diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-11-09 11:42:53 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-11-09 11:42:53 -0500 |
| commit | c9e575207cd9ce2929c6df7daa6ac0d06348e532 (patch) | |
| tree | f3eb7de25f20f9619b92531236ff30d5be844a83 | |
| parent | grsecurity-3.1-4.2.5-201511021814 (diff) | |
| download | hardened-patchset-20151108.tar.gz hardened-patchset-20151108.tar.bz2 hardened-patchset-20151108.zip | |
grsecurity-3.1-4.2.5-20151108181520151108
| -rw-r--r-- | 4.2.5/0000_README | 2 | ||||
| -rw-r--r-- | 4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch (renamed from 4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch) | 109 |
2 files changed, 75 insertions, 36 deletions
diff --git a/4.2.5/0000_README b/4.2.5/0000_README index 35d5d28..7d29a1e 100644 --- a/4.2.5/0000_README +++ b/4.2.5/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.2.5-201511021814.patch +Patch: 4420_grsecurity-3.1-4.2.5-201511081815.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch b/4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch index 52245c5..ca4df8f 100644 --- a/4.2.5/4420_grsecurity-3.1-4.2.5-201511021814.patch +++ b/4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch @@ -27804,7 +27804,7 @@ index adf0392..88a7576 100644 dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs); } diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index c27cad7..cc494be 100644 +index c27cad7..47c45ed 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -15,6 +15,7 @@ @@ -27833,7 +27833,7 @@ index c27cad7..cc494be 100644 }; EXPORT_PER_CPU_SYMBOL(cpu_tss); -@@ -75,17 +78,37 @@ void idle_notifier_unregister(struct notifier_block *n) +@@ -75,17 +78,36 @@ void idle_notifier_unregister(struct notifier_block *n) EXPORT_SYMBOL_GPL(idle_notifier_unregister); #endif @@ -27856,7 +27856,6 @@ index c27cad7..cc494be 100644 { - memcpy(dst, src, arch_task_struct_size); + *dst = *src; -+ + dst->thread.fpu.state = kmem_cache_alloc_node(fpregs_state_cachep, GFP_KERNEL, tsk_fork_get_node(src)); + memcpy(dst->thread.fpu.state, src->thread.fpu.state, xstate_size); @@ -27872,7 +27871,7 @@ index c27cad7..cc494be 100644 /* * Free current thread data structures etc.. */ -@@ -97,7 +120,7 @@ void exit_thread(void) +@@ -97,7 +119,7 @@ void exit_thread(void) struct fpu *fpu = &t->fpu; if (bp) { @@ -27881,7 +27880,7 @@ index c27cad7..cc494be 100644 t->io_bitmap_ptr = NULL; clear_thread_flag(TIF_IO_BITMAP); -@@ -117,6 +140,9 @@ void flush_thread(void) +@@ -117,6 +139,9 @@ void flush_thread(void) { struct task_struct *tsk = current; @@ -27891,7 +27890,7 @@ index c27cad7..cc494be 100644 flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); -@@ -258,7 +284,7 @@ static void __exit_idle(void) +@@ -258,7 +283,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -27900,7 +27899,7 @@ index c27cad7..cc494be 100644 return; __exit_idle(); } -@@ -311,7 +337,7 @@ bool xen_set_default_idle(void) +@@ -311,7 +336,7 @@ bool xen_set_default_idle(void) return ret; } #endif @@ -27909,7 +27908,7 @@ index c27cad7..cc494be 100644 { local_irq_disable(); /* -@@ -488,16 +514,40 @@ static int __init idle_setup(char *str) +@@ -488,16 +513,40 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -28063,7 +28062,7 @@ index f73c962..6589332 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index a90ac95..ebac33e 100644 +index a90ac95..9f5135e 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -157,9 +157,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, @@ -28124,26 +28123,6 @@ index a90ac95..ebac33e 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps */ -@@ -510,7 +520,6 @@ unsigned long get_wchan(struct task_struct *p) - - if (!p || p == current || p->state == TASK_RUNNING) - return 0; -- - start = (unsigned long)task_stack_page(p); - if (!start) - return 0; -@@ -535,7 +544,10 @@ unsigned long get_wchan(struct task_struct *p) - */ - top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; - top -= 2 * sizeof(unsigned long); -- bottom = start + sizeof(struct thread_info); -+ /* not adding sizeof(thread_info) since it's not located on the stack -+ with PaX patched in -+ */ -+ bottom = start; - - sp = READ_ONCE(p->thread.sp); - if (sp < bottom || sp > top) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 9be72bc..f4329c5 100644 --- a/arch/x86/kernel/ptrace.c @@ -53039,7 +53018,7 @@ index f66be86..6cbcabb 100644 /** diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 312f23a..8c8b922 100644 +index 312f23a..8b7d036 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev, @@ -53047,7 +53026,7 @@ index 312f23a..8c8b922 100644 return ret; - if (!node_online(node)) -+ if (node >= MAX_NUMNODES || !node_online(node)) ++ if (node < 0 || node >= MAX_NUMNODES || !node_online(node)) return -EINVAL; add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK); @@ -76876,7 +76855,7 @@ index c711be8..23b8df9 100644 inode->i_fop = &simple_dir_operations; diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c -index 754fd6c..ed6acbe 100644 +index 754fd6c..3b93157 100644 --- a/fs/dlm/lowcomms.c +++ b/fs/dlm/lowcomms.c @@ -538,7 +538,7 @@ static void close_connection(struct connection *con, bool and_other) @@ -76884,7 +76863,7 @@ index 754fd6c..ed6acbe 100644 static void sctp_send_shutdown(sctp_assoc_t associd) { - static char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; -+ char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; ++ char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))] = {}; struct msghdr outmessage; struct cmsghdr *cmsg; struct sctp_sndrcvinfo *sinfo; @@ -100670,6 +100649,19 @@ index f822c3c..958ca0a 100644 struct file; /* forward dec */ struct path; +diff --git a/include/linux/msg.h b/include/linux/msg.h +index f3f302f..a001305 100644 +--- a/include/linux/msg.h ++++ b/include/linux/msg.h +@@ -29,7 +29,7 @@ struct msg_queue { + struct list_head q_messages; + struct list_head q_receivers; + struct list_head q_senders; +-}; ++} __randomize_layout; + + /* Helper routines for sys_msgsnd and sys_msgrcv */ + extern long do_msgsnd(int msqid, long mtype, void __user *mtext, diff --git a/include/linux/net.h b/include/linux/net.h index 04aa068..8a24df5 100644 --- a/include/linux/net.h @@ -101854,6 +101846,19 @@ index 2f4c1f7..5bc05d7 100644 struct linux_binprm; struct cred; +diff --git a/include/linux/sem.h b/include/linux/sem.h +index 976ce3a..db62f3f 100644 +--- a/include/linux/sem.h ++++ b/include/linux/sem.h +@@ -21,7 +21,7 @@ struct sem_array { + struct list_head list_id; /* undo requests on this array */ + int sem_nsems; /* no. of semaphores in array */ + int complex_count; /* pending complex operations */ +-}; ++} __randomize_layout; + + #ifdef CONFIG_SYSVIPC + diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h index dc368b8..e895209 100644 --- a/include/linux/semaphore.h @@ -105006,8 +105011,22 @@ index 161a180..be31d93 100644 spin_lock(&mq_lock); if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { +diff --git a/ipc/msg.c b/ipc/msg.c +index 1471db9..dbdcf7f 100644 +--- a/ipc/msg.c ++++ b/ipc/msg.c +@@ -1041,7 +1041,8 @@ void msg_exit_ns(struct ipc_namespace *ns) + static int sysvipc_msg_proc_show(struct seq_file *s, void *it) + { + struct user_namespace *user_ns = seq_user_ns(s); +- struct msg_queue *msq = it; ++ struct kern_ipc_perm *perm = it; ++ struct msg_queue *msq = container_of(perm, struct msg_queue, q_perm); + + seq_printf(s, + "%10d %10d %4o %10lu %10lu %5u %5u %5u %5u %5u %5u %10lu %10lu %10lu\n", diff --git a/ipc/sem.c b/ipc/sem.c -index b471e5a..89aef1d 100644 +index b471e5a..cb0c603 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -1790,7 +1790,7 @@ static int get_queue_result(struct sem_queue *q) @@ -105028,8 +105047,18 @@ index b471e5a..89aef1d 100644 { return sys_semtimedop(semid, tsops, nsops, NULL); } +@@ -2180,7 +2180,8 @@ void exit_sem(struct task_struct *tsk) + static int sysvipc_sem_proc_show(struct seq_file *s, void *it) + { + struct user_namespace *user_ns = seq_user_ns(s); +- struct sem_array *sma = it; ++ struct kern_ipc_perm *perm = it; ++ struct sem_array *sma = container_of(perm, struct sem_array, sem_perm); + time_t sem_otime; + + /* diff --git a/ipc/shm.c b/ipc/shm.c -index 0e61fd4..c545631 100644 +index 0e61fd4..38b0991 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -72,6 +72,14 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -105096,6 +105125,16 @@ index 0e61fd4..c545631 100644 size = i_size_read(d_inode(path.dentry)); ipc_unlock_object(&shp->shm_perm); rcu_read_unlock(); +@@ -1332,7 +1361,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) + static int sysvipc_shm_proc_show(struct seq_file *s, void *it) + { + struct user_namespace *user_ns = seq_user_ns(s); +- struct shmid_kernel *shp = it; ++ struct kern_ipc_perm *perm = it; ++ struct shmid_kernel *shp = container_of(perm, struct shmid_kernel, shm_perm); + unsigned long rss = 0, swp = 0; + + shm_add_rss_swap(shp, &rss, &swp); diff --git a/ipc/util.c b/ipc/util.c index 0f401d9..049b0ff 100644 --- a/ipc/util.c |