commit: e2a98b267048a5c634a9963b7910407d089cdc2f Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Thu Sep 1 16:19:58 2016 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Thu Sep 1 16:19:58 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=e2a98b26
grsecurity-3.1-4.7.2-201608312326 4.7.2/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.7.2-201608312326.patch} | 129 +++++++++++++++------ 2 files changed, 96 insertions(+), 35 deletions(-) diff --git a/4.7.2/0000_README b/4.7.2/0000_README index 0fbc43d..cfaeba4 100644 --- a/4.7.2/0000_README +++ b/4.7.2/0000_README @@ -10,7 +10,7 @@ Patch: 1001_linux-4.7.2.patch From: http://www.kernel.org Desc: Linux 4.7.2 -Patch: 4420_grsecurity-3.1-4.7.2-201608211829.patch +Patch: 4420_grsecurity-3.1-4.7.2-201608312326.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.7.2/4420_grsecurity-3.1-4.7.2-201608211829.patch b/4.7.2/4420_grsecurity-3.1-4.7.2-201608312326.patch similarity index 99% rename from 4.7.2/4420_grsecurity-3.1-4.7.2-201608211829.patch rename to 4.7.2/4420_grsecurity-3.1-4.7.2-201608312326.patch index 6aabc5c..0653f29 100644 --- a/4.7.2/4420_grsecurity-3.1-4.7.2-201608211829.patch +++ b/4.7.2/4420_grsecurity-3.1-4.7.2-201608312326.patch @@ -23925,7 +23925,7 @@ index c3496619..3f3a7dc 100644 asmlinkage void smp_deferred_error_interrupt(void); #endif diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 2982387..a619e60c 100644 +index 2982387..8adcc96 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -8,6 +8,7 @@ @@ -24401,7 +24401,7 @@ index 2982387..a619e60c 100644 - copy_from_user_overflow(); - else - __copy_from_user_overflow(sz, n); -+ if (likely(sz != (size_t)-1 && sz < n)) { ++ if (unlikely(sz != (size_t)-1 && sz < n)) { + if(__builtin_constant_p(n)) + copy_from_user_overflow(); + else @@ -24431,7 +24431,7 @@ index 2982387..a619e60c 100644 - copy_to_user_overflow(); - else - __copy_to_user_overflow(sz, n); -+ if (likely(sz != (size_t)-1 && sz < n)) { ++ if (unlikely(sz != (size_t)-1 && sz < n)) { + if(__builtin_constant_p(n)) + copy_to_user_overflow(); + else @@ -36980,7 +36980,7 @@ index 9c086c5..421e25b 100644 unsigned long uninitialized_var(pfn_align); int i, nid; diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index 7a1f7bb..b245aea 100644 +index 7a1f7bb..62a6748 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -258,7 +258,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -37015,7 +37015,7 @@ index 7a1f7bb..b245aea 100644 #endif +#ifdef CONFIG_PAX_KERNEXEC -+ if (within(pfn, __pa(ktla_ktva((unsigned long)&_text)), __pa((unsigned long)&_sdata))) { ++ if (within(pfn, __pa(ktla_ktva((unsigned long)&_text)) >> PAGE_SHIFT, __pa((unsigned long)&_sdata) >> PAGE_SHIFT)) { + pgprot_val(forbidden) |= _PAGE_RW; + pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask; + } @@ -95993,7 +95993,7 @@ index ae1b540..15cfacf 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index a7a28110..eddc1f5 100644 +index a7a28110..5e00fdb 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -36,6 +36,7 @@ @@ -96605,7 +96605,15 @@ index a7a28110..eddc1f5 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -919,8 +1358,21 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -851,6 +1290,7 @@ static int load_elf_binary(struct linux_binprm *bprm) + current->flags |= PF_RANDOMIZE; + + setup_new_exec(bprm); ++ install_exec_creds(bprm); + + /* Do this so that we can load the interpreter, if need be. We will + change some of these later */ +@@ -919,8 +1359,21 @@ static int load_elf_binary(struct linux_binprm *bprm) if (current->flags & PF_RANDOMIZE) load_bias += arch_mmap_rnd(); load_bias = ELF_PAGESTART(load_bias); @@ -96629,7 +96637,7 @@ index a7a28110..eddc1f5 100644 if (!total_size) { retval = -EINVAL; goto out_free_dentry; -@@ -956,9 +1408,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -956,9 +1409,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -96642,7 +96650,7 @@ index a7a28110..eddc1f5 100644 /* set_brk can never work. Avoid overflows. */ retval = -EINVAL; goto out_free_dentry; -@@ -994,16 +1446,43 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -994,16 +1447,43 @@ static int load_elf_binary(struct linux_binprm *bprm) if (retval) goto out_free_dentry; if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -96691,6 +96699,14 @@ index a7a28110..eddc1f5 100644 load_bias, interp_elf_phdata); if (!IS_ERR((void *)elf_entry)) { /* +@@ -1042,7 +1522,6 @@ static int load_elf_binary(struct linux_binprm *bprm) + goto out; + #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ + +- install_exec_creds(bprm); + retval = create_elf_tables(bprm, &loc->elf_ex, + load_addr, interp_load_addr); + if (retval < 0) @@ -1054,6 +1533,7 @@ static int load_elf_binary(struct linux_binprm *bprm) current->mm->end_data = end_data; current->mm->start_stack = bprm->p; @@ -98766,7 +98782,7 @@ index 281b768..f39dcdf 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 1ed81bb..85b5276 100644 +index 1ed81bb..3d8fde8 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -339,8 +339,9 @@ static inline void dentry_rcuwalk_invalidate(struct dentry *dentry) @@ -98850,7 +98866,16 @@ index 1ed81bb..85b5276 100644 return 0; } -@@ -824,7 +827,7 @@ repeat: +@@ -795,8 +798,6 @@ void dput(struct dentry *dentry) + return; + + repeat: +- might_sleep(); +- + rcu_read_lock(); + if (likely(fast_dput(dentry))) { + rcu_read_unlock(); +@@ -824,7 +825,7 @@ repeat: dentry->d_flags |= DCACHE_REFERENCED; dentry_lru_add(dentry); @@ -98859,7 +98884,7 @@ index 1ed81bb..85b5276 100644 spin_unlock(&dentry->d_lock); return; -@@ -841,7 +844,7 @@ EXPORT_SYMBOL(dput); +@@ -841,7 +842,7 @@ EXPORT_SYMBOL(dput); /* This must be called with d_lock held */ static inline void __dget_dlock(struct dentry *dentry) { @@ -98868,7 +98893,7 @@ index 1ed81bb..85b5276 100644 } static inline void __dget(struct dentry *dentry) -@@ -882,8 +885,8 @@ repeat: +@@ -882,8 +883,8 @@ repeat: goto repeat; } rcu_read_unlock(); @@ -98879,7 +98904,7 @@ index 1ed81bb..85b5276 100644 spin_unlock(&ret->d_lock); return ret; } -@@ -961,9 +964,9 @@ restart: +@@ -961,9 +962,9 @@ restart: spin_lock(&inode->i_lock); hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { spin_lock(&dentry->d_lock); @@ -98891,7 +98916,7 @@ index 1ed81bb..85b5276 100644 __dentry_kill(dentry); dput(parent); goto restart; -@@ -998,7 +1001,7 @@ static void shrink_dentry_list(struct list_head *list) +@@ -998,7 +999,7 @@ static void shrink_dentry_list(struct list_head *list) * We found an inuse dentry which was not removed from * the LRU because of laziness during lookup. Do not free it. */ @@ -98900,7 +98925,7 @@ index 1ed81bb..85b5276 100644 spin_unlock(&dentry->d_lock); if (parent) spin_unlock(&parent->d_lock); -@@ -1036,8 +1039,8 @@ static void shrink_dentry_list(struct list_head *list) +@@ -1036,8 +1037,8 @@ static void shrink_dentry_list(struct list_head *list) dentry = parent; while (dentry && !lockref_put_or_lock(&dentry->d_lockref)) { parent = lock_parent(dentry); @@ -98911,7 +98936,7 @@ index 1ed81bb..85b5276 100644 spin_unlock(&dentry->d_lock); if (parent) spin_unlock(&parent->d_lock); -@@ -1077,7 +1080,7 @@ static enum lru_status dentry_lru_isolate(struct list_head *item, +@@ -1077,7 +1078,7 @@ static enum lru_status dentry_lru_isolate(struct list_head *item, * counts, just remove them from the LRU. Otherwise give them * another pass through the LRU. */ @@ -98920,7 +98945,7 @@ index 1ed81bb..85b5276 100644 d_lru_isolate(lru, dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1414,7 +1417,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) +@@ -1414,7 +1415,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) } else { if (dentry->d_flags & DCACHE_LRU_LIST) d_lru_del(dentry); @@ -98929,7 +98954,7 @@ index 1ed81bb..85b5276 100644 d_shrink_add(dentry, &data->dispose); data->found++; } -@@ -1462,7 +1465,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1462,7 +1463,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) return D_WALK_CONTINUE; /* root with refcount 1 is fine */ @@ -98938,7 +98963,7 @@ index 1ed81bb..85b5276 100644 return D_WALK_CONTINUE; printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} " -@@ -1471,7 +1474,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1471,7 +1472,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) dentry->d_inode ? dentry->d_inode->i_ino : 0UL, dentry, @@ -98947,7 +98972,7 @@ index 1ed81bb..85b5276 100644 dentry->d_sb->s_type->name, dentry->d_sb->s_id); WARN_ON(1); -@@ -1616,7 +1619,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1616,7 +1617,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) dname = dentry->d_iname; } else if (name->len > DNAME_INLINE_LEN-1) { size_t size = offsetof(struct external_name, name[1]); @@ -98956,7 +98981,7 @@ index 1ed81bb..85b5276 100644 GFP_KERNEL_ACCOUNT); if (!p) { kmem_cache_free(dentry_cache, dentry); -@@ -1640,7 +1643,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1640,7 +1641,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) smp_wmb(); dentry->d_name.name = dname; @@ -98965,7 +98990,7 @@ index 1ed81bb..85b5276 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -1649,6 +1652,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1649,6 +1650,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) dentry->d_sb = sb; dentry->d_op = NULL; dentry->d_fsdata = NULL; @@ -98975,7 +99000,7 @@ index 1ed81bb..85b5276 100644 INIT_HLIST_BL_NODE(&dentry->d_hash); INIT_LIST_HEAD(&dentry->d_lru); INIT_LIST_HEAD(&dentry->d_subdirs); -@@ -2314,7 +2320,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -2314,7 +2318,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -98984,7 +99009,7 @@ index 1ed81bb..85b5276 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2382,7 +2388,7 @@ again: +@@ -2382,7 +2386,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -98993,7 +99018,7 @@ index 1ed81bb..85b5276 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -3601,7 +3607,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3601,7 +3605,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -99002,7 +99027,7 @@ index 1ed81bb..85b5276 100644 } } return D_WALK_CONTINUE; -@@ -3709,7 +3715,8 @@ void __init vfs_caches_init_early(void) +@@ -3709,7 +3713,8 @@ void __init vfs_caches_init_early(void) void __init vfs_caches_init(void) { names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -158510,7 +158535,7 @@ index f2280f7..c0a006f 100644 struct irlap_cb *self = (struct irlap_cb *) data; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index fc3598a..03a184e3 100644 +index fc3598a..6c1fb65 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -685,10 +685,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv) @@ -158526,6 +158551,27 @@ index fc3598a..03a184e3 100644 } memcpy(iucv->src_name, name, 8); } +@@ -1326,7 +1326,7 @@ static int iucv_sock_recvmsg(struct socket *sock, struct msghdr *msg, + unsigned int copied, rlen; + struct sk_buff *skb, *rskb, *cskb; + int err = 0; +- u32 offset; ++ u32 offset, class; + + if ((sk->sk_state == IUCV_DISCONN) && + skb_queue_empty(&iucv->backlog_skb_q) && +@@ -1370,9 +1370,8 @@ static int iucv_sock_recvmsg(struct socket *sock, struct msghdr *msg, + /* create control message to store iucv msg target class: + * get the trgcls from the control buffer of the skb due to + * fragmentation of original iucv message. */ +- err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, +- sizeof(IUCV_SKB_CB(skb)->class), +- (void *)&IUCV_SKB_CB(skb)->class); ++ class = IUCV_SKB_CB(skb)->class; ++ err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, sizeof(class), &class); + if (err) { + if (!(flags & MSG_PEEK)) + skb_queue_head(&sk->sk_receive_queue, skb); diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c index 7eaa000..2fa7f35 100644 --- a/net/iucv/iucv.c @@ -160079,7 +160125,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 627f898c..13afbf6 100644 +index 627f898c..32d06cc 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -287,7 +287,7 @@ static void netlink_overrun(struct sock *sk) @@ -160091,7 +160137,22 @@ index 627f898c..13afbf6 100644 } static void netlink_rcv_wake(struct sock *sk) -@@ -2150,7 +2150,9 @@ errout_skb: +@@ -1703,11 +1703,12 @@ static void netlink_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb) + static void netlink_cmsg_listen_all_nsid(struct sock *sk, struct msghdr *msg, + struct sk_buff *skb) + { ++ int nsid = NETLINK_CB(skb).nsid; ++ + if (!NETLINK_CB(skb).nsid_is_set) + return; + +- put_cmsg(msg, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, sizeof(int), +- &NETLINK_CB(skb).nsid); ++ put_cmsg(msg, SOL_NETLINK, NETLINK_LISTEN_ALL_NSID, sizeof(nsid), &nsid); + } + + static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) +@@ -2150,7 +2151,9 @@ errout_skb: int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, const struct nlmsghdr *nlh, @@ -160102,7 +160163,7 @@ index 627f898c..13afbf6 100644 { struct netlink_callback *cb; struct sock *sk; -@@ -2173,7 +2175,7 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, +@@ -2173,7 +2176,7 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, goto error_unlock; } /* add reference of module which cb->dump belongs to */ @@ -160111,7 +160172,7 @@ index 627f898c..13afbf6 100644 ret = -EPROTONOSUPPORT; goto error_unlock; } -@@ -2184,8 +2186,8 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, +@@ -2184,8 +2187,8 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, cb->dump = control->dump; cb->done = control->done; cb->nlh = nlh; @@ -160122,7 +160183,7 @@ index 627f898c..13afbf6 100644 cb->min_dump_alloc = control->min_dump_alloc; cb->skb = skb; -@@ -2452,7 +2454,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -2452,7 +2455,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, atomic_read(&s->sk_refcnt), @@ -160131,7 +160192,7 @@ index 627f898c..13afbf6 100644 sock_i_ino(s) ); -@@ -2559,7 +2561,7 @@ static void __init netlink_add_usersock_entry(void) +@@ -2559,7 +2562,7 @@ static void __init netlink_add_usersock_entry(void) netlink_table_ungrab(); }
