Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.10/, 3.2.60/, 3.15.3/
Date: Sun, 06 Jul 2014 12:16:32
Message-Id: 1404649022.3be5987c05bea751b6fc0b1717df9d15bb77ddc3.blueness@gentoo
1 commit: 3be5987c05bea751b6fc0b1717df9d15bb77ddc3
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 6 12:17:02 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 6 12:17:02 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=3be5987c
7
8 Grsec/PaX: 3.0-{3.2.60,3.14.10,3.15.3}-201407052032
9
10 ---
11 3.14.10/0000_README | 2 +-
12 ...4420_grsecurity-3.0-3.14.10-201407052031.patch} | 70 +++++++++++++++++++++-
13 ... 4420_grsecurity-3.0-3.15.3-201407052032.patch} | 70 +++++++++++++++++++++-
14 3.2.60/0000_README | 2 +-
15 ... 4420_grsecurity-3.0-3.2.60-201407052028.patch} | 37 +++++++++++-
16 5 files changed, 175 insertions(+), 6 deletions(-)
17
18 diff --git a/3.14.10/0000_README b/3.14.10/0000_README
19 index f6fde5b..7edf2bb 100644
20 --- a/3.14.10/0000_README
21 +++ b/3.14.10/0000_README
22 @@ -2,7 +2,7 @@ README
23 -----------------------------------------------------------------------------
24 Individual Patch Descriptions:
25 -----------------------------------------------------------------------------
26 -Patch: 4420_grsecurity-3.0-3.14.10-201407012152.patch
27 +Patch: 4420_grsecurity-3.0-3.14.10-201407052031.patch
28 From: http://www.grsecurity.net
29 Desc: hardened-sources base patch from upstream grsecurity
30
31
32 diff --git a/3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch b/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
33 similarity index 99%
34 rename from 3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch
35 rename to 3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
36 index ba8d0dd..5cd674b 100644
37 --- a/3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch
38 +++ b/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
39 @@ -18734,7 +18734,7 @@ index fdedd38..95c02c2 100644
40 void df_debug(struct pt_regs *regs, long error_code);
41 #endif /* _ASM_X86_PROCESSOR_H */
42 diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
43 -index 14fd6fd..6740420 100644
44 +index 14fd6fd..b31a4a4 100644
45 --- a/arch/x86/include/asm/ptrace.h
46 +++ b/arch/x86/include/asm/ptrace.h
47 @@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
48 @@ -18807,6 +18807,29 @@ index 14fd6fd..6740420 100644
49 #endif
50 return *(unsigned long *)((unsigned long)regs + offset);
51 }
52 +@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs,
53 +
54 + #define ARCH_HAS_USER_SINGLE_STEP_INFO
55 +
56 ++/*
57 ++ * When hitting ptrace_stop(), we cannot return using SYSRET because
58 ++ * that does not restore the full CPU state, only a minimal set. The
59 ++ * ptracer can change arbitrary register values, which is usually okay
60 ++ * because the usual ptrace stops run off the signal delivery path which
61 ++ * forces IRET; however, ptrace_event() stops happen in arbitrary places
62 ++ * in the kernel and don't force IRET path.
63 ++ *
64 ++ * So force IRET path after a ptrace stop.
65 ++ */
66 ++#define arch_ptrace_stop_needed(code, info) \
67 ++({ \
68 ++ set_thread_flag(TIF_NOTIFY_RESUME); \
69 ++ false; \
70 ++})
71 ++
72 + struct user_desc;
73 + extern int do_get_thread_area(struct task_struct *p, int idx,
74 + struct user_desc __user *info);
75 diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
76 index 9c6b890..5305f53 100644
77 --- a/arch/x86/include/asm/realmode.h
78 @@ -82077,6 +82100,20 @@ index 34a1e10..70f6bde 100644
79
80 struct proc_ns {
81 void *ns;
82 +diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
83 +index 077904c..cc79eff 100644
84 +--- a/include/linux/ptrace.h
85 ++++ b/include/linux/ptrace.h
86 +@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk,
87 + * calling arch_ptrace_stop() when it would be superfluous. For example,
88 + * if the thread has not been back to user mode since the last stop, the
89 + * thread state might indicate that nothing needs to be done.
90 ++ *
91 ++ * This is guaranteed to be invoked once before a task stops for ptrace and
92 ++ * may include arch-specific operations necessary prior to a ptrace stop.
93 + */
94 + #define arch_ptrace_stop_needed(code, info) (0)
95 + #endif
96 diff --git a/include/linux/quota.h b/include/linux/quota.h
97 index cc7494a..1e27036 100644
98 --- a/include/linux/quota.h
99 @@ -92405,6 +92442,37 @@ index c24c2f7..f0296f4 100644
100 + pax_close_kernel();
101 +}
102 +EXPORT_SYMBOL(pax_list_del_rcu);
103 +diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
104 +index b74da44..7a85967 100644
105 +--- a/lib/lz4/lz4_decompress.c
106 ++++ b/lib/lz4/lz4_decompress.c
107 +@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
108 + int s = 255;
109 + while ((ip < iend) && (s == 255)) {
110 + s = *ip++;
111 ++ if (unlikely(length > (size_t)(length + s)))
112 ++ goto _output_error;
113 + length += s;
114 + }
115 + }
116 +@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
117 + if (length == ML_MASK) {
118 + while (ip < iend) {
119 + int s = *ip++;
120 ++ if (unlikely(length > (size_t)(length + s)))
121 ++ goto _output_error;
122 + length += s;
123 + if (s == 255)
124 + continue;
125 +@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
126 +
127 + /* write overflow error detected */
128 + _output_error:
129 +- return (int) (-(((char *) ip) - source));
130 ++ return -1;
131 + }
132 +
133 + int lz4_decompress(const unsigned char *src, size_t *src_len,
134 diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
135 index 963b703..438bc51 100644
136 --- a/lib/percpu-refcount.c
137
138 diff --git a/3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch b/3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch
139 similarity index 99%
140 rename from 3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch
141 rename to 3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch
142 index 962e272..34bb183 100644
143 --- a/3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch
144 +++ b/3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch
145 @@ -18365,7 +18365,7 @@ index a4ea023..33aa874 100644
146 void df_debug(struct pt_regs *regs, long error_code);
147 #endif /* _ASM_X86_PROCESSOR_H */
148 diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
149 -index 14fd6fd..6740420 100644
150 +index 14fd6fd..b31a4a4 100644
151 --- a/arch/x86/include/asm/ptrace.h
152 +++ b/arch/x86/include/asm/ptrace.h
153 @@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
154 @@ -18438,6 +18438,29 @@ index 14fd6fd..6740420 100644
155 #endif
156 return *(unsigned long *)((unsigned long)regs + offset);
157 }
158 +@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs,
159 +
160 + #define ARCH_HAS_USER_SINGLE_STEP_INFO
161 +
162 ++/*
163 ++ * When hitting ptrace_stop(), we cannot return using SYSRET because
164 ++ * that does not restore the full CPU state, only a minimal set. The
165 ++ * ptracer can change arbitrary register values, which is usually okay
166 ++ * because the usual ptrace stops run off the signal delivery path which
167 ++ * forces IRET; however, ptrace_event() stops happen in arbitrary places
168 ++ * in the kernel and don't force IRET path.
169 ++ *
170 ++ * So force IRET path after a ptrace stop.
171 ++ */
172 ++#define arch_ptrace_stop_needed(code, info) \
173 ++({ \
174 ++ set_thread_flag(TIF_NOTIFY_RESUME); \
175 ++ false; \
176 ++})
177 ++
178 + struct user_desc;
179 + extern int do_get_thread_area(struct task_struct *p, int idx,
180 + struct user_desc __user *info);
181 diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
182 index 9c6b890..5305f53 100644
183 --- a/arch/x86/include/asm/realmode.h
184 @@ -81526,6 +81549,20 @@ index 34a1e10..70f6bde 100644
185
186 struct proc_ns {
187 void *ns;
188 +diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
189 +index 077904c..cc79eff 100644
190 +--- a/include/linux/ptrace.h
191 ++++ b/include/linux/ptrace.h
192 +@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk,
193 + * calling arch_ptrace_stop() when it would be superfluous. For example,
194 + * if the thread has not been back to user mode since the last stop, the
195 + * thread state might indicate that nothing needs to be done.
196 ++ *
197 ++ * This is guaranteed to be invoked once before a task stops for ptrace and
198 ++ * may include arch-specific operations necessary prior to a ptrace stop.
199 + */
200 + #define arch_ptrace_stop_needed(code, info) (0)
201 + #endif
202 diff --git a/include/linux/quota.h b/include/linux/quota.h
203 index cc7494a..1e27036 100644
204 --- a/include/linux/quota.h
205 @@ -91912,6 +91949,37 @@ index c24c2f7..f0296f4 100644
206 + pax_close_kernel();
207 +}
208 +EXPORT_SYMBOL(pax_list_del_rcu);
209 +diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
210 +index b74da44..7a85967 100644
211 +--- a/lib/lz4/lz4_decompress.c
212 ++++ b/lib/lz4/lz4_decompress.c
213 +@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
214 + int s = 255;
215 + while ((ip < iend) && (s == 255)) {
216 + s = *ip++;
217 ++ if (unlikely(length > (size_t)(length + s)))
218 ++ goto _output_error;
219 + length += s;
220 + }
221 + }
222 +@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
223 + if (length == ML_MASK) {
224 + while (ip < iend) {
225 + int s = *ip++;
226 ++ if (unlikely(length > (size_t)(length + s)))
227 ++ goto _output_error;
228 + length += s;
229 + if (s == 255)
230 + continue;
231 +@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
232 +
233 + /* write overflow error detected */
234 + _output_error:
235 +- return (int) (-(((char *) ip) - source));
236 ++ return -1;
237 + }
238 +
239 + int lz4_decompress(const unsigned char *src, size_t *src_len,
240 diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
241 index 963b703..438bc51 100644
242 --- a/lib/percpu-refcount.c
243
244 diff --git a/3.2.60/0000_README b/3.2.60/0000_README
245 index 9604a91..ee22cb5 100644
246 --- a/3.2.60/0000_README
247 +++ b/3.2.60/0000_README
248 @@ -158,7 +158,7 @@ Patch: 1059_linux-3.2.60.patch
249 From: http://www.kernel.org
250 Desc: Linux 3.2.60
251
252 -Patch: 4420_grsecurity-3.0-3.2.60-201407012149.patch
253 +Patch: 4420_grsecurity-3.0-3.2.60-201407052028.patch
254 From: http://www.grsecurity.net
255 Desc: hardened-sources base patch from upstream grsecurity
256
257
258 diff --git a/3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch b/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
259 similarity index 99%
260 rename from 3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch
261 rename to 3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
262 index 2be45b2..2ddb90d 100644
263 --- a/3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch
264 +++ b/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
265 @@ -15196,7 +15196,7 @@ index 7b0a55a..ad115bf 100644
266
267 /* top of stack page */
268 diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
269 -index 3b96fd4..8790004 100644
270 +index 3b96fd4..d8c7f13 100644
271 --- a/arch/x86/include/asm/ptrace.h
272 +++ b/arch/x86/include/asm/ptrace.h
273 @@ -156,28 +156,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
274 @@ -15254,6 +15254,29 @@ index 3b96fd4..8790004 100644
275 #endif
276 }
277 #endif
278 +@@ -287,6 +289,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs,
279 +
280 + #define ARCH_HAS_USER_SINGLE_STEP_INFO
281 +
282 ++/*
283 ++ * When hitting ptrace_stop(), we cannot return using SYSRET because
284 ++ * that does not restore the full CPU state, only a minimal set. The
285 ++ * ptracer can change arbitrary register values, which is usually okay
286 ++ * because the usual ptrace stops run off the signal delivery path which
287 ++ * forces IRET; however, ptrace_event() stops happen in arbitrary places
288 ++ * in the kernel and don't force IRET path.
289 ++ *
290 ++ * So force IRET path after a ptrace stop.
291 ++ */
292 ++#define arch_ptrace_stop_needed(code, info) \
293 ++({ \
294 ++ set_thread_flag(TIF_NOTIFY_RESUME); \
295 ++ false; \
296 ++})
297 ++
298 + struct user_desc;
299 + extern int do_get_thread_area(struct task_struct *p, int idx,
300 + struct user_desc __user *info);
301 diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h
302 index 92f29706..d0a1a53 100644
303 --- a/arch/x86/include/asm/reboot.h
304 @@ -81186,7 +81209,7 @@ index 643b96c..c9bfc32 100644
305 static inline struct proc_inode *PROC_I(const struct inode *inode)
306 {
307 diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
308 -index 800f113..13b3715 100644
309 +index 800f113..635a20c 100644
310 --- a/include/linux/ptrace.h
311 +++ b/include/linux/ptrace.h
312 @@ -62,8 +62,9 @@
313 @@ -81247,6 +81270,16 @@ index 800f113..13b3715 100644
314 }
315 }
316
317 +@@ -371,6 +377,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk,
318 + * calling arch_ptrace_stop() when it would be superfluous. For example,
319 + * if the thread has not been back to user mode since the last stop, the
320 + * thread state might indicate that nothing needs to be done.
321 ++ *
322 ++ * This is guaranteed to be invoked once before a task stops for ptrace and
323 ++ * may include arch-specific operations necessary prior to a ptrace stop.
324 + */
325 + #define arch_ptrace_stop_needed(code, info) (0)
326 + #endif
327 diff --git a/include/linux/random.h b/include/linux/random.h
328 index f5e1311..d51eec7 100644
329 --- a/include/linux/random.h
Report Message
Find on MARC Find on Google Groups