public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download mbox.gz: |
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.2.6/
@ 2015-11-24  8:58 99% Anthony G. Basile
  0 siblings, 0 replies; 1+ results
From: Anthony G. Basile @ 2015-11-24  8:58 UTC (permalink / raw
  To: gentoo-commits

commit:     38964b55adf113b8b1ccdf56092263b4ef9a7578
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 24 09:05:09 2015 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Nov 24 09:05:09 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=38964b55

grsecurity-3.1-4.2.6-201511232037

 4.2.6/0000_README                                  |   2 +-
 ...> 4420_grsecurity-3.1-4.2.6-201511232037.patch} | 175 ++++++++++++++++++---
 2 files changed, 150 insertions(+), 27 deletions(-)

diff --git a/4.2.6/0000_README b/4.2.6/0000_README
index 454ccd7..91bcf5d 100644
--- a/4.2.6/0000_README
+++ b/4.2.6/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.2.6-201511211841.patch
+Patch:	4420_grsecurity-3.1-4.2.6-201511232037.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch
similarity index 99%
rename from 4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch
rename to 4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch
index 30663c2..32f511d 100644
--- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch
+++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch
@@ -23775,7 +23775,7 @@ index 04f0fe5..3c0598c 100644
  
  	/*
 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index cb9e5df..0d25636 100644
+index cb9e5df..0849dd8 100644
 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
 @@ -91,60 +91,6 @@ static const struct cpu_dev default_cpu = {
@@ -23839,7 +23839,19 @@ index cb9e5df..0d25636 100644
  static int __init x86_mpx_setup(char *s)
  {
  	/* require an exact match without trailing characters */
-@@ -287,6 +233,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+@@ -272,10 +218,9 @@ __setup("nosmap", setup_disable_smap);
+ 
+ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+ {
+-	unsigned long eflags;
++	unsigned long eflags = native_save_fl();
+ 
+ 	/* This should have been cleared long ago */
+-	raw_local_save_flags(eflags);
+ 	BUG_ON(eflags & X86_EFLAGS_AC);
+ 
+ 	if (cpu_has(c, X86_FEATURE_SMAP)) {
+@@ -287,6 +232,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
  	}
  }
  
@@ -23949,7 +23961,7 @@ index cb9e5df..0d25636 100644
  /*
   * Some CPU features depend on higher CPUID levels, which may not always
   * be available due to CPUID level capping or broken virtualization
-@@ -387,7 +436,7 @@ void switch_to_new_gdt(int cpu)
+@@ -387,7 +435,7 @@ void switch_to_new_gdt(int cpu)
  {
  	struct desc_ptr gdt_descr;
  
@@ -23958,7 +23970,7 @@ index cb9e5df..0d25636 100644
  	gdt_descr.size = GDT_SIZE - 1;
  	load_gdt(&gdt_descr);
  	/* Reload the per-cpu base */
-@@ -918,6 +967,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+@@ -918,6 +966,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
  	setup_smep(c);
  	setup_smap(c);
  
@@ -23979,7 +23991,7 @@ index cb9e5df..0d25636 100644
  	/*
  	 * The vendor-specific functions might have changed features.
  	 * Now we do "generic changes."
-@@ -992,7 +1055,7 @@ void enable_sep_cpu(void)
+@@ -992,7 +1054,7 @@ void enable_sep_cpu(void)
  	int cpu;
  
  	cpu = get_cpu();
@@ -23988,7 +24000,7 @@ index cb9e5df..0d25636 100644
  
  	if (!boot_cpu_has(X86_FEATURE_SEP))
  		goto out;
-@@ -1138,10 +1201,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1138,10 +1200,12 @@ static __init int setup_disablecpuid(char *arg)
  }
  __setup("clearcpuid=", setup_disablecpuid);
  
@@ -24004,7 +24016,7 @@ index cb9e5df..0d25636 100644
  
  DEFINE_PER_CPU_FIRST(union irq_stack_union,
  		     irq_stack_union) __aligned(PAGE_SIZE) __visible;
-@@ -1253,21 +1318,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
+@@ -1253,21 +1317,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
  DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT;
  EXPORT_PER_CPU_SYMBOL(__preempt_count);
  
@@ -24033,7 +24045,7 @@ index cb9e5df..0d25636 100644
  /*
   * Clear all 6 debug registers:
   */
-@@ -1343,7 +1408,7 @@ void cpu_init(void)
+@@ -1343,7 +1407,7 @@ void cpu_init(void)
  	 */
  	load_ucode_ap();
  
@@ -24042,7 +24054,7 @@ index cb9e5df..0d25636 100644
  	oist = &per_cpu(orig_ist, cpu);
  
  #ifdef CONFIG_NUMA
-@@ -1375,7 +1440,6 @@ void cpu_init(void)
+@@ -1375,7 +1439,6 @@ void cpu_init(void)
  	wrmsrl(MSR_KERNEL_GS_BASE, 0);
  	barrier();
  
@@ -24050,7 +24062,7 @@ index cb9e5df..0d25636 100644
  	x2apic_setup();
  
  	/*
-@@ -1427,7 +1491,7 @@ void cpu_init(void)
+@@ -1427,7 +1490,7 @@ void cpu_init(void)
  {
  	int cpu = smp_processor_id();
  	struct task_struct *curr = current;
@@ -25391,7 +25403,7 @@ index dc60810..6c8a1fa 100644
  }
  
 diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
-index 50ec9af..bb871ca 100644
+index 50ec9af..32d7f10 100644
 --- a/arch/x86/kernel/fpu/signal.c
 +++ b/arch/x86/kernel/fpu/signal.c
 @@ -54,7 +54,7 @@ static inline int check_for_xstate(struct fxregs_state __user *buf,
@@ -25480,8 +25492,34 @@ index 50ec9af..bb871ca 100644
  			err = -1;
  		} else {
  			sanitize_restored_xstate(tsk, &env, xfeatures, fx_only);
+@@ -385,20 +387,19 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame,
+  */
+ void fpu__init_prepare_fx_sw_frame(void)
+ {
+-	int fsave_header_size = sizeof(struct fregs_state);
+ 	int size = xstate_size + FP_XSTATE_MAGIC2_SIZE;
+ 
+-	if (config_enabled(CONFIG_X86_32))
+-		size += fsave_header_size;
+-
+ 	fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1;
+ 	fx_sw_reserved.extended_size = size;
+ 	fx_sw_reserved.xfeatures = xfeatures_mask;
+ 	fx_sw_reserved.xstate_size = xstate_size;
+ 
+-	if (config_enabled(CONFIG_IA32_EMULATION)) {
++	if (config_enabled(CONFIG_IA32_EMULATION) ||
++	    config_enabled(CONFIG_X86_32)) {
++		int fsave_header_size = sizeof(struct fregs_state);
++
+ 		fx_sw_reserved_ia32 = fx_sw_reserved;
+-		fx_sw_reserved_ia32.extended_size += fsave_header_size;
++		fx_sw_reserved_ia32.extended_size = size + fsave_header_size;
+ 	}
+ }
+ 
 diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
-index 62fc001..5ce38be 100644
+index 62fc001..099cbd7 100644
 --- a/arch/x86/kernel/fpu/xstate.c
 +++ b/arch/x86/kernel/fpu/xstate.c
 @@ -93,14 +93,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures);
@@ -25501,16 +25539,15 @@ index 62fc001..5ce38be 100644
  
  	/*
  	 * None of the feature bits are in init state. So nothing else
-@@ -402,7 +402,7 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature)
+@@ -402,7 +402,6 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature)
  	if (!boot_cpu_has(X86_FEATURE_XSAVE))
  		return NULL;
  
 -	xsave = &current->thread.fpu.state.xsave;
-+	xsave = &current->thread.fpu.state->xsave;
  	/*
  	 * We should not ever be requesting features that we
  	 * have not enabled.  Remember that pcntxt_mask is
-@@ -457,5 +457,5 @@ const void *get_xsave_field_ptr(int xsave_state)
+@@ -457,5 +456,5 @@ const void *get_xsave_field_ptr(int xsave_state)
  	 */
  	fpu__save(fpu);
  
@@ -34900,6 +34937,78 @@ index 0057a7acc..95c7edd 100644
  {
  	might_sleep();
  	if (is_enabled()) /* recheck and proper locking in *_core() */
+diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
+index db1b0bc..c28f618 100644
+--- a/arch/x86/mm/mpx.c
++++ b/arch/x86/mm/mpx.c
+@@ -622,6 +622,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm,
+ }
+ 
+ /*
++ * We only want to do a 4-byte get_user() on 32-bit.  Otherwise,
++ * we might run off the end of the bounds table if we are on
++ * a 64-bit kernel and try to get 8 bytes.
++ */
++int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret,
++		long __user *bd_entry_ptr)
++{
++	u32 bd_entry_32;
++	int ret;
++
++	if (is_64bit_mm(mm))
++		return get_user(*bd_entry_ret, bd_entry_ptr);
++
++	/*
++	 * Note that get_user() uses the type of the *pointer* to
++	 * establish the size of the get, not the destination.
++	 */
++	ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr);
++	*bd_entry_ret = bd_entry_32;
++	return ret;
++}
++
++/*
+  * Get the base of bounds tables pointed by specific bounds
+  * directory entry.
+  */
+@@ -641,7 +664,7 @@ static int get_bt_addr(struct mm_struct *mm,
+ 		int need_write = 0;
+ 
+ 		pagefault_disable();
+-		ret = get_user(bd_entry, bd_entry_ptr);
++		ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr);
+ 		pagefault_enable();
+ 		if (!ret)
+ 			break;
+@@ -736,11 +759,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm,
+  */
+ static inline unsigned long bd_entry_virt_space(struct mm_struct *mm)
+ {
+-	unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
+-	if (is_64bit_mm(mm))
+-		return virt_space / MPX_BD_NR_ENTRIES_64;
+-	else
+-		return virt_space / MPX_BD_NR_ENTRIES_32;
++	unsigned long long virt_space;
++	unsigned long long GB = (1ULL << 30);
++
++	/*
++	 * This covers 32-bit emulation as well as 32-bit kernels
++	 * running on 64-bit harware.
++	 */
++	if (!is_64bit_mm(mm))
++		return (4ULL * GB) / MPX_BD_NR_ENTRIES_32;
++
++	/*
++	 * 'x86_virt_bits' returns what the hardware is capable
++	 * of, and returns the full >32-bit adddress space when
++	 * running 32-bit kernels on 64-bit hardware.
++	 */
++	virt_space = (1ULL << boot_cpu_data.x86_virt_bits);
++	return virt_space / MPX_BD_NR_ENTRIES_64;
+ }
+ 
+ /*
 diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
 index 4053bb5..b1ad3dc 100644
 --- a/arch/x86/mm/numa.c
@@ -52060,10 +52169,10 @@ index dab2513..4c4b65d 100644
  	return msecs_to_jiffies((s->poll_timeout[2] << 16)
  				| (s->poll_timeout[1] << 8)
 diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c
-index e508c65..fb0dbae 100644
+index e508c65..3fd90eb 100644
 --- a/drivers/net/wireless/ath/ath10k/ce.c
 +++ b/drivers/net/wireless/ath/ath10k/ce.c
-@@ -896,7 +896,7 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar,
+@@ -896,12 +896,12 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar,
  	return 0;
  }
  
@@ -52072,6 +52181,21 @@ index e508c65..fb0dbae 100644
  ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id,
  			 const struct ce_attr *attr)
  {
+ 	struct ath10k_ce_ring *src_ring;
+-	u32 nentries = attr->src_nentries;
++	unsigned long nentries = attr->src_nentries;
+ 	dma_addr_t base_addr;
+ 
+ 	nentries = roundup_pow_of_two(nentries);
+@@ -968,7 +968,7 @@ ath10k_ce_alloc_dest_ring(struct ath10k *ar, unsigned int ce_id,
+ 			  const struct ce_attr *attr)
+ {
+ 	struct ath10k_ce_ring *dest_ring;
+-	u32 nentries;
++	unsigned long nentries;
+ 	dma_addr_t base_addr;
+ 
+ 	nentries = roundup_pow_of_two(attr->dest_nentries);
 diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c
 index 32d9ff1..0952b33 100644
 --- a/drivers/net/wireless/ath/ath10k/htc.c
@@ -129238,10 +129362,10 @@ index 0000000..b884a56
 +}
 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
 new file mode 100644
-index 0000000..5f73f93
+index 0000000..2ec0551
 --- /dev/null
 +++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,813 @@
+@@ -0,0 +1,812 @@
 +#ifndef GCC_COMMON_H_INCLUDED
 +#define GCC_COMMON_H_INCLUDED
 +
@@ -129848,12 +129972,7 @@ index 0000000..5f73f93
 +#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias
 +#endif
 +
-+#if BUILDING_GCC_VERSION < 6000
-+#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning)
-+#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1))
-+#endif
-+
-+#if BUILDING_GCC_VERSION == 5000
++#if BUILDING_GCC_VERSION >= 5000 && BUILDING_GCC_VERSION < 6000
 +// gimple related
 +template <>
 +template <>
@@ -129965,7 +130084,6 @@ index 0000000..5f73f93
 +	symtab->remove_cgraph_duplication_hook(entry);
 +}
 +
-+
 +#if BUILDING_GCC_VERSION >= 6000
 +typedef gimple *gimple_ptr;
 +typedef const gimple *const_gimple;
@@ -130050,6 +130168,11 @@ index 0000000..5f73f93
 +}
 +#endif
 +
++#if BUILDING_GCC_VERSION < 6000
++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning)
++#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1))
++#endif
++
 +#if BUILDING_GCC_VERSION >= 6000
 +#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET((ARG0), (ARG1))
 +#endif


^ permalink raw reply related	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2015-11-24  8:58 99% [gentoo-commits] proj/hardened-patchset:master commit in: 4.2.6/ Anthony G. Basile

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox