1 |
commit: 9417a236d9dfc4d648ce711a2fac162a6fe2a353 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Nov 24 08:54:22 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Nov 24 08:54:22 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=9417a236 |
7 |
|
8 |
grsecurity-3.1-4.2.6-201511211841 |
9 |
|
10 |
4.2.6/0000_README | 2 +- |
11 |
...> 4420_grsecurity-3.1-4.2.6-201511211841.patch} | 338 ++++++++++++++------- |
12 |
2 files changed, 229 insertions(+), 111 deletions(-) |
13 |
|
14 |
diff --git a/4.2.6/0000_README b/4.2.6/0000_README |
15 |
index 9ebf533..454ccd7 100644 |
16 |
--- a/4.2.6/0000_README |
17 |
+++ b/4.2.6/0000_README |
18 |
@@ -2,7 +2,7 @@ README |
19 |
----------------------------------------------------------------------------- |
20 |
Individual Patch Descriptions: |
21 |
----------------------------------------------------------------------------- |
22 |
-Patch: 4420_grsecurity-3.1-4.2.6-201511182042.patch |
23 |
+Patch: 4420_grsecurity-3.1-4.2.6-201511211841.patch |
24 |
From: http://www.grsecurity.net |
25 |
Desc: hardened-sources base patch from upstream grsecurity |
26 |
|
27 |
|
28 |
diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch |
29 |
similarity index 99% |
30 |
rename from 4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch |
31 |
rename to 4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch |
32 |
index ec705cc..30663c2 100644 |
33 |
--- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch |
34 |
+++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch |
35 |
@@ -77233,7 +77233,7 @@ index e4141f2..d8263e8 100644 |
36 |
i += packet_length_size; |
37 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
38 |
diff --git a/fs/exec.c b/fs/exec.c |
39 |
-index 1977c2a..b6b953a 100644 |
40 |
+index 1977c2a..53bf9a0 100644 |
41 |
--- a/fs/exec.c |
42 |
+++ b/fs/exec.c |
43 |
@@ -56,8 +56,20 @@ |
44 |
@@ -77729,7 +77729,7 @@ index 1977c2a..b6b953a 100644 |
45 |
out: |
46 |
if (bprm->mm) { |
47 |
acct_arg_size(bprm, 0); |
48 |
-@@ -1743,3 +1918,324 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
49 |
+@@ -1743,3 +1918,313 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
50 |
argv, envp, flags); |
51 |
} |
52 |
#endif |
53 |
@@ -78035,22 +78035,11 @@ index 1977c2a..b6b953a 100644 |
54 |
+ |
55 |
+#ifdef CONFIG_PAX_SIZE_OVERFLOW |
56 |
+ |
57 |
-+#ifdef CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL |
58 |
-+static DEFINE_RATELIMIT_STATE(size_overflow_ratelimit, 15 * HZ, 3); |
59 |
-+#endif |
60 |
-+ |
61 |
+void __nocapture(1, 3, 4) __used report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) |
62 |
+{ |
63 |
-+#ifdef CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL |
64 |
-+ if (__ratelimit(&size_overflow_ratelimit)) { |
65 |
-+ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
66 |
-+ dump_stack(); |
67 |
-+ } |
68 |
-+#else |
69 |
+ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
70 |
+ dump_stack(); |
71 |
+ do_group_exit(SIGKILL); |
72 |
-+#endif |
73 |
+} |
74 |
+EXPORT_SYMBOL(report_size_overflow); |
75 |
+#endif |
76 |
@@ -97435,7 +97424,7 @@ index dfaa7b3..58cebfb 100644 |
77 |
* Mark a position in code as unreachable. This can be used to |
78 |
* suppress control flow warnings after asm blocks that transfer |
79 |
diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
80 |
-index e08a6ae..2e5e776 100644 |
81 |
+index e08a6ae..8d965c5 100644 |
82 |
--- a/include/linux/compiler.h |
83 |
+++ b/include/linux/compiler.h |
84 |
@@ -5,11 +5,14 @@ |
85 |
@@ -97507,46 +97496,63 @@ index e08a6ae..2e5e776 100644 |
86 |
#endif |
87 |
|
88 |
/* Indirect macros required for expanded argument pasting, eg. __LINE__. */ |
89 |
-@@ -201,27 +225,27 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
90 |
- static __always_inline void __read_once_size(const volatile void *p, void *res, int size) |
91 |
- { |
92 |
- switch (size) { |
93 |
+@@ -198,34 +222,6 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
94 |
+ |
95 |
+ #include <uapi/linux/types.h> |
96 |
+ |
97 |
+-static __always_inline void __read_once_size(const volatile void *p, void *res, int size) |
98 |
+-{ |
99 |
+- switch (size) { |
100 |
- case 1: *(__u8 *)res = *(volatile __u8 *)p; break; |
101 |
- case 2: *(__u16 *)res = *(volatile __u16 *)p; break; |
102 |
- case 4: *(__u32 *)res = *(volatile __u32 *)p; break; |
103 |
- case 8: *(__u64 *)res = *(volatile __u64 *)p; break; |
104 |
-+ case 1: *(__u8 *)res = *(const volatile __u8 *)p; break; |
105 |
-+ case 2: *(__u16 *)res = *(const volatile __u16 *)p; break; |
106 |
-+ case 4: *(__u32 *)res = *(const volatile __u32 *)p; break; |
107 |
-+ case 8: *(__u64 *)res = *(const volatile __u64 *)p; break; |
108 |
- default: |
109 |
- barrier(); |
110 |
+- default: |
111 |
+- barrier(); |
112 |
- __builtin_memcpy((void *)res, (const void *)p, size); |
113 |
-+ __builtin_memcpy(res, (const void *)p, size); |
114 |
- barrier(); |
115 |
- } |
116 |
- } |
117 |
- |
118 |
+- barrier(); |
119 |
+- } |
120 |
+-} |
121 |
+- |
122 |
-static __always_inline void __write_once_size(volatile void *p, void *res, int size) |
123 |
-+static __always_inline void __write_once_size(volatile void *p, const void *res, int size) |
124 |
- { |
125 |
- switch (size) { |
126 |
+-{ |
127 |
+- switch (size) { |
128 |
- case 1: *(volatile __u8 *)p = *(__u8 *)res; break; |
129 |
- case 2: *(volatile __u16 *)p = *(__u16 *)res; break; |
130 |
- case 4: *(volatile __u32 *)p = *(__u32 *)res; break; |
131 |
- case 8: *(volatile __u64 *)p = *(__u64 *)res; break; |
132 |
-+ case 1: *(volatile __u8 *)p = *(const __u8 *)res; break; |
133 |
-+ case 2: *(volatile __u16 *)p = *(const __u16 *)res; break; |
134 |
-+ case 4: *(volatile __u32 *)p = *(const __u32 *)res; break; |
135 |
-+ case 8: *(volatile __u64 *)p = *(const __u64 *)res; break; |
136 |
- default: |
137 |
- barrier(); |
138 |
+- default: |
139 |
+- barrier(); |
140 |
- __builtin_memcpy((void *)p, (const void *)res, size); |
141 |
-+ __builtin_memcpy((void *)p, res, size); |
142 |
- barrier(); |
143 |
- } |
144 |
- } |
145 |
-@@ -370,6 +394,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
146 |
+- barrier(); |
147 |
+- } |
148 |
+-} |
149 |
+- |
150 |
+ /* |
151 |
+ * Prevent the compiler from merging or refetching reads or writes. The |
152 |
+ * compiler is also forbidden from reordering successive instances of |
153 |
+@@ -248,11 +244,16 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
154 |
+ * required ordering. |
155 |
+ */ |
156 |
+ |
157 |
+-#define READ_ONCE(x) \ |
158 |
+- ({ union { typeof(x) __val; char __c[1]; } __u; __read_once_size(&(x), __u.__c, sizeof(x)); __u.__val; }) |
159 |
++#define READ_ONCE(x) ({ \ |
160 |
++ typeof(x) __val = *(volatile typeof(x) *)&(x); \ |
161 |
++ __val; \ |
162 |
++}) |
163 |
+ |
164 |
+-#define WRITE_ONCE(x, val) \ |
165 |
+- ({ union { typeof(x) __val; char __c[1]; } __u = { .__val = (val) }; __write_once_size(&(x), __u.__c, sizeof(x)); __u.__val; }) |
166 |
++#define WRITE_ONCE(x, val) ({ \ |
167 |
++ typeof(x) __val = (val); \ |
168 |
++ (x) = *(volatile typeof(x) *)&__val; \ |
169 |
++ __val; \ |
170 |
++}) |
171 |
+ |
172 |
+ /** |
173 |
+ * READ_ONCE_CTRL - Read a value heading a control dependency |
174 |
+@@ -370,6 +371,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
175 |
# define __attribute_const__ /* unimplemented */ |
176 |
#endif |
177 |
|
178 |
@@ -97585,7 +97591,7 @@ index e08a6ae..2e5e776 100644 |
179 |
/* |
180 |
* Tell gcc if a function is cold. The compiler will assume any path |
181 |
* directly leading to the call is unlikely. |
182 |
-@@ -379,6 +435,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
183 |
+@@ -379,6 +412,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
184 |
#define __cold |
185 |
#endif |
186 |
|
187 |
@@ -97608,7 +97614,7 @@ index e08a6ae..2e5e776 100644 |
188 |
/* Simple shorthand for a section definition */ |
189 |
#ifndef __section |
190 |
# define __section(S) __attribute__ ((__section__(#S))) |
191 |
-@@ -393,6 +465,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
192 |
+@@ -393,6 +442,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
193 |
# define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) |
194 |
#endif |
195 |
|
196 |
@@ -97617,7 +97623,7 @@ index e08a6ae..2e5e776 100644 |
197 |
/* Is this type a native word size -- useful for atomic operations */ |
198 |
#ifndef __native_word |
199 |
# define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) |
200 |
-@@ -472,8 +546,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
201 |
+@@ -472,8 +523,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
202 |
*/ |
203 |
#define __ACCESS_ONCE(x) ({ \ |
204 |
__maybe_unused typeof(x) __var = (__force typeof(x)) 0; \ |
205 |
@@ -103391,7 +103397,7 @@ index 5122b5e..598b440 100644 |
206 |
void v9fs_register_trans(struct p9_trans_module *m); |
207 |
void v9fs_unregister_trans(struct p9_trans_module *m); |
208 |
diff --git a/include/net/af_unix.h b/include/net/af_unix.h |
209 |
-index cb1b9bb..56b3ee0 100644 |
210 |
+index cb1b9bb..deaf939 100644 |
211 |
--- a/include/net/af_unix.h |
212 |
+++ b/include/net/af_unix.h |
213 |
@@ -36,7 +36,7 @@ struct unix_skb_parms { |
214 |
@@ -103403,6 +103409,14 @@ index cb1b9bb..56b3ee0 100644 |
215 |
|
216 |
#define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb)) |
217 |
|
218 |
+@@ -62,6 +62,7 @@ struct unix_sock { |
219 |
+ #define UNIX_GC_CANDIDATE 0 |
220 |
+ #define UNIX_GC_MAYBE_CYCLE 1 |
221 |
+ struct socket_wq peer_wq; |
222 |
++ wait_queue_t wait; |
223 |
+ }; |
224 |
+ |
225 |
+ static inline struct unix_sock *unix_sk(struct sock *sk) |
226 |
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h |
227 |
index 2239a37..a83461f 100644 |
228 |
--- a/include/net/bluetooth/l2cap.h |
229 |
@@ -124572,10 +124586,19 @@ index 350cca3..a108fc5 100644 |
230 |
sub->evt.event = htohl(event, sub->swap); |
231 |
sub->evt.found_lower = htohl(found_lower, sub->swap); |
232 |
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
233 |
-index 94f6582..2272bfc 100644 |
234 |
+index 94f6582..0883e68 100644 |
235 |
--- a/net/unix/af_unix.c |
236 |
+++ b/net/unix/af_unix.c |
237 |
-@@ -440,6 +440,7 @@ static void unix_release_sock(struct sock *sk, int embrion) |
238 |
+@@ -420,6 +420,8 @@ static void unix_release_sock(struct sock *sk, int embrion) |
239 |
+ skpair = unix_peer(sk); |
240 |
+ |
241 |
+ if (skpair != NULL) { |
242 |
++ if (sk->sk_type != SOCK_STREAM) |
243 |
++ remove_wait_queue(&unix_sk(skpair)->peer_wait, &u->wait); |
244 |
+ if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) { |
245 |
+ unix_state_lock(skpair); |
246 |
+ /* No more writes */ |
247 |
+@@ -440,6 +442,7 @@ static void unix_release_sock(struct sock *sk, int embrion) |
248 |
if (state == TCP_LISTEN) |
249 |
unix_release_sock(skb->sk, 1); |
250 |
/* passed fds are erased in the kfree_skb hook */ |
251 |
@@ -124583,7 +124606,32 @@ index 94f6582..2272bfc 100644 |
252 |
kfree_skb(skb); |
253 |
} |
254 |
|
255 |
-@@ -802,6 +803,12 @@ static struct sock *unix_find_other(struct net *net, |
256 |
+@@ -636,6 +639,16 @@ static struct proto unix_proto = { |
257 |
+ */ |
258 |
+ static struct lock_class_key af_unix_sk_receive_queue_lock_key; |
259 |
+ |
260 |
++static int peer_wake(wait_queue_t *wait, unsigned mode, int sync, void *key) |
261 |
++{ |
262 |
++ struct unix_sock *u; |
263 |
++ |
264 |
++ u = container_of(wait, struct unix_sock, wait); |
265 |
++ wake_up_interruptible_sync_poll(sk_sleep(&u->sk), key); |
266 |
++ |
267 |
++ return 0; |
268 |
++} |
269 |
++ |
270 |
+ static struct sock *unix_create1(struct net *net, struct socket *sock, int kern) |
271 |
+ { |
272 |
+ struct sock *sk = NULL; |
273 |
+@@ -664,6 +677,7 @@ static struct sock *unix_create1(struct net *net, struct socket *sock, int kern) |
274 |
+ INIT_LIST_HEAD(&u->link); |
275 |
+ mutex_init(&u->readlock); /* single task reading lock */ |
276 |
+ init_waitqueue_head(&u->peer_wait); |
277 |
++ init_waitqueue_func_entry(&u->wait, peer_wake); |
278 |
+ unix_insert_socket(unix_sockets_unbound(sk), sk); |
279 |
+ out: |
280 |
+ if (sk == NULL) |
281 |
+@@ -802,6 +816,12 @@ static struct sock *unix_find_other(struct net *net, |
282 |
err = -ECONNREFUSED; |
283 |
if (!S_ISSOCK(inode->i_mode)) |
284 |
goto put_fail; |
285 |
@@ -124596,7 +124644,7 @@ index 94f6582..2272bfc 100644 |
286 |
u = unix_find_socket_byinode(inode); |
287 |
if (!u) |
288 |
goto put_fail; |
289 |
-@@ -822,6 +829,13 @@ static struct sock *unix_find_other(struct net *net, |
290 |
+@@ -822,6 +842,13 @@ static struct sock *unix_find_other(struct net *net, |
291 |
if (u) { |
292 |
struct dentry *dentry; |
293 |
dentry = unix_sk(u)->path.dentry; |
294 |
@@ -124610,7 +124658,7 @@ index 94f6582..2272bfc 100644 |
295 |
if (dentry) |
296 |
touch_atime(&unix_sk(u)->path); |
297 |
} else |
298 |
-@@ -855,12 +869,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) |
299 |
+@@ -855,12 +882,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) |
300 |
*/ |
301 |
err = security_path_mknod(&path, dentry, mode, 0); |
302 |
if (!err) { |
303 |
@@ -124629,7 +124677,68 @@ index 94f6582..2272bfc 100644 |
304 |
done_path_create(&path, dentry); |
305 |
return err; |
306 |
} |
307 |
-@@ -1798,6 +1818,7 @@ alloc_skb: |
308 |
+@@ -1030,7 +1063,10 @@ restart: |
309 |
+ */ |
310 |
+ if (unix_peer(sk)) { |
311 |
+ struct sock *old_peer = unix_peer(sk); |
312 |
++ |
313 |
++ remove_wait_queue(&unix_sk(old_peer)->peer_wait, &unix_sk(sk)->wait); |
314 |
+ unix_peer(sk) = other; |
315 |
++ add_wait_queue(&unix_sk(other)->peer_wait, &unix_sk(sk)->wait); |
316 |
+ unix_state_double_unlock(sk, other); |
317 |
+ |
318 |
+ if (other != old_peer) |
319 |
+@@ -1038,8 +1074,12 @@ restart: |
320 |
+ sock_put(old_peer); |
321 |
+ } else { |
322 |
+ unix_peer(sk) = other; |
323 |
++ add_wait_queue(&unix_sk(other)->peer_wait, &unix_sk(sk)->wait); |
324 |
+ unix_state_double_unlock(sk, other); |
325 |
+ } |
326 |
++ /* New remote may have created write space for us */ |
327 |
++ wake_up_interruptible_sync_poll(sk_sleep(sk), |
328 |
++ POLLOUT | POLLWRNORM | POLLWRBAND); |
329 |
+ return 0; |
330 |
+ |
331 |
+ out_unlock: |
332 |
+@@ -1194,6 +1234,8 @@ restart: |
333 |
+ |
334 |
+ sock_hold(sk); |
335 |
+ unix_peer(newsk) = sk; |
336 |
++ if (sk->sk_type == SOCK_SEQPACKET) |
337 |
++ add_wait_queue(&unix_sk(sk)->peer_wait, &unix_sk(newsk)->wait); |
338 |
+ newsk->sk_state = TCP_ESTABLISHED; |
339 |
+ newsk->sk_type = sk->sk_type; |
340 |
+ init_peercred(newsk); |
341 |
+@@ -1220,6 +1262,8 @@ restart: |
342 |
+ |
343 |
+ smp_mb__after_atomic(); /* sock_hold() does an atomic_inc() */ |
344 |
+ unix_peer(sk) = newsk; |
345 |
++ if (sk->sk_type == SOCK_SEQPACKET) |
346 |
++ add_wait_queue(&unix_sk(newsk)->peer_wait, &unix_sk(sk)->wait); |
347 |
+ |
348 |
+ unix_state_unlock(sk); |
349 |
+ |
350 |
+@@ -1254,6 +1298,10 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb) |
351 |
+ sock_hold(skb); |
352 |
+ unix_peer(ska) = skb; |
353 |
+ unix_peer(skb) = ska; |
354 |
++ if (ska->sk_type != SOCK_STREAM) { |
355 |
++ add_wait_queue(&unix_sk(ska)->peer_wait, &unix_sk(skb)->wait); |
356 |
++ add_wait_queue(&unix_sk(skb)->peer_wait, &unix_sk(ska)->wait); |
357 |
++ } |
358 |
+ init_peercred(ska); |
359 |
+ init_peercred(skb); |
360 |
+ |
361 |
+@@ -1565,6 +1613,7 @@ restart: |
362 |
+ unix_state_lock(sk); |
363 |
+ if (unix_peer(sk) == other) { |
364 |
+ unix_peer(sk) = NULL; |
365 |
++ remove_wait_queue(&unix_sk(other)->peer_wait, &u->wait); |
366 |
+ unix_state_unlock(sk); |
367 |
+ |
368 |
+ unix_dgram_disconnected(sk, other); |
369 |
+@@ -1798,6 +1847,7 @@ alloc_skb: |
370 |
* this - does no harm |
371 |
*/ |
372 |
consume_skb(newskb); |
373 |
@@ -124637,7 +124746,7 @@ index 94f6582..2272bfc 100644 |
374 |
} |
375 |
|
376 |
if (skb_append_pagefrags(skb, page, offset, size)) { |
377 |
-@@ -1810,8 +1831,11 @@ alloc_skb: |
378 |
+@@ -1810,8 +1860,11 @@ alloc_skb: |
379 |
skb->truesize += size; |
380 |
atomic_add(size, &sk->sk_wmem_alloc); |
381 |
|
382 |
@@ -124650,7 +124759,7 @@ index 94f6582..2272bfc 100644 |
383 |
|
384 |
unix_state_unlock(other); |
385 |
mutex_unlock(&unix_sk(other)->readlock); |
386 |
-@@ -2071,6 +2095,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) |
387 |
+@@ -2071,6 +2124,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) |
388 |
|
389 |
do { |
390 |
int chunk; |
391 |
@@ -124658,7 +124767,7 @@ index 94f6582..2272bfc 100644 |
392 |
struct sk_buff *skb, *last; |
393 |
|
394 |
unix_state_lock(sk); |
395 |
-@@ -2151,7 +2176,11 @@ unlock: |
396 |
+@@ -2151,7 +2205,11 @@ unlock: |
397 |
} |
398 |
|
399 |
chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); |
400 |
@@ -124670,7 +124779,7 @@ index 94f6582..2272bfc 100644 |
401 |
if (chunk < 0) { |
402 |
if (copied == 0) |
403 |
copied = -EFAULT; |
404 |
-@@ -2160,6 +2189,18 @@ unlock: |
405 |
+@@ -2160,6 +2218,18 @@ unlock: |
406 |
copied += chunk; |
407 |
size -= chunk; |
408 |
|
409 |
@@ -124689,24 +124798,15 @@ index 94f6582..2272bfc 100644 |
410 |
/* Mark read part of skb as used */ |
411 |
if (!(flags & MSG_PEEK)) { |
412 |
UNIXCB(skb).consumed += chunk; |
413 |
-@@ -2455,11 +2496,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, |
414 |
- writable = unix_writable(sk); |
415 |
+@@ -2456,7 +2526,6 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, |
416 |
other = unix_peer_get(sk); |
417 |
if (other) { |
418 |
-- if (unix_peer(other) != sk) { |
419 |
-+ unix_state_lock(other); |
420 |
-+ if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) != sk) { |
421 |
-+ unix_state_unlock(other); |
422 |
- sock_poll_wait(file, &unix_sk(other)->peer_wait, wait); |
423 |
+ if (unix_peer(other) != sk) { |
424 |
+- sock_poll_wait(file, &unix_sk(other)->peer_wait, wait); |
425 |
if (unix_recvq_full(other)) |
426 |
writable = 0; |
427 |
-- } |
428 |
-+ } else |
429 |
-+ unix_state_unlock(other); |
430 |
- sock_put(other); |
431 |
- } |
432 |
- |
433 |
-@@ -2556,9 +2600,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) |
434 |
+ } |
435 |
+@@ -2556,9 +2625,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) |
436 |
seq_puts(seq, "Num RefCount Protocol Flags Type St " |
437 |
"Inode Path\n"); |
438 |
else { |
439 |
@@ -124721,7 +124821,7 @@ index 94f6582..2272bfc 100644 |
440 |
|
441 |
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", |
442 |
s, |
443 |
-@@ -2583,10 +2631,29 @@ static int unix_seq_show(struct seq_file *seq, void *v) |
444 |
+@@ -2583,10 +2656,29 @@ static int unix_seq_show(struct seq_file *seq, void *v) |
445 |
seq_putc(seq, '@'); |
446 |
i++; |
447 |
} |
448 |
@@ -125965,10 +126065,10 @@ index c0a932d..817c587 100755 |
449 |
# Find all available archs |
450 |
find_all_archs() |
451 |
diff --git a/security/Kconfig b/security/Kconfig |
452 |
-index bf4ec46..faa8418 100644 |
453 |
+index bf4ec46..6748ce1 100644 |
454 |
--- a/security/Kconfig |
455 |
+++ b/security/Kconfig |
456 |
-@@ -4,6 +4,985 @@ |
457 |
+@@ -4,6 +4,980 @@ |
458 |
|
459 |
menu "Security options" |
460 |
|
461 |
@@ -126914,11 +127014,6 @@ index bf4ec46..faa8418 100644 |
462 |
+ i.e., gcc 4.5 or newer. You may need to install the supporting |
463 |
+ headers explicitly in addition to the normal gcc package. |
464 |
+ |
465 |
-+config PAX_SIZE_OVERFLOW_DISABLE_KILL |
466 |
-+ bool "Do not kill process on overflow detection" |
467 |
-+ default n |
468 |
-+ depends on PAX_SIZE_OVERFLOW |
469 |
-+ |
470 |
+config PAX_LATENT_ENTROPY |
471 |
+ bool "Generate some entropy during boot and runtime" |
472 |
+ default y if GRKERNSEC_CONFIG_AUTO |
473 |
@@ -126954,7 +127049,7 @@ index bf4ec46..faa8418 100644 |
474 |
source security/keys/Kconfig |
475 |
|
476 |
config SECURITY_DMESG_RESTRICT |
477 |
-@@ -104,7 +1083,7 @@ config INTEL_TXT |
478 |
+@@ -104,7 +1078,7 @@ config INTEL_TXT |
479 |
config LSM_MMAP_MIN_ADDR |
480 |
int "Low address space for LSM to protect from user allocation" |
481 |
depends on SECURITY && SECURITY_SELINUX |
482 |
@@ -129143,15 +129238,19 @@ index 0000000..b884a56 |
483 |
+} |
484 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
485 |
new file mode 100644 |
486 |
-index 0000000..9660b09 |
487 |
+index 0000000..5f73f93 |
488 |
--- /dev/null |
489 |
+++ b/tools/gcc/gcc-common.h |
490 |
-@@ -0,0 +1,790 @@ |
491 |
+@@ -0,0 +1,813 @@ |
492 |
+#ifndef GCC_COMMON_H_INCLUDED |
493 |
+#define GCC_COMMON_H_INCLUDED |
494 |
+ |
495 |
-+#include "plugin.h" |
496 |
+#include "bversion.h" |
497 |
++#if BUILDING_GCC_VERSION >= 6000 |
498 |
++#include "gcc-plugin.h" |
499 |
++#else |
500 |
++#include "plugin.h" |
501 |
++#endif |
502 |
+#include "plugin-version.h" |
503 |
+#include "config.h" |
504 |
+#include "system.h" |
505 |
@@ -129749,6 +129848,21 @@ index 0000000..9660b09 |
506 |
+#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias |
507 |
+#endif |
508 |
+ |
509 |
++#if BUILDING_GCC_VERSION < 6000 |
510 |
++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) |
511 |
++#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) |
512 |
++#endif |
513 |
++ |
514 |
++#if BUILDING_GCC_VERSION == 5000 |
515 |
++// gimple related |
516 |
++template <> |
517 |
++template <> |
518 |
++inline bool is_a_helper<const gassign *>::test(const_gimple gs) |
519 |
++{ |
520 |
++ return gs->code == GIMPLE_ASSIGN; |
521 |
++} |
522 |
++#endif |
523 |
++ |
524 |
+#if BUILDING_GCC_VERSION >= 5000 |
525 |
+#define TODO_verify_ssa TODO_verify_il |
526 |
+#define TODO_verify_flow TODO_verify_il |
527 |
@@ -129851,6 +129965,13 @@ index 0000000..9660b09 |
528 |
+ symtab->remove_cgraph_duplication_hook(entry); |
529 |
+} |
530 |
+ |
531 |
++ |
532 |
++#if BUILDING_GCC_VERSION >= 6000 |
533 |
++typedef gimple *gimple_ptr; |
534 |
++typedef const gimple *const_gimple; |
535 |
++#define gimple gimple_ptr |
536 |
++#endif |
537 |
++ |
538 |
+// gimple related |
539 |
+static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL) |
540 |
+{ |
541 |
@@ -129859,13 +129980,6 @@ index 0000000..9660b09 |
542 |
+ |
543 |
+template <> |
544 |
+template <> |
545 |
-+inline bool is_a_helper<const gassign *>::test(const_gimple gs) |
546 |
-+{ |
547 |
-+ return gs->code == GIMPLE_ASSIGN; |
548 |
-+} |
549 |
-+ |
550 |
-+template <> |
551 |
-+template <> |
552 |
+inline bool is_a_helper<const greturn *>::test(const_gimple gs) |
553 |
+{ |
554 |
+ return gs->code == GIMPLE_RETURN; |
555 |
@@ -129936,6 +130050,10 @@ index 0000000..9660b09 |
556 |
+} |
557 |
+#endif |
558 |
+ |
559 |
++#if BUILDING_GCC_VERSION >= 6000 |
560 |
++#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET((ARG0), (ARG1)) |
561 |
++#endif |
562 |
++ |
563 |
+#endif |
564 |
diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh |
565 |
new file mode 100644 |
566 |
@@ -129953,7 +130071,7 @@ index 0000000..7514850 |
567 |
+fi |
568 |
diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c |
569 |
new file mode 100644 |
570 |
-index 0000000..2abfe4b |
571 |
+index 0000000..b5684e8 |
572 |
--- /dev/null |
573 |
+++ b/tools/gcc/initify_plugin.c |
574 |
@@ -0,0 +1,552 @@ |
575 |
@@ -130166,7 +130284,7 @@ index 0000000..2abfe4b |
576 |
+ tree decl, offset; |
577 |
+ HOST_WIDE_INT bitsize, bitpos; |
578 |
+ enum machine_mode mode; |
579 |
-+ int unsignedp, volatilep; |
580 |
++ int unsignedp, reversep, volatilep; |
581 |
+ enum tree_code code = TREE_CODE(op); |
582 |
+ |
583 |
+ if (TREE_CODE_CLASS(code) == tcc_exceptional && code != SSA_NAME) |
584 |
@@ -130178,7 +130296,7 @@ index 0000000..2abfe4b |
585 |
+ if (TREE_CODE(op) == COMPONENT_REF) |
586 |
+ return false; |
587 |
+ |
588 |
-+ decl = get_inner_reference(op, &bitsize, &bitpos, &offset, &mode, &unsignedp, &volatilep, true); |
589 |
++ decl = get_inner_reference(op, &bitsize, &bitpos, &offset, &mode, &unsignedp, &reversep, &volatilep, true); |
590 |
+ |
591 |
+ switch (TREE_CODE_CLASS(TREE_CODE(decl))) { |
592 |
+ case tcc_constant: |
593 |
@@ -132715,10 +132833,10 @@ index 0000000..4c7f7c6 |
594 |
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h |
595 |
diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data |
596 |
new file mode 100644 |
597 |
-index 0000000..0adc842 |
598 |
+index 0000000..b0e0cdf |
599 |
--- /dev/null |
600 |
+++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data |
601 |
-@@ -0,0 +1,12414 @@ |
602 |
+@@ -0,0 +1,12419 @@ |
603 |
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL |
604 |
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL |
605 |
+disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray |
606 |
@@ -144419,7 +144537,8 @@ index 0000000..0adc842 |
607 |
+disable_so_freq_offset_khz_uhf_dib0090_config_61716 freq_offset_khz_uhf dib0090_config 0 61716 NULL |
608 |
+disable_so_sha1_generic_block_fn_fndecl_61724 sha1_generic_block_fn fndecl 3 61724 NULL |
609 |
+disable_so_xc4000_get_signal_fndecl_61727 xc4000_get_signal fndecl 0 61727 NULL |
610 |
-+disable_so_vf_addr_hi_bnx2x_vf_mbx_61734 vf_addr_hi bnx2x_vf_mbx 0 61734 NULL |
611 |
++disable_so_vf_addr_hi_bnx2x_vf_mbx_61734 vf_addr_hi bnx2x_vf_mbx 0 61734 NULL nohasharray |
612 |
++enable_so_exit_info_2_vmcb_control_area_61734 exit_info_2 vmcb_control_area 0 61734 &disable_so_vf_addr_hi_bnx2x_vf_mbx_61734 |
613 |
+disable_so_pcxhr_update_timer_pos_fndecl_61736 pcxhr_update_timer_pos fndecl 3 61736 NULL nohasharray |
614 |
+disable_so_adis16480_set_filter_freq_fndecl_61736 adis16480_set_filter_freq fndecl 0 61736 &disable_so_pcxhr_update_timer_pos_fndecl_61736 nohasharray |
615 |
+disable_so_xfs_daddr_to_agbno_fndecl_61736 xfs_daddr_to_agbno fndecl 0-2 61736 &disable_so_adis16480_set_filter_freq_fndecl_61736 |
616 |
@@ -145133,6 +145252,10 @@ index 0000000..0adc842 |
617 |
+enable_so_read_fw_status_reg_megasas_instance_template_13572 read_fw_status_reg megasas_instance_template 0 13572 NULL |
618 |
+enable_so_eip_x86_emulate_ctxt_12354 eip x86_emulate_ctxt 0 12354 NULL |
619 |
+enable_so_next_rip_x86_instruction_info_56868 next_rip x86_instruction_info 0 56868 NULL |
620 |
++enable_so_exit_int_info_vmcb_control_area_18357 exit_int_info vmcb_control_area 0 18357 NULL |
621 |
++enable_so_exit_info_1_vmcb_control_area_20200 exit_info_1 vmcb_control_area 0 20200 NULL |
622 |
++enable_so_event_inj_vmcb_control_area_23434 event_inj vmcb_control_area 0 23434 NULL |
623 |
++enable_so_iopm_base_pa_vmcb_control_area_57998 iopm_base_pa vmcb_control_area 0 57998 NULL |
624 |
diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh |
625 |
new file mode 100644 |
626 |
index 0000000..be9724d |
627 |
@@ -145666,7 +145789,7 @@ index 0000000..37e2e91 |
628 |
+#endif |
629 |
diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c |
630 |
new file mode 100644 |
631 |
-index 0000000..62eb578 |
632 |
+index 0000000..a662b4b |
633 |
--- /dev/null |
634 |
+++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c |
635 |
@@ -0,0 +1,947 @@ |
636 |
@@ -145908,10 +146031,10 @@ index 0000000..62eb578 |
637 |
+ break; |
638 |
+ } |
639 |
+ case FIELD_DECL: |
640 |
-+ case VAR_DECL: |
641 |
+ // !!! temporarily ignore bitfield types |
642 |
+ if (DECL_BIT_FIELD_TYPE(node)) |
643 |
+ return MARK_YES; |
644 |
++ case VAR_DECL: |
645 |
+ if (is_end_intentional_intentional_attr(node)) |
646 |
+ return MARK_END_INTENTIONAL; |
647 |
+ if (is_turn_off_intentional_attr(node)) |
648 |
@@ -147290,10 +147413,10 @@ index 0000000..ab2d25a |
649 |
+} |
650 |
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data |
651 |
new file mode 100644 |
652 |
-index 0000000..a883e73 |
653 |
+index 0000000..b683d96 |
654 |
--- /dev/null |
655 |
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data |
656 |
-@@ -0,0 +1,20743 @@ |
657 |
+@@ -0,0 +1,20738 @@ |
658 |
+enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL |
659 |
+enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL |
660 |
+enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL |
661 |
@@ -153024,8 +153147,7 @@ index 0000000..a883e73 |
662 |
+enable_so_rfcomm_send_frame_fndecl_18352 rfcomm_send_frame fndecl 3 18352 NULL |
663 |
+enable_so_mgsl_load_tx_dma_buffer_fndecl_18355 mgsl_load_tx_dma_buffer fndecl 3 18355 NULL |
664 |
+enable_so_vm_pgoff_vm_area_struct_18357 vm_pgoff vm_area_struct 0 18357 NULL nohasharray |
665 |
-+enable_so_exit_int_info_vmcb_control_area_18357 exit_int_info vmcb_control_area 0 18357 &enable_so_vm_pgoff_vm_area_struct_18357 nohasharray |
666 |
-+enable_so_elfnotes_sz_vardecl_vmcore_c_18357 elfnotes_sz vardecl_vmcore.c 0 18357 &enable_so_exit_int_info_vmcb_control_area_18357 |
667 |
++enable_so_elfnotes_sz_vardecl_vmcore_c_18357 elfnotes_sz vardecl_vmcore.c 0 18357 &enable_so_vm_pgoff_vm_area_struct_18357 |
668 |
+enable_so_lbs_rdrf_write_fndecl_18361 lbs_rdrf_write fndecl 3 18361 NULL |
669 |
+enable_so_ascii2desc_fndecl_18370 ascii2desc fndecl 0-3 18370 NULL |
670 |
+enable_so_ecryptfs_write_lower_fndecl_18373 ecryptfs_write_lower fndecl 4 18373 NULL |
671 |
@@ -153596,7 +153718,6 @@ index 0000000..a883e73 |
672 |
+enable_so_iram_base_intel_sst_drv_20196 iram_base intel_sst_drv 0 20196 &enable_so_agp_memory_reserved_vardecl_20196 |
673 |
+enable_so_qxl_gem_object_create_with_handle_fndecl_20198 qxl_gem_object_create_with_handle fndecl 4 20198 NULL |
674 |
+enable_so_fpage_size_genwqe_sgl_20199 fpage_size genwqe_sgl 0 20199 NULL |
675 |
-+enable_so_exit_info_1_vmcb_control_area_20200 exit_info_1 vmcb_control_area 0 20200 NULL |
676 |
+enable_so_sectors_per_block_bits_dm_bufio_client_20202 sectors_per_block_bits dm_bufio_client 0 20202 NULL |
677 |
+enable_so_max_frame_size__mgslpc_info_20204 max_frame_size _mgslpc_info 0 20204 NULL |
678 |
+enable_so_sbq_len_rx_ring_20205 sbq_len rx_ring 0 20205 NULL |
679 |
@@ -154632,8 +154753,7 @@ index 0000000..a883e73 |
680 |
+enable_so_max_snd_interval_23422 max snd_interval 0 23422 NULL |
681 |
+enable_so_configfs_read_file_fndecl_23424 configfs_read_file fndecl 3 23424 NULL |
682 |
+enable_so___qib_get_user_pages_fndecl_23426 __qib_get_user_pages fndecl 1 23426 NULL |
683 |
-+enable_so_event_inj_vmcb_control_area_23434 event_inj vmcb_control_area 0 23434 NULL nohasharray |
684 |
-+enable_so_nilfs_attach_snapshot_fndecl_23434 nilfs_attach_snapshot fndecl 2 23434 &enable_so_event_inj_vmcb_control_area_23434 |
685 |
++enable_so_nilfs_attach_snapshot_fndecl_23434 nilfs_attach_snapshot fndecl 2 23434 NULL |
686 |
+enable_so_ftdi_instances_vardecl_ftdi_elan_c_23438 ftdi_instances vardecl_ftdi-elan.c 0 23438 NULL |
687 |
+enable_so_set_xfer_rate_fndecl_23440 set_xfer_rate fndecl 2 23440 NULL |
688 |
+enable_so_mei_cl_recv_fndecl_23442 mei_cl_recv fndecl 0-3 23442 NULL |
689 |
@@ -165673,7 +165793,6 @@ index 0000000..a883e73 |
690 |
+enable_so_faultin_page_fndecl_57994 faultin_page fndecl 3 57994 NULL |
691 |
+enable_so_perf_sample_ustack_size_fndecl_57995 perf_sample_ustack_size fndecl 0-2-1 57995 NULL |
692 |
+enable_so_max_idx_node_sz_ubifs_info_57997 max_idx_node_sz ubifs_info 0 57997 NULL |
693 |
-+enable_so_iopm_base_pa_vmcb_control_area_57998 iopm_base_pa vmcb_control_area 0 57998 NULL |
694 |
+enable_so_SSIDlen_StatusRid_58002 SSIDlen StatusRid 0 58002 NULL nohasharray |
695 |
+enable_so_di_size_dinode_58002 di_size dinode 0 58002 &enable_so_SSIDlen_StatusRid_58002 |
696 |
+enable_so_set_alt_usb_function_58003 set_alt usb_function 0 58003 NULL |
697 |
@@ -166843,7 +166962,6 @@ index 0000000..a883e73 |
698 |
+enable_so_do_lfb_size_fndecl_61720 do_lfb_size fndecl 0 61720 NULL |
699 |
+enable_so_dm_bufio_new_fndecl_61727 dm_bufio_new fndecl 2 61727 NULL |
700 |
+enable_so_btrfs_prev_leaf_fndecl_61728 btrfs_prev_leaf fndecl 0 61728 NULL |
701 |
-+enable_so_exit_info_2_vmcb_control_area_61734 exit_info_2 vmcb_control_area 0 61734 NULL |
702 |
+enable_so_n_patterns_cfg80211_wowlan_61737 n_patterns cfg80211_wowlan 0 61737 NULL |
703 |
+enable_so_pci_msix_vec_count_fndecl_61742 pci_msix_vec_count fndecl 0 61742 NULL |
704 |
+enable_so_count_nfs_pgio_args_61745 count nfs_pgio_args 0 61745 NULL nohasharray |
705 |
@@ -170562,7 +170680,7 @@ index 0000000..317cd6c |
706 |
+ |
707 |
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform.c b/tools/gcc/size_overflow_plugin/size_overflow_transform.c |
708 |
new file mode 100644 |
709 |
-index 0000000..78e16db |
710 |
+index 0000000..a974b2d |
711 |
--- /dev/null |
712 |
+++ b/tools/gcc/size_overflow_plugin/size_overflow_transform.c |
713 |
@@ -0,0 +1,746 @@ |
714 |
@@ -170752,7 +170870,7 @@ index 0000000..78e16db |
715 |
+ if (skip_types(orig_node)) |
716 |
+ return head; |
717 |
+ // !!! temporarily ignore bitfield types |
718 |
-+ if (DECL_BIT_FIELD_TYPE(orig_node)) |
719 |
++ if (orig_code == FIELD_DECL && DECL_BIT_FIELD_TYPE(orig_node)) |
720 |
+ return head; |
721 |
+ |
722 |
+ // find a defining marked caller argument or struct field for arg |
723 |
@@ -171110,7 +171228,7 @@ index 0000000..78e16db |
724 |
+ return head; |
725 |
+ |
726 |
+ // !!! temporarily ignore bitfield types |
727 |
-+ if (DECL_BIT_FIELD_TYPE(decl)) |
728 |
++ if (TREE_CODE(decl) == FIELD_DECL && DECL_BIT_FIELD_TYPE(decl)) |
729 |
+ return head; |
730 |
+ |
731 |
+ next_node = get_interesting_function_next_node(decl, 0); |