[gentoo-commits] proj/hardened-patchset:master commit in: 4.3.4/
commit: 92b230adb84942fe6bf8d05cc6012ce0f98050a7 Author: Anthony G. Basile gentoo org> AuthorDate: Sat Jan 30 12:37:58 2016 + Commit: Anthony G. Basile gentoo org> CommitDate: Sat Jan 30 12:37:58 2016 + URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=92b230ad grsecurity-3.1-4.3.4-201601292206 4.3.4/_README | 2 +- ...> 4420_grsecurity-3.1-4.3.4-201601292206.patch} | 204 ++--- 2 files changed, 179 insertions(+), 27 deletions(-) diff --git a/4.3.4/_README b/4.3.4/_README index 158f0b1..ce73e44 100644 --- a/4.3.4/_README +++ b/4.3.4/_README @@ -6,7 +6,7 @@ Patch: 1003_linux-4.3.4.patch From: http://www.kernel.org Desc: Linux 4.3.4 -Patch: 4420_grsecurity-3.1-4.3.4-201601261954.patch +Patch: 4420_grsecurity-3.1-4.3.4-201601292206.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch b/4.3.4/4420_grsecurity-3.1-4.3.4-201601292206.patch similarity index 99% rename from 4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch rename to 4.3.4/4420_grsecurity-3.1-4.3.4-201601292206.patch index f866bc7..92cf754 100644 --- a/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch +++ b/4.3.4/4420_grsecurity-3.1-4.3.4-201601292206.patch @@ -75860,14 +75860,17 @@ index 155f842..89922d8 100644 file = aio_private_file(ctx, nr_pages); diff --git a/fs/attr.c b/fs/attr.c -index 6530ced..4a827e2 100644 +index 6530ced..559e5e6 100644 --- a/fs/attr.c +++ b/fs/attr.c -@@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) +@@ -102,6 +102,10 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) unsigned long limit; limit = rlimit(RLIMIT_FSIZE); -+ gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1); ++ if (offset > ULONG_MAX) ++ gr_learn_resource(current, RLIMIT_FSIZE, ULONG_MAX, 1); ++ else if (offset > 0) ++ gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long)offset, 1); if (limit != RLIM_INFINITY && offset > limit) goto out_sig; if (offset > inode->i_sb->s_maxbytes) @@ -77631,7 +77634,7 @@ index b406a32..243eb1c 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 62203c3..93267bf 100644 +index 62203c3..fa2d9b3 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -2054,10 +2054,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -77652,6 +77655,15 @@ index 62203c3..93267bf 100644 scanned = true; } server = cifs_sb_master_tcon(cifs_sb)->ses->server; +@@ -2531,7 +2535,7 @@ cifs_write_from_iter(loff_t offset, size_t len, struct iov_iter *from, + wdata->pid = pid; + wdata->bytes = cur_len; + wdata->pagesz = PAGE_SIZE; +- wdata->tailsz = cur_len - ((nr_pages - 1) * PAGE_SIZE); ++ wdata->tailsz = cur_len - nr_pages * PAGE_SIZE + PAGE_SIZE; + wdata->credits = credits; + + if (!wdata->cfile->invalidHandle || diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 8442b8b..ea6986f 100644 --- a/fs/cifs/misc.c @@ -82037,6 +82049,19 @@ index ebb5e37..beae05b 100644 do_wakeup = 1; } +diff --git a/fs/gfs2/file.c b/fs/gfs2/file.c +index cf4ab89..5a00960 100644 +--- a/fs/gfs2/file.c b/fs/gfs2/file.c +@@ -781,7 +781,7 @@ static void calc_max_reserv(struct gfs2_inode *ip, loff_t *len, + { + loff_t max = *len; + const struct gfs2_sbd *sdp = GFS2_SB(>i_inode); +- unsigned int tmp, max_data = max_blocks - 3 * (sdp->sd_max_height - 1); ++ unsigned int tmp, max_data = max_blocks - 3 * sdp->sd_max_height + 3; + + for (tmp = max_data; tmp > sdp->sd_diptrs;) { + tmp = DIV_ROUND_UP(tmp, sdp->sd_inptrs); diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c index 9bd1244..b8c82d9 100644 --- a/fs/gfs2/glock.c @@ -112918,6 +112943,46 @@ index 6d2a119..ac24f34 100644 static inline void put_prev_task(struct rq *rq, struct task_struct *prev) { +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index 5bd4779..6bf906d 100644 +--- a/kernel/seccomp.c b/kernel/seccomp.c +@@ -316,24 +316,24 @@ static inline void seccomp_sync_threads(void) + put_seccomp_filter(thread); + smp_store_release(>seccomp.filter, + caller->seccomp.filter); ++ ++ /* ++ * Don't let an unprivileged task work around ++ * the no_new_privs restriction by creating ++ * a thread that sets it up, enters seccomp, ++ * then dies. ++ */ ++ if
[gentoo-commits] proj/hardened-patchset:master commit in: 4.3.4/
commit: 8f65a787591f7fdc93c18637c2d33210e0cd738d Author: Anthony G. Basile gentoo org> AuthorDate: Thu Jan 28 05:31:20 2016 + Commit: Anthony G. Basile gentoo org> CommitDate: Thu Jan 28 05:31:20 2016 + URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8f65a787 grsecurity-3.1-4.3.4-201601261954 4.3.4/_README | 2 +- ...> 4420_grsecurity-3.1-4.3.4-201601261954.patch} | 444 +++-- 4.3.4/4427_force_XATTR_PAX_tmpfs.patch | 4 +- 4.3.4/4450_grsec-kconfig-default-gids.patch| 12 +- 4.3.4/4465_selinux-avc_audit-log-curr_ip.patch | 2 +- 5 files changed, 411 insertions(+), 53 deletions(-) diff --git a/4.3.4/_README b/4.3.4/_README index f0bdee5..158f0b1 100644 --- a/4.3.4/_README +++ b/4.3.4/_README @@ -6,7 +6,7 @@ Patch: 1003_linux-4.3.4.patch From: http://www.kernel.org Desc: Linux 4.3.4 -Patch: 4420_grsecurity-3.1-4.3.4-201601231215.patch +Patch: 4420_grsecurity-3.1-4.3.4-201601261954.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.3.4/4420_grsecurity-3.1-4.3.4-201601231215.patch b/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch similarity index 99% rename from 4.3.4/4420_grsecurity-3.1-4.3.4-201601231215.patch rename to 4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch index db01d7f..f866bc7 100644 --- a/4.3.4/4420_grsecurity-3.1-4.3.4-201601231215.patch +++ b/4.3.4/4420_grsecurity-3.1-4.3.4-201601261954.patch @@ -12575,7 +12575,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 96d058a..b581500 100644 +index 96d058a..92a8d5b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -36,14 +36,13 @@ config X86 @@ -12661,6 +12661,15 @@ index 96d058a..b581500 100644 config ARCH_DMA_ADDR_T_64BIT def_bool y +@@ -1448,7 +1450,7 @@ config ARCH_PROC_KCORE_TEXT + + config ILLEGAL_POINTER_VALUE +hex +- default 0 if X86_32 ++ default 0xf000 if X86_32 +default 0xdead if X86_64 + + source "mm/Kconfig" @@ -1757,6 +1759,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -19780,7 +19789,7 @@ index 55234d5..7e3c4bf 100644 atomic_t perf_rdpmc_allowed;/* nonzero if rdpmc is allowed */ } mm_context_t; diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index 379cd36..25f4ba2 100644 +index 379cd36..8ef26be 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -46,7 +46,7 @@ struct ldt_struct { @@ -19792,7 +19801,31 @@ index 379cd36..25f4ba2 100644 }; /* -@@ -98,26 +98,95 @@ static inline void load_mm_ldt(struct mm_struct *mm) +@@ -58,6 +58,23 @@ void destroy_context(struct mm_struct *mm); + static inline int init_new_context(struct task_struct *tsk, + struct mm_struct *mm) + { ++ if (tsk == current) { ++ mm->context.vdso = 0; ++ ++#ifdef CONFIG_X86_32 ++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) ++ mm->context.user_cs_base = 0UL; ++ mm->context.user_cs_limit = ~0UL; ++ ++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) ++ cpumask_clear(>context.cpu_user_cs_mask); ++#endif ++ ++#endif ++#endif ++ ++ } ++ + return 0; + } + static inline void destroy_context(struct mm_struct *mm) {} +@@ -98,26 +115,95 @@ static inline void load_mm_ldt(struct mm_struct *mm) static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) { @@ -19888,7 +19921,7 @@ index 379cd36..25f4ba2 100644 trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); /* Stop flush ipis for the previous mm */ -@@ -142,9 +211,31 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -142,9 +228,31 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, if (unlikely(prev->context.ldt != next->context.ldt)) load_mm_ldt(next); #endif @@ -19921,7 +19954,7 @@ index 379cd36..25f4ba2 100644 this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); -@@ -161,13 +252,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -161,13 +269,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, * tlb flush IPI delivery. We must reload CR3 * to make sure to use no freed page tables. */ @@ -52619,6 +52652,86 @@ index ed00446..943fe2c 100644 break; err = 0; break; +diff --git a/drivers/net/ppp/pptp.c