1 |
commit: faf75b3fcbabeaab23af0a979389878c0f945e36 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 29 03:49:37 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 29 03:49:37 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=faf75b3f |
7 |
|
8 |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.2}-201208271906 |
9 |
|
10 |
--- |
11 |
2.6.32/0000_README | 2 +- |
12 |
..._grsecurity-2.9.1-2.6.32.59-201208271903.patch} | 380 +++++++++++------- |
13 |
3.2.28/0000_README | 2 +- |
14 |
...420_grsecurity-2.9.1-3.2.28-201208271905.patch} | 419 ++++++++++++-------- |
15 |
3.5.2/0000_README | 2 +- |
16 |
...4420_grsecurity-2.9.1-3.5.3-201208271906.patch} | 175 ++++++--- |
17 |
6 files changed, 600 insertions(+), 380 deletions(-) |
18 |
|
19 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
20 |
index 9c19fa1..16680e5 100644 |
21 |
--- a/2.6.32/0000_README |
22 |
+++ b/2.6.32/0000_README |
23 |
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch |
24 |
From: http://www.kernel.org |
25 |
Desc: Linux 2.6.32.59 |
26 |
|
27 |
-Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch |
28 |
+Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch |
29 |
From: http://www.grsecurity.net |
30 |
Desc: hardened-sources base patch from upstream grsecurity |
31 |
|
32 |
|
33 |
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch |
34 |
similarity index 99% |
35 |
rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch |
36 |
rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch |
37 |
index da02455..63a8206 100644 |
38 |
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch |
39 |
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch |
40 |
@@ -4802,6 +4802,26 @@ index b97c2d6..dd01a6a 100644 |
41 |
} |
42 |
return error; |
43 |
} |
44 |
+diff --git a/arch/powerpc/kernel/syscalls.c b/arch/powerpc/kernel/syscalls.c |
45 |
+index 3370e62..527c659 100644 |
46 |
+--- a/arch/powerpc/kernel/syscalls.c |
47 |
++++ b/arch/powerpc/kernel/syscalls.c |
48 |
+@@ -201,11 +201,11 @@ long ppc64_personality(unsigned long personality) |
49 |
+ long ret; |
50 |
+ |
51 |
+ if (personality(current->personality) == PER_LINUX32 |
52 |
+- && personality == PER_LINUX) |
53 |
+- personality = PER_LINUX32; |
54 |
++ && personality(personality) == PER_LINUX) |
55 |
++ personality = (personality & ~PER_MASK) | PER_LINUX32; |
56 |
+ ret = sys_personality(personality); |
57 |
+- if (ret == PER_LINUX32) |
58 |
+- ret = PER_LINUX; |
59 |
++ if (personality(ret) == PER_LINUX32) |
60 |
++ ret = (ret & ~PER_MASK) | PER_LINUX; |
61 |
+ return ret; |
62 |
+ } |
63 |
+ #endif |
64 |
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c |
65 |
index 6f0ae1a..e4b6a56 100644 |
66 |
--- a/arch/powerpc/kernel/traps.c |
67 |
@@ -9657,7 +9677,7 @@ index 588a7aa..a3468b0 100644 |
68 |
|
69 |
if (err) |
70 |
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S |
71 |
-index 4edd8eb..29124b4 100644 |
72 |
+index 4edd8eb..273579e 100644 |
73 |
--- a/arch/x86/ia32/ia32entry.S |
74 |
+++ b/arch/x86/ia32/ia32entry.S |
75 |
@@ -13,7 +13,9 @@ |
76 |
@@ -9716,7 +9736,7 @@ index 4edd8eb..29124b4 100644 |
77 |
movl %ebp,%ebp /* zero extension */ |
78 |
pushq $__USER32_DS |
79 |
CFI_ADJUST_CFA_OFFSET 8 |
80 |
-@@ -135,28 +157,42 @@ ENTRY(ia32_sysenter_target) |
81 |
+@@ -135,28 +157,47 @@ ENTRY(ia32_sysenter_target) |
82 |
pushfq |
83 |
CFI_ADJUST_CFA_OFFSET 8 |
84 |
/*CFI_REL_OFFSET rflags,0*/ |
85 |
@@ -9739,6 +9759,11 @@ index 4edd8eb..29124b4 100644 |
86 |
cld |
87 |
SAVE_ARGS 0,0,1 |
88 |
+ pax_enter_kernel_user |
89 |
++ |
90 |
++#ifdef CONFIG_PAX_RANDKSTACK |
91 |
++ pax_erase_kstack |
92 |
++#endif |
93 |
++ |
94 |
+ /* |
95 |
+ * No need to follow this irqs on/off section: the syscall |
96 |
+ * disabled irqs, here we enable it straight after entry: |
97 |
@@ -9765,7 +9790,7 @@ index 4edd8eb..29124b4 100644 |
98 |
CFI_REMEMBER_STATE |
99 |
jnz sysenter_tracesys |
100 |
cmpq $(IA32_NR_syscalls-1),%rax |
101 |
-@@ -166,13 +202,15 @@ sysenter_do_call: |
102 |
+@@ -166,13 +207,15 @@ sysenter_do_call: |
103 |
sysenter_dispatch: |
104 |
call *ia32_sys_call_table(,%rax,8) |
105 |
movq %rax,RAX-ARGOFFSET(%rsp) |
106 |
@@ -9784,7 +9809,7 @@ index 4edd8eb..29124b4 100644 |
107 |
/* clear IF, that popfq doesn't enable interrupts early */ |
108 |
andl $~0x200,EFLAGS-R11(%rsp) |
109 |
movl RIP-R11(%rsp),%edx /* User %eip */ |
110 |
-@@ -200,6 +238,9 @@ sysexit_from_sys_call: |
111 |
+@@ -200,6 +243,9 @@ sysexit_from_sys_call: |
112 |
movl %eax,%esi /* 2nd arg: syscall number */ |
113 |
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ |
114 |
call audit_syscall_entry |
115 |
@@ -9794,7 +9819,7 @@ index 4edd8eb..29124b4 100644 |
116 |
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ |
117 |
cmpq $(IA32_NR_syscalls-1),%rax |
118 |
ja ia32_badsys |
119 |
-@@ -211,7 +252,7 @@ sysexit_from_sys_call: |
120 |
+@@ -211,7 +257,7 @@ sysexit_from_sys_call: |
121 |
.endm |
122 |
|
123 |
.macro auditsys_exit exit |
124 |
@@ -9803,7 +9828,7 @@ index 4edd8eb..29124b4 100644 |
125 |
jnz ia32_ret_from_sys_call |
126 |
TRACE_IRQS_ON |
127 |
sti |
128 |
-@@ -221,12 +262,12 @@ sysexit_from_sys_call: |
129 |
+@@ -221,12 +267,12 @@ sysexit_from_sys_call: |
130 |
movzbl %al,%edi /* zero-extend that into %edi */ |
131 |
inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ |
132 |
call audit_syscall_exit |
133 |
@@ -9818,7 +9843,7 @@ index 4edd8eb..29124b4 100644 |
134 |
jz \exit |
135 |
CLEAR_RREGS -ARGOFFSET |
136 |
jmp int_with_check |
137 |
-@@ -244,7 +285,7 @@ sysexit_audit: |
138 |
+@@ -244,7 +290,7 @@ sysexit_audit: |
139 |
|
140 |
sysenter_tracesys: |
141 |
#ifdef CONFIG_AUDITSYSCALL |
142 |
@@ -9827,17 +9852,17 @@ index 4edd8eb..29124b4 100644 |
143 |
jz sysenter_auditsys |
144 |
#endif |
145 |
SAVE_REST |
146 |
-@@ -252,6 +293,9 @@ sysenter_tracesys: |
147 |
- movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ |
148 |
- movq %rsp,%rdi /* &pt_regs -> arg1 */ |
149 |
- call syscall_trace_enter |
150 |
+@@ -256,6 +302,9 @@ sysenter_tracesys: |
151 |
+ RESTORE_REST |
152 |
+ cmpq $(IA32_NR_syscalls-1),%rax |
153 |
+ ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ |
154 |
+ |
155 |
+ pax_erase_kstack |
156 |
+ |
157 |
- LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
158 |
- RESTORE_REST |
159 |
- cmpq $(IA32_NR_syscalls-1),%rax |
160 |
-@@ -283,19 +327,20 @@ ENDPROC(ia32_sysenter_target) |
161 |
+ jmp sysenter_do_call |
162 |
+ CFI_ENDPROC |
163 |
+ ENDPROC(ia32_sysenter_target) |
164 |
+@@ -283,19 +332,25 @@ ENDPROC(ia32_sysenter_target) |
165 |
ENTRY(ia32_cstar_target) |
166 |
CFI_STARTPROC32 simple |
167 |
CFI_SIGNAL_FRAME |
168 |
@@ -9851,6 +9876,11 @@ index 4edd8eb..29124b4 100644 |
169 |
movq PER_CPU_VAR(kernel_stack),%rsp |
170 |
+ SAVE_ARGS 8*6,1,1 |
171 |
+ pax_enter_kernel_user |
172 |
++ |
173 |
++#ifdef CONFIG_PAX_RANDKSTACK |
174 |
++ pax_erase_kstack |
175 |
++#endif |
176 |
++ |
177 |
/* |
178 |
* No need to follow this irqs on/off section: the syscall |
179 |
* disabled irqs and here we enable it straight after entry: |
180 |
@@ -9860,7 +9890,7 @@ index 4edd8eb..29124b4 100644 |
181 |
movl %eax,%eax /* zero extension */ |
182 |
movq %rax,ORIG_RAX-ARGOFFSET(%rsp) |
183 |
movq %rcx,RIP-ARGOFFSET(%rsp) |
184 |
-@@ -311,13 +356,19 @@ ENTRY(ia32_cstar_target) |
185 |
+@@ -311,13 +366,19 @@ ENTRY(ia32_cstar_target) |
186 |
/* no need to do an access_ok check here because r8 has been |
187 |
32bit zero extended */ |
188 |
/* hardware stack frame is complete now */ |
189 |
@@ -9883,7 +9913,7 @@ index 4edd8eb..29124b4 100644 |
190 |
CFI_REMEMBER_STATE |
191 |
jnz cstar_tracesys |
192 |
cmpq $IA32_NR_syscalls-1,%rax |
193 |
-@@ -327,13 +378,15 @@ cstar_do_call: |
194 |
+@@ -327,13 +388,15 @@ cstar_do_call: |
195 |
cstar_dispatch: |
196 |
call *ia32_sys_call_table(,%rax,8) |
197 |
movq %rax,RAX-ARGOFFSET(%rsp) |
198 |
@@ -9902,7 +9932,7 @@ index 4edd8eb..29124b4 100644 |
199 |
RESTORE_ARGS 1,-ARG_SKIP,1,1,1 |
200 |
movl RIP-ARGOFFSET(%rsp),%ecx |
201 |
CFI_REGISTER rip,rcx |
202 |
-@@ -361,7 +414,7 @@ sysretl_audit: |
203 |
+@@ -361,7 +424,7 @@ sysretl_audit: |
204 |
|
205 |
cstar_tracesys: |
206 |
#ifdef CONFIG_AUDITSYSCALL |
207 |
@@ -9911,17 +9941,17 @@ index 4edd8eb..29124b4 100644 |
208 |
jz cstar_auditsys |
209 |
#endif |
210 |
xchgl %r9d,%ebp |
211 |
-@@ -370,6 +423,9 @@ cstar_tracesys: |
212 |
- movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ |
213 |
- movq %rsp,%rdi /* &pt_regs -> arg1 */ |
214 |
- call syscall_trace_enter |
215 |
+@@ -375,6 +438,9 @@ cstar_tracesys: |
216 |
+ xchgl %ebp,%r9d |
217 |
+ cmpq $(IA32_NR_syscalls-1),%rax |
218 |
+ ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ |
219 |
+ |
220 |
+ pax_erase_kstack |
221 |
+ |
222 |
- LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ |
223 |
- RESTORE_REST |
224 |
- xchgl %ebp,%r9d |
225 |
-@@ -415,11 +471,6 @@ ENTRY(ia32_syscall) |
226 |
+ jmp cstar_do_call |
227 |
+ END(ia32_cstar_target) |
228 |
+ |
229 |
+@@ -415,11 +481,6 @@ ENTRY(ia32_syscall) |
230 |
CFI_REL_OFFSET rip,RIP-RIP |
231 |
PARAVIRT_ADJUST_EXCEPTION_FRAME |
232 |
SWAPGS |
233 |
@@ -9933,7 +9963,7 @@ index 4edd8eb..29124b4 100644 |
234 |
movl %eax,%eax |
235 |
pushq %rax |
236 |
CFI_ADJUST_CFA_OFFSET 8 |
237 |
-@@ -427,9 +478,15 @@ ENTRY(ia32_syscall) |
238 |
+@@ -427,9 +488,20 @@ ENTRY(ia32_syscall) |
239 |
/* note the registers are not zero extended to the sf. |
240 |
this could be a problem. */ |
241 |
SAVE_ARGS 0,0,1 |
242 |
@@ -9941,6 +9971,11 @@ index 4edd8eb..29124b4 100644 |
243 |
- orl $TS_COMPAT,TI_status(%r10) |
244 |
- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) |
245 |
+ pax_enter_kernel_user |
246 |
++ |
247 |
++#ifdef CONFIG_PAX_RANDKSTACK |
248 |
++ pax_erase_kstack |
249 |
++#endif |
250 |
++ |
251 |
+ /* |
252 |
+ * No need to follow this irqs on/off section: the syscall |
253 |
+ * disabled irqs and here we enable it straight after entry: |
254 |
@@ -9952,17 +9987,17 @@ index 4edd8eb..29124b4 100644 |
255 |
jnz ia32_tracesys |
256 |
cmpq $(IA32_NR_syscalls-1),%rax |
257 |
ja ia32_badsys |
258 |
-@@ -448,6 +505,9 @@ ia32_tracesys: |
259 |
- movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ |
260 |
- movq %rsp,%rdi /* &pt_regs -> arg1 */ |
261 |
- call syscall_trace_enter |
262 |
+@@ -452,6 +524,9 @@ ia32_tracesys: |
263 |
+ RESTORE_REST |
264 |
+ cmpq $(IA32_NR_syscalls-1),%rax |
265 |
+ ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ |
266 |
+ |
267 |
+ pax_erase_kstack |
268 |
+ |
269 |
- LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
270 |
- RESTORE_REST |
271 |
- cmpq $(IA32_NR_syscalls-1),%rax |
272 |
-@@ -462,6 +522,7 @@ ia32_badsys: |
273 |
+ jmp ia32_do_call |
274 |
+ END(ia32_syscall) |
275 |
+ |
276 |
+@@ -462,6 +537,7 @@ ia32_badsys: |
277 |
|
278 |
quiet_ni_syscall: |
279 |
movq $-ENOSYS,%rax |
280 |
@@ -17126,7 +17161,7 @@ index 4c07cca..2c8427d 100644 |
281 |
ret |
282 |
ENDPROC(efi_call6) |
283 |
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S |
284 |
-index c097e7d..853746c 100644 |
285 |
+index c097e7d..a3f1930 100644 |
286 |
--- a/arch/x86/kernel/entry_32.S |
287 |
+++ b/arch/x86/kernel/entry_32.S |
288 |
@@ -95,12 +95,6 @@ |
289 |
@@ -17142,7 +17177,7 @@ index c097e7d..853746c 100644 |
290 |
/* |
291 |
* User gs save/restore |
292 |
* |
293 |
-@@ -185,13 +179,146 @@ |
294 |
+@@ -185,13 +179,153 @@ |
295 |
/*CFI_REL_OFFSET gs, PT_GS*/ |
296 |
.endm |
297 |
.macro SET_KERNEL_GS reg |
298 |
@@ -17246,10 +17281,10 @@ index c097e7d..853746c 100644 |
299 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
300 |
+/* |
301 |
+ * ebp: thread_info |
302 |
-+ * ecx, edx: can be clobbered |
303 |
+ */ |
304 |
+ENTRY(pax_erase_kstack) |
305 |
+ pushl %edi |
306 |
++ pushl %ecx |
307 |
+ pushl %eax |
308 |
+ |
309 |
+ mov TI_lowest_stack(%ebp), %edi |
310 |
@@ -17273,6 +17308,12 @@ index c097e7d..853746c 100644 |
311 |
+2: cld |
312 |
+ mov %esp, %ecx |
313 |
+ sub %edi, %ecx |
314 |
++ |
315 |
++ cmp $THREAD_SIZE_asm, %ecx |
316 |
++ jb 3f |
317 |
++ ud2 |
318 |
++3: |
319 |
++ |
320 |
+ shr $2, %ecx |
321 |
+ rep stosl |
322 |
+ |
323 |
@@ -17281,6 +17322,7 @@ index c097e7d..853746c 100644 |
324 |
+ mov %edi, TI_lowest_stack(%ebp) |
325 |
+ |
326 |
+ popl %eax |
327 |
++ popl %ecx |
328 |
+ popl %edi |
329 |
+ ret |
330 |
+ENDPROC(pax_erase_kstack) |
331 |
@@ -17290,7 +17332,7 @@ index c097e7d..853746c 100644 |
332 |
cld |
333 |
PUSH_GS |
334 |
pushl %fs |
335 |
-@@ -224,7 +351,7 @@ |
336 |
+@@ -224,7 +358,7 @@ |
337 |
pushl %ebx |
338 |
CFI_ADJUST_CFA_OFFSET 4 |
339 |
CFI_REL_OFFSET ebx, 0 |
340 |
@@ -17299,7 +17341,7 @@ index c097e7d..853746c 100644 |
341 |
movl %edx, %ds |
342 |
movl %edx, %es |
343 |
movl $(__KERNEL_PERCPU), %edx |
344 |
-@@ -232,6 +359,15 @@ |
345 |
+@@ -232,6 +366,15 @@ |
346 |
SET_KERNEL_GS %edx |
347 |
.endm |
348 |
|
349 |
@@ -17315,7 +17357,7 @@ index c097e7d..853746c 100644 |
350 |
.macro RESTORE_INT_REGS |
351 |
popl %ebx |
352 |
CFI_ADJUST_CFA_OFFSET -4 |
353 |
-@@ -331,7 +467,7 @@ ENTRY(ret_from_fork) |
354 |
+@@ -331,7 +474,7 @@ ENTRY(ret_from_fork) |
355 |
CFI_ADJUST_CFA_OFFSET -4 |
356 |
jmp syscall_exit |
357 |
CFI_ENDPROC |
358 |
@@ -17324,7 +17366,7 @@ index c097e7d..853746c 100644 |
359 |
|
360 |
/* |
361 |
* Return to user mode is not as complex as all this looks, |
362 |
-@@ -347,12 +483,29 @@ ret_from_exception: |
363 |
+@@ -347,12 +490,29 @@ ret_from_exception: |
364 |
preempt_stop(CLBR_ANY) |
365 |
ret_from_intr: |
366 |
GET_THREAD_INFO(%ebp) |
367 |
@@ -17355,7 +17397,7 @@ index c097e7d..853746c 100644 |
368 |
|
369 |
ENTRY(resume_userspace) |
370 |
LOCKDEP_SYS_EXIT |
371 |
-@@ -364,8 +517,8 @@ ENTRY(resume_userspace) |
372 |
+@@ -364,8 +524,8 @@ ENTRY(resume_userspace) |
373 |
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on |
374 |
# int/exception return? |
375 |
jne work_pending |
376 |
@@ -17366,7 +17408,7 @@ index c097e7d..853746c 100644 |
377 |
|
378 |
#ifdef CONFIG_PREEMPT |
379 |
ENTRY(resume_kernel) |
380 |
-@@ -380,7 +533,7 @@ need_resched: |
381 |
+@@ -380,7 +540,7 @@ need_resched: |
382 |
jz restore_all |
383 |
call preempt_schedule_irq |
384 |
jmp need_resched |
385 |
@@ -17375,7 +17417,7 @@ index c097e7d..853746c 100644 |
386 |
#endif |
387 |
CFI_ENDPROC |
388 |
|
389 |
-@@ -414,25 +567,36 @@ sysenter_past_esp: |
390 |
+@@ -414,25 +574,36 @@ sysenter_past_esp: |
391 |
/*CFI_REL_OFFSET cs, 0*/ |
392 |
/* |
393 |
* Push current_thread_info()->sysenter_return to the stack. |
394 |
@@ -17415,7 +17457,18 @@ index c097e7d..853746c 100644 |
395 |
movl %ebp,PT_EBP(%esp) |
396 |
.section __ex_table,"a" |
397 |
.align 4 |
398 |
-@@ -455,12 +619,24 @@ sysenter_do_call: |
399 |
+@@ -441,6 +612,10 @@ sysenter_past_esp: |
400 |
+ |
401 |
+ GET_THREAD_INFO(%ebp) |
402 |
+ |
403 |
++#ifdef CONFIG_PAX_RANDKSTACK |
404 |
++ pax_erase_kstack |
405 |
++#endif |
406 |
++ |
407 |
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) |
408 |
+ jnz sysenter_audit |
409 |
+ sysenter_do_call: |
410 |
+@@ -455,12 +630,24 @@ sysenter_do_call: |
411 |
testl $_TIF_ALLWORK_MASK, %ecx |
412 |
jne sysexit_audit |
413 |
sysenter_exit: |
414 |
@@ -17440,7 +17493,7 @@ index c097e7d..853746c 100644 |
415 |
PTGS_TO_GS |
416 |
ENABLE_INTERRUPTS_SYSEXIT |
417 |
|
418 |
-@@ -477,6 +653,9 @@ sysenter_audit: |
419 |
+@@ -477,6 +664,9 @@ sysenter_audit: |
420 |
movl %eax,%edx /* 2nd arg: syscall number */ |
421 |
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ |
422 |
call audit_syscall_entry |
423 |
@@ -17450,7 +17503,7 @@ index c097e7d..853746c 100644 |
424 |
pushl %ebx |
425 |
CFI_ADJUST_CFA_OFFSET 4 |
426 |
movl PT_EAX(%esp),%eax /* reload syscall number */ |
427 |
-@@ -504,11 +683,17 @@ sysexit_audit: |
428 |
+@@ -504,11 +694,17 @@ sysexit_audit: |
429 |
|
430 |
CFI_ENDPROC |
431 |
.pushsection .fixup,"ax" |
432 |
@@ -17470,7 +17523,19 @@ index c097e7d..853746c 100644 |
433 |
.popsection |
434 |
PTGS_TO_GS_EX |
435 |
ENDPROC(ia32_sysenter_target) |
436 |
-@@ -538,6 +723,15 @@ syscall_exit: |
437 |
+@@ -520,6 +716,11 @@ ENTRY(system_call) |
438 |
+ CFI_ADJUST_CFA_OFFSET 4 |
439 |
+ SAVE_ALL |
440 |
+ GET_THREAD_INFO(%ebp) |
441 |
++ |
442 |
++#ifdef CONFIG_PAX_RANDKSTACK |
443 |
++ pax_erase_kstack |
444 |
++#endif |
445 |
++ |
446 |
+ # system call tracing in operation / emulation |
447 |
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) |
448 |
+ jnz syscall_trace_entry |
449 |
+@@ -538,6 +739,15 @@ syscall_exit: |
450 |
testl $_TIF_ALLWORK_MASK, %ecx # current->work |
451 |
jne syscall_exit_work |
452 |
|
453 |
@@ -17486,7 +17551,7 @@ index c097e7d..853746c 100644 |
454 |
restore_all: |
455 |
TRACE_IRQS_IRET |
456 |
restore_all_notrace: |
457 |
-@@ -602,10 +796,29 @@ ldt_ss: |
458 |
+@@ -602,10 +812,29 @@ ldt_ss: |
459 |
mov PT_OLDESP(%esp), %eax /* load userspace esp */ |
460 |
mov %dx, %ax /* eax: new kernel esp */ |
461 |
sub %eax, %edx /* offset (low word is 0) */ |
462 |
@@ -17517,7 +17582,7 @@ index c097e7d..853746c 100644 |
463 |
pushl $__ESPFIX_SS |
464 |
CFI_ADJUST_CFA_OFFSET 4 |
465 |
push %eax /* new kernel esp */ |
466 |
-@@ -636,36 +849,30 @@ work_resched: |
467 |
+@@ -636,36 +865,30 @@ work_resched: |
468 |
movl TI_flags(%ebp), %ecx |
469 |
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other |
470 |
# than syscall tracing? |
471 |
@@ -17559,7 +17624,7 @@ index c097e7d..853746c 100644 |
472 |
|
473 |
# perform syscall exit tracing |
474 |
ALIGN |
475 |
-@@ -673,11 +880,14 @@ syscall_trace_entry: |
476 |
+@@ -673,11 +896,14 @@ syscall_trace_entry: |
477 |
movl $-ENOSYS,PT_EAX(%esp) |
478 |
movl %esp, %eax |
479 |
call syscall_trace_enter |
480 |
@@ -17575,7 +17640,7 @@ index c097e7d..853746c 100644 |
481 |
|
482 |
# perform syscall exit tracing |
483 |
ALIGN |
484 |
-@@ -690,20 +900,24 @@ syscall_exit_work: |
485 |
+@@ -690,20 +916,24 @@ syscall_exit_work: |
486 |
movl %esp, %eax |
487 |
call syscall_trace_leave |
488 |
jmp resume_userspace |
489 |
@@ -17603,7 +17668,7 @@ index c097e7d..853746c 100644 |
490 |
CFI_ENDPROC |
491 |
|
492 |
/* |
493 |
-@@ -726,6 +940,33 @@ PTREGSCALL(rt_sigreturn) |
494 |
+@@ -726,6 +956,33 @@ PTREGSCALL(rt_sigreturn) |
495 |
PTREGSCALL(vm86) |
496 |
PTREGSCALL(vm86old) |
497 |
|
498 |
@@ -17637,7 +17702,7 @@ index c097e7d..853746c 100644 |
499 |
.macro FIXUP_ESPFIX_STACK |
500 |
/* |
501 |
* Switch back for ESPFIX stack to the normal zerobased stack |
502 |
-@@ -735,7 +976,13 @@ PTREGSCALL(vm86old) |
503 |
+@@ -735,7 +992,13 @@ PTREGSCALL(vm86old) |
504 |
* normal stack and adjusts ESP with the matching offset. |
505 |
*/ |
506 |
/* fixup the stack */ |
507 |
@@ -17652,7 +17717,7 @@ index c097e7d..853746c 100644 |
508 |
mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */ |
509 |
mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */ |
510 |
shl $16, %eax |
511 |
-@@ -793,7 +1040,7 @@ vector=vector+1 |
512 |
+@@ -793,7 +1056,7 @@ vector=vector+1 |
513 |
.endr |
514 |
2: jmp common_interrupt |
515 |
.endr |
516 |
@@ -17661,7 +17726,7 @@ index c097e7d..853746c 100644 |
517 |
|
518 |
.previous |
519 |
END(interrupt) |
520 |
-@@ -840,7 +1087,7 @@ ENTRY(coprocessor_error) |
521 |
+@@ -840,7 +1103,7 @@ ENTRY(coprocessor_error) |
522 |
CFI_ADJUST_CFA_OFFSET 4 |
523 |
jmp error_code |
524 |
CFI_ENDPROC |
525 |
@@ -17670,7 +17735,7 @@ index c097e7d..853746c 100644 |
526 |
|
527 |
ENTRY(simd_coprocessor_error) |
528 |
RING0_INT_FRAME |
529 |
-@@ -850,7 +1097,7 @@ ENTRY(simd_coprocessor_error) |
530 |
+@@ -850,7 +1113,7 @@ ENTRY(simd_coprocessor_error) |
531 |
CFI_ADJUST_CFA_OFFSET 4 |
532 |
jmp error_code |
533 |
CFI_ENDPROC |
534 |
@@ -17679,7 +17744,7 @@ index c097e7d..853746c 100644 |
535 |
|
536 |
ENTRY(device_not_available) |
537 |
RING0_INT_FRAME |
538 |
-@@ -860,7 +1107,7 @@ ENTRY(device_not_available) |
539 |
+@@ -860,7 +1123,7 @@ ENTRY(device_not_available) |
540 |
CFI_ADJUST_CFA_OFFSET 4 |
541 |
jmp error_code |
542 |
CFI_ENDPROC |
543 |
@@ -17688,7 +17753,7 @@ index c097e7d..853746c 100644 |
544 |
|
545 |
#ifdef CONFIG_PARAVIRT |
546 |
ENTRY(native_iret) |
547 |
-@@ -869,12 +1116,12 @@ ENTRY(native_iret) |
548 |
+@@ -869,12 +1132,12 @@ ENTRY(native_iret) |
549 |
.align 4 |
550 |
.long native_iret, iret_exc |
551 |
.previous |
552 |
@@ -17703,7 +17768,7 @@ index c097e7d..853746c 100644 |
553 |
#endif |
554 |
|
555 |
ENTRY(overflow) |
556 |
-@@ -885,7 +1132,7 @@ ENTRY(overflow) |
557 |
+@@ -885,7 +1148,7 @@ ENTRY(overflow) |
558 |
CFI_ADJUST_CFA_OFFSET 4 |
559 |
jmp error_code |
560 |
CFI_ENDPROC |
561 |
@@ -17712,7 +17777,7 @@ index c097e7d..853746c 100644 |
562 |
|
563 |
ENTRY(bounds) |
564 |
RING0_INT_FRAME |
565 |
-@@ -895,7 +1142,7 @@ ENTRY(bounds) |
566 |
+@@ -895,7 +1158,7 @@ ENTRY(bounds) |
567 |
CFI_ADJUST_CFA_OFFSET 4 |
568 |
jmp error_code |
569 |
CFI_ENDPROC |
570 |
@@ -17721,7 +17786,7 @@ index c097e7d..853746c 100644 |
571 |
|
572 |
ENTRY(invalid_op) |
573 |
RING0_INT_FRAME |
574 |
-@@ -905,7 +1152,7 @@ ENTRY(invalid_op) |
575 |
+@@ -905,7 +1168,7 @@ ENTRY(invalid_op) |
576 |
CFI_ADJUST_CFA_OFFSET 4 |
577 |
jmp error_code |
578 |
CFI_ENDPROC |
579 |
@@ -17730,7 +17795,7 @@ index c097e7d..853746c 100644 |
580 |
|
581 |
ENTRY(coprocessor_segment_overrun) |
582 |
RING0_INT_FRAME |
583 |
-@@ -915,7 +1162,7 @@ ENTRY(coprocessor_segment_overrun) |
584 |
+@@ -915,7 +1178,7 @@ ENTRY(coprocessor_segment_overrun) |
585 |
CFI_ADJUST_CFA_OFFSET 4 |
586 |
jmp error_code |
587 |
CFI_ENDPROC |
588 |
@@ -17739,7 +17804,7 @@ index c097e7d..853746c 100644 |
589 |
|
590 |
ENTRY(invalid_TSS) |
591 |
RING0_EC_FRAME |
592 |
-@@ -923,7 +1170,7 @@ ENTRY(invalid_TSS) |
593 |
+@@ -923,7 +1186,7 @@ ENTRY(invalid_TSS) |
594 |
CFI_ADJUST_CFA_OFFSET 4 |
595 |
jmp error_code |
596 |
CFI_ENDPROC |
597 |
@@ -17748,7 +17813,7 @@ index c097e7d..853746c 100644 |
598 |
|
599 |
ENTRY(segment_not_present) |
600 |
RING0_EC_FRAME |
601 |
-@@ -931,7 +1178,7 @@ ENTRY(segment_not_present) |
602 |
+@@ -931,7 +1194,7 @@ ENTRY(segment_not_present) |
603 |
CFI_ADJUST_CFA_OFFSET 4 |
604 |
jmp error_code |
605 |
CFI_ENDPROC |
606 |
@@ -17757,7 +17822,7 @@ index c097e7d..853746c 100644 |
607 |
|
608 |
ENTRY(stack_segment) |
609 |
RING0_EC_FRAME |
610 |
-@@ -939,7 +1186,7 @@ ENTRY(stack_segment) |
611 |
+@@ -939,7 +1202,7 @@ ENTRY(stack_segment) |
612 |
CFI_ADJUST_CFA_OFFSET 4 |
613 |
jmp error_code |
614 |
CFI_ENDPROC |
615 |
@@ -17766,7 +17831,7 @@ index c097e7d..853746c 100644 |
616 |
|
617 |
ENTRY(alignment_check) |
618 |
RING0_EC_FRAME |
619 |
-@@ -947,7 +1194,7 @@ ENTRY(alignment_check) |
620 |
+@@ -947,7 +1210,7 @@ ENTRY(alignment_check) |
621 |
CFI_ADJUST_CFA_OFFSET 4 |
622 |
jmp error_code |
623 |
CFI_ENDPROC |
624 |
@@ -17775,7 +17840,7 @@ index c097e7d..853746c 100644 |
625 |
|
626 |
ENTRY(divide_error) |
627 |
RING0_INT_FRAME |
628 |
-@@ -957,7 +1204,7 @@ ENTRY(divide_error) |
629 |
+@@ -957,7 +1220,7 @@ ENTRY(divide_error) |
630 |
CFI_ADJUST_CFA_OFFSET 4 |
631 |
jmp error_code |
632 |
CFI_ENDPROC |
633 |
@@ -17784,7 +17849,7 @@ index c097e7d..853746c 100644 |
634 |
|
635 |
#ifdef CONFIG_X86_MCE |
636 |
ENTRY(machine_check) |
637 |
-@@ -968,7 +1215,7 @@ ENTRY(machine_check) |
638 |
+@@ -968,7 +1231,7 @@ ENTRY(machine_check) |
639 |
CFI_ADJUST_CFA_OFFSET 4 |
640 |
jmp error_code |
641 |
CFI_ENDPROC |
642 |
@@ -17793,7 +17858,7 @@ index c097e7d..853746c 100644 |
643 |
#endif |
644 |
|
645 |
ENTRY(spurious_interrupt_bug) |
646 |
-@@ -979,7 +1226,7 @@ ENTRY(spurious_interrupt_bug) |
647 |
+@@ -979,7 +1242,7 @@ ENTRY(spurious_interrupt_bug) |
648 |
CFI_ADJUST_CFA_OFFSET 4 |
649 |
jmp error_code |
650 |
CFI_ENDPROC |
651 |
@@ -17802,7 +17867,7 @@ index c097e7d..853746c 100644 |
652 |
|
653 |
ENTRY(kernel_thread_helper) |
654 |
pushl $0 # fake return address for unwinder |
655 |
-@@ -1095,7 +1342,7 @@ ENDPROC(xen_failsafe_callback) |
656 |
+@@ -1095,7 +1358,7 @@ ENDPROC(xen_failsafe_callback) |
657 |
|
658 |
ENTRY(mcount) |
659 |
ret |
660 |
@@ -17811,7 +17876,7 @@ index c097e7d..853746c 100644 |
661 |
|
662 |
ENTRY(ftrace_caller) |
663 |
cmpl $0, function_trace_stop |
664 |
-@@ -1124,7 +1371,7 @@ ftrace_graph_call: |
665 |
+@@ -1124,7 +1387,7 @@ ftrace_graph_call: |
666 |
.globl ftrace_stub |
667 |
ftrace_stub: |
668 |
ret |
669 |
@@ -17820,7 +17885,7 @@ index c097e7d..853746c 100644 |
670 |
|
671 |
#else /* ! CONFIG_DYNAMIC_FTRACE */ |
672 |
|
673 |
-@@ -1160,7 +1407,7 @@ trace: |
674 |
+@@ -1160,7 +1423,7 @@ trace: |
675 |
popl %ecx |
676 |
popl %eax |
677 |
jmp ftrace_stub |
678 |
@@ -17829,7 +17894,7 @@ index c097e7d..853746c 100644 |
679 |
#endif /* CONFIG_DYNAMIC_FTRACE */ |
680 |
#endif /* CONFIG_FUNCTION_TRACER */ |
681 |
|
682 |
-@@ -1181,7 +1428,7 @@ ENTRY(ftrace_graph_caller) |
683 |
+@@ -1181,7 +1444,7 @@ ENTRY(ftrace_graph_caller) |
684 |
popl %ecx |
685 |
popl %eax |
686 |
ret |
687 |
@@ -17838,7 +17903,7 @@ index c097e7d..853746c 100644 |
688 |
|
689 |
.globl return_to_handler |
690 |
return_to_handler: |
691 |
-@@ -1198,7 +1445,6 @@ return_to_handler: |
692 |
+@@ -1198,7 +1461,6 @@ return_to_handler: |
693 |
ret |
694 |
#endif |
695 |
|
696 |
@@ -17846,7 +17911,7 @@ index c097e7d..853746c 100644 |
697 |
#include "syscall_table_32.S" |
698 |
|
699 |
syscall_table_size=(.-sys_call_table) |
700 |
-@@ -1255,15 +1501,18 @@ error_code: |
701 |
+@@ -1255,15 +1517,18 @@ error_code: |
702 |
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart |
703 |
REG_TO_PTGS %ecx |
704 |
SET_KERNEL_GS %ecx |
705 |
@@ -17867,7 +17932,7 @@ index c097e7d..853746c 100644 |
706 |
|
707 |
/* |
708 |
* Debug traps and NMI can happen at the one SYSENTER instruction |
709 |
-@@ -1309,7 +1558,7 @@ debug_stack_correct: |
710 |
+@@ -1309,7 +1574,7 @@ debug_stack_correct: |
711 |
call do_debug |
712 |
jmp ret_from_exception |
713 |
CFI_ENDPROC |
714 |
@@ -17876,7 +17941,7 @@ index c097e7d..853746c 100644 |
715 |
|
716 |
/* |
717 |
* NMI is doubly nasty. It can happen _while_ we're handling |
718 |
-@@ -1351,6 +1600,9 @@ nmi_stack_correct: |
719 |
+@@ -1351,6 +1616,9 @@ nmi_stack_correct: |
720 |
xorl %edx,%edx # zero error code |
721 |
movl %esp,%eax # pt_regs pointer |
722 |
call do_nmi |
723 |
@@ -17886,7 +17951,7 @@ index c097e7d..853746c 100644 |
724 |
jmp restore_all_notrace |
725 |
CFI_ENDPROC |
726 |
|
727 |
-@@ -1391,12 +1643,15 @@ nmi_espfix_stack: |
728 |
+@@ -1391,12 +1659,15 @@ nmi_espfix_stack: |
729 |
FIXUP_ESPFIX_STACK # %eax == %esp |
730 |
xorl %edx,%edx # zero error code |
731 |
call do_nmi |
732 |
@@ -17903,7 +17968,7 @@ index c097e7d..853746c 100644 |
733 |
|
734 |
ENTRY(int3) |
735 |
RING0_INT_FRAME |
736 |
-@@ -1409,7 +1664,7 @@ ENTRY(int3) |
737 |
+@@ -1409,7 +1680,7 @@ ENTRY(int3) |
738 |
call do_int3 |
739 |
jmp ret_from_exception |
740 |
CFI_ENDPROC |
741 |
@@ -17912,7 +17977,7 @@ index c097e7d..853746c 100644 |
742 |
|
743 |
ENTRY(general_protection) |
744 |
RING0_EC_FRAME |
745 |
-@@ -1417,7 +1672,7 @@ ENTRY(general_protection) |
746 |
+@@ -1417,7 +1688,7 @@ ENTRY(general_protection) |
747 |
CFI_ADJUST_CFA_OFFSET 4 |
748 |
jmp error_code |
749 |
CFI_ENDPROC |
750 |
@@ -17922,7 +17987,7 @@ index c097e7d..853746c 100644 |
751 |
/* |
752 |
* End of kprobes section |
753 |
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
754 |
-index 34a56a9..74613c5 100644 |
755 |
+index 34a56a9..0d13843 100644 |
756 |
--- a/arch/x86/kernel/entry_64.S |
757 |
+++ b/arch/x86/kernel/entry_64.S |
758 |
@@ -53,6 +53,8 @@ |
759 |
@@ -17998,7 +18063,7 @@ index 34a56a9..74613c5 100644 |
760 |
retq |
761 |
#endif |
762 |
|
763 |
-@@ -174,6 +182,282 @@ ENTRY(native_usergs_sysret64) |
764 |
+@@ -174,6 +182,280 @@ ENTRY(native_usergs_sysret64) |
765 |
ENDPROC(native_usergs_sysret64) |
766 |
#endif /* CONFIG_PARAVIRT */ |
767 |
|
768 |
@@ -18227,12 +18292,9 @@ index 34a56a9..74613c5 100644 |
769 |
+.endm |
770 |
+ |
771 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
772 |
-+/* |
773 |
-+ * r11: thread_info |
774 |
-+ * rcx, rdx: can be clobbered |
775 |
-+ */ |
776 |
+ENTRY(pax_erase_kstack) |
777 |
+ pushq %rdi |
778 |
++ pushq %rcx |
779 |
+ pushq %rax |
780 |
+ pushq %r11 |
781 |
+ |
782 |
@@ -18273,6 +18335,7 @@ index 34a56a9..74613c5 100644 |
783 |
+ |
784 |
+ popq %r11 |
785 |
+ popq %rax |
786 |
++ popq %rcx |
787 |
+ popq %rdi |
788 |
+ pax_force_retaddr |
789 |
+ ret |
790 |
@@ -18281,7 +18344,7 @@ index 34a56a9..74613c5 100644 |
791 |
|
792 |
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET |
793 |
#ifdef CONFIG_TRACE_IRQFLAGS |
794 |
-@@ -233,8 +517,8 @@ ENDPROC(native_usergs_sysret64) |
795 |
+@@ -233,8 +515,8 @@ ENDPROC(native_usergs_sysret64) |
796 |
.endm |
797 |
|
798 |
.macro UNFAKE_STACK_FRAME |
799 |
@@ -18292,7 +18355,7 @@ index 34a56a9..74613c5 100644 |
800 |
.endm |
801 |
|
802 |
/* |
803 |
-@@ -317,7 +601,7 @@ ENTRY(save_args) |
804 |
+@@ -317,7 +599,7 @@ ENTRY(save_args) |
805 |
leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */ |
806 |
movq_cfi rbp, 8 /* push %rbp */ |
807 |
leaq 8(%rsp), %rbp /* mov %rsp, %ebp */ |
808 |
@@ -18301,7 +18364,7 @@ index 34a56a9..74613c5 100644 |
809 |
je 1f |
810 |
SWAPGS |
811 |
/* |
812 |
-@@ -337,9 +621,10 @@ ENTRY(save_args) |
813 |
+@@ -337,9 +619,10 @@ ENTRY(save_args) |
814 |
* We entered an interrupt context - irqs are off: |
815 |
*/ |
816 |
2: TRACE_IRQS_OFF |
817 |
@@ -18313,7 +18376,7 @@ index 34a56a9..74613c5 100644 |
818 |
|
819 |
ENTRY(save_rest) |
820 |
PARTIAL_FRAME 1 REST_SKIP+8 |
821 |
-@@ -352,9 +637,10 @@ ENTRY(save_rest) |
822 |
+@@ -352,9 +635,10 @@ ENTRY(save_rest) |
823 |
movq_cfi r15, R15+16 |
824 |
movq %r11, 8(%rsp) /* return address */ |
825 |
FIXUP_TOP_OF_STACK %r11, 16 |
826 |
@@ -18325,7 +18388,7 @@ index 34a56a9..74613c5 100644 |
827 |
|
828 |
/* save complete stack frame */ |
829 |
.pushsection .kprobes.text, "ax" |
830 |
-@@ -383,9 +669,10 @@ ENTRY(save_paranoid) |
831 |
+@@ -383,9 +667,10 @@ ENTRY(save_paranoid) |
832 |
js 1f /* negative -> in kernel */ |
833 |
SWAPGS |
834 |
xorl %ebx,%ebx |
835 |
@@ -18338,7 +18401,7 @@ index 34a56a9..74613c5 100644 |
836 |
.popsection |
837 |
|
838 |
/* |
839 |
-@@ -409,7 +696,7 @@ ENTRY(ret_from_fork) |
840 |
+@@ -409,7 +694,7 @@ ENTRY(ret_from_fork) |
841 |
|
842 |
RESTORE_REST |
843 |
|
844 |
@@ -18347,7 +18410,7 @@ index 34a56a9..74613c5 100644 |
845 |
je int_ret_from_sys_call |
846 |
|
847 |
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET |
848 |
-@@ -419,7 +706,7 @@ ENTRY(ret_from_fork) |
849 |
+@@ -419,7 +704,7 @@ ENTRY(ret_from_fork) |
850 |
jmp ret_from_sys_call # go to the SYSRET fastpath |
851 |
|
852 |
CFI_ENDPROC |
853 |
@@ -18356,7 +18419,7 @@ index 34a56a9..74613c5 100644 |
854 |
|
855 |
/* |
856 |
* System call entry. Upto 6 arguments in registers are supported. |
857 |
-@@ -455,7 +742,7 @@ END(ret_from_fork) |
858 |
+@@ -455,7 +740,7 @@ END(ret_from_fork) |
859 |
ENTRY(system_call) |
860 |
CFI_STARTPROC simple |
861 |
CFI_SIGNAL_FRAME |
862 |
@@ -18365,12 +18428,17 @@ index 34a56a9..74613c5 100644 |
863 |
CFI_REGISTER rip,rcx |
864 |
/*CFI_REGISTER rflags,r11*/ |
865 |
SWAPGS_UNSAFE_STACK |
866 |
-@@ -468,12 +755,13 @@ ENTRY(system_call_after_swapgs) |
867 |
+@@ -468,12 +753,18 @@ ENTRY(system_call_after_swapgs) |
868 |
|
869 |
movq %rsp,PER_CPU_VAR(old_rsp) |
870 |
movq PER_CPU_VAR(kernel_stack),%rsp |
871 |
+ SAVE_ARGS 8*6,1 |
872 |
+ pax_enter_kernel_user |
873 |
++ |
874 |
++#ifdef CONFIG_PAX_RANDKSTACK |
875 |
++ pax_erase_kstack |
876 |
++#endif |
877 |
++ |
878 |
/* |
879 |
* No need to follow this irqs off/on section - it's straight |
880 |
* and short: |
881 |
@@ -18380,7 +18448,7 @@ index 34a56a9..74613c5 100644 |
882 |
movq %rax,ORIG_RAX-ARGOFFSET(%rsp) |
883 |
movq %rcx,RIP-ARGOFFSET(%rsp) |
884 |
CFI_REL_OFFSET rip,RIP-ARGOFFSET |
885 |
-@@ -483,7 +771,7 @@ ENTRY(system_call_after_swapgs) |
886 |
+@@ -483,7 +774,7 @@ ENTRY(system_call_after_swapgs) |
887 |
system_call_fastpath: |
888 |
cmpq $__NR_syscall_max,%rax |
889 |
ja badsys |
890 |
@@ -18389,7 +18457,7 @@ index 34a56a9..74613c5 100644 |
891 |
call *sys_call_table(,%rax,8) # XXX: rip relative |
892 |
movq %rax,RAX-ARGOFFSET(%rsp) |
893 |
/* |
894 |
-@@ -502,6 +790,8 @@ sysret_check: |
895 |
+@@ -502,6 +793,8 @@ sysret_check: |
896 |
andl %edi,%edx |
897 |
jnz sysret_careful |
898 |
CFI_REMEMBER_STATE |
899 |
@@ -18398,7 +18466,7 @@ index 34a56a9..74613c5 100644 |
900 |
/* |
901 |
* sysretq will re-enable interrupts: |
902 |
*/ |
903 |
-@@ -555,14 +845,18 @@ badsys: |
904 |
+@@ -555,14 +848,18 @@ badsys: |
905 |
* jump back to the normal fast path. |
906 |
*/ |
907 |
auditsys: |
908 |
@@ -18418,7 +18486,7 @@ index 34a56a9..74613c5 100644 |
909 |
jmp system_call_fastpath |
910 |
|
911 |
/* |
912 |
-@@ -592,16 +886,20 @@ tracesys: |
913 |
+@@ -592,16 +889,20 @@ tracesys: |
914 |
FIXUP_TOP_OF_STACK %rdi |
915 |
movq %rsp,%rdi |
916 |
call syscall_trace_enter |
917 |
@@ -18440,7 +18508,7 @@ index 34a56a9..74613c5 100644 |
918 |
call *sys_call_table(,%rax,8) |
919 |
movq %rax,RAX-ARGOFFSET(%rsp) |
920 |
/* Use IRET because user could have changed frame */ |
921 |
-@@ -613,7 +911,7 @@ tracesys: |
922 |
+@@ -613,7 +914,7 @@ tracesys: |
923 |
GLOBAL(int_ret_from_sys_call) |
924 |
DISABLE_INTERRUPTS(CLBR_NONE) |
925 |
TRACE_IRQS_OFF |
926 |
@@ -18449,15 +18517,18 @@ index 34a56a9..74613c5 100644 |
927 |
je retint_restore_args |
928 |
movl $_TIF_ALLWORK_MASK,%edi |
929 |
/* edi: mask to check */ |
930 |
-@@ -624,6 +922,7 @@ GLOBAL(int_with_check) |
931 |
+@@ -624,7 +925,9 @@ GLOBAL(int_with_check) |
932 |
andl %edi,%edx |
933 |
jnz int_careful |
934 |
andl $~TS_COMPAT,TI_status(%rcx) |
935 |
+- jmp retint_swapgs |
936 |
++ pax_exit_kernel_user |
937 |
+ pax_erase_kstack |
938 |
- jmp retint_swapgs |
939 |
++ jmp retint_swapgs_pax |
940 |
|
941 |
/* Either reschedule or signal or syscall exit tracking needed. */ |
942 |
-@@ -674,7 +973,7 @@ int_restore_rest: |
943 |
+ /* First do a reschedule test. */ |
944 |
+@@ -674,7 +977,7 @@ int_restore_rest: |
945 |
TRACE_IRQS_OFF |
946 |
jmp int_with_check |
947 |
CFI_ENDPROC |
948 |
@@ -18466,7 +18537,7 @@ index 34a56a9..74613c5 100644 |
949 |
|
950 |
/* |
951 |
* Certain special system calls that need to save a complete full stack frame. |
952 |
-@@ -690,7 +989,7 @@ ENTRY(\label) |
953 |
+@@ -690,7 +993,7 @@ ENTRY(\label) |
954 |
call \func |
955 |
jmp ptregscall_common |
956 |
CFI_ENDPROC |
957 |
@@ -18475,7 +18546,7 @@ index 34a56a9..74613c5 100644 |
958 |
.endm |
959 |
|
960 |
PTREGSCALL stub_clone, sys_clone, %r8 |
961 |
-@@ -708,9 +1007,10 @@ ENTRY(ptregscall_common) |
962 |
+@@ -708,9 +1011,10 @@ ENTRY(ptregscall_common) |
963 |
movq_cfi_restore R12+8, r12 |
964 |
movq_cfi_restore RBP+8, rbp |
965 |
movq_cfi_restore RBX+8, rbx |
966 |
@@ -18487,7 +18558,7 @@ index 34a56a9..74613c5 100644 |
967 |
|
968 |
ENTRY(stub_execve) |
969 |
CFI_STARTPROC |
970 |
-@@ -726,7 +1026,7 @@ ENTRY(stub_execve) |
971 |
+@@ -726,7 +1030,7 @@ ENTRY(stub_execve) |
972 |
RESTORE_REST |
973 |
jmp int_ret_from_sys_call |
974 |
CFI_ENDPROC |
975 |
@@ -18496,7 +18567,7 @@ index 34a56a9..74613c5 100644 |
976 |
|
977 |
/* |
978 |
* sigreturn is special because it needs to restore all registers on return. |
979 |
-@@ -744,7 +1044,7 @@ ENTRY(stub_rt_sigreturn) |
980 |
+@@ -744,7 +1048,7 @@ ENTRY(stub_rt_sigreturn) |
981 |
RESTORE_REST |
982 |
jmp int_ret_from_sys_call |
983 |
CFI_ENDPROC |
984 |
@@ -18505,7 +18576,7 @@ index 34a56a9..74613c5 100644 |
985 |
|
986 |
/* |
987 |
* Build the entry stubs and pointer table with some assembler magic. |
988 |
-@@ -780,7 +1080,7 @@ vector=vector+1 |
989 |
+@@ -780,7 +1084,7 @@ vector=vector+1 |
990 |
2: jmp common_interrupt |
991 |
.endr |
992 |
CFI_ENDPROC |
993 |
@@ -18514,7 +18585,7 @@ index 34a56a9..74613c5 100644 |
994 |
|
995 |
.previous |
996 |
END(interrupt) |
997 |
-@@ -800,6 +1100,16 @@ END(interrupt) |
998 |
+@@ -800,6 +1104,16 @@ END(interrupt) |
999 |
CFI_ADJUST_CFA_OFFSET 10*8 |
1000 |
call save_args |
1001 |
PARTIAL_FRAME 0 |
1002 |
@@ -18531,7 +18602,7 @@ index 34a56a9..74613c5 100644 |
1003 |
call \func |
1004 |
.endm |
1005 |
|
1006 |
-@@ -822,7 +1132,7 @@ ret_from_intr: |
1007 |
+@@ -822,7 +1136,7 @@ ret_from_intr: |
1008 |
CFI_ADJUST_CFA_OFFSET -8 |
1009 |
exit_intr: |
1010 |
GET_THREAD_INFO(%rcx) |
1011 |
@@ -18540,11 +18611,12 @@ index 34a56a9..74613c5 100644 |
1012 |
je retint_kernel |
1013 |
|
1014 |
/* Interrupt came from user space */ |
1015 |
-@@ -844,12 +1154,15 @@ retint_swapgs: /* return to user-space */ |
1016 |
+@@ -844,12 +1158,16 @@ retint_swapgs: /* return to user-space */ |
1017 |
* The iretq could re-enable interrupts: |
1018 |
*/ |
1019 |
DISABLE_INTERRUPTS(CLBR_ANY) |
1020 |
+ pax_exit_kernel_user |
1021 |
++retint_swapgs_pax: |
1022 |
TRACE_IRQS_IRETQ |
1023 |
SWAPGS |
1024 |
jmp restore_args |
1025 |
@@ -18556,7 +18628,7 @@ index 34a56a9..74613c5 100644 |
1026 |
/* |
1027 |
* The iretq could re-enable interrupts: |
1028 |
*/ |
1029 |
-@@ -940,7 +1253,7 @@ ENTRY(retint_kernel) |
1030 |
+@@ -940,7 +1258,7 @@ ENTRY(retint_kernel) |
1031 |
#endif |
1032 |
|
1033 |
CFI_ENDPROC |
1034 |
@@ -18565,7 +18637,7 @@ index 34a56a9..74613c5 100644 |
1035 |
|
1036 |
/* |
1037 |
* APIC interrupts. |
1038 |
-@@ -953,7 +1266,7 @@ ENTRY(\sym) |
1039 |
+@@ -953,7 +1271,7 @@ ENTRY(\sym) |
1040 |
interrupt \do_sym |
1041 |
jmp ret_from_intr |
1042 |
CFI_ENDPROC |
1043 |
@@ -18574,7 +18646,7 @@ index 34a56a9..74613c5 100644 |
1044 |
.endm |
1045 |
|
1046 |
#ifdef CONFIG_SMP |
1047 |
-@@ -1032,12 +1345,22 @@ ENTRY(\sym) |
1048 |
+@@ -1032,12 +1350,22 @@ ENTRY(\sym) |
1049 |
CFI_ADJUST_CFA_OFFSET 15*8 |
1050 |
call error_entry |
1051 |
DEFAULT_FRAME 0 |
1052 |
@@ -18598,7 +18670,7 @@ index 34a56a9..74613c5 100644 |
1053 |
.endm |
1054 |
|
1055 |
.macro paranoidzeroentry sym do_sym |
1056 |
-@@ -1049,12 +1372,22 @@ ENTRY(\sym) |
1057 |
+@@ -1049,12 +1377,22 @@ ENTRY(\sym) |
1058 |
subq $15*8, %rsp |
1059 |
call save_paranoid |
1060 |
TRACE_IRQS_OFF |
1061 |
@@ -18622,7 +18694,7 @@ index 34a56a9..74613c5 100644 |
1062 |
.endm |
1063 |
|
1064 |
.macro paranoidzeroentry_ist sym do_sym ist |
1065 |
-@@ -1066,15 +1399,30 @@ ENTRY(\sym) |
1066 |
+@@ -1066,15 +1404,30 @@ ENTRY(\sym) |
1067 |
subq $15*8, %rsp |
1068 |
call save_paranoid |
1069 |
TRACE_IRQS_OFF |
1070 |
@@ -18655,7 +18727,7 @@ index 34a56a9..74613c5 100644 |
1071 |
.endm |
1072 |
|
1073 |
.macro errorentry sym do_sym |
1074 |
-@@ -1085,13 +1433,23 @@ ENTRY(\sym) |
1075 |
+@@ -1085,13 +1438,23 @@ ENTRY(\sym) |
1076 |
CFI_ADJUST_CFA_OFFSET 15*8 |
1077 |
call error_entry |
1078 |
DEFAULT_FRAME 0 |
1079 |
@@ -18680,7 +18752,7 @@ index 34a56a9..74613c5 100644 |
1080 |
.endm |
1081 |
|
1082 |
/* error code is on the stack already */ |
1083 |
-@@ -1104,13 +1462,23 @@ ENTRY(\sym) |
1084 |
+@@ -1104,13 +1467,23 @@ ENTRY(\sym) |
1085 |
call save_paranoid |
1086 |
DEFAULT_FRAME 0 |
1087 |
TRACE_IRQS_OFF |
1088 |
@@ -18705,7 +18777,7 @@ index 34a56a9..74613c5 100644 |
1089 |
.endm |
1090 |
|
1091 |
zeroentry divide_error do_divide_error |
1092 |
-@@ -1141,9 +1509,10 @@ gs_change: |
1093 |
+@@ -1141,9 +1514,10 @@ gs_change: |
1094 |
SWAPGS |
1095 |
popf |
1096 |
CFI_ADJUST_CFA_OFFSET -8 |
1097 |
@@ -18717,7 +18789,7 @@ index 34a56a9..74613c5 100644 |
1098 |
|
1099 |
.section __ex_table,"a" |
1100 |
.align 8 |
1101 |
-@@ -1193,11 +1562,12 @@ ENTRY(kernel_thread) |
1102 |
+@@ -1193,11 +1567,12 @@ ENTRY(kernel_thread) |
1103 |
* of hacks for example to fork off the per-CPU idle tasks. |
1104 |
* [Hopefully no generic code relies on the reschedule -AK] |
1105 |
*/ |
1106 |
@@ -18732,7 +18804,7 @@ index 34a56a9..74613c5 100644 |
1107 |
|
1108 |
ENTRY(child_rip) |
1109 |
pushq $0 # fake return address |
1110 |
-@@ -1208,13 +1578,14 @@ ENTRY(child_rip) |
1111 |
+@@ -1208,13 +1583,14 @@ ENTRY(child_rip) |
1112 |
*/ |
1113 |
movq %rdi, %rax |
1114 |
movq %rsi, %rdi |
1115 |
@@ -18748,7 +18820,7 @@ index 34a56a9..74613c5 100644 |
1116 |
|
1117 |
/* |
1118 |
* execve(). This function needs to use IRET, not SYSRET, to set up all state properly. |
1119 |
-@@ -1241,11 +1612,11 @@ ENTRY(kernel_execve) |
1120 |
+@@ -1241,11 +1617,11 @@ ENTRY(kernel_execve) |
1121 |
RESTORE_REST |
1122 |
testq %rax,%rax |
1123 |
je int_ret_from_sys_call |
1124 |
@@ -18762,7 +18834,7 @@ index 34a56a9..74613c5 100644 |
1125 |
|
1126 |
/* Call softirq on interrupt stack. Interrupts are off. */ |
1127 |
ENTRY(call_softirq) |
1128 |
-@@ -1263,9 +1634,10 @@ ENTRY(call_softirq) |
1129 |
+@@ -1263,9 +1639,10 @@ ENTRY(call_softirq) |
1130 |
CFI_DEF_CFA_REGISTER rsp |
1131 |
CFI_ADJUST_CFA_OFFSET -8 |
1132 |
decl PER_CPU_VAR(irq_count) |
1133 |
@@ -18774,7 +18846,7 @@ index 34a56a9..74613c5 100644 |
1134 |
|
1135 |
#ifdef CONFIG_XEN |
1136 |
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback |
1137 |
-@@ -1303,7 +1675,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
1138 |
+@@ -1303,7 +1680,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
1139 |
decl PER_CPU_VAR(irq_count) |
1140 |
jmp error_exit |
1141 |
CFI_ENDPROC |
1142 |
@@ -18783,7 +18855,7 @@ index 34a56a9..74613c5 100644 |
1143 |
|
1144 |
/* |
1145 |
* Hypervisor uses this for application faults while it executes. |
1146 |
-@@ -1362,7 +1734,7 @@ ENTRY(xen_failsafe_callback) |
1147 |
+@@ -1362,7 +1739,7 @@ ENTRY(xen_failsafe_callback) |
1148 |
SAVE_ALL |
1149 |
jmp error_exit |
1150 |
CFI_ENDPROC |
1151 |
@@ -18792,7 +18864,7 @@ index 34a56a9..74613c5 100644 |
1152 |
|
1153 |
#endif /* CONFIG_XEN */ |
1154 |
|
1155 |
-@@ -1405,16 +1777,31 @@ ENTRY(paranoid_exit) |
1156 |
+@@ -1405,16 +1782,31 @@ ENTRY(paranoid_exit) |
1157 |
TRACE_IRQS_OFF |
1158 |
testl %ebx,%ebx /* swapgs needed? */ |
1159 |
jnz paranoid_restore |
1160 |
@@ -18825,7 +18897,7 @@ index 34a56a9..74613c5 100644 |
1161 |
jmp irq_return |
1162 |
paranoid_userspace: |
1163 |
GET_THREAD_INFO(%rcx) |
1164 |
-@@ -1443,7 +1830,7 @@ paranoid_schedule: |
1165 |
+@@ -1443,7 +1835,7 @@ paranoid_schedule: |
1166 |
TRACE_IRQS_OFF |
1167 |
jmp paranoid_userspace |
1168 |
CFI_ENDPROC |
1169 |
@@ -18834,7 +18906,7 @@ index 34a56a9..74613c5 100644 |
1170 |
|
1171 |
/* |
1172 |
* Exception entry point. This expects an error code/orig_rax on the stack. |
1173 |
-@@ -1470,12 +1857,13 @@ ENTRY(error_entry) |
1174 |
+@@ -1470,12 +1862,13 @@ ENTRY(error_entry) |
1175 |
movq_cfi r14, R14+8 |
1176 |
movq_cfi r15, R15+8 |
1177 |
xorl %ebx,%ebx |
1178 |
@@ -18849,7 +18921,7 @@ index 34a56a9..74613c5 100644 |
1179 |
ret |
1180 |
CFI_ENDPROC |
1181 |
|
1182 |
-@@ -1497,7 +1885,7 @@ error_kernelspace: |
1183 |
+@@ -1497,7 +1890,7 @@ error_kernelspace: |
1184 |
cmpq $gs_change,RIP+8(%rsp) |
1185 |
je error_swapgs |
1186 |
jmp error_sti |
1187 |
@@ -18858,7 +18930,7 @@ index 34a56a9..74613c5 100644 |
1188 |
|
1189 |
|
1190 |
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ |
1191 |
-@@ -1517,7 +1905,7 @@ ENTRY(error_exit) |
1192 |
+@@ -1517,7 +1910,7 @@ ENTRY(error_exit) |
1193 |
jnz retint_careful |
1194 |
jmp retint_swapgs |
1195 |
CFI_ENDPROC |
1196 |
@@ -18867,7 +18939,7 @@ index 34a56a9..74613c5 100644 |
1197 |
|
1198 |
|
1199 |
/* runs on exception stack */ |
1200 |
-@@ -1529,6 +1917,16 @@ ENTRY(nmi) |
1201 |
+@@ -1529,6 +1922,16 @@ ENTRY(nmi) |
1202 |
CFI_ADJUST_CFA_OFFSET 15*8 |
1203 |
call save_paranoid |
1204 |
DEFAULT_FRAME 0 |
1205 |
@@ -18884,7 +18956,7 @@ index 34a56a9..74613c5 100644 |
1206 |
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ |
1207 |
movq %rsp,%rdi |
1208 |
movq $-1,%rsi |
1209 |
-@@ -1539,12 +1937,28 @@ ENTRY(nmi) |
1210 |
+@@ -1539,12 +1942,28 @@ ENTRY(nmi) |
1211 |
DISABLE_INTERRUPTS(CLBR_NONE) |
1212 |
testl %ebx,%ebx /* swapgs needed? */ |
1213 |
jnz nmi_restore |
1214 |
@@ -18914,7 +18986,7 @@ index 34a56a9..74613c5 100644 |
1215 |
jmp irq_return |
1216 |
nmi_userspace: |
1217 |
GET_THREAD_INFO(%rcx) |
1218 |
-@@ -1573,14 +1987,14 @@ nmi_schedule: |
1219 |
+@@ -1573,14 +1992,14 @@ nmi_schedule: |
1220 |
jmp paranoid_exit |
1221 |
CFI_ENDPROC |
1222 |
#endif |
1223 |
@@ -68795,7 +68867,7 @@ index 90a6087..fa05803 100644 |
1224 |
if (rc < 0) |
1225 |
goto out_free; |
1226 |
diff --git a/fs/eventpoll.c b/fs/eventpoll.c |
1227 |
-index f539204..068db1f 100644 |
1228 |
+index f539204..b2ad18e 100644 |
1229 |
--- a/fs/eventpoll.c |
1230 |
+++ b/fs/eventpoll.c |
1231 |
@@ -200,6 +200,12 @@ struct eventpoll { |
1232 |
@@ -69086,8 +69158,8 @@ index f539204..068db1f 100644 |
1233 |
+ error = PTR_ERR(file); |
1234 |
+ goto out_free_fd; |
1235 |
+ } |
1236 |
-+ fd_install(fd, file); |
1237 |
+ ep->file = file; |
1238 |
++ fd_install(fd, file); |
1239 |
+ return fd; |
1240 |
|
1241 |
+out_free_fd: |
1242 |
@@ -107553,10 +107625,10 @@ index d52f7a0..b66cdd9 100755 |
1243 |
rm -f tags |
1244 |
xtags ctags |
1245 |
diff --git a/security/Kconfig b/security/Kconfig |
1246 |
-index fb363cd..124d914 100644 |
1247 |
+index fb363cd..a34a964 100644 |
1248 |
--- a/security/Kconfig |
1249 |
+++ b/security/Kconfig |
1250 |
-@@ -4,6 +4,870 @@ |
1251 |
+@@ -4,6 +4,882 @@ |
1252 |
|
1253 |
menu "Security options" |
1254 |
|
1255 |
@@ -108140,6 +108212,10 @@ index fb363cd..124d914 100644 |
1256 |
+ Select the method used to instrument function pointer dereferences. |
1257 |
+ Note that binary modules cannot be instrumented by this approach. |
1258 |
+ |
1259 |
++ Note that the implementation requires a gcc with plugin support, |
1260 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
1261 |
++ headers explicitly in addition to the normal gcc package. |
1262 |
++ |
1263 |
+ config PAX_KERNEXEC_PLUGIN_METHOD_BTS |
1264 |
+ bool "bts" |
1265 |
+ help |
1266 |
@@ -108313,11 +108389,12 @@ index fb363cd..124d914 100644 |
1267 |
+ and you are advised to test this feature on your expected workload |
1268 |
+ before deploying it. |
1269 |
+ |
1270 |
-+ Note: full support for this feature requires gcc with plugin support |
1271 |
-+ so make sure your compiler is at least gcc 4.5.0. Using older gcc |
1272 |
-+ versions means that functions with large enough stack frames may |
1273 |
-+ leave uninitialized memory behind that may be exposed to a later |
1274 |
-+ syscall leaking the stack. |
1275 |
++ Note that the full feature requires a gcc with plugin support, |
1276 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
1277 |
++ headers explicitly in addition to the normal gcc package. Using |
1278 |
++ older gcc versions means that functions with large enough stack |
1279 |
++ frames may leave uninitialized memory behind that may be exposed |
1280 |
++ to a later syscall leaking the stack. |
1281 |
+ |
1282 |
+config PAX_MEMORY_UDEREF |
1283 |
+ bool "Prevent invalid userland pointer dereference" |
1284 |
@@ -108395,11 +108472,14 @@ index fb363cd..124d914 100644 |
1285 |
+ arguments marked by a size_overflow attribute with double integer |
1286 |
+ precision (DImode/TImode for 32/64 bit integer types). |
1287 |
+ |
1288 |
-+ The recomputed argument is checked against INT_MAX and an event |
1289 |
++ The recomputed argument is checked against TYPE_MAX and an event |
1290 |
+ is logged on overflow and the triggering process is killed. |
1291 |
+ |
1292 |
-+ Homepage: |
1293 |
-+ http://www.grsecurity.net/~ephox/overflow_plugin/ |
1294 |
++ Homepage: http://www.grsecurity.net/~ephox/overflow_plugin/ |
1295 |
++ |
1296 |
++ Note that the implementation requires a gcc with plugin support, |
1297 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
1298 |
++ headers explicitly in addition to the normal gcc package. |
1299 |
+ |
1300 |
+config PAX_LATENT_ENTROPY |
1301 |
+ bool "Generate some entropy during boot" |
1302 |
@@ -108411,6 +108491,10 @@ index fb363cd..124d914 100644 |
1303 |
+ there is little 'natural' source of entropy normally. The cost |
1304 |
+ is some slowdown of the boot process. |
1305 |
+ |
1306 |
++ Note that the implementation requires a gcc with plugin support, |
1307 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
1308 |
++ headers explicitly in addition to the normal gcc package. |
1309 |
++ |
1310 |
+ Note that entropy extracted this way is not cryptographically |
1311 |
+ secure! |
1312 |
+ |
1313 |
@@ -108427,7 +108511,7 @@ index fb363cd..124d914 100644 |
1314 |
config KEYS |
1315 |
bool "Enable access key retention support" |
1316 |
help |
1317 |
-@@ -146,7 +1010,7 @@ config INTEL_TXT |
1318 |
+@@ -146,7 +1022,7 @@ config INTEL_TXT |
1319 |
config LSM_MMAP_MIN_ADDR |
1320 |
int "Low address space for LSM to protect from user allocation" |
1321 |
depends on SECURITY && SECURITY_SELINUX |
1322 |
|
1323 |
diff --git a/3.2.28/0000_README b/3.2.28/0000_README |
1324 |
index af762d4..8e8f3c9 100644 |
1325 |
--- a/3.2.28/0000_README |
1326 |
+++ b/3.2.28/0000_README |
1327 |
@@ -30,7 +30,7 @@ Patch: 1027_linux-3.2.28.patch |
1328 |
From: http://www.kernel.org |
1329 |
Desc: Linux 3.2.28 |
1330 |
|
1331 |
-Patch: 4420_grsecurity-2.9.1-3.2.28-201208232048.patch |
1332 |
+Patch: 4420_grsecurity-2.9.1-3.2.28-201208271905.patch |
1333 |
From: http://www.grsecurity.net |
1334 |
Desc: hardened-sources base patch from upstream grsecurity |
1335 |
|
1336 |
|
1337 |
diff --git a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208232048.patch b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch |
1338 |
similarity index 99% |
1339 |
rename from 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208232048.patch |
1340 |
rename to 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch |
1341 |
index 3457f14..11d1b8e 100644 |
1342 |
--- a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208232048.patch |
1343 |
+++ b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch |
1344 |
@@ -4435,6 +4435,26 @@ index a50b5ec..547078a 100644 |
1345 |
regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp; |
1346 |
} else { |
1347 |
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); |
1348 |
+diff --git a/arch/powerpc/kernel/syscalls.c b/arch/powerpc/kernel/syscalls.c |
1349 |
+index f2496f2..4e3cc47 100644 |
1350 |
+--- a/arch/powerpc/kernel/syscalls.c |
1351 |
++++ b/arch/powerpc/kernel/syscalls.c |
1352 |
+@@ -107,11 +107,11 @@ long ppc64_personality(unsigned long personality) |
1353 |
+ long ret; |
1354 |
+ |
1355 |
+ if (personality(current->personality) == PER_LINUX32 |
1356 |
+- && personality == PER_LINUX) |
1357 |
+- personality = PER_LINUX32; |
1358 |
++ && personality(personality) == PER_LINUX) |
1359 |
++ personality = (personality & ~PER_MASK) | PER_LINUX32; |
1360 |
+ ret = sys_personality(personality); |
1361 |
+- if (ret == PER_LINUX32) |
1362 |
+- ret = PER_LINUX; |
1363 |
++ if (personality(ret) == PER_LINUX32) |
1364 |
++ ret = (ret & ~PER_MASK) | PER_LINUX; |
1365 |
+ return ret; |
1366 |
+ } |
1367 |
+ #endif |
1368 |
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c |
1369 |
index 5459d14..10f8070 100644 |
1370 |
--- a/arch/powerpc/kernel/traps.c |
1371 |
@@ -8730,7 +8750,7 @@ index 6557769..ef6ae89 100644 |
1372 |
|
1373 |
if (err) |
1374 |
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S |
1375 |
-index a6253ec..4ad2120 100644 |
1376 |
+index a6253ec..0a325de 100644 |
1377 |
--- a/arch/x86/ia32/ia32entry.S |
1378 |
+++ b/arch/x86/ia32/ia32entry.S |
1379 |
@@ -13,7 +13,9 @@ |
1380 |
@@ -8789,7 +8809,7 @@ index a6253ec..4ad2120 100644 |
1381 |
movl %ebp,%ebp /* zero extension */ |
1382 |
pushq_cfi $__USER32_DS |
1383 |
/*CFI_REL_OFFSET ss,0*/ |
1384 |
-@@ -134,25 +156,39 @@ ENTRY(ia32_sysenter_target) |
1385 |
+@@ -134,25 +156,44 @@ ENTRY(ia32_sysenter_target) |
1386 |
CFI_REL_OFFSET rsp,0 |
1387 |
pushfq_cfi |
1388 |
/*CFI_REL_OFFSET rflags,0*/ |
1389 |
@@ -8809,6 +8829,11 @@ index a6253ec..4ad2120 100644 |
1390 |
cld |
1391 |
SAVE_ARGS 0,1,0 |
1392 |
+ pax_enter_kernel_user |
1393 |
++ |
1394 |
++#ifdef CONFIG_PAX_RANDKSTACK |
1395 |
++ pax_erase_kstack |
1396 |
++#endif |
1397 |
++ |
1398 |
+ /* |
1399 |
+ * No need to follow this irqs on/off section: the syscall |
1400 |
+ * disabled irqs, here we enable it straight after entry: |
1401 |
@@ -8835,7 +8860,7 @@ index a6253ec..4ad2120 100644 |
1402 |
CFI_REMEMBER_STATE |
1403 |
jnz sysenter_tracesys |
1404 |
cmpq $(IA32_NR_syscalls-1),%rax |
1405 |
-@@ -162,13 +198,15 @@ sysenter_do_call: |
1406 |
+@@ -162,13 +203,15 @@ sysenter_do_call: |
1407 |
sysenter_dispatch: |
1408 |
call *ia32_sys_call_table(,%rax,8) |
1409 |
movq %rax,RAX-ARGOFFSET(%rsp) |
1410 |
@@ -8854,7 +8879,7 @@ index a6253ec..4ad2120 100644 |
1411 |
/* clear IF, that popfq doesn't enable interrupts early */ |
1412 |
andl $~0x200,EFLAGS-R11(%rsp) |
1413 |
movl RIP-R11(%rsp),%edx /* User %eip */ |
1414 |
-@@ -194,6 +232,9 @@ sysexit_from_sys_call: |
1415 |
+@@ -194,6 +237,9 @@ sysexit_from_sys_call: |
1416 |
movl %eax,%esi /* 2nd arg: syscall number */ |
1417 |
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ |
1418 |
call audit_syscall_entry |
1419 |
@@ -8864,7 +8889,7 @@ index a6253ec..4ad2120 100644 |
1420 |
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ |
1421 |
cmpq $(IA32_NR_syscalls-1),%rax |
1422 |
ja ia32_badsys |
1423 |
-@@ -205,7 +246,7 @@ sysexit_from_sys_call: |
1424 |
+@@ -205,7 +251,7 @@ sysexit_from_sys_call: |
1425 |
.endm |
1426 |
|
1427 |
.macro auditsys_exit exit |
1428 |
@@ -8873,7 +8898,7 @@ index a6253ec..4ad2120 100644 |
1429 |
jnz ia32_ret_from_sys_call |
1430 |
TRACE_IRQS_ON |
1431 |
sti |
1432 |
-@@ -215,12 +256,12 @@ sysexit_from_sys_call: |
1433 |
+@@ -215,12 +261,12 @@ sysexit_from_sys_call: |
1434 |
movzbl %al,%edi /* zero-extend that into %edi */ |
1435 |
inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ |
1436 |
call audit_syscall_exit |
1437 |
@@ -8888,7 +8913,7 @@ index a6253ec..4ad2120 100644 |
1438 |
jz \exit |
1439 |
CLEAR_RREGS -ARGOFFSET |
1440 |
jmp int_with_check |
1441 |
-@@ -238,7 +279,7 @@ sysexit_audit: |
1442 |
+@@ -238,7 +284,7 @@ sysexit_audit: |
1443 |
|
1444 |
sysenter_tracesys: |
1445 |
#ifdef CONFIG_AUDITSYSCALL |
1446 |
@@ -8897,17 +8922,17 @@ index a6253ec..4ad2120 100644 |
1447 |
jz sysenter_auditsys |
1448 |
#endif |
1449 |
SAVE_REST |
1450 |
-@@ -246,6 +287,9 @@ sysenter_tracesys: |
1451 |
- movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ |
1452 |
- movq %rsp,%rdi /* &pt_regs -> arg1 */ |
1453 |
- call syscall_trace_enter |
1454 |
+@@ -250,6 +296,9 @@ sysenter_tracesys: |
1455 |
+ RESTORE_REST |
1456 |
+ cmpq $(IA32_NR_syscalls-1),%rax |
1457 |
+ ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ |
1458 |
+ |
1459 |
+ pax_erase_kstack |
1460 |
+ |
1461 |
- LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
1462 |
- RESTORE_REST |
1463 |
- cmpq $(IA32_NR_syscalls-1),%rax |
1464 |
-@@ -277,19 +321,20 @@ ENDPROC(ia32_sysenter_target) |
1465 |
+ jmp sysenter_do_call |
1466 |
+ CFI_ENDPROC |
1467 |
+ ENDPROC(ia32_sysenter_target) |
1468 |
+@@ -277,19 +326,25 @@ ENDPROC(ia32_sysenter_target) |
1469 |
ENTRY(ia32_cstar_target) |
1470 |
CFI_STARTPROC32 simple |
1471 |
CFI_SIGNAL_FRAME |
1472 |
@@ -8921,6 +8946,11 @@ index a6253ec..4ad2120 100644 |
1473 |
movq PER_CPU_VAR(kernel_stack),%rsp |
1474 |
+ SAVE_ARGS 8*6,0,0 |
1475 |
+ pax_enter_kernel_user |
1476 |
++ |
1477 |
++#ifdef CONFIG_PAX_RANDKSTACK |
1478 |
++ pax_erase_kstack |
1479 |
++#endif |
1480 |
++ |
1481 |
/* |
1482 |
* No need to follow this irqs on/off section: the syscall |
1483 |
* disabled irqs and here we enable it straight after entry: |
1484 |
@@ -8930,7 +8960,7 @@ index a6253ec..4ad2120 100644 |
1485 |
movl %eax,%eax /* zero extension */ |
1486 |
movq %rax,ORIG_RAX-ARGOFFSET(%rsp) |
1487 |
movq %rcx,RIP-ARGOFFSET(%rsp) |
1488 |
-@@ -305,13 +350,19 @@ ENTRY(ia32_cstar_target) |
1489 |
+@@ -305,13 +360,19 @@ ENTRY(ia32_cstar_target) |
1490 |
/* no need to do an access_ok check here because r8 has been |
1491 |
32bit zero extended */ |
1492 |
/* hardware stack frame is complete now */ |
1493 |
@@ -8953,7 +8983,7 @@ index a6253ec..4ad2120 100644 |
1494 |
CFI_REMEMBER_STATE |
1495 |
jnz cstar_tracesys |
1496 |
cmpq $IA32_NR_syscalls-1,%rax |
1497 |
-@@ -321,13 +372,15 @@ cstar_do_call: |
1498 |
+@@ -321,13 +382,15 @@ cstar_do_call: |
1499 |
cstar_dispatch: |
1500 |
call *ia32_sys_call_table(,%rax,8) |
1501 |
movq %rax,RAX-ARGOFFSET(%rsp) |
1502 |
@@ -8972,7 +9002,7 @@ index a6253ec..4ad2120 100644 |
1503 |
RESTORE_ARGS 0,-ARG_SKIP,0,0,0 |
1504 |
movl RIP-ARGOFFSET(%rsp),%ecx |
1505 |
CFI_REGISTER rip,rcx |
1506 |
-@@ -355,7 +408,7 @@ sysretl_audit: |
1507 |
+@@ -355,7 +418,7 @@ sysretl_audit: |
1508 |
|
1509 |
cstar_tracesys: |
1510 |
#ifdef CONFIG_AUDITSYSCALL |
1511 |
@@ -8981,17 +9011,17 @@ index a6253ec..4ad2120 100644 |
1512 |
jz cstar_auditsys |
1513 |
#endif |
1514 |
xchgl %r9d,%ebp |
1515 |
-@@ -364,6 +417,9 @@ cstar_tracesys: |
1516 |
- movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ |
1517 |
- movq %rsp,%rdi /* &pt_regs -> arg1 */ |
1518 |
- call syscall_trace_enter |
1519 |
+@@ -369,6 +432,9 @@ cstar_tracesys: |
1520 |
+ xchgl %ebp,%r9d |
1521 |
+ cmpq $(IA32_NR_syscalls-1),%rax |
1522 |
+ ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ |
1523 |
+ |
1524 |
+ pax_erase_kstack |
1525 |
+ |
1526 |
- LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ |
1527 |
- RESTORE_REST |
1528 |
- xchgl %ebp,%r9d |
1529 |
-@@ -409,20 +465,21 @@ ENTRY(ia32_syscall) |
1530 |
+ jmp cstar_do_call |
1531 |
+ END(ia32_cstar_target) |
1532 |
+ |
1533 |
+@@ -409,20 +475,26 @@ ENTRY(ia32_syscall) |
1534 |
CFI_REL_OFFSET rip,RIP-RIP |
1535 |
PARAVIRT_ADJUST_EXCEPTION_FRAME |
1536 |
SWAPGS |
1537 |
@@ -9010,6 +9040,11 @@ index a6253ec..4ad2120 100644 |
1538 |
- orl $TS_COMPAT,TI_status(%r10) |
1539 |
- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) |
1540 |
+ pax_enter_kernel_user |
1541 |
++ |
1542 |
++#ifdef CONFIG_PAX_RANDKSTACK |
1543 |
++ pax_erase_kstack |
1544 |
++#endif |
1545 |
++ |
1546 |
+ /* |
1547 |
+ * No need to follow this irqs on/off section: the syscall |
1548 |
+ * disabled irqs and here we enable it straight after entry: |
1549 |
@@ -9021,17 +9056,17 @@ index a6253ec..4ad2120 100644 |
1550 |
jnz ia32_tracesys |
1551 |
cmpq $(IA32_NR_syscalls-1),%rax |
1552 |
ja ia32_badsys |
1553 |
-@@ -441,6 +498,9 @@ ia32_tracesys: |
1554 |
- movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ |
1555 |
- movq %rsp,%rdi /* &pt_regs -> arg1 */ |
1556 |
- call syscall_trace_enter |
1557 |
+@@ -445,6 +517,9 @@ ia32_tracesys: |
1558 |
+ RESTORE_REST |
1559 |
+ cmpq $(IA32_NR_syscalls-1),%rax |
1560 |
+ ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ |
1561 |
+ |
1562 |
+ pax_erase_kstack |
1563 |
+ |
1564 |
- LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ |
1565 |
- RESTORE_REST |
1566 |
- cmpq $(IA32_NR_syscalls-1),%rax |
1567 |
-@@ -455,6 +515,7 @@ ia32_badsys: |
1568 |
+ jmp ia32_do_call |
1569 |
+ END(ia32_syscall) |
1570 |
+ |
1571 |
+@@ -455,6 +530,7 @@ ia32_badsys: |
1572 |
|
1573 |
quiet_ni_syscall: |
1574 |
movq $-ENOSYS,%rax |
1575 |
@@ -14925,10 +14960,10 @@ index cd28a35..c72ed9a 100644 |
1576 |
#include <asm/processor.h> |
1577 |
#include <asm/fcntl.h> |
1578 |
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S |
1579 |
-index bcda816..5c89791 100644 |
1580 |
+index bcda816..cbab6db 100644 |
1581 |
--- a/arch/x86/kernel/entry_32.S |
1582 |
+++ b/arch/x86/kernel/entry_32.S |
1583 |
-@@ -180,13 +180,146 @@ |
1584 |
+@@ -180,13 +180,153 @@ |
1585 |
/*CFI_REL_OFFSET gs, PT_GS*/ |
1586 |
.endm |
1587 |
.macro SET_KERNEL_GS reg |
1588 |
@@ -15032,10 +15067,10 @@ index bcda816..5c89791 100644 |
1589 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
1590 |
+/* |
1591 |
+ * ebp: thread_info |
1592 |
-+ * ecx, edx: can be clobbered |
1593 |
+ */ |
1594 |
+ENTRY(pax_erase_kstack) |
1595 |
+ pushl %edi |
1596 |
++ pushl %ecx |
1597 |
+ pushl %eax |
1598 |
+ |
1599 |
+ mov TI_lowest_stack(%ebp), %edi |
1600 |
@@ -15059,6 +15094,12 @@ index bcda816..5c89791 100644 |
1601 |
+2: cld |
1602 |
+ mov %esp, %ecx |
1603 |
+ sub %edi, %ecx |
1604 |
++ |
1605 |
++ cmp $THREAD_SIZE_asm, %ecx |
1606 |
++ jb 3f |
1607 |
++ ud2 |
1608 |
++3: |
1609 |
++ |
1610 |
+ shr $2, %ecx |
1611 |
+ rep stosl |
1612 |
+ |
1613 |
@@ -15067,6 +15108,7 @@ index bcda816..5c89791 100644 |
1614 |
+ mov %edi, TI_lowest_stack(%ebp) |
1615 |
+ |
1616 |
+ popl %eax |
1617 |
++ popl %ecx |
1618 |
+ popl %edi |
1619 |
+ ret |
1620 |
+ENDPROC(pax_erase_kstack) |
1621 |
@@ -15076,7 +15118,7 @@ index bcda816..5c89791 100644 |
1622 |
cld |
1623 |
PUSH_GS |
1624 |
pushl_cfi %fs |
1625 |
-@@ -209,7 +342,7 @@ |
1626 |
+@@ -209,7 +349,7 @@ |
1627 |
CFI_REL_OFFSET ecx, 0 |
1628 |
pushl_cfi %ebx |
1629 |
CFI_REL_OFFSET ebx, 0 |
1630 |
@@ -15085,7 +15127,7 @@ index bcda816..5c89791 100644 |
1631 |
movl %edx, %ds |
1632 |
movl %edx, %es |
1633 |
movl $(__KERNEL_PERCPU), %edx |
1634 |
-@@ -217,6 +350,15 @@ |
1635 |
+@@ -217,6 +357,15 @@ |
1636 |
SET_KERNEL_GS %edx |
1637 |
.endm |
1638 |
|
1639 |
@@ -15101,7 +15143,7 @@ index bcda816..5c89791 100644 |
1640 |
.macro RESTORE_INT_REGS |
1641 |
popl_cfi %ebx |
1642 |
CFI_RESTORE ebx |
1643 |
-@@ -302,7 +444,7 @@ ENTRY(ret_from_fork) |
1644 |
+@@ -302,7 +451,7 @@ ENTRY(ret_from_fork) |
1645 |
popfl_cfi |
1646 |
jmp syscall_exit |
1647 |
CFI_ENDPROC |
1648 |
@@ -15110,7 +15152,7 @@ index bcda816..5c89791 100644 |
1649 |
|
1650 |
/* |
1651 |
* Interrupt exit functions should be protected against kprobes |
1652 |
-@@ -336,7 +478,15 @@ resume_userspace_sig: |
1653 |
+@@ -336,7 +485,15 @@ resume_userspace_sig: |
1654 |
andl $SEGMENT_RPL_MASK, %eax |
1655 |
#endif |
1656 |
cmpl $USER_RPL, %eax |
1657 |
@@ -15126,7 +15168,7 @@ index bcda816..5c89791 100644 |
1658 |
|
1659 |
ENTRY(resume_userspace) |
1660 |
LOCKDEP_SYS_EXIT |
1661 |
-@@ -348,8 +498,8 @@ ENTRY(resume_userspace) |
1662 |
+@@ -348,8 +505,8 @@ ENTRY(resume_userspace) |
1663 |
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on |
1664 |
# int/exception return? |
1665 |
jne work_pending |
1666 |
@@ -15137,7 +15179,7 @@ index bcda816..5c89791 100644 |
1667 |
|
1668 |
#ifdef CONFIG_PREEMPT |
1669 |
ENTRY(resume_kernel) |
1670 |
-@@ -364,7 +514,7 @@ need_resched: |
1671 |
+@@ -364,7 +521,7 @@ need_resched: |
1672 |
jz restore_all |
1673 |
call preempt_schedule_irq |
1674 |
jmp need_resched |
1675 |
@@ -15146,7 +15188,7 @@ index bcda816..5c89791 100644 |
1676 |
#endif |
1677 |
CFI_ENDPROC |
1678 |
/* |
1679 |
-@@ -398,23 +548,34 @@ sysenter_past_esp: |
1680 |
+@@ -398,23 +555,34 @@ sysenter_past_esp: |
1681 |
/*CFI_REL_OFFSET cs, 0*/ |
1682 |
/* |
1683 |
* Push current_thread_info()->sysenter_return to the stack. |
1684 |
@@ -15184,7 +15226,18 @@ index bcda816..5c89791 100644 |
1685 |
movl %ebp,PT_EBP(%esp) |
1686 |
.section __ex_table,"a" |
1687 |
.align 4 |
1688 |
-@@ -437,12 +598,24 @@ sysenter_do_call: |
1689 |
+@@ -423,6 +591,10 @@ sysenter_past_esp: |
1690 |
+ |
1691 |
+ GET_THREAD_INFO(%ebp) |
1692 |
+ |
1693 |
++#ifdef CONFIG_PAX_RANDKSTACK |
1694 |
++ pax_erase_kstack |
1695 |
++#endif |
1696 |
++ |
1697 |
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) |
1698 |
+ jnz sysenter_audit |
1699 |
+ sysenter_do_call: |
1700 |
+@@ -437,12 +609,24 @@ sysenter_do_call: |
1701 |
testl $_TIF_ALLWORK_MASK, %ecx |
1702 |
jne sysexit_audit |
1703 |
sysenter_exit: |
1704 |
@@ -15209,7 +15262,7 @@ index bcda816..5c89791 100644 |
1705 |
PTGS_TO_GS |
1706 |
ENABLE_INTERRUPTS_SYSEXIT |
1707 |
|
1708 |
-@@ -459,6 +632,9 @@ sysenter_audit: |
1709 |
+@@ -459,6 +643,9 @@ sysenter_audit: |
1710 |
movl %eax,%edx /* 2nd arg: syscall number */ |
1711 |
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ |
1712 |
call audit_syscall_entry |
1713 |
@@ -15219,7 +15272,7 @@ index bcda816..5c89791 100644 |
1714 |
pushl_cfi %ebx |
1715 |
movl PT_EAX(%esp),%eax /* reload syscall number */ |
1716 |
jmp sysenter_do_call |
1717 |
-@@ -485,11 +661,17 @@ sysexit_audit: |
1718 |
+@@ -485,11 +672,17 @@ sysexit_audit: |
1719 |
|
1720 |
CFI_ENDPROC |
1721 |
.pushsection .fixup,"ax" |
1722 |
@@ -15239,7 +15292,19 @@ index bcda816..5c89791 100644 |
1723 |
.popsection |
1724 |
PTGS_TO_GS_EX |
1725 |
ENDPROC(ia32_sysenter_target) |
1726 |
-@@ -522,6 +704,15 @@ syscall_exit: |
1727 |
+@@ -504,6 +697,11 @@ ENTRY(system_call) |
1728 |
+ pushl_cfi %eax # save orig_eax |
1729 |
+ SAVE_ALL |
1730 |
+ GET_THREAD_INFO(%ebp) |
1731 |
++ |
1732 |
++#ifdef CONFIG_PAX_RANDKSTACK |
1733 |
++ pax_erase_kstack |
1734 |
++#endif |
1735 |
++ |
1736 |
+ # system call tracing in operation / emulation |
1737 |
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) |
1738 |
+ jnz syscall_trace_entry |
1739 |
+@@ -522,6 +720,15 @@ syscall_exit: |
1740 |
testl $_TIF_ALLWORK_MASK, %ecx # current->work |
1741 |
jne syscall_exit_work |
1742 |
|
1743 |
@@ -15255,7 +15320,7 @@ index bcda816..5c89791 100644 |
1744 |
restore_all: |
1745 |
TRACE_IRQS_IRET |
1746 |
restore_all_notrace: |
1747 |
-@@ -581,14 +772,34 @@ ldt_ss: |
1748 |
+@@ -581,14 +788,34 @@ ldt_ss: |
1749 |
* compensating for the offset by changing to the ESPFIX segment with |
1750 |
* a base address that matches for the difference. |
1751 |
*/ |
1752 |
@@ -15293,7 +15358,7 @@ index bcda816..5c89791 100644 |
1753 |
pushl_cfi $__ESPFIX_SS |
1754 |
pushl_cfi %eax /* new kernel esp */ |
1755 |
/* Disable interrupts, but do not irqtrace this section: we |
1756 |
-@@ -617,34 +828,28 @@ work_resched: |
1757 |
+@@ -617,34 +844,28 @@ work_resched: |
1758 |
movl TI_flags(%ebp), %ecx |
1759 |
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other |
1760 |
# than syscall tracing? |
1761 |
@@ -15333,7 +15398,7 @@ index bcda816..5c89791 100644 |
1762 |
|
1763 |
# perform syscall exit tracing |
1764 |
ALIGN |
1765 |
-@@ -652,11 +857,14 @@ syscall_trace_entry: |
1766 |
+@@ -652,11 +873,14 @@ syscall_trace_entry: |
1767 |
movl $-ENOSYS,PT_EAX(%esp) |
1768 |
movl %esp, %eax |
1769 |
call syscall_trace_enter |
1770 |
@@ -15349,7 +15414,7 @@ index bcda816..5c89791 100644 |
1771 |
|
1772 |
# perform syscall exit tracing |
1773 |
ALIGN |
1774 |
-@@ -669,20 +877,24 @@ syscall_exit_work: |
1775 |
+@@ -669,20 +893,24 @@ syscall_exit_work: |
1776 |
movl %esp, %eax |
1777 |
call syscall_trace_leave |
1778 |
jmp resume_userspace |
1779 |
@@ -15377,7 +15442,7 @@ index bcda816..5c89791 100644 |
1780 |
CFI_ENDPROC |
1781 |
/* |
1782 |
* End of kprobes section |
1783 |
-@@ -756,6 +968,36 @@ ptregs_clone: |
1784 |
+@@ -756,6 +984,36 @@ ptregs_clone: |
1785 |
CFI_ENDPROC |
1786 |
ENDPROC(ptregs_clone) |
1787 |
|
1788 |
@@ -15414,7 +15479,7 @@ index bcda816..5c89791 100644 |
1789 |
.macro FIXUP_ESPFIX_STACK |
1790 |
/* |
1791 |
* Switch back for ESPFIX stack to the normal zerobased stack |
1792 |
-@@ -765,8 +1007,15 @@ ENDPROC(ptregs_clone) |
1793 |
+@@ -765,8 +1023,15 @@ ENDPROC(ptregs_clone) |
1794 |
* normal stack and adjusts ESP with the matching offset. |
1795 |
*/ |
1796 |
/* fixup the stack */ |
1797 |
@@ -15432,7 +15497,7 @@ index bcda816..5c89791 100644 |
1798 |
shl $16, %eax |
1799 |
addl %esp, %eax /* the adjusted stack pointer */ |
1800 |
pushl_cfi $__KERNEL_DS |
1801 |
-@@ -819,7 +1068,7 @@ vector=vector+1 |
1802 |
+@@ -819,7 +1084,7 @@ vector=vector+1 |
1803 |
.endr |
1804 |
2: jmp common_interrupt |
1805 |
.endr |
1806 |
@@ -15441,7 +15506,7 @@ index bcda816..5c89791 100644 |
1807 |
|
1808 |
.previous |
1809 |
END(interrupt) |
1810 |
-@@ -867,7 +1116,7 @@ ENTRY(coprocessor_error) |
1811 |
+@@ -867,7 +1132,7 @@ ENTRY(coprocessor_error) |
1812 |
pushl_cfi $do_coprocessor_error |
1813 |
jmp error_code |
1814 |
CFI_ENDPROC |
1815 |
@@ -15450,7 +15515,7 @@ index bcda816..5c89791 100644 |
1816 |
|
1817 |
ENTRY(simd_coprocessor_error) |
1818 |
RING0_INT_FRAME |
1819 |
-@@ -888,7 +1137,7 @@ ENTRY(simd_coprocessor_error) |
1820 |
+@@ -888,7 +1153,7 @@ ENTRY(simd_coprocessor_error) |
1821 |
#endif |
1822 |
jmp error_code |
1823 |
CFI_ENDPROC |
1824 |
@@ -15459,7 +15524,7 @@ index bcda816..5c89791 100644 |
1825 |
|
1826 |
ENTRY(device_not_available) |
1827 |
RING0_INT_FRAME |
1828 |
-@@ -896,7 +1145,7 @@ ENTRY(device_not_available) |
1829 |
+@@ -896,7 +1161,7 @@ ENTRY(device_not_available) |
1830 |
pushl_cfi $do_device_not_available |
1831 |
jmp error_code |
1832 |
CFI_ENDPROC |
1833 |
@@ -15468,7 +15533,7 @@ index bcda816..5c89791 100644 |
1834 |
|
1835 |
#ifdef CONFIG_PARAVIRT |
1836 |
ENTRY(native_iret) |
1837 |
-@@ -905,12 +1154,12 @@ ENTRY(native_iret) |
1838 |
+@@ -905,12 +1170,12 @@ ENTRY(native_iret) |
1839 |
.align 4 |
1840 |
.long native_iret, iret_exc |
1841 |
.previous |
1842 |
@@ -15483,7 +15548,7 @@ index bcda816..5c89791 100644 |
1843 |
#endif |
1844 |
|
1845 |
ENTRY(overflow) |
1846 |
-@@ -919,7 +1168,7 @@ ENTRY(overflow) |
1847 |
+@@ -919,7 +1184,7 @@ ENTRY(overflow) |
1848 |
pushl_cfi $do_overflow |
1849 |
jmp error_code |
1850 |
CFI_ENDPROC |
1851 |
@@ -15492,7 +15557,7 @@ index bcda816..5c89791 100644 |
1852 |
|
1853 |
ENTRY(bounds) |
1854 |
RING0_INT_FRAME |
1855 |
-@@ -927,7 +1176,7 @@ ENTRY(bounds) |
1856 |
+@@ -927,7 +1192,7 @@ ENTRY(bounds) |
1857 |
pushl_cfi $do_bounds |
1858 |
jmp error_code |
1859 |
CFI_ENDPROC |
1860 |
@@ -15501,7 +15566,7 @@ index bcda816..5c89791 100644 |
1861 |
|
1862 |
ENTRY(invalid_op) |
1863 |
RING0_INT_FRAME |
1864 |
-@@ -935,7 +1184,7 @@ ENTRY(invalid_op) |
1865 |
+@@ -935,7 +1200,7 @@ ENTRY(invalid_op) |
1866 |
pushl_cfi $do_invalid_op |
1867 |
jmp error_code |
1868 |
CFI_ENDPROC |
1869 |
@@ -15510,7 +15575,7 @@ index bcda816..5c89791 100644 |
1870 |
|
1871 |
ENTRY(coprocessor_segment_overrun) |
1872 |
RING0_INT_FRAME |
1873 |
-@@ -943,35 +1192,35 @@ ENTRY(coprocessor_segment_overrun) |
1874 |
+@@ -943,35 +1208,35 @@ ENTRY(coprocessor_segment_overrun) |
1875 |
pushl_cfi $do_coprocessor_segment_overrun |
1876 |
jmp error_code |
1877 |
CFI_ENDPROC |
1878 |
@@ -15551,7 +15616,7 @@ index bcda816..5c89791 100644 |
1879 |
|
1880 |
ENTRY(divide_error) |
1881 |
RING0_INT_FRAME |
1882 |
-@@ -979,7 +1228,7 @@ ENTRY(divide_error) |
1883 |
+@@ -979,7 +1244,7 @@ ENTRY(divide_error) |
1884 |
pushl_cfi $do_divide_error |
1885 |
jmp error_code |
1886 |
CFI_ENDPROC |
1887 |
@@ -15560,7 +15625,7 @@ index bcda816..5c89791 100644 |
1888 |
|
1889 |
#ifdef CONFIG_X86_MCE |
1890 |
ENTRY(machine_check) |
1891 |
-@@ -988,7 +1237,7 @@ ENTRY(machine_check) |
1892 |
+@@ -988,7 +1253,7 @@ ENTRY(machine_check) |
1893 |
pushl_cfi machine_check_vector |
1894 |
jmp error_code |
1895 |
CFI_ENDPROC |
1896 |
@@ -15569,7 +15634,7 @@ index bcda816..5c89791 100644 |
1897 |
#endif |
1898 |
|
1899 |
ENTRY(spurious_interrupt_bug) |
1900 |
-@@ -997,7 +1246,7 @@ ENTRY(spurious_interrupt_bug) |
1901 |
+@@ -997,7 +1262,7 @@ ENTRY(spurious_interrupt_bug) |
1902 |
pushl_cfi $do_spurious_interrupt_bug |
1903 |
jmp error_code |
1904 |
CFI_ENDPROC |
1905 |
@@ -15578,7 +15643,7 @@ index bcda816..5c89791 100644 |
1906 |
/* |
1907 |
* End of kprobes section |
1908 |
*/ |
1909 |
-@@ -1112,7 +1361,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, |
1910 |
+@@ -1112,7 +1377,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, |
1911 |
|
1912 |
ENTRY(mcount) |
1913 |
ret |
1914 |
@@ -15587,7 +15652,7 @@ index bcda816..5c89791 100644 |
1915 |
|
1916 |
ENTRY(ftrace_caller) |
1917 |
cmpl $0, function_trace_stop |
1918 |
-@@ -1141,7 +1390,7 @@ ftrace_graph_call: |
1919 |
+@@ -1141,7 +1406,7 @@ ftrace_graph_call: |
1920 |
.globl ftrace_stub |
1921 |
ftrace_stub: |
1922 |
ret |
1923 |
@@ -15596,7 +15661,7 @@ index bcda816..5c89791 100644 |
1924 |
|
1925 |
#else /* ! CONFIG_DYNAMIC_FTRACE */ |
1926 |
|
1927 |
-@@ -1177,7 +1426,7 @@ trace: |
1928 |
+@@ -1177,7 +1442,7 @@ trace: |
1929 |
popl %ecx |
1930 |
popl %eax |
1931 |
jmp ftrace_stub |
1932 |
@@ -15605,7 +15670,7 @@ index bcda816..5c89791 100644 |
1933 |
#endif /* CONFIG_DYNAMIC_FTRACE */ |
1934 |
#endif /* CONFIG_FUNCTION_TRACER */ |
1935 |
|
1936 |
-@@ -1198,7 +1447,7 @@ ENTRY(ftrace_graph_caller) |
1937 |
+@@ -1198,7 +1463,7 @@ ENTRY(ftrace_graph_caller) |
1938 |
popl %ecx |
1939 |
popl %eax |
1940 |
ret |
1941 |
@@ -15614,7 +15679,7 @@ index bcda816..5c89791 100644 |
1942 |
|
1943 |
.globl return_to_handler |
1944 |
return_to_handler: |
1945 |
-@@ -1212,7 +1461,6 @@ return_to_handler: |
1946 |
+@@ -1212,7 +1477,6 @@ return_to_handler: |
1947 |
jmp *%ecx |
1948 |
#endif |
1949 |
|
1950 |
@@ -15622,7 +15687,7 @@ index bcda816..5c89791 100644 |
1951 |
#include "syscall_table_32.S" |
1952 |
|
1953 |
syscall_table_size=(.-sys_call_table) |
1954 |
-@@ -1258,15 +1506,18 @@ error_code: |
1955 |
+@@ -1258,15 +1522,18 @@ error_code: |
1956 |
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart |
1957 |
REG_TO_PTGS %ecx |
1958 |
SET_KERNEL_GS %ecx |
1959 |
@@ -15643,7 +15708,7 @@ index bcda816..5c89791 100644 |
1960 |
|
1961 |
/* |
1962 |
* Debug traps and NMI can happen at the one SYSENTER instruction |
1963 |
-@@ -1308,7 +1559,7 @@ debug_stack_correct: |
1964 |
+@@ -1308,7 +1575,7 @@ debug_stack_correct: |
1965 |
call do_debug |
1966 |
jmp ret_from_exception |
1967 |
CFI_ENDPROC |
1968 |
@@ -15652,7 +15717,7 @@ index bcda816..5c89791 100644 |
1969 |
|
1970 |
/* |
1971 |
* NMI is doubly nasty. It can happen _while_ we're handling |
1972 |
-@@ -1345,6 +1596,9 @@ nmi_stack_correct: |
1973 |
+@@ -1345,6 +1612,9 @@ nmi_stack_correct: |
1974 |
xorl %edx,%edx # zero error code |
1975 |
movl %esp,%eax # pt_regs pointer |
1976 |
call do_nmi |
1977 |
@@ -15662,7 +15727,7 @@ index bcda816..5c89791 100644 |
1978 |
jmp restore_all_notrace |
1979 |
CFI_ENDPROC |
1980 |
|
1981 |
-@@ -1381,12 +1635,15 @@ nmi_espfix_stack: |
1982 |
+@@ -1381,12 +1651,15 @@ nmi_espfix_stack: |
1983 |
FIXUP_ESPFIX_STACK # %eax == %esp |
1984 |
xorl %edx,%edx # zero error code |
1985 |
call do_nmi |
1986 |
@@ -15679,7 +15744,7 @@ index bcda816..5c89791 100644 |
1987 |
|
1988 |
ENTRY(int3) |
1989 |
RING0_INT_FRAME |
1990 |
-@@ -1398,14 +1655,14 @@ ENTRY(int3) |
1991 |
+@@ -1398,14 +1671,14 @@ ENTRY(int3) |
1992 |
call do_int3 |
1993 |
jmp ret_from_exception |
1994 |
CFI_ENDPROC |
1995 |
@@ -15696,7 +15761,7 @@ index bcda816..5c89791 100644 |
1996 |
|
1997 |
#ifdef CONFIG_KVM_GUEST |
1998 |
ENTRY(async_page_fault) |
1999 |
-@@ -1413,7 +1670,7 @@ ENTRY(async_page_fault) |
2000 |
+@@ -1413,7 +1686,7 @@ ENTRY(async_page_fault) |
2001 |
pushl_cfi $do_async_page_fault |
2002 |
jmp error_code |
2003 |
CFI_ENDPROC |
2004 |
@@ -15706,7 +15771,7 @@ index bcda816..5c89791 100644 |
2005 |
|
2006 |
/* |
2007 |
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
2008 |
-index faf8d5e..4f16a68 100644 |
2009 |
+index faf8d5e..ed7340c 100644 |
2010 |
--- a/arch/x86/kernel/entry_64.S |
2011 |
+++ b/arch/x86/kernel/entry_64.S |
2012 |
@@ -55,6 +55,8 @@ |
2013 |
@@ -15782,7 +15847,7 @@ index faf8d5e..4f16a68 100644 |
2014 |
jmp *%rdi |
2015 |
#endif |
2016 |
|
2017 |
-@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64) |
2018 |
+@@ -178,6 +186,280 @@ ENTRY(native_usergs_sysret64) |
2019 |
ENDPROC(native_usergs_sysret64) |
2020 |
#endif /* CONFIG_PARAVIRT */ |
2021 |
|
2022 |
@@ -16011,12 +16076,9 @@ index faf8d5e..4f16a68 100644 |
2023 |
+.endm |
2024 |
+ |
2025 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
2026 |
-+/* |
2027 |
-+ * r11: thread_info |
2028 |
-+ * rcx, rdx: can be clobbered |
2029 |
-+ */ |
2030 |
+ENTRY(pax_erase_kstack) |
2031 |
+ pushq %rdi |
2032 |
++ pushq %rcx |
2033 |
+ pushq %rax |
2034 |
+ pushq %r11 |
2035 |
+ |
2036 |
@@ -16057,6 +16119,7 @@ index faf8d5e..4f16a68 100644 |
2037 |
+ |
2038 |
+ popq %r11 |
2039 |
+ popq %rax |
2040 |
++ popq %rcx |
2041 |
+ popq %rdi |
2042 |
+ pax_force_retaddr |
2043 |
+ ret |
2044 |
@@ -16065,7 +16128,7 @@ index faf8d5e..4f16a68 100644 |
2045 |
|
2046 |
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET |
2047 |
#ifdef CONFIG_TRACE_IRQFLAGS |
2048 |
-@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64) |
2049 |
+@@ -231,8 +513,8 @@ ENDPROC(native_usergs_sysret64) |
2050 |
.endm |
2051 |
|
2052 |
.macro UNFAKE_STACK_FRAME |
2053 |
@@ -16076,7 +16139,7 @@ index faf8d5e..4f16a68 100644 |
2054 |
.endm |
2055 |
|
2056 |
/* |
2057 |
-@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64) |
2058 |
+@@ -319,7 +601,7 @@ ENDPROC(native_usergs_sysret64) |
2059 |
movq %rsp, %rsi |
2060 |
|
2061 |
leaq -RBP(%rsp),%rdi /* arg1 for handler */ |
2062 |
@@ -16085,7 +16148,7 @@ index faf8d5e..4f16a68 100644 |
2063 |
je 1f |
2064 |
SWAPGS |
2065 |
/* |
2066 |
-@@ -355,9 +639,10 @@ ENTRY(save_rest) |
2067 |
+@@ -355,9 +637,10 @@ ENTRY(save_rest) |
2068 |
movq_cfi r15, R15+16 |
2069 |
movq %r11, 8(%rsp) /* return address */ |
2070 |
FIXUP_TOP_OF_STACK %r11, 16 |
2071 |
@@ -16097,7 +16160,7 @@ index faf8d5e..4f16a68 100644 |
2072 |
|
2073 |
/* save complete stack frame */ |
2074 |
.pushsection .kprobes.text, "ax" |
2075 |
-@@ -386,9 +671,10 @@ ENTRY(save_paranoid) |
2076 |
+@@ -386,9 +669,10 @@ ENTRY(save_paranoid) |
2077 |
js 1f /* negative -> in kernel */ |
2078 |
SWAPGS |
2079 |
xorl %ebx,%ebx |
2080 |
@@ -16110,7 +16173,7 @@ index faf8d5e..4f16a68 100644 |
2081 |
.popsection |
2082 |
|
2083 |
/* |
2084 |
-@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) |
2085 |
+@@ -410,7 +694,7 @@ ENTRY(ret_from_fork) |
2086 |
|
2087 |
RESTORE_REST |
2088 |
|
2089 |
@@ -16119,7 +16182,7 @@ index faf8d5e..4f16a68 100644 |
2090 |
je int_ret_from_sys_call |
2091 |
|
2092 |
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET |
2093 |
-@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) |
2094 |
+@@ -420,7 +704,7 @@ ENTRY(ret_from_fork) |
2095 |
jmp ret_from_sys_call # go to the SYSRET fastpath |
2096 |
|
2097 |
CFI_ENDPROC |
2098 |
@@ -16128,7 +16191,7 @@ index faf8d5e..4f16a68 100644 |
2099 |
|
2100 |
/* |
2101 |
* System call entry. Up to 6 arguments in registers are supported. |
2102 |
-@@ -456,7 +742,7 @@ END(ret_from_fork) |
2103 |
+@@ -456,7 +740,7 @@ END(ret_from_fork) |
2104 |
ENTRY(system_call) |
2105 |
CFI_STARTPROC simple |
2106 |
CFI_SIGNAL_FRAME |
2107 |
@@ -16137,12 +16200,17 @@ index faf8d5e..4f16a68 100644 |
2108 |
CFI_REGISTER rip,rcx |
2109 |
/*CFI_REGISTER rflags,r11*/ |
2110 |
SWAPGS_UNSAFE_STACK |
2111 |
-@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs) |
2112 |
+@@ -469,12 +753,18 @@ ENTRY(system_call_after_swapgs) |
2113 |
|
2114 |
movq %rsp,PER_CPU_VAR(old_rsp) |
2115 |
movq PER_CPU_VAR(kernel_stack),%rsp |
2116 |
+ SAVE_ARGS 8*6,0 |
2117 |
+ pax_enter_kernel_user |
2118 |
++ |
2119 |
++#ifdef CONFIG_PAX_RANDKSTACK |
2120 |
++ pax_erase_kstack |
2121 |
++#endif |
2122 |
++ |
2123 |
/* |
2124 |
* No need to follow this irqs off/on section - it's straight |
2125 |
* and short: |
2126 |
@@ -16152,7 +16220,7 @@ index faf8d5e..4f16a68 100644 |
2127 |
movq %rax,ORIG_RAX-ARGOFFSET(%rsp) |
2128 |
movq %rcx,RIP-ARGOFFSET(%rsp) |
2129 |
CFI_REL_OFFSET rip,RIP-ARGOFFSET |
2130 |
-@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs) |
2131 |
+@@ -484,7 +774,7 @@ ENTRY(system_call_after_swapgs) |
2132 |
system_call_fastpath: |
2133 |
cmpq $__NR_syscall_max,%rax |
2134 |
ja badsys |
2135 |
@@ -16161,7 +16229,7 @@ index faf8d5e..4f16a68 100644 |
2136 |
call *sys_call_table(,%rax,8) # XXX: rip relative |
2137 |
movq %rax,RAX-ARGOFFSET(%rsp) |
2138 |
/* |
2139 |
-@@ -503,6 +790,8 @@ sysret_check: |
2140 |
+@@ -503,6 +793,8 @@ sysret_check: |
2141 |
andl %edi,%edx |
2142 |
jnz sysret_careful |
2143 |
CFI_REMEMBER_STATE |
2144 |
@@ -16170,7 +16238,7 @@ index faf8d5e..4f16a68 100644 |
2145 |
/* |
2146 |
* sysretq will re-enable interrupts: |
2147 |
*/ |
2148 |
-@@ -554,14 +843,18 @@ badsys: |
2149 |
+@@ -554,14 +846,18 @@ badsys: |
2150 |
* jump back to the normal fast path. |
2151 |
*/ |
2152 |
auditsys: |
2153 |
@@ -16190,7 +16258,7 @@ index faf8d5e..4f16a68 100644 |
2154 |
jmp system_call_fastpath |
2155 |
|
2156 |
/* |
2157 |
-@@ -591,16 +884,20 @@ tracesys: |
2158 |
+@@ -591,16 +887,20 @@ tracesys: |
2159 |
FIXUP_TOP_OF_STACK %rdi |
2160 |
movq %rsp,%rdi |
2161 |
call syscall_trace_enter |
2162 |
@@ -16212,7 +16280,7 @@ index faf8d5e..4f16a68 100644 |
2163 |
call *sys_call_table(,%rax,8) |
2164 |
movq %rax,RAX-ARGOFFSET(%rsp) |
2165 |
/* Use IRET because user could have changed frame */ |
2166 |
-@@ -612,7 +909,7 @@ tracesys: |
2167 |
+@@ -612,7 +912,7 @@ tracesys: |
2168 |
GLOBAL(int_ret_from_sys_call) |
2169 |
DISABLE_INTERRUPTS(CLBR_NONE) |
2170 |
TRACE_IRQS_OFF |
2171 |
@@ -16221,15 +16289,18 @@ index faf8d5e..4f16a68 100644 |
2172 |
je retint_restore_args |
2173 |
movl $_TIF_ALLWORK_MASK,%edi |
2174 |
/* edi: mask to check */ |
2175 |
-@@ -623,6 +920,7 @@ GLOBAL(int_with_check) |
2176 |
+@@ -623,7 +923,9 @@ GLOBAL(int_with_check) |
2177 |
andl %edi,%edx |
2178 |
jnz int_careful |
2179 |
andl $~TS_COMPAT,TI_status(%rcx) |
2180 |
+- jmp retint_swapgs |
2181 |
++ pax_exit_kernel_user |
2182 |
+ pax_erase_kstack |
2183 |
- jmp retint_swapgs |
2184 |
++ jmp retint_swapgs_pax |
2185 |
|
2186 |
/* Either reschedule or signal or syscall exit tracking needed. */ |
2187 |
-@@ -669,7 +967,7 @@ int_restore_rest: |
2188 |
+ /* First do a reschedule test. */ |
2189 |
+@@ -669,7 +971,7 @@ int_restore_rest: |
2190 |
TRACE_IRQS_OFF |
2191 |
jmp int_with_check |
2192 |
CFI_ENDPROC |
2193 |
@@ -16238,7 +16309,7 @@ index faf8d5e..4f16a68 100644 |
2194 |
|
2195 |
/* |
2196 |
* Certain special system calls that need to save a complete full stack frame. |
2197 |
-@@ -685,7 +983,7 @@ ENTRY(\label) |
2198 |
+@@ -685,7 +987,7 @@ ENTRY(\label) |
2199 |
call \func |
2200 |
jmp ptregscall_common |
2201 |
CFI_ENDPROC |
2202 |
@@ -16247,7 +16318,7 @@ index faf8d5e..4f16a68 100644 |
2203 |
.endm |
2204 |
|
2205 |
PTREGSCALL stub_clone, sys_clone, %r8 |
2206 |
-@@ -703,9 +1001,10 @@ ENTRY(ptregscall_common) |
2207 |
+@@ -703,9 +1005,10 @@ ENTRY(ptregscall_common) |
2208 |
movq_cfi_restore R12+8, r12 |
2209 |
movq_cfi_restore RBP+8, rbp |
2210 |
movq_cfi_restore RBX+8, rbx |
2211 |
@@ -16259,7 +16330,7 @@ index faf8d5e..4f16a68 100644 |
2212 |
|
2213 |
ENTRY(stub_execve) |
2214 |
CFI_STARTPROC |
2215 |
-@@ -720,7 +1019,7 @@ ENTRY(stub_execve) |
2216 |
+@@ -720,7 +1023,7 @@ ENTRY(stub_execve) |
2217 |
RESTORE_REST |
2218 |
jmp int_ret_from_sys_call |
2219 |
CFI_ENDPROC |
2220 |
@@ -16268,7 +16339,7 @@ index faf8d5e..4f16a68 100644 |
2221 |
|
2222 |
/* |
2223 |
* sigreturn is special because it needs to restore all registers on return. |
2224 |
-@@ -738,7 +1037,7 @@ ENTRY(stub_rt_sigreturn) |
2225 |
+@@ -738,7 +1041,7 @@ ENTRY(stub_rt_sigreturn) |
2226 |
RESTORE_REST |
2227 |
jmp int_ret_from_sys_call |
2228 |
CFI_ENDPROC |
2229 |
@@ -16277,7 +16348,7 @@ index faf8d5e..4f16a68 100644 |
2230 |
|
2231 |
/* |
2232 |
* Build the entry stubs and pointer table with some assembler magic. |
2233 |
-@@ -773,7 +1072,7 @@ vector=vector+1 |
2234 |
+@@ -773,7 +1076,7 @@ vector=vector+1 |
2235 |
2: jmp common_interrupt |
2236 |
.endr |
2237 |
CFI_ENDPROC |
2238 |
@@ -16286,7 +16357,7 @@ index faf8d5e..4f16a68 100644 |
2239 |
|
2240 |
.previous |
2241 |
END(interrupt) |
2242 |
-@@ -793,6 +1092,16 @@ END(interrupt) |
2243 |
+@@ -793,6 +1096,16 @@ END(interrupt) |
2244 |
subq $ORIG_RAX-RBP, %rsp |
2245 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP |
2246 |
SAVE_ARGS_IRQ |
2247 |
@@ -16303,7 +16374,7 @@ index faf8d5e..4f16a68 100644 |
2248 |
call \func |
2249 |
.endm |
2250 |
|
2251 |
-@@ -824,7 +1133,7 @@ ret_from_intr: |
2252 |
+@@ -824,7 +1137,7 @@ ret_from_intr: |
2253 |
|
2254 |
exit_intr: |
2255 |
GET_THREAD_INFO(%rcx) |
2256 |
@@ -16312,11 +16383,12 @@ index faf8d5e..4f16a68 100644 |
2257 |
je retint_kernel |
2258 |
|
2259 |
/* Interrupt came from user space */ |
2260 |
-@@ -846,12 +1155,15 @@ retint_swapgs: /* return to user-space */ |
2261 |
+@@ -846,12 +1159,16 @@ retint_swapgs: /* return to user-space */ |
2262 |
* The iretq could re-enable interrupts: |
2263 |
*/ |
2264 |
DISABLE_INTERRUPTS(CLBR_ANY) |
2265 |
+ pax_exit_kernel_user |
2266 |
++retint_swapgs_pax: |
2267 |
TRACE_IRQS_IRETQ |
2268 |
SWAPGS |
2269 |
jmp restore_args |
2270 |
@@ -16328,7 +16400,7 @@ index faf8d5e..4f16a68 100644 |
2271 |
/* |
2272 |
* The iretq could re-enable interrupts: |
2273 |
*/ |
2274 |
-@@ -940,7 +1252,7 @@ ENTRY(retint_kernel) |
2275 |
+@@ -940,7 +1257,7 @@ ENTRY(retint_kernel) |
2276 |
#endif |
2277 |
|
2278 |
CFI_ENDPROC |
2279 |
@@ -16337,7 +16409,7 @@ index faf8d5e..4f16a68 100644 |
2280 |
/* |
2281 |
* End of kprobes section |
2282 |
*/ |
2283 |
-@@ -956,7 +1268,7 @@ ENTRY(\sym) |
2284 |
+@@ -956,7 +1273,7 @@ ENTRY(\sym) |
2285 |
interrupt \do_sym |
2286 |
jmp ret_from_intr |
2287 |
CFI_ENDPROC |
2288 |
@@ -16346,7 +16418,7 @@ index faf8d5e..4f16a68 100644 |
2289 |
.endm |
2290 |
|
2291 |
#ifdef CONFIG_SMP |
2292 |
-@@ -1021,12 +1333,22 @@ ENTRY(\sym) |
2293 |
+@@ -1021,12 +1338,22 @@ ENTRY(\sym) |
2294 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
2295 |
call error_entry |
2296 |
DEFAULT_FRAME 0 |
2297 |
@@ -16370,7 +16442,7 @@ index faf8d5e..4f16a68 100644 |
2298 |
.endm |
2299 |
|
2300 |
.macro paranoidzeroentry sym do_sym |
2301 |
-@@ -1038,15 +1360,25 @@ ENTRY(\sym) |
2302 |
+@@ -1038,15 +1365,25 @@ ENTRY(\sym) |
2303 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
2304 |
call save_paranoid |
2305 |
TRACE_IRQS_OFF |
2306 |
@@ -16398,7 +16470,7 @@ index faf8d5e..4f16a68 100644 |
2307 |
.macro paranoidzeroentry_ist sym do_sym ist |
2308 |
ENTRY(\sym) |
2309 |
INTR_FRAME |
2310 |
-@@ -1056,14 +1388,30 @@ ENTRY(\sym) |
2311 |
+@@ -1056,14 +1393,30 @@ ENTRY(\sym) |
2312 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
2313 |
call save_paranoid |
2314 |
TRACE_IRQS_OFF |
2315 |
@@ -16430,7 +16502,7 @@ index faf8d5e..4f16a68 100644 |
2316 |
.endm |
2317 |
|
2318 |
.macro errorentry sym do_sym |
2319 |
-@@ -1074,13 +1422,23 @@ ENTRY(\sym) |
2320 |
+@@ -1074,13 +1427,23 @@ ENTRY(\sym) |
2321 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
2322 |
call error_entry |
2323 |
DEFAULT_FRAME 0 |
2324 |
@@ -16455,7 +16527,7 @@ index faf8d5e..4f16a68 100644 |
2325 |
.endm |
2326 |
|
2327 |
/* error code is on the stack already */ |
2328 |
-@@ -1093,13 +1451,23 @@ ENTRY(\sym) |
2329 |
+@@ -1093,13 +1456,23 @@ ENTRY(\sym) |
2330 |
call save_paranoid |
2331 |
DEFAULT_FRAME 0 |
2332 |
TRACE_IRQS_OFF |
2333 |
@@ -16480,7 +16552,7 @@ index faf8d5e..4f16a68 100644 |
2334 |
.endm |
2335 |
|
2336 |
zeroentry divide_error do_divide_error |
2337 |
-@@ -1129,9 +1497,10 @@ gs_change: |
2338 |
+@@ -1129,9 +1502,10 @@ gs_change: |
2339 |
2: mfence /* workaround */ |
2340 |
SWAPGS |
2341 |
popfq_cfi |
2342 |
@@ -16492,7 +16564,7 @@ index faf8d5e..4f16a68 100644 |
2343 |
|
2344 |
.section __ex_table,"a" |
2345 |
.align 8 |
2346 |
-@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper) |
2347 |
+@@ -1153,13 +1527,14 @@ ENTRY(kernel_thread_helper) |
2348 |
* Here we are in the child and the registers are set as they were |
2349 |
* at kernel_thread() invocation in the parent. |
2350 |
*/ |
2351 |
@@ -16508,7 +16580,7 @@ index faf8d5e..4f16a68 100644 |
2352 |
|
2353 |
/* |
2354 |
* execve(). This function needs to use IRET, not SYSRET, to set up all state properly. |
2355 |
-@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve) |
2356 |
+@@ -1186,11 +1561,11 @@ ENTRY(kernel_execve) |
2357 |
RESTORE_REST |
2358 |
testq %rax,%rax |
2359 |
je int_ret_from_sys_call |
2360 |
@@ -16522,7 +16594,7 @@ index faf8d5e..4f16a68 100644 |
2361 |
|
2362 |
/* Call softirq on interrupt stack. Interrupts are off. */ |
2363 |
ENTRY(call_softirq) |
2364 |
-@@ -1208,9 +1578,10 @@ ENTRY(call_softirq) |
2365 |
+@@ -1208,9 +1583,10 @@ ENTRY(call_softirq) |
2366 |
CFI_DEF_CFA_REGISTER rsp |
2367 |
CFI_ADJUST_CFA_OFFSET -8 |
2368 |
decl PER_CPU_VAR(irq_count) |
2369 |
@@ -16534,7 +16606,7 @@ index faf8d5e..4f16a68 100644 |
2370 |
|
2371 |
#ifdef CONFIG_XEN |
2372 |
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback |
2373 |
-@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
2374 |
+@@ -1248,7 +1624,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
2375 |
decl PER_CPU_VAR(irq_count) |
2376 |
jmp error_exit |
2377 |
CFI_ENDPROC |
2378 |
@@ -16543,7 +16615,7 @@ index faf8d5e..4f16a68 100644 |
2379 |
|
2380 |
/* |
2381 |
* Hypervisor uses this for application faults while it executes. |
2382 |
-@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback) |
2383 |
+@@ -1307,7 +1683,7 @@ ENTRY(xen_failsafe_callback) |
2384 |
SAVE_ALL |
2385 |
jmp error_exit |
2386 |
CFI_ENDPROC |
2387 |
@@ -16552,7 +16624,7 @@ index faf8d5e..4f16a68 100644 |
2388 |
|
2389 |
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ |
2390 |
xen_hvm_callback_vector xen_evtchn_do_upcall |
2391 |
-@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit) |
2392 |
+@@ -1356,16 +1732,31 @@ ENTRY(paranoid_exit) |
2393 |
TRACE_IRQS_OFF |
2394 |
testl %ebx,%ebx /* swapgs needed? */ |
2395 |
jnz paranoid_restore |
2396 |
@@ -16585,7 +16657,7 @@ index faf8d5e..4f16a68 100644 |
2397 |
jmp irq_return |
2398 |
paranoid_userspace: |
2399 |
GET_THREAD_INFO(%rcx) |
2400 |
-@@ -1394,7 +1780,7 @@ paranoid_schedule: |
2401 |
+@@ -1394,7 +1785,7 @@ paranoid_schedule: |
2402 |
TRACE_IRQS_OFF |
2403 |
jmp paranoid_userspace |
2404 |
CFI_ENDPROC |
2405 |
@@ -16594,7 +16666,7 @@ index faf8d5e..4f16a68 100644 |
2406 |
|
2407 |
/* |
2408 |
* Exception entry point. This expects an error code/orig_rax on the stack. |
2409 |
-@@ -1421,12 +1807,13 @@ ENTRY(error_entry) |
2410 |
+@@ -1421,12 +1812,13 @@ ENTRY(error_entry) |
2411 |
movq_cfi r14, R14+8 |
2412 |
movq_cfi r15, R15+8 |
2413 |
xorl %ebx,%ebx |
2414 |
@@ -16609,7 +16681,7 @@ index faf8d5e..4f16a68 100644 |
2415 |
ret |
2416 |
|
2417 |
/* |
2418 |
-@@ -1453,7 +1840,7 @@ bstep_iret: |
2419 |
+@@ -1453,7 +1845,7 @@ bstep_iret: |
2420 |
movq %rcx,RIP+8(%rsp) |
2421 |
jmp error_swapgs |
2422 |
CFI_ENDPROC |
2423 |
@@ -16618,7 +16690,7 @@ index faf8d5e..4f16a68 100644 |
2424 |
|
2425 |
|
2426 |
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ |
2427 |
-@@ -1473,7 +1860,7 @@ ENTRY(error_exit) |
2428 |
+@@ -1473,7 +1865,7 @@ ENTRY(error_exit) |
2429 |
jnz retint_careful |
2430 |
jmp retint_swapgs |
2431 |
CFI_ENDPROC |
2432 |
@@ -16627,7 +16699,7 @@ index faf8d5e..4f16a68 100644 |
2433 |
|
2434 |
|
2435 |
/* runs on exception stack */ |
2436 |
-@@ -1485,6 +1872,16 @@ ENTRY(nmi) |
2437 |
+@@ -1485,6 +1877,16 @@ ENTRY(nmi) |
2438 |
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
2439 |
call save_paranoid |
2440 |
DEFAULT_FRAME 0 |
2441 |
@@ -16644,7 +16716,7 @@ index faf8d5e..4f16a68 100644 |
2442 |
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ |
2443 |
movq %rsp,%rdi |
2444 |
movq $-1,%rsi |
2445 |
-@@ -1495,12 +1892,28 @@ ENTRY(nmi) |
2446 |
+@@ -1495,12 +1897,28 @@ ENTRY(nmi) |
2447 |
DISABLE_INTERRUPTS(CLBR_NONE) |
2448 |
testl %ebx,%ebx /* swapgs needed? */ |
2449 |
jnz nmi_restore |
2450 |
@@ -16674,7 +16746,7 @@ index faf8d5e..4f16a68 100644 |
2451 |
jmp irq_return |
2452 |
nmi_userspace: |
2453 |
GET_THREAD_INFO(%rcx) |
2454 |
-@@ -1529,14 +1942,14 @@ nmi_schedule: |
2455 |
+@@ -1529,14 +1947,14 @@ nmi_schedule: |
2456 |
jmp paranoid_exit |
2457 |
CFI_ENDPROC |
2458 |
#endif |
2459 |
@@ -44582,6 +44654,20 @@ index 608c1c3..7d040a8 100644 |
2460 |
set_fs(fs_save); |
2461 |
return rc; |
2462 |
} |
2463 |
+diff --git a/fs/eventpoll.c b/fs/eventpoll.c |
2464 |
+index a6f3763..f38ed00 100644 |
2465 |
+--- a/fs/eventpoll.c |
2466 |
++++ b/fs/eventpoll.c |
2467 |
+@@ -1540,8 +1540,8 @@ SYSCALL_DEFINE1(epoll_create1, int, flags) |
2468 |
+ error = PTR_ERR(file); |
2469 |
+ goto out_free_fd; |
2470 |
+ } |
2471 |
+- fd_install(fd, file); |
2472 |
+ ep->file = file; |
2473 |
++ fd_install(fd, file); |
2474 |
+ return fd; |
2475 |
+ |
2476 |
+ out_free_fd: |
2477 |
diff --git a/fs/exec.c b/fs/exec.c |
2478 |
index 160cd2f..7f5ba47 100644 |
2479 |
--- a/fs/exec.c |
2480 |
@@ -50737,6 +50823,19 @@ index 23ce927..e274cc1 100644 |
2481 |
|
2482 |
if (!IS_ERR(s)) |
2483 |
kfree(s); |
2484 |
+diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c |
2485 |
+index 87323f1..dab9d00 100644 |
2486 |
+--- a/fs/xfs/xfs_rtalloc.c |
2487 |
++++ b/fs/xfs/xfs_rtalloc.c |
2488 |
+@@ -858,7 +858,7 @@ xfs_rtbuf_get( |
2489 |
+ xfs_buf_t *bp; /* block buffer, result */ |
2490 |
+ xfs_inode_t *ip; /* bitmap or summary inode */ |
2491 |
+ xfs_bmbt_irec_t map; |
2492 |
+- int nmap; |
2493 |
++ int nmap = 1; |
2494 |
+ int error; /* error value */ |
2495 |
+ |
2496 |
+ ip = issum ? mp->m_rsumip : mp->m_rbmip; |
2497 |
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
2498 |
new file mode 100644 |
2499 |
index 0000000..cb7b8ea |
2500 |
@@ -63132,7 +63231,7 @@ index a6deef4..c56a7f2 100644 |
2501 |
and pointers */ |
2502 |
#endif |
2503 |
diff --git a/include/linux/init.h b/include/linux/init.h |
2504 |
-index 9146f39..e19693b 100644 |
2505 |
+index 9146f39..5c80baf 100644 |
2506 |
--- a/include/linux/init.h |
2507 |
+++ b/include/linux/init.h |
2508 |
@@ -38,9 +38,15 @@ |
2509 |
@@ -63179,22 +63278,6 @@ index 9146f39..e19693b 100644 |
2510 |
#define __meminitdata __section(.meminit.data) |
2511 |
#define __meminitconst __section(.meminit.rodata) |
2512 |
#define __memexit __section(.memexit.text) __exitused __cold notrace |
2513 |
-@@ -293,13 +299,13 @@ void __init parse_early_options(char *cmdline); |
2514 |
- |
2515 |
- /* Each module must use one module_init(). */ |
2516 |
- #define module_init(initfn) \ |
2517 |
-- static inline initcall_t __inittest(void) \ |
2518 |
-+ static inline __used initcall_t __inittest(void) \ |
2519 |
- { return initfn; } \ |
2520 |
- int init_module(void) __attribute__((alias(#initfn))); |
2521 |
- |
2522 |
- /* This is only required if you want to be unloadable. */ |
2523 |
- #define module_exit(exitfn) \ |
2524 |
-- static inline exitcall_t __exittest(void) \ |
2525 |
-+ static inline __used exitcall_t __exittest(void) \ |
2526 |
- { return exitfn; } \ |
2527 |
- void cleanup_module(void) __attribute__((alias(#exitfn))); |
2528 |
- |
2529 |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h |
2530 |
index cdde2b3..d782954 100644 |
2531 |
--- a/include/linux/init_task.h |
2532 |
@@ -71586,18 +71669,10 @@ index fea790a..ebb0e82 100644 |
2533 |
"stack [addr=%p]\n", addr); |
2534 |
} |
2535 |
diff --git a/lib/extable.c b/lib/extable.c |
2536 |
-index 4cac81e..63e9b8f 100644 |
2537 |
+index 4cac81e..ba85842 100644 |
2538 |
--- a/lib/extable.c |
2539 |
+++ b/lib/extable.c |
2540 |
-@@ -13,6 +13,7 @@ |
2541 |
- #include <linux/init.h> |
2542 |
- #include <linux/sort.h> |
2543 |
- #include <asm/uaccess.h> |
2544 |
-+#include <asm/pgtable.h> |
2545 |
- |
2546 |
- #ifndef ARCH_HAS_SORT_EXTABLE |
2547 |
- /* |
2548 |
-@@ -36,8 +37,10 @@ static int cmp_ex(const void *a, const void *b) |
2549 |
+@@ -36,8 +36,10 @@ static int cmp_ex(const void *a, const void *b) |
2550 |
void sort_extable(struct exception_table_entry *start, |
2551 |
struct exception_table_entry *finish) |
2552 |
{ |
2553 |
@@ -80936,10 +81011,10 @@ index 38f6617..e70b72b 100755 |
2554 |
|
2555 |
exuberant() |
2556 |
diff --git a/security/Kconfig b/security/Kconfig |
2557 |
-index 51bd5a0..7963a07 100644 |
2558 |
+index 51bd5a0..047aa78 100644 |
2559 |
--- a/security/Kconfig |
2560 |
+++ b/security/Kconfig |
2561 |
-@@ -4,6 +4,876 @@ |
2562 |
+@@ -4,6 +4,888 @@ |
2563 |
|
2564 |
menu "Security options" |
2565 |
|
2566 |
@@ -81525,6 +81600,10 @@ index 51bd5a0..7963a07 100644 |
2567 |
+ Select the method used to instrument function pointer dereferences. |
2568 |
+ Note that binary modules cannot be instrumented by this approach. |
2569 |
+ |
2570 |
++ Note that the implementation requires a gcc with plugin support, |
2571 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
2572 |
++ headers explicitly in addition to the normal gcc package. |
2573 |
++ |
2574 |
+ config PAX_KERNEXEC_PLUGIN_METHOD_BTS |
2575 |
+ bool "bts" |
2576 |
+ help |
2577 |
@@ -81698,11 +81777,12 @@ index 51bd5a0..7963a07 100644 |
2578 |
+ and you are advised to test this feature on your expected workload |
2579 |
+ before deploying it. |
2580 |
+ |
2581 |
-+ Note: full support for this feature requires gcc with plugin support |
2582 |
-+ so make sure your compiler is at least gcc 4.5.0. Using older gcc |
2583 |
-+ versions means that functions with large enough stack frames may |
2584 |
-+ leave uninitialized memory behind that may be exposed to a later |
2585 |
-+ syscall leaking the stack. |
2586 |
++ Note that the full feature requires a gcc with plugin support, |
2587 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
2588 |
++ headers explicitly in addition to the normal gcc package. Using |
2589 |
++ older gcc versions means that functions with large enough stack |
2590 |
++ frames may leave uninitialized memory behind that may be exposed |
2591 |
++ to a later syscall leaking the stack. |
2592 |
+ |
2593 |
+config PAX_MEMORY_UDEREF |
2594 |
+ bool "Prevent invalid userland pointer dereference" |
2595 |
@@ -81784,11 +81864,14 @@ index 51bd5a0..7963a07 100644 |
2596 |
+ arguments marked by a size_overflow attribute with double integer |
2597 |
+ precision (DImode/TImode for 32/64 bit integer types). |
2598 |
+ |
2599 |
-+ The recomputed argument is checked against INT_MAX and an event |
2600 |
++ The recomputed argument is checked against TYPE_MAX and an event |
2601 |
+ is logged on overflow and the triggering process is killed. |
2602 |
+ |
2603 |
-+ Homepage: |
2604 |
-+ http://www.grsecurity.net/~ephox/overflow_plugin/ |
2605 |
++ Homepage: http://www.grsecurity.net/~ephox/overflow_plugin/ |
2606 |
++ |
2607 |
++ Note that the implementation requires a gcc with plugin support, |
2608 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
2609 |
++ headers explicitly in addition to the normal gcc package. |
2610 |
+ |
2611 |
+config PAX_LATENT_ENTROPY |
2612 |
+ bool "Generate some entropy during boot" |
2613 |
@@ -81800,6 +81883,10 @@ index 51bd5a0..7963a07 100644 |
2614 |
+ there is little 'natural' source of entropy normally. The cost |
2615 |
+ is some slowdown of the boot process. |
2616 |
+ |
2617 |
++ Note that the implementation requires a gcc with plugin support, |
2618 |
++ i.e., gcc 4.5 or newer. You may need to install the supporting |
2619 |
++ headers explicitly in addition to the normal gcc package. |
2620 |
++ |
2621 |
+ Note that entropy extracted this way is not cryptographically |
2622 |
+ secure! |
2623 |
+ |
2624 |
@@ -81816,7 +81903,7 @@ index 51bd5a0..7963a07 100644 |
2625 |
config KEYS |
2626 |
bool "Enable access key retention support" |
2627 |
help |
2628 |
-@@ -169,7 +1039,7 @@ config INTEL_TXT |
2629 |
+@@ -169,7 +1051,7 @@ config INTEL_TXT |
2630 |
config LSM_MMAP_MIN_ADDR |
2631 |
int "Low address space for LSM to protect from user allocation" |
2632 |
depends on SECURITY && SECURITY_SELINUX |
2633 |
|
2634 |
diff --git a/3.5.2/0000_README b/3.5.2/0000_README |
2635 |
index 1900e0a..24c63b2 100644 |
2636 |
--- a/3.5.2/0000_README |
2637 |
+++ b/3.5.2/0000_README |
2638 |
@@ -2,7 +2,7 @@ README |
2639 |
----------------------------------------------------------------------------- |
2640 |
Individual Patch Descriptions: |
2641 |
----------------------------------------------------------------------------- |
2642 |
-Patch: 4420_grsecurity-2.9.1-3.5.2-201208241943.patch |
2643 |
+Patch: 4420_grsecurity-2.9.1-3.5.3-201208271906.patch |
2644 |
From: http://www.grsecurity.net |
2645 |
Desc: hardened-sources base patch from upstream grsecurity |
2646 |
|
2647 |
|
2648 |
diff --git a/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208241943.patch b/3.5.2/4420_grsecurity-2.9.1-3.5.3-201208271906.patch |
2649 |
similarity index 99% |
2650 |
rename from 3.5.2/4420_grsecurity-2.9.1-3.5.2-201208241943.patch |
2651 |
rename to 3.5.2/4420_grsecurity-2.9.1-3.5.3-201208271906.patch |
2652 |
index 8f28b61..9557d64 100644 |
2653 |
--- a/3.5.2/4420_grsecurity-2.9.1-3.5.2-201208241943.patch |
2654 |
+++ b/3.5.2/4420_grsecurity-2.9.1-3.5.3-201208271906.patch |
2655 |
@@ -275,7 +275,7 @@ index 13d6166..8c235b6 100644 |
2656 |
============================================================== |
2657 |
|
2658 |
diff --git a/Makefile b/Makefile |
2659 |
-index 5caa2fa..5fc9329 100644 |
2660 |
+index c901aae..0f96503 100644 |
2661 |
--- a/Makefile |
2662 |
+++ b/Makefile |
2663 |
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
2664 |
@@ -4374,6 +4374,26 @@ index d183f87..1867f1a 100644 |
2665 |
regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp; |
2666 |
} else { |
2667 |
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); |
2668 |
+diff --git a/arch/powerpc/kernel/syscalls.c b/arch/powerpc/kernel/syscalls.c |
2669 |
+index f2496f2..4e3cc47 100644 |
2670 |
+--- a/arch/powerpc/kernel/syscalls.c |
2671 |
++++ b/arch/powerpc/kernel/syscalls.c |
2672 |
+@@ -107,11 +107,11 @@ long ppc64_personality(unsigned long personality) |
2673 |
+ long ret; |
2674 |
+ |
2675 |
+ if (personality(current->personality) == PER_LINUX32 |
2676 |
+- && personality == PER_LINUX) |
2677 |
+- personality = PER_LINUX32; |
2678 |
++ && personality(personality) == PER_LINUX) |
2679 |
++ personality = (personality & ~PER_MASK) | PER_LINUX32; |
2680 |
+ ret = sys_personality(personality); |
2681 |
+- if (ret == PER_LINUX32) |
2682 |
+- ret = PER_LINUX; |
2683 |
++ if (personality(ret) == PER_LINUX32) |
2684 |
++ ret = (ret & ~PER_MASK) | PER_LINUX; |
2685 |
+ return ret; |
2686 |
+ } |
2687 |
+ #endif |
2688 |
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c |
2689 |
index 1589723..cefe690 100644 |
2690 |
--- a/arch/powerpc/kernel/traps.c |
2691 |
@@ -20274,7 +20294,7 @@ index 7df1c6d..9ea7c79 100644 |
2692 |
|
2693 |
out: |
2694 |
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c |
2695 |
-index f95d242..3b49a90 100644 |
2696 |
+index 4837375..2cc9722 100644 |
2697 |
--- a/arch/x86/kvm/emulate.c |
2698 |
+++ b/arch/x86/kvm/emulate.c |
2699 |
@@ -256,6 +256,7 @@ struct gprefix { |
2700 |
@@ -20356,10 +20376,10 @@ index f75af40..285b18f 100644 |
2701 |
|
2702 |
local_irq_disable(); |
2703 |
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
2704 |
-index 32eb588..19c4fe3 100644 |
2705 |
+index 86c8704..e8ee2ac 100644 |
2706 |
--- a/arch/x86/kvm/vmx.c |
2707 |
+++ b/arch/x86/kvm/vmx.c |
2708 |
-@@ -1313,7 +1313,11 @@ static void reload_tss(void) |
2709 |
+@@ -1317,7 +1317,11 @@ static void reload_tss(void) |
2710 |
struct desc_struct *descs; |
2711 |
|
2712 |
descs = (void *)gdt->address; |
2713 |
@@ -20371,18 +20391,7 @@ index 32eb588..19c4fe3 100644 |
2714 |
load_TR_desc(); |
2715 |
} |
2716 |
|
2717 |
-@@ -1475,8 +1479,8 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx) |
2718 |
- * The sysexit path does not restore ds/es, so we must set them to |
2719 |
- * a reasonable value ourselves. |
2720 |
- */ |
2721 |
-- loadsegment(ds, __USER_DS); |
2722 |
-- loadsegment(es, __USER_DS); |
2723 |
-+ loadsegment(ds, __KERNEL_DS); |
2724 |
-+ loadsegment(es, __KERNEL_DS); |
2725 |
- #endif |
2726 |
- reload_tss(); |
2727 |
- #ifdef CONFIG_X86_64 |
2728 |
-@@ -2653,8 +2657,11 @@ static __init int hardware_setup(void) |
2729 |
+@@ -2650,8 +2654,11 @@ static __init int hardware_setup(void) |
2730 |
if (!cpu_has_vmx_flexpriority()) |
2731 |
flexpriority_enabled = 0; |
2732 |
|
2733 |
@@ -20396,7 +20405,7 @@ index 32eb588..19c4fe3 100644 |
2734 |
|
2735 |
if (enable_ept && !cpu_has_vmx_ept_2m_page()) |
2736 |
kvm_disable_largepages(); |
2737 |
-@@ -3680,7 +3687,7 @@ static void vmx_set_constant_host_state(void) |
2738 |
+@@ -3719,7 +3726,7 @@ static void vmx_set_constant_host_state(void) |
2739 |
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ |
2740 |
|
2741 |
asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); |
2742 |
@@ -20405,7 +20414,7 @@ index 32eb588..19c4fe3 100644 |
2743 |
|
2744 |
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); |
2745 |
vmcs_write32(HOST_IA32_SYSENTER_CS, low32); |
2746 |
-@@ -6218,6 +6225,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2747 |
+@@ -6257,6 +6264,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2748 |
"jmp .Lkvm_vmx_return \n\t" |
2749 |
".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" |
2750 |
".Lkvm_vmx_return: " |
2751 |
@@ -20418,7 +20427,7 @@ index 32eb588..19c4fe3 100644 |
2752 |
/* Save guest registers, load host registers, keep flags */ |
2753 |
"mov %0, %c[wordsize](%%"R"sp) \n\t" |
2754 |
"pop %0 \n\t" |
2755 |
-@@ -6266,6 +6279,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2756 |
+@@ -6305,6 +6318,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2757 |
#endif |
2758 |
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), |
2759 |
[wordsize]"i"(sizeof(ulong)) |
2760 |
@@ -20430,28 +20439,41 @@ index 32eb588..19c4fe3 100644 |
2761 |
: "cc", "memory" |
2762 |
, R"ax", R"bx", R"di", R"si" |
2763 |
#ifdef CONFIG_X86_64 |
2764 |
-@@ -6294,6 +6312,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2765 |
- } |
2766 |
- } |
2767 |
+@@ -6312,7 +6330,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2768 |
+ #endif |
2769 |
+ ); |
2770 |
|
2771 |
-+ asm("mov %0, %%ds; mov %0, %%es; mov %0, %%ss" : : "r"(__KERNEL_DS)); |
2772 |
+-#ifndef CONFIG_X86_64 |
2773 |
++#ifdef CONFIG_X86_32 |
2774 |
+ /* |
2775 |
+ * The sysexit path does not restore ds/es, so we must set them to |
2776 |
+ * a reasonable value ourselves. |
2777 |
+@@ -6321,8 +6339,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
2778 |
+ * may be executed in interrupt context, which saves and restore segments |
2779 |
+ * around it, nullifying its effect. |
2780 |
+ */ |
2781 |
+- loadsegment(ds, __USER_DS); |
2782 |
+- loadsegment(es, __USER_DS); |
2783 |
++ loadsegment(ds, __KERNEL_DS); |
2784 |
++ loadsegment(es, __KERNEL_DS); |
2785 |
++ loadsegment(ss, __KERNEL_DS); |
2786 |
+ |
2787 |
-+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) |
2788 |
++#ifdef CONFIG_PAX_KERNEXEC |
2789 |
+ loadsegment(fs, __KERNEL_PERCPU); |
2790 |
+#endif |
2791 |
+ |
2792 |
-+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_MEMORY_UDEREF) |
2793 |
++#ifdef CONFIG_PAX_MEMORY_UDEREF |
2794 |
+ __set_fs(current_thread_info()->addr_limit); |
2795 |
+#endif |
2796 |
+ |
2797 |
- vmx->loaded_vmcs->launched = 1; |
2798 |
+ #endif |
2799 |
|
2800 |
- vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); |
2801 |
+ vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) |
2802 |
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
2803 |
-index be6d549..b0ba2bf 100644 |
2804 |
+index 14c290d..0dae6e5 100644 |
2805 |
--- a/arch/x86/kvm/x86.c |
2806 |
+++ b/arch/x86/kvm/x86.c |
2807 |
-@@ -1357,8 +1357,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) |
2808 |
+@@ -1361,8 +1361,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) |
2809 |
{ |
2810 |
struct kvm *kvm = vcpu->kvm; |
2811 |
int lm = is_long_mode(vcpu); |
2812 |
@@ -20462,7 +20484,7 @@ index be6d549..b0ba2bf 100644 |
2813 |
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 |
2814 |
: kvm->arch.xen_hvm_config.blob_size_32; |
2815 |
u32 page_num = data & ~PAGE_MASK; |
2816 |
-@@ -2214,6 +2214,8 @@ long kvm_arch_dev_ioctl(struct file *filp, |
2817 |
+@@ -2218,6 +2218,8 @@ long kvm_arch_dev_ioctl(struct file *filp, |
2818 |
if (n < msr_list.nmsrs) |
2819 |
goto out; |
2820 |
r = -EFAULT; |
2821 |
@@ -20471,7 +20493,7 @@ index be6d549..b0ba2bf 100644 |
2822 |
if (copy_to_user(user_msr_list->indices, &msrs_to_save, |
2823 |
num_msrs_to_save * sizeof(u32))) |
2824 |
goto out; |
2825 |
-@@ -2339,7 +2341,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, |
2826 |
+@@ -2343,7 +2345,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, |
2827 |
static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, |
2828 |
struct kvm_interrupt *irq) |
2829 |
{ |
2830 |
@@ -20480,7 +20502,7 @@ index be6d549..b0ba2bf 100644 |
2831 |
return -EINVAL; |
2832 |
if (irqchip_in_kernel(vcpu->kvm)) |
2833 |
return -ENXIO; |
2834 |
-@@ -4876,7 +4878,7 @@ static void kvm_set_mmio_spte_mask(void) |
2835 |
+@@ -4880,7 +4882,7 @@ static void kvm_set_mmio_spte_mask(void) |
2836 |
kvm_mmu_set_mmio_spte_mask(mask); |
2837 |
} |
2838 |
|
2839 |
@@ -23386,15 +23408,14 @@ index e5b130b..6690d31 100644 |
2840 |
+} |
2841 |
+EXPORT_SYMBOL(copy_to_user_overflow); |
2842 |
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c |
2843 |
-index 903ec1e..833f340 100644 |
2844 |
+index 903ec1e..af8e064 100644 |
2845 |
--- a/arch/x86/mm/extable.c |
2846 |
+++ b/arch/x86/mm/extable.c |
2847 |
-@@ -6,12 +6,25 @@ |
2848 |
+@@ -6,12 +6,24 @@ |
2849 |
static inline unsigned long |
2850 |
ex_insn_addr(const struct exception_table_entry *x) |
2851 |
{ |
2852 |
- return (unsigned long)&x->insn + x->insn; |
2853 |
-+//printk(KERN_ERR "fixup %p insn:%x fixup:%x\n", x, x->insn, x->fixup); |
2854 |
+ unsigned long reloc = 0; |
2855 |
+ |
2856 |
+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) |
2857 |
@@ -23417,7 +23438,7 @@ index 903ec1e..833f340 100644 |
2858 |
} |
2859 |
|
2860 |
int fixup_exception(struct pt_regs *regs) |
2861 |
-@@ -20,7 +33,7 @@ int fixup_exception(struct pt_regs *regs) |
2862 |
+@@ -20,7 +32,7 @@ int fixup_exception(struct pt_regs *regs) |
2863 |
unsigned long new_ip; |
2864 |
|
2865 |
#ifdef CONFIG_PNPBIOS |
2866 |
@@ -23426,14 +23447,6 @@ index 903ec1e..833f340 100644 |
2867 |
extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp; |
2868 |
extern u32 pnp_bios_is_utter_crap; |
2869 |
pnp_bios_is_utter_crap = 1; |
2870 |
-@@ -34,6 +47,7 @@ int fixup_exception(struct pt_regs *regs) |
2871 |
- #endif |
2872 |
- |
2873 |
- fixup = search_exception_tables(regs->ip); |
2874 |
-+//printk(KERN_ERR "fixup %p %lx\n", fixup, regs->ip); |
2875 |
- if (fixup) { |
2876 |
- new_ip = ex_fixup_addr(fixup); |
2877 |
- |
2878 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
2879 |
index 76dcd9d..e9dffde 100644 |
2880 |
--- a/arch/x86/mm/fault.c |
2881 |
@@ -30571,7 +30584,7 @@ index ed3224c..6618589 100644 |
2882 |
iir = I915_READ(IIR); |
2883 |
|
2884 |
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c |
2885 |
-index a8538ac..4868a05 100644 |
2886 |
+index 8a11131..46eeeaa 100644 |
2887 |
--- a/drivers/gpu/drm/i915/intel_display.c |
2888 |
+++ b/drivers/gpu/drm/i915/intel_display.c |
2889 |
@@ -2000,7 +2000,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) |
2890 |
@@ -30583,7 +30596,7 @@ index a8538ac..4868a05 100644 |
2891 |
|
2892 |
/* Big Hammer, we also need to ensure that any pending |
2893 |
* MI_WAIT_FOR_EVENT inside a user batch buffer on the |
2894 |
-@@ -5925,9 +5925,8 @@ static void do_intel_finish_page_flip(struct drm_device *dev, |
2895 |
+@@ -5914,9 +5914,8 @@ static void do_intel_finish_page_flip(struct drm_device *dev, |
2896 |
|
2897 |
obj = work->old_fb_obj; |
2898 |
|
2899 |
@@ -30595,7 +30608,7 @@ index a8538ac..4868a05 100644 |
2900 |
wake_up(&dev_priv->pending_flip_queue); |
2901 |
|
2902 |
schedule_work(&work->work); |
2903 |
-@@ -6264,7 +6263,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
2904 |
+@@ -6253,7 +6252,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
2905 |
/* Block clients from rendering to the new back buffer until |
2906 |
* the flip occurs and the object is no longer visible. |
2907 |
*/ |
2908 |
@@ -30604,7 +30617,7 @@ index a8538ac..4868a05 100644 |
2909 |
|
2910 |
ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); |
2911 |
if (ret) |
2912 |
-@@ -6279,7 +6278,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
2913 |
+@@ -6268,7 +6267,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, |
2914 |
return 0; |
2915 |
|
2916 |
cleanup_pending: |
2917 |
@@ -30769,7 +30782,7 @@ index a9514ea..369d511 100644 |
2918 |
.train_set = nv50_sor_dp_train_set, |
2919 |
.train_adj = nv50_sor_dp_train_adj |
2920 |
diff --git a/drivers/gpu/drm/nouveau/nvd0_display.c b/drivers/gpu/drm/nouveau/nvd0_display.c |
2921 |
-index c486d3c..3a7d6f4 100644 |
2922 |
+index c50b075..6b07dfc 100644 |
2923 |
--- a/drivers/gpu/drm/nouveau/nvd0_display.c |
2924 |
+++ b/drivers/gpu/drm/nouveau/nvd0_display.c |
2925 |
@@ -1366,7 +1366,7 @@ nvd0_sor_dpms(struct drm_encoder *encoder, int mode) |
2926 |
@@ -44239,6 +44252,20 @@ index b2a34a1..162fa69 100644 |
2927 |
set_fs(fs_save); |
2928 |
return rc; |
2929 |
} |
2930 |
+diff --git a/fs/eventpoll.c b/fs/eventpoll.c |
2931 |
+index 1c8b556..eedec84 100644 |
2932 |
+--- a/fs/eventpoll.c |
2933 |
++++ b/fs/eventpoll.c |
2934 |
+@@ -1654,8 +1654,8 @@ SYSCALL_DEFINE1(epoll_create1, int, flags) |
2935 |
+ error = PTR_ERR(file); |
2936 |
+ goto out_free_fd; |
2937 |
+ } |
2938 |
+- fd_install(fd, file); |
2939 |
+ ep->file = file; |
2940 |
++ fd_install(fd, file); |
2941 |
+ return fd; |
2942 |
+ |
2943 |
+ out_free_fd: |
2944 |
diff --git a/fs/exec.c b/fs/exec.c |
2945 |
index e95aeed..a943469 100644 |
2946 |
--- a/fs/exec.c |
2947 |
@@ -45127,10 +45154,10 @@ index 25cd608..9ed5294 100644 |
2948 |
} |
2949 |
return 1; |
2950 |
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c |
2951 |
-index d23b31c..0585239 100644 |
2952 |
+index 1b50890..e56c5ad 100644 |
2953 |
--- a/fs/ext4/balloc.c |
2954 |
+++ b/fs/ext4/balloc.c |
2955 |
-@@ -488,8 +488,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, |
2956 |
+@@ -500,8 +500,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, |
2957 |
/* Hm, nope. Are (enough) root reserved clusters available? */ |
2958 |
if (uid_eq(sbi->s_resuid, current_fsuid()) || |
2959 |
(!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) || |
2960 |
@@ -45175,18 +45202,6 @@ index 01434f2..bd995b4 100644 |
2961 |
atomic_t s_lock_busy; |
2962 |
|
2963 |
/* locality groups */ |
2964 |
-diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c |
2965 |
-index 58a75fe..9752106 100644 |
2966 |
---- a/fs/ext4/extents.c |
2967 |
-+++ b/fs/ext4/extents.c |
2968 |
-@@ -2663,6 +2663,7 @@ cont: |
2969 |
- } |
2970 |
- path[0].p_depth = depth; |
2971 |
- path[0].p_hdr = ext_inode_hdr(inode); |
2972 |
-+ i = 0; |
2973 |
- |
2974 |
- if (ext4_ext_check(inode, path[0].p_hdr, depth)) { |
2975 |
- err = -EIO; |
2976 |
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
2977 |
index 1cd6994..5799d45 100644 |
2978 |
--- a/fs/ext4/mballoc.c |
2979 |
@@ -50121,6 +50136,27 @@ index 19bf0c5..9f26b02 100644 |
2980 |
off & 0x7fffffff, ino, DT_UNKNOWN)) { |
2981 |
*offset = off & 0x7fffffff; |
2982 |
return 0; |
2983 |
+diff --git a/fs/xfs/xfs_discard.c b/fs/xfs/xfs_discard.c |
2984 |
+index f9c3fe3..69cf4fc 100644 |
2985 |
+--- a/fs/xfs/xfs_discard.c |
2986 |
++++ b/fs/xfs/xfs_discard.c |
2987 |
+@@ -179,12 +179,14 @@ xfs_ioc_trim( |
2988 |
+ * used by the fstrim application. In the end it really doesn't |
2989 |
+ * matter as trimming blocks is an advisory interface. |
2990 |
+ */ |
2991 |
++ if (range.start >= XFS_FSB_TO_B(mp, mp->m_sb.sb_dblocks) || |
2992 |
++ range.minlen > XFS_FSB_TO_B(mp, XFS_ALLOC_AG_MAX_USABLE(mp))) |
2993 |
++ return -XFS_ERROR(EINVAL); |
2994 |
++ |
2995 |
+ start = BTOBB(range.start); |
2996 |
+ end = start + BTOBBT(range.len) - 1; |
2997 |
+ minlen = BTOBB(max_t(u64, granularity, range.minlen)); |
2998 |
+ |
2999 |
+- if (XFS_BB_TO_FSB(mp, start) >= mp->m_sb.sb_dblocks) |
3000 |
+- return -XFS_ERROR(EINVAL); |
3001 |
+ if (end > XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks) - 1) |
3002 |
+ end = XFS_FSB_TO_BB(mp, mp->m_sb.sb_dblocks)- 1; |
3003 |
+ |
3004 |
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c |
3005 |
index 3a05a41..320bec6 100644 |
3006 |
--- a/fs/xfs/xfs_ioctl.c |
3007 |
@@ -50147,6 +50183,19 @@ index 1a25fd8..e935581 100644 |
3008 |
|
3009 |
if (!IS_ERR(s)) |
3010 |
kfree(s); |
3011 |
+diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c |
3012 |
+index 92d4331..ca28a4b 100644 |
3013 |
+--- a/fs/xfs/xfs_rtalloc.c |
3014 |
++++ b/fs/xfs/xfs_rtalloc.c |
3015 |
+@@ -857,7 +857,7 @@ xfs_rtbuf_get( |
3016 |
+ xfs_buf_t *bp; /* block buffer, result */ |
3017 |
+ xfs_inode_t *ip; /* bitmap or summary inode */ |
3018 |
+ xfs_bmbt_irec_t map; |
3019 |
+- int nmap; |
3020 |
++ int nmap = 1; |
3021 |
+ int error; /* error value */ |
3022 |
+ |
3023 |
+ ip = issum ? mp->m_rsumip : mp->m_rbmip; |
3024 |
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
3025 |
new file mode 100644 |
3026 |
index 0000000..4d533f1 |