commit: 5897e96e7aaecac005baec1bc0770d24f41df0d9 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Wed Oct 21 08:30:27 2015 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Wed Oct 21 08:30:27 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=5897e96e
grsecurity-3.1-4.2.3-201510202025 4.2.3/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.2.3-201510202025.patch} | 169 ++++++++++++--------- 2 files changed, 96 insertions(+), 75 deletions(-) diff --git a/4.2.3/0000_README b/4.2.3/0000_README index d0e396e..08cde44 100644 --- a/4.2.3/0000_README +++ b/4.2.3/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.2.3-201510200858.patch +Patch: 4420_grsecurity-3.1-4.2.3-201510202025.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.2.3/4420_grsecurity-3.1-4.2.3-201510200858.patch b/4.2.3/4420_grsecurity-3.1-4.2.3-201510202025.patch similarity index 99% rename from 4.2.3/4420_grsecurity-3.1-4.2.3-201510200858.patch rename to 4.2.3/4420_grsecurity-3.1-4.2.3-201510202025.patch index 0d6eb57..87c4cb1 100644 --- a/4.2.3/4420_grsecurity-3.1-4.2.3-201510200858.patch +++ b/4.2.3/4420_grsecurity-3.1-4.2.3-201510202025.patch @@ -51934,6 +51934,19 @@ index dab2513..4c4b65d 100644 { return msecs_to_jiffies((s->poll_timeout[2] << 16) | (s->poll_timeout[1] << 8) +diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c +index e508c65..fb0dbae 100644 +--- a/drivers/net/wireless/ath/ath10k/ce.c ++++ b/drivers/net/wireless/ath/ath10k/ce.c +@@ -896,7 +896,7 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar, + return 0; + } + +-static struct ath10k_ce_ring * ++static struct ath10k_ce_ring * __intentional_overflow(-1) + ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id, + const struct ce_attr *attr) + { diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c index 85bfa2a..3f6e72c 100644 --- a/drivers/net/wireless/ath/ath10k/htc.c @@ -57769,7 +57782,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 986abde..80e8279 100644 +index 986abde..2af59b11 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, @@ -57808,6 +57821,15 @@ index 986abde..80e8279 100644 if (copy_to_user(buf, dev->rawdescriptors[i] + (*ppos - pos), min(len, alloclen))) { +@@ -1499,7 +1499,7 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb + } + } + as->urb->dev = ps->dev; +- as->urb->pipe = (uurb->type << 30) | ++ as->urb->pipe = ((unsigned int)uurb->type << 30) | + __create_pipe(ps->dev, uurb->endpoint & 0xf) | + (uurb->endpoint & USB_DIR_IN); + diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index cbcd092..e783f87 100644 --- a/drivers/usb/core/hcd.c @@ -77013,6 +77035,19 @@ index c711be8..23b8df9 100644 inode->i_op = &simple_dir_inode_operations; inode->i_fop = &simple_dir_operations; +diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c +index 754fd6c..ed6acbe 100644 +--- a/fs/dlm/lowcomms.c ++++ b/fs/dlm/lowcomms.c +@@ -538,7 +538,7 @@ static void close_connection(struct connection *con, bool and_other) + /* We only send shutdown messages to nodes that are not part of the cluster */ + static void sctp_send_shutdown(sctp_assoc_t associd) + { +- static char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; ++ char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; + struct msghdr outmessage; + struct cmsghdr *cmsg; + struct sctp_sndrcvinfo *sinfo; diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 3c4db11..a43976f 100644 --- a/fs/ecryptfs/inode.c @@ -77040,7 +77075,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 1977c2a..6371905 100644 +index 1977c2a..b6b953a 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -77536,7 +77571,7 @@ index 1977c2a..6371905 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1743,3 +1918,317 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, +@@ -1743,3 +1918,324 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, argv, envp, flags); } #endif @@ -77841,11 +77876,18 @@ index 1977c2a..6371905 100644 +#endif + +#ifdef CONFIG_PAX_SIZE_OVERFLOW ++ ++#ifdef CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL ++static DEFINE_RATELIMIT_STATE(size_overflow_ratelimit, 15 * HZ, 3); ++#endif ++ +void __nocapture(1, 3, 4) __used report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) +{ +#ifdef CONFIG_PAX_SIZE_OVERFLOW_DISABLE_KILL -+ printk_ratelimited(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); -+ dump_stack(); ++ if (__ratelimit(&size_overflow_ratelimit)) { ++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); ++ dump_stack(); ++ } +#else + printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); + dump_stack(); @@ -119212,18 +119254,21 @@ index 0861018..1fd388b 100644 if (1) { diff --git a/net/core/scm.c b/net/core/scm.c -index 3b6899b..cf36238 100644 +index 3b6899b..20d20e7 100644 --- a/net/core/scm.c +++ b/net/core/scm.c -@@ -209,7 +209,7 @@ EXPORT_SYMBOL(__scm_send); +@@ -209,9 +209,9 @@ EXPORT_SYMBOL(__scm_send); int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm - = (__force struct cmsghdr __user *)msg->msg_control; + = (struct cmsghdr __force_user *)msg->msg_control; struct cmsghdr cmhdr; - int cmlen = CMSG_LEN(len); +- int cmlen = CMSG_LEN(len); ++ size_t cmlen = CMSG_LEN(len); int err; + + if (MSG_CMSG_COMPAT & msg->msg_flags) @@ -232,7 +232,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) @@ -119251,6 +119296,24 @@ index 3b6899b..cf36238 100644 i++, cmfptr++) { struct socket *sock; +@@ -297,7 +297,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) + + if (i > 0) + { +- int cmlen = CMSG_LEN(i*sizeof(int)); ++ size_t cmlen = CMSG_LEN(i*sizeof(int)); + err = put_user(SOL_SOCKET, &cm->cmsg_level); + if (!err) + err = put_user(SCM_RIGHTS, &cm->cmsg_type); +@@ -305,6 +305,8 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) + err = put_user(cmlen, &cm->cmsg_len); + if (!err) { + cmlen = CMSG_SPACE(i*sizeof(int)); ++ if (msg->msg_controllen < cmlen) ++ cmlen = msg->msg_controllen; + msg->msg_control += cmlen; + msg->msg_controllen -= cmlen; + } diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 7b84330..e0f5a86 100644 --- a/net/core/skbuff.c @@ -132439,10 +132502,10 @@ index 0000000..4c7f7c6 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 -index 0000000..675f934 +index 0000000..3baef37 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data -@@ -0,0 +1,12396 @@ +@@ -0,0 +1,12398 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -143960,7 +144023,8 @@ index 0000000..675f934 +disable_so_time_to_send_netem_skb_cb_60711 time_to_send netem_skb_cb 0 60711 NULL nohasharray +disable_so_ref_div_atom_clock_dividers_60711 ref_div atom_clock_dividers 0 60711 &disable_so_time_to_send_netem_skb_cb_60711 +disable_so_dev_sof_uvc_clock_sample_60716 dev_sof uvc_clock_sample 0 60716 NULL -+disable_so_addr_reg_musb_qh_60718 addr_reg musb_qh 0 60718 NULL ++disable_so_addr_reg_musb_qh_60718 addr_reg musb_qh 0 60718 NULL nohasharray ++enable_so_acpi_ex_do_math_op_fndecl_60718 acpi_ex_do_math_op fndecl 0-3-2 60718 &disable_so_addr_reg_musb_qh_60718 +disable_so_reg_clock_sx150x_789_pri_60721 reg_clock sx150x_789_pri 0 60721 NULL +disable_so___parse_nl_addr_fndecl_60734 __parse_nl_addr fndecl 0 60734 NULL +disable_so_frequency_zl10036_state_60737 frequency zl10036_state 0 60737 NULL @@ -144839,6 +144903,7 @@ index 0000000..675f934 +disable_so_si_pt_regs_65527 si pt_regs 0 65527 NULL +enable_so_rts_threshold_wiphy_15170 rts_threshold wiphy 0 15170 NULL +enable_so_value_iw_param_65472 value iw_param 0 65472 NULL ++enable_so_value_acpi_object_integer_44755 value acpi_object_integer 0 44755 NULL diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d @@ -145372,10 +145437,10 @@ index 0000000..37e2e91 +#endif diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c new file mode 100644 -index 0000000..72d6a8f +index 0000000..3f67add --- /dev/null +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c -@@ -0,0 +1,985 @@ +@@ -0,0 +1,941 @@ +/* + * Copyright 2011-2015 by Emese Revfy <[email protected]> + * Licensed under the GPL v2, or (at your option) v3 @@ -146317,50 +146382,6 @@ index 0000000..72d6a8f + so_stmt = get_dup_stmt(visited, stmt); + create_up_and_down_cast(visited, so_stmt, lhs_type, gimple_assign_rhs1(so_stmt)); +} -+ -+bool is_intentional_truncation(gassign *assign) -+{ -+ enum machine_mode lhs_mode, def_rhs_mode; -+ gimple def_stmt; -+ const_tree decl, rhs, def_rhs, def_def_rhs, lhs; -+ -+ if (gimple_num_ops(assign) != 2) -+ return false; -+ -+ lhs = gimple_assign_lhs(assign); -+ if (VAR_P(lhs)) -+ return false; -+ -+ // structure field write -+ decl = get_ref_field(lhs); -+ if (TREE_CODE(decl) != FIELD_DECL) -+ return false; -+ -+ rhs = gimple_assign_rhs1(assign); -+ def_stmt = get_def_stmt(rhs); -+ if (!def_stmt || !gimple_assign_cast_p(def_stmt)) -+ return false; -+ -+ lhs_mode = TYPE_MODE(TREE_TYPE(rhs)); -+ def_rhs = gimple_assign_rhs1(def_stmt); -+ def_rhs_mode = TYPE_MODE(TREE_TYPE(def_rhs)); -+ // cast from 16 to 8 -+ if (def_rhs_mode != HImode || lhs_mode != QImode) -+ return false; -+ -+ def_stmt = get_def_stmt(def_rhs); -+ if (!def_stmt || !is_gimple_assign(def_stmt) || gimple_num_ops(def_stmt) != 2) -+ return false; -+ -+ def_def_rhs = gimple_assign_rhs1(def_stmt); -+ // structure field read -+#if BUILDING_GCC_VERSION == 4005 -+ return TREE_CODE(def_def_rhs) == INDIRECT_REF; -+#else -+ return TREE_CODE(def_def_rhs) == MEM_REF; -+#endif -+} -+ diff --git a/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c b/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c new file mode 100644 index 0000000..5622b51 @@ -146506,10 +146527,10 @@ index 0000000..5622b51 + diff --git a/tools/gcc/size_overflow_plugin/size_overflow.h b/tools/gcc/size_overflow_plugin/size_overflow.h new file mode 100644 -index 0000000..1efcc60 +index 0000000..2d733e1 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow.h -@@ -0,0 +1,323 @@ +@@ -0,0 +1,322 @@ +#ifndef SIZE_OVERFLOW_H +#define SIZE_OVERFLOW_H + @@ -146713,7 +146734,6 @@ index 0000000..1efcc60 +extern bool is_a_neg_overflow(const gassign *stmt, const_tree rhs); +extern enum intentional_overflow_type add_mul_intentional_overflow(const gassign *stmt); +extern void unsigned_signed_cast_intentional_overflow(struct visited *visited, gassign *stmt); -+extern bool is_intentional_truncation(gassign *assign); + + +// insert_size_overflow_asm.c @@ -147035,10 +147055,10 @@ index 0000000..ab2d25a +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..ba470a6 +index 0000000..d372a51 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,20761 @@ +@@ -0,0 +1,20759 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL @@ -161256,7 +161276,6 @@ index 0000000..ba470a6 +enable_so_ext4_journalled_write_end_fndecl_44742 ext4_journalled_write_end fndecl 5-3 44742 NULL +enable_so_erst_clearer_fndecl_44743 erst_clearer fndecl 2 44743 NULL +enable_so_max_phy_id_vardecl_x86_pkg_temp_thermal_c_44750 max_phy_id vardecl_x86_pkg_temp_thermal.c 0 44750 NULL -+enable_so_value_acpi_object_integer_44755 value acpi_object_integer 0 44755 NULL +enable_so_dev_sectors_mddev_44756 dev_sectors mddev 0 44756 NULL +enable_so_brd_probe_fndecl_44758 brd_probe fndecl 1 44758 NULL +enable_so_set_ssp_fndecl_44760 set_ssp fndecl 4 44760 NULL @@ -166285,8 +166304,7 @@ index 0000000..ba470a6 +enable_so_usbdev_read_fndecl_60713 usbdev_read fndecl 3 60713 NULL +enable_so_pwr_missing_bcns_cnt_read_fndecl_60714 pwr_missing_bcns_cnt_read fndecl 3 60714 NULL +enable_so_sock_sendmsg_fndecl_60718 sock_sendmsg fndecl 0 60718 NULL nohasharray -+enable_so_v9fs_xattr_user_set_fndecl_60718 v9fs_xattr_user_set fndecl 4 60718 &enable_so_sock_sendmsg_fndecl_60718 nohasharray -+enable_so_acpi_ex_do_math_op_fndecl_60718 acpi_ex_do_math_op fndecl 0-3-2 60718 &enable_so_v9fs_xattr_user_set_fndecl_60718 ++enable_so_v9fs_xattr_user_set_fndecl_60718 v9fs_xattr_user_set fndecl 4 60718 &enable_so_sock_sendmsg_fndecl_60718 +enable_so_HighPriorityCredit_mpt3sas_facts_60721 HighPriorityCredit mpt3sas_facts 0 60721 NULL +enable_so_reserved_pebs_ubi_volume_60725 reserved_pebs ubi_volume 0 60725 NULL +enable_so_c2_pseudo_change_mtu_fndecl_60734 c2_pseudo_change_mtu fndecl 2 60734 NULL @@ -169642,7 +169660,7 @@ index 0000000..6075e8f + diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c new file mode 100644 -index 0000000..8838f04 +index 0000000..2fef709 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c @@ -0,0 +1,318 @@ @@ -169677,7 +169695,7 @@ index 0000000..8838f04 +tree size_overflow_type_TI; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20151020", ++ .version = "20151021", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -170324,10 +170342,10 @@ index 0000000..317cd6c + diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform.c b/tools/gcc/size_overflow_plugin/size_overflow_transform.c new file mode 100644 -index 0000000..ee7633e +index 0000000..0395a48 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_transform.c -@@ -0,0 +1,742 @@ +@@ -0,0 +1,739 @@ +/* + * Copyright 2011-2015 by Emese Revfy <[email protected]> + * Licensed under the GPL v2, or (at your option) v3 @@ -170876,9 +170894,6 @@ index 0000000..ee7633e + if (mark != MARK_NO) + return head; + -+ if (is_intentional_truncation(assign)) -+ return head; -+ + rhs1 = gimple_assign_rhs1(assign); + head = search_interesting_stmt(head, next_node, assign, rhs1, 0); + @@ -171072,10 +171087,10 @@ index 0000000..ee7633e +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c new file mode 100644 -index 0000000..e7a17f5 +index 0000000..4ac2d6e --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c -@@ -0,0 +1,1004 @@ +@@ -0,0 +1,1010 @@ +/* + * Copyright 2011-2015 by Emese Revfy <[email protected]> + * Licensed under the GPL v2, or (at your option) v3 @@ -171747,6 +171762,12 @@ index 0000000..e7a17f5 + if (handle_unsigned_neg_or_bit_not(visited, expand_from, stmt)) + return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE); + ++ // skip lhs check on HI -> QI cast ++ if (rhs_mode == HImode && lhs_mode == QImode) { ++ pointer_set_insert(visited->no_cast_check, stmt); ++ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE); ++ } ++ + // skip lhs check on signed SI -> HI cast or signed SI -> QI cast + if (rhs_mode == SImode && !TYPE_UNSIGNED(rhs_type) && (lhs_mode == HImode || lhs_mode == QImode)) + return create_assign(visited, stmt, lhs, AFTER_STMT);
