Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/2.6.32
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2013-05-30 07:43:36 -0400
committerAnthony G. Basile <blueness@gentoo.org>2013-05-30 07:43:36 -0400
commit98f0944d5d4dcb71e3c77924f54f81cd836c04b4 (patch)
treecfec06e4ef05f9991de8dda879044eaba429837f /2.6.32
parentGrsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.4}-201305251009 (diff)
downloadhardened-patchset-98f0944d5d4dcb71e3c77924f54f81cd836c04b4.tar.gz
hardened-patchset-98f0944d5d4dcb71e3c77924f54f81cd836c04b4.tar.bz2
hardened-patchset-98f0944d5d4dcb71e3c77924f54f81cd836c04b4.zip
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.4}-20130529215120130529
Diffstat (limited to '2.6.32')
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305292148.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305251007.patch)141
2 files changed, 115 insertions, 28 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 5ca0857..378709b 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9.1-2.6.32.60-201305251007.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.60-201305292148.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305251007.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305292148.patch
index f7ef7a8..a6ebcd3 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305251007.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305292148.patch
@@ -43345,7 +43345,7 @@ index 62f282e..e45c45c 100644
cdev_init(&ptmx_cdev, &ptmx_fops);
if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 446b20a..710568a 100644
+index 446b20a..1193fa7 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -269,8 +269,13 @@
@@ -43399,36 +43399,94 @@ index 446b20a..710568a 100644
smp_wmb();
if (out)
-@@ -942,6 +955,10 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -840,6 +853,7 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
+ int reserved)
+ {
+ unsigned long flags;
++ int wakeup_write = 0;
+
+ /* Hold lock while accounting */
+ spin_lock_irqsave(&r->lock, flags);
+@@ -852,19 +866,25 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
+ if (r->entropy_count / 8 < min + reserved) {
+ nbytes = 0;
+ } else {
++ int entropy_count, orig;
++retry:
++ entropy_count = orig = ACCESS_ONCE(r->entropy_count);
+ /* If limited, never pull more than available */
+- if (r->limit && nbytes + reserved >= r->entropy_count / 8)
+- nbytes = r->entropy_count/8 - reserved;
++ if (r->limit && nbytes + reserved >= entropy_count / 8)
++ nbytes = entropy_count/8 - reserved;
+
+- if (r->entropy_count / 8 >= nbytes + reserved)
+- r->entropy_count -= nbytes*8;
+- else
+- r->entropy_count = reserved;
+-
+- if (r->entropy_count < random_write_wakeup_thresh) {
+- wake_up_interruptible(&random_write_wait);
+- kill_fasync(&fasync, SIGIO, POLL_OUT);
++ if (entropy_count / 8 >= nbytes + reserved) {
++ entropy_count -= nbytes*8;
++ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
++ goto retry;
++ } else {
++ entropy_count = reserved;
++ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
++ goto retry;
+ }
++
++ if (entropy_count < random_write_wakeup_thresh)
++ wakeup_write = 1;
+ }
+
+ DEBUG_ENT("debiting %d entropy credits from %s%s\n",
+@@ -872,6 +892,11 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
+
+ spin_unlock_irqrestore(&r->lock, flags);
+
++ if (wakeup_write) {
++ wake_up_interruptible(&random_write_wait);
++ kill_fasync(&fasync, SIGIO, POLL_OUT);
++ }
++
+ return nbytes;
+ }
+
+@@ -941,6 +966,21 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+ {
ssize_t ret = 0, i;
__u8 tmp[EXTRACT_SIZE];
-
-+ /* if last_data isn't primed, we need EXTRACT_SIZE extra bytes */
-+ if (fips_enabled && !r->last_data_init)
-+ nbytes += EXTRACT_SIZE;
++ unsigned long flags;
+
++ /* if last_data isn't primed, we need EXTRACT_SIZE extra bytes */
++ if (fips_enabled) {
++ spin_lock_irqsave(&r->lock, flags);
++ if (!r->last_data_init) {
++ r->last_data_init = true;
++ spin_unlock_irqrestore(&r->lock, flags);
++ xfer_secondary_pool(r, EXTRACT_SIZE);
++ extract_buf(r, tmp);
++ spin_lock_irqsave(&r->lock, flags);
++ memcpy(r->last_data, tmp, EXTRACT_SIZE);
++ }
++ spin_unlock_irqrestore(&r->lock, flags);
++ }
+
xfer_secondary_pool(r, nbytes);
nbytes = account(r, nbytes, min, reserved);
+@@ -949,8 +989,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+ extract_buf(r, tmp);
-@@ -951,6 +968,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
if (fips_enabled) {
- unsigned long flags;
-
-+
-+ /* prime last_data value if need be, per fips 140-2 */
-+ if (!r->last_data_init) {
-+ spin_lock_irqsave(&r->lock, flags);
-+ memcpy(r->last_data, tmp, EXTRACT_SIZE);
-+ r->last_data_init = true;
-+ nbytes -= EXTRACT_SIZE;
-+ spin_unlock_irqrestore(&r->lock, flags);
-+ extract_buf(r, tmp);
-+ }
-+
+- unsigned long flags;
+-
spin_lock_irqsave(&r->lock, flags);
if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
panic("Hardware RNG duplicated output!\n");
-@@ -1015,7 +1043,21 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1015,7 +1053,21 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
*/
void get_random_bytes(void *buf, int nbytes)
{
@@ -43451,7 +43509,7 @@ index 446b20a..710568a 100644
}
EXPORT_SYMBOL(get_random_bytes);
-@@ -1068,6 +1110,7 @@ static void init_std_data(struct entropy_store *r)
+@@ -1068,6 +1120,7 @@ static void init_std_data(struct entropy_store *r)
r->entropy_count = 0;
r->entropy_total = 0;
@@ -43459,7 +43517,7 @@ index 446b20a..710568a 100644
mix_pool_bytes(r, &now, sizeof(now), NULL);
for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) {
if (!arch_get_random_long(&rv))
-@@ -1322,7 +1365,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1322,7 +1375,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -43468,7 +43526,7 @@ index 446b20a..710568a 100644
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
-@@ -1397,6 +1440,7 @@ static int uuid_strategy(ctl_table *table,
+@@ -1397,6 +1450,7 @@ static int uuid_strategy(ctl_table *table,
}
static int sysctl_poolsize = INPUT_POOL_WORDS * 32;
@@ -43476,7 +43534,7 @@ index 446b20a..710568a 100644
ctl_table random_table[] = {
{
.ctl_name = RANDOM_POOLSIZE,
-@@ -1472,7 +1516,7 @@ late_initcall(random_int_secret_init);
+@@ -1472,7 +1526,7 @@ late_initcall(random_int_secret_init);
* value is not cryptographically secure but for several uses the cost of
* depleting entropy is too high
*/
@@ -71823,7 +71881,7 @@ index 913b4a4..4de325a9 100644
crtc.h_tot_disp = aty_ld_le32(CRTC_H_TOTAL_DISP, par);
crtc.h_sync_strt_wid = aty_ld_le32(CRTC_H_SYNC_STRT_WID, par);
diff --git a/drivers/video/aty/radeon_backlight.c b/drivers/video/aty/radeon_backlight.c
-index 1a056ad..221bd6a 100644
+index 1a056ad..221bd6ae 100644
--- a/drivers/video/aty/radeon_backlight.c
+++ b/drivers/video/aty/radeon_backlight.c
@@ -127,7 +127,7 @@ static int radeon_bl_get_brightness(struct backlight_device *bd)
@@ -79170,7 +79228,7 @@ index f1e7077..edd86b2 100644
.store = ext4_attr_store,
};
diff --git a/fs/fat/inode.c b/fs/fat/inode.c
-index 76b7961..c187e92 100644
+index 76b7961..ca5f1c9 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -558,7 +558,7 @@ static int fat_statfs(struct dentry *dentry, struct kstatfs *buf)
@@ -79182,6 +79240,35 @@ index 76b7961..c187e92 100644
return 0;
}
+@@ -1206,6 +1206,19 @@ static int fat_read_root(struct inode *inode)
+ return 0;
+ }
+
++static unsigned long calc_fat_clusters(struct super_block *sb)
++{
++ struct msdos_sb_info *sbi = MSDOS_SB(sb);
++
++ /* Divide first to avoid overflow */
++ if (sbi->fat_bits != 12) {
++ unsigned long ent_per_sec = sb->s_blocksize * 8 / sbi->fat_bits;
++ return ent_per_sec * sbi->fat_length;
++ }
++
++ return sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits;
++}
++
+ /*
+ * Read the super block of an MS-DOS FS.
+ */
+@@ -1400,7 +1413,7 @@ int fat_fill_super(struct super_block *sb, void *data, int silent,
+ sbi->fat_bits = (total_clusters > MAX_FAT12) ? 16 : 12;
+
+ /* check that FAT table does not overflow */
+- fat_clusters = sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits;
++ fat_clusters = calc_fat_clusters(sb);
+ total_clusters = min(total_clusters, fat_clusters - FAT_START_ENT);
+ if (total_clusters > MAX_FAT(sb)) {
+ if (!silent)
diff --git a/fs/fat/namei_vfat.c b/fs/fat/namei_vfat.c
index 72646e2..4251f35 100644
--- a/fs/fat/namei_vfat.c