[gentoo-commits] proj/hardened-patchset:master commit in: 4.3.4/

2016-01-30 Thread Anthony G. Basile 
commit: 92b230adb84942fe6bf8d05cc6012ce0f98050a7
Author: Anthony G. Basile  gentoo  org>
AuthorDate: Sat Jan 30 12:37:58 2016 +
Commit: Anthony G. Basile  gentoo  org>
CommitDate: Sat Jan 30 12:37:58 2016 +
URL:
https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=92b230ad

grsecurity-3.1-4.3.4-201601292206

 4.3.4/_README  |   2 +-
 ...> 4420_grsecurity-3.1-4.3.4-201601292206.patch} | 204 ++---
 2 files changed, 179 insertions(+), 27 deletions(-)

diff --git a/4.3.4/_README b/4.3.4/_README
index 158f0b1..ce73e44 100644
--- a/4.3.4/_README
+++ b/4.3.4/_README
@@ -6,7 +6,7 @@ Patch:  1003_linux-4.3.4.patch
 From:  http://www.kernel.org
 Desc:  Linux 4.3.4
 
-Patch: 4420_grsecurity-3.1-4.3.4-201601261954.patch
+Patch: 4420_grsecurity-3.1-4.3.4-201601292206.patch
 From:  http://www.grsecurity.net
 Desc:  hardened-sources base patch from upstream grsecurity
 

diff --git a/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch 
b/4.3.4/4420_grsecurity-3.1-4.3.4-201601292206.patch
similarity index 99%
rename from 4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch
rename to 4.3.4/4420_grsecurity-3.1-4.3.4-201601292206.patch
index f866bc7..92cf754 100644
--- a/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch
+++ b/4.3.4/4420_grsecurity-3.1-4.3.4-201601292206.patch
@@ -75860,14 +75860,17 @@ index 155f842..89922d8 100644
  
file = aio_private_file(ctx, nr_pages);
 diff --git a/fs/attr.c b/fs/attr.c
-index 6530ced..4a827e2 100644
+index 6530ced..559e5e6 100644
 --- a/fs/attr.c
 +++ b/fs/attr.c
-@@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t 
offset)
+@@ -102,6 +102,10 @@ int inode_newsize_ok(const struct inode *inode, loff_t 
offset)
unsigned long limit;
  
limit = rlimit(RLIMIT_FSIZE);
-+  gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 
1);
++  if (offset > ULONG_MAX)
++  gr_learn_resource(current, RLIMIT_FSIZE, ULONG_MAX, 1);
++  else if (offset > 0)
++  gr_learn_resource(current, RLIMIT_FSIZE, (unsigned 
long)offset, 1);
if (limit != RLIM_INFINITY && offset > limit)
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
@@ -77631,7 +77634,7 @@ index b406a32..243eb1c 100644
  GLOBAL_EXTERN atomic_t smBufAllocCount;
  GLOBAL_EXTERN atomic_t midCount;
 diff --git a/fs/cifs/file.c b/fs/cifs/file.c
-index 62203c3..93267bf 100644
+index 62203c3..fa2d9b3 100644
 --- a/fs/cifs/file.c
 +++ b/fs/cifs/file.c
 @@ -2054,10 +2054,14 @@ static int cifs_writepages(struct address_space 
*mapping,
@@ -77652,6 +77655,15 @@ index 62203c3..93267bf 100644
scanned = true;
}
server = cifs_sb_master_tcon(cifs_sb)->ses->server;
+@@ -2531,7 +2535,7 @@ cifs_write_from_iter(loff_t offset, size_t len, struct 
iov_iter *from,
+   wdata->pid = pid;
+   wdata->bytes = cur_len;
+   wdata->pagesz = PAGE_SIZE;
+-  wdata->tailsz = cur_len - ((nr_pages - 1) * PAGE_SIZE);
++  wdata->tailsz = cur_len - nr_pages * PAGE_SIZE + PAGE_SIZE;
+   wdata->credits = credits;
+ 
+   if (!wdata->cfile->invalidHandle ||
 diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
 index 8442b8b..ea6986f 100644
 --- a/fs/cifs/misc.c
@@ -82037,6 +82049,19 @@ index ebb5e37..beae05b 100644
do_wakeup = 1;
}
  
+diff --git a/fs/gfs2/file.c b/fs/gfs2/file.c
+index cf4ab89..5a00960 100644
+--- a/fs/gfs2/file.c
 b/fs/gfs2/file.c
+@@ -781,7 +781,7 @@ static void calc_max_reserv(struct gfs2_inode *ip, loff_t 
*len,
+ {
+   loff_t max = *len;
+   const struct gfs2_sbd *sdp = GFS2_SB(>i_inode);
+-  unsigned int tmp, max_data = max_blocks - 3 * (sdp->sd_max_height - 1);
++  unsigned int tmp, max_data = max_blocks - 3 * sdp->sd_max_height + 3;
+ 
+   for (tmp = max_data; tmp > sdp->sd_diptrs;) {
+   tmp = DIV_ROUND_UP(tmp, sdp->sd_inptrs);
 diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
 index 9bd1244..b8c82d9 100644
 --- a/fs/gfs2/glock.c
@@ -112918,6 +112943,46 @@ index 6d2a119..ac24f34 100644
  
  static inline void put_prev_task(struct rq *rq, struct task_struct *prev)
  {
+diff --git a/kernel/seccomp.c b/kernel/seccomp.c
+index 5bd4779..6bf906d 100644
+--- a/kernel/seccomp.c
 b/kernel/seccomp.c
+@@ -316,24 +316,24 @@ static inline void seccomp_sync_threads(void)
+   put_seccomp_filter(thread);
+   smp_store_release(>seccomp.filter,
+ caller->seccomp.filter);
++
++  /*
++   * Don't let an unprivileged task work around
++   * the no_new_privs restriction by creating
++   * a thread that sets it up, enters seccomp,
++   * then dies.
++   */
++  if

[gentoo-commits] proj/hardened-patchset:master commit in: 4.3.4/

2016-01-27 Thread Anthony G. Basile 
commit: 8f65a787591f7fdc93c18637c2d33210e0cd738d
Author: Anthony G. Basile  gentoo  org>
AuthorDate: Thu Jan 28 05:31:20 2016 +
Commit: Anthony G. Basile  gentoo  org>
CommitDate: Thu Jan 28 05:31:20 2016 +
URL:
https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8f65a787

grsecurity-3.1-4.3.4-201601261954

 4.3.4/_README  |   2 +-
 ...> 4420_grsecurity-3.1-4.3.4-201601261954.patch} | 444 +++--
 4.3.4/4427_force_XATTR_PAX_tmpfs.patch |   4 +-
 4.3.4/4450_grsec-kconfig-default-gids.patch|  12 +-
 4.3.4/4465_selinux-avc_audit-log-curr_ip.patch |   2 +-
 5 files changed, 411 insertions(+), 53 deletions(-)

diff --git a/4.3.4/_README b/4.3.4/_README
index f0bdee5..158f0b1 100644
--- a/4.3.4/_README
+++ b/4.3.4/_README
@@ -6,7 +6,7 @@ Patch:  1003_linux-4.3.4.patch
 From:  http://www.kernel.org
 Desc:  Linux 4.3.4
 
-Patch: 4420_grsecurity-3.1-4.3.4-201601231215.patch
+Patch: 4420_grsecurity-3.1-4.3.4-201601261954.patch
 From:  http://www.grsecurity.net
 Desc:  hardened-sources base patch from upstream grsecurity
 

diff --git a/4.3.4/4420_grsecurity-3.1-4.3.4-201601231215.patch 
b/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch
similarity index 99%
rename from 4.3.4/4420_grsecurity-3.1-4.3.4-201601231215.patch
rename to 4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch
index db01d7f..f866bc7 100644
--- a/4.3.4/4420_grsecurity-3.1-4.3.4-201601231215.patch
+++ b/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch
@@ -12575,7 +12575,7 @@ index ad8f795..2c7eec6 100644
  /*
   * Memory returned by kmalloc() may be used for DMA, so we must make
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 96d058a..b581500 100644
+index 96d058a..92a8d5b 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
 @@ -36,14 +36,13 @@ config X86
@@ -12661,6 +12661,15 @@ index 96d058a..b581500 100644
  
  config ARCH_DMA_ADDR_T_64BIT
def_bool y
+@@ -1448,7 +1450,7 @@ config ARCH_PROC_KCORE_TEXT
+ 
+ config ILLEGAL_POINTER_VALUE
+hex
+-   default 0 if X86_32
++   default 0xf000 if X86_32
+default 0xdead if X86_64
+ 
+ source "mm/Kconfig"
 @@ -1757,6 +1759,7 @@ source kernel/Kconfig.hz
  config KEXEC
bool "kexec system call"
@@ -19780,7 +19789,7 @@ index 55234d5..7e3c4bf 100644
atomic_t perf_rdpmc_allowed;/* nonzero if rdpmc is allowed */
  } mm_context_t;
 diff --git a/arch/x86/include/asm/mmu_context.h 
b/arch/x86/include/asm/mmu_context.h
-index 379cd36..25f4ba2 100644
+index 379cd36..8ef26be 100644
 --- a/arch/x86/include/asm/mmu_context.h
 +++ b/arch/x86/include/asm/mmu_context.h
 @@ -46,7 +46,7 @@ struct ldt_struct {
@@ -19792,7 +19801,31 @@ index 379cd36..25f4ba2 100644
  };
  
  /*
-@@ -98,26 +98,95 @@ static inline void load_mm_ldt(struct mm_struct *mm)
+@@ -58,6 +58,23 @@ void destroy_context(struct mm_struct *mm);
+ static inline int init_new_context(struct task_struct *tsk,
+  struct mm_struct *mm)
+ {
++  if (tsk == current) {
++  mm->context.vdso = 0;
++
++#ifdef CONFIG_X86_32
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++  mm->context.user_cs_base = 0UL;
++  mm->context.user_cs_limit = ~0UL;
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
++  cpumask_clear(>context.cpu_user_cs_mask);
++#endif
++
++#endif
++#endif
++
++  }
++
+   return 0;
+ }
+ static inline void destroy_context(struct mm_struct *mm) {}
+@@ -98,26 +115,95 @@ static inline void load_mm_ldt(struct mm_struct *mm)
  
  static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct 
*tsk)
  {
@@ -19888,7 +19921,7 @@ index 379cd36..25f4ba2 100644
trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
  
/* Stop flush ipis for the previous mm */
-@@ -142,9 +211,31 @@ static inline void switch_mm(struct mm_struct *prev, 
struct mm_struct *next,
+@@ -142,9 +228,31 @@ static inline void switch_mm(struct mm_struct *prev, 
struct mm_struct *next,
if (unlikely(prev->context.ldt != next->context.ldt))
load_mm_ldt(next);
  #endif
@@ -19921,7 +19954,7 @@ index 379cd36..25f4ba2 100644
this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
  
-@@ -161,13 +252,30 @@ static inline void switch_mm(struct mm_struct *prev, 
struct mm_struct *next,
+@@ -161,13 +269,30 @@ static inline void switch_mm(struct mm_struct *prev, 
struct mm_struct *next,
 * tlb flush IPI delivery. We must reload CR3
 * to make sure to use no freed page tables.
 */
@@ -52619,6 +52652,86 @@ index ed00446..943fe2c 100644
break;
err = 0;
break;
+diff --git a/drivers/net/ppp/pptp.c