| 1 |
commit: 38964b55adf113b8b1ccdf56092263b4ef9a7578 |
| 2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Nov 24 09:05:09 2015 +0000 |
| 4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Nov 24 09:05:09 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=38964b55 |
| 7 |
|
| 8 |
grsecurity-3.1-4.2.6-201511232037 |
| 9 |
|
| 10 |
4.2.6/0000_README | 2 +- |
| 11 |
...> 4420_grsecurity-3.1-4.2.6-201511232037.patch} | 175 ++++++++++++++++++--- |
| 12 |
2 files changed, 150 insertions(+), 27 deletions(-) |
| 13 |
|
| 14 |
diff --git a/4.2.6/0000_README b/4.2.6/0000_README |
| 15 |
index 454ccd7..91bcf5d 100644 |
| 16 |
--- a/4.2.6/0000_README |
| 17 |
+++ b/4.2.6/0000_README |
| 18 |
@@ -2,7 +2,7 @@ README |
| 19 |
----------------------------------------------------------------------------- |
| 20 |
Individual Patch Descriptions: |
| 21 |
----------------------------------------------------------------------------- |
| 22 |
-Patch: 4420_grsecurity-3.1-4.2.6-201511211841.patch |
| 23 |
+Patch: 4420_grsecurity-3.1-4.2.6-201511232037.patch |
| 24 |
From: http://www.grsecurity.net |
| 25 |
Desc: hardened-sources base patch from upstream grsecurity |
| 26 |
|
| 27 |
|
| 28 |
diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch |
| 29 |
similarity index 99% |
| 30 |
rename from 4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch |
| 31 |
rename to 4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch |
| 32 |
index 30663c2..32f511d 100644 |
| 33 |
--- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch |
| 34 |
+++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch |
| 35 |
@@ -23775,7 +23775,7 @@ index 04f0fe5..3c0598c 100644 |
| 36 |
|
| 37 |
/* |
| 38 |
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
| 39 |
-index cb9e5df..0d25636 100644 |
| 40 |
+index cb9e5df..0849dd8 100644 |
| 41 |
--- a/arch/x86/kernel/cpu/common.c |
| 42 |
+++ b/arch/x86/kernel/cpu/common.c |
| 43 |
@@ -91,60 +91,6 @@ static const struct cpu_dev default_cpu = { |
| 44 |
@@ -23839,7 +23839,19 @@ index cb9e5df..0d25636 100644 |
| 45 |
static int __init x86_mpx_setup(char *s) |
| 46 |
{ |
| 47 |
/* require an exact match without trailing characters */ |
| 48 |
-@@ -287,6 +233,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
| 49 |
+@@ -272,10 +218,9 @@ __setup("nosmap", setup_disable_smap); |
| 50 |
+ |
| 51 |
+ static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
| 52 |
+ { |
| 53 |
+- unsigned long eflags; |
| 54 |
++ unsigned long eflags = native_save_fl(); |
| 55 |
+ |
| 56 |
+ /* This should have been cleared long ago */ |
| 57 |
+- raw_local_save_flags(eflags); |
| 58 |
+ BUG_ON(eflags & X86_EFLAGS_AC); |
| 59 |
+ |
| 60 |
+ if (cpu_has(c, X86_FEATURE_SMAP)) { |
| 61 |
+@@ -287,6 +232,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
| 62 |
} |
| 63 |
} |
| 64 |
|
| 65 |
@@ -23949,7 +23961,7 @@ index cb9e5df..0d25636 100644 |
| 66 |
/* |
| 67 |
* Some CPU features depend on higher CPUID levels, which may not always |
| 68 |
* be available due to CPUID level capping or broken virtualization |
| 69 |
-@@ -387,7 +436,7 @@ void switch_to_new_gdt(int cpu) |
| 70 |
+@@ -387,7 +435,7 @@ void switch_to_new_gdt(int cpu) |
| 71 |
{ |
| 72 |
struct desc_ptr gdt_descr; |
| 73 |
|
| 74 |
@@ -23958,7 +23970,7 @@ index cb9e5df..0d25636 100644 |
| 75 |
gdt_descr.size = GDT_SIZE - 1; |
| 76 |
load_gdt(&gdt_descr); |
| 77 |
/* Reload the per-cpu base */ |
| 78 |
-@@ -918,6 +967,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) |
| 79 |
+@@ -918,6 +966,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) |
| 80 |
setup_smep(c); |
| 81 |
setup_smap(c); |
| 82 |
|
| 83 |
@@ -23979,7 +23991,7 @@ index cb9e5df..0d25636 100644 |
| 84 |
/* |
| 85 |
* The vendor-specific functions might have changed features. |
| 86 |
* Now we do "generic changes." |
| 87 |
-@@ -992,7 +1055,7 @@ void enable_sep_cpu(void) |
| 88 |
+@@ -992,7 +1054,7 @@ void enable_sep_cpu(void) |
| 89 |
int cpu; |
| 90 |
|
| 91 |
cpu = get_cpu(); |
| 92 |
@@ -23988,7 +24000,7 @@ index cb9e5df..0d25636 100644 |
| 93 |
|
| 94 |
if (!boot_cpu_has(X86_FEATURE_SEP)) |
| 95 |
goto out; |
| 96 |
-@@ -1138,10 +1201,12 @@ static __init int setup_disablecpuid(char *arg) |
| 97 |
+@@ -1138,10 +1200,12 @@ static __init int setup_disablecpuid(char *arg) |
| 98 |
} |
| 99 |
__setup("clearcpuid=", setup_disablecpuid); |
| 100 |
|
| 101 |
@@ -24004,7 +24016,7 @@ index cb9e5df..0d25636 100644 |
| 102 |
|
| 103 |
DEFINE_PER_CPU_FIRST(union irq_stack_union, |
| 104 |
irq_stack_union) __aligned(PAGE_SIZE) __visible; |
| 105 |
-@@ -1253,21 +1318,21 @@ EXPORT_PER_CPU_SYMBOL(current_task); |
| 106 |
+@@ -1253,21 +1317,21 @@ EXPORT_PER_CPU_SYMBOL(current_task); |
| 107 |
DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT; |
| 108 |
EXPORT_PER_CPU_SYMBOL(__preempt_count); |
| 109 |
|
| 110 |
@@ -24033,7 +24045,7 @@ index cb9e5df..0d25636 100644 |
| 111 |
/* |
| 112 |
* Clear all 6 debug registers: |
| 113 |
*/ |
| 114 |
-@@ -1343,7 +1408,7 @@ void cpu_init(void) |
| 115 |
+@@ -1343,7 +1407,7 @@ void cpu_init(void) |
| 116 |
*/ |
| 117 |
load_ucode_ap(); |
| 118 |
|
| 119 |
@@ -24042,7 +24054,7 @@ index cb9e5df..0d25636 100644 |
| 120 |
oist = &per_cpu(orig_ist, cpu); |
| 121 |
|
| 122 |
#ifdef CONFIG_NUMA |
| 123 |
-@@ -1375,7 +1440,6 @@ void cpu_init(void) |
| 124 |
+@@ -1375,7 +1439,6 @@ void cpu_init(void) |
| 125 |
wrmsrl(MSR_KERNEL_GS_BASE, 0); |
| 126 |
barrier(); |
| 127 |
|
| 128 |
@@ -24050,7 +24062,7 @@ index cb9e5df..0d25636 100644 |
| 129 |
x2apic_setup(); |
| 130 |
|
| 131 |
/* |
| 132 |
-@@ -1427,7 +1491,7 @@ void cpu_init(void) |
| 133 |
+@@ -1427,7 +1490,7 @@ void cpu_init(void) |
| 134 |
{ |
| 135 |
int cpu = smp_processor_id(); |
| 136 |
struct task_struct *curr = current; |
| 137 |
@@ -25391,7 +25403,7 @@ index dc60810..6c8a1fa 100644 |
| 138 |
} |
| 139 |
|
| 140 |
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c |
| 141 |
-index 50ec9af..bb871ca 100644 |
| 142 |
+index 50ec9af..32d7f10 100644 |
| 143 |
--- a/arch/x86/kernel/fpu/signal.c |
| 144 |
+++ b/arch/x86/kernel/fpu/signal.c |
| 145 |
@@ -54,7 +54,7 @@ static inline int check_for_xstate(struct fxregs_state __user *buf, |
| 146 |
@@ -25480,8 +25492,34 @@ index 50ec9af..bb871ca 100644 |
| 147 |
err = -1; |
| 148 |
} else { |
| 149 |
sanitize_restored_xstate(tsk, &env, xfeatures, fx_only); |
| 150 |
+@@ -385,20 +387,19 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame, |
| 151 |
+ */ |
| 152 |
+ void fpu__init_prepare_fx_sw_frame(void) |
| 153 |
+ { |
| 154 |
+- int fsave_header_size = sizeof(struct fregs_state); |
| 155 |
+ int size = xstate_size + FP_XSTATE_MAGIC2_SIZE; |
| 156 |
+ |
| 157 |
+- if (config_enabled(CONFIG_X86_32)) |
| 158 |
+- size += fsave_header_size; |
| 159 |
+- |
| 160 |
+ fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1; |
| 161 |
+ fx_sw_reserved.extended_size = size; |
| 162 |
+ fx_sw_reserved.xfeatures = xfeatures_mask; |
| 163 |
+ fx_sw_reserved.xstate_size = xstate_size; |
| 164 |
+ |
| 165 |
+- if (config_enabled(CONFIG_IA32_EMULATION)) { |
| 166 |
++ if (config_enabled(CONFIG_IA32_EMULATION) || |
| 167 |
++ config_enabled(CONFIG_X86_32)) { |
| 168 |
++ int fsave_header_size = sizeof(struct fregs_state); |
| 169 |
++ |
| 170 |
+ fx_sw_reserved_ia32 = fx_sw_reserved; |
| 171 |
+- fx_sw_reserved_ia32.extended_size += fsave_header_size; |
| 172 |
++ fx_sw_reserved_ia32.extended_size = size + fsave_header_size; |
| 173 |
+ } |
| 174 |
+ } |
| 175 |
+ |
| 176 |
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c |
| 177 |
-index 62fc001..5ce38be 100644 |
| 178 |
+index 62fc001..099cbd7 100644 |
| 179 |
--- a/arch/x86/kernel/fpu/xstate.c |
| 180 |
+++ b/arch/x86/kernel/fpu/xstate.c |
| 181 |
@@ -93,14 +93,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures); |
| 182 |
@@ -25501,16 +25539,15 @@ index 62fc001..5ce38be 100644 |
| 183 |
|
| 184 |
/* |
| 185 |
* None of the feature bits are in init state. So nothing else |
| 186 |
-@@ -402,7 +402,7 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature) |
| 187 |
+@@ -402,7 +402,6 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature) |
| 188 |
if (!boot_cpu_has(X86_FEATURE_XSAVE)) |
| 189 |
return NULL; |
| 190 |
|
| 191 |
- xsave = ¤t->thread.fpu.state.xsave; |
| 192 |
-+ xsave = ¤t->thread.fpu.state->xsave; |
| 193 |
/* |
| 194 |
* We should not ever be requesting features that we |
| 195 |
* have not enabled. Remember that pcntxt_mask is |
| 196 |
-@@ -457,5 +457,5 @@ const void *get_xsave_field_ptr(int xsave_state) |
| 197 |
+@@ -457,5 +456,5 @@ const void *get_xsave_field_ptr(int xsave_state) |
| 198 |
*/ |
| 199 |
fpu__save(fpu); |
| 200 |
|
| 201 |
@@ -34900,6 +34937,78 @@ index 0057a7acc..95c7edd 100644 |
| 202 |
{ |
| 203 |
might_sleep(); |
| 204 |
if (is_enabled()) /* recheck and proper locking in *_core() */ |
| 205 |
+diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c |
| 206 |
+index db1b0bc..c28f618 100644 |
| 207 |
+--- a/arch/x86/mm/mpx.c |
| 208 |
++++ b/arch/x86/mm/mpx.c |
| 209 |
+@@ -622,6 +622,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm, |
| 210 |
+ } |
| 211 |
+ |
| 212 |
+ /* |
| 213 |
++ * We only want to do a 4-byte get_user() on 32-bit. Otherwise, |
| 214 |
++ * we might run off the end of the bounds table if we are on |
| 215 |
++ * a 64-bit kernel and try to get 8 bytes. |
| 216 |
++ */ |
| 217 |
++int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret, |
| 218 |
++ long __user *bd_entry_ptr) |
| 219 |
++{ |
| 220 |
++ u32 bd_entry_32; |
| 221 |
++ int ret; |
| 222 |
++ |
| 223 |
++ if (is_64bit_mm(mm)) |
| 224 |
++ return get_user(*bd_entry_ret, bd_entry_ptr); |
| 225 |
++ |
| 226 |
++ /* |
| 227 |
++ * Note that get_user() uses the type of the *pointer* to |
| 228 |
++ * establish the size of the get, not the destination. |
| 229 |
++ */ |
| 230 |
++ ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr); |
| 231 |
++ *bd_entry_ret = bd_entry_32; |
| 232 |
++ return ret; |
| 233 |
++} |
| 234 |
++ |
| 235 |
++/* |
| 236 |
+ * Get the base of bounds tables pointed by specific bounds |
| 237 |
+ * directory entry. |
| 238 |
+ */ |
| 239 |
+@@ -641,7 +664,7 @@ static int get_bt_addr(struct mm_struct *mm, |
| 240 |
+ int need_write = 0; |
| 241 |
+ |
| 242 |
+ pagefault_disable(); |
| 243 |
+- ret = get_user(bd_entry, bd_entry_ptr); |
| 244 |
++ ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr); |
| 245 |
+ pagefault_enable(); |
| 246 |
+ if (!ret) |
| 247 |
+ break; |
| 248 |
+@@ -736,11 +759,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm, |
| 249 |
+ */ |
| 250 |
+ static inline unsigned long bd_entry_virt_space(struct mm_struct *mm) |
| 251 |
+ { |
| 252 |
+- unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits); |
| 253 |
+- if (is_64bit_mm(mm)) |
| 254 |
+- return virt_space / MPX_BD_NR_ENTRIES_64; |
| 255 |
+- else |
| 256 |
+- return virt_space / MPX_BD_NR_ENTRIES_32; |
| 257 |
++ unsigned long long virt_space; |
| 258 |
++ unsigned long long GB = (1ULL << 30); |
| 259 |
++ |
| 260 |
++ /* |
| 261 |
++ * This covers 32-bit emulation as well as 32-bit kernels |
| 262 |
++ * running on 64-bit harware. |
| 263 |
++ */ |
| 264 |
++ if (!is_64bit_mm(mm)) |
| 265 |
++ return (4ULL * GB) / MPX_BD_NR_ENTRIES_32; |
| 266 |
++ |
| 267 |
++ /* |
| 268 |
++ * 'x86_virt_bits' returns what the hardware is capable |
| 269 |
++ * of, and returns the full >32-bit adddress space when |
| 270 |
++ * running 32-bit kernels on 64-bit hardware. |
| 271 |
++ */ |
| 272 |
++ virt_space = (1ULL << boot_cpu_data.x86_virt_bits); |
| 273 |
++ return virt_space / MPX_BD_NR_ENTRIES_64; |
| 274 |
+ } |
| 275 |
+ |
| 276 |
+ /* |
| 277 |
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c |
| 278 |
index 4053bb5..b1ad3dc 100644 |
| 279 |
--- a/arch/x86/mm/numa.c |
| 280 |
@@ -52060,10 +52169,10 @@ index dab2513..4c4b65d 100644 |
| 281 |
return msecs_to_jiffies((s->poll_timeout[2] << 16) |
| 282 |
| (s->poll_timeout[1] << 8) |
| 283 |
diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c |
| 284 |
-index e508c65..fb0dbae 100644 |
| 285 |
+index e508c65..3fd90eb 100644 |
| 286 |
--- a/drivers/net/wireless/ath/ath10k/ce.c |
| 287 |
+++ b/drivers/net/wireless/ath/ath10k/ce.c |
| 288 |
-@@ -896,7 +896,7 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar, |
| 289 |
+@@ -896,12 +896,12 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar, |
| 290 |
return 0; |
| 291 |
} |
| 292 |
|
| 293 |
@@ -52072,6 +52181,21 @@ index e508c65..fb0dbae 100644 |
| 294 |
ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id, |
| 295 |
const struct ce_attr *attr) |
| 296 |
{ |
| 297 |
+ struct ath10k_ce_ring *src_ring; |
| 298 |
+- u32 nentries = attr->src_nentries; |
| 299 |
++ unsigned long nentries = attr->src_nentries; |
| 300 |
+ dma_addr_t base_addr; |
| 301 |
+ |
| 302 |
+ nentries = roundup_pow_of_two(nentries); |
| 303 |
+@@ -968,7 +968,7 @@ ath10k_ce_alloc_dest_ring(struct ath10k *ar, unsigned int ce_id, |
| 304 |
+ const struct ce_attr *attr) |
| 305 |
+ { |
| 306 |
+ struct ath10k_ce_ring *dest_ring; |
| 307 |
+- u32 nentries; |
| 308 |
++ unsigned long nentries; |
| 309 |
+ dma_addr_t base_addr; |
| 310 |
+ |
| 311 |
+ nentries = roundup_pow_of_two(attr->dest_nentries); |
| 312 |
diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c |
| 313 |
index 32d9ff1..0952b33 100644 |
| 314 |
--- a/drivers/net/wireless/ath/ath10k/htc.c |
| 315 |
@@ -129238,10 +129362,10 @@ index 0000000..b884a56 |
| 316 |
+} |
| 317 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
| 318 |
new file mode 100644 |
| 319 |
-index 0000000..5f73f93 |
| 320 |
+index 0000000..2ec0551 |
| 321 |
--- /dev/null |
| 322 |
+++ b/tools/gcc/gcc-common.h |
| 323 |
-@@ -0,0 +1,813 @@ |
| 324 |
+@@ -0,0 +1,812 @@ |
| 325 |
+#ifndef GCC_COMMON_H_INCLUDED |
| 326 |
+#define GCC_COMMON_H_INCLUDED |
| 327 |
+ |
| 328 |
@@ -129848,12 +129972,7 @@ index 0000000..5f73f93 |
| 329 |
+#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias |
| 330 |
+#endif |
| 331 |
+ |
| 332 |
-+#if BUILDING_GCC_VERSION < 6000 |
| 333 |
-+#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) |
| 334 |
-+#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) |
| 335 |
-+#endif |
| 336 |
-+ |
| 337 |
-+#if BUILDING_GCC_VERSION == 5000 |
| 338 |
++#if BUILDING_GCC_VERSION >= 5000 && BUILDING_GCC_VERSION < 6000 |
| 339 |
+// gimple related |
| 340 |
+template <> |
| 341 |
+template <> |
| 342 |
@@ -129965,7 +130084,6 @@ index 0000000..5f73f93 |
| 343 |
+ symtab->remove_cgraph_duplication_hook(entry); |
| 344 |
+} |
| 345 |
+ |
| 346 |
-+ |
| 347 |
+#if BUILDING_GCC_VERSION >= 6000 |
| 348 |
+typedef gimple *gimple_ptr; |
| 349 |
+typedef const gimple *const_gimple; |
| 350 |
@@ -130050,6 +130168,11 @@ index 0000000..5f73f93 |
| 351 |
+} |
| 352 |
+#endif |
| 353 |
+ |
| 354 |
++#if BUILDING_GCC_VERSION < 6000 |
| 355 |
++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) |
| 356 |
++#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) |
| 357 |
++#endif |
| 358 |
++ |
| 359 |
+#if BUILDING_GCC_VERSION >= 6000 |
| 360 |
+#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET((ARG0), (ARG1)) |
| 361 |
+#endif |
Archives