Grsec/PaX: 2.9.1-{2.6.32.60,3.2.39,3.8.0}-2013022220130222

author: Anthony G. Basile <blueness@gentoo.org> 2013-02-24 06:54:47 -0500
committer: Anthony G. Basile <blueness@gentoo.org> 2013-02-24 06:54:47 -0500
commit: 6760f54871a351ed33e572e01c123f1df45c3ff4 (patch)
tree: 744df5ddd533197798313618c0be300b42b2c2a4 /2.6.32
parent: grsecurity-2.9.1-2.6.32.60-201302181144: fix check_heap_stack_gap (diff)
download: hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.gz
hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.bz2
hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.zip
1 files changed, 186 insertions, 49 deletions
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch
index 88490c1..f5ba675 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch
@@ -265,7 +265,7 @@ index 334258c..1e8f4ff 100644
  M:	Liam Girdwood <lrg@slimlogic.co.uk>
  M:	Mark Brown <broonie@opensource.wolfsonmicro.com>
 diff --git a/Makefile b/Makefile
-index b0e245e..e5894da 100644
+index b0e245e..1c8b6ed 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -300,12 +300,16 @@ index b0e245e..e5894da 100644
  			 include/linux/version.h headers_% \
  			 kernelrelease kernelversion
  
-@@ -526,6 +527,60 @@ else
+@@ -526,6 +527,64 @@ else
  KBUILD_CFLAGS	+= -O2
  endif
  
 +ifndef DISABLE_PAX_PLUGINS
++ifeq ($(call cc-ifversion, -ge, 0408, y), y)
++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
++else
 +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)")
++endif
 +ifneq ($(PLUGINCC),)
 +ifndef DISABLE_PAX_CONSTIFY_PLUGIN
 +ifndef CONFIG_UML
@@ -361,7 +365,7 @@ index b0e245e..e5894da 100644
  include $(srctree)/arch/$(SRCARCH)/Makefile
  
  ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -647,7 +702,7 @@ export mod_strip_cmd
+@@ -647,7 +706,7 @@ export mod_strip_cmd
  
  
  ifeq ($(KBUILD_EXTMOD),)
@@ -370,7 +374,7 @@ index b0e245e..e5894da 100644
  
  vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
  		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -868,6 +923,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+@@ -868,6 +927,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
  
  # The actual objects are generated when descending, 
  # make sure no implicit rule kicks in
@@ -379,7 +383,7 @@ index b0e245e..e5894da 100644
  $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
  
  # Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -877,7 +934,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+@@ -877,7 +938,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
  # Error messages still appears in the original language
  
  PHONY += $(vmlinux-dirs)
@@ -388,7 +392,7 @@ index b0e245e..e5894da 100644
  	$(Q)$(MAKE) $(build)=$@
  
  # Build the kernel release string
-@@ -986,6 +1043,7 @@ prepare0: archprepare FORCE
+@@ -986,6 +1047,7 @@ prepare0: archprepare FORCE
  	$(Q)$(MAKE) $(build)=. missing-syscalls
  
  # All the preparing..
@@ -396,7 +400,7 @@ index b0e245e..e5894da 100644
  prepare: prepare0
  
  # The asm symlink changes when $(ARCH) changes.
-@@ -1127,6 +1185,8 @@ all: modules
+@@ -1127,6 +1189,8 @@ all: modules
  #	using awk while concatenating to the final file.
  
  PHONY += modules
@@ -405,7 +409,7 @@ index b0e245e..e5894da 100644
  modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
  	$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
  	@$(kecho) '  Building modules, stage 2.';
-@@ -1136,7 +1196,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
+@@ -1136,7 +1200,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux)
  
  # Target to prepare building external modules
  PHONY += modules_prepare
@@ -414,7 +418,7 @@ index b0e245e..e5894da 100644
  
  # Target to install modules
  PHONY += modules_install
-@@ -1199,9 +1259,9 @@ CLEAN_FILES +=	vmlinux System.map \
+@@ -1199,9 +1263,9 @@ CLEAN_FILES +=	vmlinux System.map \
  MRPROPER_DIRS  += include/config include2 usr/include include/generated
  MRPROPER_FILES += .config .config.old include/asm .version .old_version \
                    include/linux/autoconf.h include/linux/version.h      \
@@ -426,7 +430,7 @@ index b0e245e..e5894da 100644
  
  # clean - Delete most, but leave enough to build external modules
  #
-@@ -1245,7 +1305,7 @@ distclean: mrproper
+@@ -1245,7 +1309,7 @@ distclean: mrproper
  	@find $(srctree) $(RCS_FIND_IGNORE) \
  		\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
  		-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -435,7 +439,7 @@ index b0e245e..e5894da 100644
  		-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
  		-type f -print | xargs rm -f
  
-@@ -1292,6 +1352,7 @@ help:
+@@ -1292,6 +1356,7 @@ help:
  	@echo  '  modules_prepare - Set up for building external modules'
  	@echo  '  tags/TAGS	  - Generate tags file for editors'
  	@echo  '  cscope	  - Generate cscope index'
@@ -443,7 +447,7 @@ index b0e245e..e5894da 100644
  	@echo  '  kernelrelease	  - Output the release version string'
  	@echo  '  kernelversion	  - Output the version stored in Makefile'
  	@echo  '  headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \
-@@ -1393,6 +1454,8 @@ PHONY += $(module-dirs) modules
+@@ -1393,6 +1458,8 @@ PHONY += $(module-dirs) modules
  $(module-dirs): crmodverdir $(objtree)/Module.symvers
  	$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
  
@@ -452,7 +456,7 @@ index b0e245e..e5894da 100644
  modules: $(module-dirs)
  	@$(kecho) '  Building modules, stage 2.';
  	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1448,7 +1511,7 @@ endif # KBUILD_EXTMOD
+@@ -1448,7 +1515,7 @@ endif # KBUILD_EXTMOD
  quiet_cmd_tags = GEN     $@
        cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@
  
@@ -461,7 +465,7 @@ index b0e245e..e5894da 100644
  	$(call cmd,tags)
  
  # Scripts to check various things for consistency
-@@ -1513,17 +1576,21 @@ else
+@@ -1513,17 +1580,21 @@ else
          target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
  endif
  
@@ -487,7 +491,7 @@ index b0e245e..e5894da 100644
  	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
  %.symtypes: %.c prepare scripts FORCE
  	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1533,11 +1600,15 @@ endif
+@@ -1533,11 +1604,15 @@ endif
  	$(cmd_crmodverdir)
  	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
  	$(build)=$(build-dir)
@@ -13326,7 +13330,7 @@ index 33927d2..ccde329 100644
  
  /*
 diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index af6fd36..60da657 100644
+index af6fd36..a7c3e4d 100644
 --- a/arch/x86/include/asm/pgtable.h
 +++ b/arch/x86/include/asm/pgtable.h
 @@ -39,6 +39,7 @@ extern struct list_head pgd_list;
@@ -13389,7 +13393,7 @@ index af6fd36..60da657 100644
  static inline int pte_dirty(pte_t pte)
  {
  	return pte_flags(pte) & _PAGE_DIRTY;
-@@ -130,6 +170,11 @@ static inline unsigned long pmd_pfn(pmd_t pmd)
+@@ -130,12 +170,16 @@ static inline unsigned long pmd_pfn(pmd_t pmd)
  	return (pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT;
  }
  
@@ -13401,7 +13405,14 @@ index af6fd36..60da657 100644
  #define pte_page(pte)	pfn_to_page(pte_pfn(pte))
  
  static inline int pmd_large(pmd_t pte)
-@@ -167,9 +212,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
+ {
+-	return (pmd_flags(pte) & (_PAGE_PSE | _PAGE_PRESENT)) ==
+-		(_PAGE_PSE | _PAGE_PRESENT);
++	return pmd_flags(pte) & _PAGE_PSE;
+ }
+ 
+ static inline pte_t pte_set_flags(pte_t pte, pteval_t set)
+@@ -167,9 +211,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
  	return pte_clear_flags(pte, _PAGE_RW);
  }
  
@@ -13432,7 +13443,7 @@ index af6fd36..60da657 100644
  }
  
  static inline pte_t pte_mkdirty(pte_t pte)
-@@ -302,6 +367,15 @@ pte_t *populate_extra_pte(unsigned long vaddr);
+@@ -302,6 +366,15 @@ pte_t *populate_extra_pte(unsigned long vaddr);
  #endif
  
  #ifndef __ASSEMBLY__
@@ -13448,7 +13459,22 @@ index af6fd36..60da657 100644
  #include <linux/mm_types.h>
  
  static inline int pte_none(pte_t pte)
-@@ -472,7 +546,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -327,7 +400,13 @@ static inline int pte_hidden(pte_t pte)
+ 
+ static inline int pmd_present(pmd_t pmd)
+ {
+-	return pmd_flags(pmd) & _PAGE_PRESENT;
++	/*
++	 * Checking for _PAGE_PSE is needed too because
++	 * split_huge_page will temporarily clear the present bit (but
++	 * the _PAGE_PSE flag will remain set at all times while the
++	 * _PAGE_PRESENT bit is clear).
++	 */
++	return pmd_flags(pmd) & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_PSE);
+ }
+ 
+ static inline int pmd_none(pmd_t pmd)
+@@ -472,7 +551,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
  
  static inline int pgd_bad(pgd_t pgd)
  {
@@ -13457,7 +13483,7 @@ index af6fd36..60da657 100644
  }
  
  static inline int pgd_none(pgd_t pgd)
-@@ -495,7 +569,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -495,7 +574,12 @@ static inline int pgd_none(pgd_t pgd)
   * pgd_offset() returns a (pgd_t *)
   * pgd_index() is used get the offset into the pgd page's array of pgd_t's;
   */
@@ -13471,7 +13497,7 @@ index af6fd36..60da657 100644
  /*
   * a shortcut which implies the use of the kernel's pgd, instead
   * of a process's
-@@ -506,6 +585,20 @@ static inline int pgd_none(pgd_t pgd)
+@@ -506,6 +590,20 @@ static inline int pgd_none(pgd_t pgd)
  #define KERNEL_PGD_BOUNDARY	pgd_index(PAGE_OFFSET)
  #define KERNEL_PGD_PTRS		(PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
  
@@ -13492,7 +13518,7 @@ index af6fd36..60da657 100644
  #ifndef __ASSEMBLY__
  
  extern int direct_gbpages;
-@@ -611,11 +704,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm,
+@@ -611,11 +709,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm,
   * dst and src can be on the same page, but the range must not overlap,
   * and must not cross a page boundary.
   */
@@ -13898,6 +13924,25 @@ index fa04dea..5f823fc 100644
  #define KSTK_EIP(task)		(task_pt_regs(task)->ip)
  
  /* Get/set a process' ability to use the timestamp counter instruction */
+diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h
+index 621f56d..f1094fd 100644
+--- a/arch/x86/include/asm/proto.h
++++ b/arch/x86/include/asm/proto.h
+@@ -22,14 +22,4 @@ extern int reboot_force;
+ 
+ long do_arch_prctl(struct task_struct *task, int code, unsigned long addr);
+ 
+-/*
+- * This looks more complex than it should be. But we need to
+- * get the type for the ~ right in round_down (it needs to be
+- * as wide as the result!), and we want to evaluate the macro
+- * arguments just once each.
+- */
+-#define __round_mask(x,y) ((__typeof__(x))((y)-1))
+-#define round_up(x,y) ((((x)-1) | __round_mask(x,y))+1)
+-#define round_down(x,y) ((x) & ~__round_mask(x,y))
+-
+ #endif /* _ASM_X86_PROTO_H */
 diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
 index 0f0d908..f2e3da2 100644
 --- a/arch/x86/include/asm/ptrace.h
@@ -98186,10 +98231,27 @@ index 7922742..27306a2 100644
  /* This macro allows us to keep printk typechecking */
  static void __check_printsym_format(const char *fmt, ...)
 diff --git a/include/linux/kernel.h b/include/linux/kernel.h
-index 3526cd4..99206e2 100644
+index 3526cd4..6835d45 100644
 --- a/include/linux/kernel.h
 +++ b/include/linux/kernel.h
-@@ -163,6 +163,11 @@ extern int _cond_resched(void);
+@@ -45,6 +45,16 @@ extern const char linux_proc_banner[];
+ 
+ #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
+ 
++/*
++ * This looks more complex than it should be. But we need to
++ * get the type for the ~ right in round_down (it needs to be
++ * as wide as the result!), and we want to evaluate the macro
++ * arguments just once each.
++ */
++#define __round_mask(x, y) ((__typeof__(x))((y)-1))
++#define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1)
++#define round_down(x, y) ((x) & ~__round_mask(x, y))
++
+ #define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f))
+ #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))
+ #define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y))
+@@ -163,6 +173,11 @@ extern int _cond_resched(void);
  		(__x < 0) ? -__x : __x;		\
  	})
  
@@ -99897,7 +99959,7 @@ index 4e647bb..23b3911 100644
  					       int size);
  extern int	       skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
 diff --git a/include/linux/slab.h b/include/linux/slab.h
-index 2da8372..740c52f 100644
+index 2da8372..aa58826 100644
 --- a/include/linux/slab.h
 +++ b/include/linux/slab.h
 @@ -11,12 +11,20 @@
@@ -99947,26 +100009,15 @@ index 2da8372..740c52f 100644
  
  /*
   * Allocator specific definitions. These are mainly used to establish optimized
-@@ -217,8 +230,18 @@ size_t ksize(const void *);
+@@ -217,6 +230,7 @@ size_t ksize(const void *);
   * for general use, and so are not documented here. For a full list of
   * potential flags, always refer to linux/gfp.h.
   */
 +
-+extern void kcalloc_error(void)
-+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW)
-+__compiletime_warning("kcalloc called with swapped arguments?");
-+#else
-+__compiletime_error("kcalloc called with swapped arguments?");
-+#endif
-+
  static inline void *kcalloc(size_t n, size_t size, gfp_t flags)
  {
-+	if (__builtin_constant_p(n) && !__builtin_constant_p(size))
-+		kcalloc_error();
  	if (size != 0 && n > ULONG_MAX / size)
- 		return NULL;
- 	return __kmalloc(n * size, flags | __GFP_ZERO);
-@@ -263,7 +286,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
+@@ -263,7 +277,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
   * request comes from.
   */
  #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB)
@@ -99975,7 +100026,7 @@ index 2da8372..740c52f 100644
  #define kmalloc_track_caller(size, flags) \
  	__kmalloc_track_caller(size, flags, _RET_IP_)
  #else
-@@ -281,7 +304,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
+@@ -281,7 +295,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
   * allocation request comes from.
   */
  #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB)
@@ -111700,7 +111751,7 @@ index 406e8d4..53970d3 100644
   * - not supported under NOMMU conditions
   */
 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 3ecab7e..594a471 100644
+index 3ecab7e..be580fc 100644
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
 @@ -289,7 +289,7 @@ out:
@@ -111768,15 +111819,60 @@ index 3ecab7e..594a471 100644
  	for_each_populated_zone(zone) {
  		show_node(zone);
  		printk("%s per-cpu:\n", zone->name);
-@@ -3736,7 +3755,7 @@ static void __init setup_usemap(struct pglist_data *pgdat,
+@@ -3715,10 +3734,11 @@ static void __meminit calculate_node_totalpages(struct pglist_data *pgdat,
+  * round what is now in bits to nearest long in bits, then return it in
+  * bytes.
+  */
+-static unsigned long __init usemap_size(unsigned long zonesize)
++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize)
+ {
+ 	unsigned long usemapsize;
+ 
++	zonesize += zone_start_pfn & (pageblock_nr_pages-1);
+ 	usemapsize = roundup(zonesize, pageblock_nr_pages);
+ 	usemapsize = usemapsize >> pageblock_order;
+ 	usemapsize *= NR_PAGEBLOCK_BITS;
+@@ -3728,16 +3748,18 @@ static unsigned long __init usemap_size(unsigned long zonesize)
+ }
+ 
+ static void __init setup_usemap(struct pglist_data *pgdat,
+-				struct zone *zone, unsigned long zonesize)
++				struct zone *zone,
++				unsigned long zone_start_pfn,
++				unsigned long zonesize)
+ {
+-	unsigned long usemapsize = usemap_size(zonesize);
++	unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize);
+ 	zone->pageblock_flags = NULL;
+ 	if (usemapsize)
  		zone->pageblock_flags = alloc_bootmem_node(pgdat, usemapsize);
  }
  #else
 -static void inline setup_usemap(struct pglist_data *pgdat,
-+static inline void setup_usemap(struct pglist_data *pgdat,
- 				struct zone *zone, unsigned long zonesize) {}
+-				struct zone *zone, unsigned long zonesize) {}
++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone,
++				unsigned long zone_start_pfn, unsigned long zonesize) {}
  #endif /* CONFIG_SPARSEMEM */
  
+ #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE
+@@ -3869,7 +3891,7 @@ static void __paginginit free_area_init_core(struct pglist_data *pgdat,
+ 			continue;
+ 
+ 		set_pageblock_order(pageblock_default_order());
+-		setup_usemap(pgdat, zone, size);
++		setup_usemap(pgdat, zone, zone_start_pfn, size);
+ 		ret = init_currently_empty_zone(zone, zone_start_pfn,
+ 						size, MEMMAP_EARLY);
+ 		BUG_ON(ret);
+@@ -4945,7 +4967,7 @@ static inline int pfn_to_bitidx(struct zone *zone, unsigned long pfn)
+ 	pfn &= (PAGES_PER_SECTION-1);
+ 	return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS;
+ #else
+-	pfn = pfn - zone->zone_start_pfn;
++	pfn = pfn - round_down(zone->zone_start_pfn, pageblock_nr_pages);
+ 	return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS;
+ #endif /* CONFIG_SPARSEMEM */
+ }
 diff --git a/mm/percpu.c b/mm/percpu.c
 index c90614a..5f7b7b8 100644
 --- a/mm/percpu.c
@@ -113913,6 +114009,47 @@ index 30e74ee..bfc6ee0 100644
  		kfree_skb(skb);
  		return NET_RX_DROP;
  	}
+diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
+index 4e80f33..a815e4e 100644
+--- a/net/ipv4/arp.c
++++ b/net/ipv4/arp.c
+@@ -909,23 +909,25 @@ static void parp_redo(struct sk_buff *skb)
+ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
+ 		   struct packet_type *pt, struct net_device *orig_dev)
+ {
+-	struct arphdr *arp;
++	const struct arphdr *arp;
+ 
+-	/* ARP header, plus 2 device addresses, plus 2 IP addresses.  */
+-	if (!pskb_may_pull(skb, arp_hdr_len(dev)))
+-		goto freeskb;
+-
+-	arp = arp_hdr(skb);
+-	if (arp->ar_hln != dev->addr_len ||
+-	    dev->flags & IFF_NOARP ||
++	if (dev->flags & IFF_NOARP ||
+ 	    skb->pkt_type == PACKET_OTHERHOST ||
+-	    skb->pkt_type == PACKET_LOOPBACK ||
+-	    arp->ar_pln != 4)
++	    skb->pkt_type == PACKET_LOOPBACK)
+ 		goto freeskb;
+ 
+-	if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
++	skb = skb_share_check(skb, GFP_ATOMIC);
++	if (!skb)
+ 		goto out_of_mem;
+ 
++	/* ARP header, plus 2 device addresses, plus 2 IP addresses.  */
++	if (!pskb_may_pull(skb, arp_hdr_len(dev)))
++		goto freeskb;
++
++	arp = arp_hdr(skb);
++	if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4)
++		goto freeskb;
++
+ 	memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
+ 
+ 	return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process);
 diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
 index dba56d2..acee5d6 100644
 --- a/net/ipv4/inet_diag.c
@@ -114420,7 +114557,7 @@ index 1eba160b..c35d91f 100644
  	}
  }
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index db755c4..07d671b 100644
+index db755c4..4cf3b9d 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
 @@ -82,6 +82,9 @@ int sysctl_tcp_dsack __read_mostly = 1;
@@ -114569,7 +114706,7 @@ index db755c4..07d671b 100644
  	if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb))
  		goto csum_error;
  
-+	if (!th->ack)
++	if (!th->ack && !th->rst)
 +		goto discard;
 +
  	/*
@@ -114635,7 +114772,7 @@ index db755c4..07d671b 100644
 -	res = tcp_validate_incoming(sk, skb, th, 0);
 -	if (res <= 0)
 -		return -res;
-+	if (!th->ack)
++	if (!th->ack && !th->rst)
 +		goto discard;
 +
 +	if (!tcp_validate_incoming(sk, skb, th, 0))
@@ -118026,12 +118163,12 @@ index 6bf21f8..c0546b3 100644
  		fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
 new file mode 100644
-index 0000000..008ac1a
+index 0000000..5e0222d
 --- /dev/null
 +++ b/scripts/gcc-plugin.sh
 @@ -0,0 +1,17 @@
 +#!/bin/bash
-+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF
++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF
 +#include "gcc-plugin.h"
 +#include "tree.h"
 +#include "tm.h"
author	Anthony G. Basile <blueness@gentoo.org>	2013-02-24 06:54:47 -0500
committer	Anthony G. Basile <blueness@gentoo.org>	2013-02-24 06:54:47 -0500
commit	6760f54871a351ed33e572e01c123f1df45c3ff4 (patch)
tree	744df5ddd533197798313618c0be300b42b2c2a4 /2.6.32
parent	grsecurity-2.9.1-2.6.32.60-201302181144: fix check_heap_stack_gap (diff)
download	hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.gz hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.bz2 hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.zip