1 |
commit: 32de7cbff80bfad850403ce1a7fa232beb4bb5bc |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Aug 2 12:15:20 2013 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Aug 2 12:15:20 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=32de7cbf |
7 |
|
8 |
Grsec/PaX: 2.9.1-3.10.4-201308011855 |
9 |
|
10 |
--- |
11 |
3.10.4/0000_README | 2 +- |
12 |
...420_grsecurity-2.9.1-3.10.4-201308011855.patch} | 402 +++++++++++++-------- |
13 |
2 files changed, 257 insertions(+), 147 deletions(-) |
14 |
|
15 |
diff --git a/3.10.4/0000_README b/3.10.4/0000_README |
16 |
index ec1a9e6..52e9f3c 100644 |
17 |
--- a/3.10.4/0000_README |
18 |
+++ b/3.10.4/0000_README |
19 |
@@ -2,7 +2,7 @@ README |
20 |
----------------------------------------------------------------------------- |
21 |
Individual Patch Descriptions: |
22 |
----------------------------------------------------------------------------- |
23 |
-Patch: 4420_grsecurity-2.9.1-3.10.4-201307311627.patch |
24 |
+Patch: 4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
25 |
From: http://www.grsecurity.net |
26 |
Desc: hardened-sources base patch from upstream grsecurity |
27 |
|
28 |
|
29 |
diff --git a/3.10.4/4420_grsecurity-2.9.1-3.10.4-201307311627.patch b/3.10.4/4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
30 |
similarity index 99% |
31 |
rename from 3.10.4/4420_grsecurity-2.9.1-3.10.4-201307311627.patch |
32 |
rename to 3.10.4/4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
33 |
index afbc771..589e333 100644 |
34 |
--- a/3.10.4/4420_grsecurity-2.9.1-3.10.4-201307311627.patch |
35 |
+++ b/3.10.4/4420_grsecurity-2.9.1-3.10.4-201308011855.patch |
36 |
@@ -17846,7 +17846,7 @@ index 155a13f..1672b9b 100644 |
37 |
|
38 |
.__cr3 = __pa_nodebug(swapper_pg_dir), |
39 |
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c |
40 |
-index deb6421..622e0ed 100644 |
41 |
+index deb6421..76bbc12 100644 |
42 |
--- a/arch/x86/kernel/dumpstack.c |
43 |
+++ b/arch/x86/kernel/dumpstack.c |
44 |
@@ -2,6 +2,9 @@ |
45 |
@@ -17951,6 +17951,15 @@ index deb6421..622e0ed 100644 |
46 |
} |
47 |
|
48 |
return (unsigned long)frame; |
49 |
+@@ -150,7 +149,7 @@ static int print_trace_stack(void *data, char *name) |
50 |
+ static void print_trace_address(void *data, unsigned long addr, int reliable) |
51 |
+ { |
52 |
+ touch_nmi_watchdog(); |
53 |
+- printk(data); |
54 |
++ printk("%s", (char *)data); |
55 |
+ printk_address(addr, reliable); |
56 |
+ } |
57 |
+ |
58 |
@@ -219,6 +218,8 @@ unsigned __kprobes long oops_begin(void) |
59 |
} |
60 |
EXPORT_SYMBOL_GPL(oops_begin); |
61 |
@@ -22596,6 +22605,19 @@ index 76fa1e9..abf09ea 100644 |
62 |
.power_off = native_machine_power_off, |
63 |
.shutdown = native_machine_shutdown, |
64 |
.emergency_restart = native_machine_emergency_restart, |
65 |
+diff --git a/arch/x86/kernel/reboot_fixups_32.c b/arch/x86/kernel/reboot_fixups_32.c |
66 |
+index c8e41e9..64049ef 100644 |
67 |
+--- a/arch/x86/kernel/reboot_fixups_32.c |
68 |
++++ b/arch/x86/kernel/reboot_fixups_32.c |
69 |
+@@ -57,7 +57,7 @@ struct device_fixup { |
70 |
+ unsigned int vendor; |
71 |
+ unsigned int device; |
72 |
+ void (*reboot_fixup)(struct pci_dev *); |
73 |
+-}; |
74 |
++} __do_const; |
75 |
+ |
76 |
+ /* |
77 |
+ * PCI ids solely used for fixups_table go here |
78 |
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S |
79 |
index f2bb9c9..bed145d7 100644 |
80 |
--- a/arch/x86/kernel/relocate_kernel_64.S |
81 |
@@ -25423,7 +25445,7 @@ index 25b7ae8..169fafc 100644 |
82 |
} |
83 |
EXPORT_SYMBOL(csum_partial_copy_to_user); |
84 |
diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S |
85 |
-index a451235..79fb5cf 100644 |
86 |
+index a451235..1daa956 100644 |
87 |
--- a/arch/x86/lib/getuser.S |
88 |
+++ b/arch/x86/lib/getuser.S |
89 |
@@ -33,17 +33,40 @@ |
90 |
@@ -25549,8 +25571,14 @@ index a451235..79fb5cf 100644 |
91 |
ret |
92 |
#else |
93 |
add $7,%_ASM_AX |
94 |
-@@ -102,6 +163,7 @@ ENTRY(__get_user_8) |
95 |
- 5: movl -3(%_ASM_AX),%ecx |
96 |
+@@ -98,10 +159,11 @@ ENTRY(__get_user_8) |
97 |
+ cmp TI_addr_limit(%_ASM_DX),%_ASM_AX |
98 |
+ jae bad_get_user_8 |
99 |
+ ASM_STAC |
100 |
+-4: movl -7(%_ASM_AX),%edx |
101 |
+-5: movl -3(%_ASM_AX),%ecx |
102 |
++4: __copyuser_seg movl -7(%_ASM_AX),%edx |
103 |
++5: __copyuser_seg movl -3(%_ASM_AX),%ecx |
104 |
xor %eax,%eax |
105 |
ASM_CLAC |
106 |
+ pax_force_retaddr |
107 |
@@ -40919,7 +40947,7 @@ index b37a582..680835d 100644 |
108 |
|
109 |
D_INFO("*** LOAD DRIVER ***\n"); |
110 |
diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c |
111 |
-index d532948..a1cb592 100644 |
112 |
+index d532948..e0d8bb1 100644 |
113 |
--- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c |
114 |
+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c |
115 |
@@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file, |
116 |
@@ -40958,6 +40986,21 @@ index d532948..a1cb592 100644 |
117 |
int value; |
118 |
|
119 |
memset(buf, 0, sizeof(buf)); |
120 |
+@@ -698,10 +698,10 @@ DEBUGFS_READ_FILE_OPS(temperature); |
121 |
+ DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override); |
122 |
+ DEBUGFS_READ_FILE_OPS(current_sleep_command); |
123 |
+ |
124 |
+-static const char *fmt_value = " %-30s %10u\n"; |
125 |
+-static const char *fmt_hex = " %-30s 0x%02X\n"; |
126 |
+-static const char *fmt_table = " %-30s %10u %10u %10u %10u\n"; |
127 |
+-static const char *fmt_header = |
128 |
++static const char fmt_value[] = " %-30s %10u\n"; |
129 |
++static const char fmt_hex[] = " %-30s 0x%02X\n"; |
130 |
++static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n"; |
131 |
++static const char fmt_header[] = |
132 |
+ "%-32s current cumulative delta max\n"; |
133 |
+ |
134 |
+ static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz) |
135 |
@@ -1871,7 +1871,7 @@ static ssize_t iwl_dbgfs_clear_ucode_statistics_write(struct file *file, |
136 |
{ |
137 |
struct iwl_priv *priv = file->private_data; |
138 |
@@ -45054,6 +45097,19 @@ index 95ec042..e6affdd 100644 |
139 |
|
140 |
return 0; |
141 |
} |
142 |
+diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c |
143 |
+index c74e7aa..e3c2790 100644 |
144 |
+--- a/drivers/video/backlight/backlight.c |
145 |
++++ b/drivers/video/backlight/backlight.c |
146 |
+@@ -304,7 +304,7 @@ struct backlight_device *backlight_device_register(const char *name, |
147 |
+ new_bd->dev.class = backlight_class; |
148 |
+ new_bd->dev.parent = parent; |
149 |
+ new_bd->dev.release = bl_device_release; |
150 |
+- dev_set_name(&new_bd->dev, name); |
151 |
++ dev_set_name(&new_bd->dev, "%s", name); |
152 |
+ dev_set_drvdata(&new_bd->dev, devdata); |
153 |
+ |
154 |
+ /* Set default properties */ |
155 |
diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c |
156 |
index bca6ccc..252107e 100644 |
157 |
--- a/drivers/video/backlight/kb3886_bl.c |
158 |
@@ -45067,6 +45123,19 @@ index bca6ccc..252107e 100644 |
159 |
{ |
160 |
.ident = "Sahara Touch-iT", |
161 |
.matches = { |
162 |
+diff --git a/drivers/video/backlight/lcd.c b/drivers/video/backlight/lcd.c |
163 |
+index 34fb6bd..3649fd9 100644 |
164 |
+--- a/drivers/video/backlight/lcd.c |
165 |
++++ b/drivers/video/backlight/lcd.c |
166 |
+@@ -219,7 +219,7 @@ struct lcd_device *lcd_device_register(const char *name, struct device *parent, |
167 |
+ new_ld->dev.class = lcd_class; |
168 |
+ new_ld->dev.parent = parent; |
169 |
+ new_ld->dev.release = lcd_device_release; |
170 |
+- dev_set_name(&new_ld->dev, name); |
171 |
++ dev_set_name(&new_ld->dev, "%s", name); |
172 |
+ dev_set_drvdata(&new_ld->dev, devdata); |
173 |
+ |
174 |
+ rc = device_register(&new_ld->dev); |
175 |
diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c |
176 |
index 900aa4e..6d49418 100644 |
177 |
--- a/drivers/video/fb_defio.c |
178 |
@@ -48614,7 +48683,7 @@ index bce8769..7fc7544 100644 |
179 |
fd_offset + ex.a_text); |
180 |
if (error != N_DATADDR(ex)) { |
181 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
182 |
-index f8a0b0e..8186af0 100644 |
183 |
+index f8a0b0e..989dbf2 100644 |
184 |
--- a/fs/binfmt_elf.c |
185 |
+++ b/fs/binfmt_elf.c |
186 |
@@ -34,6 +34,7 @@ |
187 |
@@ -49400,7 +49469,7 @@ index f8a0b0e..8186af0 100644 |
188 |
if (size > cprm->limit |
189 |
|| !dump_write(cprm->file, shdr4extnum, |
190 |
sizeof(*shdr4extnum))) |
191 |
-@@ -2231,6 +2683,97 @@ out: |
192 |
+@@ -2231,6 +2683,138 @@ out: |
193 |
|
194 |
#endif /* CONFIG_ELF_CORE */ |
195 |
|
196 |
@@ -49468,9 +49537,9 @@ index f8a0b0e..8186af0 100644 |
197 |
+ elf_dyn dyn; |
198 |
+ |
199 |
+ if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn))) |
200 |
-+ return; |
201 |
++ break; |
202 |
+ if (dyn.d_tag == DT_NULL) |
203 |
-+ return; |
204 |
++ break; |
205 |
+ if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) { |
206 |
+ gr_log_textrel(vma); |
207 |
+ if (is_textrel_rw) |
208 |
@@ -49478,18 +49547,59 @@ index f8a0b0e..8186af0 100644 |
209 |
+ else |
210 |
+ /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */ |
211 |
+ vma->vm_flags &= ~VM_MAYWRITE; |
212 |
-+ return; |
213 |
++ break; |
214 |
+ } |
215 |
+ i++; |
216 |
+ } |
217 |
-+ return; |
218 |
++ is_textrel_rw = false; |
219 |
++ is_textrel_rx = false; |
220 |
++ continue; |
221 |
+ |
222 |
+ case PT_GNU_RELRO: |
223 |
+ if (!is_relro) |
224 |
+ continue; |
225 |
+ if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start) |
226 |
+ vma->vm_flags &= ~VM_MAYWRITE; |
227 |
-+ return; |
228 |
++ is_relro = false; |
229 |
++ continue; |
230 |
++ |
231 |
++#ifdef CONFIG_PAX_PT_PAX_FLAGS |
232 |
++ case PT_PAX_FLAGS: { |
233 |
++ const char *msg_mprotect = "", *msg_emutramp = ""; |
234 |
++ char *buffer_lib, *buffer_exe; |
235 |
++ |
236 |
++ if (elf_p.p_flags & PF_NOMPROTECT) |
237 |
++ msg_mprotect = "MPROTECT disabled"; |
238 |
++ |
239 |
++#ifdef CONFIG_PAX_EMUTRAMP |
240 |
++ if (!(vma->vm_mm->pax_flags & MF_PAX_EMUTRAMP) && !(elf_p.p_flags & PF_NOEMUTRAMP)) |
241 |
++ msg_emutramp = "EMUTRAMP enabled"; |
242 |
++#endif |
243 |
++ |
244 |
++ if (!msg_mprotect[0] && !msg_emutramp[0]) |
245 |
++ continue; |
246 |
++ |
247 |
++ if (!printk_ratelimit()) |
248 |
++ continue; |
249 |
++ |
250 |
++ buffer_lib = (char *)__get_free_page(GFP_KERNEL); |
251 |
++ buffer_exe = (char *)__get_free_page(GFP_KERNEL); |
252 |
++ if (buffer_lib && buffer_exe) { |
253 |
++ char *path_lib, *path_exe; |
254 |
++ |
255 |
++ path_lib = pax_get_path(&vma->vm_file->f_path, buffer_lib, PAGE_SIZE); |
256 |
++ path_exe = pax_get_path(&vma->vm_mm->exe_file->f_path, buffer_exe, PAGE_SIZE); |
257 |
++ |
258 |
++ pr_info("PAX: %s wants %s%s%s on %s\n", path_lib, msg_mprotect, |
259 |
++ (msg_mprotect[0] && msg_emutramp[0] ? " and " : ""), msg_emutramp, path_exe); |
260 |
++ |
261 |
++ } |
262 |
++ free_page((unsigned long)buffer_exe); |
263 |
++ free_page((unsigned long)buffer_lib); |
264 |
++ continue; |
265 |
++ } |
266 |
++#endif |
267 |
++ |
268 |
+ } |
269 |
+ } |
270 |
+} |
271 |
@@ -50708,7 +50818,7 @@ index e4141f2..d8263e8 100644 |
272 |
i += packet_length_size; |
273 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
274 |
diff --git a/fs/exec.c b/fs/exec.c |
275 |
-index ffd7a81..f0afae1 100644 |
276 |
+index ffd7a81..97f4c7d 100644 |
277 |
--- a/fs/exec.c |
278 |
+++ b/fs/exec.c |
279 |
@@ -55,8 +55,20 @@ |
280 |
@@ -51190,7 +51300,7 @@ index ffd7a81..f0afae1 100644 |
281 |
out: |
282 |
if (bprm->mm) { |
283 |
acct_arg_size(bprm, 0); |
284 |
-@@ -1701,3 +1875,283 @@ asmlinkage long compat_sys_execve(const char __user * filename, |
285 |
+@@ -1701,3 +1875,281 @@ asmlinkage long compat_sys_execve(const char __user * filename, |
286 |
return error; |
287 |
} |
288 |
#endif |
289 |
@@ -51249,6 +51359,25 @@ index ffd7a81..f0afae1 100644 |
290 |
+EXPORT_SYMBOL(pax_check_flags); |
291 |
+ |
292 |
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) |
293 |
++char *pax_get_path(const struct path *path, char *buf, int buflen) |
294 |
++{ |
295 |
++ char *pathname = d_path(path, buf, buflen); |
296 |
++ |
297 |
++ if (IS_ERR(pathname)) |
298 |
++ goto toolong; |
299 |
++ |
300 |
++ pathname = mangle_path(buf, pathname, "\t\n\\"); |
301 |
++ if (!pathname) |
302 |
++ goto toolong; |
303 |
++ |
304 |
++ *pathname = 0; |
305 |
++ return buf; |
306 |
++ |
307 |
++toolong: |
308 |
++ return "<path too long>"; |
309 |
++} |
310 |
++EXPORT_SYMBOL(pax_get_path); |
311 |
++ |
312 |
+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp) |
313 |
+{ |
314 |
+ struct task_struct *tsk = current; |
315 |
@@ -51272,36 +51401,15 @@ index ffd7a81..f0afae1 100644 |
316 |
+ vma_fault = vma; |
317 |
+ vma = vma->vm_next; |
318 |
+ } |
319 |
-+ if (vma_exec) { |
320 |
-+ path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE); |
321 |
-+ if (IS_ERR(path_exec)) |
322 |
-+ path_exec = "<path too long>"; |
323 |
-+ else { |
324 |
-+ path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\"); |
325 |
-+ if (path_exec) { |
326 |
-+ *path_exec = 0; |
327 |
-+ path_exec = buffer_exec; |
328 |
-+ } else |
329 |
-+ path_exec = "<path too long>"; |
330 |
-+ } |
331 |
-+ } |
332 |
++ if (vma_exec) |
333 |
++ path_exec = pax_get_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE); |
334 |
+ if (vma_fault) { |
335 |
+ start = vma_fault->vm_start; |
336 |
+ end = vma_fault->vm_end; |
337 |
+ offset = vma_fault->vm_pgoff << PAGE_SHIFT; |
338 |
-+ if (vma_fault->vm_file) { |
339 |
-+ path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); |
340 |
-+ if (IS_ERR(path_fault)) |
341 |
-+ path_fault = "<path too long>"; |
342 |
-+ else { |
343 |
-+ path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\"); |
344 |
-+ if (path_fault) { |
345 |
-+ *path_fault = 0; |
346 |
-+ path_fault = buffer_fault; |
347 |
-+ } else |
348 |
-+ path_fault = "<path too long>"; |
349 |
-+ } |
350 |
-+ } else |
351 |
++ if (vma_fault->vm_file) |
352 |
++ path_fault = pax_get_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); |
353 |
++ else |
354 |
+ path_fault = "<anonymous mapping>"; |
355 |
+ } |
356 |
+ up_read(&mm->mmap_sem); |
357 |
@@ -58361,7 +58469,7 @@ index 0000000..36845aa |
358 |
+endif |
359 |
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c |
360 |
new file mode 100644 |
361 |
-index 0000000..29892a3 |
362 |
+index 0000000..6907918 |
363 |
--- /dev/null |
364 |
+++ b/grsecurity/gracl.c |
365 |
@@ -0,0 +1,4178 @@ |
366 |
@@ -58467,6 +58575,102 @@ index 0000000..29892a3 |
367 |
+extern void gr_remove_uid(uid_t uid); |
368 |
+extern int gr_find_uid(uid_t uid); |
369 |
+ |
370 |
++static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp) |
371 |
++{ |
372 |
++ if (copy_from_user(obj, userp, sizeof(struct acl_object_label))) |
373 |
++ return -EFAULT; |
374 |
++ |
375 |
++ return 0; |
376 |
++} |
377 |
++ |
378 |
++static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp) |
379 |
++{ |
380 |
++ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label))) |
381 |
++ return -EFAULT; |
382 |
++ |
383 |
++ return 0; |
384 |
++} |
385 |
++ |
386 |
++static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp) |
387 |
++{ |
388 |
++ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label))) |
389 |
++ return -EFAULT; |
390 |
++ |
391 |
++ return 0; |
392 |
++} |
393 |
++ |
394 |
++static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp) |
395 |
++{ |
396 |
++ if (copy_from_user(role, userp, sizeof(struct acl_role_label))) |
397 |
++ return -EFAULT; |
398 |
++ |
399 |
++ return 0; |
400 |
++} |
401 |
++ |
402 |
++static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) |
403 |
++{ |
404 |
++ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip))) |
405 |
++ return -EFAULT; |
406 |
++ |
407 |
++ return 0; |
408 |
++} |
409 |
++ |
410 |
++static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) |
411 |
++{ |
412 |
++ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw))) |
413 |
++ return -EFAULT; |
414 |
++ |
415 |
++ return 0; |
416 |
++} |
417 |
++ |
418 |
++static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) |
419 |
++{ |
420 |
++ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct))) |
421 |
++ return -EFAULT; |
422 |
++ |
423 |
++ return 0; |
424 |
++} |
425 |
++ |
426 |
++static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp) |
427 |
++{ |
428 |
++ if (copy_from_user(trans, userp, sizeof(struct role_transition))) |
429 |
++ return -EFAULT; |
430 |
++ |
431 |
++ return 0; |
432 |
++} |
433 |
++ |
434 |
++int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp) |
435 |
++{ |
436 |
++ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *))) |
437 |
++ return -EFAULT; |
438 |
++ |
439 |
++ return 0; |
440 |
++} |
441 |
++ |
442 |
++static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap) |
443 |
++{ |
444 |
++ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper))) |
445 |
++ return -EFAULT; |
446 |
++ |
447 |
++ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg))) |
448 |
++ return -EINVAL; |
449 |
++ |
450 |
++ return 0; |
451 |
++} |
452 |
++ |
453 |
++static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg) |
454 |
++{ |
455 |
++ if (copy_from_user(arg, buf, sizeof (struct gr_arg))) |
456 |
++ return -EFAULT; |
457 |
++ |
458 |
++ return 0; |
459 |
++} |
460 |
++ |
461 |
++static size_t get_gr_arg_wrapper_size_normal(void) |
462 |
++{ |
463 |
++ return sizeof(struct gr_arg_wrapper); |
464 |
++} |
465 |
++ |
466 |
+#ifdef CONFIG_COMPAT |
467 |
+extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap); |
468 |
+extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg); |
469 |
@@ -58497,6 +58701,7 @@ index 0000000..29892a3 |
470 |
+#else |
471 |
+#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal |
472 |
+#define copy_gr_arg copy_gr_arg_normal |
473 |
++#define copy_gr_hash_struct copy_gr_hash_struct_normal |
474 |
+#define copy_acl_object_label copy_acl_object_label_normal |
475 |
+#define copy_acl_subject_label copy_acl_subject_label_normal |
476 |
+#define copy_acl_role_label copy_acl_role_label_normal |
477 |
@@ -61514,102 +61719,6 @@ index 0000000..29892a3 |
478 |
+ return 0; |
479 |
+} |
480 |
+ |
481 |
-+static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp) |
482 |
-+{ |
483 |
-+ if (copy_from_user(obj, userp, sizeof(struct acl_object_label))) |
484 |
-+ return -EFAULT; |
485 |
-+ |
486 |
-+ return 0; |
487 |
-+} |
488 |
-+ |
489 |
-+static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp) |
490 |
-+{ |
491 |
-+ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label))) |
492 |
-+ return -EFAULT; |
493 |
-+ |
494 |
-+ return 0; |
495 |
-+} |
496 |
-+ |
497 |
-+static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp) |
498 |
-+{ |
499 |
-+ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label))) |
500 |
-+ return -EFAULT; |
501 |
-+ |
502 |
-+ return 0; |
503 |
-+} |
504 |
-+ |
505 |
-+static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp) |
506 |
-+{ |
507 |
-+ if (copy_from_user(role, userp, sizeof(struct acl_role_label))) |
508 |
-+ return -EFAULT; |
509 |
-+ |
510 |
-+ return 0; |
511 |
-+} |
512 |
-+ |
513 |
-+static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) |
514 |
-+{ |
515 |
-+ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip))) |
516 |
-+ return -EFAULT; |
517 |
-+ |
518 |
-+ return 0; |
519 |
-+} |
520 |
-+ |
521 |
-+static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) |
522 |
-+{ |
523 |
-+ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw))) |
524 |
-+ return -EFAULT; |
525 |
-+ |
526 |
-+ return 0; |
527 |
-+} |
528 |
-+ |
529 |
-+static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) |
530 |
-+{ |
531 |
-+ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct))) |
532 |
-+ return -EFAULT; |
533 |
-+ |
534 |
-+ return 0; |
535 |
-+} |
536 |
-+ |
537 |
-+static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp) |
538 |
-+{ |
539 |
-+ if (copy_from_user(trans, userp, sizeof(struct role_transition))) |
540 |
-+ return -EFAULT; |
541 |
-+ |
542 |
-+ return 0; |
543 |
-+} |
544 |
-+ |
545 |
-+int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp) |
546 |
-+{ |
547 |
-+ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *))) |
548 |
-+ return -EFAULT; |
549 |
-+ |
550 |
-+ return 0; |
551 |
-+} |
552 |
-+ |
553 |
-+static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap) |
554 |
-+{ |
555 |
-+ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper))) |
556 |
-+ return -EFAULT; |
557 |
-+ |
558 |
-+ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg))) |
559 |
-+ return -EINVAL; |
560 |
-+ |
561 |
-+ return 0; |
562 |
-+} |
563 |
-+ |
564 |
-+static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg) |
565 |
-+{ |
566 |
-+ if (copy_from_user(arg, buf, sizeof (struct gr_arg))) |
567 |
-+ return -EFAULT; |
568 |
-+ |
569 |
-+ return 0; |
570 |
-+} |
571 |
-+ |
572 |
-+static size_t get_gr_arg_wrapper_size_normal(void) |
573 |
-+{ |
574 |
-+ return sizeof(struct gr_arg_wrapper); |
575 |
-+} |
576 |
-+ |
577 |
+ssize_t |
578 |
+write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos) |
579 |
+{ |
580 |
@@ -61618,7 +61727,6 @@ index 0000000..29892a3 |
581 |
+ unsigned char *sprole_sum = NULL; |
582 |
+ int error = 0; |
583 |
+ int error2 = 0; |
584 |
-+ int compat = is_compat_task(); |
585 |
+ size_t req_count; |
586 |
+ |
587 |
+ mutex_lock(&gr_dev_mutex); |
588 |
@@ -61630,7 +61738,7 @@ index 0000000..29892a3 |
589 |
+ |
590 |
+#ifdef CONFIG_COMPAT |
591 |
+ pax_open_kernel(); |
592 |
-+ if (compat) { |
593 |
++ if (is_compat_task()) { |
594 |
+ copy_gr_arg_wrapper = ©_gr_arg_wrapper_compat; |
595 |
+ copy_gr_arg = ©_gr_arg_compat; |
596 |
+ copy_acl_object_label = ©_acl_object_label_compat; |
597 |
@@ -72189,7 +72297,7 @@ index 6dacb93..6174423 100644 |
598 |
static inline void anon_vma_merge(struct vm_area_struct *vma, |
599 |
struct vm_area_struct *next) |
600 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
601 |
-index 178a8d9..52e71a3 100644 |
602 |
+index 178a8d9..450bf11 100644 |
603 |
--- a/include/linux/sched.h |
604 |
+++ b/include/linux/sched.h |
605 |
@@ -62,6 +62,7 @@ struct bio_list; |
606 |
@@ -72318,7 +72426,7 @@ index 178a8d9..52e71a3 100644 |
607 |
#ifdef CONFIG_FUTEX |
608 |
struct robust_list_head __user *robust_list; |
609 |
#ifdef CONFIG_COMPAT |
610 |
-@@ -1416,8 +1456,74 @@ struct task_struct { |
611 |
+@@ -1416,8 +1456,76 @@ struct task_struct { |
612 |
unsigned int sequential_io; |
613 |
unsigned int sequential_io_avg; |
614 |
#endif |
615 |
@@ -72386,6 +72494,8 @@ index 178a8d9..52e71a3 100644 |
616 |
+extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); |
617 |
+#endif |
618 |
+ |
619 |
++struct path; |
620 |
++extern char *pax_get_path(const struct path *path, char *buf, int buflen); |
621 |
+extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); |
622 |
+extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp); |
623 |
+extern void pax_report_refcount_overflow(struct pt_regs *regs); |
624 |
@@ -72393,7 +72503,7 @@ index 178a8d9..52e71a3 100644 |
625 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
626 |
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) |
627 |
|
628 |
-@@ -1476,7 +1582,7 @@ struct pid_namespace; |
629 |
+@@ -1476,7 +1584,7 @@ struct pid_namespace; |
630 |
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, |
631 |
struct pid_namespace *ns); |
632 |
|
633 |
@@ -72402,7 +72512,7 @@ index 178a8d9..52e71a3 100644 |
634 |
{ |
635 |
return tsk->pid; |
636 |
} |
637 |
-@@ -1919,7 +2025,9 @@ void yield(void); |
638 |
+@@ -1919,7 +2027,9 @@ void yield(void); |
639 |
extern struct exec_domain default_exec_domain; |
640 |
|
641 |
union thread_union { |
642 |
@@ -72412,7 +72522,7 @@ index 178a8d9..52e71a3 100644 |
643 |
unsigned long stack[THREAD_SIZE/sizeof(long)]; |
644 |
}; |
645 |
|
646 |
-@@ -1952,6 +2060,7 @@ extern struct pid_namespace init_pid_ns; |
647 |
+@@ -1952,6 +2062,7 @@ extern struct pid_namespace init_pid_ns; |
648 |
*/ |
649 |
|
650 |
extern struct task_struct *find_task_by_vpid(pid_t nr); |
651 |
@@ -72420,7 +72530,7 @@ index 178a8d9..52e71a3 100644 |
652 |
extern struct task_struct *find_task_by_pid_ns(pid_t nr, |
653 |
struct pid_namespace *ns); |
654 |
|
655 |
-@@ -2118,7 +2227,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
656 |
+@@ -2118,7 +2229,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
657 |
extern void exit_itimers(struct signal_struct *); |
658 |
extern void flush_itimer_signals(void); |
659 |
|
660 |
@@ -72429,7 +72539,7 @@ index 178a8d9..52e71a3 100644 |
661 |
|
662 |
extern int allow_signal(int); |
663 |
extern int disallow_signal(int); |
664 |
-@@ -2309,9 +2418,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
665 |
+@@ -2309,9 +2420,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
666 |
|
667 |
#endif |