Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-20120731190820120731

author: Anthony G. Basile <blueness@gentoo.org> 2012-08-01 19:18:00 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2012-08-01 19:18:00 -0400
commit: aa9317219e543d3f6f95d00619ba2af268edced9 (patch)
tree: 7fd1cef2fb392c92192a8ec9a44c9c3c0f21d54b /2.6.32
parent: Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-201207281946 (diff)
download: hardened-patchset-aa9317219e543d3f6f95d00619ba2af268edced9.tar.gz
hardened-patchset-aa9317219e543d3f6f95d00619ba2af268edced9.tar.bz2
hardened-patchset-aa9317219e543d3f6f95d00619ba2af268edced9.zip
2 files changed, 140 insertions, 30 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index d4f6601..3010d85 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -30,7 +30,7 @@ Patch:	1058_linux-2.6.32.59.patch
 From:	http://www.kernel.org
 Desc:	Linux 2.6.32.59
 
-Patch:	4420_grsecurity-2.9.1-2.6.32.59-201207281944.patch
+Patch:	4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207281944.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch
index 227df5e..a17194d 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207281944.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207311908.patch
@@ -8939,7 +8939,7 @@ index bcbd36c..b1754af 100644
  
  	printf(".section \".rodata.compressed\",\"a\",@progbits\n");
 diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c
-index bbeb0c3..f5167ab 100644
+index bbeb0c3..1eb0571 100644
 --- a/arch/x86/boot/compressed/relocs.c
 +++ b/arch/x86/boot/compressed/relocs.c
 @@ -10,8 +10,11 @@
@@ -9113,7 +9113,7 @@ index bbeb0c3..f5167ab 100644
 +
 +#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
 +			/* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
-+			if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
++			if (!strcmp(sec_name(sym->st_shndx), ".text.end") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
 +				continue;
 +			if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
 +				continue;
@@ -23007,7 +23007,7 @@ index d430e4c..831f817 100644
  
  	local_irq_save(flags);
 diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 3c68fe2..12c8280 100644
+index 3c68fe2..7a8c35b 100644
 --- a/arch/x86/kernel/vmlinux.lds.S
 +++ b/arch/x86/kernel/vmlinux.lds.S
 @@ -26,6 +26,13 @@
@@ -23088,7 +23088,7 @@ index 3c68fe2..12c8280 100644
  		HEAD_TEXT
  #ifdef CONFIG_X86_32
  		. = ALIGN(PAGE_SIZE);
-@@ -82,28 +102,71 @@ SECTIONS
+@@ -82,28 +102,72 @@ SECTIONS
  		IRQENTRY_TEXT
  		*(.fixup)
  		*(.gnu.warning)
@@ -23113,8 +23113,8 @@ index 3c68fe2..12c8280 100644
 +		MODULES_EXEC_VADDR = .;
 +		BYTE(0)
 +		. += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024);
-+		. = ALIGN(HPAGE_SIZE);
-+		MODULES_EXEC_END = . - 1;
++		. = ALIGN(HPAGE_SIZE) - 1;
++		MODULES_EXEC_END = .;
 +#endif
 +
 +	} :module
@@ -23122,6 +23122,7 @@ index 3c68fe2..12c8280 100644
 +
 +	.text.end : AT(ADDR(.text.end) - LOAD_OFFSET) {
 +		/* End of text section */
++		BYTE(0)
 +		_etext = . - __KERNEL_TEXT_OFFSET;
 +	}
 +
@@ -23167,7 +23168,7 @@ index 3c68fe2..12c8280 100644
  
  		PAGE_ALIGNED_DATA(PAGE_SIZE)
  
-@@ -112,6 +175,8 @@ SECTIONS
+@@ -112,6 +176,8 @@ SECTIONS
  		DATA_DATA
  		CONSTRUCTORS
  
@@ -23176,7 +23177,7 @@ index 3c68fe2..12c8280 100644
  		/* rarely changed data like cpu maps */
  		READ_MOSTLY_DATA(CONFIG_X86_INTERNODE_CACHE_BYTES)
  
-@@ -166,12 +231,6 @@ SECTIONS
+@@ -166,12 +232,6 @@ SECTIONS
  	}
  	vgetcpu_mode = VVIRT(.vgetcpu_mode);
  
@@ -23189,7 +23190,7 @@ index 3c68fe2..12c8280 100644
  	.vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
  		*(.vsyscall_3)
  	}
-@@ -187,12 +246,19 @@ SECTIONS
+@@ -187,12 +247,19 @@ SECTIONS
  #endif /* CONFIG_X86_64 */
  
  	/* Init code and data - will be freed after init */
@@ -23212,7 +23213,7 @@ index 3c68fe2..12c8280 100644
  	/*
  	 * percpu offsets are zero-based on SMP.  PERCPU_VADDR() changes the
  	 * output PHDR, so the next output section - .init.text - should
-@@ -201,12 +267,27 @@ SECTIONS
+@@ -201,12 +268,27 @@ SECTIONS
  	PERCPU_VADDR(0, :percpu)
  #endif
  
@@ -23245,7 +23246,7 @@ index 3c68fe2..12c8280 100644
  
  	.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
  		__x86_cpu_dev_start = .;
-@@ -232,19 +313,11 @@ SECTIONS
+@@ -232,19 +314,11 @@ SECTIONS
  		*(.altinstr_replacement)
  	}
  
@@ -23266,7 +23267,7 @@ index 3c68fe2..12c8280 100644
  	PERCPU(PAGE_SIZE)
  #endif
  
-@@ -267,12 +340,6 @@ SECTIONS
+@@ -267,12 +341,6 @@ SECTIONS
  		. = ALIGN(PAGE_SIZE);
  	}
  
@@ -23279,7 +23280,7 @@ index 3c68fe2..12c8280 100644
  	/* BSS */
  	. = ALIGN(PAGE_SIZE);
  	.bss : AT(ADDR(.bss) - LOAD_OFFSET) {
-@@ -288,6 +355,7 @@ SECTIONS
+@@ -288,6 +356,7 @@ SECTIONS
  		__brk_base = .;
  		. += 64 * 1024;		/* 64k alignment slop space */
  		*(.brk_reservation)	/* areas brk users have reserved */
@@ -23287,7 +23288,7 @@ index 3c68fe2..12c8280 100644
  		__brk_limit = .;
  	}
  
-@@ -316,13 +384,12 @@ SECTIONS
+@@ -316,13 +385,12 @@ SECTIONS
   * for the boot processor.
   */
  #define INIT_PER_CPU(x) init_per_cpu__##x = per_cpu__##x + __per_cpu_load
@@ -75400,7 +75401,7 @@ index fd38ce2..f5381b8 100644
  		return -EINVAL;
  
 diff --git a/fs/seq_file.c b/fs/seq_file.c
-index eae7d9d..b7613c6 100644
+index eae7d9d..c6bba46 100644
 --- a/fs/seq_file.c
 +++ b/fs/seq_file.c
 @@ -9,6 +9,7 @@
@@ -75421,7 +75422,55 @@ index eae7d9d..b7613c6 100644
  
  	/*
  	 * Wrappers around seq_open(e.g. swaps_open) need to be
-@@ -551,7 +555,7 @@ static void single_stop(struct seq_file *p, void *v)
+@@ -76,7 +80,11 @@ static int traverse(struct seq_file *m, loff_t offset)
+ 		return 0;
+ 	}
+ 	if (!m->buf) {
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++		m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL | GFP_USERCOPY);
++#else
+ 		m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
++#endif
+ 		if (!m->buf)
+ 			return -ENOMEM;
+ 	}
+@@ -116,7 +124,11 @@ static int traverse(struct seq_file *m, loff_t offset)
+ Eoverflow:
+ 	m->op->stop(m, p);
+ 	kfree(m->buf);
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++	m->buf = kmalloc(m->size <<= 1, GFP_KERNEL | GFP_USERCOPY);
++#else
+ 	m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
++#endif
+ 	return !m->buf ? -ENOMEM : -EAGAIN;
+ }
+ 
+@@ -169,7 +181,11 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
+ 	m->version = file->f_version;
+ 	/* grab buffer if we didn't have one */
+ 	if (!m->buf) {
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++		m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL | GFP_USERCOPY);
++#else
+ 		m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
++#endif
+ 		if (!m->buf)
+ 			goto Enomem;
+ 	}
+@@ -210,7 +226,11 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
+ 			goto Fill;
+ 		m->op->stop(m, p);
+ 		kfree(m->buf);
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++		m->buf = kmalloc(m->size <<= 1, GFP_KERNEL | GFP_USERCOPY);
++#else
+ 		m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
++#endif
+ 		if (!m->buf)
+ 			goto Enomem;
+ 		m->count = 0;
+@@ -551,7 +571,7 @@ static void single_stop(struct seq_file *p, void *v)
  int single_open(struct file *file, int (*show)(struct seq_file *, void *),
  		void *data)
  {
@@ -76190,10 +76239,10 @@ index 8f32f50..b6a41e8 100644
  		link[pathlen] = '\0';
 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
-index 0000000..c20c1db
+index 0000000..bbbfa1c
 --- /dev/null
 +++ b/grsecurity/Kconfig
-@@ -0,0 +1,939 @@
+@@ -0,0 +1,940 @@
 +#
 +# grecurity configuration
 +#
@@ -76320,6 +76369,7 @@ index 0000000..c20c1db
 +
 +config GRKERNSEC_HIDESYM
 +	bool "Hide kernel symbols"
++	select PAX_USERCOPY_SLABS
 +	default y if GRKERNSEC_CONFIG_AUTO
 +	help
 +	  If you say Y here, getting information on loaded modules, and
@@ -95468,10 +95518,25 @@ index 67578ca..4115fbf 100644
  
  static inline void mutex_clear_owner(struct mutex *lock)
 diff --git a/kernel/panic.c b/kernel/panic.c
-index 96b45d0..7677a03 100644
+index 96b45d0..98fb1c3 100644
 --- a/kernel/panic.c
 +++ b/kernel/panic.c
-@@ -71,7 +71,11 @@ NORET_TYPE void panic(const char * fmt, ...)
+@@ -59,6 +59,14 @@ NORET_TYPE void panic(const char * fmt, ...)
+ 	long i;
+ 
+ 	/*
++	 * Disable local interrupts. This will prevent panic_smp_self_stop
++	 * from deadlocking the first cpu that invokes the panic, since
++	 * there is nothing to prevent an interrupt handler (that runs
++	 * after the panic_lock is acquired) from invoking panic again.
++	 */
++	local_irq_disable();
++
++	/*
+ 	 * It's possible to come here directly from a panic-assertion and
+ 	 * not have preempt disabled. Some functions called from here want
+ 	 * preempt to be disabled. No point enabling it later though...
+@@ -71,7 +79,11 @@ NORET_TYPE void panic(const char * fmt, ...)
  	va_end(args);
  	printk(KERN_EMERG "Kernel panic - not syncing: %s\n",buf);
  #ifdef CONFIG_DEBUG_BUGVERBOSE
@@ -95484,7 +95549,7 @@ index 96b45d0..7677a03 100644
  #endif
  
  	/*
-@@ -352,7 +356,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, struc
+@@ -352,7 +364,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, struc
  	const char *board;
  
  	printk(KERN_WARNING "------------[ cut here ]------------\n");
@@ -95493,7 +95558,7 @@ index 96b45d0..7677a03 100644
  	board = dmi_get_system_info(DMI_PRODUCT_NAME);
  	if (board)
  		printk(KERN_WARNING "Hardware name: %s\n", board);
-@@ -392,7 +396,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
+@@ -392,7 +404,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
   */
  void __stack_chk_fail(void)
  {
@@ -98299,7 +98364,7 @@ index 217d5c4..45aba8a 100644
  
  /**
 diff --git a/lib/vsprintf.c b/lib/vsprintf.c
-index 33bed5e..1477e46 100644
+index 33bed5e..ab4e52f 100644
 --- a/lib/vsprintf.c
 +++ b/lib/vsprintf.c
 @@ -16,6 +16,9 @@
@@ -98369,7 +98434,30 @@ index 33bed5e..1477e46 100644
  		return symbol_string(buf, end, ptr, spec, *fmt);
  	case 'R':
  		return resource_string(buf, end, ptr, spec);
-@@ -1445,7 +1458,7 @@ do {									\
+@@ -853,7 +866,22 @@ static char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+ 			return ip4_addr_string(buf, end, ptr, spec, fmt);
+ 		}
+ 		break;
++	case 'P':
++		break;
+ 	}
++
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++	/* 'P' = approved pointers to copy to userland,
++	   as in the /proc/kallsyms case, as we make it display nothing
++	   for non-root users, and the real contents for root users
++	*/
++	if (ptr > TASK_SIZE && *fmt != 'P' && is_usercopy_object(buf)) {
++		printk(KERN_ALERT "grsec: kernel infoleak detected!  Please report this log to spender@grsecurity.net.\n");
++		dump_stack();
++		ptr = NULL;
++	}
++#endif
++
+ 	spec.flags |= SMALL;
+ 	if (spec.field_width == -1) {
+ 		spec.field_width = 2*sizeof(void *);
+@@ -1445,7 +1473,7 @@ do {									\
  			size_t len;
  			if ((unsigned long)save_str > (unsigned long)-PAGE_SIZE
  					|| (unsigned long)save_str < PAGE_SIZE)
@@ -98378,7 +98466,7 @@ index 33bed5e..1477e46 100644
  			len = strlen(save_str);
  			if (str + len + 1 < end)
  				memcpy(str, save_str, len + 1);
-@@ -1555,11 +1568,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1555,11 +1583,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
  	typeof(type) value;						\
  	if (sizeof(type) == 8) {					\
  		args = PTR_ALIGN(args, sizeof(u32));			\
@@ -98393,7 +98481,7 @@ index 33bed5e..1477e46 100644
  	}								\
  	args += sizeof(type);						\
  	value;								\
-@@ -1622,7 +1635,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1622,7 +1650,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
  			const char *str_arg = args;
  			size_t len = strlen(str_arg);
  			args += len + 1;
@@ -105574,6 +105662,27 @@ index de4a1b1..94ec861 100644
  	src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr;
  	dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr;
  
+diff --git a/net/rds/recv.c b/net/rds/recv.c
+index 6a2654a..c45a881c 100644
+--- a/net/rds/recv.c
++++ b/net/rds/recv.c
+@@ -410,6 +410,8 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
+ 
+ 	rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
+ 
++	msg->msg_namelen = 0;
++
+ 	if (msg_flags & MSG_OOB)
+ 		goto out;
+ 
+@@ -486,6 +488,7 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
+ 			sin->sin_port = inc->i_hdr.h_sport;
+ 			sin->sin_addr.s_addr = inc->i_saddr;
+ 			memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
++			msg->msg_namelen = sizeof(*sin);
+ 		}
+ 		break;
+ 	}
 diff --git a/net/rds/tcp.c b/net/rds/tcp.c
 index b5198ae..8b9fb90 100644
 --- a/net/rds/tcp.c
@@ -107155,10 +107264,10 @@ index d52f7a0..b66cdd9 100755
  		rm -f tags
  		xtags ctags
 diff --git a/security/Kconfig b/security/Kconfig
-index fb363cd..6426142 100644
+index fb363cd..124d914 100644
 --- a/security/Kconfig
 +++ b/security/Kconfig
-@@ -4,6 +4,869 @@
+@@ -4,6 +4,870 @@
  
  menu "Security options"
  
@@ -107190,6 +107299,7 @@ index fb363cd..6426142 100644
 +	bool "Grsecurity"
 +	select CRYPTO
 +	select CRYPTO_SHA256
++	select PROC_FS
 +	select STOP_MACHINE
 +	help
 +	  If you say Y here, you will be able to configure many features
@@ -108028,7 +108138,7 @@ index fb363cd..6426142 100644
  config KEYS
  	bool "Enable access key retention support"
  	help
-@@ -146,7 +1009,7 @@ config INTEL_TXT
+@@ -146,7 +1010,7 @@ config INTEL_TXT
  config LSM_MMAP_MIN_ADDR
  	int "Low address space for LSM to protect from user allocation"
  	depends on SECURITY && SECURITY_SELINUX
author	Anthony G. Basile <blueness@gentoo.org>	2012-08-01 19:18:00 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2012-08-01 19:18:00 -0400
commit	aa9317219e543d3f6f95d00619ba2af268edced9 (patch)
tree	7fd1cef2fb392c92192a8ec9a44c9c3c0f21d54b /2.6.32
parent	Grsec/PaX: 2.9.1-{2.6.32.59,3.2.24,3.4.6}-201207281946 (diff)
download	hardened-patchset-aa9317219e543d3f6f95d00619ba2af268edced9.tar.gz hardened-patchset-aa9317219e543d3f6f95d00619ba2af268edced9.tar.bz2 hardened-patchset-aa9317219e543d3f6f95d00619ba2af268edced9.zip