |
/* Set media type */ |
3692 |
switch (adapter->pdev->device) { |
3693 |
diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c |
3694 |
-index a3e65fd..f451444 100644 |
3695 |
+index e556fc3..fa9199d 100644 |
3696 |
--- a/drivers/net/ethernet/intel/e1000e/82571.c |
3697 |
+++ b/drivers/net/ethernet/intel/e1000e/82571.c |
3698 |
@@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(struct e1000_adapter *adapter) |
3699 |
@@ -44427,6 +44383,22 @@ index 608c1c3..7d040a8 100644 |
3700 |
set_fs(fs_save); |
3701 |
return rc; |
3702 |
} |
3703 |
+diff --git a/fs/eventpoll.c b/fs/eventpoll.c |
3704 |
+index 4d9d3a4..a6f3763 100644 |
3705 |
+--- a/fs/eventpoll.c |
3706 |
++++ b/fs/eventpoll.c |
3707 |
+@@ -1629,8 +1629,10 @@ SYSCALL_DEFINE4(epoll_ctl, int, epfd, int, op, int, fd, |
3708 |
+ if (op == EPOLL_CTL_ADD) { |
3709 |
+ if (is_file_epoll(tfile)) { |
3710 |
+ error = -ELOOP; |
3711 |
+- if (ep_loop_check(ep, tfile) != 0) |
3712 |
++ if (ep_loop_check(ep, tfile) != 0) { |
3713 |
++ clear_tfile_check_list(); |
3714 |
+ goto error_tgt_fput; |
3715 |
++ } |
3716 |
+ } else |
3717 |
+ list_add(&tfile->f_tfile_llink, &tfile_check_list); |
3718 |
+ } |
3719 |
diff --git a/fs/exec.c b/fs/exec.c |
3720 |
index 160cd2f..52c1678 100644 |
3721 |
--- a/fs/exec.c |
3722 |
@@ -47228,7 +47200,7 @@ index 0d68f1f..f216b79 100644 |
3723 |
|
3724 |
lock_flocks(); |
3725 |
diff --git a/fs/namei.c b/fs/namei.c |
3726 |
-index 9680cef..a19f203 100644 |
3727 |
+index 9680cef..2f81108 100644 |
3728 |
--- a/fs/namei.c |
3729 |
+++ b/fs/namei.c |
3730 |
@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask) |
3731 |
@@ -47303,7 +47275,27 @@ index 9680cef..a19f203 100644 |
3732 |
error = 0; |
3733 |
if (s) |
3734 |
error = __vfs_follow_link(nd, s); |
3735 |
-@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *name, |
3736 |
+@@ -1345,6 +1361,9 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) |
3737 |
+ if (!res) |
3738 |
+ res = walk_component(nd, path, &nd->last, |
3739 |
+ nd->last_type, LOOKUP_FOLLOW); |
3740 |
++ if (res >= 0 && gr_handle_symlink_owner(&link, nd->inode)) { |
3741 |
++ res = -EACCES; |
3742 |
++ } |
3743 |
+ put_link(nd, &link, cookie); |
3744 |
+ } while (res > 0); |
3745 |
+ |
3746 |
+@@ -1617,6 +1636,9 @@ static int path_lookupat(int dfd, const char *name, |
3747 |
+ err = follow_link(&link, nd, &cookie); |
3748 |
+ if (!err) |
3749 |
+ err = lookup_last(nd, &path); |
3750 |
++ if (!err && gr_handle_symlink_owner(&link, nd->inode)) { |
3751 |
++ err = -EACCES; |
3752 |
++ } |
3753 |
+ put_link(nd, &link, cookie); |
3754 |
+ } |
3755 |
+ } |
3756 |
+@@ -1624,6 +1646,21 @@ static int path_lookupat(int dfd, const char *name, |
3757 |
if (!err) |
3758 |
err = complete_walk(nd); |
3759 |
|
3760 |
@@ -47325,7 +47317,7 @@ index 9680cef..a19f203 100644 |
3761 |
if (!err && nd->flags & LOOKUP_DIRECTORY) { |
3762 |
if (!nd->inode->i_op->lookup) { |
3763 |
path_put(&nd->path); |
3764 |
-@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *name, |
3765 |
+@@ -1651,6 +1688,15 @@ static int do_path_lookup(int dfd, const char *name, |
3766 |
retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); |
3767 |
|
3768 |
if (likely(!retval)) { |
3769 |
@@ -47341,7 +47333,7 @@ index 9680cef..a19f203 100644 |
3770 |
if (unlikely(!audit_dummy_context())) { |
3771 |
if (nd->path.dentry && nd->inode) |
3772 |
audit_inode(name, nd->path.dentry); |
3773 |
-@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
3774 |
+@@ -2048,6 +2094,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
3775 |
if (flag & O_NOATIME && !inode_owner_or_capable(inode)) |
3776 |
return -EPERM; |
3777 |
|
3778 |
@@ -47355,7 +47347,7 @@ index 9680cef..a19f203 100644 |
3779 |
return 0; |
3780 |
} |
3781 |
|
3782 |
-@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3783 |
+@@ -2109,6 +2162,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3784 |
error = complete_walk(nd); |
3785 |
if (error) |
3786 |
return ERR_PTR(error); |
3787 |
@@ -47372,7 +47364,7 @@ index 9680cef..a19f203 100644 |
3788 |
audit_inode(pathname, nd->path.dentry); |
3789 |
if (open_flag & O_CREAT) { |
3790 |
error = -EISDIR; |
3791 |
-@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3792 |
+@@ -2119,6 +2182,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3793 |
error = complete_walk(nd); |
3794 |
if (error) |
3795 |
return ERR_PTR(error); |
3796 |
@@ -47389,7 +47381,7 @@ index 9680cef..a19f203 100644 |
3797 |
audit_inode(pathname, dir); |
3798 |
goto ok; |
3799 |
} |
3800 |
-@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3801 |
+@@ -2140,6 +2213,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3802 |
error = complete_walk(nd); |
3803 |
if (error) |
3804 |
return ERR_PTR(error); |
3805 |
@@ -47406,7 +47398,7 @@ index 9680cef..a19f203 100644 |
3806 |
|
3807 |
error = -ENOTDIR; |
3808 |
if (nd->flags & LOOKUP_DIRECTORY) { |
3809 |
-@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3810 |
+@@ -2180,6 +2263,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3811 |
/* Negative dentry, just create the file */ |
3812 |
if (!dentry->d_inode) { |
3813 |
int mode = op->mode; |
3814 |
@@ -47419,7 +47411,7 @@ index 9680cef..a19f203 100644 |
3815 |
if (!IS_POSIXACL(dir->d_inode)) |
3816 |
mode &= ~current_umask(); |
3817 |
/* |
3818 |
-@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3819 |
+@@ -2203,6 +2292,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3820 |
error = vfs_create(dir->d_inode, dentry, mode, nd); |
3821 |
if (error) |
3822 |
goto exit_mutex_unlock; |
3823 |
@@ -47428,7 +47420,7 @@ index 9680cef..a19f203 100644 |
3824 |
mutex_unlock(&dir->d_inode->i_mutex); |
3825 |
dput(nd->path.dentry); |
3826 |
nd->path.dentry = dentry; |
3827 |
-@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3828 |
+@@ -2212,6 +2303,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, |
3829 |
/* |
3830 |
* It already exists. |
3831 |
*/ |
3832 |
@@ -47448,7 +47440,23 @@ index 9680cef..a19f203 100644 |
3833 |
mutex_unlock(&dir->d_inode->i_mutex); |
3834 |
audit_inode(pathname, path->dentry); |
3835 |
|
3836 |
-@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path |
3837 |
+@@ -2329,8 +2433,14 @@ static struct file *path_openat(int dfd, const char *pathname, |
3838 |
+ error = follow_link(&link, nd, &cookie); |
3839 |
+ if (unlikely(error)) |
3840 |
+ filp = ERR_PTR(error); |
3841 |
+- else |
3842 |
++ else { |
3843 |
+ filp = do_last(nd, &path, op, pathname); |
3844 |
++ if (!IS_ERR(filp) && gr_handle_symlink_owner(&link, nd->inode)) { |
3845 |
++ if (filp) |
3846 |
++ fput(filp); |
3847 |
++ filp = ERR_PTR(-EACCES); |
3848 |
++ } |
3849 |
++ } |
3850 |
+ put_link(nd, &link, cookie); |
3851 |
+ } |
3852 |
+ out: |
3853 |
+@@ -2424,6 +2534,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path |
3854 |
*path = nd.path; |
3855 |
return dentry; |
3856 |
eexist: |
3857 |
@@ -47460,7 +47468,7 @@ index 9680cef..a19f203 100644 |
3858 |
dput(dentry); |
3859 |
dentry = ERR_PTR(-EEXIST); |
3860 |
fail: |
3861 |
-@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat |
3862 |
+@@ -2446,6 +2561,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat |
3863 |
} |
3864 |
EXPORT_SYMBOL(user_path_create); |
3865 |
|
3866 |
@@ -47481,7 +47489,7 @@ index 9680cef..a19f203 100644 |
3867 |
int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) |
3868 |
{ |
3869 |
int error = may_create(dir, dentry); |
3870 |
-@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
3871 |
+@@ -2513,6 +2642,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
3872 |
error = mnt_want_write(path.mnt); |
3873 |
if (error) |
3874 |
goto out_dput; |
3875 |
@@ -47499,7 +47507,7 @@ index 9680cef..a19f203 100644 |
3876 |
error = security_path_mknod(&path, dentry, mode, dev); |
3877 |
if (error) |
3878 |
goto out_drop_write; |
3879 |
-@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
3880 |
+@@ -2530,6 +2670,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, |
3881 |
} |
3882 |
out_drop_write: |
3883 |
mnt_drop_write(path.mnt); |
3884 |
@@ -47509,7 +47517,7 @@ index 9680cef..a19f203 100644 |
3885 |
out_dput: |
3886 |
dput(dentry); |
3887 |
mutex_unlock(&path.dentry->d_inode->i_mutex); |
3888 |
-@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) |
3889 |
+@@ -2579,12 +2722,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) |
3890 |
error = mnt_want_write(path.mnt); |
3891 |
if (error) |
3892 |
goto out_dput; |
3893 |
@@ -47531,7 +47539,7 @@ index 9680cef..a19f203 100644 |
3894 |
out_dput: |
3895 |
dput(dentry); |
3896 |
mutex_unlock(&path.dentry->d_inode->i_mutex); |
3897 |
-@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
3898 |
+@@ -2664,6 +2816,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
3899 |
char * name; |
3900 |
struct dentry *dentry; |
3901 |
struct nameidata nd; |
3902 |
@@ -47540,7 +47548,7 @@ index 9680cef..a19f203 100644 |
3903 |
|
3904 |
error = user_path_parent(dfd, pathname, &nd, &name); |
3905 |
if (error) |
3906 |
-@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *pathname) |
3907 |
+@@ -2692,6 +2846,15 @@ static long do_rmdir(int dfd, const char __user *pathname) |
3908 |
error = -ENOENT; |
3909 |
goto exit3; |
3910 |
} |
3911 |
@@ -47556,7 +47564,7 @@ index 9680cef..a19f203 100644 |
3912 |
error = mnt_want_write(nd.path.mnt); |
3913 |
if (error) |
3914 |
goto exit3; |
3915 |
-@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
3916 |
+@@ -2699,6 +2862,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
3917 |
if (error) |
3918 |
goto exit4; |
3919 |
error = vfs_rmdir(nd.path.dentry->d_inode, dentry); |
3920 |
@@ -47565,7 +47573,7 @@ index 9680cef..a19f203 100644 |
3921 |
exit4: |
3922 |
mnt_drop_write(nd.path.mnt); |
3923 |
exit3: |
3924 |
-@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
3925 |
+@@ -2761,6 +2926,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
3926 |
struct dentry *dentry; |
3927 |
struct nameidata nd; |
3928 |
struct inode *inode = NULL; |
3929 |
@@ -47574,7 +47582,7 @@ index 9680cef..a19f203 100644 |
3930 |
|
3931 |
error = user_path_parent(dfd, pathname, &nd, &name); |
3932 |
if (error) |
3933 |
-@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
3934 |
+@@ -2783,6 +2950,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
3935 |
if (!inode) |
3936 |
goto slashes; |
3937 |
ihold(inode); |
3938 |
@@ -47591,7 +47599,7 @@ index 9680cef..a19f203 100644 |
3939 |
error = mnt_want_write(nd.path.mnt); |
3940 |
if (error) |
3941 |
goto exit2; |
3942 |
-@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
3943 |
+@@ -2790,6 +2967,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
3944 |
if (error) |
3945 |
goto exit3; |
3946 |
error = vfs_unlink(nd.path.dentry->d_inode, dentry); |
3947 |
@@ -47600,7 +47608,7 @@ index 9680cef..a19f203 100644 |
3948 |
exit3: |
3949 |
mnt_drop_write(nd.path.mnt); |
3950 |
exit2: |
3951 |
-@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, |
3952 |
+@@ -2865,10 +3044,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, |
3953 |
error = mnt_want_write(path.mnt); |
3954 |
if (error) |
3955 |
goto out_dput; |
3956 |
@@ -47619,7 +47627,7 @@ index 9680cef..a19f203 100644 |
3957 |
out_drop_write: |
3958 |
mnt_drop_write(path.mnt); |
3959 |
out_dput: |
3960 |
-@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
3961 |
+@@ -2940,6 +3127,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
3962 |
{ |
3963 |
struct dentry *new_dentry; |
3964 |
struct path old_path, new_path; |
3965 |
@@ -47627,7 +47635,7 @@ index 9680cef..a19f203 100644 |
3966 |
int how = 0; |
3967 |
int error; |
3968 |
|
3969 |
-@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
3970 |
+@@ -2963,7 +3151,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
3971 |
if (error) |
3972 |
return error; |
3973 |
|
3974 |
@@ -47636,7 +47644,7 @@ index 9680cef..a19f203 100644 |
3975 |
error = PTR_ERR(new_dentry); |
3976 |
if (IS_ERR(new_dentry)) |
3977 |
goto out; |
3978 |
-@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
3979 |
+@@ -2974,13 +3162,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
3980 |
error = mnt_want_write(new_path.mnt); |
3981 |
if (error) |
3982 |
goto out_dput; |
3983 |
@@ -47667,7 +47675,7 @@ index 9680cef..a19f203 100644 |
3984 |
dput(new_dentry); |
3985 |
mutex_unlock(&new_path.dentry->d_inode->i_mutex); |
3986 |
path_put(&new_path); |
3987 |
-@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
3988 |
+@@ -3208,6 +3413,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
3989 |
if (new_dentry == trap) |
3990 |
goto exit5; |
3991 |
|
3992 |
@@ -47680,7 +47688,7 @@ index 9680cef..a19f203 100644 |
3993 |
error = mnt_want_write(oldnd.path.mnt); |
3994 |
if (error) |
3995 |
goto exit5; |
3996 |
-@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
3997 |
+@@ -3217,6 +3428,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, |
3998 |
goto exit6; |
3999 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
4000 |
new_dir->d_inode, new_dentry); |
4001 |
@@ -47690,7 +47698,7 @@ index 9680cef..a19f203 100644 |
4002 |
exit6: |
4003 |
mnt_drop_write(oldnd.path.mnt); |
4004 |
exit5: |
4005 |
-@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
4006 |
+@@ -3242,6 +3456,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
4007 |
|
4008 |
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) |
4009 |
{ |
4010 |
@@ -47699,7 +47707,7 @@ index 9680cef..a19f203 100644 |
4011 |
int len; |
4012 |
|
4013 |
len = PTR_ERR(link); |
4014 |
-@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c |
4015 |
+@@ -3251,7 +3467,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c |
4016 |
len = strlen(link); |
4017 |
if (len > (unsigned) buflen) |
4018 |
len = buflen; |
4019 |
@@ -49981,6 +49989,150 @@ index c175b4d..8f36a16 100644 |
4020 |
u8 checksum = 0; |
4021 |
int i; |
4022 |
for (i = 0; i < sizeof(struct tag); ++i) |
4023 |
+diff --git a/fs/udf/super.c b/fs/udf/super.c |
4024 |
+index 87cb24a..ce8efeb 100644 |
4025 |
+--- a/fs/udf/super.c |
4026 |
++++ b/fs/udf/super.c |
4027 |
+@@ -56,6 +56,7 @@ |
4028 |
+ #include <linux/seq_file.h> |
4029 |
+ #include <linux/bitmap.h> |
4030 |
+ #include <linux/crc-itu-t.h> |
4031 |
++#include <linux/log2.h> |
4032 |
+ #include <asm/byteorder.h> |
4033 |
+ |
4034 |
+ #include "udf_sb.h" |
4035 |
+@@ -1217,16 +1218,65 @@ out_bh: |
4036 |
+ return ret; |
4037 |
+ } |
4038 |
+ |
4039 |
++static int udf_load_sparable_map(struct super_block *sb, |
4040 |
++ struct udf_part_map *map, |
4041 |
++ struct sparablePartitionMap *spm) |
4042 |
++{ |
4043 |
++ uint32_t loc; |
4044 |
++ uint16_t ident; |
4045 |
++ struct sparingTable *st; |
4046 |
++ struct udf_sparing_data *sdata = &map->s_type_specific.s_sparing; |
4047 |
++ int i; |
4048 |
++ struct buffer_head *bh; |
4049 |
++ |
4050 |
++ map->s_partition_type = UDF_SPARABLE_MAP15; |
4051 |
++ sdata->s_packet_len = le16_to_cpu(spm->packetLength); |
4052 |
++ if (!is_power_of_2(sdata->s_packet_len)) { |
4053 |
++ udf_err(sb, "error loading logical volume descriptor: " |
4054 |
++ "Invalid packet length %u\n", |
4055 |
++ (unsigned)sdata->s_packet_len); |
4056 |
++ return -EIO; |
4057 |
++ } |
4058 |
++ if (spm->numSparingTables > 4) { |
4059 |
++ udf_err(sb, "error loading logical volume descriptor: " |
4060 |
++ "Too many sparing tables (%d)\n", |
4061 |
++ (int)spm->numSparingTables); |
4062 |
++ return -EIO; |
4063 |
++ } |
4064 |
++ |
4065 |
++ for (i = 0; i < spm->numSparingTables; i++) { |
4066 |
++ loc = le32_to_cpu(spm->locSparingTable[i]); |
4067 |
++ bh = udf_read_tagged(sb, loc, loc, &ident); |
4068 |
++ if (!bh) |
4069 |
++ continue; |
4070 |
++ |
4071 |
++ st = (struct sparingTable *)bh->b_data; |
4072 |
++ if (ident != 0 || |
4073 |
++ strncmp(st->sparingIdent.ident, UDF_ID_SPARING, |
4074 |
++ strlen(UDF_ID_SPARING)) || |
4075 |
++ sizeof(*st) + le16_to_cpu(st->reallocationTableLen) > |
4076 |
++ sb->s_blocksize) { |
4077 |
++ brelse(bh); |
4078 |
++ continue; |
4079 |
++ } |
4080 |
++ |
4081 |
++ sdata->s_spar_map[i] = bh; |
4082 |
++ } |
4083 |
++ map->s_partition_func = udf_get_pblock_spar15; |
4084 |
++ return 0; |
4085 |
++} |
4086 |
++ |
4087 |
+ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
4088 |
+ struct kernel_lb_addr *fileset) |
4089 |
+ { |
4090 |
+ struct logicalVolDesc *lvd; |
4091 |
+- int i, j, offset; |
4092 |
++ int i, offset; |
4093 |
+ uint8_t type; |
4094 |
+ struct udf_sb_info *sbi = UDF_SB(sb); |
4095 |
+ struct genericPartitionMap *gpm; |
4096 |
+ uint16_t ident; |
4097 |
+ struct buffer_head *bh; |
4098 |
++ unsigned int table_len; |
4099 |
+ int ret = 0; |
4100 |
+ |
4101 |
+ bh = udf_read_tagged(sb, block, block, &ident); |
4102 |
+@@ -1234,6 +1284,13 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
4103 |
+ return 1; |
4104 |
+ BUG_ON(ident != TAG_IDENT_LVD); |
4105 |
+ lvd = (struct logicalVolDesc *)bh->b_data; |
4106 |
++ table_len = le32_to_cpu(lvd->mapTableLength); |
4107 |
++ if (sizeof(*lvd) + table_len > sb->s_blocksize) { |
4108 |
++ udf_err(sb, "error loading logical volume descriptor: " |
4109 |
++ "Partition table too long (%u > %lu)\n", table_len, |
4110 |
++ sb->s_blocksize - sizeof(*lvd)); |
4111 |
++ goto out_bh; |
4112 |
++ } |
4113 |
+ |
4114 |
+ i = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps)); |
4115 |
+ if (i != 0) { |
4116 |
+@@ -1242,7 +1299,7 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
4117 |
+ } |
4118 |
+ |
4119 |
+ for (i = 0, offset = 0; |
4120 |
+- i < sbi->s_partitions && offset < le32_to_cpu(lvd->mapTableLength); |
4121 |
++ i < sbi->s_partitions && offset < table_len; |
4122 |
+ i++, offset += gpm->partitionMapLength) { |
4123 |
+ struct udf_part_map *map = &sbi->s_partmaps[i]; |
4124 |
+ gpm = (struct genericPartitionMap *) |
4125 |
+@@ -1277,38 +1334,9 @@ static int udf_load_logicalvol(struct super_block *sb, sector_t block, |
4126 |
+ } else if (!strncmp(upm2->partIdent.ident, |
4127 |
+ UDF_ID_SPARABLE, |
4128 |
+ strlen(UDF_ID_SPARABLE))) { |
4129 |
+- uint32_t loc; |
4130 |
+- struct sparingTable *st; |
4131 |
+- struct sparablePartitionMap *spm = |
4132 |
+- (struct sparablePartitionMap *)gpm; |
4133 |
+- |
4134 |
+- map->s_partition_type = UDF_SPARABLE_MAP15; |
4135 |
+- map->s_type_specific.s_sparing.s_packet_len = |
4136 |
+- le16_to_cpu(spm->packetLength); |
4137 |
+- for (j = 0; j < spm->numSparingTables; j++) { |
4138 |
+- struct buffer_head *bh2; |
4139 |
+- |
4140 |
+- loc = le32_to_cpu( |
4141 |
+- spm->locSparingTable[j]); |
4142 |
+- bh2 = udf_read_tagged(sb, loc, loc, |
4143 |
+- &ident); |
4144 |
+- map->s_type_specific.s_sparing. |
4145 |
+- s_spar_map[j] = bh2; |
4146 |
+- |
4147 |
+- if (bh2 == NULL) |
4148 |
+- continue; |
4149 |
+- |
4150 |
+- st = (struct sparingTable *)bh2->b_data; |
4151 |
+- if (ident != 0 || strncmp( |
4152 |
+- st->sparingIdent.ident, |
4153 |
+- UDF_ID_SPARING, |
4154 |
+- strlen(UDF_ID_SPARING))) { |
4155 |
+- brelse(bh2); |
4156 |
+- map->s_type_specific.s_sparing. |
4157 |
+- s_spar_map[j] = NULL; |
4158 |
+- } |
4159 |
+- } |
4160 |
+- map->s_partition_func = udf_get_pblock_spar15; |
4161 |
++ if (udf_load_sparable_map(sb, map, |
4162 |
++ (struct sparablePartitionMap *)gpm) < 0) |
4163 |
++ goto out_bh; |
4164 |
+ } else if (!strncmp(upm2->partIdent.ident, |
4165 |
+ UDF_ID_METADATA, |
4166 |
+ strlen(UDF_ID_METADATA))) { |
4167 |
diff --git a/fs/utimes.c b/fs/utimes.c |
4168 |
index ba653f3..06ea4b1 100644 |
4169 |
--- a/fs/utimes.c |
4170 |
@@ -50149,221 +50301,19 @@ index 23ce927..e274cc1 100644 |
4171 |
kfree(s); |
4172 |
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
4173 |
new file mode 100644 |
4174 |
-index 0000000..2645296 |
4175 |
+index 0000000..b9e7d6f |
4176 |
--- /dev/null |
4177 |
+++ b/grsecurity/Kconfig |
4178 |
-@@ -0,0 +1,1079 @@ |
4179 |
+@@ -0,0 +1,940 @@ |
4180 |
+# |
4181 |
+# grecurity configuration |
4182 |
+# |
4183 |
-+ |
4184 |
-+menu "Grsecurity" |
4185 |
-+ |
4186 |
-+config GRKERNSEC |
4187 |
-+ bool "Grsecurity" |
4188 |
-+ select CRYPTO |
4189 |
-+ select CRYPTO_SHA256 |
4190 |
-+ help |
4191 |
-+ If you say Y here, you will be able to configure many features |
4192 |
-+ that will enhance the security of your system. It is highly |
4193 |
-+ recommended that you say Y here and read through the help |
4194 |
-+ for each option so that you fully understand the features and |
4195 |
-+ can evaluate their usefulness for your machine. |
4196 |
-+ |
4197 |
-+choice |
4198 |
-+ prompt "Security Level" |
4199 |
-+ depends on GRKERNSEC |
4200 |
-+ default GRKERNSEC_CUSTOM |
4201 |
-+ |
4202 |
-+config GRKERNSEC_LOW |
4203 |
-+ bool "Low" |
4204 |
-+ select GRKERNSEC_LINK |
4205 |
-+ select GRKERNSEC_FIFO |
4206 |
-+ select GRKERNSEC_RANDNET |
4207 |
-+ select GRKERNSEC_DMESG |
4208 |
-+ select GRKERNSEC_CHROOT |
4209 |
-+ select GRKERNSEC_CHROOT_CHDIR |
4210 |
-+ |
4211 |
-+ help |
4212 |
-+ If you choose this option, several of the grsecurity options will |
4213 |
-+ be enabled that will give you greater protection against a number |
4214 |
-+ of attacks, while assuring that none of your software will have any |
4215 |
-+ conflicts with the additional security measures. If you run a lot |
4216 |
-+ of unusual software, or you are having problems with the higher |
4217 |
-+ security levels, you should say Y here. With this option, the |
4218 |
-+ following features are enabled: |
4219 |
-+ |
4220 |
-+ - Linking restrictions |
4221 |
-+ - FIFO restrictions |
4222 |
-+ - Restricted dmesg |
4223 |
-+ - Enforced chdir("/") on chroot |
4224 |
-+ - Runtime module disabling |
4225 |
-+ |
4226 |
-+config GRKERNSEC_MEDIUM |
4227 |
-+ bool "Medium" |
4228 |
-+ select PAX |
4229 |
-+ select PAX_EI_PAX |
4230 |
-+ select PAX_PT_PAX_FLAGS |
4231 |
-+ select PAX_HAVE_ACL_FLAGS |
4232 |
-+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) |
4233 |
-+ select GRKERNSEC_CHROOT |
4234 |
-+ select GRKERNSEC_CHROOT_SYSCTL |
4235 |
-+ select GRKERNSEC_LINK |
4236 |
-+ select GRKERNSEC_FIFO |
4237 |
-+ select GRKERNSEC_DMESG |
4238 |
-+ select GRKERNSEC_RANDNET |
4239 |
-+ select GRKERNSEC_FORKFAIL |
4240 |
-+ select GRKERNSEC_TIME |
4241 |
-+ select GRKERNSEC_SIGNAL |
4242 |
-+ select GRKERNSEC_CHROOT |
4243 |
-+ select GRKERNSEC_CHROOT_UNIX |
4244 |
-+ select GRKERNSEC_CHROOT_MOUNT |
4245 |
-+ select GRKERNSEC_CHROOT_PIVOT |
4246 |
-+ select GRKERNSEC_CHROOT_DOUBLE |
4247 |
-+ select GRKERNSEC_CHROOT_CHDIR |
4248 |
-+ select GRKERNSEC_CHROOT_MKNOD |
4249 |
-+ select GRKERNSEC_PROC |
4250 |
-+ select GRKERNSEC_PROC_USERGROUP |
4251 |
-+ select PAX_RANDUSTACK |
4252 |
-+ select PAX_ASLR |
4253 |
-+ select PAX_RANDMMAP |
4254 |
-+ select PAX_REFCOUNT if (X86 || SPARC64) |
4255 |
-+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB)) |
4256 |
-+ |
4257 |
-+ help |
4258 |
-+ If you say Y here, several features in addition to those included |
4259 |
-+ in the low additional security level will be enabled. These |
4260 |
-+ features provide even more security to your system, though in rare |
4261 |
-+ cases they may be incompatible with very old or poorly written |
4262 |
-+ software. If you enable this option, make sure that your auth |
4263 |
-+ service (identd) is running as gid 1001. With this option, |
4264 |
-+ the following features (in addition to those provided in the |
4265 |
-+ low additional security level) will be enabled: |
4266 |
-+ |
4267 |
-+ - Failed fork logging |
4268 |
-+ - Time change logging |
4269 |
-+ - Signal logging |
4270 |
-+ - Deny mounts in chroot |
4271 |
-+ - Deny double chrooting |
4272 |
-+ - Deny sysctl writes in chroot |
4273 |
-+ - Deny mknod in chroot |
4274 |
-+ - Deny access to abstract AF_UNIX sockets out of chroot |
4275 |
-+ - Deny pivot_root in chroot |
4276 |
-+ - Denied reads/writes of /dev/kmem, /dev/mem, and /dev/port |
4277 |
-+ - /proc restrictions with special GID set to 10 (usually wheel) |
4278 |
-+ - Address Space Layout Randomization (ASLR) |
4279 |
-+ - Prevent exploitation of most refcount overflows |
4280 |
-+ - Bounds checking of copying between the kernel and userland |
4281 |
-+ |
4282 |
-+config GRKERNSEC_HIGH |
4283 |
-+ bool "High" |
4284 |
-+ select GRKERNSEC_LINK |
4285 |
-+ select GRKERNSEC_FIFO |
4286 |
-+ select GRKERNSEC_DMESG |
4287 |
-+ select GRKERNSEC_FORKFAIL |
4288 |
-+ select GRKERNSEC_TIME |
4289 |
-+ select GRKERNSEC_SIGNAL |
4290 |
-+ select GRKERNSEC_CHROOT |
4291 |
-+ select GRKERNSEC_CHROOT_SHMAT |
4292 |
-+ select GRKERNSEC_CHROOT_UNIX |
4293 |
-+ select GRKERNSEC_CHROOT_MOUNT |
4294 |
-+ select GRKERNSEC_CHROOT_FCHDIR |
4295 |
-+ select GRKERNSEC_CHROOT_PIVOT |
4296 |
-+ select GRKERNSEC_CHROOT_DOUBLE |
4297 |
-+ select GRKERNSEC_CHROOT_CHDIR |
4298 |
-+ select GRKERNSEC_CHROOT_MKNOD |
4299 |
-+ select GRKERNSEC_CHROOT_CAPS |
4300 |
-+ select GRKERNSEC_CHROOT_SYSCTL |
4301 |
-+ select GRKERNSEC_CHROOT_FINDTASK |
4302 |
-+ select GRKERNSEC_SYSFS_RESTRICT |
4303 |
-+ select GRKERNSEC_PROC |
4304 |
-+ select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) |
4305 |
-+ select GRKERNSEC_HIDESYM |
4306 |
-+ select GRKERNSEC_BRUTE |
4307 |
-+ select GRKERNSEC_PROC_USERGROUP |
4308 |
-+ select GRKERNSEC_KMEM |
4309 |
-+ select GRKERNSEC_RESLOG |
4310 |
-+ select GRKERNSEC_RANDNET |
4311 |
-+ select GRKERNSEC_PROC_ADD |
4312 |
-+ select GRKERNSEC_CHROOT_CHMOD |
4313 |
-+ select GRKERNSEC_CHROOT_NICE |
4314 |
-+ select GRKERNSEC_SETXID if (X86 || SPARC64 || PPC || ARM || MIPS) |
4315 |
-+ select GRKERNSEC_AUDIT_MOUNT |
4316 |
-+ select GRKERNSEC_MODHARDEN if (MODULES) |
4317 |
-+ select GRKERNSEC_HARDEN_PTRACE |
4318 |
-+ select GRKERNSEC_PTRACE_READEXEC |
4319 |
-+ select GRKERNSEC_VM86 if (X86_32) |
4320 |
-+ select GRKERNSEC_KERN_LOCKOUT if (X86 || ARM || PPC || SPARC) |
4321 |
-+ select PAX |
4322 |
-+ select PAX_RANDUSTACK |
4323 |
-+ select PAX_ASLR |
4324 |
-+ select PAX_RANDMMAP |
4325 |
-+ select PAX_NOEXEC |
4326 |
-+ select PAX_MPROTECT |
4327 |
-+ select PAX_EI_PAX |
4328 |
-+ select PAX_PT_PAX_FLAGS |
4329 |
-+ select PAX_HAVE_ACL_FLAGS |
4330 |
-+ select PAX_KERNEXEC if ((PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN) |
4331 |
-+ select PAX_MEMORY_UDEREF if (X86 && !XEN) |
4332 |
-+ select PAX_RANDKSTACK if (X86_TSC && X86) |
4333 |
-+ select PAX_SEGMEXEC if (X86_32) |
4334 |
-+ select PAX_PAGEEXEC |
4335 |
-+ select PAX_EMUPLT if (ALPHA || PARISC || SPARC) |
4336 |
-+ select PAX_EMUTRAMP if (PARISC) |
4337 |
-+ select PAX_EMUSIGRT if (PARISC) |
4338 |
-+ select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) |
4339 |
-+ select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) |
4340 |
-+ select PAX_REFCOUNT if (X86 || SPARC64) |
4341 |
-+ select PAX_USERCOPY if ((X86 || PPC || SPARC || ARM) && (SLAB || SLUB || SLOB)) |
4342 |
-+ help |
4343 |
-+ If you say Y here, many of the features of grsecurity will be |
4344 |
-+ enabled, which will protect you against many kinds of attacks |
4345 |
-+ against your system. The heightened security comes at a cost |
4346 |
-+ of an increased chance of incompatibilities with rare software |
4347 |
-+ on your machine. Since this security level enables PaX, you should |
4348 |
-+ view <http://pax.grsecurity.net> and read about the PaX |
4349 |
-+ project. While you are there, download chpax and run it on |
4350 |
-+ binaries that cause problems with PaX. Also remember that |
4351 |
-+ since the /proc restrictions are enabled, you must run your |
4352 |
-+ identd as gid 1001. This security level enables the following |
4353 |
-+ features in addition to those listed in the low and medium |
4354 |
-+ security levels: |
4355 |
-+ |
4356 |
-+ - Additional /proc restrictions |
4357 |
-+ - Chmod restrictions in chroot |
4358 |
-+ - No signals, ptrace, or viewing of processes outside of chroot |
4359 |
-+ - Capability restrictions in chroot |
4360 |
-+ - Deny fchdir out of chroot |
4361 |
-+ - Priority restrictions in chroot |
4362 |
-+ - Segmentation-based implementation of PaX |
4363 |
-+ - Mprotect restrictions |
4364 |
-+ - Removal of addresses from /proc/<pid>/[smaps|maps|stat] |
4365 |
-+ - Kernel stack randomization |
4366 |
-+ - Mount/unmount/remount logging |
4367 |
-+ - Kernel symbol hiding |
4368 |
-+ - Hardening of module auto-loading |
4369 |
-+ - Ptrace restrictions |
4370 |
-+ - Restricted vm86 mode |
4371 |
-+ - Restricted sysfs/debugfs |
4372 |
-+ - Active kernel exploit response |
4373 |
-+ |
4374 |
-+config GRKERNSEC_CUSTOM |
4375 |
-+ bool "Custom" |
4376 |
-+ help |
4377 |
-+ If you say Y here, you will be able to configure every grsecurity |
4378 |
-+ option, which allows you to enable many more features that aren't |
4379 |
-+ covered in the basic security levels. These additional features |
4380 |
-+ include TPE, socket restrictions, and the sysctl system for |
4381 |
-+ grsecurity. It is advised that you read through the help for |
4382 |
-+ each option to determine its usefulness in your situation. |
4383 |
-+ |
4384 |
-+endchoice |
4385 |
-+ |
4386 |
+menu "Memory Protections" |
4387 |
+depends on GRKERNSEC |
4388 |
+ |
4389 |
+config GRKERNSEC_KMEM |
4390 |
+ bool "Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port" |
4391 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4392 |
+ select STRICT_DEVMEM if (X86 || ARM || TILE || S390) |
4393 |
+ help |
4394 |
+ If you say Y here, /dev/kmem and /dev/mem won't be allowed to |
4395 |
@@ -50385,6 +50335,7 @@ index 0000000..2645296 |
4396 |
+ |
4397 |
+config GRKERNSEC_VM86 |
4398 |
+ bool "Restrict VM86 mode" |
4399 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER) |
4400 |
+ depends on X86_32 |
4401 |
+ |
4402 |
+ help |
4403 |
@@ -50398,6 +50349,7 @@ index 0000000..2645296 |
4404 |
+ |
4405 |
+config GRKERNSEC_IO |
4406 |
+ bool "Disable privileged I/O" |
4407 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER) |
4408 |
+ depends on X86 |
4409 |
+ select RTC_CLASS |
4410 |
+ select RTC_INTF_DEV |
4411 |
@@ -50417,7 +50369,7 @@ index 0000000..2645296 |
4412 |
+ |
4413 |
+config GRKERNSEC_PROC_MEMMAP |
4414 |
+ bool "Harden ASLR against information leaks and entropy reduction" |
4415 |
-+ default y if (PAX_NOEXEC || PAX_ASLR) |
4416 |
++ default y if (GRKERNSEC_CONFIG_AUTO || PAX_NOEXEC || PAX_ASLR) |
4417 |
+ depends on PAX_NOEXEC || PAX_ASLR |
4418 |
+ help |
4419 |
+ If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will |
4420 |
@@ -50437,6 +50389,7 @@ index 0000000..2645296 |
4421 |
+ |
4422 |
+config GRKERNSEC_BRUTE |
4423 |
+ bool "Deter exploit bruteforcing" |
4424 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4425 |
+ help |
4426 |
+ If you say Y here, attempts to bruteforce exploits against forking |
4427 |
+ daemons such as apache or sshd, as well as against suid/sgid binaries |
4428 |
@@ -50457,6 +50410,7 @@ index 0000000..2645296 |
4429 |
+ |
4430 |
+config GRKERNSEC_MODHARDEN |
4431 |
+ bool "Harden module auto-loading" |
4432 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4433 |
+ depends on MODULES |
4434 |
+ help |
4435 |
+ If you say Y here, module auto-loading in response to use of some |
4436 |
@@ -50478,6 +50432,7 @@ index 0000000..2645296 |
4437 |
+ |
4438 |
+config GRKERNSEC_HIDESYM |
4439 |
+ bool "Hide kernel symbols" |
4440 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4441 |
+ help |
4442 |
+ If you say Y here, getting information on loaded modules, and |
4443 |
+ displaying all kernel symbols through a syscall will be restricted |
4444 |
@@ -50503,11 +50458,12 @@ index 0000000..2645296 |
4445 |
+ |
4446 |
+config GRKERNSEC_KERN_LOCKOUT |
4447 |
+ bool "Active kernel exploit response" |
4448 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4449 |
+ depends on X86 || ARM || PPC || SPARC |
4450 |
+ help |
4451 |
+ If you say Y here, when a PaX alert is triggered due to suspicious |
4452 |
+ activity in the kernel (from KERNEXEC/UDEREF/USERCOPY) |
4453 |
-+ or an OOPs occurs due to bad memory accesses, instead of just |
4454 |
++ or an OOPS occurs due to bad memory accesses, instead of just |
4455 |
+ terminating the offending process (and potentially allowing |
4456 |
+ a subsequent exploit from the same user), we will take one of two |
4457 |
+ actions: |
4458 |
@@ -50566,6 +50522,7 @@ index 0000000..2645296 |
4459 |
+ |
4460 |
+config GRKERNSEC_PROC |
4461 |
+ bool "Proc restrictions" |
4462 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4463 |
+ help |
4464 |
+ If you say Y here, the permissions of the /proc filesystem |
4465 |
+ will be altered to enhance system security and privacy. You MUST |
4466 |
@@ -50587,6 +50544,7 @@ index 0000000..2645296 |
4467 |
+ |
4468 |
+config GRKERNSEC_PROC_USERGROUP |
4469 |
+ bool "Allow special group" |
4470 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4471 |
+ depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER |
4472 |
+ help |
4473 |
+ If you say Y here, you will be able to select a group that will be |
4474 |
@@ -50602,6 +50560,7 @@ index 0000000..2645296 |
4475 |
+ |
4476 |
+config GRKERNSEC_PROC_ADD |
4477 |
+ bool "Additional restrictions" |
4478 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4479 |
+ depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP |
4480 |
+ help |
4481 |
+ If you say Y here, additional restrictions will be placed on |
4482 |
@@ -50610,6 +50569,7 @@ index 0000000..2645296 |
4483 |
+ |
4484 |
+config GRKERNSEC_LINK |
4485 |
+ bool "Linking restrictions" |
4486 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4487 |
+ help |
4488 |
+ If you say Y here, /tmp race exploits will be prevented, since users |
4489 |
+ will no longer be able to follow symlinks owned by other users in |
4490 |
@@ -50618,8 +50578,34 @@ index 0000000..2645296 |
4491 |
+ able to hardlink to files they do not own. If the sysctl option is |
4492 |
+ enabled, a sysctl option with name "linking_restrictions" is created. |
4493 |
+ |
4494 |
++config GRKERNSEC_SYMLINKOWN |
4495 |
++ bool "Kernel-enforced SymlinksIfOwnerMatch" |
4496 |
++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER |
4497 |
++ help |
4498 |
++ Apache's SymlinksIfOwnerMatch option has an inherent race condition |
4499 |
++ that prevents it from being used as a security feature. As Apache |
4500 |
++ verifies the symlink by performing a stat() against the target of |
4501 |
++ the symlink before it is followed, an attacker can setup a symlink |
4502 |
++ to point to a same-owned file, then replace the symlink with one |
4503 |
++ that targets another user's file just after Apache "validates" the |
4504 |
++ symlink -- a classic TOCTOU race. If you say Y here, a complete, |
4505 |
++ race-free replacement for Apache's "SymlinksIfOwnerMatch" option |
4506 |
++ will be in place for the group you specify. If the sysctl option |
4507 |
++ is enabled, a sysctl option with name "enforce_symlinksifowner" is |
4508 |
++ created. |
4509 |
++ |
4510 |
++config GRKERNSEC_SYMLINKOWN_GID |
4511 |
++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch" |
4512 |
++ depends on GRKERNSEC_SYMLINKOWN |
4513 |
++ default 1006 |
4514 |
++ help |
4515 |
++ Setting this GID determines what group kernel-enforced |
4516 |
++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option |
4517 |
++ is enabled, a sysctl option with name "symlinkown_gid" is created. |
4518 |
++ |
4519 |
+config GRKERNSEC_FIFO |
4520 |
+ bool "FIFO restrictions" |
4521 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4522 |
+ help |
4523 |
+ If you say Y here, users will not be able to write to FIFOs they don't |
4524 |
+ own in world-writable +t directories (e.g. /tmp), unless the owner of |
4525 |
@@ -50629,6 +50615,7 @@ index 0000000..2645296 |
4526 |
+ |
4527 |
+config GRKERNSEC_SYSFS_RESTRICT |
4528 |
+ bool "Sysfs/debugfs restriction" |
4529 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER) |
4530 |
+ depends on SYSFS |
4531 |
+ help |
4532 |
+ If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and |
4533 |
@@ -50662,6 +50649,7 @@ index 0000000..2645296 |
4534 |
+ |
4535 |
+config GRKERNSEC_CHROOT |
4536 |
+ bool "Chroot jail restrictions" |
4537 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4538 |
+ help |
4539 |
+ If you say Y here, you will be able to choose several options that will |
4540 |
+ make breaking out of a chrooted jail much more difficult. If you |
4541 |
@@ -50670,6 +50658,7 @@ index 0000000..2645296 |
4542 |
+ |
4543 |
+config GRKERNSEC_CHROOT_MOUNT |
4544 |
+ bool "Deny mounts" |
4545 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4546 |
+ depends on GRKERNSEC_CHROOT |
4547 |
+ help |
4548 |
+ If you say Y here, processes inside a chroot will not be able to |
4549 |
@@ -50678,6 +50667,7 @@ index 0000000..2645296 |
4550 |
+ |
4551 |
+config GRKERNSEC_CHROOT_DOUBLE |
4552 |
+ bool "Deny double-chroots" |
4553 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4554 |
+ depends on GRKERNSEC_CHROOT |
4555 |
+ help |
4556 |
+ If you say Y here, processes inside a chroot will not be able to chroot |
4557 |
@@ -50688,6 +50678,7 @@ index 0000000..2645296 |
4558 |
+ |
4559 |
+config GRKERNSEC_CHROOT_PIVOT |
4560 |
+ bool "Deny pivot_root in chroot" |
4561 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4562 |
+ depends on GRKERNSEC_CHROOT |
4563 |
+ help |
4564 |
+ If you say Y here, processes inside a chroot will not be able to use |
4565 |
@@ -50700,6 +50691,7 @@ index 0000000..2645296 |
4566 |
+ |
4567 |
+config GRKERNSEC_CHROOT_CHDIR |
4568 |
+ bool "Enforce chdir(\"/\") on all chroots" |
4569 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4570 |
+ depends on GRKERNSEC_CHROOT |
4571 |
+ help |
4572 |
+ If you say Y here, the current working directory of all newly-chrooted |
4573 |
@@ -50716,6 +50708,7 @@ index 0000000..2645296 |
4574 |
+ |
4575 |
+config GRKERNSEC_CHROOT_CHMOD |
4576 |
+ bool "Deny (f)chmod +s" |
4577 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4578 |
+ depends on GRKERNSEC_CHROOT |
4579 |
+ help |
4580 |
+ If you say Y here, processes inside a chroot will not be able to chmod |
4581 |
@@ -50726,6 +50719,7 @@ index 0000000..2645296 |
4582 |
+ |
4583 |
+config GRKERNSEC_CHROOT_FCHDIR |
4584 |
+ bool "Deny fchdir out of chroot" |
4585 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4586 |
+ depends on GRKERNSEC_CHROOT |
4587 |
+ help |
4588 |
+ If you say Y here, a well-known method of breaking chroots by fchdir'ing |
4589 |
@@ -50735,6 +50729,7 @@ index 0000000..2645296 |
4590 |
+ |
4591 |
+config GRKERNSEC_CHROOT_MKNOD |
4592 |
+ bool "Deny mknod" |
4593 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4594 |
+ depends on GRKERNSEC_CHROOT |
4595 |
+ help |
4596 |
+ If you say Y here, processes inside a chroot will not be allowed to |
4597 |
@@ -50749,6 +50744,7 @@ index 0000000..2645296 |
4598 |
+ |
4599 |
+config GRKERNSEC_CHROOT_SHMAT |
4600 |
+ bool "Deny shmat() out of chroot" |
4601 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4602 |
+ depends on GRKERNSEC_CHROOT |
4603 |
+ help |
4604 |
+ If you say Y here, processes inside a chroot will not be able to attach |
4605 |
@@ -50758,6 +50754,7 @@ index 0000000..2645296 |
4606 |
+ |
4607 |
+config GRKERNSEC_CHROOT_UNIX |
4608 |
+ bool "Deny access to abstract AF_UNIX sockets out of chroot" |
4609 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4610 |
+ depends on GRKERNSEC_CHROOT |
4611 |
+ help |
4612 |
+ If you say Y here, processes inside a chroot will not be able to |
4613 |
@@ -50768,6 +50765,7 @@ index 0000000..2645296 |
4614 |
+ |
4615 |
+config GRKERNSEC_CHROOT_FINDTASK |
4616 |
+ bool "Protect outside processes" |
4617 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4618 |
+ depends on GRKERNSEC_CHROOT |
4619 |
+ help |
4620 |
+ If you say Y here, processes inside a chroot will not be able to |
4621 |
@@ -50778,6 +50776,7 @@ index 0000000..2645296 |
4622 |
+ |
4623 |
+config GRKERNSEC_CHROOT_NICE |
4624 |
+ bool "Restrict priority changes" |
4625 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4626 |
+ depends on GRKERNSEC_CHROOT |
4627 |
+ help |
4628 |
+ If you say Y here, processes inside a chroot will not be able to raise |
4629 |
@@ -50789,6 +50788,7 @@ index 0000000..2645296 |
4630 |
+ |
4631 |
+config GRKERNSEC_CHROOT_SYSCTL |
4632 |
+ bool "Deny sysctl writes" |
4633 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4634 |
+ depends on GRKERNSEC_CHROOT |
4635 |
+ help |
4636 |
+ If you say Y here, an attacker in a chroot will not be able to |
4637 |
@@ -50799,6 +50799,7 @@ index 0000000..2645296 |
4638 |
+ |
4639 |
+config GRKERNSEC_CHROOT_CAPS |
4640 |
+ bool "Capability restrictions" |
4641 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4642 |
+ depends on GRKERNSEC_CHROOT |
4643 |
+ help |
4644 |
+ If you say Y here, the capabilities on all processes within a |
4645 |
@@ -50841,6 +50842,7 @@ index 0000000..2645296 |
4646 |
+ |
4647 |
+config GRKERNSEC_RESLOG |
4648 |
+ bool "Resource logging" |
4649 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4650 |
+ help |
4651 |
+ If you say Y here, all attempts to overstep resource limits will |
4652 |
+ be logged with the resource name, the requested size, and the current |
4653 |
@@ -50879,6 +50881,7 @@ index 0000000..2645296 |
4654 |
+ |
4655 |
+config GRKERNSEC_SIGNAL |
4656 |
+ bool "Signal logging" |
4657 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4658 |
+ help |
4659 |
+ If you say Y here, certain important signals will be logged, such as |
4660 |
+ SIGSEGV, which will as a result inform you of when a error in a program |
4661 |
@@ -50896,6 +50899,7 @@ index 0000000..2645296 |
4662 |
+ |
4663 |
+config GRKERNSEC_TIME |
4664 |
+ bool "Time change logging" |
4665 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4666 |
+ help |
4667 |
+ If you say Y here, any changes of the system clock will be logged. |
4668 |
+ If the sysctl option is enabled, a sysctl option with name |
4669 |
@@ -50903,6 +50907,7 @@ index 0000000..2645296 |
4670 |
+ |
4671 |
+config GRKERNSEC_PROC_IPADDR |
4672 |
+ bool "/proc/<pid>/ipaddr support" |
4673 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4674 |
+ help |
4675 |
+ If you say Y here, a new entry will be added to each /proc/<pid> |
4676 |
+ directory that contains the IP address of the person using the task. |
4677 |
@@ -50914,6 +50919,7 @@ index 0000000..2645296 |
4678 |
+ |
4679 |
+config GRKERNSEC_RWXMAP_LOG |
4680 |
+ bool 'Denied RWX mmap/mprotect logging' |
4681 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4682 |
+ depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT |
4683 |
+ help |
4684 |
+ If you say Y here, calls to mmap() and mprotect() with explicit |
4685 |
@@ -50942,6 +50948,7 @@ index 0000000..2645296 |
4686 |
+ |
4687 |
+config GRKERNSEC_DMESG |
4688 |
+ bool "Dmesg(8) restriction" |
4689 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4690 |
+ help |
4691 |
+ If you say Y here, non-root users will not be able to use dmesg(8) |
4692 |
+ to view up to the last 4kb of messages in the kernel's log buffer. |
4693 |
@@ -50953,6 +50960,7 @@ index 0000000..2645296 |
4694 |
+ |
4695 |
+config GRKERNSEC_HARDEN_PTRACE |
4696 |
+ bool "Deter ptrace-based process snooping" |
4697 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4698 |
+ help |
4699 |
+ If you say Y here, TTY sniffers and other malicious monitoring |
4700 |
+ programs implemented through ptrace will be defeated. If you |
4701 |
@@ -50969,6 +50977,7 @@ index 0000000..2645296 |
4702 |
+ |
4703 |
+config GRKERNSEC_PTRACE_READEXEC |
4704 |
+ bool "Require read access to ptrace sensitive binaries" |
4705 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4706 |
+ help |
4707 |
+ If you say Y here, unprivileged users will not be able to ptrace unreadable |
4708 |
+ binaries. This option is useful in environments that |
4709 |
@@ -50982,6 +50991,7 @@ index 0000000..2645296 |
4710 |
+ |
4711 |
+config GRKERNSEC_SETXID |
4712 |
+ bool "Enforce consistent multithreaded privileges" |
4713 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4714 |
+ depends on (X86 || SPARC64 || PPC || ARM || MIPS) |
4715 |
+ help |
4716 |
+ If you say Y here, a change from a root uid to a non-root uid |
4717 |
@@ -50996,6 +51006,7 @@ index 0000000..2645296 |
4718 |
+ |
4719 |
+config GRKERNSEC_TPE |
4720 |
+ bool "Trusted Path Execution (TPE)" |
4721 |
++ default y if GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_SERVER |
4722 |
+ help |
4723 |
+ If you say Y here, you will be able to choose a gid to add to the |
4724 |
+ supplementary groups of users you want to mark as "untrusted." |
4725 |
@@ -51052,6 +51063,7 @@ index 0000000..2645296 |
4726 |
+ |
4727 |
+config GRKERNSEC_RANDNET |
4728 |
+ bool "Larger entropy pools" |
4729 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4730 |
+ help |
4731 |
+ If you say Y here, the entropy pools used for many features of Linux |
4732 |
+ and grsecurity will be doubled in size. Since several grsecurity |
4733 |
@@ -51061,6 +51073,7 @@ index 0000000..2645296 |
4734 |
+ |
4735 |
+config GRKERNSEC_BLACKHOLE |
4736 |
+ bool "TCP/UDP blackhole and LAST_ACK DoS prevention" |
4737 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4738 |
+ depends on NET |
4739 |
+ help |
4740 |
+ If you say Y here, neither TCP resets nor ICMP |
4741 |
@@ -51160,11 +51173,12 @@ index 0000000..2645296 |
4742 |
+ option with name "socket_server_gid" is created. |
4743 |
+ |
4744 |
+endmenu |
4745 |
-+menu "Sysctl support" |
4746 |
++menu "Sysctl Support" |
4747 |
+depends on GRKERNSEC && SYSCTL |
4748 |
+ |
4749 |
+config GRKERNSEC_SYSCTL |
4750 |
+ bool "Sysctl support" |
4751 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4752 |
+ help |
4753 |
+ If you say Y here, you will be able to change the options that |
4754 |
+ grsecurity runs with at bootup, without having to recompile your |
4755 |
@@ -51195,6 +51209,7 @@ index 0000000..2645296 |
4756 |
+ |
4757 |
+config GRKERNSEC_SYSCTL_ON |
4758 |
+ bool "Turn on features by default" |
4759 |
++ default y if GRKERNSEC_CONFIG_AUTO |
4760 |
+ depends on GRKERNSEC_SYSCTL |
4761 |
+ help |
4762 |
+ If you say Y here, instead of having all features enabled in the |
4763 |
@@ -51230,8 +51245,6 @@ index 0000000..2645296 |
4764 |
+ raise this value. |
4765 |
+ |
4766 |
+endmenu |
4767 |
-+ |
4768 |
-+endmenu |
4769 |
diff --git a/grsecurity/Makefile b/grsecurity/Makefile |
4770 |
new file mode 100644 |
4771 |
index 0000000..1b9afa9 |
4772 |
@@ -58197,10 +58210,10 @@ index 0000000..8ca18bf |
4773 |
+} |
4774 |
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c |
4775 |
new file mode 100644 |
4776 |
-index 0000000..01ddde4 |
4777 |
+index 0000000..05a6015 |
4778 |
--- /dev/null |
4779 |
+++ b/grsecurity/grsec_init.c |
4780 |
-@@ -0,0 +1,277 @@ |
4781 |
+@@ -0,0 +1,283 @@ |
4782 |
+#include <linux/kernel.h> |
4783 |
+#include <linux/sched.h> |
4784 |
+#include <linux/mm.h> |
4785 |
@@ -58212,6 +58225,8 @@ index 0000000..01ddde4 |
4786 |
+ |
4787 |
+int grsec_enable_ptrace_readexec; |
4788 |
+int grsec_enable_setxid; |
4789 |
++int grsec_enable_symlinkown; |
4790 |
++int grsec_symlinkown_gid; |
4791 |
+int grsec_enable_brute; |
4792 |
+int grsec_enable_link; |
4793 |
+int grsec_enable_dmesg; |
4794 |
@@ -58455,6 +58470,10 @@ index 0000000..01ddde4 |
4795 |
+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL |
4796 |
+ grsec_enable_chroot_sysctl = 1; |
4797 |
+#endif |
4798 |
++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
4799 |
++ grsec_enable_symlinkown = 1; |
4800 |
++ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID; |
4801 |
++#endif |
4802 |
+#ifdef CONFIG_GRKERNSEC_TPE |
4803 |
+ grsec_enable_tpe = 1; |
4804 |
+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID; |
4805 |
@@ -58480,16 +58499,32 @@ index 0000000..01ddde4 |
4806 |
+} |
4807 |
diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c |
4808 |
new file mode 100644 |
4809 |
-index 0000000..3efe141 |
4810 |
+index 0000000..35a96d1 |
4811 |
--- /dev/null |
4812 |
+++ b/grsecurity/grsec_link.c |
4813 |
-@@ -0,0 +1,43 @@ |
4814 |
+@@ -0,0 +1,59 @@ |
4815 |
+#include <linux/kernel.h> |
4816 |
+#include <linux/sched.h> |
4817 |
+#include <linux/fs.h> |
4818 |
+#include <linux/file.h> |
4819 |
+#include <linux/grinternal.h> |
4820 |
+ |
4821 |
++int gr_handle_symlink_owner(const struct path *link, const struct inode *target) |
4822 |
++{ |
4823 |
++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
4824 |
++ const struct inode *link_inode = link->dentry->d_inode; |
4825 |
++ |
4826 |
++ if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) && |
4827 |
++ /* ignore root-owned links, e.g. /proc/self */ |
4828 |
++ link_inode->i_uid && |
4829 |
++ link_inode->i_uid != target->i_uid) { |
4830 |
++ gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid); |
4831 |
++ return 1; |
4832 |
++ } |
4833 |
++#endif |
4834 |
++ return 0; |
4835 |
++} |
4836 |
++ |
4837 |
+int |
4838 |
+gr_handle_follow_link(const struct inode *parent, |
4839 |
+ const struct inode *inode, |
4840 |
@@ -59512,10 +59547,10 @@ index 0000000..4030d57 |
4841 |
+} |
4842 |
diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c |
4843 |
new file mode 100644 |
4844 |
-index 0000000..a1aedd7 |
4845 |
+index 0000000..bce198e |
4846 |
--- /dev/null |
4847 |
+++ b/grsecurity/grsec_sysctl.c |
4848 |
-@@ -0,0 +1,451 @@ |
4849 |
+@@ -0,0 +1,467 @@ |
4850 |
+#include <linux/kernel.h> |
4851 |
+#include <linux/sched.h> |
4852 |
+#include <linux/sysctl.h> |
4853 |
@@ -59561,6 +59596,22 @@ index 0000000..a1aedd7 |
4854 |
+ .proc_handler = &proc_dointvec, |
4855 |
+ }, |
4856 |
+#endif |
4857 |
++#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
4858 |
++ { |
4859 |
++ .procname = "enforce_symlinksifowner", |
4860 |
++ .data = &grsec_enable_symlinkown, |
4861 |
++ .maxlen = sizeof(int), |
4862 |
++ .mode = 0600, |
4863 |
++ .proc_handler = &proc_dointvec, |
4864 |
++ }, |
4865 |
++ { |
4866 |
++ .procname = "symlinkown_gid", |
4867 |
++ .data = &grsec_symlinkown_gid, |
4868 |
++ .maxlen = sizeof(int), |
4869 |
++ .mode = 0600, |
4870 |
++ .proc_handler = &proc_dointvec, |
4871 |
++ }, |
4872 |
++#endif |
4873 |
+#ifdef CONFIG_GRKERNSEC_BRUTE |
4874 |
+ { |
4875 |
+ .procname = "deter_bruteforce", |
4876 |
@@ -60619,49 +60670,10 @@ index 810431d..0ec4804f 100644 |
4877 |
* (puds are folded into pgds so this doesn't get actually called, |
4878 |
* but the define is needed for a generic inline function.) |
4879 |
diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h |
4880 |
-index a03c098..19751cf 100644 |
4881 |
+index bc00876..5aee0d9 100644 |
4882 |
--- a/include/asm-generic/pgtable.h |
4883 |
+++ b/include/asm-generic/pgtable.h |
4884 |
-@@ -445,6 +445,18 @@ static inline int pmd_write(pmd_t pmd) |
4885 |
- #endif /* __HAVE_ARCH_PMD_WRITE */ |
4886 |
- #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ |
4887 |
- |
4888 |
-+#ifndef __HAVE_ARCH_READ_PMD_ATOMIC |
4889 |
-+static inline pmd_t read_pmd_atomic(pmd_t *pmdp) |
4890 |
-+{ |
4891 |
-+ /* |
4892 |
-+ * Depend on compiler for an atomic pmd read. NOTE: this is |
4893 |
-+ * only going to work, if the pmdval_t isn't larger than |
4894 |
-+ * an unsigned long. |
4895 |
-+ */ |
4896 |
-+ return *pmdp; |
4897 |
-+} |
4898 |
-+#endif /* __HAVE_ARCH_READ_PMD_ATOMIC */ |
4899 |
-+ |
4900 |
- /* |
4901 |
- * This function is meant to be used by sites walking pagetables with |
4902 |
- * the mmap_sem hold in read mode to protect against MADV_DONTNEED and |
4903 |
-@@ -458,11 +470,17 @@ static inline int pmd_write(pmd_t pmd) |
4904 |
- * undefined so behaving like if the pmd was none is safe (because it |
4905 |
- * can return none anyway). The compiler level barrier() is critically |
4906 |
- * important to compute the two checks atomically on the same pmdval. |
4907 |
-+ * |
4908 |
-+ * For 32bit kernels with a 64bit large pmd_t this automatically takes |
4909 |
-+ * care of reading the pmd atomically to avoid SMP race conditions |
4910 |
-+ * against pmd_populate() when the mmap_sem is hold for reading by the |
4911 |
-+ * caller (a special atomic read not done by "gcc" as in the generic |
4912 |
-+ * version above, is also needed when THP is disabled because the page |
4913 |
-+ * fault can populate the pmd from under us). |
4914 |
- */ |
4915 |
- static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t *pmd) |
4916 |
- { |
4917 |
-- /* depend on compiler for an atomic pmd read */ |
4918 |
-- pmd_t pmdval = *pmd; |
4919 |
-+ pmd_t pmdval = read_pmd_atomic(pmd); |
4920 |
- /* |
4921 |
- * The barrier will stabilize the pmdval in a register or on |
4922 |
- * the stack so that it will stop changing under the code. |
4923 |
-@@ -502,6 +520,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) |
4924 |
+@@ -530,6 +530,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) |
4925 |
#endif |
4926 |
} |
4927 |
|
4928 |
@@ -61948,10 +61960,10 @@ index 0000000..b30e9bc |
4929 |
+#endif |
4930 |
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h |
4931 |
new file mode 100644 |
4932 |
-index 0000000..da390f1 |
4933 |
+index 0000000..c9292f7 |
4934 |
--- /dev/null |
4935 |
+++ b/include/linux/grinternal.h |
4936 |
-@@ -0,0 +1,221 @@ |
4937 |
+@@ -0,0 +1,223 @@ |
4938 |
+#ifndef __GRINTERNAL_H |
4939 |
+#define __GRINTERNAL_H |
4940 |
+ |
4941 |
@@ -62013,6 +62025,8 @@ index 0000000..da390f1 |
4942 |
+extern int grsec_enable_chroot_caps; |
4943 |
+extern int grsec_enable_chroot_sysctl; |
4944 |
+extern int grsec_enable_chroot_unix; |
4945 |
++extern int grsec_enable_symlinkown; |
4946 |
++extern int grsec_symlinkown_gid; |
4947 |
+extern int grsec_enable_tpe; |
4948 |
+extern int grsec_tpe_gid; |
4949 |
+extern int grsec_enable_tpe_all; |
4950 |
@@ -62175,10 +62189,10 @@ index 0000000..da390f1 |
4951 |
+#endif |
4952 |
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h |
4953 |
new file mode 100644 |
4954 |
-index 0000000..ae576a1 |
4955 |
+index 0000000..54f4e85 |
4956 |
--- /dev/null |
4957 |
+++ b/include/linux/grmsg.h |
4958 |
-@@ -0,0 +1,109 @@ |
4959 |
+@@ -0,0 +1,110 @@ |
4960 |
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" |
4961 |
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" |
4962 |
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " |
4963 |
@@ -62288,12 +62302,13 @@ index 0000000..ae576a1 |
4964 |
+#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by " |
4965 |
+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by " |
4966 |
+#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by " |
4967 |
++#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by " |
4968 |
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h |
4969 |
new file mode 100644 |
4970 |
-index 0000000..2ccf677 |
4971 |
+index 0000000..12bf493 |
4972 |
--- /dev/null |
4973 |
+++ b/include/linux/grsecurity.h |
4974 |
-@@ -0,0 +1,229 @@ |
4975 |
+@@ -0,0 +1,230 @@ |
4976 |
+#ifndef GR_SECURITY_H |
4977 |
+#define GR_SECURITY_H |
4978 |
+#include <linux/fs.h> |
4979 |
@@ -62475,6 +62490,7 @@ index 0000000..2ccf677 |
4980 |
+ const struct vfsmount *parent_mnt, |
4981 |
+ const struct dentry *old_dentry, |
4982 |
+ const struct vfsmount *old_mnt, const char *to); |
4983 |
++int gr_handle_symlink_owner(const struct path *link, const struct inode *target); |
4984 |
+int gr_acl_handle_rename(struct dentry *new_dentry, |
4985 |
+ struct dentry *parent_dentry, |
4986 |
+ const struct vfsmount *parent_mnt, |
4987 |
@@ -71280,10 +71296,19 @@ index d53adf9..03a24bf 100644 |
4988 |
set_fs(old_fs); |
4989 |
|
4990 |
diff --git a/mm/madvise.c b/mm/madvise.c |
4991 |
-index 74bf193..feb6fd3 100644 |
4992 |
+index 74bf193..4041aaa 100644 |
4993 |
--- a/mm/madvise.c |
4994 |
+++ b/mm/madvise.c |
4995 |
-@@ -45,6 +45,10 @@ static long madvise_behavior(struct vm_area_struct * vma, |
4996 |
+@@ -13,6 +13,8 @@ |
4997 |
+ #include <linux/hugetlb.h> |
4998 |
+ #include <linux/sched.h> |
4999 |
+ #include <linux/ksm.h> |
5000 |
++#include <linux/fs.h> |
5001 |
++#include <linux/file.h> |
5002 |
+ |
5003 |
+ /* |
5004 |
+ * Any behaviour which results in changes to the vma->vm_flags needs to |
5005 |
+@@ -45,6 +47,10 @@ static long madvise_behavior(struct vm_area_struct * vma, |
5006 |
pgoff_t pgoff; |
5007 |
unsigned long new_flags = vma->vm_flags; |
5008 |
|
5009 |
@@ -71294,7 +71319,7 @@ index 74bf193..feb6fd3 100644 |
5010 |
switch (behavior) { |
5011 |
case MADV_NORMAL: |
5012 |
new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ; |
5013 |
-@@ -110,6 +114,13 @@ success: |
5014 |
+@@ -110,6 +116,13 @@ success: |
5015 |
/* |
5016 |
* vm_flags is protected by the mmap_sem held in write mode. |
5017 |
*/ |
5018 |
@@ -71308,7 +71333,7 @@ index 74bf193..feb6fd3 100644 |
5019 |
vma->vm_flags = new_flags; |
5020 |
|
5021 |
out: |
5022 |
-@@ -168,6 +179,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5023 |
+@@ -168,6 +181,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5024 |
struct vm_area_struct ** prev, |
5025 |
unsigned long start, unsigned long end) |
5026 |
{ |
5027 |
@@ -71320,7 +71345,7 @@ index 74bf193..feb6fd3 100644 |
5028 |
*prev = vma; |
5029 |
if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP)) |
5030 |
return -EINVAL; |
5031 |
-@@ -180,6 +196,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5032 |
+@@ -180,6 +198,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5033 |
zap_page_range(vma, start, end - start, &details); |
5034 |
} else |
5035 |
zap_page_range(vma, start, end - start, NULL); |
5036 |
@@ -71342,7 +71367,47 @@ index 74bf193..feb6fd3 100644 |
5037 |
return 0; |
5038 |
} |
5039 |
|
5040 |
-@@ -376,6 +407,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) |
5041 |
+@@ -197,16 +230,17 @@ static long madvise_remove(struct vm_area_struct *vma, |
5042 |
+ struct address_space *mapping; |
5043 |
+ loff_t offset, endoff; |
5044 |
+ int error; |
5045 |
++ struct file *f; |
5046 |
+ |
5047 |
+ *prev = NULL; /* tell sys_madvise we drop mmap_sem */ |
5048 |
+ |
5049 |
+ if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB)) |
5050 |
+ return -EINVAL; |
5051 |
+ |
5052 |
+- if (!vma->vm_file || !vma->vm_file->f_mapping |
5053 |
+- || !vma->vm_file->f_mapping->host) { |
5054 |
+- return -EINVAL; |
5055 |
+- } |
5056 |
++ f = vma->vm_file; |
5057 |
++ |
5058 |
++ if (!f || !f->f_mapping || !f->f_mapping->host) |
5059 |
++ return -EINVAL; |
5060 |
+ |
5061 |
+ if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE)) |
5062 |
+ return -EACCES; |
5063 |
+@@ -218,10 +252,16 @@ static long madvise_remove(struct vm_area_struct *vma, |
5064 |
+ endoff = (loff_t)(end - vma->vm_start - 1) |
5065 |
+ + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); |
5066 |
+ |
5067 |
+- /* vmtruncate_range needs to take i_mutex */ |
5068 |
++ /* vmtruncate_range needs to take i_mutex. We need to |
5069 |
++ * explicitly grab a reference because the vma (and hence the |
5070 |
++ * vma's reference to the file) can go away as soon as we drop |
5071 |
++ * mmap_sem. |
5072 |
++ */ |
5073 |
++ get_file(f); |
5074 |
+ up_read(¤t->mm->mmap_sem); |
5075 |
+ error = vmtruncate_range(mapping->host, offset, endoff); |
5076 |
+ down_read(¤t->mm->mmap_sem); |
5077 |
++ fput(f); |
5078 |
+ return error; |
5079 |
+ } |
5080 |
+ |
5081 |
+@@ -376,6 +416,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) |
5082 |
if (end < start) |
5083 |
goto out; |
5084 |
|
5085 |
@@ -79694,16 +79759,14 @@ index 38f6617..e70b72b 100755 |
5086 |
|
5087 |
exuberant() |
5088 |
diff --git a/security/Kconfig b/security/Kconfig |
5089 |
-index 51bd5a0..c37f5e6 100644 |
5090 |
+index 51bd5a0..5a02ed0 100644 |
5091 |
--- a/security/Kconfig |
5092 |
+++ b/security/Kconfig |
5093 |
-@@ -4,6 +4,640 @@ |
5094 |
+@@ -4,6 +4,860 @@ |
5095 |
|
5096 |
menu "Security options" |
5097 |
|
5098 |
-+source grsecurity/Kconfig |
5099 |
-+ |
5100 |
-+menu "PaX" |
5101 |
++menu "Grsecurity" |
5102 |
+ |
5103 |
+ config ARCH_TRACK_EXEC_LIMIT |
5104 |
+ bool |
5105 |
@@ -79724,8 +79787,205 @@ index 51bd5a0..c37f5e6 100644 |
5106 |
+ bool |
5107 |
+ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM)) |
5108 |
+ |
5109 |
++config GRKERNSEC |
5110 |
++ bool "Grsecurity" |
5111 |
++ select CRYPTO |
5112 |
++ select CRYPTO_SHA256 |
5113 |
++ help |
5114 |
++ If you say Y here, you will be able to configure many features |
5115 |
++ that will enhance the security of your system. It is highly |
5116 |
++ recommended that you say Y here and read through the help |
5117 |
++ for each option so that you fully understand the features and |
5118 |
++ can evaluate their usefulness for your machine. |
5119 |
++ |
5120 |
++choice |
5121 |
++ prompt "Configuration Method" |
5122 |
++ depends on GRKERNSEC |
5123 |
++ default GRKERNSEC_CONFIG_CUSTOM |
5124 |
++ help |
5125 |
++ |
5126 |
++config GRKERNSEC_CONFIG_AUTO |
5127 |
++ bool "Automatic" |
5128 |
++ help |
5129 |
++ If you choose this configuration method, you'll be able to answer a small |
5130 |
++ number of simple questions about how you plan to use this kernel. |
5131 |
++ The settings of grsecurity and PaX will be automatically configured for |
5132 |
++ the highest commonly-used settings within the provided constraints. |
5133 |
++ |
5134 |
++ If you require additional configuration, custom changes can still be made |
5135 |
++ from the "custom configuration" menu. |
5136 |
++ |
5137 |
++config GRKERNSEC_CONFIG_CUSTOM |
5138 |
++ bool "Custom" |
5139 |
++ help |
5140 |
++ If you choose this configuration method, you'll be able to configure all |
5141 |
++ grsecurity and PaX settings manually. Via this method, no options are |
5142 |
++ automatically enabled. |
5143 |
++ |
5144 |
++endchoice |
5145 |
++ |
5146 |
++choice |
5147 |
++ prompt "Usage Type" |
5148 |
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) |
5149 |
++ default GRKERNSEC_CONFIG_SERVER |
5150 |
++ help |
5151 |
++ |
5152 |
++config GRKERNSEC_CONFIG_SERVER |
5153 |
++ bool "Server" |
5154 |
++ help |
5155 |
++ Choose this option if you plan to use this kernel on a server. |
5156 |
++ |
5157 |
++config GRKERNSEC_CONFIG_DESKTOP |
5158 |
++ bool "Desktop" |
5159 |
++ help |
5160 |
++ Choose this option if you plan to use this kernel on a desktop. |
5161 |
++ |
5162 |
++endchoice |
5163 |
++ |
5164 |
++choice |
5165 |
++ prompt "Virtualization Type" |
5166 |
++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO) |
5167 |
++ default GRKERNSEC_CONFIG_VIRT_NONE |
5168 |
++ help |
5169 |
++ |
5170 |
++config GRKERNSEC_CONFIG_VIRT_NONE |
5171 |
++ bool "None" |
5172 |
++ help |
5173 |
++ Choose this option if this kernel will be run on bare metal. |
5174 |
++ |
5175 |
++config GRKERNSEC_CONFIG_VIRT_GUEST |
5176 |
++ bool "Guest" |
5177 |
++ help |
5178 |
++ Choose this option if this kernel will be run as a VM guest. |
5179 |
++ |
5180 |
++config GRKERNSEC_CONFIG_VIRT_HOST |
5181 |
++ bool "Host" |
5182 |
++ help |
5183 |
++ Choose this option if this kernel will be run as a VM host. |
5184 |
++ |
5185 |
++endchoice |
5186 |
++ |
5187 |
++choice |
5188 |
++ prompt "Virtualization Hardware" |
5189 |
++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) |
5190 |
++ help |
5191 |
++ |
5192 |
++config GRKERNSEC_CONFIG_VIRT_EPT |
5193 |
++ bool "EPT/RVI Processor Support" |
5194 |
++ depends on X86 |
5195 |
++ help |
5196 |
++ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen |
5197 |
++ hardware virtualization. This allows for additional kernel hardening protections |
5198 |
++ to operate without additional performance impact. |
5199 |
++ |
5200 |
++ To see if your Intel processor supports EPT, see: |
5201 |
++ http://ark.intel.com/Products/VirtualizationTechnology |
5202 |
++ (Most Core i3/5/7 support EPT) |
5203 |
++ |
5204 |
++ To see if your AMD processor supports RVI, see: |
5205 |
++ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx |
5206 |
++ |
5207 |
++config GRKERNSEC_CONFIG_VIRT_SOFT |
5208 |
++ bool "First-gen/No Hardware Virtualization" |
5209 |
++ help |
5210 |
++ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't |
5211 |
++ support hardware virtualization or doesn't support the EPT/RVI extensions. |
5212 |
++ |
5213 |
++endchoice |
5214 |
++ |
5215 |
++choice |
5216 |
++ prompt "Virtualization Software" |
5217 |
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) |
5218 |
++ help |
5219 |
++ |
5220 |
++config GRKERNSEC_CONFIG_VIRT_XEN |
5221 |
++ bool "Xen" |
5222 |
++ help |
5223 |
++ Choose this option if this kernel is running as a Xen guest or host. |
5224 |
++ |
5225 |
++config GRKERNSEC_CONFIG_VIRT_VMWARE |
5226 |
++ bool "VMWare" |
5227 |
++ help |
5228 |
++ Choose this option if this kernel is running as a VMWare guest or host. |
5229 |
++ |
5230 |
++config GRKERNSEC_CONFIG_VIRT_KVM |
5231 |
++ bool "KVM" |
5232 |
++ help |
5233 |
++ Choose this option if this kernel is running as a KVM guest or host. |
5234 |
++ |
5235 |
++config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX |
5236 |
++ bool "VirtualBox" |
5237 |
++ help |
5238 |
++ Choose this option if this kernel is running as a VirtualBox guest or host. |
5239 |
++ |
5240 |
++endchoice |
5241 |
++ |
5242 |
++choice |
5243 |
++ prompt "Required Priorities" |
5244 |
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) |
5245 |
++ default GRKERNSEC_CONFIG_PRIORITY_PERF |
5246 |
++ help |
5247 |
++ |
5248 |
++config GRKERNSEC_CONFIG_PRIORITY_PERF |
5249 |
++ bool "Performance" |
5250 |
++ help |
5251 |
++ Choose this option if performance is of highest priority for this deployment |
5252 |
++ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing, |
5253 |
++ and freed memory sanitizing will be disabled. |
5254 |
++ |
5255 |
++config GRKERNSEC_CONFIG_PRIORITY_SECURITY |
5256 |
++ bool "Security" |
5257 |
++ help |
5258 |
++ Choose this option if security is of highest priority for this deployment of |
5259 |
++ grsecurity. UDEREF, kernel stack clearing, and freed memory sanitizing will |
5260 |
++ be enabled for this kernel. In a worst-case scenario, these features can |
5261 |
++ introduce a 20% performance hit (UDEREF on x64 contributing half of this hit). |
5262 |
++ |
5263 |
++endchoice |
5264 |
++ |
5265 |
++menu "Default Special Groups" |
5266 |
++depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) |
5267 |
++ |
5268 |
++config GRKERNSEC_PROC_GID |
5269 |
++ int "GID exempted from /proc restrictions" |
5270 |
++ default 1001 |
5271 |
++ help |
5272 |
++ Setting this GID determines which group will be exempted from |
5273 |
++ grsecurity's /proc restrictions, allowing users of the specified |
5274 |
++ group to view network statistics and the existence of other users' |
5275 |
++ processes on the system. |
5276 |
++ |
5277 |
++config GRKERNSEC_TPE_GID |
5278 |
++ int "GID for untrusted users" |
5279 |
++ depends on GRKERNSEC_CONFIG_SERVER |
5280 |
++ default 1005 |
5281 |
++ help |
5282 |
++ Setting this GID determines which group untrusted users should |
5283 |
++ be added to. These users will be placed under grsecurity's Trusted Path |
5284 |
++ Execution mechanism, preventing them from executing their own binaries. |
5285 |
++ The users will only be able to execute binaries in directories owned and |
5286 |
++ writable only by the root user. |
5287 |
++ |
5288 |
++config GRKERNSEC_SYMLINKOWN_GID |
5289 |
++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch" |
5290 |
++ depends on GRKERNSEC_CONFIG_SERVER |
5291 |
++ default 1006 |
5292 |
++ help |
5293 |
++ Setting this GID determines what group kernel-enforced |
5294 |
++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option |
5295 |
++ is enabled, a sysctl option with name "symlinkown_gid" is created. |
5296 |
++ |
5297 |
++ |
5298 |
++endmenu |
5299 |
++ |
5300 |
++menu "Customize Configuration" |
5301 |
++depends on GRKERNSEC |
5302 |
++ |
5303 |
++menu "PaX" |
5304 |
++ |
5305 |
+config PAX |
5306 |
+ bool "Enable various PaX features" |
5307 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5308 |
+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86) |
5309 |
+ help |
5310 |
+ This allows you to enable various PaX features. PaX adds |
5311 |
@@ -79749,6 +80009,7 @@ index 51bd5a0..c37f5e6 100644 |
5312 |
+ |
5313 |
+config PAX_EI_PAX |
5314 |
+ bool 'Use legacy ELF header marking' |
5315 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5316 |
+ help |
5317 |
+ Enabling this option will allow you to control PaX features on |
5318 |
+ a per executable basis via the 'chpax' utility available at |
5319 |
@@ -79768,6 +80029,7 @@ index 51bd5a0..c37f5e6 100644 |
5320 |
+ |
5321 |
+config PAX_PT_PAX_FLAGS |
5322 |
+ bool 'Use ELF program header marking' |
5323 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5324 |
+ help |
5325 |
+ Enabling this option will allow you to control PaX features on |
5326 |
+ a per executable basis via the 'paxctl' utility available at |
5327 |
@@ -79789,6 +80051,7 @@ index 51bd5a0..c37f5e6 100644 |
5328 |
+ |
5329 |
+config PAX_XATTR_PAX_FLAGS |
5330 |
+ bool 'Use filesystem extended attributes marking' |
5331 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5332 |
+ select CIFS_XATTR if CIFS |
5333 |
+ select EXT2_FS_XATTR if EXT2_FS |
5334 |
+ select EXT3_FS_XATTR if EXT3_FS |
5335 |
@@ -79850,6 +80113,7 @@ index 51bd5a0..c37f5e6 100644 |
5336 |
+ |
5337 |
+config PAX_NOEXEC |
5338 |
+ bool "Enforce non-executable pages" |
5339 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5340 |
+ depends on ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 |
5341 |
+ help |
5342 |
+ By design some architectures do not allow for protecting memory |
5343 |
@@ -79878,6 +80142,7 @@ index 51bd5a0..c37f5e6 100644 |
5344 |
+ |
5345 |
+config PAX_PAGEEXEC |
5346 |
+ bool "Paging based non-executable pages" |
5347 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5348 |
+ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) |
5349 |
+ select S390_SWITCH_AMODE if S390 |
5350 |
+ select S390_EXEC_PROTECT if S390 |
5351 |
@@ -79900,6 +80165,7 @@ index 51bd5a0..c37f5e6 100644 |
5352 |
+ |
5353 |
+config PAX_SEGMEXEC |
5354 |
+ bool "Segmentation based non-executable pages" |
5355 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5356 |
+ depends on PAX_NOEXEC && X86_32 |
5357 |
+ help |
5358 |
+ This implementation is based on the segmentation feature of the |
5359 |
@@ -79966,6 +80232,7 @@ index 51bd5a0..c37f5e6 100644 |
5360 |
+ |
5361 |
+config PAX_MPROTECT |
5362 |
+ bool "Restrict mprotect()" |
5363 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5364 |
+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) |
5365 |
+ help |
5366 |
+ Enabling this option will prevent programs from |
5367 |
@@ -79983,8 +80250,8 @@ index 51bd5a0..c37f5e6 100644 |
5368 |
+ |
5369 |
+config PAX_MPROTECT_COMPAT |
5370 |
+ bool "Use legacy/compat protection demoting (read help)" |
5371 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) |
5372 |
+ depends on PAX_MPROTECT |
5373 |
-+ default n |
5374 |
+ help |
5375 |
+ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects |
5376 |
+ by sending the proper error code to the application. For some broken |
5377 |
@@ -80059,6 +80326,7 @@ index 51bd5a0..c37f5e6 100644 |
5378 |
+ |
5379 |
+config PAX_KERNEXEC |
5380 |
+ bool "Enforce non-executable kernel pages" |
5381 |
++ default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) |
5382 |
+ depends on (PPC || X86) && (!X86_32 || X86_WP_WORKS_OK) && !XEN |
5383 |
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) |
5384 |
+ select PAX_KERNEXEC_PLUGIN if X86_64 |
5385 |
@@ -80100,7 +80368,8 @@ index 51bd5a0..c37f5e6 100644 |
5386 |
+ |
5387 |
+config PAX_KERNEXEC_MODULE_TEXT |
5388 |
+ int "Minimum amount of memory reserved for module code" |
5389 |
-+ default "4" |
5390 |
++ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) |
5391 |
++ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) |
5392 |
+ depends on PAX_KERNEXEC && X86_32 && MODULES |
5393 |
+ help |
5394 |
+ Due to implementation details the kernel must reserve a fixed |
5395 |
@@ -80125,6 +80394,7 @@ index 51bd5a0..c37f5e6 100644 |
5396 |
+ |
5397 |
+config PAX_ASLR |
5398 |
+ bool "Address Space Layout Randomization" |
5399 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5400 |
+ help |
5401 |
+ Many if not most exploit techniques rely on the knowledge of |
5402 |
+ certain addresses in the attacked program. The following options |
5403 |
@@ -80154,6 +80424,7 @@ index 51bd5a0..c37f5e6 100644 |
5404 |
+ |
5405 |
+config PAX_RANDKSTACK |
5406 |
+ bool "Randomize kernel stack base" |
5407 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5408 |
+ depends on X86_TSC && X86 |
5409 |
+ help |
5410 |
+ By saying Y here the kernel will randomize every task's kernel |
5411 |
@@ -80168,6 +80439,7 @@ index 51bd5a0..c37f5e6 100644 |
5412 |
+ |
5413 |
+config PAX_RANDUSTACK |
5414 |
+ bool "Randomize user stack base" |
5415 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5416 |
+ depends on PAX_ASLR |
5417 |
+ help |
5418 |
+ By saying Y here the kernel will randomize every task's userland |
5419 |
@@ -80180,6 +80452,7 @@ index 51bd5a0..c37f5e6 100644 |
5420 |
+ |
5421 |
+config PAX_RANDMMAP |
5422 |
+ bool "Randomize mmap() base" |
5423 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5424 |
+ depends on PAX_ASLR |
5425 |
+ help |
5426 |
+ By saying Y here the kernel will use a randomized base address for |
5427 |
@@ -80206,6 +80479,7 @@ index 51bd5a0..c37f5e6 100644 |
5428 |
+ |
5429 |
+config PAX_MEMORY_SANITIZE |
5430 |
+ bool "Sanitize all freed memory" |
5431 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) |
5432 |
+ depends on !HIBERNATION |
5433 |
+ help |
5434 |
+ By saying Y here the kernel will erase memory pages as soon as they |
5435 |
@@ -80228,6 +80502,7 @@ index 51bd5a0..c37f5e6 100644 |
5436 |
+ |
5437 |
+config PAX_MEMORY_STACKLEAK |
5438 |
+ bool "Sanitize kernel stack" |
5439 |
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) |
5440 |
+ depends on X86 |
5441 |
+ help |
5442 |
+ By saying Y here the kernel will erase the kernel stack before it |
5443 |
@@ -80252,6 +80527,7 @@ index 51bd5a0..c37f5e6 100644 |
5444 |
+ |
5445 |
+config PAX_MEMORY_UDEREF |
5446 |
+ bool "Prevent invalid userland pointer dereference" |
5447 |
++ default y if GRKERNSEC_CONFIG_AUTO && (X86_32 || (X86_64 && GRKERNSEC_CONFIG_PRIORITY_SECURITY)) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) |
5448 |
+ depends on X86 && !UML_X86 && !XEN |
5449 |
+ select PAX_PER_CPU_PGD if X86_64 |
5450 |
+ help |
5451 |
@@ -80271,6 +80547,7 @@ index 51bd5a0..c37f5e6 100644 |
5452 |
+ |
5453 |
+config PAX_REFCOUNT |
5454 |
+ bool "Prevent various kernel object reference counter overflows" |
5455 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5456 |
+ depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86) |
5457 |
+ help |
5458 |
+ By saying Y here the kernel will detect and prevent overflowing |
5459 |
@@ -80290,6 +80567,7 @@ index 51bd5a0..c37f5e6 100644 |
5460 |
+ |
5461 |
+config PAX_USERCOPY |
5462 |
+ bool "Harden heap object copies between kernel and userland" |
5463 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5464 |
+ depends on X86 || PPC || SPARC || ARM |
5465 |
+ depends on GRKERNSEC && (SLAB || SLUB || SLOB) |
5466 |
+ help |
5467 |
@@ -80319,6 +80597,7 @@ index 51bd5a0..c37f5e6 100644 |
5468 |
+ |
5469 |
+config PAX_SIZE_OVERFLOW |
5470 |
+ bool "Prevent various integer overflows in function size parameters" |
5471 |
++ default y if GRKERNSEC_CONFIG_AUTO |
5472 |
+ depends on X86 |
5473 |
+ help |
5474 |
+ By saying Y here the kernel recomputes expressions of function |
5475 |
@@ -80335,10 +80614,16 @@ index 51bd5a0..c37f5e6 100644 |
5476 |
+ |
5477 |
+endmenu |
5478 |
+ |
5479 |
++source grsecurity/Kconfig |
5480 |
++ |
5481 |
++endmenu |
5482 |
++ |
5483 |
++endmenu |
5484 |
++ |
5485 |
config KEYS |
5486 |
bool "Enable access key retention support" |
5487 |
help |
5488 |
-@@ -169,7 +803,7 @@ config INTEL_TXT |
5489 |
+@@ -169,7 +1023,7 @@ config INTEL_TXT |
5490 |
config LSM_MMAP_MIN_ADDR |
5491 |
int "Low address space for LSM to protect from user allocation" |
5492 |
depends on SECURITY && SECURITY_SELINUX |
5493 |
|
5494 |
diff --git a/3.2.21/4430_grsec-remove-localversion-grsec.patch b/3.2.22/4430_grsec-remove-localversion-grsec.patch |
5495 |
similarity index 100% |
5496 |
rename from 3.2.21/4430_grsec-remove-localversion-grsec.patch |
5497 |
rename to 3.2.22/4430_grsec-remove-localversion-grsec.patch |
5498 |
|
5499 |
diff --git a/3.2.21/4435_grsec-mute-warnings.patch b/3.2.22/4435_grsec-mute-warnings.patch |
5500 |
similarity index 100% |
5501 |
rename from 3.2.21/4435_grsec-mute-warnings.patch |
5502 |
rename to 3.2.22/4435_grsec-mute-warnings.patch |
5503 |
|
5504 |
diff --git a/3.2.21/4440_grsec-remove-protected-paths.patch b/3.2.22/4440_grsec-remove-protected-paths.patch |
5505 |
similarity index 100% |
5506 |
rename from 3.2.21/4440_grsec-remove-protected-paths.patch |
5507 |
rename to 3.2.22/4440_grsec-remove-protected-paths.patch |
5508 |
|
5509 |
diff --git a/3.2.21/4445_grsec-pax-without-grsec.patch b/3.2.22/4445_grsec-pax-without-grsec.patch |
5510 |
similarity index 100% |
5511 |
rename from 3.2.21/4445_grsec-pax-without-grsec.patch |
5512 |
rename to 3.2.22/4445_grsec-pax-without-grsec.patch |
5513 |
|
5514 |
diff --git a/3.2.21/4450_grsec-kconfig-default-gids.patch b/3.2.22/4450_grsec-kconfig-default-gids.patch |
5515 |
similarity index 100% |
5516 |
rename from 3.2.21/4450_grsec-kconfig-default-gids.patch |
5517 |
rename to 3.2.22/4450_grsec-kconfig-default-gids.patch |
5518 |
|
5519 |
diff --git a/3.2.21/4455_grsec-kconfig-gentoo.patch b/3.2.22/4455_grsec-kconfig-gentoo.patch |
5520 |
similarity index 100% |
5521 |
rename from 3.2.21/4455_grsec-kconfig-gentoo.patch |
5522 |
rename to 3.2.22/4455_grsec-kconfig-gentoo.patch |
5523 |
|
5524 |
diff --git a/3.2.21/4460-grsec-kconfig-proc-user.patch b/3.2.22/4460-grsec-kconfig-proc-user.patch |
5525 |
similarity index 100% |
5526 |
rename from 3.2.21/4460-grsec-kconfig-proc-user.patch |
5527 |
rename to 3.2.22/4460-grsec-kconfig-proc-user.patch |
5528 |
|
5529 |
diff --git a/3.2.21/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.22/4465_selinux-avc_audit-log-curr_ip.patch |
5530 |
similarity index 100% |
5531 |
rename from 3.2.21/4465_selinux-avc_audit-log-curr_ip.patch |
5532 |
rename to 3.2.22/4465_selinux-avc_audit-log-curr_ip.patch |
5533 |
|
5534 |
diff --git a/3.2.21/4470_disable-compat_vdso.patch b/3.2.22/4470_disable-compat_vdso.patch |
5535 |
similarity index 100% |
5536 |
rename from 3.2.21/4470_disable-compat_vdso.patch |
5537 |
rename to 3.2.22/4470_disable-compat_vdso.patch |
5538 |
|
5539 |
diff --git a/3.4.4/0000_README b/3.4.4/0000_README |
5540 |
index 0d09685..be72568 100644 |
5541 |
--- a/3.4.4/0000_README |
5542 |
+++ b/3.4.4/0000_README |
5543 |
@@ -2,7 +2,7 @@ README |
5544 |
----------------------------------------------------------------------------- |
5545 |
Individual Patch Descriptions: |
5546 |
----------------------------------------------------------------------------- |
5547 |
-Patch: 4420_grsecurity-2.9.1-3.4.4-201207021921.patch |
5548 |
+Patch: 4420_grsecurity-2.9.1-3.4.4-201207080925.patch |
5549 |
From: http://www.grsecurity.net |
5550 |
Desc: hardened-sources base patch from upstream grsecurity |
5551 |
|
5552 |
|
5553 |
diff --git a/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207021921.patch b/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207080925.patch |
5554 |
similarity index 99% |
5555 |
rename from 3.4.4/4420_grsecurity-2.9.1-3.4.4-201207021921.patch |
5556 |
rename to 3.4.4/4420_grsecurity-2.9.1-3.4.4-201207080925.patch |
5557 |
index 8901db2..1035f85 100644 |
5558 |
--- a/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207021921.patch |
5559 |
+++ b/3.4.4/4420_grsecurity-2.9.1-3.4.4-201207080925.patch |
5560 |
@@ -69694,10 +69694,19 @@ index d53adf9..03a24bf 100644 |
5561 |
set_fs(old_fs); |
5562 |
|
5563 |
diff --git a/mm/madvise.c b/mm/madvise.c |
5564 |
-index 1ccbba5..79e16f9 100644 |
5565 |
+index 1ccbba5..819f7d5 100644 |
5566 |
--- a/mm/madvise.c |
5567 |
+++ b/mm/madvise.c |
5568 |
-@@ -45,6 +45,10 @@ static long madvise_behavior(struct vm_area_struct * vma, |
5569 |
+@@ -13,6 +13,8 @@ |
5570 |
+ #include <linux/hugetlb.h> |
5571 |
+ #include <linux/sched.h> |
5572 |
+ #include <linux/ksm.h> |
5573 |
++#include <linux/fs.h> |
5574 |
++#include <linux/file.h> |
5575 |
+ |
5576 |
+ /* |
5577 |
+ * Any behaviour which results in changes to the vma->vm_flags needs to |
5578 |
+@@ -45,6 +47,10 @@ static long madvise_behavior(struct vm_area_struct * vma, |
5579 |
pgoff_t pgoff; |
5580 |
unsigned long new_flags = vma->vm_flags; |
5581 |
|
5582 |
@@ -69708,7 +69717,7 @@ index 1ccbba5..79e16f9 100644 |
5583 |
switch (behavior) { |
5584 |
case MADV_NORMAL: |
5585 |
new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ; |
5586 |
-@@ -116,6 +120,13 @@ success: |
5587 |
+@@ -116,6 +122,13 @@ success: |
5588 |
/* |
5589 |
* vm_flags is protected by the mmap_sem held in write mode. |
5590 |
*/ |
5591 |
@@ -69722,7 +69731,7 @@ index 1ccbba5..79e16f9 100644 |
5592 |
vma->vm_flags = new_flags; |
5593 |
|
5594 |
out: |
5595 |
-@@ -174,6 +185,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5596 |
+@@ -174,6 +187,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5597 |
struct vm_area_struct ** prev, |
5598 |
unsigned long start, unsigned long end) |
5599 |
{ |
5600 |
@@ -69734,7 +69743,7 @@ index 1ccbba5..79e16f9 100644 |
5601 |
*prev = vma; |
5602 |
if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP)) |
5603 |
return -EINVAL; |
5604 |
-@@ -186,6 +202,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5605 |
+@@ -186,6 +204,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, |
5606 |
zap_page_range(vma, start, end - start, &details); |
5607 |
} else |
5608 |
zap_page_range(vma, start, end - start, NULL); |
5609 |
@@ -69756,7 +69765,47 @@ index 1ccbba5..79e16f9 100644 |
5610 |
return 0; |
5611 |
} |
5612 |
|
5613 |
-@@ -384,6 +415,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) |
5614 |
+@@ -203,16 +236,17 @@ static long madvise_remove(struct vm_area_struct *vma, |
5615 |
+ struct address_space *mapping; |
5616 |
+ loff_t offset, endoff; |
5617 |
+ int error; |
5618 |
++ struct file *f; |
5619 |
+ |
5620 |
+ *prev = NULL; /* tell sys_madvise we drop mmap_sem */ |
5621 |
+ |
5622 |
+ if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB)) |
5623 |
+ return -EINVAL; |
5624 |
+ |
5625 |
+- if (!vma->vm_file || !vma->vm_file->f_mapping |
5626 |
+- || !vma->vm_file->f_mapping->host) { |
5627 |
+- return -EINVAL; |
5628 |
+- } |
5629 |
++ f = vma->vm_file; |
5630 |
++ |
5631 |
++ if (!f || !f->f_mapping || !f->f_mapping->host) |
5632 |
++ return -EINVAL; |
5633 |
+ |
5634 |
+ if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE)) |
5635 |
+ return -EACCES; |
5636 |
+@@ -224,10 +258,16 @@ static long madvise_remove(struct vm_area_struct *vma, |
5637 |
+ endoff = (loff_t)(end - vma->vm_start - 1) |
5638 |
+ + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); |
5639 |
+ |
5640 |
+- /* vmtruncate_range needs to take i_mutex */ |
5641 |
++ /* vmtruncate_range needs to take i_mutex. We need to |
5642 |
++ * explicitly grab a reference because the vma (and hence the |
5643 |
++ * vma's reference to the file) can go away as soon as we drop |
5644 |
++ * mmap_sem. |
5645 |
++ */ |
5646 |
++ get_file(f); |
5647 |
+ up_read(¤t->mm->mmap_sem); |
5648 |
+ error = vmtruncate_range(mapping->host, offset, endoff); |
5649 |
+ down_read(¤t->mm->mmap_sem); |
5650 |
++ fput(f); |
5651 |
+ return error; |
5652 |
+ } |
5653 |
+ |
5654 |
+@@ -384,6 +424,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) |
5655 |
if (end < start) |
5656 |
goto out; |
5657 |
|
5658 |
@@ -77707,7 +77756,7 @@ index 5c11312..72742b5 100644 |
5659 |
write_hex_cnt = 0; |
5660 |
for (i = 0; i < logo_clutsize; i++) { |
5661 |
diff --git a/security/Kconfig b/security/Kconfig |
5662 |
-index ccc61f8..d0e12f0 100644 |
5663 |
+index ccc61f8..bac65f2 100644 |
5664 |
--- a/security/Kconfig |
5665 |
+++ b/security/Kconfig |
5666 |
@@ -4,6 +4,860 @@ |
5667 |
@@ -77716,6 +77765,25 @@ index ccc61f8..d0e12f0 100644 |
5668 |
|
5669 |
+menu "Grsecurity" |
5670 |
+ |
5671 |
++ config ARCH_TRACK_EXEC_LIMIT |
5672 |
++ bool |
5673 |
++ |
5674 |
++ config PAX_KERNEXEC_PLUGIN |
5675 |
++ bool |
5676 |
++ |
5677 |
++ config PAX_PER_CPU_PGD |
5678 |
++ bool |
5679 |
++ |
5680 |
++ config TASK_SIZE_MAX_SHIFT |
5681 |
++ int |
5682 |
++ depends on X86_64 |
5683 |
++ default 47 if !PAX_PER_CPU_PGD |
5684 |
++ default 42 if PAX_PER_CPU_PGD |
5685 |
++ |
5686 |
++ config PAX_ENABLE_PAE |
5687 |
++ bool |
5688 |
++ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM)) |
5689 |
++ |
5690 |
+config GRKERNSEC |
5691 |
+ bool "Grsecurity" |
5692 |
+ select CRYPTO |
5693 |
@@ -77912,25 +77980,6 @@ index ccc61f8..d0e12f0 100644 |
5694 |
+ |
5695 |
+menu "PaX" |
5696 |
+ |
5697 |
-+ config ARCH_TRACK_EXEC_LIMIT |
5698 |
-+ bool |
5699 |
-+ |
5700 |
-+ config PAX_KERNEXEC_PLUGIN |
5701 |
-+ bool |
5702 |
-+ |
5703 |
-+ config PAX_PER_CPU_PGD |
5704 |
-+ bool |
5705 |
-+ |
5706 |
-+ config TASK_SIZE_MAX_SHIFT |
5707 |
-+ int |
5708 |
-+ depends on X86_64 |
5709 |
-+ default 47 if !PAX_PER_CPU_PGD |
5710 |
-+ default 42 if PAX_PER_CPU_PGD |
5711 |
-+ |
5712 |
-+ config PAX_ENABLE_PAE |
5713 |
-+ bool |
5714 |
-+ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM)) |
5715 |
-+ |
5716 |
+config PAX |
5717 |
+ bool "Enable various PaX features" |
5718 |
+ default y if GRKERNSEC_CONFIG_AUTO |
5719 |
|
5720 |
diff --git a/scripts/just_fetch.pl b/scripts/just_fetch.pl |
5721 |
index 80e95ef..370be36 100755 |
5722 |
--- a/scripts/just_fetch.pl |
5723 |
+++ b/scripts/just_fetch.pl |
5724 |
@@ -6,8 +6,8 @@ use HTML::LinkExtor ; |
5725 |
|
5726 |
my @upstream_url = |
5727 |
( |
5728 |
- "http://grsecurity.net/test.php", |
5729 |
- "http://grsecurity.net/download_stable.php" |
5730 |
+ "http://grsecurity.net/download_stable.php", |
5731 |
+ "http://grsecurity.net/test.php" |
5732 |
) ; |
5733 |
|
5734 |
my $file_pattern = "grsecurity-"; |