1 |
commit: 0a52db7b3a5e19bbd7e27bc6d800a92a4a5c69c6 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Apr 8 16:08:05 2012 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Apr 8 16:08:05 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=0a52db7b |
7 |
|
8 |
Grsec/PaX: 2.9-{2.6.32.59-201204010910,3.2.14-201204021757,3.3.1-201204021758} |
9 |
|
10 |
--- |
11 |
2.6.32/0000_README | 2 +- |
12 |
...20_grsecurity-2.9-2.6.32.59-201204062020.patch} | 38 +++++++++++------- |
13 |
3.2.14/0000_README | 2 +- |
14 |
... 4420_grsecurity-2.9-3.2.14-201204062020.patch} | 42 ++++++++++++-------- |
15 |
3.3.1/0000_README | 2 +- |
16 |
...> 4420_grsecurity-2.9-3.3.1-201204062021.patch} | 42 ++++++++++++-------- |
17 |
6 files changed, 76 insertions(+), 52 deletions(-) |
18 |
|
19 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
20 |
index eb3b0e5..e55e10a 100644 |
21 |
--- a/2.6.32/0000_README |
22 |
+++ b/2.6.32/0000_README |
23 |
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch |
24 |
From: http://www.kernel.org |
25 |
Desc: Linux 2.6.32.59 |
26 |
|
27 |
-Patch: 4420_grsecurity-2.9-2.6.32.59-201204010910.patch |
28 |
+Patch: 4420_grsecurity-2.9-2.6.32.59-201204062020.patch |
29 |
From: http://www.grsecurity.net |
30 |
Desc: hardened-sources base patch from upstream grsecurity |
31 |
|
32 |
|
33 |
diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204010910.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch |
34 |
similarity index 99% |
35 |
rename from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204010910.patch |
36 |
rename to 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch |
37 |
index adc0a83..8d7ed1b 100644 |
38 |
--- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204010910.patch |
39 |
+++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204062020.patch |
40 |
@@ -64990,7 +64990,7 @@ index 0133b5a..3710d09 100644 |
41 |
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm); |
42 |
#ifdef __alpha__ |
43 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
44 |
-index a64fde6..4d6ea81 100644 |
45 |
+index a64fde6..aea5248 100644 |
46 |
--- a/fs/binfmt_elf.c |
47 |
+++ b/fs/binfmt_elf.c |
48 |
@@ -31,6 +31,7 @@ |
49 |
@@ -65633,7 +65633,7 @@ index a64fde6..4d6ea81 100644 |
50 |
/* set_brk can never work. Avoid overflows. */ |
51 |
send_sig(SIGKILL, current, 0); |
52 |
retval = -EINVAL; |
53 |
-@@ -877,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
54 |
+@@ -877,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
55 |
goto out_free_dentry; |
56 |
} |
57 |
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { |
58 |
@@ -65651,8 +65651,10 @@ index a64fde6..4d6ea81 100644 |
59 |
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { |
60 |
+ unsigned long start, size; |
61 |
+ |
62 |
++ current->mm->end_data = end_data = elf_brk; |
63 |
+ start = ELF_PAGEALIGN(elf_brk); |
64 |
+ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); |
65 |
++ current->mm->start_brk = start + size; |
66 |
+ down_write(¤t->mm->mmap_sem); |
67 |
+ retval = -ENOMEM; |
68 |
+ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { |
69 |
@@ -65672,7 +65674,7 @@ index a64fde6..4d6ea81 100644 |
70 |
if (elf_interpreter) { |
71 |
unsigned long uninitialized_var(interp_map_addr); |
72 |
|
73 |
-@@ -1112,8 +1598,10 @@ static int dump_seek(struct file *file, loff_t off) |
74 |
+@@ -1112,8 +1600,10 @@ static int dump_seek(struct file *file, loff_t off) |
75 |
unsigned long n = off; |
76 |
if (n > PAGE_SIZE) |
77 |
n = PAGE_SIZE; |
78 |
@@ -65684,7 +65686,7 @@ index a64fde6..4d6ea81 100644 |
79 |
off -= n; |
80 |
} |
81 |
free_page((unsigned long)buf); |
82 |
-@@ -1125,7 +1613,7 @@ static int dump_seek(struct file *file, loff_t off) |
83 |
+@@ -1125,7 +1615,7 @@ static int dump_seek(struct file *file, loff_t off) |
84 |
* Decide what to dump of a segment, part, all or none. |
85 |
*/ |
86 |
static unsigned long vma_dump_size(struct vm_area_struct *vma, |
87 |
@@ -65693,7 +65695,7 @@ index a64fde6..4d6ea81 100644 |
88 |
{ |
89 |
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) |
90 |
|
91 |
-@@ -1159,7 +1647,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
92 |
+@@ -1159,7 +1649,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
93 |
if (vma->vm_file == NULL) |
94 |
return 0; |
95 |
|
96 |
@@ -65702,7 +65704,7 @@ index a64fde6..4d6ea81 100644 |
97 |
goto whole; |
98 |
|
99 |
/* |
100 |
-@@ -1255,8 +1743,11 @@ static int writenote(struct memelfnote *men, struct file *file, |
101 |
+@@ -1255,8 +1745,11 @@ static int writenote(struct memelfnote *men, struct file *file, |
102 |
#undef DUMP_WRITE |
103 |
|
104 |
#define DUMP_WRITE(addr, nr) \ |
105 |
@@ -65715,7 +65717,7 @@ index a64fde6..4d6ea81 100644 |
106 |
|
107 |
static void fill_elf_header(struct elfhdr *elf, int segs, |
108 |
u16 machine, u32 flags, u8 osabi) |
109 |
-@@ -1385,9 +1876,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
110 |
+@@ -1385,9 +1878,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
111 |
{ |
112 |
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; |
113 |
int i = 0; |
114 |
@@ -65727,7 +65729,7 @@ index a64fde6..4d6ea81 100644 |
115 |
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); |
116 |
} |
117 |
|
118 |
-@@ -1973,7 +2464,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un |
119 |
+@@ -1973,7 +2466,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un |
120 |
phdr.p_offset = offset; |
121 |
phdr.p_vaddr = vma->vm_start; |
122 |
phdr.p_paddr = 0; |
123 |
@@ -65736,7 +65738,7 @@ index a64fde6..4d6ea81 100644 |
124 |
phdr.p_memsz = vma->vm_end - vma->vm_start; |
125 |
offset += phdr.p_filesz; |
126 |
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; |
127 |
-@@ -2006,7 +2497,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un |
128 |
+@@ -2006,7 +2499,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un |
129 |
unsigned long addr; |
130 |
unsigned long end; |
131 |
|
132 |
@@ -65745,7 +65747,7 @@ index a64fde6..4d6ea81 100644 |
133 |
|
134 |
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { |
135 |
struct page *page; |
136 |
-@@ -2015,6 +2506,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un |
137 |
+@@ -2015,6 +2508,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un |
138 |
page = get_dump_page(addr); |
139 |
if (page) { |
140 |
void *kaddr = kmap(page); |
141 |
@@ -65753,7 +65755,7 @@ index a64fde6..4d6ea81 100644 |
142 |
stop = ((size += PAGE_SIZE) > limit) || |
143 |
!dump_write(file, kaddr, PAGE_SIZE); |
144 |
kunmap(page); |
145 |
-@@ -2042,6 +2534,97 @@ out: |
146 |
+@@ -2042,6 +2536,97 @@ out: |
147 |
|
148 |
#endif /* USE_ELF_CORE_DUMP */ |
149 |
|
150 |
@@ -96871,7 +96873,7 @@ index 2d846cf..98134d2 100644 |
151 |
capable(CAP_IPC_LOCK)) |
152 |
ret = do_mlockall(flags); |
153 |
diff --git a/mm/mmap.c b/mm/mmap.c |
154 |
-index 4b80cbf..12a7861 100644 |
155 |
+index 4b80cbf..073ac3e 100644 |
156 |
--- a/mm/mmap.c |
157 |
+++ b/mm/mmap.c |
158 |
@@ -45,6 +45,16 @@ |
159 |
@@ -98127,16 +98129,22 @@ index 4b80cbf..12a7861 100644 |
160 |
/* |
161 |
* Return true if the calling process may expand its vm space by the passed |
162 |
* number of pages |
163 |
-@@ -2237,7 +2691,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
164 |
+@@ -2236,8 +2690,14 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
165 |
+ unsigned long cur = mm->total_vm; /* pages */ |
166 |
unsigned long lim; |
167 |
|
168 |
++#ifdef CONFIG_PAX_RANDMMAP |
169 |
++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) |
170 |
++ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; |
171 |
++#endif |
172 |
++ |
173 |
lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; |
174 |
-- |
175 |
+ |
176 |
+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); |
177 |
if (cur + npages > lim) |
178 |
return 0; |
179 |
return 1; |
180 |
-@@ -2307,6 +2761,22 @@ int install_special_mapping(struct mm_struct *mm, |
181 |
+@@ -2307,6 +2767,22 @@ int install_special_mapping(struct mm_struct *mm, |
182 |
vma->vm_start = addr; |
183 |
vma->vm_end = addr + len; |
184 |
|
185 |
|
186 |
diff --git a/3.2.14/0000_README b/3.2.14/0000_README |
187 |
index 61ea918..3842c31 100644 |
188 |
--- a/3.2.14/0000_README |
189 |
+++ b/3.2.14/0000_README |
190 |
@@ -2,7 +2,7 @@ README |
191 |
----------------------------------------------------------------------------- |
192 |
Individual Patch Descriptions: |
193 |
----------------------------------------------------------------------------- |
194 |
-Patch: 4420_grsecurity-2.9-3.2.14-201204021757.patch |
195 |
+Patch: 4420_grsecurity-2.9-3.2.14-201204062020.patch |
196 |
From: http://www.grsecurity.net |
197 |
Desc: hardened-sources base patch from upstream grsecurity |
198 |
|
199 |
|
200 |
diff --git a/3.2.14/4420_grsecurity-2.9-3.2.14-201204021757.patch b/3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch |
201 |
similarity index 99% |
202 |
rename from 3.2.14/4420_grsecurity-2.9-3.2.14-201204021757.patch |
203 |
rename to 3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch |
204 |
index 7964fc2..a4dfa05 100644 |
205 |
--- a/3.2.14/4420_grsecurity-2.9-3.2.14-201204021757.patch |
206 |
+++ b/3.2.14/4420_grsecurity-2.9-3.2.14-201204062020.patch |
207 |
@@ -42181,7 +42181,7 @@ index a6395bd..f1e376a 100644 |
208 |
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm); |
209 |
#ifdef __alpha__ |
210 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
211 |
-index 6ff96c6..64d2dec 100644 |
212 |
+index 6ff96c6..d788bf7 100644 |
213 |
--- a/fs/binfmt_elf.c |
214 |
+++ b/fs/binfmt_elf.c |
215 |
@@ -32,6 +32,7 @@ |
216 |
@@ -42815,7 +42815,7 @@ index 6ff96c6..64d2dec 100644 |
217 |
/* set_brk can never work. Avoid overflows. */ |
218 |
send_sig(SIGKILL, current, 0); |
219 |
retval = -EINVAL; |
220 |
-@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
221 |
+@@ -881,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
222 |
goto out_free_dentry; |
223 |
} |
224 |
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { |
225 |
@@ -42833,8 +42833,10 @@ index 6ff96c6..64d2dec 100644 |
226 |
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { |
227 |
+ unsigned long start, size; |
228 |
+ |
229 |
++ current->mm->end_data = end_data = elf_brk; |
230 |
+ start = ELF_PAGEALIGN(elf_brk); |
231 |
+ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); |
232 |
++ current->mm->start_brk = start + size; |
233 |
+ down_write(¤t->mm->mmap_sem); |
234 |
+ retval = -ENOMEM; |
235 |
+ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { |
236 |
@@ -42854,7 +42856,7 @@ index 6ff96c6..64d2dec 100644 |
237 |
if (elf_interpreter) { |
238 |
unsigned long uninitialized_var(interp_map_addr); |
239 |
|
240 |
-@@ -1098,7 +1580,7 @@ out: |
241 |
+@@ -1098,7 +1582,7 @@ out: |
242 |
* Decide what to dump of a segment, part, all or none. |
243 |
*/ |
244 |
static unsigned long vma_dump_size(struct vm_area_struct *vma, |
245 |
@@ -42863,7 +42865,7 @@ index 6ff96c6..64d2dec 100644 |
246 |
{ |
247 |
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) |
248 |
|
249 |
-@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
250 |
+@@ -1132,7 +1616,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
251 |
if (vma->vm_file == NULL) |
252 |
return 0; |
253 |
|
254 |
@@ -42872,7 +42874,7 @@ index 6ff96c6..64d2dec 100644 |
255 |
goto whole; |
256 |
|
257 |
/* |
258 |
-@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
259 |
+@@ -1354,9 +1838,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
260 |
{ |
261 |
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; |
262 |
int i = 0; |
263 |
@@ -42884,7 +42886,7 @@ index 6ff96c6..64d2dec 100644 |
264 |
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); |
265 |
} |
266 |
|
267 |
-@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
268 |
+@@ -1862,14 +2346,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
269 |
} |
270 |
|
271 |
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, |
272 |
@@ -42901,7 +42903,7 @@ index 6ff96c6..64d2dec 100644 |
273 |
return size; |
274 |
} |
275 |
|
276 |
-@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
277 |
+@@ -1963,7 +2447,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
278 |
|
279 |
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); |
280 |
|
281 |
@@ -42910,7 +42912,7 @@ index 6ff96c6..64d2dec 100644 |
282 |
offset += elf_core_extra_data_size(); |
283 |
e_shoff = offset; |
284 |
|
285 |
-@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
286 |
+@@ -1977,10 +2461,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
287 |
offset = dataoff; |
288 |
|
289 |
size += sizeof(*elf); |
290 |
@@ -42923,7 +42925,7 @@ index 6ff96c6..64d2dec 100644 |
291 |
if (size > cprm->limit |
292 |
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) |
293 |
goto end_coredump; |
294 |
-@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
295 |
+@@ -1994,7 +2480,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
296 |
phdr.p_offset = offset; |
297 |
phdr.p_vaddr = vma->vm_start; |
298 |
phdr.p_paddr = 0; |
299 |
@@ -42932,7 +42934,7 @@ index 6ff96c6..64d2dec 100644 |
300 |
phdr.p_memsz = vma->vm_end - vma->vm_start; |
301 |
offset += phdr.p_filesz; |
302 |
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; |
303 |
-@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
304 |
+@@ -2005,6 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
305 |
phdr.p_align = ELF_EXEC_PAGESIZE; |
306 |
|
307 |
size += sizeof(phdr); |
308 |
@@ -42940,7 +42942,7 @@ index 6ff96c6..64d2dec 100644 |
309 |
if (size > cprm->limit |
310 |
|| !dump_write(cprm->file, &phdr, sizeof(phdr))) |
311 |
goto end_coredump; |
312 |
-@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
313 |
+@@ -2029,7 +2516,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
314 |
unsigned long addr; |
315 |
unsigned long end; |
316 |
|
317 |
@@ -42949,7 +42951,7 @@ index 6ff96c6..64d2dec 100644 |
318 |
|
319 |
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { |
320 |
struct page *page; |
321 |
-@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
322 |
+@@ -2038,6 +2525,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
323 |
page = get_dump_page(addr); |
324 |
if (page) { |
325 |
void *kaddr = kmap(page); |
326 |
@@ -42957,7 +42959,7 @@ index 6ff96c6..64d2dec 100644 |
327 |
stop = ((size += PAGE_SIZE) > cprm->limit) || |
328 |
!dump_write(cprm->file, kaddr, |
329 |
PAGE_SIZE); |
330 |
-@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
331 |
+@@ -2055,6 +2543,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
332 |
|
333 |
if (e_phnum == PN_XNUM) { |
334 |
size += sizeof(*shdr4extnum); |
335 |
@@ -42965,7 +42967,7 @@ index 6ff96c6..64d2dec 100644 |
336 |
if (size > cprm->limit |
337 |
|| !dump_write(cprm->file, shdr4extnum, |
338 |
sizeof(*shdr4extnum))) |
339 |
-@@ -2075,6 +2562,97 @@ out: |
340 |
+@@ -2075,6 +2564,97 @@ out: |
341 |
|
342 |
#endif /* CONFIG_ELF_CORE */ |
343 |
|
344 |
@@ -71682,7 +71684,7 @@ index 4f4f53b..9511904 100644 |
345 |
capable(CAP_IPC_LOCK)) |
346 |
ret = do_mlockall(flags); |
347 |
diff --git a/mm/mmap.c b/mm/mmap.c |
348 |
-index eae90af..c930262 100644 |
349 |
+index eae90af..4370c73 100644 |
350 |
--- a/mm/mmap.c |
351 |
+++ b/mm/mmap.c |
352 |
@@ -46,6 +46,16 @@ |
353 |
@@ -72978,16 +72980,22 @@ index eae90af..c930262 100644 |
354 |
/* |
355 |
* Return true if the calling process may expand its vm space by the passed |
356 |
* number of pages |
357 |
-@@ -2383,7 +2864,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
358 |
+@@ -2382,8 +2863,13 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
359 |
+ unsigned long cur = mm->total_vm; /* pages */ |
360 |
unsigned long lim; |
361 |
|
362 |
++#ifdef CONFIG_PAX_RANDMMAP |
363 |
++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) |
364 |
++ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; |
365 |
++#endif |
366 |
++ |
367 |
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; |
368 |
- |
369 |
+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); |
370 |
if (cur + npages > lim) |
371 |
return 0; |
372 |
return 1; |
373 |
-@@ -2454,6 +2935,22 @@ int install_special_mapping(struct mm_struct *mm, |
374 |
+@@ -2454,6 +2940,22 @@ int install_special_mapping(struct mm_struct *mm, |
375 |
vma->vm_start = addr; |
376 |
vma->vm_end = addr + len; |
377 |
|
378 |
|
379 |
diff --git a/3.3.1/0000_README b/3.3.1/0000_README |
380 |
index 224c31f..945f66f 100644 |
381 |
--- a/3.3.1/0000_README |
382 |
+++ b/3.3.1/0000_README |
383 |
@@ -2,7 +2,7 @@ README |
384 |
----------------------------------------------------------------------------- |
385 |
Individual Patch Descriptions: |
386 |
----------------------------------------------------------------------------- |
387 |
-Patch: 4420_grsecurity-2.9-3.3.1-201204021758.patch |
388 |
+Patch: 4420_grsecurity-2.9-3.3.1-201204062021.patch |
389 |
From: http://www.grsecurity.net |
390 |
Desc: hardened-sources base patch from upstream grsecurity |
391 |
|
392 |
|
393 |
diff --git a/3.3.1/4420_grsecurity-2.9-3.3.1-201204021758.patch b/3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch |
394 |
similarity index 99% |
395 |
rename from 3.3.1/4420_grsecurity-2.9-3.3.1-201204021758.patch |
396 |
rename to 3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch |
397 |
index 9d0bae3..2fad352 100644 |
398 |
--- a/3.3.1/4420_grsecurity-2.9-3.3.1-201204021758.patch |
399 |
+++ b/3.3.1/4420_grsecurity-2.9-3.3.1-201204062021.patch |
400 |
@@ -41022,7 +41022,7 @@ index 1ff9405..f1e376a 100644 |
401 |
fd_offset + ex.a_text); |
402 |
up_write(¤t->mm->mmap_sem); |
403 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
404 |
-index 07d096c..5e2a0b3 100644 |
405 |
+index 07d096c..1f08d39 100644 |
406 |
--- a/fs/binfmt_elf.c |
407 |
+++ b/fs/binfmt_elf.c |
408 |
@@ -32,6 +32,7 @@ |
409 |
@@ -41656,7 +41656,7 @@ index 07d096c..5e2a0b3 100644 |
410 |
/* set_brk can never work. Avoid overflows. */ |
411 |
send_sig(SIGKILL, current, 0); |
412 |
retval = -EINVAL; |
413 |
-@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
414 |
+@@ -881,11 +1339,37 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
415 |
goto out_free_dentry; |
416 |
} |
417 |
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { |
418 |
@@ -41674,8 +41674,10 @@ index 07d096c..5e2a0b3 100644 |
419 |
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { |
420 |
+ unsigned long start, size; |
421 |
+ |
422 |
++ current->mm->end_data = end_data = elf_brk; |
423 |
+ start = ELF_PAGEALIGN(elf_brk); |
424 |
+ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); |
425 |
++ current->mm->start_brk = start + size; |
426 |
+ down_write(¤t->mm->mmap_sem); |
427 |
+ retval = -ENOMEM; |
428 |
+ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { |
429 |
@@ -41695,7 +41697,7 @@ index 07d096c..5e2a0b3 100644 |
430 |
if (elf_interpreter) { |
431 |
unsigned long uninitialized_var(interp_map_addr); |
432 |
|
433 |
-@@ -1098,7 +1580,7 @@ out: |
434 |
+@@ -1098,7 +1582,7 @@ out: |
435 |
* Decide what to dump of a segment, part, all or none. |
436 |
*/ |
437 |
static unsigned long vma_dump_size(struct vm_area_struct *vma, |
438 |
@@ -41704,7 +41706,7 @@ index 07d096c..5e2a0b3 100644 |
439 |
{ |
440 |
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) |
441 |
|
442 |
-@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
443 |
+@@ -1132,7 +1616,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
444 |
if (vma->vm_file == NULL) |
445 |
return 0; |
446 |
|
447 |
@@ -41713,7 +41715,7 @@ index 07d096c..5e2a0b3 100644 |
448 |
goto whole; |
449 |
|
450 |
/* |
451 |
-@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
452 |
+@@ -1354,9 +1838,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
453 |
{ |
454 |
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; |
455 |
int i = 0; |
456 |
@@ -41725,7 +41727,7 @@ index 07d096c..5e2a0b3 100644 |
457 |
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); |
458 |
} |
459 |
|
460 |
-@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
461 |
+@@ -1862,14 +2346,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
462 |
} |
463 |
|
464 |
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, |
465 |
@@ -41742,7 +41744,7 @@ index 07d096c..5e2a0b3 100644 |
466 |
return size; |
467 |
} |
468 |
|
469 |
-@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
470 |
+@@ -1963,7 +2447,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
471 |
|
472 |
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); |
473 |
|
474 |
@@ -41751,7 +41753,7 @@ index 07d096c..5e2a0b3 100644 |
475 |
offset += elf_core_extra_data_size(); |
476 |
e_shoff = offset; |
477 |
|
478 |
-@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
479 |
+@@ -1977,10 +2461,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
480 |
offset = dataoff; |
481 |
|
482 |
size += sizeof(*elf); |
483 |
@@ -41764,7 +41766,7 @@ index 07d096c..5e2a0b3 100644 |
484 |
if (size > cprm->limit |
485 |
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) |
486 |
goto end_coredump; |
487 |
-@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
488 |
+@@ -1994,7 +2480,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
489 |
phdr.p_offset = offset; |
490 |
phdr.p_vaddr = vma->vm_start; |
491 |
phdr.p_paddr = 0; |
492 |
@@ -41773,7 +41775,7 @@ index 07d096c..5e2a0b3 100644 |
493 |
phdr.p_memsz = vma->vm_end - vma->vm_start; |
494 |
offset += phdr.p_filesz; |
495 |
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; |
496 |
-@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
497 |
+@@ -2005,6 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
498 |
phdr.p_align = ELF_EXEC_PAGESIZE; |
499 |
|
500 |
size += sizeof(phdr); |
501 |
@@ -41781,7 +41783,7 @@ index 07d096c..5e2a0b3 100644 |
502 |
if (size > cprm->limit |
503 |
|| !dump_write(cprm->file, &phdr, sizeof(phdr))) |
504 |
goto end_coredump; |
505 |
-@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
506 |
+@@ -2029,7 +2516,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
507 |
unsigned long addr; |
508 |
unsigned long end; |
509 |
|
510 |
@@ -41790,7 +41792,7 @@ index 07d096c..5e2a0b3 100644 |
511 |
|
512 |
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { |
513 |
struct page *page; |
514 |
-@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
515 |
+@@ -2038,6 +2525,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
516 |
page = get_dump_page(addr); |
517 |
if (page) { |
518 |
void *kaddr = kmap(page); |
519 |
@@ -41798,7 +41800,7 @@ index 07d096c..5e2a0b3 100644 |
520 |
stop = ((size += PAGE_SIZE) > cprm->limit) || |
521 |
!dump_write(cprm->file, kaddr, |
522 |
PAGE_SIZE); |
523 |
-@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
524 |
+@@ -2055,6 +2543,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
525 |
|
526 |
if (e_phnum == PN_XNUM) { |
527 |
size += sizeof(*shdr4extnum); |
528 |
@@ -41806,7 +41808,7 @@ index 07d096c..5e2a0b3 100644 |
529 |
if (size > cprm->limit |
530 |
|| !dump_write(cprm->file, shdr4extnum, |
531 |
sizeof(*shdr4extnum))) |
532 |
-@@ -2075,6 +2562,97 @@ out: |
533 |
+@@ -2075,6 +2564,97 @@ out: |
534 |
|
535 |
#endif /* CONFIG_ELF_CORE */ |
536 |
|
537 |
@@ -70120,7 +70122,7 @@ index ef726e8..13e0901 100644 |
538 |
capable(CAP_IPC_LOCK)) |
539 |
ret = do_mlockall(flags); |
540 |
diff --git a/mm/mmap.c b/mm/mmap.c |
541 |
-index da15a79..2e3d9ff 100644 |
542 |
+index da15a79..333850b 100644 |
543 |
--- a/mm/mmap.c |
544 |
+++ b/mm/mmap.c |
545 |
@@ -46,6 +46,16 @@ |
546 |
@@ -71349,16 +71351,22 @@ index da15a79..2e3d9ff 100644 |
547 |
/* |
548 |
* Return true if the calling process may expand its vm space by the passed |
549 |
* number of pages |
550 |
-@@ -2392,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
551 |
+@@ -2391,8 +2881,13 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
552 |
+ unsigned long cur = mm->total_vm; /* pages */ |
553 |
unsigned long lim; |
554 |
|
555 |
++#ifdef CONFIG_PAX_RANDMMAP |
556 |
++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && mm->end_data) |
557 |
++ cur -= (mm->start_brk - mm->end_data) >> PAGE_SHIFT; |
558 |
++#endif |
559 |
++ |
560 |
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; |
561 |
- |
562 |
+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); |
563 |
if (cur + npages > lim) |
564 |
return 0; |
565 |
return 1; |
566 |
-@@ -2463,6 +2953,22 @@ int install_special_mapping(struct mm_struct *mm, |
567 |
+@@ -2463,6 +2958,22 @@ int install_special_mapping(struct mm_struct *mm, |
568 |
vma->vm_start = addr; |
569 |
vma->vm_end = addr + len; |