* [gentoo-commits] proj/hardened-patchset:master commit in: 4.2.5/
@ 2015-11-03 8:18 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2015-11-03 8:18 UTC (permalink / raw
To: gentoo-commits
commit: 62e8f25d6636b09b18cb25cb1bb491cc026b5b08
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 3 08:24:26 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Nov 3 08:24:26 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=62e8f25d
grsecurity-3.1-4.2.5-201511021814
4.2.5/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.2.5-201511021814.patch} | 318 +++++++++++++++------
2 files changed, 232 insertions(+), 88 deletions(-)
diff --git a/4.2.5/0000_README b/4.2.5/0000_README
index 0d8d90f..35d5d28 100644
--- a/4.2.5/0000_README
+++ b/4.2.5/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.2.5-201510290852.patch
+Patch: 4420_grsecurity-3.1-4.2.5-201511021814.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch b/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch
similarity index 99%
rename from 4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch
rename to 4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch
index db09c8a..52245c5 100644
--- a/4.2.5/4420_grsecurity-3.1-4.2.5-201510290852.patch
+++ b/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch
@@ -25173,7 +25173,7 @@ index d25097c..e2df353 100644
return MXCSR_DEFAULT;
}
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
-index d14e9ac..f1334f8 100644
+index d14e9ac..13442f0 100644
--- a/arch/x86/kernel/fpu/init.c
+++ b/arch/x86/kernel/fpu/init.c
@@ -42,7 +42,7 @@ static void fpu__init_cpu_generic(void)
@@ -25229,17 +25229,7 @@ index d14e9ac..f1334f8 100644
/*
* Set up the xstate_size based on the legacy FPU context size.
-@@ -300,6 +265,9 @@ static void __init fpu__init_system_ctx_switch(void)
- }
- }
-
-+ /* XXX: Temporarily forcing eager FPU mode */
-+ eagerfpu = ENABLE;
-+
- if (eagerfpu == ENABLE)
- setup_force_cpu_cap(X86_FEATURE_EAGER_FPU);
-
-@@ -331,7 +299,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c)
+@@ -331,7 +296,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c)
fpu__init_system_generic();
fpu__init_system_xstate_size_legacy();
fpu__init_system_xstate();
@@ -27814,7 +27804,7 @@ index adf0392..88a7576 100644
dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs);
}
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index c27cad7..47e3f47 100644
+index c27cad7..cc494be 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -15,6 +15,7 @@
@@ -27843,7 +27833,7 @@ index c27cad7..47e3f47 100644
};
EXPORT_PER_CPU_SYMBOL(cpu_tss);
-@@ -75,17 +78,35 @@ void idle_notifier_unregister(struct notifier_block *n)
+@@ -75,17 +78,37 @@ void idle_notifier_unregister(struct notifier_block *n)
EXPORT_SYMBOL_GPL(idle_notifier_unregister);
#endif
@@ -27866,8 +27856,10 @@ index c27cad7..47e3f47 100644
{
- memcpy(dst, src, arch_task_struct_size);
+ *dst = *src;
-
++
+ dst->thread.fpu.state = kmem_cache_alloc_node(fpregs_state_cachep, GFP_KERNEL, tsk_fork_get_node(src));
++ memcpy(dst->thread.fpu.state, src->thread.fpu.state, xstate_size);
+
return fpu__copy(&dst->thread.fpu, &src->thread.fpu);
}
@@ -27880,7 +27872,7 @@ index c27cad7..47e3f47 100644
/*
* Free current thread data structures etc..
*/
-@@ -97,7 +118,7 @@ void exit_thread(void)
+@@ -97,7 +120,7 @@ void exit_thread(void)
struct fpu *fpu = &t->fpu;
if (bp) {
@@ -27889,7 +27881,7 @@ index c27cad7..47e3f47 100644
t->io_bitmap_ptr = NULL;
clear_thread_flag(TIF_IO_BITMAP);
-@@ -117,6 +138,9 @@ void flush_thread(void)
+@@ -117,6 +140,9 @@ void flush_thread(void)
{
struct task_struct *tsk = current;
@@ -27899,7 +27891,7 @@ index c27cad7..47e3f47 100644
flush_ptrace_hw_breakpoint(tsk);
memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
-@@ -258,7 +282,7 @@ static void __exit_idle(void)
+@@ -258,7 +284,7 @@ static void __exit_idle(void)
void exit_idle(void)
{
/* idle loop has pid 0 */
@@ -27908,7 +27900,7 @@ index c27cad7..47e3f47 100644
return;
__exit_idle();
}
-@@ -311,7 +335,7 @@ bool xen_set_default_idle(void)
+@@ -311,7 +337,7 @@ bool xen_set_default_idle(void)
return ret;
}
#endif
@@ -27917,7 +27909,7 @@ index c27cad7..47e3f47 100644
{
local_irq_disable();
/*
-@@ -488,16 +512,40 @@ static int __init idle_setup(char *str)
+@@ -488,16 +514,40 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
@@ -49948,9 +49940,18 @@ index e8c96b8..516a96c 100644
Say Y here if you want to support for Freescale FlexCAN.
diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
-index aede704..b516b4d 100644
+index aede704..ca734ed 100644
--- a/drivers/net/can/dev.c
+++ b/drivers/net/can/dev.c
+@@ -915,7 +915,7 @@ static int can_fill_info(struct sk_buff *skb, const struct net_device *dev)
+ nla_put(skb, IFLA_CAN_BITTIMING_CONST,
+ sizeof(*priv->bittiming_const), priv->bittiming_const)) ||
+
+- nla_put(skb, IFLA_CAN_CLOCK, sizeof(cm), &priv->clock) ||
++ nla_put(skb, IFLA_CAN_CLOCK, sizeof(priv->clock), &priv->clock) ||
+ nla_put_u32(skb, IFLA_CAN_STATE, state) ||
+ nla_put(skb, IFLA_CAN_CTRLMODE, sizeof(cm), &cm) ||
+ nla_put_u32(skb, IFLA_CAN_RESTART_MS, priv->restart_ms) ||
@@ -961,7 +961,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
return -EOPNOTSUPP;
}
@@ -51028,6 +51029,19 @@ index e5ba040..d47531c 100644
smp_mb();
/* need lock to prevent incorrect read while modifying cyclecounter */
+diff --git a/drivers/net/ethernet/mellanox/mlx4/cmd.c b/drivers/net/ethernet/mellanox/mlx4/cmd.c
+index 0a32020..2177e56 100644
+--- a/drivers/net/ethernet/mellanox/mlx4/cmd.c
++++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c
+@@ -2398,7 +2398,7 @@ int mlx4_multi_func_init(struct mlx4_dev *dev)
+ }
+ }
+
+- memset(&priv->mfunc.master.cmd_eqe, 0, dev->caps.eqe_size);
++ memset(&priv->mfunc.master.cmd_eqe, 0, sizeof(struct mlx4_eqe));
+ priv->mfunc.master.cmd_eqe.type = MLX4_EVENT_TYPE_CMD;
+ INIT_WORK(&priv->mfunc.master.comm_work,
+ mlx4_master_comm_channel);
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
index c10d98f..72914c6 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
@@ -51043,6 +51057,19 @@ index c10d98f..72914c6 100644
netdev_tx_completed_queue(ring->tx_queue, packets, bytes);
+diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c
+index 8e81e53..ad8f95d 100644
+--- a/drivers/net/ethernet/mellanox/mlx4/eq.c
++++ b/drivers/net/ethernet/mellanox/mlx4/eq.c
+@@ -196,7 +196,7 @@ static void slave_event(struct mlx4_dev *dev, u8 slave, struct mlx4_eqe *eqe)
+ return;
+ }
+
+- memcpy(s_eqe, eqe, dev->caps.eqe_size - 1);
++ memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1);
+ s_eqe->slave_id = slave;
+ /* ensure all information is written before setting the ownersip bit */
+ dma_wmb();
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 40206da..9d94643 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -53012,9 +53039,18 @@ index f66be86..6cbcabb 100644
/**
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 312f23a..d21181c 100644
+index 312f23a..8c8b922 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
+@@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev,
+ if (ret)
+ return ret;
+
+- if (!node_online(node))
++ if (node >= MAX_NUMNODES || !node_online(node))
+ return -EINVAL;
+
+ add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK);
@@ -1140,7 +1140,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
{
/* allocate attribute structure, piggyback attribute name */
@@ -74263,7 +74299,7 @@ index 0000000..43d7c4f
+:1095D00080000A8080000A00800009808000090065
+:00000001FF
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
-index 2d0cbbd..a6d6149 100644
+index 2d0cbbd..a6d61492 100644
--- a/fs/Kconfig.binfmt
+++ b/fs/Kconfig.binfmt
@@ -103,7 +103,7 @@ config HAVE_AOUT
@@ -81535,8 +81571,35 @@ index e33dab2..cdbdad9 100644
}
}
putname(tmp);
+diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c
+index 84d693d..871fcb6 100644
+--- a/fs/overlayfs/copy_up.c
++++ b/fs/overlayfs/copy_up.c
+@@ -81,11 +81,11 @@ static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len)
+ if (len == 0)
+ return 0;
+
+- old_file = ovl_path_open(old, O_RDONLY);
++ old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY);
+ if (IS_ERR(old_file))
+ return PTR_ERR(old_file);
+
+- new_file = ovl_path_open(new, O_WRONLY);
++ new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY);
+ if (IS_ERR(new_file)) {
+ error = PTR_ERR(new_file);
+ goto out_fput;
+@@ -267,7 +267,7 @@ out:
+
+ out_cleanup:
+ ovl_cleanup(wdir, newdentry);
+- goto out;
++ goto out2;
+ }
+
+ /*
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
-index d9da5a4..7ced3c7 100644
+index d9da5a4..f9b5b82 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -346,6 +346,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
@@ -81549,8 +81612,18 @@ index d9da5a4..7ced3c7 100644
type = ovl_path_real(dentry, &realpath);
if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
err = ovl_want_write(dentry);
+@@ -363,6 +366,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
+ ovl_path_upper(dentry, &realpath);
+ }
+
++ if (realpath.dentry->d_flags & DCACHE_OP_SELECT_INODE)
++ return realpath.dentry->d_op->d_select_inode(realpath.dentry, file_flags);
++
+ return d_backing_inode(realpath.dentry);
+ }
+
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
-index 79073d6..0eb5c27 100644
+index 79073d6..6fc10e4 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -172,7 +172,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
@@ -81562,7 +81635,15 @@ index 79073d6..0eb5c27 100644
}
int ovl_want_write(struct dentry *dentry)
-@@ -879,8 +879,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
+@@ -544,6 +544,7 @@ static void ovl_put_super(struct super_block *sb)
+ mntput(ufs->upper_mnt);
+ for (i = 0; i < ufs->numlower; i++)
+ mntput(ufs->lower_mnt[i]);
++ kfree(ufs->lower_mnt);
+
+ kfree(ufs->config.lowerdir);
+ kfree(ufs->config.upperdir);
+@@ -879,8 +880,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
static int ovl_fill_super(struct super_block *sb, void *data, int silent)
{
@@ -81573,6 +81654,14 @@ index 79073d6..0eb5c27 100644
struct dentry *root_dentry;
struct ovl_entry *oe;
struct ovl_fs *ufs;
+@@ -1048,6 +1049,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
+ oe->lowerstack[i].dentry = stack[i].dentry;
+ oe->lowerstack[i].mnt = ufs->lower_mnt[i];
+ }
++ kfree(stack);
+
+ root_dentry->d_fsdata = oe;
+
diff --git a/fs/pipe.c b/fs/pipe.c
index 8865f79..bd2c79b 100644
--- a/fs/pipe.c
@@ -82879,12 +82968,34 @@ index 92e6726..a600d4fa 100644
.priority = 0,
};
diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
-index d3ebf2e..6ad42d1 100644
+index d3ebf2e..abe1823 100644
--- a/fs/proc/meminfo.c
+++ b/fs/proc/meminfo.c
-@@ -194,7 +194,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
- vmi.used >> 10,
- vmi.largest_chunk >> 10
+@@ -27,7 +27,6 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
+ {
+ struct sysinfo i;
+ unsigned long committed;
+- struct vmalloc_info vmi;
+ long cached;
+ long available;
+ unsigned long pagecache;
+@@ -49,8 +48,6 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
+ if (cached < 0)
+ cached = 0;
+
+- get_vmalloc_info(&vmi);
+-
+ for (lru = LRU_BASE; lru < NR_LRU_LISTS; lru++)
+ pages[lru] = global_page_state(NR_LRU_BASE + lru);
+
+@@ -191,10 +188,10 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
+ K(vm_commit_limit()),
+ K(committed),
+ (unsigned long)VMALLOC_TOTAL >> 10,
+- vmi.used >> 10,
+- vmi.largest_chunk >> 10
++ 0ul, // used to be vmalloc 'used'
++ 0ul // used to be vmalloc 'largest_chunk'
#ifdef CONFIG_MEMORY_FAILURE
- , atomic_long_read(&num_poisoned_pages) << (PAGE_SHIFT - 10)
+ , atomic_long_read_unchecked(&num_poisoned_pages) << (PAGE_SHIFT - 10)
@@ -97005,7 +97116,7 @@ index a76c917..63b52db 100644
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
/*
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
-index dfaa7b3..d8bb2a0 100644
+index dfaa7b3..58cebfb 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -116,8 +116,8 @@
@@ -97058,17 +97169,6 @@ index dfaa7b3..d8bb2a0 100644
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -237,6 +266,10 @@
- #define KASAN_ABI_VERSION 3
- #endif
-
-+#if GCC_VERSION >= 50000
-+//#define CC_HAVE_BUILTIN_OVERFLOW
-+#endif
-+
- #endif /* gcc version >= 40000 specific checks */
-
- #if !defined(__noclone)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index e08a6ae..2e5e776 100644
--- a/include/linux/compiler.h
@@ -100708,30 +100808,6 @@ index b2a0f15..4d7da32 100644
/** create a directory */
struct dentry *oprofilefs_mkdir(struct dentry *parent, char const *name);
-diff --git a/include/linux/overflow-arith.h b/include/linux/overflow-arith.h
-new file mode 100644
-index 0000000..e12ccf8
---- /dev/null
-+++ b/include/linux/overflow-arith.h
-@@ -0,0 +1,18 @@
-+#pragma once
-+
-+#include <linux/kernel.h>
-+
-+#ifdef CC_HAVE_BUILTIN_OVERFLOW
-+
-+#define overflow_usub __builtin_usub_overflow
-+
-+#else
-+
-+static inline bool overflow_usub(unsigned int a, unsigned int b,
-+ unsigned int *res)
-+{
-+ *res = a - b;
-+ return *res > a ? true : false;
-+}
-+
-+#endif
diff --git a/include/linux/padata.h b/include/linux/padata.h
index 4386946..f50c615 100644
--- a/include/linux/padata.h
@@ -102802,7 +102878,7 @@ index b483abd..af305ad 100644
#endif
#endif /* _LINUX_VGA_SWITCHEROO_H_ */
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 0ec5983..d5888bb 100644
+index 0ec5983..66d8171 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -18,6 +18,14 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
@@ -102848,6 +102924,29 @@ index 0ec5983..d5888bb 100644
/*
* Internals. Dont't use..
+@@ -182,22 +195,10 @@ pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms)
+ # endif
+ #endif
+
+-struct vmalloc_info {
+- unsigned long used;
+- unsigned long largest_chunk;
+-};
+-
+ #ifdef CONFIG_MMU
+ #define VMALLOC_TOTAL (VMALLOC_END - VMALLOC_START)
+-extern void get_vmalloc_info(struct vmalloc_info *vmi);
+ #else
+-
+ #define VMALLOC_TOTAL 0UL
+-#define get_vmalloc_info(vmi) \
+-do { \
+- (vmi)->used = 0; \
+- (vmi)->largest_chunk = 0; \
+-} while (0)
+ #endif
+
+ #endif /* _LINUX_VMALLOC_H */
diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
index 82e7db7..f8ce3d0 100644
--- a/include/linux/vmstat.h
@@ -117219,7 +117318,7 @@ index 68ff8a5..40c7a70 100644
if (len > buflen)
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 2faaa29..c816cf4 100644
+index 2faaa29..7ac7a6d 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -40,20 +40,65 @@ struct vfree_deferred {
@@ -117565,6 +117664,59 @@ index 2faaa29..c816cf4 100644
if (v->nr_pages)
seq_printf(m, " pages=%d", v->nr_pages);
+@@ -2688,52 +2844,5 @@ static int __init proc_vmalloc_init(void)
+ }
+ module_init(proc_vmalloc_init);
+
+-void get_vmalloc_info(struct vmalloc_info *vmi)
+-{
+- struct vmap_area *va;
+- unsigned long free_area_size;
+- unsigned long prev_end;
+-
+- vmi->used = 0;
+- vmi->largest_chunk = 0;
+-
+- prev_end = VMALLOC_START;
+-
+- rcu_read_lock();
+-
+- if (list_empty(&vmap_area_list)) {
+- vmi->largest_chunk = VMALLOC_TOTAL;
+- goto out;
+- }
+-
+- list_for_each_entry_rcu(va, &vmap_area_list, list) {
+- unsigned long addr = va->va_start;
+-
+- /*
+- * Some archs keep another range for modules in vmalloc space
+- */
+- if (addr < VMALLOC_START)
+- continue;
+- if (addr >= VMALLOC_END)
+- break;
+-
+- if (va->flags & (VM_LAZY_FREE | VM_LAZY_FREEING))
+- continue;
+-
+- vmi->used += (va->va_end - va->va_start);
+-
+- free_area_size = addr - prev_end;
+- if (vmi->largest_chunk < free_area_size)
+- vmi->largest_chunk = free_area_size;
+-
+- prev_end = va->va_end;
+- }
+-
+- if (VMALLOC_END - prev_end > vmi->largest_chunk)
+- vmi->largest_chunk = VMALLOC_END - prev_end;
+-
+-out:
+- rcu_read_unlock();
+-}
+ #endif
+
diff --git a/mm/vmstat.c b/mm/vmstat.c
index 4f5cd97..9fb715a 100644
--- a/mm/vmstat.c
@@ -120773,29 +120925,18 @@ index 69f4f68..1f97524 100644
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index d5f7716..b4b3821 100644
+index d5f7716..7da025a 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
-@@ -28,6 +28,7 @@
-
- #include <linux/errno.h>
- #include <linux/kernel.h>
-+#include <linux/overflow-arith.h>
- #include <linux/string.h>
- #include <linux/socket.h>
- #include <linux/net.h>
-@@ -581,7 +582,10 @@ int ip6_fragment(struct sock *sk, struct sk_buff *skb,
+@@ -581,6 +581,8 @@ int ip6_fragment(struct sock *sk, struct sk_buff *skb,
if (np->frag_size)
mtu = np->frag_size;
}
-- mtu -= hlen + sizeof(struct frag_hdr);
-+
-+ if (overflow_usub(mtu, hlen + sizeof(struct frag_hdr), &mtu) ||
-+ mtu <= 7)
++ if (mtu < hlen + sizeof(struct frag_hdr) + 8)
+ goto fail_toobig;
+ mtu -= hlen + sizeof(struct frag_hdr);
frag_id = ipv6_select_ident(net, &ipv6_hdr(skb)->daddr,
- &ipv6_hdr(skb)->saddr);
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 2e67b66..b816b34 100644
--- a/net/ipv6/ip6_tunnel.c
@@ -144927,10 +145068,10 @@ index 0000000..37e2e91
+#endif
diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
new file mode 100644
-index 0000000..f888be6
+index 0000000..62eb578
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
-@@ -0,0 +1,944 @@
+@@ -0,0 +1,947 @@
+/*
+ * Copyright 2011-2015 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -145138,6 +145279,9 @@ index 0000000..f888be6
+ switch (TREE_CODE(node)) {
+ case COMPONENT_REF:
+ cur_decl = search_field_decl(node);
++ // !!! temporarily ignore bitfield types
++ if (DECL_BIT_FIELD_TYPE(cur_decl))
++ return MARK_YES;
+ if (is_turn_off_intentional_attr(cur_decl))
+ return MARK_TURN_OFF;
+ if (is_end_intentional_intentional_attr(cur_decl))
@@ -169141,7 +169285,7 @@ index 0000000..6075e8f
+
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
new file mode 100644
-index 0000000..b6d179f
+index 0000000..a82cc026
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
@@ -0,0 +1,318 @@
@@ -169176,7 +169320,7 @@ index 0000000..b6d179f
+tree size_overflow_type_TI;
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20151026",
++ .version = "20151029",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.2.5/
@ 2015-11-09 16:37 Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2015-11-09 16:37 UTC (permalink / raw
To: gentoo-commits
commit: c9e575207cd9ce2929c6df7daa6ac0d06348e532
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 9 16:42:53 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Nov 9 16:42:53 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=c9e57520
grsecurity-3.1-4.2.5-201511081815
4.2.5/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.2.5-201511081815.patch} | 109 ++++++++++++++-------
2 files changed, 75 insertions(+), 36 deletions(-)
diff --git a/4.2.5/0000_README b/4.2.5/0000_README
index 35d5d28..7d29a1e 100644
--- a/4.2.5/0000_README
+++ b/4.2.5/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.2.5-201511021814.patch
+Patch: 4420_grsecurity-3.1-4.2.5-201511081815.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch b/4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch
similarity index 99%
rename from 4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch
rename to 4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch
index 52245c5..ca4df8f 100644
--- a/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch
+++ b/4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch
@@ -27804,7 +27804,7 @@ index adf0392..88a7576 100644
dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs);
}
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index c27cad7..cc494be 100644
+index c27cad7..47c45ed 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -15,6 +15,7 @@
@@ -27833,7 +27833,7 @@ index c27cad7..cc494be 100644
};
EXPORT_PER_CPU_SYMBOL(cpu_tss);
-@@ -75,17 +78,37 @@ void idle_notifier_unregister(struct notifier_block *n)
+@@ -75,17 +78,36 @@ void idle_notifier_unregister(struct notifier_block *n)
EXPORT_SYMBOL_GPL(idle_notifier_unregister);
#endif
@@ -27856,7 +27856,6 @@ index c27cad7..cc494be 100644
{
- memcpy(dst, src, arch_task_struct_size);
+ *dst = *src;
-+
+ dst->thread.fpu.state = kmem_cache_alloc_node(fpregs_state_cachep, GFP_KERNEL, tsk_fork_get_node(src));
+ memcpy(dst->thread.fpu.state, src->thread.fpu.state, xstate_size);
@@ -27872,7 +27871,7 @@ index c27cad7..cc494be 100644
/*
* Free current thread data structures etc..
*/
-@@ -97,7 +120,7 @@ void exit_thread(void)
+@@ -97,7 +119,7 @@ void exit_thread(void)
struct fpu *fpu = &t->fpu;
if (bp) {
@@ -27881,7 +27880,7 @@ index c27cad7..cc494be 100644
t->io_bitmap_ptr = NULL;
clear_thread_flag(TIF_IO_BITMAP);
-@@ -117,6 +140,9 @@ void flush_thread(void)
+@@ -117,6 +139,9 @@ void flush_thread(void)
{
struct task_struct *tsk = current;
@@ -27891,7 +27890,7 @@ index c27cad7..cc494be 100644
flush_ptrace_hw_breakpoint(tsk);
memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
-@@ -258,7 +284,7 @@ static void __exit_idle(void)
+@@ -258,7 +283,7 @@ static void __exit_idle(void)
void exit_idle(void)
{
/* idle loop has pid 0 */
@@ -27900,7 +27899,7 @@ index c27cad7..cc494be 100644
return;
__exit_idle();
}
-@@ -311,7 +337,7 @@ bool xen_set_default_idle(void)
+@@ -311,7 +336,7 @@ bool xen_set_default_idle(void)
return ret;
}
#endif
@@ -27909,7 +27908,7 @@ index c27cad7..cc494be 100644
{
local_irq_disable();
/*
-@@ -488,16 +514,40 @@ static int __init idle_setup(char *str)
+@@ -488,16 +513,40 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
@@ -28063,7 +28062,7 @@ index f73c962..6589332 100644
}
-
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index a90ac95..ebac33e 100644
+index a90ac95..9f5135e 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -157,9 +157,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
@@ -28124,26 +28123,6 @@ index a90ac95..ebac33e 100644
/*
* Now maybe reload the debug registers and handle I/O bitmaps
*/
-@@ -510,7 +520,6 @@ unsigned long get_wchan(struct task_struct *p)
-
- if (!p || p == current || p->state == TASK_RUNNING)
- return 0;
--
- start = (unsigned long)task_stack_page(p);
- if (!start)
- return 0;
-@@ -535,7 +544,10 @@ unsigned long get_wchan(struct task_struct *p)
- */
- top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING;
- top -= 2 * sizeof(unsigned long);
-- bottom = start + sizeof(struct thread_info);
-+ /* not adding sizeof(thread_info) since it's not located on the stack
-+ with PaX patched in
-+ */
-+ bottom = start;
-
- sp = READ_ONCE(p->thread.sp);
- if (sp < bottom || sp > top)
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 9be72bc..f4329c5 100644
--- a/arch/x86/kernel/ptrace.c
@@ -53039,7 +53018,7 @@ index f66be86..6cbcabb 100644
/**
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 312f23a..8c8b922 100644
+index 312f23a..8b7d036 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev,
@@ -53047,7 +53026,7 @@ index 312f23a..8c8b922 100644
return ret;
- if (!node_online(node))
-+ if (node >= MAX_NUMNODES || !node_online(node))
++ if (node < 0 || node >= MAX_NUMNODES || !node_online(node))
return -EINVAL;
add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK);
@@ -76876,7 +76855,7 @@ index c711be8..23b8df9 100644
inode->i_fop = &simple_dir_operations;
diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
-index 754fd6c..ed6acbe 100644
+index 754fd6c..3b93157 100644
--- a/fs/dlm/lowcomms.c
+++ b/fs/dlm/lowcomms.c
@@ -538,7 +538,7 @@ static void close_connection(struct connection *con, bool and_other)
@@ -76884,7 +76863,7 @@ index 754fd6c..ed6acbe 100644
static void sctp_send_shutdown(sctp_assoc_t associd)
{
- static char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
-+ char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
++ char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))] = {};
struct msghdr outmessage;
struct cmsghdr *cmsg;
struct sctp_sndrcvinfo *sinfo;
@@ -100670,6 +100649,19 @@ index f822c3c..958ca0a 100644
struct file; /* forward dec */
struct path;
+diff --git a/include/linux/msg.h b/include/linux/msg.h
+index f3f302f..a001305 100644
+--- a/include/linux/msg.h
++++ b/include/linux/msg.h
+@@ -29,7 +29,7 @@ struct msg_queue {
+ struct list_head q_messages;
+ struct list_head q_receivers;
+ struct list_head q_senders;
+-};
++} __randomize_layout;
+
+ /* Helper routines for sys_msgsnd and sys_msgrcv */
+ extern long do_msgsnd(int msqid, long mtype, void __user *mtext,
diff --git a/include/linux/net.h b/include/linux/net.h
index 04aa068..8a24df5 100644
--- a/include/linux/net.h
@@ -101854,6 +101846,19 @@ index 2f4c1f7..5bc05d7 100644
struct linux_binprm;
struct cred;
+diff --git a/include/linux/sem.h b/include/linux/sem.h
+index 976ce3a..db62f3f 100644
+--- a/include/linux/sem.h
++++ b/include/linux/sem.h
+@@ -21,7 +21,7 @@ struct sem_array {
+ struct list_head list_id; /* undo requests on this array */
+ int sem_nsems; /* no. of semaphores in array */
+ int complex_count; /* pending complex operations */
+-};
++} __randomize_layout;
+
+ #ifdef CONFIG_SYSVIPC
+
diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h
index dc368b8..e895209 100644
--- a/include/linux/semaphore.h
@@ -105006,8 +105011,22 @@ index 161a180..be31d93 100644
spin_lock(&mq_lock);
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
+diff --git a/ipc/msg.c b/ipc/msg.c
+index 1471db9..dbdcf7f 100644
+--- a/ipc/msg.c
++++ b/ipc/msg.c
+@@ -1041,7 +1041,8 @@ void msg_exit_ns(struct ipc_namespace *ns)
+ static int sysvipc_msg_proc_show(struct seq_file *s, void *it)
+ {
+ struct user_namespace *user_ns = seq_user_ns(s);
+- struct msg_queue *msq = it;
++ struct kern_ipc_perm *perm = it;
++ struct msg_queue *msq = container_of(perm, struct msg_queue, q_perm);
+
+ seq_printf(s,
+ "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n",
diff --git a/ipc/sem.c b/ipc/sem.c
-index b471e5a..89aef1d 100644
+index b471e5a..cb0c603 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -1790,7 +1790,7 @@ static int get_queue_result(struct sem_queue *q)
@@ -105028,8 +105047,18 @@ index b471e5a..89aef1d 100644
{
return sys_semtimedop(semid, tsops, nsops, NULL);
}
+@@ -2180,7 +2180,8 @@ void exit_sem(struct task_struct *tsk)
+ static int sysvipc_sem_proc_show(struct seq_file *s, void *it)
+ {
+ struct user_namespace *user_ns = seq_user_ns(s);
+- struct sem_array *sma = it;
++ struct kern_ipc_perm *perm = it;
++ struct sem_array *sma = container_of(perm, struct sem_array, sem_perm);
+ time_t sem_otime;
+
+ /*
diff --git a/ipc/shm.c b/ipc/shm.c
-index 0e61fd4..c545631 100644
+index 0e61fd4..38b0991 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -72,6 +72,14 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp);
@@ -105096,6 +105125,16 @@ index 0e61fd4..c545631 100644
size = i_size_read(d_inode(path.dentry));
ipc_unlock_object(&shp->shm_perm);
rcu_read_unlock();
+@@ -1332,7 +1361,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr)
+ static int sysvipc_shm_proc_show(struct seq_file *s, void *it)
+ {
+ struct user_namespace *user_ns = seq_user_ns(s);
+- struct shmid_kernel *shp = it;
++ struct kern_ipc_perm *perm = it;
++ struct shmid_kernel *shp = container_of(perm, struct shmid_kernel, shm_perm);
+ unsigned long rss = 0, swp = 0;
+
+ shm_add_rss_swap(shp, &rss, &swp);
diff --git a/ipc/util.c b/ipc/util.c
index 0f401d9..049b0ff 100644
--- a/ipc/util.c
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-09 16:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-09 16:37 [gentoo-commits] proj/hardened-patchset:master commit in: 4.2.5/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2015-11-03 8:18 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox