* [gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/, 3.2.69/, 3.14.45/
@ 2015-06-27 20:57 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2015-06-27 20:57 UTC (permalink / raw
To: gentoo-commits
commit: 64f3a8be94f41fda576330ff3523e035c3c0ebbd
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 27 20:59:02 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jun 27 20:59:02 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=64f3a8be
Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-201506262047
3.14.45/0000_README | 2 +-
...4420_grsecurity-3.1-3.14.45-201506262046.patch} | 222 +++++++++++++++------
3.14.45/4435_grsec-mute-warnings.patch | 9 +-
3.2.69/0000_README | 2 +-
... 4420_grsecurity-3.1-3.2.69-201506262041.patch} | 138 +++++++++++--
4.0.6/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.0.6-201506262047.patch} | 85 +++++++-
7 files changed, 366 insertions(+), 94 deletions(-)
diff --git a/3.14.45/0000_README b/3.14.45/0000_README
index 53a1411..b4be2cb 100644
--- a/3.14.45/0000_README
+++ b/3.14.45/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-3.14.45-201506232103.patch
+Patch: 4420_grsecurity-3.1-3.14.45-201506262046.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch
similarity index 99%
rename from 3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch
rename to 3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch
index fe15fa1..47c91dd 100644
--- a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch
+++ b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch
@@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index c92186c..a387fb0 100644
+index c92186c..34822ca 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -304,7 +304,7 @@ index c92186c..a387fb0 100644
HOSTCXX = g++
-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu89
-HOSTCXXFLAGS = -O2
-+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89
++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks
+HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
+HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds
@@ -3947,7 +3947,7 @@ index 4370933..e77848e 100644
atomic64_set(&mm->context.id, asid);
}
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index eb8830a..e8ff52e 100644
+index eb8830a..e39c4bd 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,7 @@
@@ -3965,10 +3965,10 @@ index eb8830a..e8ff52e 100644
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if (addr < TASK_SIZE) {
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
+ }
+#endif
@@ -3979,10 +3979,10 @@ index eb8830a..e8ff52e 100644
+ (MODULES_VADDR <= addr && addr < MODULES_END)))
+ {
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ }
+#endif
@@ -4045,10 +4045,10 @@ index eb8830a..e8ff52e 100644
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ if (addr < TASK_SIZE && is_domain_fault(fsr)) {
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr);
+ goto die;
+ }
@@ -4128,11 +4128,11 @@ index eb8830a..e8ff52e 100644
+#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
+ else if (is_domain_fault(ifsr) || is_xn_fault(ifsr)) {
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
+ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
+ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
+ goto die;
@@ -9450,10 +9450,23 @@ index dd14532..1dfc145 100644
- return (ret > base) ? ret : base;
-}
diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index 9b436c2..54fbf0a 100644
+index 9b436c2..5c64ae8 100644
--- a/arch/s390/mm/mmap.c
+++ b/arch/s390/mm/mmap.c
-@@ -95,9 +95,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -58,6 +58,12 @@ static inline int mmap_is_legacy(void)
+
+ static unsigned long mmap_rnd(void)
+ {
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++ return 0;
++#endif
++
+ if (!(current->flags & PF_RANDOMIZE))
+ return 0;
+ /* 8MB randomization for mmap_base */
+@@ -95,9 +101,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = mmap_base_legacy();
@@ -9475,7 +9488,7 @@ index 9b436c2..54fbf0a 100644
mm->get_unmapped_area = arch_get_unmapped_area_topdown;
}
}
-@@ -170,9 +182,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -170,9 +188,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = mmap_base_legacy();
@@ -31970,7 +31983,7 @@ index 903ec1e..c4166b2 100644
}
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index ebc551c..b8ee77e 100644
+index ebc551c..40d1269 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -14,11 +14,18 @@
@@ -32180,11 +32193,11 @@ index ebc551c..b8ee77e 100644
+#ifdef CONFIG_PAX_KERNEXEC
+ if (init_mm.start_code <= address && address < init_mm.end_code) {
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ }
+#endif
@@ -32350,13 +32363,13 @@ index ebc551c..b8ee77e 100644
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
+ if (!user_mode(regs) && address < 2 * pax_user_shadow_base) {
+ if (!search_exception_tables(regs->ip)) {
-+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
++ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
+ bad_area_nosemaphore(regs, error_code, address);
+ return;
+ }
+ if (address < pax_user_shadow_base) {
-+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
-+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip);
++ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
++ printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip);
+ show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR);
+ } else
+ address -= pax_user_shadow_base;
@@ -52343,7 +52356,7 @@ index c21adc3..1b4155f 100644
ddb_entry->default_relogin_timeout =
(def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ?
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
-index d8afec8..3ec7152 100644
+index d8afec8..fffafb8 100644
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -658,7 +658,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
@@ -52355,6 +52368,15 @@ index d8afec8..3ec7152 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
+@@ -804,7 +804,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd)
+
+ good_bytes = scsi_bufflen(cmd);
+ if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) {
+- int old_good_bytes = good_bytes;
++ unsigned int old_good_bytes = good_bytes;
+ drv = scsi_cmd_to_driver(cmd);
+ if (drv->done)
+ good_bytes = drv->done(cmd);
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 719bd82..c996ebc 100644
--- a/drivers/scsi/scsi_lib.c
@@ -52509,9 +52531,27 @@ index e3e794e..f72f20c 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index a107064..a14c333 100644
+index a107064..30775cf 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
+@@ -109,7 +109,7 @@ static int sd_suspend_system(struct device *);
+ static int sd_suspend_runtime(struct device *);
+ static int sd_resume(struct device *);
+ static void sd_rescan(struct device *);
+-static int sd_done(struct scsi_cmnd *);
++static unsigned int sd_done(struct scsi_cmnd *);
+ static int sd_eh_action(struct scsi_cmnd *, int);
+ static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer);
+ static void scsi_disk_release(struct device *cdev);
+@@ -1645,7 +1645,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd)
+ *
+ * Note: potentially run from within an ISR. Must not block.
+ **/
+-static int sd_done(struct scsi_cmnd *SCpnt)
++static unsigned int sd_done(struct scsi_cmnd *SCpnt)
+ {
+ int result = SCpnt->result;
+ unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt);
@@ -2958,7 +2958,7 @@ static int sd_probe(struct device *dev)
sdkp->disk = gd;
sdkp->index = index;
@@ -52534,6 +52574,34 @@ index eb81c98..e6716ae 100644
case BLKTRACESTART:
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
+index 40d8592..8e89146 100644
+--- a/drivers/scsi/sr.c
++++ b/drivers/scsi/sr.c
+@@ -79,7 +79,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM);
+ static DEFINE_MUTEX(sr_mutex);
+ static int sr_probe(struct device *);
+ static int sr_remove(struct device *);
+-static int sr_done(struct scsi_cmnd *);
++static unsigned int sr_done(struct scsi_cmnd *);
+ static int sr_runtime_suspend(struct device *dev);
+
+ static struct dev_pm_ops sr_pm_ops = {
+@@ -310,11 +310,11 @@ do_tur:
+ * It will be notified on the end of a SCSI read / write, and will take one
+ * of several actions based on success or failure.
+ */
+-static int sr_done(struct scsi_cmnd *SCpnt)
++static unsigned int sr_done(struct scsi_cmnd *SCpnt)
+ {
+ int result = SCpnt->result;
+- int this_count = scsi_bufflen(SCpnt);
+- int good_bytes = (result == 0 ? this_count : 0);
++ unsigned int this_count = scsi_bufflen(SCpnt);
++ unsigned int good_bytes = (result == 0 ? this_count : 0);
+ int block_sectors = 0;
+ long error_sector;
+ struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index d6563ec..a1c5da2 100644
--- a/drivers/spi/spi.c
@@ -65832,7 +65900,7 @@ index ca0ba15..0fa3257 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex)) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 35240a7..96dd7cf 100644
+index 35240a7..a5edf69 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -34,6 +34,7 @@
@@ -66466,10 +66534,12 @@ index 35240a7..96dd7cf 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -816,6 +1253,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -816,8 +1253,21 @@ static int load_elf_binary(struct linux_binprm *bprm)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
+- total_size = total_mapping_size(elf_phdata,
+- loc->elf_ex.e_phnum);
+
+#ifdef CONFIG_PAX_RANDMMAP
+ /* PaX: randomize base address at the default exe base if requested */
@@ -66484,10 +66554,11 @@ index 35240a7..96dd7cf 100644
+ }
+#endif
+
- total_size = total_mapping_size(elf_phdata,
- loc->elf_ex.e_phnum);
++ total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum);
if (!total_size) {
-@@ -854,9 +1305,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ retval = -EINVAL;
+ goto out_free_dentry;
+@@ -854,9 +1304,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -66500,7 +66571,7 @@ index 35240a7..96dd7cf 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -895,17 +1346,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -895,17 +1345,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -66552,7 +66623,7 @@ index 35240a7..96dd7cf 100644
load_bias);
if (!IS_ERR((void *)elf_entry)) {
/*
-@@ -1127,7 +1606,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1127,7 +1605,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -66561,7 +66632,7 @@ index 35240a7..96dd7cf 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1165,7 +1644,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1165,7 +1643,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -66570,7 +66641,7 @@ index 35240a7..96dd7cf 100644
goto whole;
/*
-@@ -1372,9 +1851,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1372,9 +1850,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -66582,7 +66653,7 @@ index 35240a7..96dd7cf 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1383,7 +1862,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
+@@ -1383,7 +1861,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
{
mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -66591,7 +66662,7 @@ index 35240a7..96dd7cf 100644
set_fs(old_fs);
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
}
-@@ -2007,14 +2486,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2007,14 +2485,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -66608,7 +66679,7 @@ index 35240a7..96dd7cf 100644
return size;
}
-@@ -2105,7 +2584,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2105,7 +2583,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -66617,7 +66688,7 @@ index 35240a7..96dd7cf 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -2133,7 +2612,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2133,7 +2611,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -66626,7 +66697,7 @@ index 35240a7..96dd7cf 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2166,7 +2645,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2166,7 +2644,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -66635,7 +66706,7 @@ index 35240a7..96dd7cf 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2207,6 +2686,167 @@ out:
+@@ -2207,6 +2685,167 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -68245,7 +68316,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 05f1942..747fc21 100644
+index 05f1942..5ea95e4 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -68892,13 +68963,13 @@ index 05f1942..747fc21 100644
+void pax_report_refcount_overflow(struct pt_regs *regs)
+{
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++ printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ else
-+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
++ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
-+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
++ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
+ preempt_disable();
+ show_regs(regs);
+ preempt_enable();
@@ -68957,10 +69028,10 @@ index 05f1942..747fc21 100644
+static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to_user, const char *type)
+{
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
+ ¤t->signal->curr_ip, to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
+ else
-+ printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
+ to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len);
+ dump_stack();
+ gr_handle_kernel_exploit();
@@ -69059,7 +69130,7 @@ index 05f1942..747fc21 100644
+#ifdef CONFIG_PAX_SIZE_OVERFLOW
+void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
+{
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
+ dump_stack();
+ do_group_exit(SIGKILL);
+}
@@ -93527,7 +93598,7 @@ index b66c211..13d2915 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h
-index a964f72..b475afb 100644
+index a964f72..a6d40b4 100644
--- a/include/linux/scatterlist.h
+++ b/include/linux/scatterlist.h
@@ -1,6 +1,7 @@
@@ -93538,19 +93609,26 @@ index a964f72..b475afb 100644
#include <linux/string.h>
#include <linux/bug.h>
#include <linux/mm.h>
-@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
- #ifdef CONFIG_DEBUG_SG
- BUG_ON(!virt_addr_valid(buf));
- #endif
+@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg)
+ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
+ unsigned int buflen)
+ {
++ const void *realbuf = buf;
++
+#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
-+ if (object_starts_on_stack(buf)) {
-+ void *adjbuf = buf - current->stack + current->lowmem_stack;
-+ sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf));
-+ } else
++ if (object_starts_on_stack(buf))
++ realbuf = buf - current->stack + current->lowmem_stack;
+#endif
- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++
+ #ifdef CONFIG_DEBUG_SG
+- BUG_ON(!virt_addr_valid(buf));
++ BUG_ON(!virt_addr_valid(realbuf));
+ #endif
+- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++ sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf));
}
+ /*
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 91fe6a3..30088db 100644
--- a/include/linux/sched.h
@@ -95849,6 +95927,19 @@ index 409fafb..efc53b0 100644
struct device sdev_gendev,
sdev_dev;
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h
+index 20fdfc2..5745712 100644
+--- a/include/scsi/scsi_driver.h
++++ b/include/scsi/scsi_driver.h
+@@ -15,7 +15,7 @@ struct scsi_driver {
+ struct device_driver gendrv;
+
+ void (*rescan)(struct device *);
+- int (*done)(struct scsi_cmnd *);
++ unsigned int (*done)(struct scsi_cmnd *);
+ int (*eh_action)(struct scsi_cmnd *, int);
+ };
+ #define to_scsi_driver(drv) \
diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h
index b797e8f..8e2c3aa 100644
--- a/include/scsi/scsi_transport_fc.h
@@ -103667,6 +103758,23 @@ index f504027..97a15c0 100644
bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
if (!bd->dbuf)
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
+index 32adb73..ccbd787 100644
+--- a/lib/decompress_unlzma.c
++++ b/lib/decompress_unlzma.c
+@@ -39,10 +39,10 @@
+
+ #define MIN(a, b) (((a) < (b)) ? (a) : (b))
+
+-static long long INIT read_int(unsigned char *ptr, int size)
++static unsigned long long INIT read_int(unsigned char *ptr, int size)
+ {
+ int i;
+- long long ret = 0;
++ unsigned long long ret = 0;
+
+ for (i = 0; i < size; i++)
+ ret = (ret << 8) | ptr[size-i-1];
diff --git a/lib/devres.c b/lib/devres.c
index 8235331..5881053 100644
--- a/lib/devres.c
@@ -121055,7 +121163,7 @@ index 0000000..da184c5
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..77f8462
+index 0000000..1d20e32
--- /dev/null
+++ b/tools/gcc/gcc-common.h
@@ -0,0 +1,689 @@
@@ -121219,7 +121327,7 @@ index 0000000..77f8462
+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
+
+#if BUILDING_GCC_VERSION == 4005
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++)
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
+#define TODO_rebuild_cgraph_edges 0
@@ -121459,6 +121567,7 @@ index 0000000..77f8462
+}
+
+#define ipa_remove_stmt_references(cnode, stmt)
++
+typedef union gimple_statement_d gasm;
+typedef union gimple_statement_d gassign;
+typedef union gimple_statement_d gcall;
@@ -121480,7 +121589,6 @@ index 0000000..77f8462
+#define create_var_ann(var)
+#define TODO_dump_func 0
+#define TODO_dump_cgraph 0
-+
+#endif
+
+#if BUILDING_GCC_VERSION <= 4009
diff --git a/3.14.45/4435_grsec-mute-warnings.patch b/3.14.45/4435_grsec-mute-warnings.patch
index 558c435..2c2d463 100644
--- a/3.14.45/4435_grsec-mute-warnings.patch
+++ b/3.14.45/4435_grsec-mute-warnings.patch
@@ -29,14 +29,15 @@ warning flags of vanilla kernel versions.
Acked-by: Christian Heim <phreak@gentoo.org>
---
---- a/Makefile 2011-11-18 17:50:11.000000000 -0500
-+++ b/Makefile 2011-11-18 17:50:48.000000000 -0500
+diff -Naur a/Makefile b/Makefile
+--- a/Makefile 2015-06-27 15:35:56.363504156 -0400
++++ b/Makefile 2015-06-27 16:41:08.552598625 -0400
@@ -244,7 +244,7 @@
HOSTCC = gcc
HOSTCXX = g++
--HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89
-+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89
+-HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks
++HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks
HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds
diff --git a/3.2.69/0000_README b/3.2.69/0000_README
index 1521b73..05b7791 100644
--- a/3.2.69/0000_README
+++ b/3.2.69/0000_README
@@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch
From: http://www.kernel.org
Desc: Linux 3.2.69
-Patch: 4420_grsecurity-3.1-3.2.69-201506232100.patch
+Patch: 4420_grsecurity-3.1-3.2.69-201506262041.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch
similarity index 99%
rename from 3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch
rename to 3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch
index 873b401..ce279a5 100644
--- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch
+++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch
@@ -6836,10 +6836,23 @@ index 1df64a8..aea2a39 100644
};
diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index c70b3d8..d01c6b3 100644
+index c70b3d8..d7d5b01 100644
--- a/arch/s390/mm/mmap.c
+++ b/arch/s390/mm/mmap.c
-@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -60,6 +60,12 @@ static inline int mmap_is_legacy(void)
+
+ static unsigned long mmap_rnd(void)
+ {
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++ return 0;
++#endif
++
+ if (!(current->flags & PF_RANDOMIZE))
+ return 0;
+ /* 8MB randomization for mmap_base */
+@@ -92,10 +98,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -6862,7 +6875,7 @@ index c70b3d8..d01c6b3 100644
mm->get_unmapped_area = arch_get_unmapped_area_topdown;
mm->unmap_area = arch_unmap_area_topdown;
}
-@@ -175,10 +187,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -175,10 +193,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -28417,7 +28430,7 @@ index d0474ad..36e9257 100644
extern u32 pnp_bios_is_utter_crap;
pnp_bios_is_utter_crap = 1;
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 351590e..a1132fb 100644
+index 351590e..825bba9 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -13,11 +13,18 @@
@@ -28609,10 +28622,10 @@ index 351590e..a1132fb 100644
+#ifdef CONFIG_PAX_KERNEXEC
+ if (init_mm.start_code <= address && address < init_mm.end_code) {
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
+ current->comm, task_pid_nr(current), current_uid(), current_euid());
+ }
+#endif
@@ -28787,8 +28800,8 @@ index 351590e..a1132fb 100644
+ return;
+ }
+ if (address < pax_user_shadow_base) {
-+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
-+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip);
++ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
++ printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip);
+ show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR);
+ } else
+ address -= pax_user_shadow_base;
@@ -49651,7 +49664,7 @@ index 4169c8b..a8b896b 100644
ddb_entry->default_relogin_timeout =
le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
-index 831db24..aef1598 100644
+index 831db24..1b88f70 100644
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -655,7 +655,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
@@ -49663,6 +49676,15 @@ index 831db24..aef1598 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
+@@ -837,7 +837,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd)
+
+ good_bytes = scsi_bufflen(cmd);
+ if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) {
+- int old_good_bytes = good_bytes;
++ unsigned int old_good_bytes = good_bytes;
+ drv = scsi_cmd_to_driver(cmd);
+ if (drv->done)
+ good_bytes = drv->done(cmd);
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index f6a464a..797b84d 100644
--- a/drivers/scsi/scsi_lib.c
@@ -49817,9 +49839,27 @@ index 21a045e..ec89e03 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 5c6b5f5..475317d 100644
+index 5c6b5f5..015ec9d 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
+@@ -105,7 +105,7 @@ static void sd_shutdown(struct device *);
+ static int sd_suspend(struct device *, pm_message_t state);
+ static int sd_resume(struct device *);
+ static void sd_rescan(struct device *);
+-static int sd_done(struct scsi_cmnd *);
++static unsigned int sd_done(struct scsi_cmnd *);
+ static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer);
+ static void scsi_disk_release(struct device *cdev);
+ static void sd_print_sense_hdr(struct scsi_disk *, struct scsi_sense_hdr *);
+@@ -1390,7 +1390,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd)
+ *
+ * Note: potentially run from within an ISR. Must not block.
+ **/
+-static int sd_done(struct scsi_cmnd *SCpnt)
++static unsigned int sd_done(struct scsi_cmnd *SCpnt)
+ {
+ int result = SCpnt->result;
+ unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt);
@@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev)
device_initialize(&sdkp->dev);
sdkp->dev.parent = dev;
@@ -49860,6 +49900,34 @@ index 2d25616..7502cde 100644
sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
if (!sg_proc_sgp)
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
+index 5fc97d2..5f26ccd 100644
+--- a/drivers/scsi/sr.c
++++ b/drivers/scsi/sr.c
+@@ -78,7 +78,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM);
+ static DEFINE_MUTEX(sr_mutex);
+ static int sr_probe(struct device *);
+ static int sr_remove(struct device *);
+-static int sr_done(struct scsi_cmnd *);
++static unsigned int sr_done(struct scsi_cmnd *);
+
+ static struct scsi_driver sr_template = {
+ .owner = THIS_MODULE,
+@@ -296,11 +296,11 @@ do_tur:
+ * It will be notified on the end of a SCSI read / write, and will take one
+ * of several actions based on success or failure.
+ */
+-static int sr_done(struct scsi_cmnd *SCpnt)
++static unsigned int sr_done(struct scsi_cmnd *SCpnt)
+ {
+ int result = SCpnt->result;
+- int this_count = scsi_bufflen(SCpnt);
+- int good_bytes = (result == 0 ? this_count : 0);
++ unsigned int this_count = scsi_bufflen(SCpnt);
++ unsigned int good_bytes = (result == 0 ? this_count : 0);
+ int block_sectors = 0;
+ long error_sector;
+ struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
new file mode 100644
index 0000000..06c9d30
@@ -59288,7 +59356,7 @@ index 451b9b8..12e5a03 100644
out_free_fd:
diff --git a/fs/exec.c b/fs/exec.c
-index 7adb43f..9b2005c 100644
+index 7adb43f..be703f8 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,12 +55,35 @@
@@ -60069,12 +60137,12 @@ index 7adb43f..9b2005c 100644
+void pax_report_refcount_overflow(struct pt_regs *regs)
+{
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++ printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
+ else
-+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
+ current->comm, task_pid_nr(current), current_uid(), current_euid());
-+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
++ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
+ preempt_disable();
+ show_regs(regs);
+ preempt_enable();
@@ -60133,10 +60201,10 @@ index 7adb43f..9b2005c 100644
+static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type)
+{
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
+ ¤t->signal->curr_ip, to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len);
+ else
-+ printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
++ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n",
+ to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len);
+ dump_stack();
+ gr_handle_kernel_exploit();
@@ -60235,7 +60303,7 @@ index 7adb43f..9b2005c 100644
+#ifdef CONFIG_PAX_SIZE_OVERFLOW
+void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
+{
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
+ dump_stack();
+ do_group_exit(SIGKILL);
+}
@@ -87940,6 +88008,19 @@ index 377ba61..1b6890c 100644
struct device sdev_gendev,
sdev_dev;
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h
+index 9fd6702..52e04b7 100644
+--- a/include/scsi/scsi_driver.h
++++ b/include/scsi/scsi_driver.h
+@@ -15,7 +15,7 @@ struct scsi_driver {
+ struct device_driver gendrv;
+
+ void (*rescan)(struct device *);
+- int (*done)(struct scsi_cmnd *);
++ unsigned int (*done)(struct scsi_cmnd *);
+ };
+ #define to_scsi_driver(drv) \
+ container_of((drv), struct scsi_driver, gendrv)
diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h
index 2a65167..91e01f8 100644
--- a/include/scsi/scsi_transport_fc.h
@@ -96477,6 +96558,23 @@ index 6a110e2..799667a 100644
bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
if (!bd->dbuf)
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
+index 476c65a..b4c50e8 100644
+--- a/lib/decompress_unlzma.c
++++ b/lib/decompress_unlzma.c
+@@ -39,10 +39,10 @@
+
+ #define MIN(a, b) (((a) < (b)) ? (a) : (b))
+
+-static long long INIT read_int(unsigned char *ptr, int size)
++static unsigned long long INIT read_int(unsigned char *ptr, int size)
+ {
+ int i;
+- long long ret = 0;
++ unsigned long long ret = 0;
+
+ for (i = 0; i < size; i++)
+ ret = (ret << 8) | ptr[size-i-1];
diff --git a/lib/devres.c b/lib/devres.c
index 7c0e953..f642b5c 100644
--- a/lib/devres.c
@@ -116469,7 +116567,7 @@ index 0000000..da184c5
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..77f8462
+index 0000000..1d20e32
--- /dev/null
+++ b/tools/gcc/gcc-common.h
@@ -0,0 +1,689 @@
@@ -116633,7 +116731,7 @@ index 0000000..77f8462
+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
+
+#if BUILDING_GCC_VERSION == 4005
-+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I)
++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++)
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I))
+#define TODO_rebuild_cgraph_edges 0
@@ -116873,6 +116971,7 @@ index 0000000..77f8462
+}
+
+#define ipa_remove_stmt_references(cnode, stmt)
++
+typedef union gimple_statement_d gasm;
+typedef union gimple_statement_d gassign;
+typedef union gimple_statement_d gcall;
@@ -116894,7 +116993,6 @@ index 0000000..77f8462
+#define create_var_ann(var)
+#define TODO_dump_func 0
+#define TODO_dump_cgraph 0
-+
+#endif
+
+#if BUILDING_GCC_VERSION <= 4009
diff --git a/4.0.6/0000_README b/4.0.6/0000_README
index 62fb720..00d5c29 100644
--- a/4.0.6/0000_README
+++ b/4.0.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.0.6-201506232104.patch
+Patch: 4420_grsecurity-3.1-4.0.6-201506262047.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
similarity index 99%
rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch
rename to 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
index 91512cb..797b7c1 100644
--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch
+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch
@@ -53187,6 +53187,34 @@ index 2270bd5..98408a5 100644
case BLKTRACESTART:
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
+index 8bd54a6..dd037a5 100644
+--- a/drivers/scsi/sr.c
++++ b/drivers/scsi/sr.c
+@@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex);
+ static int sr_probe(struct device *);
+ static int sr_remove(struct device *);
+ static int sr_init_command(struct scsi_cmnd *SCpnt);
+-static int sr_done(struct scsi_cmnd *);
++static unsigned int sr_done(struct scsi_cmnd *);
+ static int sr_runtime_suspend(struct device *dev);
+
+ static struct dev_pm_ops sr_pm_ops = {
+@@ -312,11 +312,11 @@ do_tur:
+ * It will be notified on the end of a SCSI read / write, and will take one
+ * of several actions based on success or failure.
+ */
+-static int sr_done(struct scsi_cmnd *SCpnt)
++static unsigned int sr_done(struct scsi_cmnd *SCpnt)
+ {
+ int result = SCpnt->result;
+- int this_count = scsi_bufflen(SCpnt);
+- int good_bytes = (result == 0 ? this_count : 0);
++ unsigned int this_count = scsi_bufflen(SCpnt);
++ unsigned int good_bytes = (result == 0 ? this_count : 0);
+ int block_sectors = 0;
+ long error_sector;
+ struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk);
diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c
index c0d660f..24a5854 100644
--- a/drivers/soc/tegra/fuse/fuse-tegra.c
@@ -93167,7 +93195,7 @@ index c4c559a..6ba9a26 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h
-index ed8f9e70..999bc96 100644
+index ed8f9e70..2e627f2 100644
--- a/include/linux/scatterlist.h
+++ b/include/linux/scatterlist.h
@@ -1,6 +1,7 @@
@@ -93178,19 +93206,26 @@ index ed8f9e70..999bc96 100644
#include <linux/string.h>
#include <linux/bug.h>
#include <linux/mm.h>
-@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
- #ifdef CONFIG_DEBUG_SG
- BUG_ON(!virt_addr_valid(buf));
- #endif
+@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg)
+ static inline void sg_set_buf(struct scatterlist *sg, const void *buf,
+ unsigned int buflen)
+ {
++ const void *realbuf = buf;
++
+#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
-+ if (object_starts_on_stack(buf)) {
-+ void *adjbuf = buf - current->stack + current->lowmem_stack;
-+ sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf));
-+ } else
++ if (object_starts_on_stack(buf))
++ realbuf = buf - current->stack + current->lowmem_stack;
+#endif
- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++
+ #ifdef CONFIG_DEBUG_SG
+- BUG_ON(!virt_addr_valid(buf));
++ BUG_ON(!virt_addr_valid(realbuf));
+ #endif
+- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++ sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf));
}
+ /*
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 51348f7..8c8b0ba 100644
--- a/include/linux/sched.h
@@ -95438,6 +95473,19 @@ index a4c9336..d6f8f34 100644
struct device sdev_gendev,
sdev_dev;
+diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h
+index 891a658..fcd68df 100644
+--- a/include/scsi/scsi_driver.h
++++ b/include/scsi/scsi_driver.h
+@@ -14,7 +14,7 @@ struct scsi_driver {
+ void (*rescan)(struct device *);
+ int (*init_command)(struct scsi_cmnd *);
+ void (*uninit_command)(struct scsi_cmnd *);
+- int (*done)(struct scsi_cmnd *);
++ unsigned int (*done)(struct scsi_cmnd *);
+ int (*eh_action)(struct scsi_cmnd *, int);
+ };
+ #define to_scsi_driver(drv) \
diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h
index 007a0bc..7188db8 100644
--- a/include/scsi/scsi_transport_fc.h
@@ -103458,6 +103506,23 @@ index 6dd0335..1e9c239 100644
bd->dbuf = large_malloc(bd->dbufSize * sizeof(int));
if (!bd->dbuf)
+diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
+index 0be83af..4605e93 100644
+--- a/lib/decompress_unlzma.c
++++ b/lib/decompress_unlzma.c
+@@ -39,10 +39,10 @@
+
+ #define MIN(a, b) (((a) < (b)) ? (a) : (b))
+
+-static long long INIT read_int(unsigned char *ptr, int size)
++static unsigned long long INIT read_int(unsigned char *ptr, int size)
+ {
+ int i;
+- long long ret = 0;
++ unsigned long long ret = 0;
+
+ for (i = 0; i < size; i++)
+ ret = (ret << 8) | ptr[size-i-1];
diff --git a/lib/div64.c b/lib/div64.c
index 4382ad7..08aa558 100644
--- a/lib/div64.c
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-06-27 20:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-27 20:57 [gentoo-commits] proj/hardened-patchset:master commit in: 4.0.6/, 3.2.69/, 3.14.45/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox