1 |
commit: 3be5987c05bea751b6fc0b1717df9d15bb77ddc3 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jul 6 12:17:02 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jul 6 12:17:02 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=3be5987c |
7 |
|
8 |
Grsec/PaX: 3.0-{3.2.60,3.14.10,3.15.3}-201407052032 |
9 |
|
10 |
--- |
11 |
3.14.10/0000_README | 2 +- |
12 |
...4420_grsecurity-3.0-3.14.10-201407052031.patch} | 70 +++++++++++++++++++++- |
13 |
... 4420_grsecurity-3.0-3.15.3-201407052032.patch} | 70 +++++++++++++++++++++- |
14 |
3.2.60/0000_README | 2 +- |
15 |
... 4420_grsecurity-3.0-3.2.60-201407052028.patch} | 37 +++++++++++- |
16 |
5 files changed, 175 insertions(+), 6 deletions(-) |
17 |
|
18 |
diff --git a/3.14.10/0000_README b/3.14.10/0000_README |
19 |
index f6fde5b..7edf2bb 100644 |
20 |
--- a/3.14.10/0000_README |
21 |
+++ b/3.14.10/0000_README |
22 |
@@ -2,7 +2,7 @@ README |
23 |
----------------------------------------------------------------------------- |
24 |
Individual Patch Descriptions: |
25 |
----------------------------------------------------------------------------- |
26 |
-Patch: 4420_grsecurity-3.0-3.14.10-201407012152.patch |
27 |
+Patch: 4420_grsecurity-3.0-3.14.10-201407052031.patch |
28 |
From: http://www.grsecurity.net |
29 |
Desc: hardened-sources base patch from upstream grsecurity |
30 |
|
31 |
|
32 |
diff --git a/3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch b/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch |
33 |
similarity index 99% |
34 |
rename from 3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch |
35 |
rename to 3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch |
36 |
index ba8d0dd..5cd674b 100644 |
37 |
--- a/3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch |
38 |
+++ b/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch |
39 |
@@ -18734,7 +18734,7 @@ index fdedd38..95c02c2 100644 |
40 |
void df_debug(struct pt_regs *regs, long error_code); |
41 |
#endif /* _ASM_X86_PROCESSOR_H */ |
42 |
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h |
43 |
-index 14fd6fd..6740420 100644 |
44 |
+index 14fd6fd..b31a4a4 100644 |
45 |
--- a/arch/x86/include/asm/ptrace.h |
46 |
+++ b/arch/x86/include/asm/ptrace.h |
47 |
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) |
48 |
@@ -18807,6 +18807,29 @@ index 14fd6fd..6740420 100644 |
49 |
#endif |
50 |
return *(unsigned long *)((unsigned long)regs + offset); |
51 |
} |
52 |
+@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, |
53 |
+ |
54 |
+ #define ARCH_HAS_USER_SINGLE_STEP_INFO |
55 |
+ |
56 |
++/* |
57 |
++ * When hitting ptrace_stop(), we cannot return using SYSRET because |
58 |
++ * that does not restore the full CPU state, only a minimal set. The |
59 |
++ * ptracer can change arbitrary register values, which is usually okay |
60 |
++ * because the usual ptrace stops run off the signal delivery path which |
61 |
++ * forces IRET; however, ptrace_event() stops happen in arbitrary places |
62 |
++ * in the kernel and don't force IRET path. |
63 |
++ * |
64 |
++ * So force IRET path after a ptrace stop. |
65 |
++ */ |
66 |
++#define arch_ptrace_stop_needed(code, info) \ |
67 |
++({ \ |
68 |
++ set_thread_flag(TIF_NOTIFY_RESUME); \ |
69 |
++ false; \ |
70 |
++}) |
71 |
++ |
72 |
+ struct user_desc; |
73 |
+ extern int do_get_thread_area(struct task_struct *p, int idx, |
74 |
+ struct user_desc __user *info); |
75 |
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h |
76 |
index 9c6b890..5305f53 100644 |
77 |
--- a/arch/x86/include/asm/realmode.h |
78 |
@@ -82077,6 +82100,20 @@ index 34a1e10..70f6bde 100644 |
79 |
|
80 |
struct proc_ns { |
81 |
void *ns; |
82 |
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h |
83 |
+index 077904c..cc79eff 100644 |
84 |
+--- a/include/linux/ptrace.h |
85 |
++++ b/include/linux/ptrace.h |
86 |
+@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk, |
87 |
+ * calling arch_ptrace_stop() when it would be superfluous. For example, |
88 |
+ * if the thread has not been back to user mode since the last stop, the |
89 |
+ * thread state might indicate that nothing needs to be done. |
90 |
++ * |
91 |
++ * This is guaranteed to be invoked once before a task stops for ptrace and |
92 |
++ * may include arch-specific operations necessary prior to a ptrace stop. |
93 |
+ */ |
94 |
+ #define arch_ptrace_stop_needed(code, info) (0) |
95 |
+ #endif |
96 |
diff --git a/include/linux/quota.h b/include/linux/quota.h |
97 |
index cc7494a..1e27036 100644 |
98 |
--- a/include/linux/quota.h |
99 |
@@ -92405,6 +92442,37 @@ index c24c2f7..f0296f4 100644 |
100 |
+ pax_close_kernel(); |
101 |
+} |
102 |
+EXPORT_SYMBOL(pax_list_del_rcu); |
103 |
+diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c |
104 |
+index b74da44..7a85967 100644 |
105 |
+--- a/lib/lz4/lz4_decompress.c |
106 |
++++ b/lib/lz4/lz4_decompress.c |
107 |
+@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, |
108 |
+ int s = 255; |
109 |
+ while ((ip < iend) && (s == 255)) { |
110 |
+ s = *ip++; |
111 |
++ if (unlikely(length > (size_t)(length + s))) |
112 |
++ goto _output_error; |
113 |
+ length += s; |
114 |
+ } |
115 |
+ } |
116 |
+@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, |
117 |
+ if (length == ML_MASK) { |
118 |
+ while (ip < iend) { |
119 |
+ int s = *ip++; |
120 |
++ if (unlikely(length > (size_t)(length + s))) |
121 |
++ goto _output_error; |
122 |
+ length += s; |
123 |
+ if (s == 255) |
124 |
+ continue; |
125 |
+@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, |
126 |
+ |
127 |
+ /* write overflow error detected */ |
128 |
+ _output_error: |
129 |
+- return (int) (-(((char *) ip) - source)); |
130 |
++ return -1; |
131 |
+ } |
132 |
+ |
133 |
+ int lz4_decompress(const unsigned char *src, size_t *src_len, |
134 |
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c |
135 |
index 963b703..438bc51 100644 |
136 |
--- a/lib/percpu-refcount.c |
137 |
|
138 |
diff --git a/3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch b/3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch |
139 |
similarity index 99% |
140 |
rename from 3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch |
141 |
rename to 3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch |
142 |
index 962e272..34bb183 100644 |
143 |
--- a/3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch |
144 |
+++ b/3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch |
145 |
@@ -18365,7 +18365,7 @@ index a4ea023..33aa874 100644 |
146 |
void df_debug(struct pt_regs *regs, long error_code); |
147 |
#endif /* _ASM_X86_PROCESSOR_H */ |
148 |
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h |
149 |
-index 14fd6fd..6740420 100644 |
150 |
+index 14fd6fd..b31a4a4 100644 |
151 |
--- a/arch/x86/include/asm/ptrace.h |
152 |
+++ b/arch/x86/include/asm/ptrace.h |
153 |
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) |
154 |
@@ -18438,6 +18438,29 @@ index 14fd6fd..6740420 100644 |
155 |
#endif |
156 |
return *(unsigned long *)((unsigned long)regs + offset); |
157 |
} |
158 |
+@@ -231,6 +235,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, |
159 |
+ |
160 |
+ #define ARCH_HAS_USER_SINGLE_STEP_INFO |
161 |
+ |
162 |
++/* |
163 |
++ * When hitting ptrace_stop(), we cannot return using SYSRET because |
164 |
++ * that does not restore the full CPU state, only a minimal set. The |
165 |
++ * ptracer can change arbitrary register values, which is usually okay |
166 |
++ * because the usual ptrace stops run off the signal delivery path which |
167 |
++ * forces IRET; however, ptrace_event() stops happen in arbitrary places |
168 |
++ * in the kernel and don't force IRET path. |
169 |
++ * |
170 |
++ * So force IRET path after a ptrace stop. |
171 |
++ */ |
172 |
++#define arch_ptrace_stop_needed(code, info) \ |
173 |
++({ \ |
174 |
++ set_thread_flag(TIF_NOTIFY_RESUME); \ |
175 |
++ false; \ |
176 |
++}) |
177 |
++ |
178 |
+ struct user_desc; |
179 |
+ extern int do_get_thread_area(struct task_struct *p, int idx, |
180 |
+ struct user_desc __user *info); |
181 |
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h |
182 |
index 9c6b890..5305f53 100644 |
183 |
--- a/arch/x86/include/asm/realmode.h |
184 |
@@ -81526,6 +81549,20 @@ index 34a1e10..70f6bde 100644 |
185 |
|
186 |
struct proc_ns { |
187 |
void *ns; |
188 |
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h |
189 |
+index 077904c..cc79eff 100644 |
190 |
+--- a/include/linux/ptrace.h |
191 |
++++ b/include/linux/ptrace.h |
192 |
+@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk, |
193 |
+ * calling arch_ptrace_stop() when it would be superfluous. For example, |
194 |
+ * if the thread has not been back to user mode since the last stop, the |
195 |
+ * thread state might indicate that nothing needs to be done. |
196 |
++ * |
197 |
++ * This is guaranteed to be invoked once before a task stops for ptrace and |
198 |
++ * may include arch-specific operations necessary prior to a ptrace stop. |
199 |
+ */ |
200 |
+ #define arch_ptrace_stop_needed(code, info) (0) |
201 |
+ #endif |
202 |
diff --git a/include/linux/quota.h b/include/linux/quota.h |
203 |
index cc7494a..1e27036 100644 |
204 |
--- a/include/linux/quota.h |
205 |
@@ -91912,6 +91949,37 @@ index c24c2f7..f0296f4 100644 |
206 |
+ pax_close_kernel(); |
207 |
+} |
208 |
+EXPORT_SYMBOL(pax_list_del_rcu); |
209 |
+diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c |
210 |
+index b74da44..7a85967 100644 |
211 |
+--- a/lib/lz4/lz4_decompress.c |
212 |
++++ b/lib/lz4/lz4_decompress.c |
213 |
+@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, |
214 |
+ int s = 255; |
215 |
+ while ((ip < iend) && (s == 255)) { |
216 |
+ s = *ip++; |
217 |
++ if (unlikely(length > (size_t)(length + s))) |
218 |
++ goto _output_error; |
219 |
+ length += s; |
220 |
+ } |
221 |
+ } |
222 |
+@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, |
223 |
+ if (length == ML_MASK) { |
224 |
+ while (ip < iend) { |
225 |
+ int s = *ip++; |
226 |
++ if (unlikely(length > (size_t)(length + s))) |
227 |
++ goto _output_error; |
228 |
+ length += s; |
229 |
+ if (s == 255) |
230 |
+ continue; |
231 |
+@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, |
232 |
+ |
233 |
+ /* write overflow error detected */ |
234 |
+ _output_error: |
235 |
+- return (int) (-(((char *) ip) - source)); |
236 |
++ return -1; |
237 |
+ } |
238 |
+ |
239 |
+ int lz4_decompress(const unsigned char *src, size_t *src_len, |
240 |
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c |
241 |
index 963b703..438bc51 100644 |
242 |
--- a/lib/percpu-refcount.c |
243 |
|
244 |
diff --git a/3.2.60/0000_README b/3.2.60/0000_README |
245 |
index 9604a91..ee22cb5 100644 |
246 |
--- a/3.2.60/0000_README |
247 |
+++ b/3.2.60/0000_README |
248 |
@@ -158,7 +158,7 @@ Patch: 1059_linux-3.2.60.patch |
249 |
From: http://www.kernel.org |
250 |
Desc: Linux 3.2.60 |
251 |
|
252 |
-Patch: 4420_grsecurity-3.0-3.2.60-201407012149.patch |
253 |
+Patch: 4420_grsecurity-3.0-3.2.60-201407052028.patch |
254 |
From: http://www.grsecurity.net |
255 |
Desc: hardened-sources base patch from upstream grsecurity |
256 |
|
257 |
|
258 |
diff --git a/3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch b/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch |
259 |
similarity index 99% |
260 |
rename from 3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch |
261 |
rename to 3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch |
262 |
index 2be45b2..2ddb90d 100644 |
263 |
--- a/3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch |
264 |
+++ b/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch |
265 |
@@ -15196,7 +15196,7 @@ index 7b0a55a..ad115bf 100644 |
266 |
|
267 |
/* top of stack page */ |
268 |
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h |
269 |
-index 3b96fd4..8790004 100644 |
270 |
+index 3b96fd4..d8c7f13 100644 |
271 |
--- a/arch/x86/include/asm/ptrace.h |
272 |
+++ b/arch/x86/include/asm/ptrace.h |
273 |
@@ -156,28 +156,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) |
274 |
@@ -15254,6 +15254,29 @@ index 3b96fd4..8790004 100644 |
275 |
#endif |
276 |
} |
277 |
#endif |
278 |
+@@ -287,6 +289,22 @@ static inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, |
279 |
+ |
280 |
+ #define ARCH_HAS_USER_SINGLE_STEP_INFO |
281 |
+ |
282 |
++/* |
283 |
++ * When hitting ptrace_stop(), we cannot return using SYSRET because |
284 |
++ * that does not restore the full CPU state, only a minimal set. The |
285 |
++ * ptracer can change arbitrary register values, which is usually okay |
286 |
++ * because the usual ptrace stops run off the signal delivery path which |
287 |
++ * forces IRET; however, ptrace_event() stops happen in arbitrary places |
288 |
++ * in the kernel and don't force IRET path. |
289 |
++ * |
290 |
++ * So force IRET path after a ptrace stop. |
291 |
++ */ |
292 |
++#define arch_ptrace_stop_needed(code, info) \ |
293 |
++({ \ |
294 |
++ set_thread_flag(TIF_NOTIFY_RESUME); \ |
295 |
++ false; \ |
296 |
++}) |
297 |
++ |
298 |
+ struct user_desc; |
299 |
+ extern int do_get_thread_area(struct task_struct *p, int idx, |
300 |
+ struct user_desc __user *info); |
301 |
diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h |
302 |
index 92f29706..d0a1a53 100644 |
303 |
--- a/arch/x86/include/asm/reboot.h |
304 |
@@ -81186,7 +81209,7 @@ index 643b96c..c9bfc32 100644 |
305 |
static inline struct proc_inode *PROC_I(const struct inode *inode) |
306 |
{ |
307 |
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h |
308 |
-index 800f113..13b3715 100644 |
309 |
+index 800f113..635a20c 100644 |
310 |
--- a/include/linux/ptrace.h |
311 |
+++ b/include/linux/ptrace.h |
312 |
@@ -62,8 +62,9 @@ |
313 |
@@ -81247,6 +81270,16 @@ index 800f113..13b3715 100644 |
314 |
} |
315 |
} |
316 |
|
317 |
+@@ -371,6 +377,9 @@ static inline void user_single_step_siginfo(struct task_struct *tsk, |
318 |
+ * calling arch_ptrace_stop() when it would be superfluous. For example, |
319 |
+ * if the thread has not been back to user mode since the last stop, the |
320 |
+ * thread state might indicate that nothing needs to be done. |
321 |
++ * |
322 |
++ * This is guaranteed to be invoked once before a task stops for ptrace and |
323 |
++ * may include arch-specific operations necessary prior to a ptrace stop. |
324 |
+ */ |
325 |
+ #define arch_ptrace_stop_needed(code, info) (0) |
326 |
+ #endif |
327 |
diff --git a/include/linux/random.h b/include/linux/random.h |
328 |
index f5e1311..d51eec7 100644 |
329 |
--- a/include/linux/random.h |