| 1 |
commit: 32de7cbff80bfad850403ce1a7fa232beb4bb5bc |
| 2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Aug 2 12:15:20 2013 +0000 |
| 4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Aug 2 12:15:20 2013 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=32de7cbf |
| 7 |
|
| 8 |
Grsec/PaX: 2.9.1-3.10.4-201308011855 |
| 9 |
|
| 10 |
--- |
| 11 |
3.10.4/0000_README | 2 +- |
| 12 |
...420_grsecurity-2.9.1-3.10.4-201308011855.patch} | 402 +++++++++++++-------- |
| 13 |
2 files changed, 257 insertions(+), 147 deletions(-) |
| 14 |
|
| 15 |
diff --git a/3.10.4/0000_README b/3.10.4/0000_README |
| 16 |
index ec1a9e6..52e9f3c 100644 |
| 17 |
--- a/3.10.4/0000_README |
| 18 |
+++ b/3.10.4/0000_README |
| 19 |
@@ -2,7 +2,7 @@ README |
| 20 |
----------------------------------------------------------------------------- |
| 21 |
Individual Patch Descriptions: |
| 22 |
----------------------------------------------------------------------------- |
| 23 |
-Patch: 4420_grsecurity-2.9.1-3.10.4-201307311627.patch |
| 24 |
+Patch: 4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
| 25 |
From: http://www.grsecurity.net |
| 26 |
Desc: hardened-sources base patch from upstream grsecurity |
| 27 |
|
| 28 |
|
| 29 |
diff --git a/3.10.4/4420_grsecurity-2.9.1-3.10.4-201307311627.patch b/3.10.4/4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
| 30 |
similarity index 99% |
| 31 |
rename from 3.10.4/4420_grsecurity-2.9.1-3.10.4-201307311627.patch |
| 32 |
rename to 3.10.4/4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
| 33 |
index afbc771..589e333 100644 |
| 34 |
--- a/3.10.4/4420_grsecurity-2.9.1-3.10.4-201307311627.patch |
| 35 |
+++ b/3.10.4/4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
| 36 |
@@ -17846,7 +17846,7 @@ index 155a13f..1672b9b 100644 |
| 37 |
|
| 38 |
.__cr3 = __pa_nodebug(swapper_pg_dir), |
| 39 |
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c |
| 40 |
-index deb6421..622e0ed 100644 |
| 41 |
+index deb6421..76bbc12 100644 |
| 42 |
--- a/arch/x86/kernel/dumpstack.c |
| 43 |
+++ b/arch/x86/kernel/dumpstack.c |
| 44 |
@@ -2,6 +2,9 @@ |
| 45 |
@@ -17951,6 +17951,15 @@ index deb6421..622e0ed 100644 |
| 46 |
} |
| 47 |
|
| 48 |
return (unsigned long)frame; |
| 49 |
+@@ -150,7 +149,7 @@ static int print_trace_stack(void *data, char *name) |
| 50 |
+ static void print_trace_address(void *data, unsigned long addr, int reliable) |
| 51 |
+ { |
| 52 |
+ touch_nmi_watchdog(); |
| 53 |
+- printk(data); |
| 54 |
++ printk("%s", (char *)data); |
| 55 |
+ printk_address(addr, reliable); |
| 56 |
+ } |
| 57 |
+ |
| 58 |
@@ -219,6 +218,8 @@ unsigned __kprobes long oops_begin(void) |
| 59 |
} |
| 60 |
EXPORT_SYMBOL_GPL(oops_begin); |
| 61 |
@@ -22596,6 +22605,19 @@ index 76fa1e9..abf09ea 100644 |
| 62 |
.power_off = native_machine_power_off, |
| 63 |
.shutdown = native_machine_shutdown, |
| 64 |
.emergency_restart = native_machine_emergency_restart, |
| 65 |
+diff --git a/arch/x86/kernel/reboot_fixups_32.c b/arch/x86/kernel/reboot_fixups_32.c |
| 66 |
+index c8e41e9..64049ef 100644 |
| 67 |
+--- a/arch/x86/kernel/reboot_fixups_32.c |
| 68 |
++++ b/arch/x86/kernel/reboot_fixups_32.c |
| 69 |
+@@ -57,7 +57,7 @@ struct device_fixup { |
| 70 |
+ unsigned int vendor; |
| 71 |
+ unsigned int device; |
| 72 |
+ void (*reboot_fixup)(struct pci_dev *); |
| 73 |
+-}; |
| 74 |
++} __do_const; |
| 75 |
+ |
| 76 |
+ /* |
| 77 |
+ * PCI ids solely used for fixups_table go here |
| 78 |
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S |
| 79 |
index f2bb9c9..bed145d7 100644 |
| 80 |
--- a/arch/x86/kernel/relocate_kernel_64.S |
| 81 |
@@ -25423,7 +25445,7 @@ index 25b7ae8..169fafc 100644 |
| 82 |
} |
| 83 |
EXPORT_SYMBOL(csum_partial_copy_to_user); |
| 84 |
diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S |
| 85 |
-index a451235..79fb5cf 100644 |
| 86 |
+index a451235..1daa956 100644 |
| 87 |
--- a/arch/x86/lib/getuser.S |
| 88 |
+++ b/arch/x86/lib/getuser.S |
| 89 |
@@ -33,17 +33,40 @@ |
| 90 |
@@ -25549,8 +25571,14 @@ index a451235..79fb5cf 100644 |
| 91 |
ret |
| 92 |
#else |
| 93 |
add $7,%_ASM_AX |
| 94 |
-@@ -102,6 +163,7 @@ ENTRY(__get_user_8) |
| 95 |
- 5: movl -3(%_ASM_AX),%ecx |
| 96 |
+@@ -98,10 +159,11 @@ ENTRY(__get_user_8) |
| 97 |
+ cmp TI_addr_limit(%_ASM_DX),%_ASM_AX |
| 98 |
+ jae bad_get_user_8 |
| 99 |
+ ASM_STAC |
| 100 |
+-4: movl -7(%_ASM_AX),%edx |
| 101 |
+-5: movl -3(%_ASM_AX),%ecx |
| 102 |
++4: __copyuser_seg movl -7(%_ASM_AX),%edx |
| 103 |
++5: __copyuser_seg movl -3(%_ASM_AX),%ecx |
| 104 |
xor %eax,%eax |
| 105 |
ASM_CLAC |
| 106 |
+ pax_force_retaddr |
| 107 |
@@ -40919,7 +40947,7 @@ index b37a582..680835d 100644 |
| 108 |
|
| 109 |
D_INFO("*** LOAD DRIVER ***\n"); |
| 110 |
diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c |
| 111 |
-index d532948..a1cb592 100644 |
| 112 |
+index d532948..e0d8bb1 100644 |
| 113 |
--- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c |
| 114 |
+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c |
| 115 |
@@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file, |
| 116 |
@@ -40958,6 +40986,21 @@ index d532948..a1cb592 100644 |
| 117 |
int value; |
| 118 |
|
| 119 |
memset(buf, 0, sizeof(buf)); |
| 120 |
+@@ -698,10 +698,10 @@ DEBUGFS_READ_FILE_OPS(temperature); |
| 121 |
+ DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override); |
| 122 |
+ DEBUGFS_READ_FILE_OPS(current_sleep_command); |
| 123 |
+ |
| 124 |
+-static const char *fmt_value = " %-30s %10u\n"; |
| 125 |
+-static const char *fmt_hex = " %-30s 0x%02X\n"; |
| 126 |
+-static const char *fmt_table = " %-30s %10u %10u %10u %10u\n"; |
| 127 |
+-static const char *fmt_header = |
| 128 |
++static const char fmt_value[] = " %-30s %10u\n"; |
| 129 |
++static const char fmt_hex[] = " %-30s 0x%02X\n"; |
| 130 |
++static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n"; |
| 131 |
++static const char fmt_header[] = |
| 132 |
+ "%-32s current cumulative delta max\n"; |
| 133 |
+ |
| 134 |
+ static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz) |
| 135 |
@@ -1871,7 +1871,7 @@ static ssize_t iwl_dbgfs_clear_ucode_statistics_write(struct file *file, |
| 136 |
{ |
| 137 |
struct iwl_priv *priv = file->private_data; |
| 138 |
@@ -45054,6 +45097,19 @@ index 95ec042..e6affdd 100644 |
| 139 |
|
| 140 |
return 0; |
| 141 |
} |
| 142 |
+diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c |
| 143 |
+index c74e7aa..e3c2790 100644 |
| 144 |
+--- a/drivers/video/backlight/backlight.c |
| 145 |
++++ b/drivers/video/backlight/backlight.c |
| 146 |
+@@ -304,7 +304,7 @@ struct backlight_device *backlight_device_register(const char *name, |
| 147 |
+ new_bd->dev.class = backlight_class; |
| 148 |
+ new_bd->dev.parent = parent; |
| 149 |
+ new_bd->dev.release = bl_device_release; |
| 150 |
+- dev_set_name(&new_bd->dev, name); |
| 151 |
++ dev_set_name(&new_bd->dev, "%s", name); |
| 152 |
+ dev_set_drvdata(&new_bd->dev, devdata); |
| 153 |
+ |
| 154 |
+ /* Set default properties */ |
| 155 |
diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c |
| 156 |
index bca6ccc..252107e 100644 |
| 157 |
--- a/drivers/video/backlight/kb3886_bl.c |
| 158 |
@@ -45067,6 +45123,19 @@ index bca6ccc..252107e 100644 |
| 159 |
{ |
| 160 |
.ident = "Sahara Touch-iT", |
| 161 |
.matches = { |
| 162 |
+diff --git a/drivers/video/backlight/lcd.c b/drivers/video/backlight/lcd.c |
| 163 |
+index 34fb6bd..3649fd9 100644 |
| 164 |
+--- a/drivers/video/backlight/lcd.c |
| 165 |
++++ b/drivers/video/backlight/lcd.c |
| 166 |
+@@ -219,7 +219,7 @@ struct lcd_device *lcd_device_register(const char *name, struct device *parent, |
| 167 |
+ new_ld->dev.class = lcd_class; |
| 168 |
+ new_ld->dev.parent = parent; |
| 169 |
+ new_ld->dev.release = lcd_device_release; |
| 170 |
+- dev_set_name(&new_ld->dev, name); |
| 171 |
++ dev_set_name(&new_ld->dev, "%s", name); |
| 172 |
+ dev_set_drvdata(&new_ld->dev, devdata); |
| 173 |
+ |
| 174 |
+ rc = device_register(&new_ld->dev); |
| 175 |
diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c |
| 176 |
index 900aa4e..6d49418 100644 |
| 177 |
--- a/drivers/video/fb_defio.c |
| 178 |
@@ -48614,7 +48683,7 @@ index bce8769..7fc7544 100644 |
| 179 |
fd_offset + ex.a_text); |
| 180 |
if (error != N_DATADDR(ex)) { |
| 181 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
| 182 |
-index f8a0b0e..8186af0 100644 |
| 183 |
+index f8a0b0e..989dbf2 100644 |
| 184 |
--- a/fs/binfmt_elf.c |
| 185 |
+++ b/fs/binfmt_elf.c |
| 186 |
@@ -34,6 +34,7 @@ |
| 187 |
@@ -49400,7 +49469,7 @@ index f8a0b0e..8186af0 100644 |
| 188 |
if (size > cprm->limit |
| 189 |
|| !dump_write(cprm->file, shdr4extnum, |
| 190 |
sizeof(*shdr4extnum))) |
| 191 |
-@@ -2231,6 +2683,97 @@ out: |
| 192 |
+@@ -2231,6 +2683,138 @@ out: |
| 193 |
|
| 194 |
#endif /* CONFIG_ELF_CORE */ |
| 195 |
|
| 196 |
@@ -49468,9 +49537,9 @@ index f8a0b0e..8186af0 100644 |
| 197 |
+ elf_dyn dyn; |
| 198 |
+ |
| 199 |
+ if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn))) |
| 200 |
-+ return; |
| 201 |
++ break; |
| 202 |
+ if (dyn.d_tag == DT_NULL) |
| 203 |
-+ return; |
| 204 |
++ break; |
| 205 |
+ if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) { |
| 206 |
+ gr_log_textrel(vma); |
| 207 |
+ if (is_textrel_rw) |
| 208 |
@@ -49478,18 +49547,59 @@ index f8a0b0e..8186af0 100644 |
| 209 |
+ else |
| 210 |
+ /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */ |
| 211 |
+ vma->vm_flags &= ~VM_MAYWRITE; |
| 212 |
-+ return; |
| 213 |
++ break; |
| 214 |
+ } |
| 215 |
+ i++; |
| 216 |
+ } |
| 217 |
-+ return; |
| 218 |
++ is_textrel_rw = false; |
| 219 |
++ is_textrel_rx = false; |
| 220 |
++ continue; |
| 221 |
+ |
| 222 |
+ case PT_GNU_RELRO: |
| 223 |
+ if (!is_relro) |
| 224 |
+ continue; |
| 225 |
+ if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start) |
| 226 |
+ vma->vm_flags &= ~VM_MAYWRITE; |
| 227 |
-+ return; |
| 228 |
++ is_relro = false; |
| 229 |
++ continue; |
| 230 |
++ |
| 231 |
++#ifdef CONFIG_PAX_PT_PAX_FLAGS |
| 232 |
++ case PT_PAX_FLAGS: { |
| 233 |
++ const char *msg_mprotect = "", *msg_emutramp = ""; |
| 234 |
++ char *buffer_lib, *buffer_exe; |
| 235 |
++ |
| 236 |
++ if (elf_p.p_flags & PF_NOMPROTECT) |
| 237 |
++ msg_mprotect = "MPROTECT disabled"; |
| 238 |
++ |
| 239 |
++#ifdef CONFIG_PAX_EMUTRAMP |
| 240 |
++ if (!(vma->vm_mm->pax_flags & MF_PAX_EMUTRAMP) && !(elf_p.p_flags & PF_NOEMUTRAMP)) |
| 241 |
++ msg_emutramp = "EMUTRAMP enabled"; |
| 242 |
++#endif |
| 243 |
++ |
| 244 |
++ if (!msg_mprotect[0] && !msg_emutramp[0]) |
| 245 |
++ continue; |
| 246 |
++ |
| 247 |
++ if (!printk_ratelimit()) |
| 248 |
++ continue; |
| 249 |
++ |
| 250 |
++ buffer_lib = (char *)__get_free_page(GFP_KERNEL); |
| 251 |
++ buffer_exe = (char *)__get_free_page(GFP_KERNEL); |
| 252 |
++ if (buffer_lib && buffer_exe) { |
| 253 |
++ char *path_lib, *path_exe; |
| 254 |
++ |
| 255 |
++ path_lib = pax_get_path(&vma->vm_file->f_path, buffer_lib, PAGE_SIZE); |
| 256 |
++ path_exe = pax_get_path(&vma->vm_mm->exe_file->f_path, buffer_exe, PAGE_SIZE); |
| 257 |
++ |
| 258 |
++ pr_info("PAX: %s wants %s%s%s on %s\n", path_lib, msg_mprotect, |
| 259 |
++ (msg_mprotect[0] && msg_emutramp[0] ? " and " : ""), msg_emutramp, path_exe); |
| 260 |
++ |
| 261 |
++ } |
| 262 |
++ free_page((unsigned long)buffer_exe); |
| 263 |
++ free_page((unsigned long)buffer_lib); |
| 264 |
++ continue; |
| 265 |
++ } |
| 266 |
++#endif |
| 267 |
++ |
| 268 |
+ } |
| 269 |
+ } |
| 270 |
+} |
| 271 |
@@ -50708,7 +50818,7 @@ index e4141f2..d8263e8 100644 |
| 272 |
i += packet_length_size; |
| 273 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
| 274 |
diff --git a/fs/exec.c b/fs/exec.c |
| 275 |
-index ffd7a81..f0afae1 100644 |
| 276 |
+index ffd7a81..97f4c7d 100644 |
| 277 |
--- a/fs/exec.c |
| 278 |
+++ b/fs/exec.c |
| 279 |
@@ -55,8 +55,20 @@ |
| 280 |
@@ -51190,7 +51300,7 @@ index ffd7a81..f0afae1 100644 |
| 281 |
out: |
| 282 |
if (bprm->mm) { |
| 283 |
acct_arg_size(bprm, 0); |
| 284 |
-@@ -1701,3 +1875,283 @@ asmlinkage long compat_sys_execve(const char __user * filename, |
| 285 |
+@@ -1701,3 +1875,281 @@ asmlinkage long compat_sys_execve(const char __user * filename, |
| 286 |
return error; |
| 287 |
} |
| 288 |
#endif |
| 289 |
@@ -51249,6 +51359,25 @@ index ffd7a81..f0afae1 100644 |
| 290 |
+EXPORT_SYMBOL(pax_check_flags); |
| 291 |
+ |
| 292 |
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) |
| 293 |
++char *pax_get_path(const struct path *path, char *buf, int buflen) |
| 294 |
++{ |
| 295 |
++ char *pathname = d_path(path, buf, buflen); |
| 296 |
++ |
| 297 |
++ if (IS_ERR(pathname)) |
| 298 |
++ goto toolong; |
| 299 |
++ |
| 300 |
++ pathname = mangle_path(buf, pathname, "\t\n\\"); |
| 301 |
++ if (!pathname) |
| 302 |
++ goto toolong; |
| 303 |
++ |
| 304 |
++ *pathname = 0; |
| 305 |
++ return buf; |
| 306 |
++ |
| 307 |
++toolong: |
| 308 |
++ return "<path too long>"; |
| 309 |
++} |
| 310 |
++EXPORT_SYMBOL(pax_get_path); |
| 311 |
++ |
| 312 |
+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp) |
| 313 |
+{ |
| 314 |
+ struct task_struct *tsk = current; |
| 315 |
@@ -51272,36 +51401,15 @@ index ffd7a81..f0afae1 100644 |
| 316 |
+ vma_fault = vma; |
| 317 |
+ vma = vma->vm_next; |
| 318 |
+ } |
| 319 |
-+ if (vma_exec) { |
| 320 |
-+ path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE); |
| 321 |
-+ if (IS_ERR(path_exec)) |
| 322 |
-+ path_exec = "<path too long>"; |
| 323 |
-+ else { |
| 324 |
-+ path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\"); |
| 325 |
-+ if (path_exec) { |
| 326 |
-+ *path_exec = 0; |
| 327 |
-+ path_exec = buffer_exec; |
| 328 |
-+ } else |
| 329 |
-+ path_exec = "<path too long>"; |
| 330 |
-+ } |
| 331 |
-+ } |
| 332 |
++ if (vma_exec) |
| 333 |
++ path_exec = pax_get_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE); |
| 334 |
+ if (vma_fault) { |
| 335 |
+ start = vma_fault->vm_start; |
| 336 |
+ end = vma_fault->vm_end; |
| 337 |
+ offset = vma_fault->vm_pgoff << PAGE_SHIFT; |
| 338 |
-+ if (vma_fault->vm_file) { |
| 339 |
-+ path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); |
| 340 |
-+ if (IS_ERR(path_fault)) |
| 341 |
-+ path_fault = "<path too long>"; |
| 342 |
-+ else { |
| 343 |
-+ path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\"); |
| 344 |
-+ if (path_fault) { |
| 345 |
-+ *path_fault = 0; |
| 346 |
-+ path_fault = buffer_fault; |
| 347 |
-+ } else |
| 348 |
-+ path_fault = "<path too long>"; |
| 349 |
-+ } |
| 350 |
-+ } else |
| 351 |
++ if (vma_fault->vm_file) |
| 352 |
++ path_fault = pax_get_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); |
| 353 |
++ else |
| 354 |
+ path_fault = "<anonymous mapping>"; |
| 355 |
+ } |
| 356 |
+ up_read(&mm->mmap_sem); |
| 357 |
@@ -58361,7 +58469,7 @@ index 0000000..36845aa |
| 358 |
+endif |
| 359 |
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c |
| 360 |
new file mode 100644 |
| 361 |
-index 0000000..29892a3 |
| 362 |
+index 0000000..6907918 |
| 363 |
--- /dev/null |
| 364 |
+++ b/grsecurity/gracl.c |
| 365 |
@@ -0,0 +1,4178 @@ |
| 366 |
@@ -58467,6 +58575,102 @@ index 0000000..29892a3 |
| 367 |
+extern void gr_remove_uid(uid_t uid); |
| 368 |
+extern int gr_find_uid(uid_t uid); |
| 369 |
+ |
| 370 |
++static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp) |
| 371 |
++{ |
| 372 |
++ if (copy_from_user(obj, userp, sizeof(struct acl_object_label))) |
| 373 |
++ return -EFAULT; |
| 374 |
++ |
| 375 |
++ return 0; |
| 376 |
++} |
| 377 |
++ |
| 378 |
++static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp) |
| 379 |
++{ |
| 380 |
++ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label))) |
| 381 |
++ return -EFAULT; |
| 382 |
++ |
| 383 |
++ return 0; |
| 384 |
++} |
| 385 |
++ |
| 386 |
++static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp) |
| 387 |
++{ |
| 388 |
++ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label))) |
| 389 |
++ return -EFAULT; |
| 390 |
++ |
| 391 |
++ return 0; |
| 392 |
++} |
| 393 |
++ |
| 394 |
++static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp) |
| 395 |
++{ |
| 396 |
++ if (copy_from_user(role, userp, sizeof(struct acl_role_label))) |
| 397 |
++ return -EFAULT; |
| 398 |
++ |
| 399 |
++ return 0; |
| 400 |
++} |
| 401 |
++ |
| 402 |
++static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) |
| 403 |
++{ |
| 404 |
++ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip))) |
| 405 |
++ return -EFAULT; |
| 406 |
++ |
| 407 |
++ return 0; |
| 408 |
++} |
| 409 |
++ |
| 410 |
++static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) |
| 411 |
++{ |
| 412 |
++ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw))) |
| 413 |
++ return -EFAULT; |
| 414 |
++ |
| 415 |
++ return 0; |
| 416 |
++} |
| 417 |
++ |
| 418 |
++static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) |
| 419 |
++{ |
| 420 |
++ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct))) |
| 421 |
++ return -EFAULT; |
| 422 |
++ |
| 423 |
++ return 0; |
| 424 |
++} |
| 425 |
++ |
| 426 |
++static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp) |
| 427 |
++{ |
| 428 |
++ if (copy_from_user(trans, userp, sizeof(struct role_transition))) |
| 429 |
++ return -EFAULT; |
| 430 |
++ |
| 431 |
++ return 0; |
| 432 |
++} |
| 433 |
++ |
| 434 |
++int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp) |
| 435 |
++{ |
| 436 |
++ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *))) |
| 437 |
++ return -EFAULT; |
| 438 |
++ |
| 439 |
++ return 0; |
| 440 |
++} |
| 441 |
++ |
| 442 |
++static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap) |
| 443 |
++{ |
| 444 |
++ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper))) |
| 445 |
++ return -EFAULT; |
| 446 |
++ |
| 447 |
++ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg))) |
| 448 |
++ return -EINVAL; |
| 449 |
++ |
| 450 |
++ return 0; |
| 451 |
++} |
| 452 |
++ |
| 453 |
++static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg) |
| 454 |
++{ |
| 455 |
++ if (copy_from_user(arg, buf, sizeof (struct gr_arg))) |
| 456 |
++ return -EFAULT; |
| 457 |
++ |
| 458 |
++ return 0; |
| 459 |
++} |
| 460 |
++ |
| 461 |
++static size_t get_gr_arg_wrapper_size_normal(void) |
| 462 |
++{ |
| 463 |
++ return sizeof(struct gr_arg_wrapper); |
| 464 |
++} |
| 465 |
++ |
| 466 |
+#ifdef CONFIG_COMPAT |
| 467 |
+extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap); |
| 468 |
+extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg); |
| 469 |
@@ -58497,6 +58701,7 @@ index 0000000..29892a3 |
| 470 |
+#else |
| 471 |
+#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal |
| 472 |
+#define copy_gr_arg copy_gr_arg_normal |
| 473 |
++#define copy_gr_hash_struct copy_gr_hash_struct_normal |
| 474 |
+#define copy_acl_object_label copy_acl_object_label_normal |
| 475 |
+#define copy_acl_subject_label copy_acl_subject_label_normal |
| 476 |
+#define copy_acl_role_label copy_acl_role_label_normal |
| 477 |
@@ -61514,102 +61719,6 @@ index 0000000..29892a3 |
| 478 |
+ return 0; |
| 479 |
+} |
| 480 |
+ |
| 481 |
-+static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp) |
| 482 |
-+{ |
| 483 |
-+ if (copy_from_user(obj, userp, sizeof(struct acl_object_label))) |
| 484 |
-+ return -EFAULT; |
| 485 |
-+ |
| 486 |
-+ return 0; |
| 487 |
-+} |
| 488 |
-+ |
| 489 |
-+static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp) |
| 490 |
-+{ |
| 491 |
-+ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label))) |
| 492 |
-+ return -EFAULT; |
| 493 |
-+ |
| 494 |
-+ return 0; |
| 495 |
-+} |
| 496 |
-+ |
| 497 |
-+static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp) |
| 498 |
-+{ |
| 499 |
-+ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label))) |
| 500 |
-+ return -EFAULT; |
| 501 |
-+ |
| 502 |
-+ return 0; |
| 503 |
-+} |
| 504 |
-+ |
| 505 |
-+static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp) |
| 506 |
-+{ |
| 507 |
-+ if (copy_from_user(role, userp, sizeof(struct acl_role_label))) |
| 508 |
-+ return -EFAULT; |
| 509 |
-+ |
| 510 |
-+ return 0; |
| 511 |
-+} |
| 512 |
-+ |
| 513 |
-+static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) |
| 514 |
-+{ |
| 515 |
-+ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip))) |
| 516 |
-+ return -EFAULT; |
| 517 |
-+ |
| 518 |
-+ return 0; |
| 519 |
-+} |
| 520 |
-+ |
| 521 |
-+static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) |
| 522 |
-+{ |
| 523 |
-+ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw))) |
| 524 |
-+ return -EFAULT; |
| 525 |
-+ |
| 526 |
-+ return 0; |
| 527 |
-+} |
| 528 |
-+ |
| 529 |
-+static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) |
| 530 |
-+{ |
| 531 |
-+ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct))) |
| 532 |
-+ return -EFAULT; |
| 533 |
-+ |
| 534 |
-+ return 0; |
| 535 |
-+} |
| 536 |
-+ |
| 537 |
-+static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp) |
| 538 |
-+{ |
| 539 |
-+ if (copy_from_user(trans, userp, sizeof(struct role_transition))) |
| 540 |
-+ return -EFAULT; |
| 541 |
-+ |
| 542 |
-+ return 0; |
| 543 |
-+} |
| 544 |
-+ |
| 545 |
-+int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp) |
| 546 |
-+{ |
| 547 |
-+ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *))) |
| 548 |
-+ return -EFAULT; |
| 549 |
-+ |
| 550 |
-+ return 0; |
| 551 |
-+} |
| 552 |
-+ |
| 553 |
-+static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap) |
| 554 |
-+{ |
| 555 |
-+ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper))) |
| 556 |
-+ return -EFAULT; |
| 557 |
-+ |
| 558 |
-+ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg))) |
| 559 |
-+ return -EINVAL; |
| 560 |
-+ |
| 561 |
-+ return 0; |
| 562 |
-+} |
| 563 |
-+ |
| 564 |
-+static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg) |
| 565 |
-+{ |
| 566 |
-+ if (copy_from_user(arg, buf, sizeof (struct gr_arg))) |
| 567 |
-+ return -EFAULT; |
| 568 |
-+ |
| 569 |
-+ return 0; |
| 570 |
-+} |
| 571 |
-+ |
| 572 |
-+static size_t get_gr_arg_wrapper_size_normal(void) |
| 573 |
-+{ |
| 574 |
-+ return sizeof(struct gr_arg_wrapper); |
| 575 |
-+} |
| 576 |
-+ |
| 577 |
+ssize_t |
| 578 |
+write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos) |
| 579 |
+{ |
| 580 |
@@ -61618,7 +61727,6 @@ index 0000000..29892a3 |
| 581 |
+ unsigned char *sprole_sum = NULL; |
| 582 |
+ int error = 0; |
| 583 |
+ int error2 = 0; |
| 584 |
-+ int compat = is_compat_task(); |
| 585 |
+ size_t req_count; |
| 586 |
+ |
| 587 |
+ mutex_lock(&gr_dev_mutex); |
| 588 |
@@ -61630,7 +61738,7 @@ index 0000000..29892a3 |
| 589 |
+ |
| 590 |
+#ifdef CONFIG_COMPAT |
| 591 |
+ pax_open_kernel(); |
| 592 |
-+ if (compat) { |
| 593 |
++ if (is_compat_task()) { |
| 594 |
+ copy_gr_arg_wrapper = ©_gr_arg_wrapper_compat; |
| 595 |
+ copy_gr_arg = ©_gr_arg_compat; |
| 596 |
+ copy_acl_object_label = ©_acl_object_label_compat; |
| 597 |
@@ -72189,7 +72297,7 @@ index 6dacb93..6174423 100644 |
| 598 |
static inline void anon_vma_merge(struct vm_area_struct *vma, |
| 599 |
struct vm_area_struct *next) |
| 600 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
| 601 |
-index 178a8d9..52e71a3 100644 |
| 602 |
+index 178a8d9..450bf11 100644 |
| 603 |
--- a/include/linux/sched.h |
| 604 |
+++ b/include/linux/sched.h |
| 605 |
@@ -62,6 +62,7 @@ struct bio_list; |
| 606 |
@@ -72318,7 +72426,7 @@ index 178a8d9..52e71a3 100644 |
| 607 |
#ifdef CONFIG_FUTEX |
| 608 |
struct robust_list_head __user *robust_list; |
| 609 |
#ifdef CONFIG_COMPAT |
| 610 |
-@@ -1416,8 +1456,74 @@ struct task_struct { |
| 611 |
+@@ -1416,8 +1456,76 @@ struct task_struct { |
| 612 |
unsigned int sequential_io; |
| 613 |
unsigned int sequential_io_avg; |
| 614 |
#endif |
| 615 |
@@ -72386,6 +72494,8 @@ index 178a8d9..52e71a3 100644 |
| 616 |
+extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); |
| 617 |
+#endif |
| 618 |
+ |
| 619 |
++struct path; |
| 620 |
++extern char *pax_get_path(const struct path *path, char *buf, int buflen); |
| 621 |
+extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); |
| 622 |
+extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp); |
| 623 |
+extern void pax_report_refcount_overflow(struct pt_regs *regs); |
| 624 |
@@ -72393,7 +72503,7 @@ index 178a8d9..52e71a3 100644 |
| 625 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
| 626 |
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) |
| 627 |
|
| 628 |
-@@ -1476,7 +1582,7 @@ struct pid_namespace; |
| 629 |
+@@ -1476,7 +1584,7 @@ struct pid_namespace; |
| 630 |
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, |
| 631 |
struct pid_namespace *ns); |
| 632 |
|
| 633 |
@@ -72402,7 +72512,7 @@ index 178a8d9..52e71a3 100644 |
| 634 |
{ |
| 635 |
return tsk->pid; |
| 636 |
} |
| 637 |
-@@ -1919,7 +2025,9 @@ void yield(void); |
| 638 |
+@@ -1919,7 +2027,9 @@ void yield(void); |
| 639 |
extern struct exec_domain default_exec_domain; |
| 640 |
|
| 641 |
union thread_union { |
| 642 |
@@ -72412,7 +72522,7 @@ index 178a8d9..52e71a3 100644 |
| 643 |
unsigned long stack[THREAD_SIZE/sizeof(long)]; |
| 644 |
}; |
| 645 |
|
| 646 |
-@@ -1952,6 +2060,7 @@ extern struct pid_namespace init_pid_ns; |
| 647 |
+@@ -1952,6 +2062,7 @@ extern struct pid_namespace init_pid_ns; |
| 648 |
*/ |
| 649 |
|
| 650 |
extern struct task_struct *find_task_by_vpid(pid_t nr); |
| 651 |
@@ -72420,7 +72530,7 @@ index 178a8d9..52e71a3 100644 |
| 652 |
extern struct task_struct *find_task_by_pid_ns(pid_t nr, |
| 653 |
struct pid_namespace *ns); |
| 654 |
|
| 655 |
-@@ -2118,7 +2227,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
| 656 |
+@@ -2118,7 +2229,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
| 657 |
extern void exit_itimers(struct signal_struct *); |
| 658 |
extern void flush_itimer_signals(void); |
| 659 |
|
| 660 |
@@ -72429,7 +72539,7 @@ index 178a8d9..52e71a3 100644 |
| 661 |
|
| 662 |
extern int allow_signal(int); |
| 663 |
extern int disallow_signal(int); |
| 664 |
-@@ -2309,9 +2418,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
| 665 |
+@@ -2309,9 +2420,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
| 666 |
|
| 667 |
#endif |
Archives