commit: 38964b55adf113b8b1ccdf56092263b4ef9a7578 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Tue Nov 24 09:05:09 2015 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Tue Nov 24 09:05:09 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=38964b55
grsecurity-3.1-4.2.6-201511232037 4.2.6/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.2.6-201511232037.patch} | 175 ++++++++++++++++++--- 2 files changed, 150 insertions(+), 27 deletions(-) diff --git a/4.2.6/0000_README b/4.2.6/0000_README index 454ccd7..91bcf5d 100644 --- a/4.2.6/0000_README +++ b/4.2.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.2.6-201511211841.patch +Patch: 4420_grsecurity-3.1-4.2.6-201511232037.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch similarity index 99% rename from 4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch rename to 4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch index 30663c2..32f511d 100644 --- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511211841.patch +++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511232037.patch @@ -23775,7 +23775,7 @@ index 04f0fe5..3c0598c 100644 /* diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index cb9e5df..0d25636 100644 +index cb9e5df..0849dd8 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -91,60 +91,6 @@ static const struct cpu_dev default_cpu = { @@ -23839,7 +23839,19 @@ index cb9e5df..0d25636 100644 static int __init x86_mpx_setup(char *s) { /* require an exact match without trailing characters */ -@@ -287,6 +233,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) +@@ -272,10 +218,9 @@ __setup("nosmap", setup_disable_smap); + + static __always_inline void setup_smap(struct cpuinfo_x86 *c) + { +- unsigned long eflags; ++ unsigned long eflags = native_save_fl(); + + /* This should have been cleared long ago */ +- raw_local_save_flags(eflags); + BUG_ON(eflags & X86_EFLAGS_AC); + + if (cpu_has(c, X86_FEATURE_SMAP)) { +@@ -287,6 +232,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) } } @@ -23949,7 +23961,7 @@ index cb9e5df..0d25636 100644 /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization -@@ -387,7 +436,7 @@ void switch_to_new_gdt(int cpu) +@@ -387,7 +435,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -23958,7 +23970,7 @@ index cb9e5df..0d25636 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -918,6 +967,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -918,6 +966,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); @@ -23979,7 +23991,7 @@ index cb9e5df..0d25636 100644 /* * The vendor-specific functions might have changed features. * Now we do "generic changes." -@@ -992,7 +1055,7 @@ void enable_sep_cpu(void) +@@ -992,7 +1054,7 @@ void enable_sep_cpu(void) int cpu; cpu = get_cpu(); @@ -23988,7 +24000,7 @@ index cb9e5df..0d25636 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) goto out; -@@ -1138,10 +1201,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1138,10 +1200,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -24004,7 +24016,7 @@ index cb9e5df..0d25636 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE) __visible; -@@ -1253,21 +1318,21 @@ EXPORT_PER_CPU_SYMBOL(current_task); +@@ -1253,21 +1317,21 @@ EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT; EXPORT_PER_CPU_SYMBOL(__preempt_count); @@ -24033,7 +24045,7 @@ index cb9e5df..0d25636 100644 /* * Clear all 6 debug registers: */ -@@ -1343,7 +1408,7 @@ void cpu_init(void) +@@ -1343,7 +1407,7 @@ void cpu_init(void) */ load_ucode_ap(); @@ -24042,7 +24054,7 @@ index cb9e5df..0d25636 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1375,7 +1440,6 @@ void cpu_init(void) +@@ -1375,7 +1439,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -24050,7 +24062,7 @@ index cb9e5df..0d25636 100644 x2apic_setup(); /* -@@ -1427,7 +1491,7 @@ void cpu_init(void) +@@ -1427,7 +1490,7 @@ void cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -25391,7 +25403,7 @@ index dc60810..6c8a1fa 100644 } diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c -index 50ec9af..bb871ca 100644 +index 50ec9af..32d7f10 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -54,7 +54,7 @@ static inline int check_for_xstate(struct fxregs_state __user *buf, @@ -25480,8 +25492,34 @@ index 50ec9af..bb871ca 100644 err = -1; } else { sanitize_restored_xstate(tsk, &env, xfeatures, fx_only); +@@ -385,20 +387,19 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame, + */ + void fpu__init_prepare_fx_sw_frame(void) + { +- int fsave_header_size = sizeof(struct fregs_state); + int size = xstate_size + FP_XSTATE_MAGIC2_SIZE; + +- if (config_enabled(CONFIG_X86_32)) +- size += fsave_header_size; +- + fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1; + fx_sw_reserved.extended_size = size; + fx_sw_reserved.xfeatures = xfeatures_mask; + fx_sw_reserved.xstate_size = xstate_size; + +- if (config_enabled(CONFIG_IA32_EMULATION)) { ++ if (config_enabled(CONFIG_IA32_EMULATION) || ++ config_enabled(CONFIG_X86_32)) { ++ int fsave_header_size = sizeof(struct fregs_state); ++ + fx_sw_reserved_ia32 = fx_sw_reserved; +- fx_sw_reserved_ia32.extended_size += fsave_header_size; ++ fx_sw_reserved_ia32.extended_size = size + fsave_header_size; + } + } + diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c -index 62fc001..5ce38be 100644 +index 62fc001..099cbd7 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -93,14 +93,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures); @@ -25501,16 +25539,15 @@ index 62fc001..5ce38be 100644 /* * None of the feature bits are in init state. So nothing else -@@ -402,7 +402,7 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature) +@@ -402,7 +402,6 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature) if (!boot_cpu_has(X86_FEATURE_XSAVE)) return NULL; - xsave = ¤t->thread.fpu.state.xsave; -+ xsave = ¤t->thread.fpu.state->xsave; /* * We should not ever be requesting features that we * have not enabled. Remember that pcntxt_mask is -@@ -457,5 +457,5 @@ const void *get_xsave_field_ptr(int xsave_state) +@@ -457,5 +456,5 @@ const void *get_xsave_field_ptr(int xsave_state) */ fpu__save(fpu); @@ -34900,6 +34937,78 @@ index 0057a7acc..95c7edd 100644 { might_sleep(); if (is_enabled()) /* recheck and proper locking in *_core() */ +diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c +index db1b0bc..c28f618 100644 +--- a/arch/x86/mm/mpx.c ++++ b/arch/x86/mm/mpx.c +@@ -622,6 +622,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm, + } + + /* ++ * We only want to do a 4-byte get_user() on 32-bit. Otherwise, ++ * we might run off the end of the bounds table if we are on ++ * a 64-bit kernel and try to get 8 bytes. ++ */ ++int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret, ++ long __user *bd_entry_ptr) ++{ ++ u32 bd_entry_32; ++ int ret; ++ ++ if (is_64bit_mm(mm)) ++ return get_user(*bd_entry_ret, bd_entry_ptr); ++ ++ /* ++ * Note that get_user() uses the type of the *pointer* to ++ * establish the size of the get, not the destination. ++ */ ++ ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr); ++ *bd_entry_ret = bd_entry_32; ++ return ret; ++} ++ ++/* + * Get the base of bounds tables pointed by specific bounds + * directory entry. + */ +@@ -641,7 +664,7 @@ static int get_bt_addr(struct mm_struct *mm, + int need_write = 0; + + pagefault_disable(); +- ret = get_user(bd_entry, bd_entry_ptr); ++ ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr); + pagefault_enable(); + if (!ret) + break; +@@ -736,11 +759,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm, + */ + static inline unsigned long bd_entry_virt_space(struct mm_struct *mm) + { +- unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits); +- if (is_64bit_mm(mm)) +- return virt_space / MPX_BD_NR_ENTRIES_64; +- else +- return virt_space / MPX_BD_NR_ENTRIES_32; ++ unsigned long long virt_space; ++ unsigned long long GB = (1ULL << 30); ++ ++ /* ++ * This covers 32-bit emulation as well as 32-bit kernels ++ * running on 64-bit harware. ++ */ ++ if (!is_64bit_mm(mm)) ++ return (4ULL * GB) / MPX_BD_NR_ENTRIES_32; ++ ++ /* ++ * 'x86_virt_bits' returns what the hardware is capable ++ * of, and returns the full >32-bit adddress space when ++ * running 32-bit kernels on 64-bit hardware. ++ */ ++ virt_space = (1ULL << boot_cpu_data.x86_virt_bits); ++ return virt_space / MPX_BD_NR_ENTRIES_64; + } + + /* diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c index 4053bb5..b1ad3dc 100644 --- a/arch/x86/mm/numa.c @@ -52060,10 +52169,10 @@ index dab2513..4c4b65d 100644 return msecs_to_jiffies((s->poll_timeout[2] << 16) | (s->poll_timeout[1] << 8) diff --git a/drivers/net/wireless/ath/ath10k/ce.c b/drivers/net/wireless/ath/ath10k/ce.c -index e508c65..fb0dbae 100644 +index e508c65..3fd90eb 100644 --- a/drivers/net/wireless/ath/ath10k/ce.c +++ b/drivers/net/wireless/ath/ath10k/ce.c -@@ -896,7 +896,7 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar, +@@ -896,12 +896,12 @@ static int ath10k_ce_init_dest_ring(struct ath10k *ar, return 0; } @@ -52072,6 +52181,21 @@ index e508c65..fb0dbae 100644 ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id, const struct ce_attr *attr) { + struct ath10k_ce_ring *src_ring; +- u32 nentries = attr->src_nentries; ++ unsigned long nentries = attr->src_nentries; + dma_addr_t base_addr; + + nentries = roundup_pow_of_two(nentries); +@@ -968,7 +968,7 @@ ath10k_ce_alloc_dest_ring(struct ath10k *ar, unsigned int ce_id, + const struct ce_attr *attr) + { + struct ath10k_ce_ring *dest_ring; +- u32 nentries; ++ unsigned long nentries; + dma_addr_t base_addr; + + nentries = roundup_pow_of_two(attr->dest_nentries); diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c index 32d9ff1..0952b33 100644 --- a/drivers/net/wireless/ath/ath10k/htc.c @@ -129238,10 +129362,10 @@ index 0000000..b884a56 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..5f73f93 +index 0000000..2ec0551 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,813 @@ +@@ -0,0 +1,812 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -129848,12 +129972,7 @@ index 0000000..5f73f93 +#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias +#endif + -+#if BUILDING_GCC_VERSION < 6000 -+#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) -+#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) -+#endif -+ -+#if BUILDING_GCC_VERSION == 5000 ++#if BUILDING_GCC_VERSION >= 5000 && BUILDING_GCC_VERSION < 6000 +// gimple related +template <> +template <> @@ -129965,7 +130084,6 @@ index 0000000..5f73f93 + symtab->remove_cgraph_duplication_hook(entry); +} + -+ +#if BUILDING_GCC_VERSION >= 6000 +typedef gimple *gimple_ptr; +typedef const gimple *const_gimple; @@ -130050,6 +130168,11 @@ index 0000000..5f73f93 +} +#endif + ++#if BUILDING_GCC_VERSION < 6000 ++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) ++#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) ++#endif ++ +#if BUILDING_GCC_VERSION >= 6000 +#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET((ARG0), (ARG1)) +#endif
