1 |
commit: b20249069b74137fd484e147e3ce91898f956db4 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 29 13:38:35 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 29 13:38:35 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=b2024906 |
7 |
|
8 |
Grsec/PaX: 3.0-{3.2.54,3.13.0}-201401281850 |
9 |
|
10 |
--- |
11 |
3.13.0/0000_README | 2 +- |
12 |
... 4420_grsecurity-3.0-3.13.0-201401281848.patch} | 240 +++++++++++++++------ |
13 |
3.2.54/0000_README | 2 +- |
14 |
... 4420_grsecurity-3.0-3.2.54-201401281850.patch} | 141 +++++++----- |
15 |
3.2.54/4475_emutramp_default_on.patch | 2 +- |
16 |
5 files changed, 269 insertions(+), 118 deletions(-) |
17 |
|
18 |
diff --git a/3.13.0/0000_README b/3.13.0/0000_README |
19 |
index 5bc7414..d5c2b2c 100644 |
20 |
--- a/3.13.0/0000_README |
21 |
+++ b/3.13.0/0000_README |
22 |
@@ -2,7 +2,7 @@ README |
23 |
----------------------------------------------------------------------------- |
24 |
Individual Patch Descriptions: |
25 |
----------------------------------------------------------------------------- |
26 |
-Patch: 4420_grsecurity-3.0-3.13.0-201401272348.patch |
27 |
+Patch: 4420_grsecurity-3.0-3.13.0-201401281848.patch |
28 |
From: http://www.grsecurity.net |
29 |
Desc: hardened-sources base patch from upstream grsecurity |
30 |
|
31 |
|
32 |
diff --git a/3.13.0/4420_grsecurity-3.0-3.13.0-201401272348.patch b/3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch |
33 |
similarity index 99% |
34 |
rename from 3.13.0/4420_grsecurity-3.0-3.13.0-201401272348.patch |
35 |
rename to 3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch |
36 |
index fd68ab8..93699a6 100644 |
37 |
--- a/3.13.0/4420_grsecurity-3.0-3.13.0-201401272348.patch |
38 |
+++ b/3.13.0/4420_grsecurity-3.0-3.13.0-201401281848.patch |
39 |
@@ -22109,7 +22109,7 @@ index a2a4f46..6cab058 100644 |
40 |
|
41 |
/* |
42 |
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
43 |
-index 1e96c36..86f2033 100644 |
44 |
+index 1e96c36..3ff710a 100644 |
45 |
--- a/arch/x86/kernel/entry_64.S |
46 |
+++ b/arch/x86/kernel/entry_64.S |
47 |
@@ -59,6 +59,8 @@ |
48 |
@@ -22704,7 +22704,26 @@ index 1e96c36..86f2033 100644 |
49 |
je 1f |
50 |
SWAPGS |
51 |
/* |
52 |
-@@ -514,9 +927,52 @@ ENTRY(save_paranoid) |
53 |
+@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64) |
54 |
+ 0x06 /* DW_OP_deref */, \ |
55 |
+ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ |
56 |
+ 0x22 /* DW_OP_plus */ |
57 |
++ |
58 |
++#ifdef CONFIG_PAX_MEMORY_UDEREF |
59 |
++ testb $3, CS(%rdi) |
60 |
++ jnz 1f |
61 |
++ pax_enter_kernel |
62 |
++ jmp 2f |
63 |
++1: pax_enter_kernel_user |
64 |
++2: |
65 |
++#else |
66 |
++ pax_enter_kernel |
67 |
++#endif |
68 |
++ |
69 |
+ /* We entered an interrupt context - irqs are off: */ |
70 |
+ TRACE_IRQS_OFF |
71 |
+ .endm |
72 |
+@@ -514,9 +939,52 @@ ENTRY(save_paranoid) |
73 |
js 1f /* negative -> in kernel */ |
74 |
SWAPGS |
75 |
xorl %ebx,%ebx |
76 |
@@ -22759,7 +22778,7 @@ index 1e96c36..86f2033 100644 |
77 |
.popsection |
78 |
|
79 |
/* |
80 |
-@@ -538,7 +994,7 @@ ENTRY(ret_from_fork) |
81 |
+@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork) |
82 |
|
83 |
RESTORE_REST |
84 |
|
85 |
@@ -22768,7 +22787,7 @@ index 1e96c36..86f2033 100644 |
86 |
jz 1f |
87 |
|
88 |
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET |
89 |
-@@ -548,15 +1004,13 @@ ENTRY(ret_from_fork) |
90 |
+@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork) |
91 |
jmp ret_from_sys_call # go to the SYSRET fastpath |
92 |
|
93 |
1: |
94 |
@@ -22785,7 +22804,7 @@ index 1e96c36..86f2033 100644 |
95 |
|
96 |
/* |
97 |
* System call entry. Up to 6 arguments in registers are supported. |
98 |
-@@ -593,7 +1047,7 @@ END(ret_from_fork) |
99 |
+@@ -593,7 +1059,7 @@ END(ret_from_fork) |
100 |
ENTRY(system_call) |
101 |
CFI_STARTPROC simple |
102 |
CFI_SIGNAL_FRAME |
103 |
@@ -22794,7 +22813,7 @@ index 1e96c36..86f2033 100644 |
104 |
CFI_REGISTER rip,rcx |
105 |
/*CFI_REGISTER rflags,r11*/ |
106 |
SWAPGS_UNSAFE_STACK |
107 |
-@@ -606,16 +1060,23 @@ GLOBAL(system_call_after_swapgs) |
108 |
+@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs) |
109 |
|
110 |
movq %rsp,PER_CPU_VAR(old_rsp) |
111 |
movq PER_CPU_VAR(kernel_stack),%rsp |
112 |
@@ -22820,7 +22839,7 @@ index 1e96c36..86f2033 100644 |
113 |
jnz tracesys |
114 |
system_call_fastpath: |
115 |
#if __SYSCALL_MASK == ~0 |
116 |
-@@ -639,10 +1100,13 @@ sysret_check: |
117 |
+@@ -639,10 +1112,13 @@ sysret_check: |
118 |
LOCKDEP_SYS_EXIT |
119 |
DISABLE_INTERRUPTS(CLBR_NONE) |
120 |
TRACE_IRQS_OFF |
121 |
@@ -22835,7 +22854,7 @@ index 1e96c36..86f2033 100644 |
122 |
/* |
123 |
* sysretq will re-enable interrupts: |
124 |
*/ |
125 |
-@@ -701,6 +1165,9 @@ auditsys: |
126 |
+@@ -701,6 +1177,9 @@ auditsys: |
127 |
movq %rax,%rsi /* 2nd arg: syscall number */ |
128 |
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ |
129 |
call __audit_syscall_entry |
130 |
@@ -22845,7 +22864,7 @@ index 1e96c36..86f2033 100644 |
131 |
LOAD_ARGS 0 /* reload call-clobbered registers */ |
132 |
jmp system_call_fastpath |
133 |
|
134 |
-@@ -722,7 +1189,7 @@ sysret_audit: |
135 |
+@@ -722,7 +1201,7 @@ sysret_audit: |
136 |
/* Do syscall tracing */ |
137 |
tracesys: |
138 |
#ifdef CONFIG_AUDITSYSCALL |
139 |
@@ -22854,7 +22873,7 @@ index 1e96c36..86f2033 100644 |
140 |
jz auditsys |
141 |
#endif |
142 |
SAVE_REST |
143 |
-@@ -730,12 +1197,15 @@ tracesys: |
144 |
+@@ -730,12 +1209,15 @@ tracesys: |
145 |
FIXUP_TOP_OF_STACK %rdi |
146 |
movq %rsp,%rdi |
147 |
call syscall_trace_enter |
148 |
@@ -22871,7 +22890,7 @@ index 1e96c36..86f2033 100644 |
149 |
RESTORE_REST |
150 |
#if __SYSCALL_MASK == ~0 |
151 |
cmpq $__NR_syscall_max,%rax |
152 |
-@@ -765,7 +1235,9 @@ GLOBAL(int_with_check) |
153 |
+@@ -765,7 +1247,9 @@ GLOBAL(int_with_check) |
154 |
andl %edi,%edx |
155 |
jnz int_careful |
156 |
andl $~TS_COMPAT,TI_status(%rcx) |
157 |
@@ -22882,7 +22901,7 @@ index 1e96c36..86f2033 100644 |
158 |
|
159 |
/* Either reschedule or signal or syscall exit tracking needed. */ |
160 |
/* First do a reschedule test. */ |
161 |
-@@ -811,7 +1283,7 @@ int_restore_rest: |
162 |
+@@ -811,7 +1295,7 @@ int_restore_rest: |
163 |
TRACE_IRQS_OFF |
164 |
jmp int_with_check |
165 |
CFI_ENDPROC |
166 |
@@ -22891,7 +22910,7 @@ index 1e96c36..86f2033 100644 |
167 |
|
168 |
.macro FORK_LIKE func |
169 |
ENTRY(stub_\func) |
170 |
-@@ -824,9 +1296,10 @@ ENTRY(stub_\func) |
171 |
+@@ -824,9 +1308,10 @@ ENTRY(stub_\func) |
172 |
DEFAULT_FRAME 0 8 /* offset 8: return address */ |
173 |
call sys_\func |
174 |
RESTORE_TOP_OF_STACK %r11, 8 |
175 |
@@ -22904,7 +22923,7 @@ index 1e96c36..86f2033 100644 |
176 |
.endm |
177 |
|
178 |
.macro FIXED_FRAME label,func |
179 |
-@@ -836,9 +1309,10 @@ ENTRY(\label) |
180 |
+@@ -836,9 +1321,10 @@ ENTRY(\label) |
181 |
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET |
182 |
call \func |
183 |
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET |
184 |
@@ -22916,7 +22935,7 @@ index 1e96c36..86f2033 100644 |
185 |
.endm |
186 |
|
187 |
FORK_LIKE clone |
188 |
-@@ -846,19 +1320,6 @@ END(\label) |
189 |
+@@ -846,19 +1332,6 @@ END(\label) |
190 |
FORK_LIKE vfork |
191 |
FIXED_FRAME stub_iopl, sys_iopl |
192 |
|
193 |
@@ -22936,7 +22955,7 @@ index 1e96c36..86f2033 100644 |
194 |
ENTRY(stub_execve) |
195 |
CFI_STARTPROC |
196 |
addq $8, %rsp |
197 |
-@@ -870,7 +1331,7 @@ ENTRY(stub_execve) |
198 |
+@@ -870,7 +1343,7 @@ ENTRY(stub_execve) |
199 |
RESTORE_REST |
200 |
jmp int_ret_from_sys_call |
201 |
CFI_ENDPROC |
202 |
@@ -22945,7 +22964,7 @@ index 1e96c36..86f2033 100644 |
203 |
|
204 |
/* |
205 |
* sigreturn is special because it needs to restore all registers on return. |
206 |
-@@ -887,7 +1348,7 @@ ENTRY(stub_rt_sigreturn) |
207 |
+@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) |
208 |
RESTORE_REST |
209 |
jmp int_ret_from_sys_call |
210 |
CFI_ENDPROC |
211 |
@@ -22954,7 +22973,7 @@ index 1e96c36..86f2033 100644 |
212 |
|
213 |
#ifdef CONFIG_X86_X32_ABI |
214 |
ENTRY(stub_x32_rt_sigreturn) |
215 |
-@@ -901,7 +1362,7 @@ ENTRY(stub_x32_rt_sigreturn) |
216 |
+@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) |
217 |
RESTORE_REST |
218 |
jmp int_ret_from_sys_call |
219 |
CFI_ENDPROC |
220 |
@@ -22963,7 +22982,7 @@ index 1e96c36..86f2033 100644 |
221 |
|
222 |
ENTRY(stub_x32_execve) |
223 |
CFI_STARTPROC |
224 |
-@@ -915,7 +1376,7 @@ ENTRY(stub_x32_execve) |
225 |
+@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve) |
226 |
RESTORE_REST |
227 |
jmp int_ret_from_sys_call |
228 |
CFI_ENDPROC |
229 |
@@ -22972,7 +22991,7 @@ index 1e96c36..86f2033 100644 |
230 |
|
231 |
#endif |
232 |
|
233 |
-@@ -952,7 +1413,7 @@ vector=vector+1 |
234 |
+@@ -952,7 +1425,7 @@ vector=vector+1 |
235 |
2: jmp common_interrupt |
236 |
.endr |
237 |
CFI_ENDPROC |
238 |
@@ -22981,7 +23000,7 @@ index 1e96c36..86f2033 100644 |
239 |
|
240 |
.previous |
241 |
END(interrupt) |
242 |
-@@ -969,9 +1430,19 @@ END(interrupt) |
243 |
+@@ -969,8 +1442,8 @@ END(interrupt) |
244 |
/* 0(%rsp): ~(interrupt number) */ |
245 |
.macro interrupt func |
246 |
/* reserve pt_regs for scratch regs and rbp */ |
247 |
@@ -22990,20 +23009,9 @@ index 1e96c36..86f2033 100644 |
248 |
+ subq $ORIG_RAX, %rsp |
249 |
+ CFI_ADJUST_CFA_OFFSET ORIG_RAX |
250 |
SAVE_ARGS_IRQ |
251 |
-+#ifdef CONFIG_PAX_MEMORY_UDEREF |
252 |
-+ testb $3, CS(%rdi) |
253 |
-+ jnz 1f |
254 |
-+ pax_enter_kernel |
255 |
-+ jmp 2f |
256 |
-+1: pax_enter_kernel_user |
257 |
-+2: |
258 |
-+#else |
259 |
-+ pax_enter_kernel |
260 |
-+#endif |
261 |
call \func |
262 |
.endm |
263 |
- |
264 |
-@@ -997,14 +1468,14 @@ ret_from_intr: |
265 |
+@@ -997,14 +1470,14 @@ ret_from_intr: |
266 |
|
267 |
/* Restore saved previous stack */ |
268 |
popq %rsi |
269 |
@@ -23022,7 +23030,7 @@ index 1e96c36..86f2033 100644 |
270 |
je retint_kernel |
271 |
|
272 |
/* Interrupt came from user space */ |
273 |
-@@ -1026,12 +1497,16 @@ retint_swapgs: /* return to user-space */ |
274 |
+@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */ |
275 |
* The iretq could re-enable interrupts: |
276 |
*/ |
277 |
DISABLE_INTERRUPTS(CLBR_ANY) |
278 |
@@ -23039,7 +23047,7 @@ index 1e96c36..86f2033 100644 |
279 |
/* |
280 |
* The iretq could re-enable interrupts: |
281 |
*/ |
282 |
-@@ -1112,7 +1587,7 @@ ENTRY(retint_kernel) |
283 |
+@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel) |
284 |
#endif |
285 |
|
286 |
CFI_ENDPROC |
287 |
@@ -23048,7 +23056,7 @@ index 1e96c36..86f2033 100644 |
288 |
/* |
289 |
* End of kprobes section |
290 |
*/ |
291 |
-@@ -1130,7 +1605,7 @@ ENTRY(\sym) |
292 |
+@@ -1130,7 +1607,7 @@ ENTRY(\sym) |
293 |
interrupt \do_sym |
294 |
jmp ret_from_intr |
295 |
CFI_ENDPROC |
296 |
@@ -23057,7 +23065,7 @@ index 1e96c36..86f2033 100644 |
297 |
.endm |
298 |
|
299 |
#ifdef CONFIG_TRACING |
300 |
-@@ -1218,7 +1693,7 @@ ENTRY(\sym) |
301 |
+@@ -1218,7 +1695,7 @@ ENTRY(\sym) |
302 |
call \do_sym |
303 |
jmp error_exit /* %ebx: no swapgs flag */ |
304 |
CFI_ENDPROC |
305 |
@@ -23066,7 +23074,7 @@ index 1e96c36..86f2033 100644 |
306 |
.endm |
307 |
|
308 |
.macro paranoidzeroentry sym do_sym |
309 |
-@@ -1236,10 +1711,10 @@ ENTRY(\sym) |
310 |
+@@ -1236,10 +1713,10 @@ ENTRY(\sym) |
311 |
call \do_sym |
312 |
jmp paranoid_exit /* %ebx: no swapgs flag */ |
313 |
CFI_ENDPROC |
314 |
@@ -23079,7 +23087,7 @@ index 1e96c36..86f2033 100644 |
315 |
.macro paranoidzeroentry_ist sym do_sym ist |
316 |
ENTRY(\sym) |
317 |
INTR_FRAME |
318 |
-@@ -1252,12 +1727,18 @@ ENTRY(\sym) |
319 |
+@@ -1252,12 +1729,18 @@ ENTRY(\sym) |
320 |
TRACE_IRQS_OFF_DEBUG |
321 |
movq %rsp,%rdi /* pt_regs pointer */ |
322 |
xorl %esi,%esi /* no error code */ |
323 |
@@ -23099,7 +23107,7 @@ index 1e96c36..86f2033 100644 |
324 |
.endm |
325 |
|
326 |
.macro errorentry sym do_sym |
327 |
-@@ -1275,7 +1756,7 @@ ENTRY(\sym) |
328 |
+@@ -1275,7 +1758,7 @@ ENTRY(\sym) |
329 |
call \do_sym |
330 |
jmp error_exit /* %ebx: no swapgs flag */ |
331 |
CFI_ENDPROC |
332 |
@@ -23108,7 +23116,7 @@ index 1e96c36..86f2033 100644 |
333 |
.endm |
334 |
|
335 |
#ifdef CONFIG_TRACING |
336 |
-@@ -1306,7 +1787,7 @@ ENTRY(\sym) |
337 |
+@@ -1306,7 +1789,7 @@ ENTRY(\sym) |
338 |
call \do_sym |
339 |
jmp paranoid_exit /* %ebx: no swapgs flag */ |
340 |
CFI_ENDPROC |
341 |
@@ -23117,7 +23125,7 @@ index 1e96c36..86f2033 100644 |
342 |
.endm |
343 |
|
344 |
zeroentry divide_error do_divide_error |
345 |
-@@ -1336,9 +1817,10 @@ gs_change: |
346 |
+@@ -1336,9 +1819,10 @@ gs_change: |
347 |
2: mfence /* workaround */ |
348 |
SWAPGS |
349 |
popfq_cfi |
350 |
@@ -23129,7 +23137,7 @@ index 1e96c36..86f2033 100644 |
351 |
|
352 |
_ASM_EXTABLE(gs_change,bad_gs) |
353 |
.section .fixup,"ax" |
354 |
-@@ -1366,9 +1848,10 @@ ENTRY(do_softirq_own_stack) |
355 |
+@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack) |
356 |
CFI_DEF_CFA_REGISTER rsp |
357 |
CFI_ADJUST_CFA_OFFSET -8 |
358 |
decl PER_CPU_VAR(irq_count) |
359 |
@@ -23141,7 +23149,7 @@ index 1e96c36..86f2033 100644 |
360 |
|
361 |
#ifdef CONFIG_XEN |
362 |
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback |
363 |
-@@ -1406,7 +1889,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
364 |
+@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
365 |
decl PER_CPU_VAR(irq_count) |
366 |
jmp error_exit |
367 |
CFI_ENDPROC |
368 |
@@ -23150,7 +23158,7 @@ index 1e96c36..86f2033 100644 |
369 |
|
370 |
/* |
371 |
* Hypervisor uses this for application faults while it executes. |
372 |
-@@ -1465,7 +1948,7 @@ ENTRY(xen_failsafe_callback) |
373 |
+@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback) |
374 |
SAVE_ALL |
375 |
jmp error_exit |
376 |
CFI_ENDPROC |
377 |
@@ -23159,7 +23167,7 @@ index 1e96c36..86f2033 100644 |
378 |
|
379 |
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ |
380 |
xen_hvm_callback_vector xen_evtchn_do_upcall |
381 |
-@@ -1517,18 +2000,33 @@ ENTRY(paranoid_exit) |
382 |
+@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit) |
383 |
DEFAULT_FRAME |
384 |
DISABLE_INTERRUPTS(CLBR_NONE) |
385 |
TRACE_IRQS_OFF_DEBUG |
386 |
@@ -23195,7 +23203,7 @@ index 1e96c36..86f2033 100644 |
387 |
jmp irq_return |
388 |
paranoid_userspace: |
389 |
GET_THREAD_INFO(%rcx) |
390 |
-@@ -1557,7 +2055,7 @@ paranoid_schedule: |
391 |
+@@ -1557,7 +2057,7 @@ paranoid_schedule: |
392 |
TRACE_IRQS_OFF |
393 |
jmp paranoid_userspace |
394 |
CFI_ENDPROC |
395 |
@@ -23204,7 +23212,7 @@ index 1e96c36..86f2033 100644 |
396 |
|
397 |
/* |
398 |
* Exception entry point. This expects an error code/orig_rax on the stack. |
399 |
-@@ -1584,12 +2082,23 @@ ENTRY(error_entry) |
400 |
+@@ -1584,12 +2084,23 @@ ENTRY(error_entry) |
401 |
movq_cfi r14, R14+8 |
402 |
movq_cfi r15, R15+8 |
403 |
xorl %ebx,%ebx |
404 |
@@ -23229,7 +23237,7 @@ index 1e96c36..86f2033 100644 |
405 |
ret |
406 |
|
407 |
/* |
408 |
-@@ -1616,7 +2125,7 @@ bstep_iret: |
409 |
+@@ -1616,7 +2127,7 @@ bstep_iret: |
410 |
movq %rcx,RIP+8(%rsp) |
411 |
jmp error_swapgs |
412 |
CFI_ENDPROC |
413 |
@@ -23238,7 +23246,7 @@ index 1e96c36..86f2033 100644 |
414 |
|
415 |
|
416 |
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ |
417 |
-@@ -1627,7 +2136,7 @@ ENTRY(error_exit) |
418 |
+@@ -1627,7 +2138,7 @@ ENTRY(error_exit) |
419 |
DISABLE_INTERRUPTS(CLBR_NONE) |
420 |
TRACE_IRQS_OFF |
421 |
GET_THREAD_INFO(%rcx) |
422 |
@@ -23247,7 +23255,7 @@ index 1e96c36..86f2033 100644 |
423 |
jne retint_kernel |
424 |
LOCKDEP_SYS_EXIT_IRQ |
425 |
movl TI_flags(%rcx),%edx |
426 |
-@@ -1636,7 +2145,7 @@ ENTRY(error_exit) |
427 |
+@@ -1636,7 +2147,7 @@ ENTRY(error_exit) |
428 |
jnz retint_careful |
429 |
jmp retint_swapgs |
430 |
CFI_ENDPROC |
431 |
@@ -23256,7 +23264,7 @@ index 1e96c36..86f2033 100644 |
432 |
|
433 |
/* |
434 |
* Test if a given stack is an NMI stack or not. |
435 |
-@@ -1694,9 +2203,11 @@ ENTRY(nmi) |
436 |
+@@ -1694,9 +2205,11 @@ ENTRY(nmi) |
437 |
* If %cs was not the kernel segment, then the NMI triggered in user |
438 |
* space, which means it is definitely not nested. |
439 |
*/ |
440 |
@@ -23269,7 +23277,7 @@ index 1e96c36..86f2033 100644 |
441 |
/* |
442 |
* Check the special variable on the stack to see if NMIs are |
443 |
* executing. |
444 |
-@@ -1730,8 +2241,7 @@ nested_nmi: |
445 |
+@@ -1730,8 +2243,7 @@ nested_nmi: |
446 |
|
447 |
1: |
448 |
/* Set up the interrupted NMIs stack to jump to repeat_nmi */ |
449 |
@@ -23279,7 +23287,7 @@ index 1e96c36..86f2033 100644 |
450 |
CFI_ADJUST_CFA_OFFSET 1*8 |
451 |
leaq -10*8(%rsp), %rdx |
452 |
pushq_cfi $__KERNEL_DS |
453 |
-@@ -1749,6 +2259,7 @@ nested_nmi_out: |
454 |
+@@ -1749,6 +2261,7 @@ nested_nmi_out: |
455 |
CFI_RESTORE rdx |
456 |
|
457 |
/* No need to check faults here */ |
458 |
@@ -23287,7 +23295,7 @@ index 1e96c36..86f2033 100644 |
459 |
INTERRUPT_RETURN |
460 |
|
461 |
CFI_RESTORE_STATE |
462 |
-@@ -1845,13 +2356,13 @@ end_repeat_nmi: |
463 |
+@@ -1845,13 +2358,13 @@ end_repeat_nmi: |
464 |
subq $ORIG_RAX-R15, %rsp |
465 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
466 |
/* |
467 |
@@ -23303,7 +23311,7 @@ index 1e96c36..86f2033 100644 |
468 |
DEFAULT_FRAME 0 |
469 |
|
470 |
/* |
471 |
-@@ -1861,9 +2372,9 @@ end_repeat_nmi: |
472 |
+@@ -1861,9 +2374,9 @@ end_repeat_nmi: |
473 |
* NMI itself takes a page fault, the page fault that was preempted |
474 |
* will read the information from the NMI page fault and not the |
475 |
* origin fault. Save it off and restore it if it changes. |
476 |
@@ -23315,7 +23323,7 @@ index 1e96c36..86f2033 100644 |
477 |
|
478 |
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ |
479 |
movq %rsp,%rdi |
480 |
-@@ -1872,31 +2383,36 @@ end_repeat_nmi: |
481 |
+@@ -1872,31 +2385,36 @@ end_repeat_nmi: |
482 |
|
483 |
/* Did the NMI take a page fault? Restore cr2 if it did */ |
484 |
movq %cr2, %rcx |
485 |
@@ -60888,6 +60896,81 @@ index 00ad1c2..2fde15e 100644 |
486 |
} |
487 |
|
488 |
void nfs_fattr_init(struct nfs_fattr *fattr) |
489 |
+diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c |
490 |
+index b4a160a..2b9bfba 100644 |
491 |
+--- a/fs/nfs/nfs4client.c |
492 |
++++ b/fs/nfs/nfs4client.c |
493 |
+@@ -409,13 +409,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, |
494 |
+ error = nfs4_discover_server_trunking(clp, &old); |
495 |
+ if (error < 0) |
496 |
+ goto error; |
497 |
+- nfs_put_client(clp); |
498 |
+- if (clp != old) { |
499 |
++ |
500 |
++ if (clp != old) |
501 |
+ clp->cl_preserve_clid = true; |
502 |
+- clp = old; |
503 |
+- } |
504 |
+- |
505 |
+- return clp; |
506 |
++ nfs_put_client(clp); |
507 |
++ return old; |
508 |
+ |
509 |
+ error: |
510 |
+ nfs_mark_client_ready(clp, error); |
511 |
+@@ -493,9 +491,10 @@ int nfs40_walk_client_list(struct nfs_client *new, |
512 |
+ prev = pos; |
513 |
+ |
514 |
+ status = nfs_wait_client_init_complete(pos); |
515 |
+- spin_lock(&nn->nfs_client_lock); |
516 |
+ if (status < 0) |
517 |
+- continue; |
518 |
++ goto out; |
519 |
++ status = -NFS4ERR_STALE_CLIENTID; |
520 |
++ spin_lock(&nn->nfs_client_lock); |
521 |
+ } |
522 |
+ if (pos->cl_cons_state != NFS_CS_READY) |
523 |
+ continue; |
524 |
+@@ -633,7 +632,8 @@ int nfs41_walk_client_list(struct nfs_client *new, |
525 |
+ } |
526 |
+ spin_lock(&nn->nfs_client_lock); |
527 |
+ if (status < 0) |
528 |
+- continue; |
529 |
++ break; |
530 |
++ status = -NFS4ERR_STALE_CLIENTID; |
531 |
+ } |
532 |
+ if (pos->cl_cons_state != NFS_CS_READY) |
533 |
+ continue; |
534 |
+diff --git a/fs/nfs/write.c b/fs/nfs/write.c |
535 |
+index c1d5482..6a85038 100644 |
536 |
+--- a/fs/nfs/write.c |
537 |
++++ b/fs/nfs/write.c |
538 |
+@@ -922,19 +922,20 @@ out: |
539 |
+ * extend the write to cover the entire page in order to avoid fragmentation |
540 |
+ * inefficiencies. |
541 |
+ * |
542 |
+- * If the file is opened for synchronous writes or if we have a write delegation |
543 |
+- * from the server then we can just skip the rest of the checks. |
544 |
++ * If the file is opened for synchronous writes then we can just skip the rest |
545 |
++ * of the checks. |
546 |
+ */ |
547 |
+ static int nfs_can_extend_write(struct file *file, struct page *page, struct inode *inode) |
548 |
+ { |
549 |
+ if (file->f_flags & O_DSYNC) |
550 |
+ return 0; |
551 |
++ if (!nfs_write_pageuptodate(page, inode)) |
552 |
++ return 0; |
553 |
+ if (NFS_PROTO(inode)->have_delegation(inode, FMODE_WRITE)) |
554 |
+ return 1; |
555 |
+- if (nfs_write_pageuptodate(page, inode) && (inode->i_flock == NULL || |
556 |
+- (inode->i_flock->fl_start == 0 && |
557 |
++ if (inode->i_flock == NULL || (inode->i_flock->fl_start == 0 && |
558 |
+ inode->i_flock->fl_end == OFFSET_MAX && |
559 |
+- inode->i_flock->fl_type != F_RDLCK))) |
560 |
++ inode->i_flock->fl_type != F_RDLCK)) |
561 |
+ return 1; |
562 |
+ return 0; |
563 |
+ } |
564 |
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c |
565 |
index 419572f..5414a23 100644 |
566 |
--- a/fs/nfsd/nfs4proc.c |
567 |
@@ -61054,7 +61137,7 @@ index e7bc1d7..06bd4bb 100644 |
568 |
} |
569 |
|
570 |
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c |
571 |
-index e44cb64..4807084 100644 |
572 |
+index e44cb64..7668ca4 100644 |
573 |
--- a/fs/notify/fanotify/fanotify_user.c |
574 |
+++ b/fs/notify/fanotify/fanotify_user.c |
575 |
@@ -253,8 +253,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, |
576 |
@@ -61068,6 +61151,18 @@ index e44cb64..4807084 100644 |
577 |
goto out_close_fd; |
578 |
|
579 |
ret = prepare_for_access_response(group, event, fd); |
580 |
+@@ -888,9 +888,9 @@ COMPAT_SYSCALL_DEFINE6(fanotify_mark, |
581 |
+ { |
582 |
+ return sys_fanotify_mark(fanotify_fd, flags, |
583 |
+ #ifdef __BIG_ENDIAN |
584 |
+- ((__u64)mask1 << 32) | mask0, |
585 |
+-#else |
586 |
+ ((__u64)mask0 << 32) | mask1, |
587 |
++#else |
588 |
++ ((__u64)mask1 << 32) | mask0, |
589 |
+ #endif |
590 |
+ dfd, pathname); |
591 |
+ } |
592 |
diff --git a/fs/notify/notification.c b/fs/notify/notification.c |
593 |
index 7b51b05..5ea5ef6 100644 |
594 |
--- a/fs/notify/notification.c |
595 |
@@ -80321,7 +80416,7 @@ index 429c199..4d42e38 100644 |
596 |
|
597 |
/* shm_mode upper byte flags */ |
598 |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
599 |
-index 6f69b3f..335b9b1 100644 |
600 |
+index 6f69b3f..71ac613 100644 |
601 |
--- a/include/linux/skbuff.h |
602 |
+++ b/include/linux/skbuff.h |
603 |
@@ -643,7 +643,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, |
604 |
@@ -80360,6 +80455,15 @@ index 6f69b3f..335b9b1 100644 |
605 |
} |
606 |
|
607 |
/** |
608 |
+@@ -1686,7 +1686,7 @@ static inline u32 skb_inner_network_header_len(const struct sk_buff *skb) |
609 |
+ return skb->inner_transport_header - skb->inner_network_header; |
610 |
+ } |
611 |
+ |
612 |
+-static inline int skb_network_offset(const struct sk_buff *skb) |
613 |
++static inline int __intentional_overflow(0) skb_network_offset(const struct sk_buff *skb) |
614 |
+ { |
615 |
+ return skb_network_header(skb) - skb->data; |
616 |
+ } |
617 |
@@ -1746,7 +1746,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) |
618 |
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) |
619 |
*/ |
620 |
@@ -100164,7 +100268,7 @@ index 008cdad..6f17474 100644 |
621 |
/* make a copy for the caller */ |
622 |
*handle = ctxh; |
623 |
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c |
624 |
-index f09b7db..262b98a 100644 |
625 |
+index f09b7db..393c39e 100644 |
626 |
--- a/net/sunrpc/clnt.c |
627 |
+++ b/net/sunrpc/clnt.c |
628 |
@@ -1415,7 +1415,9 @@ call_start(struct rpc_task *task) |
629 |
@@ -100178,6 +100282,22 @@ index f09b7db..262b98a 100644 |
630 |
clnt->cl_stats->rpccnt++; |
631 |
task->tk_action = call_reserve; |
632 |
} |
633 |
+@@ -1529,9 +1531,13 @@ call_refreshresult(struct rpc_task *task) |
634 |
+ task->tk_action = call_refresh; |
635 |
+ switch (status) { |
636 |
+ case 0: |
637 |
+- if (rpcauth_uptodatecred(task)) |
638 |
++ if (rpcauth_uptodatecred(task)) { |
639 |
+ task->tk_action = call_allocate; |
640 |
+- return; |
641 |
++ return; |
642 |
++ } |
643 |
++ /* Use rate-limiting and a max number of retries if refresh |
644 |
++ * had status 0 but failed to update the cred. |
645 |
++ */ |
646 |
+ case -ETIMEDOUT: |
647 |
+ rpc_delay(task, 3*HZ); |
648 |
+ case -EAGAIN: |
649 |
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c |
650 |
index ff3cc4b..7612a9e 100644 |
651 |
--- a/net/sunrpc/sched.c |
652 |
|
653 |
diff --git a/3.2.54/0000_README b/3.2.54/0000_README |
654 |
index 2c130eb..1673fee 100644 |
655 |
--- a/3.2.54/0000_README |
656 |
+++ b/3.2.54/0000_README |
657 |
@@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch |
658 |
From: http://www.kernel.org |
659 |
Desc: Linux 3.2.54 |
660 |
|
661 |
-Patch: 4420_grsecurity-3.0-3.2.54-201401272346.patch |
662 |
+Patch: 4420_grsecurity-3.0-3.2.54-201401281850.patch |
663 |
From: http://www.grsecurity.net |
664 |
Desc: hardened-sources base patch from upstream grsecurity |
665 |
|
666 |
|
667 |
diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201401272346.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201401281850.patch |
668 |
similarity index 99% |
669 |
rename from 3.2.54/4420_grsecurity-3.0-3.2.54-201401272346.patch |
670 |
rename to 3.2.54/4420_grsecurity-3.0-3.2.54-201401281850.patch |
671 |
index 3607efc..70f1c6f 100644 |
672 |
--- a/3.2.54/4420_grsecurity-3.0-3.2.54-201401272346.patch |
673 |
+++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201401281850.patch |
674 |
@@ -18505,7 +18505,7 @@ index d2d488b8..a4f589f 100644 |
675 |
|
676 |
/* |
677 |
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
678 |
-index 6274f5f..5eb09cb 100644 |
679 |
+index 6274f5f..7b23dca 100644 |
680 |
--- a/arch/x86/kernel/entry_64.S |
681 |
+++ b/arch/x86/kernel/entry_64.S |
682 |
@@ -55,6 +55,8 @@ |
683 |
@@ -18918,7 +18918,24 @@ index 6274f5f..5eb09cb 100644 |
684 |
je 1f |
685 |
SWAPGS |
686 |
/* |
687 |
-@@ -345,19 +633,22 @@ ENDPROC(native_usergs_sysret64) |
688 |
+@@ -340,24 +628,39 @@ ENDPROC(native_usergs_sysret64) |
689 |
+ 0x06 /* DW_OP_deref */, \ |
690 |
+ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ |
691 |
+ 0x22 /* DW_OP_plus */ |
692 |
++ |
693 |
++#ifdef CONFIG_PAX_MEMORY_UDEREF |
694 |
++ testb $3, CS(%rdi) |
695 |
++ jnz 1f |
696 |
++ pax_enter_kernel |
697 |
++ jmp 2f |
698 |
++1: pax_enter_kernel_user |
699 |
++2: |
700 |
++#else |
701 |
++ pax_enter_kernel |
702 |
++#endif |
703 |
++ |
704 |
+ /* We entered an interrupt context - irqs are off: */ |
705 |
+ TRACE_IRQS_OFF |
706 |
.endm |
707 |
|
708 |
ENTRY(save_rest) |
709 |
@@ -18945,7 +18962,7 @@ index 6274f5f..5eb09cb 100644 |
710 |
|
711 |
/* save complete stack frame */ |
712 |
.pushsection .kprobes.text, "ax" |
713 |
-@@ -386,10 +677,21 @@ ENTRY(save_paranoid) |
714 |
+@@ -386,10 +689,21 @@ ENTRY(save_paranoid) |
715 |
js 1f /* negative -> in kernel */ |
716 |
SWAPGS |
717 |
xorl %ebx,%ebx |
718 |
@@ -18970,7 +18987,7 @@ index 6274f5f..5eb09cb 100644 |
719 |
|
720 |
/* |
721 |
* A newly forked process directly context switches into this address. |
722 |
-@@ -410,7 +712,7 @@ ENTRY(ret_from_fork) |
723 |
+@@ -410,7 +724,7 @@ ENTRY(ret_from_fork) |
724 |
|
725 |
RESTORE_REST |
726 |
|
727 |
@@ -18979,7 +18996,7 @@ index 6274f5f..5eb09cb 100644 |
728 |
je int_ret_from_sys_call |
729 |
|
730 |
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET |
731 |
-@@ -420,7 +722,7 @@ ENTRY(ret_from_fork) |
732 |
+@@ -420,7 +734,7 @@ ENTRY(ret_from_fork) |
733 |
jmp ret_from_sys_call # go to the SYSRET fastpath |
734 |
|
735 |
CFI_ENDPROC |
736 |
@@ -18988,7 +19005,7 @@ index 6274f5f..5eb09cb 100644 |
737 |
|
738 |
/* |
739 |
* System call entry. Up to 6 arguments in registers are supported. |
740 |
-@@ -456,7 +758,7 @@ END(ret_from_fork) |
741 |
+@@ -456,7 +770,7 @@ END(ret_from_fork) |
742 |
ENTRY(system_call) |
743 |
CFI_STARTPROC simple |
744 |
CFI_SIGNAL_FRAME |
745 |
@@ -18997,7 +19014,7 @@ index 6274f5f..5eb09cb 100644 |
746 |
CFI_REGISTER rip,rcx |
747 |
/*CFI_REGISTER rflags,r11*/ |
748 |
SWAPGS_UNSAFE_STACK |
749 |
-@@ -469,12 +771,18 @@ ENTRY(system_call_after_swapgs) |
750 |
+@@ -469,12 +783,18 @@ ENTRY(system_call_after_swapgs) |
751 |
|
752 |
movq %rsp,PER_CPU_VAR(old_rsp) |
753 |
movq PER_CPU_VAR(kernel_stack),%rsp |
754 |
@@ -19017,7 +19034,7 @@ index 6274f5f..5eb09cb 100644 |
755 |
movq %rax,ORIG_RAX-ARGOFFSET(%rsp) |
756 |
movq %rcx,RIP-ARGOFFSET(%rsp) |
757 |
CFI_REL_OFFSET rip,RIP-ARGOFFSET |
758 |
-@@ -503,6 +811,8 @@ sysret_check: |
759 |
+@@ -503,6 +823,8 @@ sysret_check: |
760 |
andl %edi,%edx |
761 |
jnz sysret_careful |
762 |
CFI_REMEMBER_STATE |
763 |
@@ -19026,7 +19043,7 @@ index 6274f5f..5eb09cb 100644 |
764 |
/* |
765 |
* sysretq will re-enable interrupts: |
766 |
*/ |
767 |
-@@ -561,6 +871,9 @@ auditsys: |
768 |
+@@ -561,6 +883,9 @@ auditsys: |
769 |
movq %rax,%rsi /* 2nd arg: syscall number */ |
770 |
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ |
771 |
call audit_syscall_entry |
772 |
@@ -19036,7 +19053,7 @@ index 6274f5f..5eb09cb 100644 |
773 |
LOAD_ARGS 0 /* reload call-clobbered registers */ |
774 |
jmp system_call_fastpath |
775 |
|
776 |
-@@ -591,12 +904,15 @@ tracesys: |
777 |
+@@ -591,12 +916,15 @@ tracesys: |
778 |
FIXUP_TOP_OF_STACK %rdi |
779 |
movq %rsp,%rdi |
780 |
call syscall_trace_enter |
781 |
@@ -19053,7 +19070,7 @@ index 6274f5f..5eb09cb 100644 |
782 |
RESTORE_REST |
783 |
cmpq $__NR_syscall_max,%rax |
784 |
ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ |
785 |
-@@ -612,7 +928,7 @@ tracesys: |
786 |
+@@ -612,7 +940,7 @@ tracesys: |
787 |
GLOBAL(int_ret_from_sys_call) |
788 |
DISABLE_INTERRUPTS(CLBR_NONE) |
789 |
TRACE_IRQS_OFF |
790 |
@@ -19062,7 +19079,7 @@ index 6274f5f..5eb09cb 100644 |
791 |
je retint_restore_args |
792 |
movl $_TIF_ALLWORK_MASK,%edi |
793 |
/* edi: mask to check */ |
794 |
-@@ -623,7 +939,9 @@ GLOBAL(int_with_check) |
795 |
+@@ -623,7 +951,9 @@ GLOBAL(int_with_check) |
796 |
andl %edi,%edx |
797 |
jnz int_careful |
798 |
andl $~TS_COMPAT,TI_status(%rcx) |
799 |
@@ -19073,7 +19090,7 @@ index 6274f5f..5eb09cb 100644 |
800 |
|
801 |
/* Either reschedule or signal or syscall exit tracking needed. */ |
802 |
/* First do a reschedule test. */ |
803 |
-@@ -669,7 +987,7 @@ int_restore_rest: |
804 |
+@@ -669,7 +999,7 @@ int_restore_rest: |
805 |
TRACE_IRQS_OFF |
806 |
jmp int_with_check |
807 |
CFI_ENDPROC |
808 |
@@ -19082,7 +19099,7 @@ index 6274f5f..5eb09cb 100644 |
809 |
|
810 |
/* |
811 |
* Certain special system calls that need to save a complete full stack frame. |
812 |
-@@ -677,15 +995,13 @@ END(system_call) |
813 |
+@@ -677,15 +1007,13 @@ END(system_call) |
814 |
.macro PTREGSCALL label,func,arg |
815 |
ENTRY(\label) |
816 |
PARTIAL_FRAME 1 8 /* offset 8: return address */ |
817 |
@@ -19099,7 +19116,7 @@ index 6274f5f..5eb09cb 100644 |
818 |
.endm |
819 |
|
820 |
PTREGSCALL stub_clone, sys_clone, %r8 |
821 |
-@@ -700,12 +1016,17 @@ ENTRY(ptregscall_common) |
822 |
+@@ -700,12 +1028,17 @@ ENTRY(ptregscall_common) |
823 |
movq_cfi_restore R15+8, r15 |
824 |
movq_cfi_restore R14+8, r14 |
825 |
movq_cfi_restore R13+8, r13 |
826 |
@@ -19119,7 +19136,7 @@ index 6274f5f..5eb09cb 100644 |
827 |
|
828 |
ENTRY(stub_execve) |
829 |
CFI_STARTPROC |
830 |
-@@ -720,7 +1041,7 @@ ENTRY(stub_execve) |
831 |
+@@ -720,7 +1053,7 @@ ENTRY(stub_execve) |
832 |
RESTORE_REST |
833 |
jmp int_ret_from_sys_call |
834 |
CFI_ENDPROC |
835 |
@@ -19128,7 +19145,7 @@ index 6274f5f..5eb09cb 100644 |
836 |
|
837 |
/* |
838 |
* sigreturn is special because it needs to restore all registers on return. |
839 |
-@@ -738,7 +1059,7 @@ ENTRY(stub_rt_sigreturn) |
840 |
+@@ -738,7 +1071,7 @@ ENTRY(stub_rt_sigreturn) |
841 |
RESTORE_REST |
842 |
jmp int_ret_from_sys_call |
843 |
CFI_ENDPROC |
844 |
@@ -19137,7 +19154,7 @@ index 6274f5f..5eb09cb 100644 |
845 |
|
846 |
/* |
847 |
* Build the entry stubs and pointer table with some assembler magic. |
848 |
-@@ -773,7 +1094,7 @@ vector=vector+1 |
849 |
+@@ -773,7 +1106,7 @@ vector=vector+1 |
850 |
2: jmp common_interrupt |
851 |
.endr |
852 |
CFI_ENDPROC |
853 |
@@ -19146,7 +19163,7 @@ index 6274f5f..5eb09cb 100644 |
854 |
|
855 |
.previous |
856 |
END(interrupt) |
857 |
-@@ -790,9 +1111,19 @@ END(interrupt) |
858 |
+@@ -790,8 +1123,8 @@ END(interrupt) |
859 |
/* 0(%rsp): ~(interrupt number) */ |
860 |
.macro interrupt func |
861 |
/* reserve pt_regs for scratch regs and rbp */ |
862 |
@@ -19155,20 +19172,9 @@ index 6274f5f..5eb09cb 100644 |
863 |
+ subq $ORIG_RAX, %rsp |
864 |
+ CFI_ADJUST_CFA_OFFSET ORIG_RAX |
865 |
SAVE_ARGS_IRQ |
866 |
-+#ifdef CONFIG_PAX_MEMORY_UDEREF |
867 |
-+ testb $3, CS(%rdi) |
868 |
-+ jnz 1f |
869 |
-+ pax_enter_kernel |
870 |
-+ jmp 2f |
871 |
-+1: pax_enter_kernel_user |
872 |
-+2: |
873 |
-+#else |
874 |
-+ pax_enter_kernel |
875 |
-+#endif |
876 |
call \func |
877 |
.endm |
878 |
- |
879 |
-@@ -818,13 +1149,13 @@ ret_from_intr: |
880 |
+@@ -818,13 +1151,13 @@ ret_from_intr: |
881 |
/* Restore saved previous stack */ |
882 |
popq %rsi |
883 |
CFI_DEF_CFA_REGISTER rsi |
884 |
@@ -19185,7 +19191,7 @@ index 6274f5f..5eb09cb 100644 |
885 |
je retint_kernel |
886 |
|
887 |
/* Interrupt came from user space */ |
888 |
-@@ -846,12 +1177,16 @@ retint_swapgs: /* return to user-space */ |
889 |
+@@ -846,12 +1179,16 @@ retint_swapgs: /* return to user-space */ |
890 |
* The iretq could re-enable interrupts: |
891 |
*/ |
892 |
DISABLE_INTERRUPTS(CLBR_ANY) |
893 |
@@ -19202,7 +19208,7 @@ index 6274f5f..5eb09cb 100644 |
894 |
/* |
895 |
* The iretq could re-enable interrupts: |
896 |
*/ |
897 |
-@@ -940,7 +1275,7 @@ ENTRY(retint_kernel) |
898 |
+@@ -940,7 +1277,7 @@ ENTRY(retint_kernel) |
899 |
#endif |
900 |
|
901 |
CFI_ENDPROC |
902 |
@@ -19211,7 +19217,7 @@ index 6274f5f..5eb09cb 100644 |
903 |
/* |
904 |
* End of kprobes section |
905 |
*/ |
906 |
-@@ -956,7 +1291,7 @@ ENTRY(\sym) |
907 |
+@@ -956,7 +1293,7 @@ ENTRY(\sym) |
908 |
interrupt \do_sym |
909 |
jmp ret_from_intr |
910 |
CFI_ENDPROC |
911 |
@@ -19220,7 +19226,7 @@ index 6274f5f..5eb09cb 100644 |
912 |
.endm |
913 |
|
914 |
#ifdef CONFIG_SMP |
915 |
-@@ -1026,7 +1361,7 @@ ENTRY(\sym) |
916 |
+@@ -1026,7 +1363,7 @@ ENTRY(\sym) |
917 |
call \do_sym |
918 |
jmp error_exit /* %ebx: no swapgs flag */ |
919 |
CFI_ENDPROC |
920 |
@@ -19229,7 +19235,7 @@ index 6274f5f..5eb09cb 100644 |
921 |
.endm |
922 |
|
923 |
.macro paranoidzeroentry sym do_sym |
924 |
-@@ -1043,10 +1378,10 @@ ENTRY(\sym) |
925 |
+@@ -1043,10 +1380,10 @@ ENTRY(\sym) |
926 |
call \do_sym |
927 |
jmp paranoid_exit /* %ebx: no swapgs flag */ |
928 |
CFI_ENDPROC |
929 |
@@ -19242,7 +19248,7 @@ index 6274f5f..5eb09cb 100644 |
930 |
.macro paranoidzeroentry_ist sym do_sym ist |
931 |
ENTRY(\sym) |
932 |
INTR_FRAME |
933 |
-@@ -1058,12 +1393,18 @@ ENTRY(\sym) |
934 |
+@@ -1058,12 +1395,18 @@ ENTRY(\sym) |
935 |
TRACE_IRQS_OFF |
936 |
movq %rsp,%rdi /* pt_regs pointer */ |
937 |
xorl %esi,%esi /* no error code */ |
938 |
@@ -19262,7 +19268,7 @@ index 6274f5f..5eb09cb 100644 |
939 |
.endm |
940 |
|
941 |
.macro errorentry sym do_sym |
942 |
-@@ -1080,7 +1421,7 @@ ENTRY(\sym) |
943 |
+@@ -1080,7 +1423,7 @@ ENTRY(\sym) |
944 |
call \do_sym |
945 |
jmp error_exit /* %ebx: no swapgs flag */ |
946 |
CFI_ENDPROC |
947 |
@@ -19271,7 +19277,7 @@ index 6274f5f..5eb09cb 100644 |
948 |
.endm |
949 |
|
950 |
/* error code is on the stack already */ |
951 |
-@@ -1099,7 +1440,7 @@ ENTRY(\sym) |
952 |
+@@ -1099,7 +1442,7 @@ ENTRY(\sym) |
953 |
call \do_sym |
954 |
jmp paranoid_exit /* %ebx: no swapgs flag */ |
955 |
CFI_ENDPROC |
956 |
@@ -19280,7 +19286,7 @@ index 6274f5f..5eb09cb 100644 |
957 |
.endm |
958 |
|
959 |
zeroentry divide_error do_divide_error |
960 |
-@@ -1129,9 +1470,10 @@ gs_change: |
961 |
+@@ -1129,9 +1472,10 @@ gs_change: |
962 |
2: mfence /* workaround */ |
963 |
SWAPGS |
964 |
popfq_cfi |
965 |
@@ -19292,7 +19298,7 @@ index 6274f5f..5eb09cb 100644 |
966 |
|
967 |
.section __ex_table,"a" |
968 |
.align 8 |
969 |
-@@ -1153,13 +1495,14 @@ ENTRY(kernel_thread_helper) |
970 |
+@@ -1153,13 +1497,14 @@ ENTRY(kernel_thread_helper) |
971 |
* Here we are in the child and the registers are set as they were |
972 |
* at kernel_thread() invocation in the parent. |
973 |
*/ |
974 |
@@ -19308,7 +19314,7 @@ index 6274f5f..5eb09cb 100644 |
975 |
|
976 |
/* |
977 |
* execve(). This function needs to use IRET, not SYSRET, to set up all state properly. |
978 |
-@@ -1186,11 +1529,11 @@ ENTRY(kernel_execve) |
979 |
+@@ -1186,11 +1531,11 @@ ENTRY(kernel_execve) |
980 |
RESTORE_REST |
981 |
testq %rax,%rax |
982 |
je int_ret_from_sys_call |
983 |
@@ -19322,7 +19328,7 @@ index 6274f5f..5eb09cb 100644 |
984 |
|
985 |
/* Call softirq on interrupt stack. Interrupts are off. */ |
986 |
ENTRY(call_softirq) |
987 |
-@@ -1208,9 +1551,10 @@ ENTRY(call_softirq) |
988 |
+@@ -1208,9 +1553,10 @@ ENTRY(call_softirq) |
989 |
CFI_DEF_CFA_REGISTER rsp |
990 |
CFI_ADJUST_CFA_OFFSET -8 |
991 |
decl PER_CPU_VAR(irq_count) |
992 |
@@ -19334,7 +19340,7 @@ index 6274f5f..5eb09cb 100644 |
993 |
|
994 |
#ifdef CONFIG_XEN |
995 |
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback |
996 |
-@@ -1248,7 +1592,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
997 |
+@@ -1248,7 +1594,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
998 |
decl PER_CPU_VAR(irq_count) |
999 |
jmp error_exit |
1000 |
CFI_ENDPROC |
1001 |
@@ -19343,7 +19349,7 @@ index 6274f5f..5eb09cb 100644 |
1002 |
|
1003 |
/* |
1004 |
* Hypervisor uses this for application faults while it executes. |
1005 |
-@@ -1307,7 +1651,7 @@ ENTRY(xen_failsafe_callback) |
1006 |
+@@ -1307,7 +1653,7 @@ ENTRY(xen_failsafe_callback) |
1007 |
SAVE_ALL |
1008 |
jmp error_exit |
1009 |
CFI_ENDPROC |
1010 |
@@ -19352,7 +19358,7 @@ index 6274f5f..5eb09cb 100644 |
1011 |
|
1012 |
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ |
1013 |
xen_hvm_callback_vector xen_evtchn_do_upcall |
1014 |
-@@ -1356,16 +1700,31 @@ ENTRY(paranoid_exit) |
1015 |
+@@ -1356,16 +1702,31 @@ ENTRY(paranoid_exit) |
1016 |
TRACE_IRQS_OFF |
1017 |
testl %ebx,%ebx /* swapgs needed? */ |
1018 |
jnz paranoid_restore |
1019 |
@@ -19385,7 +19391,7 @@ index 6274f5f..5eb09cb 100644 |
1020 |
jmp irq_return |
1021 |
paranoid_userspace: |
1022 |
GET_THREAD_INFO(%rcx) |
1023 |
-@@ -1394,7 +1753,7 @@ paranoid_schedule: |
1024 |
+@@ -1394,7 +1755,7 @@ paranoid_schedule: |
1025 |
TRACE_IRQS_OFF |
1026 |
jmp paranoid_userspace |
1027 |
CFI_ENDPROC |
1028 |
@@ -19394,7 +19400,7 @@ index 6274f5f..5eb09cb 100644 |
1029 |
|
1030 |
/* |
1031 |
* Exception entry point. This expects an error code/orig_rax on the stack. |
1032 |
-@@ -1421,12 +1780,23 @@ ENTRY(error_entry) |
1033 |
+@@ -1421,12 +1782,23 @@ ENTRY(error_entry) |
1034 |
movq_cfi r14, R14+8 |
1035 |
movq_cfi r15, R15+8 |
1036 |
xorl %ebx,%ebx |
1037 |
@@ -19419,7 +19425,7 @@ index 6274f5f..5eb09cb 100644 |
1038 |
ret |
1039 |
|
1040 |
/* |
1041 |
-@@ -1453,7 +1823,7 @@ bstep_iret: |
1042 |
+@@ -1453,7 +1825,7 @@ bstep_iret: |
1043 |
movq %rcx,RIP+8(%rsp) |
1044 |
jmp error_swapgs |
1045 |
CFI_ENDPROC |
1046 |
@@ -19428,7 +19434,7 @@ index 6274f5f..5eb09cb 100644 |
1047 |
|
1048 |
|
1049 |
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ |
1050 |
-@@ -1473,7 +1843,7 @@ ENTRY(error_exit) |
1051 |
+@@ -1473,7 +1845,7 @@ ENTRY(error_exit) |
1052 |
jnz retint_careful |
1053 |
jmp retint_swapgs |
1054 |
CFI_ENDPROC |
1055 |
@@ -19437,7 +19443,7 @@ index 6274f5f..5eb09cb 100644 |
1056 |
|
1057 |
|
1058 |
/* runs on exception stack */ |
1059 |
-@@ -1485,6 +1855,7 @@ ENTRY(nmi) |
1060 |
+@@ -1485,6 +1857,7 @@ ENTRY(nmi) |
1061 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
1062 |
call save_paranoid |
1063 |
DEFAULT_FRAME 0 |
1064 |
@@ -19445,7 +19451,7 @@ index 6274f5f..5eb09cb 100644 |
1065 |
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ |
1066 |
movq %rsp,%rdi |
1067 |
movq $-1,%rsi |
1068 |
-@@ -1495,12 +1866,28 @@ ENTRY(nmi) |
1069 |
+@@ -1495,12 +1868,28 @@ ENTRY(nmi) |
1070 |
DISABLE_INTERRUPTS(CLBR_NONE) |
1071 |
testl %ebx,%ebx /* swapgs needed? */ |
1072 |
jnz nmi_restore |
1073 |
@@ -19475,7 +19481,7 @@ index 6274f5f..5eb09cb 100644 |
1074 |
jmp irq_return |
1075 |
nmi_userspace: |
1076 |
GET_THREAD_INFO(%rcx) |
1077 |
-@@ -1529,14 +1916,14 @@ nmi_schedule: |
1078 |
+@@ -1529,14 +1918,14 @@ nmi_schedule: |
1079 |
jmp paranoid_exit |
1080 |
CFI_ENDPROC |
1081 |
#endif |
1082 |
@@ -78391,7 +78397,7 @@ index 92808b8..c28cac4 100644 |
1083 |
|
1084 |
/* shm_mode upper byte flags */ |
1085 |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
1086 |
-index 85180bf..cc75886 100644 |
1087 |
+index 85180bf..78919aa 100644 |
1088 |
--- a/include/linux/skbuff.h |
1089 |
+++ b/include/linux/skbuff.h |
1090 |
@@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb); |
1091 |
@@ -78430,6 +78436,15 @@ index 85180bf..cc75886 100644 |
1092 |
} |
1093 |
|
1094 |
/** |
1095 |
+@@ -1506,7 +1506,7 @@ static inline u32 skb_network_header_len(const struct sk_buff *skb) |
1096 |
+ return skb->transport_header - skb->network_header; |
1097 |
+ } |
1098 |
+ |
1099 |
+-static inline int skb_network_offset(const struct sk_buff *skb) |
1100 |
++static inline int __intentional_overflow(0) skb_network_offset(const struct sk_buff *skb) |
1101 |
+ { |
1102 |
+ return skb_network_header(skb) - skb->data; |
1103 |
+ } |
1104 |
@@ -1561,7 +1561,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) |
1105 |
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) |
1106 |
*/ |
1107 |
@@ -100385,7 +100400,7 @@ index d4faade..1c51abc 100644 |
1108 |
set_fs(KERNEL_DS); |
1109 |
if (level == SOL_SOCKET) |
1110 |
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c |
1111 |
-index b2250da..db374b7 100644 |
1112 |
+index b2250da..2680674 100644 |
1113 |
--- a/net/sunrpc/clnt.c |
1114 |
+++ b/net/sunrpc/clnt.c |
1115 |
@@ -163,10 +163,8 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru |
1116 |
@@ -100423,6 +100438,22 @@ index b2250da..db374b7 100644 |
1117 |
clnt->cl_stats->rpccnt++; |
1118 |
task->tk_action = call_reserve; |
1119 |
} |
1120 |
+@@ -1002,9 +1001,13 @@ call_refreshresult(struct rpc_task *task) |
1121 |
+ task->tk_action = call_refresh; |
1122 |
+ switch (status) { |
1123 |
+ case 0: |
1124 |
+- if (rpcauth_uptodatecred(task)) |
1125 |
++ if (rpcauth_uptodatecred(task)) { |
1126 |
+ task->tk_action = call_allocate; |
1127 |
+- return; |
1128 |
++ return; |
1129 |
++ } |
1130 |
++ /* Use rate-limiting and a max number of retries if refresh |
1131 |
++ * had status 0 but failed to update the cred. |
1132 |
++ */ |
1133 |
+ case -ETIMEDOUT: |
1134 |
+ rpc_delay(task, 3*HZ); |
1135 |
+ case -EAGAIN: |
1136 |
diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c |
1137 |
index bfddd68..567429b 100644 |
1138 |
--- a/net/sunrpc/rpc_pipe.c |
1139 |
|
1140 |
diff --git a/3.2.54/4475_emutramp_default_on.patch b/3.2.54/4475_emutramp_default_on.patch |
1141 |
index cfde6f8..df700e6 100644 |
1142 |
--- a/3.2.54/4475_emutramp_default_on.patch |
1143 |
+++ b/3.2.54/4475_emutramp_default_on.patch |
1144 |
@@ -10,7 +10,7 @@ See bug: |
1145 |
diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig |
1146 |
--- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400 |
1147 |
+++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400 |
1148 |
-@@ -427,7 +427,7 @@ |
1149 |
+@@ -426,7 +426,7 @@ |
1150 |
|
1151 |
config PAX_EMUTRAMP |
1152 |
bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) |