1 |
commit: 64f3a8be94f41fda576330ff3523e035c3c0ebbd |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jun 27 20:59:02 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 27 20:59:02 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=64f3a8be |
7 |
|
8 |
Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-201506262047 |
9 |
|
10 |
3.14.45/0000_README | 2 +- |
11 |
...4420_grsecurity-3.1-3.14.45-201506262046.patch} | 222 +++++++++++++++------ |
12 |
3.14.45/4435_grsec-mute-warnings.patch | 9 +- |
13 |
3.2.69/0000_README | 2 +- |
14 |
... 4420_grsecurity-3.1-3.2.69-201506262041.patch} | 138 +++++++++++-- |
15 |
4.0.6/0000_README | 2 +- |
16 |
...> 4420_grsecurity-3.1-4.0.6-201506262047.patch} | 85 +++++++- |
17 |
7 files changed, 366 insertions(+), 94 deletions(-) |
18 |
|
19 |
diff --git a/3.14.45/0000_README b/3.14.45/0000_README |
20 |
index 53a1411..b4be2cb 100644 |
21 |
--- a/3.14.45/0000_README |
22 |
+++ b/3.14.45/0000_README |
23 |
@@ -2,7 +2,7 @@ README |
24 |
----------------------------------------------------------------------------- |
25 |
Individual Patch Descriptions: |
26 |
----------------------------------------------------------------------------- |
27 |
-Patch: 4420_grsecurity-3.1-3.14.45-201506232103.patch |
28 |
+Patch: 4420_grsecurity-3.1-3.14.45-201506262046.patch |
29 |
From: http://www.grsecurity.net |
30 |
Desc: hardened-sources base patch from upstream grsecurity |
31 |
|
32 |
|
33 |
diff --git a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch |
34 |
similarity index 99% |
35 |
rename from 3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch |
36 |
rename to 3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch |
37 |
index fe15fa1..47c91dd 100644 |
38 |
--- a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch |
39 |
+++ b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch |
40 |
@@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644 |
41 |
|
42 |
pcd. [PARIDE] |
43 |
diff --git a/Makefile b/Makefile |
44 |
-index c92186c..a387fb0 100644 |
45 |
+index c92186c..34822ca 100644 |
46 |
--- a/Makefile |
47 |
+++ b/Makefile |
48 |
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
49 |
@@ -304,7 +304,7 @@ index c92186c..a387fb0 100644 |
50 |
HOSTCXX = g++ |
51 |
-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu89 |
52 |
-HOSTCXXFLAGS = -O2 |
53 |
-+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 |
54 |
++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks |
55 |
+HOSTCFLAGS += $(call cc-option, -Wno-empty-body) |
56 |
+HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds |
57 |
|
58 |
@@ -3947,7 +3947,7 @@ index 4370933..e77848e 100644 |
59 |
atomic64_set(&mm->context.id, asid); |
60 |
} |
61 |
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c |
62 |
-index eb8830a..e8ff52e 100644 |
63 |
+index eb8830a..e39c4bd 100644 |
64 |
--- a/arch/arm/mm/fault.c |
65 |
+++ b/arch/arm/mm/fault.c |
66 |
@@ -25,6 +25,7 @@ |
67 |
@@ -3965,10 +3965,10 @@ index eb8830a..e8ff52e 100644 |
68 |
+#ifdef CONFIG_PAX_MEMORY_UDEREF |
69 |
+ if (addr < TASK_SIZE) { |
70 |
+ if (current->signal->curr_ip) |
71 |
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
72 |
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
73 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); |
74 |
+ else |
75 |
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), |
76 |
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), |
77 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); |
78 |
+ } |
79 |
+#endif |
80 |
@@ -3979,10 +3979,10 @@ index eb8830a..e8ff52e 100644 |
81 |
+ (MODULES_VADDR <= addr && addr < MODULES_END))) |
82 |
+ { |
83 |
+ if (current->signal->curr_ip) |
84 |
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
85 |
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
86 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
87 |
+ else |
88 |
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), |
89 |
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), |
90 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
91 |
+ } |
92 |
+#endif |
93 |
@@ -4045,10 +4045,10 @@ index eb8830a..e8ff52e 100644 |
94 |
+#ifdef CONFIG_PAX_MEMORY_UDEREF |
95 |
+ if (addr < TASK_SIZE && is_domain_fault(fsr)) { |
96 |
+ if (current->signal->curr_ip) |
97 |
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
98 |
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
99 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); |
100 |
+ else |
101 |
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), |
102 |
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), |
103 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); |
104 |
+ goto die; |
105 |
+ } |
106 |
@@ -4128,11 +4128,11 @@ index eb8830a..e8ff52e 100644 |
107 |
+#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
108 |
+ else if (is_domain_fault(ifsr) || is_xn_fault(ifsr)) { |
109 |
+ if (current->signal->curr_ip) |
110 |
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
111 |
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
112 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), |
113 |
+ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); |
114 |
+ else |
115 |
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), |
116 |
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), |
117 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), |
118 |
+ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); |
119 |
+ goto die; |
120 |
@@ -9450,10 +9450,23 @@ index dd14532..1dfc145 100644 |
121 |
- return (ret > base) ? ret : base; |
122 |
-} |
123 |
diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c |
124 |
-index 9b436c2..54fbf0a 100644 |
125 |
+index 9b436c2..5c64ae8 100644 |
126 |
--- a/arch/s390/mm/mmap.c |
127 |
+++ b/arch/s390/mm/mmap.c |
128 |
-@@ -95,9 +95,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
129 |
+@@ -58,6 +58,12 @@ static inline int mmap_is_legacy(void) |
130 |
+ |
131 |
+ static unsigned long mmap_rnd(void) |
132 |
+ { |
133 |
++ |
134 |
++#ifdef CONFIG_PAX_RANDMMAP |
135 |
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) |
136 |
++ return 0; |
137 |
++#endif |
138 |
++ |
139 |
+ if (!(current->flags & PF_RANDOMIZE)) |
140 |
+ return 0; |
141 |
+ /* 8MB randomization for mmap_base */ |
142 |
+@@ -95,9 +101,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
143 |
*/ |
144 |
if (mmap_is_legacy()) { |
145 |
mm->mmap_base = mmap_base_legacy(); |
146 |
@@ -9475,7 +9488,7 @@ index 9b436c2..54fbf0a 100644 |
147 |
mm->get_unmapped_area = arch_get_unmapped_area_topdown; |
148 |
} |
149 |
} |
150 |
-@@ -170,9 +182,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
151 |
+@@ -170,9 +188,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
152 |
*/ |
153 |
if (mmap_is_legacy()) { |
154 |
mm->mmap_base = mmap_base_legacy(); |
155 |
@@ -31970,7 +31983,7 @@ index 903ec1e..c4166b2 100644 |
156 |
} |
157 |
|
158 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
159 |
-index ebc551c..b8ee77e 100644 |
160 |
+index ebc551c..40d1269 100644 |
161 |
--- a/arch/x86/mm/fault.c |
162 |
+++ b/arch/x86/mm/fault.c |
163 |
@@ -14,11 +14,18 @@ |
164 |
@@ -32180,11 +32193,11 @@ index ebc551c..b8ee77e 100644 |
165 |
+#ifdef CONFIG_PAX_KERNEXEC |
166 |
+ if (init_mm.start_code <= address && address < init_mm.end_code) { |
167 |
+ if (current->signal->curr_ip) |
168 |
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", |
169 |
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", |
170 |
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
171 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
172 |
+ else |
173 |
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), |
174 |
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), |
175 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
176 |
+ } |
177 |
+#endif |
178 |
@@ -32350,13 +32363,13 @@ index ebc551c..b8ee77e 100644 |
179 |
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) |
180 |
+ if (!user_mode(regs) && address < 2 * pax_user_shadow_base) { |
181 |
+ if (!search_exception_tables(regs->ip)) { |
182 |
-+ printk(KERN_ERR "PAX: please report this to pageexec@××××××××.hu\n"); |
183 |
++ printk(KERN_EMERG "PAX: please report this to pageexec@××××××××.hu\n"); |
184 |
+ bad_area_nosemaphore(regs, error_code, address); |
185 |
+ return; |
186 |
+ } |
187 |
+ if (address < pax_user_shadow_base) { |
188 |
-+ printk(KERN_ERR "PAX: please report this to pageexec@××××××××.hu\n"); |
189 |
-+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); |
190 |
++ printk(KERN_EMERG "PAX: please report this to pageexec@××××××××.hu\n"); |
191 |
++ printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip); |
192 |
+ show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); |
193 |
+ } else |
194 |
+ address -= pax_user_shadow_base; |
195 |
@@ -52343,7 +52356,7 @@ index c21adc3..1b4155f 100644 |
196 |
ddb_entry->default_relogin_timeout = |
197 |
(def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? |
198 |
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c |
199 |
-index d8afec8..3ec7152 100644 |
200 |
+index d8afec8..fffafb8 100644 |
201 |
--- a/drivers/scsi/scsi.c |
202 |
+++ b/drivers/scsi/scsi.c |
203 |
@@ -658,7 +658,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) |
204 |
@@ -52355,6 +52368,15 @@ index d8afec8..3ec7152 100644 |
205 |
|
206 |
/* check if the device is still usable */ |
207 |
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { |
208 |
+@@ -804,7 +804,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd) |
209 |
+ |
210 |
+ good_bytes = scsi_bufflen(cmd); |
211 |
+ if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) { |
212 |
+- int old_good_bytes = good_bytes; |
213 |
++ unsigned int old_good_bytes = good_bytes; |
214 |
+ drv = scsi_cmd_to_driver(cmd); |
215 |
+ if (drv->done) |
216 |
+ good_bytes = drv->done(cmd); |
217 |
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c |
218 |
index 719bd82..c996ebc 100644 |
219 |
--- a/drivers/scsi/scsi_lib.c |
220 |
@@ -52509,9 +52531,27 @@ index e3e794e..f72f20c 100644 |
221 |
|
222 |
transport_setup_device(&rport->dev); |
223 |
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
224 |
-index a107064..a14c333 100644 |
225 |
+index a107064..30775cf 100644 |
226 |
--- a/drivers/scsi/sd.c |
227 |
+++ b/drivers/scsi/sd.c |
228 |
+@@ -109,7 +109,7 @@ static int sd_suspend_system(struct device *); |
229 |
+ static int sd_suspend_runtime(struct device *); |
230 |
+ static int sd_resume(struct device *); |
231 |
+ static void sd_rescan(struct device *); |
232 |
+-static int sd_done(struct scsi_cmnd *); |
233 |
++static unsigned int sd_done(struct scsi_cmnd *); |
234 |
+ static int sd_eh_action(struct scsi_cmnd *, int); |
235 |
+ static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer); |
236 |
+ static void scsi_disk_release(struct device *cdev); |
237 |
+@@ -1645,7 +1645,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd) |
238 |
+ * |
239 |
+ * Note: potentially run from within an ISR. Must not block. |
240 |
+ **/ |
241 |
+-static int sd_done(struct scsi_cmnd *SCpnt) |
242 |
++static unsigned int sd_done(struct scsi_cmnd *SCpnt) |
243 |
+ { |
244 |
+ int result = SCpnt->result; |
245 |
+ unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt); |
246 |
@@ -2958,7 +2958,7 @@ static int sd_probe(struct device *dev) |
247 |
sdkp->disk = gd; |
248 |
sdkp->index = index; |
249 |
@@ -52534,6 +52574,34 @@ index eb81c98..e6716ae 100644 |
250 |
case BLKTRACESTART: |
251 |
return blk_trace_startstop(sdp->device->request_queue, 1); |
252 |
case BLKTRACESTOP: |
253 |
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c |
254 |
+index 40d8592..8e89146 100644 |
255 |
+--- a/drivers/scsi/sr.c |
256 |
++++ b/drivers/scsi/sr.c |
257 |
+@@ -79,7 +79,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM); |
258 |
+ static DEFINE_MUTEX(sr_mutex); |
259 |
+ static int sr_probe(struct device *); |
260 |
+ static int sr_remove(struct device *); |
261 |
+-static int sr_done(struct scsi_cmnd *); |
262 |
++static unsigned int sr_done(struct scsi_cmnd *); |
263 |
+ static int sr_runtime_suspend(struct device *dev); |
264 |
+ |
265 |
+ static struct dev_pm_ops sr_pm_ops = { |
266 |
+@@ -310,11 +310,11 @@ do_tur: |
267 |
+ * It will be notified on the end of a SCSI read / write, and will take one |
268 |
+ * of several actions based on success or failure. |
269 |
+ */ |
270 |
+-static int sr_done(struct scsi_cmnd *SCpnt) |
271 |
++static unsigned int sr_done(struct scsi_cmnd *SCpnt) |
272 |
+ { |
273 |
+ int result = SCpnt->result; |
274 |
+- int this_count = scsi_bufflen(SCpnt); |
275 |
+- int good_bytes = (result == 0 ? this_count : 0); |
276 |
++ unsigned int this_count = scsi_bufflen(SCpnt); |
277 |
++ unsigned int good_bytes = (result == 0 ? this_count : 0); |
278 |
+ int block_sectors = 0; |
279 |
+ long error_sector; |
280 |
+ struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); |
281 |
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c |
282 |
index d6563ec..a1c5da2 100644 |
283 |
--- a/drivers/spi/spi.c |
284 |
@@ -65832,7 +65900,7 @@ index ca0ba15..0fa3257 100644 |
285 |
fd_offset + ex.a_text); |
286 |
if (error != N_DATADDR(ex)) { |
287 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
288 |
-index 35240a7..96dd7cf 100644 |
289 |
+index 35240a7..a5edf69 100644 |
290 |
--- a/fs/binfmt_elf.c |
291 |
+++ b/fs/binfmt_elf.c |
292 |
@@ -34,6 +34,7 @@ |
293 |
@@ -66466,10 +66534,12 @@ index 35240a7..96dd7cf 100644 |
294 |
if (elf_read_implies_exec(loc->elf_ex, executable_stack)) |
295 |
current->personality |= READ_IMPLIES_EXEC; |
296 |
|
297 |
-@@ -816,6 +1253,20 @@ static int load_elf_binary(struct linux_binprm *bprm) |
298 |
+@@ -816,8 +1253,21 @@ static int load_elf_binary(struct linux_binprm *bprm) |
299 |
#else |
300 |
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); |
301 |
#endif |
302 |
+- total_size = total_mapping_size(elf_phdata, |
303 |
+- loc->elf_ex.e_phnum); |
304 |
+ |
305 |
+#ifdef CONFIG_PAX_RANDMMAP |
306 |
+ /* PaX: randomize base address at the default exe base if requested */ |
307 |
@@ -66484,10 +66554,11 @@ index 35240a7..96dd7cf 100644 |
308 |
+ } |
309 |
+#endif |
310 |
+ |
311 |
- total_size = total_mapping_size(elf_phdata, |
312 |
- loc->elf_ex.e_phnum); |
313 |
++ total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum); |
314 |
if (!total_size) { |
315 |
-@@ -854,9 +1305,9 @@ static int load_elf_binary(struct linux_binprm *bprm) |
316 |
+ retval = -EINVAL; |
317 |
+ goto out_free_dentry; |
318 |
+@@ -854,9 +1304,9 @@ static int load_elf_binary(struct linux_binprm *bprm) |
319 |
* allowed task size. Note that p_filesz must always be |
320 |
* <= p_memsz so it is only necessary to check p_memsz. |
321 |
*/ |
322 |
@@ -66500,7 +66571,7 @@ index 35240a7..96dd7cf 100644 |
323 |
/* set_brk can never work. Avoid overflows. */ |
324 |
send_sig(SIGKILL, current, 0); |
325 |
retval = -EINVAL; |
326 |
-@@ -895,17 +1346,45 @@ static int load_elf_binary(struct linux_binprm *bprm) |
327 |
+@@ -895,17 +1345,45 @@ static int load_elf_binary(struct linux_binprm *bprm) |
328 |
goto out_free_dentry; |
329 |
} |
330 |
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { |
331 |
@@ -66552,7 +66623,7 @@ index 35240a7..96dd7cf 100644 |
332 |
load_bias); |
333 |
if (!IS_ERR((void *)elf_entry)) { |
334 |
/* |
335 |
-@@ -1127,7 +1606,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) |
336 |
+@@ -1127,7 +1605,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) |
337 |
* Decide what to dump of a segment, part, all or none. |
338 |
*/ |
339 |
static unsigned long vma_dump_size(struct vm_area_struct *vma, |
340 |
@@ -66561,7 +66632,7 @@ index 35240a7..96dd7cf 100644 |
341 |
{ |
342 |
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) |
343 |
|
344 |
-@@ -1165,7 +1644,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
345 |
+@@ -1165,7 +1643,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
346 |
if (vma->vm_file == NULL) |
347 |
return 0; |
348 |
|
349 |
@@ -66570,7 +66641,7 @@ index 35240a7..96dd7cf 100644 |
350 |
goto whole; |
351 |
|
352 |
/* |
353 |
-@@ -1372,9 +1851,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
354 |
+@@ -1372,9 +1850,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
355 |
{ |
356 |
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; |
357 |
int i = 0; |
358 |
@@ -66582,7 +66653,7 @@ index 35240a7..96dd7cf 100644 |
359 |
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); |
360 |
} |
361 |
|
362 |
-@@ -1383,7 +1862,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, |
363 |
+@@ -1383,7 +1861,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, |
364 |
{ |
365 |
mm_segment_t old_fs = get_fs(); |
366 |
set_fs(KERNEL_DS); |
367 |
@@ -66591,7 +66662,7 @@ index 35240a7..96dd7cf 100644 |
368 |
set_fs(old_fs); |
369 |
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); |
370 |
} |
371 |
-@@ -2007,14 +2486,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
372 |
+@@ -2007,14 +2485,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
373 |
} |
374 |
|
375 |
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, |
376 |
@@ -66608,7 +66679,7 @@ index 35240a7..96dd7cf 100644 |
377 |
return size; |
378 |
} |
379 |
|
380 |
-@@ -2105,7 +2584,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
381 |
+@@ -2105,7 +2583,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
382 |
|
383 |
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); |
384 |
|
385 |
@@ -66617,7 +66688,7 @@ index 35240a7..96dd7cf 100644 |
386 |
offset += elf_core_extra_data_size(); |
387 |
e_shoff = offset; |
388 |
|
389 |
-@@ -2133,7 +2612,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
390 |
+@@ -2133,7 +2611,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
391 |
phdr.p_offset = offset; |
392 |
phdr.p_vaddr = vma->vm_start; |
393 |
phdr.p_paddr = 0; |
394 |
@@ -66626,7 +66697,7 @@ index 35240a7..96dd7cf 100644 |
395 |
phdr.p_memsz = vma->vm_end - vma->vm_start; |
396 |
offset += phdr.p_filesz; |
397 |
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; |
398 |
-@@ -2166,7 +2645,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
399 |
+@@ -2166,7 +2644,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
400 |
unsigned long addr; |
401 |
unsigned long end; |
402 |
|
403 |
@@ -66635,7 +66706,7 @@ index 35240a7..96dd7cf 100644 |
404 |
|
405 |
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { |
406 |
struct page *page; |
407 |
-@@ -2207,6 +2686,167 @@ out: |
408 |
+@@ -2207,6 +2685,167 @@ out: |
409 |
|
410 |
#endif /* CONFIG_ELF_CORE */ |
411 |
|
412 |
@@ -68245,7 +68316,7 @@ index e4141f2..d8263e8 100644 |
413 |
i += packet_length_size; |
414 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
415 |
diff --git a/fs/exec.c b/fs/exec.c |
416 |
-index 05f1942..747fc21 100644 |
417 |
+index 05f1942..5ea95e4 100644 |
418 |
--- a/fs/exec.c |
419 |
+++ b/fs/exec.c |
420 |
@@ -56,8 +56,20 @@ |
421 |
@@ -68892,13 +68963,13 @@ index 05f1942..747fc21 100644 |
422 |
+void pax_report_refcount_overflow(struct pt_regs *regs) |
423 |
+{ |
424 |
+ if (current->signal->curr_ip) |
425 |
-+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", |
426 |
++ printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", |
427 |
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
428 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
429 |
+ else |
430 |
-+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), |
431 |
++ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), |
432 |
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
433 |
-+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); |
434 |
++ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); |
435 |
+ preempt_disable(); |
436 |
+ show_regs(regs); |
437 |
+ preempt_enable(); |
438 |
@@ -68957,10 +69028,10 @@ index 05f1942..747fc21 100644 |
439 |
+static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to_user, const char *type) |
440 |
+{ |
441 |
+ if (current->signal->curr_ip) |
442 |
-+ printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
443 |
++ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
444 |
+ ¤t->signal->curr_ip, to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len); |
445 |
+ else |
446 |
-+ printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
447 |
++ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
448 |
+ to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len); |
449 |
+ dump_stack(); |
450 |
+ gr_handle_kernel_exploit(); |
451 |
@@ -69059,7 +69130,7 @@ index 05f1942..747fc21 100644 |
452 |
+#ifdef CONFIG_PAX_SIZE_OVERFLOW |
453 |
+void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) |
454 |
+{ |
455 |
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
456 |
++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
457 |
+ dump_stack(); |
458 |
+ do_group_exit(SIGKILL); |
459 |
+} |
460 |
@@ -93527,7 +93598,7 @@ index b66c211..13d2915 100644 |
461 |
static inline void anon_vma_merge(struct vm_area_struct *vma, |
462 |
struct vm_area_struct *next) |
463 |
diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h |
464 |
-index a964f72..b475afb 100644 |
465 |
+index a964f72..a6d40b4 100644 |
466 |
--- a/include/linux/scatterlist.h |
467 |
+++ b/include/linux/scatterlist.h |
468 |
@@ -1,6 +1,7 @@ |
469 |
@@ -93538,19 +93609,26 @@ index a964f72..b475afb 100644 |
470 |
#include <linux/string.h> |
471 |
#include <linux/bug.h> |
472 |
#include <linux/mm.h> |
473 |
-@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf, |
474 |
- #ifdef CONFIG_DEBUG_SG |
475 |
- BUG_ON(!virt_addr_valid(buf)); |
476 |
- #endif |
477 |
+@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg) |
478 |
+ static inline void sg_set_buf(struct scatterlist *sg, const void *buf, |
479 |
+ unsigned int buflen) |
480 |
+ { |
481 |
++ const void *realbuf = buf; |
482 |
++ |
483 |
+#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW |
484 |
-+ if (object_starts_on_stack(buf)) { |
485 |
-+ void *adjbuf = buf - current->stack + current->lowmem_stack; |
486 |
-+ sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf)); |
487 |
-+ } else |
488 |
++ if (object_starts_on_stack(buf)) |
489 |
++ realbuf = buf - current->stack + current->lowmem_stack; |
490 |
+#endif |
491 |
- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); |
492 |
++ |
493 |
+ #ifdef CONFIG_DEBUG_SG |
494 |
+- BUG_ON(!virt_addr_valid(buf)); |
495 |
++ BUG_ON(!virt_addr_valid(realbuf)); |
496 |
+ #endif |
497 |
+- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); |
498 |
++ sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf)); |
499 |
} |
500 |
|
501 |
+ /* |
502 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
503 |
index 91fe6a3..30088db 100644 |
504 |
--- a/include/linux/sched.h |
505 |
@@ -95849,6 +95927,19 @@ index 409fafb..efc53b0 100644 |
506 |
|
507 |
struct device sdev_gendev, |
508 |
sdev_dev; |
509 |
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h |
510 |
+index 20fdfc2..5745712 100644 |
511 |
+--- a/include/scsi/scsi_driver.h |
512 |
++++ b/include/scsi/scsi_driver.h |
513 |
+@@ -15,7 +15,7 @@ struct scsi_driver { |
514 |
+ struct device_driver gendrv; |
515 |
+ |
516 |
+ void (*rescan)(struct device *); |
517 |
+- int (*done)(struct scsi_cmnd *); |
518 |
++ unsigned int (*done)(struct scsi_cmnd *); |
519 |
+ int (*eh_action)(struct scsi_cmnd *, int); |
520 |
+ }; |
521 |
+ #define to_scsi_driver(drv) \ |
522 |
diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h |
523 |
index b797e8f..8e2c3aa 100644 |
524 |
--- a/include/scsi/scsi_transport_fc.h |
525 |
@@ -103667,6 +103758,23 @@ index f504027..97a15c0 100644 |
526 |
|
527 |
bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); |
528 |
if (!bd->dbuf) |
529 |
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c |
530 |
+index 32adb73..ccbd787 100644 |
531 |
+--- a/lib/decompress_unlzma.c |
532 |
++++ b/lib/decompress_unlzma.c |
533 |
+@@ -39,10 +39,10 @@ |
534 |
+ |
535 |
+ #define MIN(a, b) (((a) < (b)) ? (a) : (b)) |
536 |
+ |
537 |
+-static long long INIT read_int(unsigned char *ptr, int size) |
538 |
++static unsigned long long INIT read_int(unsigned char *ptr, int size) |
539 |
+ { |
540 |
+ int i; |
541 |
+- long long ret = 0; |
542 |
++ unsigned long long ret = 0; |
543 |
+ |
544 |
+ for (i = 0; i < size; i++) |
545 |
+ ret = (ret << 8) | ptr[size-i-1]; |
546 |
diff --git a/lib/devres.c b/lib/devres.c |
547 |
index 8235331..5881053 100644 |
548 |
--- a/lib/devres.c |
549 |
@@ -121055,7 +121163,7 @@ index 0000000..da184c5 |
550 |
+} |
551 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
552 |
new file mode 100644 |
553 |
-index 0000000..77f8462 |
554 |
+index 0000000..1d20e32 |
555 |
--- /dev/null |
556 |
+++ b/tools/gcc/gcc-common.h |
557 |
@@ -0,0 +1,689 @@ |
558 |
@@ -121219,7 +121327,7 @@ index 0000000..77f8462 |
559 |
+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) |
560 |
+ |
561 |
+#if BUILDING_GCC_VERSION == 4005 |
562 |
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) |
563 |
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++) |
564 |
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) |
565 |
+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) |
566 |
+#define TODO_rebuild_cgraph_edges 0 |
567 |
@@ -121459,6 +121567,7 @@ index 0000000..77f8462 |
568 |
+} |
569 |
+ |
570 |
+#define ipa_remove_stmt_references(cnode, stmt) |
571 |
++ |
572 |
+typedef union gimple_statement_d gasm; |
573 |
+typedef union gimple_statement_d gassign; |
574 |
+typedef union gimple_statement_d gcall; |
575 |
@@ -121480,7 +121589,6 @@ index 0000000..77f8462 |
576 |
+#define create_var_ann(var) |
577 |
+#define TODO_dump_func 0 |
578 |
+#define TODO_dump_cgraph 0 |
579 |
-+ |
580 |
+#endif |
581 |
+ |
582 |
+#if BUILDING_GCC_VERSION <= 4009 |
583 |
|
584 |
diff --git a/3.14.45/4435_grsec-mute-warnings.patch b/3.14.45/4435_grsec-mute-warnings.patch |
585 |
index 558c435..2c2d463 100644 |
586 |
--- a/3.14.45/4435_grsec-mute-warnings.patch |
587 |
+++ b/3.14.45/4435_grsec-mute-warnings.patch |
588 |
@@ -29,14 +29,15 @@ warning flags of vanilla kernel versions. |
589 |
Acked-by: Christian Heim <phreak@g.o> |
590 |
--- |
591 |
|
592 |
---- a/Makefile 2011-11-18 17:50:11.000000000 -0500 |
593 |
-+++ b/Makefile 2011-11-18 17:50:48.000000000 -0500 |
594 |
+diff -Naur a/Makefile b/Makefile |
595 |
+--- a/Makefile 2015-06-27 15:35:56.363504156 -0400 |
596 |
++++ b/Makefile 2015-06-27 16:41:08.552598625 -0400 |
597 |
@@ -244,7 +244,7 @@ |
598 |
|
599 |
HOSTCC = gcc |
600 |
HOSTCXX = g++ |
601 |
--HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 |
602 |
-+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 |
603 |
+-HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks |
604 |
++HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks |
605 |
HOSTCFLAGS += $(call cc-option, -Wno-empty-body) |
606 |
HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds |
607 |
|
608 |
|
609 |
diff --git a/3.2.69/0000_README b/3.2.69/0000_README |
610 |
index 1521b73..05b7791 100644 |
611 |
--- a/3.2.69/0000_README |
612 |
+++ b/3.2.69/0000_README |
613 |
@@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch |
614 |
From: http://www.kernel.org |
615 |
Desc: Linux 3.2.69 |
616 |
|
617 |
-Patch: 4420_grsecurity-3.1-3.2.69-201506232100.patch |
618 |
+Patch: 4420_grsecurity-3.1-3.2.69-201506262041.patch |
619 |
From: http://www.grsecurity.net |
620 |
Desc: hardened-sources base patch from upstream grsecurity |
621 |
|
622 |
|
623 |
diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch |
624 |
similarity index 99% |
625 |
rename from 3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch |
626 |
rename to 3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch |
627 |
index 873b401..ce279a5 100644 |
628 |
--- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch |
629 |
+++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch |
630 |
@@ -6836,10 +6836,23 @@ index 1df64a8..aea2a39 100644 |
631 |
}; |
632 |
|
633 |
diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c |
634 |
-index c70b3d8..d01c6b3 100644 |
635 |
+index c70b3d8..d7d5b01 100644 |
636 |
--- a/arch/s390/mm/mmap.c |
637 |
+++ b/arch/s390/mm/mmap.c |
638 |
-@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
639 |
+@@ -60,6 +60,12 @@ static inline int mmap_is_legacy(void) |
640 |
+ |
641 |
+ static unsigned long mmap_rnd(void) |
642 |
+ { |
643 |
++ |
644 |
++#ifdef CONFIG_PAX_RANDMMAP |
645 |
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) |
646 |
++ return 0; |
647 |
++#endif |
648 |
++ |
649 |
+ if (!(current->flags & PF_RANDOMIZE)) |
650 |
+ return 0; |
651 |
+ /* 8MB randomization for mmap_base */ |
652 |
+@@ -92,10 +98,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
653 |
*/ |
654 |
if (mmap_is_legacy()) { |
655 |
mm->mmap_base = TASK_UNMAPPED_BASE; |
656 |
@@ -6862,7 +6875,7 @@ index c70b3d8..d01c6b3 100644 |
657 |
mm->get_unmapped_area = arch_get_unmapped_area_topdown; |
658 |
mm->unmap_area = arch_unmap_area_topdown; |
659 |
} |
660 |
-@@ -175,10 +187,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
661 |
+@@ -175,10 +193,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
662 |
*/ |
663 |
if (mmap_is_legacy()) { |
664 |
mm->mmap_base = TASK_UNMAPPED_BASE; |
665 |
@@ -28417,7 +28430,7 @@ index d0474ad..36e9257 100644 |
666 |
extern u32 pnp_bios_is_utter_crap; |
667 |
pnp_bios_is_utter_crap = 1; |
668 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
669 |
-index 351590e..a1132fb 100644 |
670 |
+index 351590e..825bba9 100644 |
671 |
--- a/arch/x86/mm/fault.c |
672 |
+++ b/arch/x86/mm/fault.c |
673 |
@@ -13,11 +13,18 @@ |
674 |
@@ -28609,10 +28622,10 @@ index 351590e..a1132fb 100644 |
675 |
+#ifdef CONFIG_PAX_KERNEXEC |
676 |
+ if (init_mm.start_code <= address && address < init_mm.end_code) { |
677 |
+ if (current->signal->curr_ip) |
678 |
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", |
679 |
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", |
680 |
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); |
681 |
+ else |
682 |
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", |
683 |
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", |
684 |
+ current->comm, task_pid_nr(current), current_uid(), current_euid()); |
685 |
+ } |
686 |
+#endif |
687 |
@@ -28787,8 +28800,8 @@ index 351590e..a1132fb 100644 |
688 |
+ return; |
689 |
+ } |
690 |
+ if (address < pax_user_shadow_base) { |
691 |
-+ printk(KERN_ERR "PAX: please report this to pageexec@××××××××.hu\n"); |
692 |
-+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); |
693 |
++ printk(KERN_EMERG "PAX: please report this to pageexec@××××××××.hu\n"); |
694 |
++ printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip); |
695 |
+ show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); |
696 |
+ } else |
697 |
+ address -= pax_user_shadow_base; |
698 |
@@ -49651,7 +49664,7 @@ index 4169c8b..a8b896b 100644 |
699 |
ddb_entry->default_relogin_timeout = |
700 |
le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); |
701 |
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c |
702 |
-index 831db24..aef1598 100644 |
703 |
+index 831db24..1b88f70 100644 |
704 |
--- a/drivers/scsi/scsi.c |
705 |
+++ b/drivers/scsi/scsi.c |
706 |
@@ -655,7 +655,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) |
707 |
@@ -49663,6 +49676,15 @@ index 831db24..aef1598 100644 |
708 |
|
709 |
/* check if the device is still usable */ |
710 |
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { |
711 |
+@@ -837,7 +837,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd) |
712 |
+ |
713 |
+ good_bytes = scsi_bufflen(cmd); |
714 |
+ if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) { |
715 |
+- int old_good_bytes = good_bytes; |
716 |
++ unsigned int old_good_bytes = good_bytes; |
717 |
+ drv = scsi_cmd_to_driver(cmd); |
718 |
+ if (drv->done) |
719 |
+ good_bytes = drv->done(cmd); |
720 |
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c |
721 |
index f6a464a..797b84d 100644 |
722 |
--- a/drivers/scsi/scsi_lib.c |
723 |
@@ -49817,9 +49839,27 @@ index 21a045e..ec89e03 100644 |
724 |
|
725 |
transport_setup_device(&rport->dev); |
726 |
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
727 |
-index 5c6b5f5..475317d 100644 |
728 |
+index 5c6b5f5..015ec9d 100644 |
729 |
--- a/drivers/scsi/sd.c |
730 |
+++ b/drivers/scsi/sd.c |
731 |
+@@ -105,7 +105,7 @@ static void sd_shutdown(struct device *); |
732 |
+ static int sd_suspend(struct device *, pm_message_t state); |
733 |
+ static int sd_resume(struct device *); |
734 |
+ static void sd_rescan(struct device *); |
735 |
+-static int sd_done(struct scsi_cmnd *); |
736 |
++static unsigned int sd_done(struct scsi_cmnd *); |
737 |
+ static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer); |
738 |
+ static void scsi_disk_release(struct device *cdev); |
739 |
+ static void sd_print_sense_hdr(struct scsi_disk *, struct scsi_sense_hdr *); |
740 |
+@@ -1390,7 +1390,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd) |
741 |
+ * |
742 |
+ * Note: potentially run from within an ISR. Must not block. |
743 |
+ **/ |
744 |
+-static int sd_done(struct scsi_cmnd *SCpnt) |
745 |
++static unsigned int sd_done(struct scsi_cmnd *SCpnt) |
746 |
+ { |
747 |
+ int result = SCpnt->result; |
748 |
+ unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt); |
749 |
@@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev) |
750 |
device_initialize(&sdkp->dev); |
751 |
sdkp->dev.parent = dev; |
752 |
@@ -49860,6 +49900,34 @@ index 2d25616..7502cde 100644 |
753 |
|
754 |
sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); |
755 |
if (!sg_proc_sgp) |
756 |
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c |
757 |
+index 5fc97d2..5f26ccd 100644 |
758 |
+--- a/drivers/scsi/sr.c |
759 |
++++ b/drivers/scsi/sr.c |
760 |
+@@ -78,7 +78,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM); |
761 |
+ static DEFINE_MUTEX(sr_mutex); |
762 |
+ static int sr_probe(struct device *); |
763 |
+ static int sr_remove(struct device *); |
764 |
+-static int sr_done(struct scsi_cmnd *); |
765 |
++static unsigned int sr_done(struct scsi_cmnd *); |
766 |
+ |
767 |
+ static struct scsi_driver sr_template = { |
768 |
+ .owner = THIS_MODULE, |
769 |
+@@ -296,11 +296,11 @@ do_tur: |
770 |
+ * It will be notified on the end of a SCSI read / write, and will take one |
771 |
+ * of several actions based on success or failure. |
772 |
+ */ |
773 |
+-static int sr_done(struct scsi_cmnd *SCpnt) |
774 |
++static unsigned int sr_done(struct scsi_cmnd *SCpnt) |
775 |
+ { |
776 |
+ int result = SCpnt->result; |
777 |
+- int this_count = scsi_bufflen(SCpnt); |
778 |
+- int good_bytes = (result == 0 ? this_count : 0); |
779 |
++ unsigned int this_count = scsi_bufflen(SCpnt); |
780 |
++ unsigned int good_bytes = (result == 0 ? this_count : 0); |
781 |
+ int block_sectors = 0; |
782 |
+ long error_sector; |
783 |
+ struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); |
784 |
diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c |
785 |
new file mode 100644 |
786 |
index 0000000..06c9d30 |
787 |
@@ -59288,7 +59356,7 @@ index 451b9b8..12e5a03 100644 |
788 |
|
789 |
out_free_fd: |
790 |
diff --git a/fs/exec.c b/fs/exec.c |
791 |
-index 7adb43f..9b2005c 100644 |
792 |
+index 7adb43f..be703f8 100644 |
793 |
--- a/fs/exec.c |
794 |
+++ b/fs/exec.c |
795 |
@@ -55,12 +55,35 @@ |
796 |
@@ -60069,12 +60137,12 @@ index 7adb43f..9b2005c 100644 |
797 |
+void pax_report_refcount_overflow(struct pt_regs *regs) |
798 |
+{ |
799 |
+ if (current->signal->curr_ip) |
800 |
-+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", |
801 |
++ printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", |
802 |
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); |
803 |
+ else |
804 |
-+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", |
805 |
++ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", |
806 |
+ current->comm, task_pid_nr(current), current_uid(), current_euid()); |
807 |
-+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); |
808 |
++ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); |
809 |
+ preempt_disable(); |
810 |
+ show_regs(regs); |
811 |
+ preempt_enable(); |
812 |
@@ -60133,10 +60201,10 @@ index 7adb43f..9b2005c 100644 |
813 |
+static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) |
814 |
+{ |
815 |
+ if (current->signal->curr_ip) |
816 |
-+ printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
817 |
++ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
818 |
+ ¤t->signal->curr_ip, to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); |
819 |
+ else |
820 |
-+ printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
821 |
++ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", |
822 |
+ to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); |
823 |
+ dump_stack(); |
824 |
+ gr_handle_kernel_exploit(); |
825 |
@@ -60235,7 +60303,7 @@ index 7adb43f..9b2005c 100644 |
826 |
+#ifdef CONFIG_PAX_SIZE_OVERFLOW |
827 |
+void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) |
828 |
+{ |
829 |
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
830 |
++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
831 |
+ dump_stack(); |
832 |
+ do_group_exit(SIGKILL); |
833 |
+} |
834 |
@@ -87940,6 +88008,19 @@ index 377ba61..1b6890c 100644 |
835 |
|
836 |
struct device sdev_gendev, |
837 |
sdev_dev; |
838 |
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h |
839 |
+index 9fd6702..52e04b7 100644 |
840 |
+--- a/include/scsi/scsi_driver.h |
841 |
++++ b/include/scsi/scsi_driver.h |
842 |
+@@ -15,7 +15,7 @@ struct scsi_driver { |
843 |
+ struct device_driver gendrv; |
844 |
+ |
845 |
+ void (*rescan)(struct device *); |
846 |
+- int (*done)(struct scsi_cmnd *); |
847 |
++ unsigned int (*done)(struct scsi_cmnd *); |
848 |
+ }; |
849 |
+ #define to_scsi_driver(drv) \ |
850 |
+ container_of((drv), struct scsi_driver, gendrv) |
851 |
diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h |
852 |
index 2a65167..91e01f8 100644 |
853 |
--- a/include/scsi/scsi_transport_fc.h |
854 |
@@ -96477,6 +96558,23 @@ index 6a110e2..799667a 100644 |
855 |
|
856 |
bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); |
857 |
if (!bd->dbuf) |
858 |
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c |
859 |
+index 476c65a..b4c50e8 100644 |
860 |
+--- a/lib/decompress_unlzma.c |
861 |
++++ b/lib/decompress_unlzma.c |
862 |
+@@ -39,10 +39,10 @@ |
863 |
+ |
864 |
+ #define MIN(a, b) (((a) < (b)) ? (a) : (b)) |
865 |
+ |
866 |
+-static long long INIT read_int(unsigned char *ptr, int size) |
867 |
++static unsigned long long INIT read_int(unsigned char *ptr, int size) |
868 |
+ { |
869 |
+ int i; |
870 |
+- long long ret = 0; |
871 |
++ unsigned long long ret = 0; |
872 |
+ |
873 |
+ for (i = 0; i < size; i++) |
874 |
+ ret = (ret << 8) | ptr[size-i-1]; |
875 |
diff --git a/lib/devres.c b/lib/devres.c |
876 |
index 7c0e953..f642b5c 100644 |
877 |
--- a/lib/devres.c |
878 |
@@ -116469,7 +116567,7 @@ index 0000000..da184c5 |
879 |
+} |
880 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
881 |
new file mode 100644 |
882 |
-index 0000000..77f8462 |
883 |
+index 0000000..1d20e32 |
884 |
--- /dev/null |
885 |
+++ b/tools/gcc/gcc-common.h |
886 |
@@ -0,0 +1,689 @@ |
887 |
@@ -116633,7 +116731,7 @@ index 0000000..77f8462 |
888 |
+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) |
889 |
+ |
890 |
+#if BUILDING_GCC_VERSION == 4005 |
891 |
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) |
892 |
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++) |
893 |
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) |
894 |
+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) |
895 |
+#define TODO_rebuild_cgraph_edges 0 |
896 |
@@ -116873,6 +116971,7 @@ index 0000000..77f8462 |
897 |
+} |
898 |
+ |
899 |
+#define ipa_remove_stmt_references(cnode, stmt) |
900 |
++ |
901 |
+typedef union gimple_statement_d gasm; |
902 |
+typedef union gimple_statement_d gassign; |
903 |
+typedef union gimple_statement_d gcall; |
904 |
@@ -116894,7 +116993,6 @@ index 0000000..77f8462 |
905 |
+#define create_var_ann(var) |
906 |
+#define TODO_dump_func 0 |
907 |
+#define TODO_dump_cgraph 0 |
908 |
-+ |
909 |
+#endif |
910 |
+ |
911 |
+#if BUILDING_GCC_VERSION <= 4009 |
912 |
|
913 |
diff --git a/4.0.6/0000_README b/4.0.6/0000_README |
914 |
index 62fb720..00d5c29 100644 |
915 |
--- a/4.0.6/0000_README |
916 |
+++ b/4.0.6/0000_README |
917 |
@@ -2,7 +2,7 @@ README |
918 |
----------------------------------------------------------------------------- |
919 |
Individual Patch Descriptions: |
920 |
----------------------------------------------------------------------------- |
921 |
-Patch: 4420_grsecurity-3.1-4.0.6-201506232104.patch |
922 |
+Patch: 4420_grsecurity-3.1-4.0.6-201506262047.patch |
923 |
From: http://www.grsecurity.net |
924 |
Desc: hardened-sources base patch from upstream grsecurity |
925 |
|
926 |
|
927 |
diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch |
928 |
similarity index 99% |
929 |
rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch |
930 |
rename to 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch |
931 |
index 91512cb..797b7c1 100644 |
932 |
--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch |
933 |
+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch |
934 |
@@ -53187,6 +53187,34 @@ index 2270bd5..98408a5 100644 |
935 |
case BLKTRACESTART: |
936 |
return blk_trace_startstop(sdp->device->request_queue, 1); |
937 |
case BLKTRACESTOP: |
938 |
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c |
939 |
+index 8bd54a6..dd037a5 100644 |
940 |
+--- a/drivers/scsi/sr.c |
941 |
++++ b/drivers/scsi/sr.c |
942 |
+@@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex); |
943 |
+ static int sr_probe(struct device *); |
944 |
+ static int sr_remove(struct device *); |
945 |
+ static int sr_init_command(struct scsi_cmnd *SCpnt); |
946 |
+-static int sr_done(struct scsi_cmnd *); |
947 |
++static unsigned int sr_done(struct scsi_cmnd *); |
948 |
+ static int sr_runtime_suspend(struct device *dev); |
949 |
+ |
950 |
+ static struct dev_pm_ops sr_pm_ops = { |
951 |
+@@ -312,11 +312,11 @@ do_tur: |
952 |
+ * It will be notified on the end of a SCSI read / write, and will take one |
953 |
+ * of several actions based on success or failure. |
954 |
+ */ |
955 |
+-static int sr_done(struct scsi_cmnd *SCpnt) |
956 |
++static unsigned int sr_done(struct scsi_cmnd *SCpnt) |
957 |
+ { |
958 |
+ int result = SCpnt->result; |
959 |
+- int this_count = scsi_bufflen(SCpnt); |
960 |
+- int good_bytes = (result == 0 ? this_count : 0); |
961 |
++ unsigned int this_count = scsi_bufflen(SCpnt); |
962 |
++ unsigned int good_bytes = (result == 0 ? this_count : 0); |
963 |
+ int block_sectors = 0; |
964 |
+ long error_sector; |
965 |
+ struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); |
966 |
diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c |
967 |
index c0d660f..24a5854 100644 |
968 |
--- a/drivers/soc/tegra/fuse/fuse-tegra.c |
969 |
@@ -93167,7 +93195,7 @@ index c4c559a..6ba9a26 100644 |
970 |
static inline void anon_vma_merge(struct vm_area_struct *vma, |
971 |
struct vm_area_struct *next) |
972 |
diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h |
973 |
-index ed8f9e70..999bc96 100644 |
974 |
+index ed8f9e70..2e627f2 100644 |
975 |
--- a/include/linux/scatterlist.h |
976 |
+++ b/include/linux/scatterlist.h |
977 |
@@ -1,6 +1,7 @@ |
978 |
@@ -93178,19 +93206,26 @@ index ed8f9e70..999bc96 100644 |
979 |
#include <linux/string.h> |
980 |
#include <linux/bug.h> |
981 |
#include <linux/mm.h> |
982 |
-@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf, |
983 |
- #ifdef CONFIG_DEBUG_SG |
984 |
- BUG_ON(!virt_addr_valid(buf)); |
985 |
- #endif |
986 |
+@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg) |
987 |
+ static inline void sg_set_buf(struct scatterlist *sg, const void *buf, |
988 |
+ unsigned int buflen) |
989 |
+ { |
990 |
++ const void *realbuf = buf; |
991 |
++ |
992 |
+#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW |
993 |
-+ if (object_starts_on_stack(buf)) { |
994 |
-+ void *adjbuf = buf - current->stack + current->lowmem_stack; |
995 |
-+ sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf)); |
996 |
-+ } else |
997 |
++ if (object_starts_on_stack(buf)) |
998 |
++ realbuf = buf - current->stack + current->lowmem_stack; |
999 |
+#endif |
1000 |
- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); |
1001 |
++ |
1002 |
+ #ifdef CONFIG_DEBUG_SG |
1003 |
+- BUG_ON(!virt_addr_valid(buf)); |
1004 |
++ BUG_ON(!virt_addr_valid(realbuf)); |
1005 |
+ #endif |
1006 |
+- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); |
1007 |
++ sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf)); |
1008 |
} |
1009 |
|
1010 |
+ /* |
1011 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
1012 |
index 51348f7..8c8b0ba 100644 |
1013 |
--- a/include/linux/sched.h |
1014 |
@@ -95438,6 +95473,19 @@ index a4c9336..d6f8f34 100644 |
1015 |
|
1016 |
struct device sdev_gendev, |
1017 |
sdev_dev; |
1018 |
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h |
1019 |
+index 891a658..fcd68df 100644 |
1020 |
+--- a/include/scsi/scsi_driver.h |
1021 |
++++ b/include/scsi/scsi_driver.h |
1022 |
+@@ -14,7 +14,7 @@ struct scsi_driver { |
1023 |
+ void (*rescan)(struct device *); |
1024 |
+ int (*init_command)(struct scsi_cmnd *); |
1025 |
+ void (*uninit_command)(struct scsi_cmnd *); |
1026 |
+- int (*done)(struct scsi_cmnd *); |
1027 |
++ unsigned int (*done)(struct scsi_cmnd *); |
1028 |
+ int (*eh_action)(struct scsi_cmnd *, int); |
1029 |
+ }; |
1030 |
+ #define to_scsi_driver(drv) \ |
1031 |
diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h |
1032 |
index 007a0bc..7188db8 100644 |
1033 |
--- a/include/scsi/scsi_transport_fc.h |
1034 |
@@ -103458,6 +103506,23 @@ index 6dd0335..1e9c239 100644 |
1035 |
|
1036 |
bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); |
1037 |
if (!bd->dbuf) |
1038 |
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c |
1039 |
+index 0be83af..4605e93 100644 |
1040 |
+--- a/lib/decompress_unlzma.c |
1041 |
++++ b/lib/decompress_unlzma.c |
1042 |
+@@ -39,10 +39,10 @@ |
1043 |
+ |
1044 |
+ #define MIN(a, b) (((a) < (b)) ? (a) : (b)) |
1045 |
+ |
1046 |
+-static long long INIT read_int(unsigned char *ptr, int size) |
1047 |
++static unsigned long long INIT read_int(unsigned char *ptr, int size) |
1048 |
+ { |
1049 |
+ int i; |
1050 |
+- long long ret = 0; |
1051 |
++ unsigned long long ret = 0; |
1052 |
+ |
1053 |
+ for (i = 0; i < size; i++) |
1054 |
+ ret = (ret << 8) | ptr[size-i-1]; |
1055 |
diff --git a/lib/div64.c b/lib/div64.c |
1056 |
index 4382ad7..08aa558 100644 |
1057 |
--- a/lib/div64.c |