commit: 3be5987c05bea751b6fc0b1717df9d15bb77ddc3
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 6 12:17:02 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Jul 6 12:17:02 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=3be5987c
Grsec/PaX: 3.0-{3.2.60,3.14.10,3.15.3}-201407052032
---
3.14.10/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.10-201407052031.patch} | 70 +++++++++++++++++++++-
... 4420_grsecurity-3.0-3.15.3-201407052032.patch} | 70 +++++++++++++++++++++-
3.2.60/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.60-201407052028.patch} | 37 +++++++++++-
5 files changed, 175 insertions(+), 6 deletions(-)
diff --git a/3.14.10/0000_README b/3.14.10/0000_README
index f6fde5b..7edf2bb 100644
--- a/3.14.10/0000_README
+++ b/3.14.10/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.10-201407012152.patch
+Patch: 4420_grsecurity-3.0-3.14.10-201407052031.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch
b/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
similarity index 99%
rename from 3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch
rename to 3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
index ba8d0dd..5cd674b 100644
--- a/3.14.10/4420_grsecurity-3.0-3.14.10-201407012152.patch
+++ b/3.14.10/4420_grsecurity-3.0-3.14.10-201407052031.patch
@@ -18734,7 +18734,7 @@ index fdedd38..95c02c2 100644
void df_debug(struct pt_regs *regs, long error_code);
#endif /* _ASM_X86_PROCESSOR_H */
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
-index 14fd6fd..6740420 100644
+index 14fd6fd..b31a4a4 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct
pt_regs *regs)
@@ -18807,6 +18807,29 @@ index 14fd6fd..6740420 100644
#endif
return *(unsigned long *)((unsigned long)regs + offset);
}
+@@ -231,6 +235,22 @@ static inline unsigned long
regs_get_kernel_stack_nth(struct pt_regs *regs,
+
+ #define ARCH_HAS_USER_SINGLE_STEP_INFO
+
++/*
++ * When hitting ptrace_stop(), we cannot return using SYSRET because
++ * that does not restore the full CPU state, only a minimal set. The
++ * ptracer can change arbitrary register values, which is usually okay
++ * because the usual ptrace stops run off the signal delivery path which
++ * forces IRET; however, ptrace_event() stops happen in arbitrary places
++ * in the kernel and don't force IRET path.
++ *
++ * So force IRET path after a ptrace stop.
++ */
++#define arch_ptrace_stop_needed(code, info) \
++({ \
++ set_thread_flag(TIF_NOTIFY_RESUME); \
++ false; \
++})
++
+ struct user_desc;
+ extern int do_get_thread_area(struct task_struct *p, int idx,
+ struct user_desc __user *info);
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 9c6b890..5305f53 100644
--- a/arch/x86/include/asm/realmode.h
@@ -82077,6 +82100,20 @@ index 34a1e10..70f6bde 100644
struct proc_ns {
void *ns;
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
+index 077904c..cc79eff 100644
+--- a/include/linux/ptrace.h
++++ b/include/linux/ptrace.h
+@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct
task_struct *tsk,
+ * calling arch_ptrace_stop() when it would be superfluous. For example,
+ * if the thread has not been back to user mode since the last stop, the
+ * thread state might indicate that nothing needs to be done.
++ *
++ * This is guaranteed to be invoked once before a task stops for ptrace and
++ * may include arch-specific operations necessary prior to a ptrace stop.
+ */
+ #define arch_ptrace_stop_needed(code, info) (0)
+ #endif
diff --git a/include/linux/quota.h b/include/linux/quota.h
index cc7494a..1e27036 100644
--- a/include/linux/quota.h
@@ -92405,6 +92442,37 @@ index c24c2f7..f0296f4 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
+diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
+index b74da44..7a85967 100644
+--- a/lib/lz4/lz4_decompress.c
++++ b/lib/lz4/lz4_decompress.c
+@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char
*source, char *dest,
+ int s = 255;
+ while ((ip < iend) && (s == 255)) {
+ s = *ip++;
++ if (unlikely(length > (size_t)(length + s)))
++ goto _output_error;
+ length += s;
+ }
+ }
+@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char
*source, char *dest,
+ if (length == ML_MASK) {
+ while (ip < iend) {
+ int s = *ip++;
++ if (unlikely(length > (size_t)(length + s)))
++ goto _output_error;
+ length += s;
+ if (s == 255)
+ continue;
+@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char
*source, char *dest,
+
+ /* write overflow error detected */
+ _output_error:
+- return (int) (-(((char *) ip) - source));
++ return -1;
+ }
+
+ int lz4_decompress(const unsigned char *src, size_t *src_len,
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index 963b703..438bc51 100644
--- a/lib/percpu-refcount.c
diff --git a/3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch
b/3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch
similarity index 99%
rename from 3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch
rename to 3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch
index 962e272..34bb183 100644
--- a/3.15.3/4420_grsecurity-3.0-3.15.3-201407012153.patch
+++ b/3.15.3/4420_grsecurity-3.0-3.15.3-201407052032.patch
@@ -18365,7 +18365,7 @@ index a4ea023..33aa874 100644
void df_debug(struct pt_regs *regs, long error_code);
#endif /* _ASM_X86_PROCESSOR_H */
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
-index 14fd6fd..6740420 100644
+index 14fd6fd..b31a4a4 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct
pt_regs *regs)
@@ -18438,6 +18438,29 @@ index 14fd6fd..6740420 100644
#endif
return *(unsigned long *)((unsigned long)regs + offset);
}
+@@ -231,6 +235,22 @@ static inline unsigned long
regs_get_kernel_stack_nth(struct pt_regs *regs,
+
+ #define ARCH_HAS_USER_SINGLE_STEP_INFO
+
++/*
++ * When hitting ptrace_stop(), we cannot return using SYSRET because
++ * that does not restore the full CPU state, only a minimal set. The
++ * ptracer can change arbitrary register values, which is usually okay
++ * because the usual ptrace stops run off the signal delivery path which
++ * forces IRET; however, ptrace_event() stops happen in arbitrary places
++ * in the kernel and don't force IRET path.
++ *
++ * So force IRET path after a ptrace stop.
++ */
++#define arch_ptrace_stop_needed(code, info) \
++({ \
++ set_thread_flag(TIF_NOTIFY_RESUME); \
++ false; \
++})
++
+ struct user_desc;
+ extern int do_get_thread_area(struct task_struct *p, int idx,
+ struct user_desc __user *info);
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 9c6b890..5305f53 100644
--- a/arch/x86/include/asm/realmode.h
@@ -81526,6 +81549,20 @@ index 34a1e10..70f6bde 100644
struct proc_ns {
void *ns;
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
+index 077904c..cc79eff 100644
+--- a/include/linux/ptrace.h
++++ b/include/linux/ptrace.h
+@@ -334,6 +334,9 @@ static inline void user_single_step_siginfo(struct
task_struct *tsk,
+ * calling arch_ptrace_stop() when it would be superfluous. For example,
+ * if the thread has not been back to user mode since the last stop, the
+ * thread state might indicate that nothing needs to be done.
++ *
++ * This is guaranteed to be invoked once before a task stops for ptrace and
++ * may include arch-specific operations necessary prior to a ptrace stop.
+ */
+ #define arch_ptrace_stop_needed(code, info) (0)
+ #endif
diff --git a/include/linux/quota.h b/include/linux/quota.h
index cc7494a..1e27036 100644
--- a/include/linux/quota.h
@@ -91912,6 +91949,37 @@ index c24c2f7..f0296f4 100644
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del_rcu);
+diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
+index b74da44..7a85967 100644
+--- a/lib/lz4/lz4_decompress.c
++++ b/lib/lz4/lz4_decompress.c
+@@ -192,6 +192,8 @@ static int lz4_uncompress_unknownoutputsize(const char
*source, char *dest,
+ int s = 255;
+ while ((ip < iend) && (s == 255)) {
+ s = *ip++;
++ if (unlikely(length > (size_t)(length + s)))
++ goto _output_error;
+ length += s;
+ }
+ }
+@@ -232,6 +234,8 @@ static int lz4_uncompress_unknownoutputsize(const char
*source, char *dest,
+ if (length == ML_MASK) {
+ while (ip < iend) {
+ int s = *ip++;
++ if (unlikely(length > (size_t)(length + s)))
++ goto _output_error;
+ length += s;
+ if (s == 255)
+ continue;
+@@ -284,7 +288,7 @@ static int lz4_uncompress_unknownoutputsize(const char
*source, char *dest,
+
+ /* write overflow error detected */
+ _output_error:
+- return (int) (-(((char *) ip) - source));
++ return -1;
+ }
+
+ int lz4_decompress(const unsigned char *src, size_t *src_len,
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index 963b703..438bc51 100644
--- a/lib/percpu-refcount.c
diff --git a/3.2.60/0000_README b/3.2.60/0000_README
index 9604a91..ee22cb5 100644
--- a/3.2.60/0000_README
+++ b/3.2.60/0000_README
@@ -158,7 +158,7 @@ Patch: 1059_linux-3.2.60.patch
From: http://www.kernel.org
Desc: Linux 3.2.60
-Patch: 4420_grsecurity-3.0-3.2.60-201407012149.patch
+Patch: 4420_grsecurity-3.0-3.2.60-201407052028.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch
b/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
similarity index 99%
rename from 3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch
rename to 3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
index 2be45b2..2ddb90d 100644
--- a/3.2.60/4420_grsecurity-3.0-3.2.60-201407012149.patch
+++ b/3.2.60/4420_grsecurity-3.0-3.2.60-201407052028.patch
@@ -15196,7 +15196,7 @@ index 7b0a55a..ad115bf 100644
/* top of stack page */
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
-index 3b96fd4..8790004 100644
+index 3b96fd4..d8c7f13 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -156,28 +156,29 @@ static inline unsigned long regs_return_value(struct
pt_regs *regs)
@@ -15254,6 +15254,29 @@ index 3b96fd4..8790004 100644
#endif
}
#endif
+@@ -287,6 +289,22 @@ static inline unsigned long
regs_get_kernel_stack_nth(struct pt_regs *regs,
+
+ #define ARCH_HAS_USER_SINGLE_STEP_INFO
+
++/*
++ * When hitting ptrace_stop(), we cannot return using SYSRET because
++ * that does not restore the full CPU state, only a minimal set. The
++ * ptracer can change arbitrary register values, which is usually okay
++ * because the usual ptrace stops run off the signal delivery path which
++ * forces IRET; however, ptrace_event() stops happen in arbitrary places
++ * in the kernel and don't force IRET path.
++ *
++ * So force IRET path after a ptrace stop.
++ */
++#define arch_ptrace_stop_needed(code, info) \
++({ \
++ set_thread_flag(TIF_NOTIFY_RESUME); \
++ false; \
++})
++
+ struct user_desc;
+ extern int do_get_thread_area(struct task_struct *p, int idx,
+ struct user_desc __user *info);
diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h
index 92f29706..d0a1a53 100644
--- a/arch/x86/include/asm/reboot.h
@@ -81186,7 +81209,7 @@ index 643b96c..c9bfc32 100644
static inline struct proc_inode *PROC_I(const struct inode *inode)
{
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
-index 800f113..13b3715 100644
+index 800f113..635a20c 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -62,8 +62,9 @@
@@ -81247,6 +81270,16 @@ index 800f113..13b3715 100644
}
}
+@@ -371,6 +377,9 @@ static inline void user_single_step_siginfo(struct
task_struct *tsk,
+ * calling arch_ptrace_stop() when it would be superfluous. For example,
+ * if the thread has not been back to user mode since the last stop, the
+ * thread state might indicate that nothing needs to be done.
++ *
++ * This is guaranteed to be invoked once before a task stops for ptrace and
++ * may include arch-specific operations necessary prior to a ptrace stop.
+ */
+ #define arch_ptrace_stop_needed(code, info) (0)
+ #endif
diff --git a/include/linux/random.h b/include/linux/random.h
index f5e1311..d51eec7 100644
--- a/include/linux/random.h
