diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-03-24 10:49:54 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-03-24 10:49:54 -0400 |
| commit | edd8d9812ff87de1a259e1760a864a59f57f38b0 (patch) | |
| tree | 2a3c3be51e6b990ad518d16e62499af71842aa7b | |
| parent | Grsec/PaX: 2.9-2.6.32.59-201203212033 + 2.9-3.2.12-201203212033 (diff) | |
| download | hardened-patchset-edd8d9812ff87de1a259e1760a864a59f57f38b0.tar.gz hardened-patchset-edd8d9812ff87de1a259e1760a864a59f57f38b0.tar.bz2 hardened-patchset-edd8d9812ff87de1a259e1760a864a59f57f38b0.zip | |
Grsec/PaX: 2.9-2.6.32.59-201203221943 + 2.9-3.2.12-20120322194420120322
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203212033.patch) | 113 | ||||
| -rw-r--r-- | 3.2.12/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch (renamed from 3.2.12/4420_grsecurity-2.9-3.2.12-201203212033.patch) | 112 |
4 files changed, 46 insertions, 183 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 078f367..9441d44 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9-2.6.32.59-201203212033.patch +Patch: 4420_grsecurity-2.9-2.6.32.59-201203221943.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203212033.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch index 0b63ac0..0302b86 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203212033.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch @@ -13536,7 +13536,7 @@ index 61c5874..8a046e9 100644 # include "uaccess_32.h" #else diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 632fb44..bb15d3f 100644 +index 632fb44..12702d6 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -12,15 +12,15 @@ @@ -13649,7 +13649,7 @@ index 632fb44..bb15d3f 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -180,20 +213,75 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, +@@ -180,16 +213,71 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, @@ -13725,28 +13725,20 @@ index 632fb44..bb15d3f 100644 - const void __user *from, - unsigned long n); long __must_check strncpy_from_user(char *dst, const char __user *src, -- long count); -+ unsigned long count); + long count); long __must_check __strncpy_from_user(char *dst, -- const char __user *src, long count); -+ const char __user *src, unsigned long count); - - /** - * strlen_user: - Get the size of a string in user space. -@@ -211,8 +299,8 @@ long __must_check __strncpy_from_user(char *dst, - */ +@@ -212,7 +300,7 @@ long __must_check __strncpy_from_user(char *dst, #define strlen_user(str) strnlen_user(str, LONG_MAX) --long strnlen_user(const char __user *str, long n); + long strnlen_user(const char __user *str, long n); -unsigned long __must_check clear_user(void __user *mem, unsigned long len); -unsigned long __must_check __clear_user(void __user *mem, unsigned long len); -+long strnlen_user(const char __user *str, unsigned long n); +unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2); +unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2); #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index db24b21..7cd829e 100644 +index db24b21..618b613 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -9,6 +9,9 @@ @@ -14040,7 +14032,7 @@ index db24b21..7cd829e 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -161,48 +263,105 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -161,8 +263,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -14059,16 +14051,9 @@ index db24b21..7cd829e 100644 } } - __must_check long --strncpy_from_user(char *dst, const char __user *src, long count); -+strncpy_from_user(char *dst, const char __user *src, unsigned long count); - __must_check long --__strncpy_from_user(char *dst, const char __user *src, long count); --__must_check long strnlen_user(const char __user *str, long n); --__must_check long __strnlen_user(const char __user *str, long n); -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count); -+__must_check long strnlen_user(const char __user *str, unsigned long n); -+__must_check long __strnlen_user(const char __user *str, unsigned long n); +@@ -173,36 +283,85 @@ __strncpy_from_user(char *dst, const char __user *src, long count); + __must_check long strnlen_user(const char __user *str, long n); + __must_check long __strnlen_user(const char __user *str, long n); __must_check long strlen_user(const char __user *str); -__must_check unsigned long clear_user(void __user *mem, unsigned long len); -__must_check unsigned long __clear_user(void __user *mem, unsigned long len); @@ -24519,7 +24504,7 @@ index bf9a7d5..fb06ab5 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index 1f118d4..8e0ead9 100644 +index 1f118d4..fc661b0 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -43,7 +43,7 @@ do { \ @@ -24531,24 +24516,6 @@ index 1f118d4..8e0ead9 100644 " stosb\n" \ " testb %%al,%%al\n" \ " jz 1f\n" \ -@@ -83,7 +83,7 @@ do { \ - * and returns @count. - */ - long --__strncpy_from_user(char *dst, const char __user *src, long count) -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res; - __do_strncpy_from_user(dst, src, count, res); -@@ -110,7 +110,7 @@ EXPORT_SYMBOL(__strncpy_from_user); - * and returns @count. - */ - long --strncpy_from_user(char *dst, const char __user *src, long count) -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res = -EFAULT; - if (access_ok(VERIFY_READ, src, 1)) @@ -128,10 +128,12 @@ do { \ int __d0; \ might_fault(); \ @@ -24562,15 +24529,6 @@ index 1f118d4..8e0ead9 100644 ".section .fixup,\"ax\"\n" \ "3: lea 0(%2,%0,4),%0\n" \ " jmp 2b\n" \ -@@ -192,7 +194,7 @@ EXPORT_SYMBOL(__clear_user); - * On exception, returns 0. - * If the string is too long, returns a value greater than @n. - */ --long strnlen_user(const char __user *s, long n) -+long strnlen_user(const char __user *s, unsigned long n) - { - unsigned long mask = -__addr_ok(s); - unsigned long res, tmp; @@ -200,6 +202,7 @@ long strnlen_user(const char __user *s, long n) might_fault(); @@ -25178,15 +25136,11 @@ index 1f118d4..8e0ead9 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index b7c2849..bab76d3 100644 +index b7c2849..8633ad8 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c -@@ -39,16 +39,22 @@ do { \ - } while (0) - - long --__strncpy_from_user(char *dst, const char __user *src, long count) -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) +@@ -42,6 +42,12 @@ long + __strncpy_from_user(char *dst, const char __user *src, long count) { long res; + @@ -25198,14 +25152,6 @@ index b7c2849..bab76d3 100644 __do_strncpy_from_user(dst, src, count, res); return res; } - EXPORT_SYMBOL(__strncpy_from_user); - - long --strncpy_from_user(char *dst, const char __user *src, long count) -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res = -EFAULT; - if (access_ok(VERIFY_READ, src, 1)) @@ -65,6 +71,12 @@ unsigned long __clear_user(void __user *addr, unsigned long size) { long __d0; @@ -25219,24 +25165,6 @@ index b7c2849..bab76d3 100644 /* no memory constraint because it doesn't change any memory gcc knows about */ asm volatile( -@@ -107,7 +119,7 @@ EXPORT_SYMBOL(clear_user); - * Return 0 on exception, a value greater than N if too long - */ - --long __strnlen_user(const char __user *s, long n) -+long __strnlen_user(const char __user *s, unsigned long n) - { - long res = 0; - char c; -@@ -125,7 +137,7 @@ long __strnlen_user(const char __user *s, long n) - } - EXPORT_SYMBOL(__strnlen_user); - --long strnlen_user(const char __user *s, long n) -+long strnlen_user(const char __user *s, unsigned long n) - { - if (!access_ok(VERIFY_READ, s, 1)) - return 0; @@ -149,12 +161,20 @@ long strlen_user(const char __user *s) } EXPORT_SYMBOL(strlen_user); @@ -79284,7 +79212,7 @@ index 0000000..955ddfb + diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c new file mode 100644 -index 0000000..523e7e8 +index 0000000..8c4595a --- /dev/null +++ b/grsecurity/gracl_fs.c @@ -0,0 +1,435 @@ @@ -79498,9 +79426,9 @@ index 0000000..523e7e8 +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt, + umode_t *modeptr) +{ -+ mode_t mode; ++ umode_t mode; + -+ *modeptr &= ~(mode_t)gr_acl_umask(); ++ *modeptr &= ~gr_acl_umask(); + mode = *modeptr; + + if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode))) @@ -85556,10 +85484,10 @@ index 297df45..b6a74ff 100644 struct blk_integrity *integrity; diff --git a/include/linux/gracl.h b/include/linux/gracl.h new file mode 100644 -index 0000000..af663cf +index 0000000..6c51079 --- /dev/null +++ b/include/linux/gracl.h -@@ -0,0 +1,319 @@ +@@ -0,0 +1,320 @@ +#ifndef GR_ACL_H +#define GR_ACL_H + @@ -85735,7 +85663,8 @@ index 0000000..af663cf + uid_t *domain_children; + __u16 domain_child_num; + -+ mode_t umask; ++ // __u16 ++ umode_t umask; + + struct acl_subject_label **subj_hash; + __u32 subj_hash_size; diff --git a/3.2.12/0000_README b/3.2.12/0000_README index 4e91c4e..ff7242f 100644 --- a/3.2.12/0000_README +++ b/3.2.12/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.2.12-201203212033.patch +Patch: 4420_grsecurity-2.9-3.2.12-201203221944.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.12/4420_grsecurity-2.9-3.2.12-201203212033.patch b/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch index adc602d..94d7e91 100644 --- a/3.2.12/4420_grsecurity-2.9-3.2.12-201203212033.patch +++ b/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch @@ -12299,7 +12299,7 @@ index 36361bf..324f262 100644 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 566e803..dfa5535 100644 +index 566e803..7183d0b 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -11,15 +11,15 @@ @@ -12440,7 +12440,7 @@ index 566e803..dfa5535 100644 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,24 +235,72 @@ extern void copy_from_user_overflow(void) +@@ -199,17 +235,65 @@ extern void copy_from_user_overflow(void) #endif ; @@ -12513,29 +12513,18 @@ index 566e803..dfa5535 100644 return n; } - long __must_check strncpy_from_user(char *dst, const char __user *src, -- long count); -+ unsigned long count); - long __must_check __strncpy_from_user(char *dst, -- const char __user *src, long count); -+ const char __user *src, unsigned long count); - - /** - * strlen_user: - Get the size of a string in user space. -@@ -234,8 +318,8 @@ long __must_check __strncpy_from_user(char *dst, - */ +@@ -235,7 +319,7 @@ long __must_check __strncpy_from_user(char *dst, #define strlen_user(str) strnlen_user(str, LONG_MAX) --long strnlen_user(const char __user *str, long n); + long strnlen_user(const char __user *str, long n); -unsigned long __must_check clear_user(void __user *mem, unsigned long len); -unsigned long __must_check __clear_user(void __user *mem, unsigned long len); -+long strnlen_user(const char __user *str, unsigned long n); +unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2); +unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2); #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..8a44920 100644 +index 1c66d30..e294b5f 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -12879,7 +12868,7 @@ index 1c66d30..8a44920 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,51 +303,103 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -203,8 +303,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -12898,16 +12887,9 @@ index 1c66d30..8a44920 100644 } } - __must_check long --strncpy_from_user(char *dst, const char __user *src, long count); -+strncpy_from_user(char *dst, const char __user *src, unsigned long count); - __must_check long --__strncpy_from_user(char *dst, const char __user *src, long count); --__must_check long strnlen_user(const char __user *str, long n); --__must_check long __strnlen_user(const char __user *str, long n); -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count); -+__must_check long strnlen_user(const char __user *str, unsigned long n); -+__must_check long __strnlen_user(const char __user *str, unsigned long n); +@@ -215,39 +323,83 @@ __strncpy_from_user(char *dst, const char __user *src, long count); + __must_check long strnlen_user(const char __user *str, long n); + __must_check long __strnlen_user(const char __user *str, long n); __must_check long strlen_user(const char __user *str); -__must_check unsigned long clear_user(void __user *mem, unsigned long len); -__must_check unsigned long __clear_user(void __user *mem, unsigned long len); @@ -22633,7 +22615,7 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index e218d5d..1e01930 100644 +index e218d5d..a99a1eb 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -43,7 +43,7 @@ do { \ @@ -22645,24 +22627,6 @@ index e218d5d..1e01930 100644 " stosb\n" \ " testb %%al,%%al\n" \ " jz 1f\n" \ -@@ -83,7 +83,7 @@ do { \ - * and returns @count. - */ - long --__strncpy_from_user(char *dst, const char __user *src, long count) -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res; - __do_strncpy_from_user(dst, src, count, res); -@@ -110,7 +110,7 @@ EXPORT_SYMBOL(__strncpy_from_user); - * and returns @count. - */ - long --strncpy_from_user(char *dst, const char __user *src, long count) -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res = -EFAULT; - if (access_ok(VERIFY_READ, src, 1)) @@ -128,10 +128,12 @@ do { \ int __d0; \ might_fault(); \ @@ -22676,15 +22640,6 @@ index e218d5d..1e01930 100644 ".section .fixup,\"ax\"\n" \ "3: lea 0(%2,%0,4),%0\n" \ " jmp 2b\n" \ -@@ -192,7 +194,7 @@ EXPORT_SYMBOL(__clear_user); - * On exception, returns 0. - * If the string is too long, returns a value greater than @n. - */ --long strnlen_user(const char __user *s, long n) -+long strnlen_user(const char __user *s, unsigned long n) - { - unsigned long mask = -__addr_ok(s); - unsigned long res, tmp; @@ -200,6 +202,7 @@ long strnlen_user(const char __user *s, long n) might_fault(); @@ -23310,15 +23265,11 @@ index e218d5d..1e01930 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index b7c2849..bab76d3 100644 +index b7c2849..8633ad8 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c -@@ -39,16 +39,22 @@ do { \ - } while (0) - - long --__strncpy_from_user(char *dst, const char __user *src, long count) -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) +@@ -42,6 +42,12 @@ long + __strncpy_from_user(char *dst, const char __user *src, long count) { long res; + @@ -23330,14 +23281,6 @@ index b7c2849..bab76d3 100644 __do_strncpy_from_user(dst, src, count, res); return res; } - EXPORT_SYMBOL(__strncpy_from_user); - - long --strncpy_from_user(char *dst, const char __user *src, long count) -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res = -EFAULT; - if (access_ok(VERIFY_READ, src, 1)) @@ -65,6 +71,12 @@ unsigned long __clear_user(void __user *addr, unsigned long size) { long __d0; @@ -23351,24 +23294,6 @@ index b7c2849..bab76d3 100644 /* no memory constraint because it doesn't change any memory gcc knows about */ asm volatile( -@@ -107,7 +119,7 @@ EXPORT_SYMBOL(clear_user); - * Return 0 on exception, a value greater than N if too long - */ - --long __strnlen_user(const char __user *s, long n) -+long __strnlen_user(const char __user *s, unsigned long n) - { - long res = 0; - char c; -@@ -125,7 +137,7 @@ long __strnlen_user(const char __user *s, long n) - } - EXPORT_SYMBOL(__strnlen_user); - --long strnlen_user(const char __user *s, long n) -+long strnlen_user(const char __user *s, unsigned long n) - { - if (!access_ok(VERIFY_READ, s, 1)) - return 0; @@ -149,12 +161,20 @@ long strlen_user(const char __user *s) } EXPORT_SYMBOL(strlen_user); @@ -43401,7 +43326,7 @@ index 0e3c092..818480e 100644 kunmap(page); if (ret != len) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 9895400..fa40a7d 100644 +index 9895400..78a67e7 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -244,7 +244,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -43413,6 +43338,15 @@ index 9895400..fa40a7d 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; +@@ -598,7 +598,7 @@ static struct dentry *ceph_lookup(struct inode *dir, struct dentry *dentry, + if (nd && + (nd->flags & LOOKUP_OPEN) && + !(nd->intent.open.flags & O_CREAT)) { +- int mode = nd->intent.open.create_mode & ~current->fs->umask; ++ int mode = nd->intent.open.create_mode & ~current_umask(); + return ceph_lookup_open(dir, dentry, nd, mode, 1); + } + diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index cfd1ce3..6b13a74 100644 --- a/fs/cifs/asn1.c |