Grsec/PaX: 3.0-{3.2.55,3.13.4}-201402221308

author: Anthony G. Basile <blueness@gentoo.org> 2014-02-25 09:34:41 -0500
committer: Anthony G. Basile <blueness@gentoo.org> 2014-02-25 09:34:41 -0500
commit: dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065 (patch)
tree: 2ca33ace65e0bc57ccd82bbad8f2e5564be4d9e7
parent: Grsec/PaX: 3.0-{3.2.55,3.13.3}-201402192252 (diff)
download: hardened-patchset-dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065.tar.gz
hardened-patchset-dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065.tar.bz2
hardened-patchset-dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065.zip
4 files changed, 338 insertions, 104 deletions
diff --git a/3.13.3/0000_README b/3.13.3/0000_README
index 398b4fa..dc48ad4 100644
--- a/3.13.3/0000_README
+++ b/3.13.3/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.0-3.13.3-201402192252.patch
+Patch:	4420_grsecurity-3.0-3.13.4-201402221308.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.13.3/4420_grsecurity-3.0-3.13.3-201402192252.patch b/3.13.3/4420_grsecurity-3.0-3.13.4-201402221308.patch
index 26f9252..0cb3174 100644
--- a/3.13.3/4420_grsecurity-3.0-3.13.3-201402192252.patch
+++ b/3.13.3/4420_grsecurity-3.0-3.13.4-201402221308.patch
@@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index 704b508..4a788c4 100644
+index 2236ed8..89d7bf0 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -895,7 +895,7 @@ index c1f1a7e..554b0cd 100644
  	  kexec is a system call that implements the ability to shutdown your
  	  current kernel, and to start another kernel.  It is like a reboot
 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 62d2cb5..7a13651 100644
+index 62d2cb5..09d45e3 100644
 --- a/arch/arm/include/asm/atomic.h
 +++ b/arch/arm/include/asm/atomic.h
 @@ -18,17 +18,35 @@
@@ -1398,7 +1398,7 @@ index 62d2cb5..7a13651 100644
  "	sbc	%R0, %R0, %R4\n"
  "	strexd	%1, %0, %H0, [%3]\n"
  "	teq	%1, #0\n"
-@@ -344,17 +691,28 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
+@@ -344,16 +691,29 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
  	__asm__ __volatile__("@ atomic64_sub_return\n"
  "1:	ldrexd	%0, %H0, [%3]\n"
  "	subs	%Q0, %Q0, %Q4\n"
@@ -1425,14 +1425,13 @@ index 62d2cb5..7a13651 100644
  	: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
  	: "r" (&v->counter), "r" (i)
  	: "cc");
--
+ 
 -	smp_mb();
 -
--	return result;
+ 	return result;
  }
  
- static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
-@@ -382,6 +740,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
+@@ -382,6 +742,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
  	return oldval;
  }
  
@@ -1464,7 +1463,7 @@ index 62d2cb5..7a13651 100644
  static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
  {
  	long long result;
-@@ -406,20 +789,34 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
+@@ -406,20 +791,34 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
  static inline long long atomic64_dec_if_positive(atomic64_t *v)
  {
  	long long result;
@@ -1505,7 +1504,7 @@ index 62d2cb5..7a13651 100644
  	: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
  	: "r" (&v->counter)
  	: "cc");
-@@ -442,13 +839,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -442,13 +841,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
  "	teq	%0, %5\n"
  "	teqeq	%H0, %H5\n"
  "	moveq	%1, #0\n"
@@ -1534,7 +1533,7 @@ index 62d2cb5..7a13651 100644
  	: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
  	: "r" (&v->counter), "r" (u), "r" (a)
  	: "cc");
-@@ -461,10 +870,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -461,10 +872,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
  
  #define atomic64_add_negative(a, v)	(atomic64_add_return((a), (v)) < 0)
  #define atomic64_inc(v)			atomic64_add(1LL, (v))
@@ -38160,7 +38159,7 @@ index d39cca6..8c1e269 100644
  
  	if (cmd != SIOCWANDEV)
 diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 429b75b..a4f540d 100644
+index 429b75b..a7f4145 100644
 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
 @@ -270,10 +270,17 @@
@@ -38211,6 +38210,19 @@ index 429b75b..a4f540d 100644
  #if 0
  	/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1  -- 115 */
  	{ S(2048),	1638,	1231,	819,	411,	1 },
+@@ -433,9 +444,9 @@ struct entropy_store {
+ };
+ 
+ static void push_to_pool(struct work_struct *work);
+-static __u32 input_pool_data[INPUT_POOL_WORDS];
+-static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
+-static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
++static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
++static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
++static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
+ 
+ static struct entropy_store input_pool = {
+ 	.poolinfo = &poolinfo_table[0],
 @@ -524,8 +535,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
  		input_rotate = (input_rotate + (i ? 7 : 14)) & 31;
  	}
@@ -47785,10 +47797,10 @@ index 84419af..268ede8 100644
  					&dev_attr_energy_uj.attr;
  	}
 diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
-index d85f313..ae857d0 100644
+index 0186c1b..6491409 100644
 --- a/drivers/regulator/core.c
 +++ b/drivers/regulator/core.c
-@@ -3362,7 +3362,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3369,7 +3369,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
  {
  	const struct regulation_constraints *constraints = NULL;
  	const struct regulator_init_data *init_data;
@@ -47797,7 +47809,7 @@ index d85f313..ae857d0 100644
  	struct regulator_dev *rdev;
  	struct device *dev;
  	int ret, i;
-@@ -3432,7 +3432,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
+@@ -3439,7 +3439,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
  	rdev->dev.of_node = config->of_node;
  	rdev->dev.parent = dev;
  	dev_set_name(&rdev->dev, "regulator.%d",
@@ -55371,7 +55383,7 @@ index ca0ba15..0fa3257 100644
  				fd_offset + ex.a_text);
  		if (error != N_DATADDR(ex)) {
 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 571a423..dbb9c6c 100644
+index 571a423..eed5754 100644
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
 @@ -34,6 +34,7 @@
@@ -55382,6 +55394,15 @@ index 571a423..dbb9c6c 100644
  #include <asm/uaccess.h>
  #include <asm/param.h>
  #include <asm/page.h>
+@@ -48,7 +49,7 @@
+ static int load_elf_binary(struct linux_binprm *bprm);
+ static int load_elf_library(struct file *);
+ static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
+-				int, int, unsigned long);
++				int, int, unsigned long) __intentional_overflow(-1);
+ 
+ /*
+  * If we don't support core dumping, then supply a NULL so we
 @@ -60,6 +61,14 @@ static int elf_core_dump(struct coredump_params *cprm);
  #define elf_core_dump	NULL
  #endif
@@ -56528,10 +56549,10 @@ index d71a11d..384e2c4 100644
  	wake_up(&root->fs_info->transaction_wait);
  	wake_up(&root->fs_info->transaction_blocked_wait);
 diff --git a/fs/buffer.c b/fs/buffer.c
-index 6024877..7bd000a 100644
+index aeeea65..7651d590 100644
 --- a/fs/buffer.c
 +++ b/fs/buffer.c
-@@ -3426,7 +3426,7 @@ void __init buffer_init(void)
+@@ -3428,7 +3428,7 @@ void __init buffer_init(void)
  	bh_cachep = kmem_cache_create("buffer_head",
  			sizeof(struct buffer_head), 0,
  				(SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
@@ -82340,7 +82361,7 @@ index 7ceed99..d3ffaa2 100644
  static inline int rate_supported(struct ieee80211_sta *sta,
  				 enum ieee80211_band band,
 diff --git a/include/net/neighbour.h b/include/net/neighbour.h
-index 536501a..74ad02bc 100644
+index 536501a..47b7982 100644
 --- a/include/net/neighbour.h
 +++ b/include/net/neighbour.h
 @@ -123,7 +123,7 @@ struct neigh_ops {
@@ -82352,7 +82373,15 @@ index 536501a..74ad02bc 100644
  
  struct pneigh_entry {
  	struct pneigh_entry	*next;
-@@ -178,7 +178,7 @@ struct neigh_table {
+@@ -163,7 +163,6 @@ struct neigh_table {
+ 	void			(*proxy_redo)(struct sk_buff *skb);
+ 	char			*id;
+ 	struct neigh_parms	parms;
+-	/* HACK. gc_* should follow parms without a gap! */
+ 	int			gc_interval;
+ 	int			gc_thresh1;
+ 	int			gc_thresh2;
+@@ -178,7 +177,7 @@ struct neigh_table {
  	struct neigh_statistics	__percpu *stats;
  	struct neigh_hash_table __rcu *nht;
  	struct pneigh_entry	**phash_buckets;
@@ -89993,10 +90022,10 @@ index db25707..8b16430 100644
  	  This option lets you use the FireWire bus for remote debugging
  	  with help of the firewire-ohci driver. It enables unfiltered
 diff --git a/lib/Makefile b/lib/Makefile
-index a459c31..3320e82 100644
+index 04944e9..f43eabe 100644
 --- a/lib/Makefile
 +++ b/lib/Makefile
-@@ -49,7 +49,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
+@@ -50,7 +50,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
  obj-$(CONFIG_BTREE) += btree.o
  obj-$(CONFIG_ASSOCIATIVE_ARRAY) += assoc_array.o
  obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o
@@ -93711,7 +93740,7 @@ index fec093a..8162f74 100644
  	struct mm_struct *mm;
  
 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 2d30e2c..8b3d14c 100644
+index 7106cb1..0805f48 100644
 --- a/mm/page-writeback.c
 +++ b/mm/page-writeback.c
 @@ -685,7 +685,7 @@ static inline long long pos_ratio_polynom(unsigned long setpoint,
@@ -95099,7 +95128,7 @@ index 84b26aa..ce39899 100644
  }
  
 diff --git a/mm/swapfile.c b/mm/swapfile.c
-index 612a7c9..66b0f5a 100644
+index 461fce2..363ae44 100644
 --- a/mm/swapfile.c
 +++ b/mm/swapfile.c
 @@ -66,7 +66,7 @@ static DEFINE_MUTEX(swapon_mutex);
@@ -95111,16 +95140,16 @@ index 612a7c9..66b0f5a 100644
  
  static inline unsigned char swap_count(unsigned char ent)
  {
-@@ -1949,7 +1949,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
- 	}
- 	filp_close(swap_file, NULL);
+@@ -1958,7 +1958,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
+ 	spin_unlock(&swap_lock);
+ 
  	err = 0;
 -	atomic_inc(&proc_poll_event);
 +	atomic_inc_unchecked(&proc_poll_event);
  	wake_up_interruptible(&proc_poll_wait);
  
  out_dput:
-@@ -1966,8 +1966,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
+@@ -1975,8 +1975,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
  
  	poll_wait(file, &proc_poll_wait, wait);
  
@@ -95131,7 +95160,7 @@ index 612a7c9..66b0f5a 100644
  		return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
  	}
  
-@@ -2065,7 +2065,7 @@ static int swaps_open(struct inode *inode, struct file *file)
+@@ -2074,7 +2074,7 @@ static int swaps_open(struct inode *inode, struct file *file)
  		return ret;
  
  	seq = file->private_data;
@@ -95140,7 +95169,7 @@ index 612a7c9..66b0f5a 100644
  	return 0;
  }
  
-@@ -2524,7 +2524,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
+@@ -2533,7 +2533,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
  		(frontswap_map) ? "FS" : "");
  
  	mutex_unlock(&swapon_mutex);
@@ -96429,7 +96458,7 @@ index b618694..192bbba 100644
  
  	m->msg_iov = iov;
 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 932c6d7..7c7aa10 100644
+index 932c6d7..71fd94a 100644
 --- a/net/core/neighbour.c
 +++ b/net/core/neighbour.c
 @@ -2775,7 +2775,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
@@ -96441,6 +96470,23 @@ index 932c6d7..7c7aa10 100644
  
  	tmp.extra1 = &zero;
  	tmp.extra2 = &unres_qlen_max;
+@@ -2983,11 +2983,12 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
+ 		memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
+ 		       sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
+ 	} else {
++		struct neigh_table *ntable = container_of(p, struct neigh_table, parms);
+ 		dev_name_source = "default";
+-		t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = (int *)(p + 1);
+-		t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = (int *)(p + 1) + 1;
+-		t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = (int *)(p + 1) + 2;
+-		t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = (int *)(p + 1) + 3;
++		t->neigh_vars[NEIGH_VAR_GC_INTERVAL].data = &ntable->gc_interval;
++		t->neigh_vars[NEIGH_VAR_GC_THRESH1].data = &ntable->gc_thresh1;
++		t->neigh_vars[NEIGH_VAR_GC_THRESH2].data = &ntable->gc_thresh2;
++		t->neigh_vars[NEIGH_VAR_GC_THRESH3].data = &ntable->gc_thresh3;
+ 	}
+ 
+ 
 diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c
 index 2bf8329..7960607 100644
 --- a/net/core/net-procfs.c
@@ -103593,21 +103639,6 @@ index 48c3cc9..8022cf7 100644
  	rtnl_lock();
  	for_each_net(net)
  		rt_genid_bump_all(net);
-diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
-index d106733..539aadd 100644
---- a/security/selinux/ss/services.c
-+++ b/security/selinux/ss/services.c
-@@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
- 	struct context context;
- 	int rc = 0;
- 
-+	/* An empty security context is never valid. */
-+	if (!scontext_len)
-+		return -EINVAL;
-+
- 	if (!ss_initialized) {
- 		int i;
- 
 diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
 index b0be893..646bd94 100644
 --- a/security/smack/smack_lsm.c
@@ -105362,10 +105393,10 @@ index 0000000..4f67ac1
 +}
 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
 new file mode 100644
-index 0000000..312d3b6
+index 0000000..af12645
 --- /dev/null
 +++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,268 @@
+@@ -0,0 +1,274 @@
 +#ifndef GCC_COMMON_H_INCLUDED
 +#define GCC_COMMON_H_INCLUDED
 +
@@ -105603,8 +105634,14 @@ index 0000000..312d3b6
 +#endif
 +
 +#if BUILDING_GCC_VERSION <= 4008
-+#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN)
-+#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN)
++#define ENTRY_BLOCK_PTR_FOR_FN(FN)	ENTRY_BLOCK_PTR_FOR_FUNCTION(FN)
++#define EXIT_BLOCK_PTR_FOR_FN(FN)	EXIT_BLOCK_PTR_FOR_FUNCTION(FN)
++#define basic_block_info_for_fn(FN)	((FN)->cfg->x_basic_block_info)
++#define n_basic_blocks_for_fn(FN)	((FN)->cfg->x_n_basic_blocks)
++#define n_edges_for_fn(FN)		((FN)->cfg->x_n_edges)
++#define last_basic_block_for_fn(FN)	((FN)->cfg->x_last_basic_block)
++#define label_to_block_map_for_fn(FN)	((FN)->cfg->x_label_to_block_map)
++#define profile_status_for_fn(FN)	((FN)->cfg->x_profile_status)
 +
 +static inline const char *get_tree_code_name(enum tree_code code)
 +{
@@ -106463,10 +106500,10 @@ index 0000000..dd73713
 +}
 diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
 new file mode 100644
-index 0000000..515d689
+index 0000000..7e39d81
 --- /dev/null
 +++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,337 @@
+@@ -0,0 +1,403 @@
 +/*
 + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -106477,7 +106514,7 @@ index 0000000..515d689
 + *       any of the gcc libraries
 + *
 + * gcc plugin to help generate a little bit of entropy from program state,
-+ * used during boot in the kernel
++ * used throughout the uptime of the kernel
 + *
 + * TODO:
 + * - add ipa pass to identify not explicitly marked candidate functions
@@ -106495,19 +106532,30 @@ index 0000000..515d689
 +static tree latent_entropy_decl;
 +
 +static struct plugin_info latent_entropy_plugin_info = {
-+	.version	= "201402131900",
++	.version	= "201402210120",
 +	.help		= NULL
 +};
 +
 +static unsigned HOST_WIDE_INT seed;
 +static unsigned HOST_WIDE_INT get_random_const(void)
 +{
-+	seed = (seed >> 1U) ^ (-(seed & 1ULL) & 0xD800000000000000ULL);
-+	return seed;
++	unsigned int i;
++	unsigned HOST_WIDE_INT ret = 0;
++
++	for (i = 0; i < 8 * sizeof ret; i++) {
++		ret = (ret << 1) | (seed & 1);
++		seed >>= 1;
++		if (ret & 1)
++			seed ^= 0xD800000000000000ULL;
++	}
++
++	return ret;
 +}
 +
 +static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
 +{
++	tree type;
++
 +	switch (TREE_CODE(*node)) {
 +	default:
 +		*no_add_attrs = true;
@@ -106520,7 +106568,65 @@ index 0000000..515d689
 +			error("variable %qD with %qE attribute must not be initialized", *node, name);
 +			break;
 +		}
-+		DECL_INITIAL(*node) = build_int_cstu(long_long_unsigned_type_node, get_random_const());
++
++		if (!TREE_STATIC(*node)) {
++			*no_add_attrs = true;
++			error("variable %qD with %qE attribute must not be local", *node, name);
++			break;
++		}
++
++		type = TREE_TYPE(*node);
++		switch (TREE_CODE(type)) {
++		default:
++			*no_add_attrs = true;
++			error("variable %qD with %qE attribute must be an integer or a fixed length integer array type", *node, name);
++			break;
++
++		case INTEGER_TYPE:
++			DECL_INITIAL(*node) = build_int_cstu(type, get_random_const());
++			break;
++
++		case ARRAY_TYPE: {
++			tree elt_type, array_size, elt_size;
++			unsigned long long mask;
++			unsigned int i, nelt;
++#if BUILDING_GCC_VERSION <= 4007
++			VEC(constructor_elt, gc) *vals;
++#else
++			vec<constructor_elt, va_gc> *vals;
++#endif
++
++			elt_type = TREE_TYPE(type);
++			elt_size = TYPE_SIZE_UNIT(TREE_TYPE(type));
++			array_size = TYPE_SIZE_UNIT(type);
++
++			if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) {
++				*no_add_attrs = true;
++				error("variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
++				break;
++			}
++
++			nelt = TREE_INT_CST_LOW(array_size) / TREE_INT_CST_LOW(elt_size);
++#if BUILDING_GCC_VERSION <= 4007
++			vals = VEC_alloc(constructor_elt, gc, nelt);
++#else
++			vec_alloc(vals, nelt);
++#endif
++
++			mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(elt_type)) - 1);
++			mask = 2 * (mask - 1) + 1;
++
++			for (i = 0; i < nelt; i++)
++				if (TYPE_UNSIGNED(elt_type))
++					CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cstu(elt_type, mask & get_random_const()));
++				else
++					CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cst(elt_type, mask & get_random_const()));
++
++			DECL_INITIAL(*node) = build_constructor(type, vals);
++//debug_tree(DECL_INITIAL(*node));
++			break;
++		}
++		}
 +		break;
 +
 +	case FUNCTION_DECL:
@@ -106550,10 +106656,7 @@ index 0000000..515d689
 +
 +static bool gate_latent_entropy(void)
 +{
-+	tree latent_entropy_attr;
-+
-+	latent_entropy_attr = lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl));
-+	return latent_entropy_attr != NULL_TREE;
++	return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
 +}
 +
 +static enum tree_code get_op(tree *rhs)
@@ -106806,10 +106909,10 @@ index 0000000..515d689
 +}
 diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
 new file mode 100644
-index 0000000..bc490ca
+index 0000000..8dafb22
 --- /dev/null
 +++ b/tools/gcc/randomize_layout_plugin.c
-@@ -0,0 +1,906 @@
+@@ -0,0 +1,910 @@
 +/*
 + * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
 + *                   and PaX Team <pageexec@freemail.hu>
@@ -106838,7 +106941,7 @@ index 0000000..bc490ca
 +static int performance_mode;
 +
 +static struct plugin_info randomize_layout_plugin_info = {
-+	.version	= "201402061950",
++	.version	= "201402201816",
 +	.help		= "disable\t\t\tdo not activate plugin\n"
 +			  "performance-mode\tenable cacheline-aware layout randomization\n"
 +};
@@ -107375,6 +107478,10 @@ index 0000000..bc490ca
 +			continue;
 +		}
 +
++		/* pipacs' plugin creates franken-arrays that differ from those produced by
++		   normal code which all have valid 'field' trees. work around this */
++		if (field == NULL_TREE)
++			continue;
 +		field_type = TREE_TYPE(field);
 +		val_type = TREE_TYPE(val);
 +
@@ -117484,10 +117591,10 @@ index 0000000..4aab36f
 +}
 diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
 new file mode 100644
-index 0000000..e684c74
+index 0000000..5c0b937
 --- /dev/null
 +++ b/tools/gcc/stackleak_plugin.c
-@@ -0,0 +1,373 @@
+@@ -0,0 +1,374 @@
 +/*
 + * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -117641,7 +117748,8 @@ index 0000000..e684c74
 +		body = XEXP(body, 0);
 +		if (GET_CODE(body) != SYMBOL_REF)
 +			continue;
-+		if (strcmp(XSTR(body, 0), track_function))
++//		if (strcmp(XSTR(body, 0), track_function))
++		if (SYMBOL_REF_DECL(body) != track_function_decl)
 +			continue;
 +//		warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size);
 +		// 2. delete call
@@ -117714,7 +117822,7 @@ index 0000000..e684c74
 +		.properties_provided	= 0,
 +		.properties_destroyed	= 0,
 +		.todo_flags_start	= 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
-+		.todo_flags_finish	= TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa
++		.todo_flags_finish	= TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa | TODO_rebuild_cgraph_edges
 +#if BUILDING_GCC_VERSION < 4009
 +	}
 +#endif
diff --git a/3.2.55/0000_README b/3.2.55/0000_README
index 943c944..f58c905 100644
--- a/3.2.55/0000_README
+++ b/3.2.55/0000_README
@@ -138,7 +138,7 @@ Patch:	1054_linux-3.2.55.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.55
 
-Patch:	4420_grsecurity-3.0-3.2.55-201402192249.patch
+Patch:	4420_grsecurity-3.0-3.2.55-201402221305.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch
index 598b438..8c95615 100644
--- a/3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch
+++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch
@@ -34290,7 +34290,7 @@ index da3cfee..a5a6606 100644
  
  	*ppos = i;
 diff --git a/drivers/char/random.c b/drivers/char/random.c
-index c244f0e..2080073 100644
+index c244f0e..05e9c5e 100644
 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
 @@ -255,10 +255,8 @@
@@ -34557,7 +34557,7 @@ index c244f0e..2080073 100644
  /**********************************************************************
   *
   * OS independent entropy store.   Here are the functions which handle
-@@ -421,22 +425,26 @@ module_param(debug, bool, 0644);
+@@ -421,31 +425,35 @@ module_param(debug, bool, 0644);
  struct entropy_store;
  struct entropy_store {
  	/* read-only data: */
@@ -34584,11 +34584,15 @@ index c244f0e..2080073 100644
  	__u8 last_data[EXTRACT_SIZE];
  };
  
+-static __u32 input_pool_data[INPUT_POOL_WORDS];
+-static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
+-static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
 +static void push_to_pool(struct work_struct *work);
- static __u32 input_pool_data[INPUT_POOL_WORDS];
- static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
- static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
-@@ -445,7 +453,7 @@ static struct entropy_store input_pool = {
++static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
++static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
++static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
+ 
+ static struct entropy_store input_pool = {
  	.poolinfo = &poolinfo_table[0],
  	.name = "input",
  	.limit = 1,
@@ -52713,7 +52717,7 @@ index a6395bd..f1e376a 100644
  		(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
  #ifdef __alpha__
 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 8dd615c..52ad259 100644
+index 8dd615c..3ecdf113 100644
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
 @@ -32,6 +32,7 @@
@@ -52724,6 +52728,15 @@ index 8dd615c..52ad259 100644
  #include <asm/uaccess.h>
  #include <asm/param.h>
  #include <asm/page.h>
+@@ -39,7 +40,7 @@
+ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
+ static int load_elf_library(struct file *);
+ static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
+-				int, int, unsigned long);
++				int, int, unsigned long) __intentional_overflow(-1);
+ 
+ /*
+  * If we don't support core dumping, then supply a NULL so we
 @@ -51,6 +52,14 @@ static int elf_core_dump(struct coredump_params *cprm);
  #define elf_core_dump	NULL
  #endif
@@ -74957,11 +74970,18 @@ index d42bd48..554dcd5 100644
  /*
   * epoll (fs/eventpoll.c) compat bits follow ...
 diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index 643d6c4..289dbb3 100644
+index 643d6c4..3c5171b 100644
 --- a/include/linux/compiler-gcc4.h
 +++ b/include/linux/compiler-gcc4.h
-@@ -46,6 +46,26 @@
- #endif
+@@ -39,13 +39,29 @@
+  *
+  * (asm goto is automatically volatile - the naming reflects this.)
+  */
+-#if GCC_VERSION <= 40801
+ # define asm_volatile_goto(x...)	do { asm goto(x); asm (""); } while (0)
+-#else
+-# define asm_volatile_goto(x...)	do { asm goto(x); } while (0)
+-#endif
  
  #if __GNUC_MINOR__ >= 5
 +
@@ -74987,7 +75007,7 @@ index 643d6c4..289dbb3 100644
  /*
   * Mark a position in code as unreachable.  This can be used to
   * suppress control flow warnings after asm blocks that transfer
-@@ -61,6 +81,11 @@
+@@ -61,6 +77,11 @@
  #define __noclone	__attribute__((__noclone__))
  
  #endif
@@ -81223,7 +81243,7 @@ index 1a6201a..66d9531 100644
  static inline int rate_supported(struct ieee80211_sta *sta,
  				 enum ieee80211_band band,
 diff --git a/include/net/neighbour.h b/include/net/neighbour.h
-index 2720884..bbc0141 100644
+index 2720884..0dc13cd 100644
 --- a/include/net/neighbour.h
 +++ b/include/net/neighbour.h
 @@ -122,7 +122,7 @@ struct neigh_ops {
@@ -81235,7 +81255,15 @@ index 2720884..bbc0141 100644
  
  struct pneigh_entry {
  	struct pneigh_entry	*next;
-@@ -176,7 +176,7 @@ struct neigh_table {
+@@ -160,7 +160,6 @@ struct neigh_table {
+ 	void			(*proxy_redo)(struct sk_buff *skb);
+ 	char			*id;
+ 	struct neigh_parms	parms;
+-	/* HACK. gc_* should follow parms without a gap! */
+ 	int			gc_interval;
+ 	int			gc_thresh1;
+ 	int			gc_thresh2;
+@@ -176,7 +175,7 @@ struct neigh_table {
  	struct neigh_statistics	__percpu *stats;
  	struct neigh_hash_table __rcu *nht;
  	struct pneigh_entry	**phash_buckets;
@@ -97243,6 +97271,27 @@ index 139ef93..7afaa2f 100644
  		return -EFAULT;
  
  	m->msg_iov = iov;
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c
+index 0ea3fd3..d87fef1 100644
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -2803,11 +2803,12 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
+ 		/* Terminate the table early */
+ 		memset(&t->neigh_vars[14], 0, sizeof(t->neigh_vars[14]));
+ 	} else {
++		struct neigh_table *ntable = container_of(p, struct neigh_table, parms);
+ 		dev_name_source = neigh_path[NEIGH_CTL_PATH_DEV].procname;
+-		t->neigh_vars[14].data = (int *)(p + 1);
+-		t->neigh_vars[15].data = (int *)(p + 1) + 1;
+-		t->neigh_vars[16].data = (int *)(p + 1) + 2;
+-		t->neigh_vars[17].data = (int *)(p + 1) + 3;
++		t->neigh_vars[14].data = &ntable->gc_interval;
++		t->neigh_vars[15].data = &ntable->gc_thresh1;
++		t->neigh_vars[16].data = &ntable->gc_thresh2;
++		t->neigh_vars[17].data = &ntable->gc_thresh3;
+ 	}
+ 
+ 
 diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
 index 0329404..ab4e13a 100644
 --- a/net/core/net-sysfs.c
@@ -107829,10 +107878,10 @@ index 0000000..4f67ac1
 +}
 diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
 new file mode 100644
-index 0000000..312d3b6
+index 0000000..af12645
 --- /dev/null
 +++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,268 @@
+@@ -0,0 +1,274 @@
 +#ifndef GCC_COMMON_H_INCLUDED
 +#define GCC_COMMON_H_INCLUDED
 +
@@ -108070,8 +108119,14 @@ index 0000000..312d3b6
 +#endif
 +
 +#if BUILDING_GCC_VERSION <= 4008
-+#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN)
-+#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN)
++#define ENTRY_BLOCK_PTR_FOR_FN(FN)	ENTRY_BLOCK_PTR_FOR_FUNCTION(FN)
++#define EXIT_BLOCK_PTR_FOR_FN(FN)	EXIT_BLOCK_PTR_FOR_FUNCTION(FN)
++#define basic_block_info_for_fn(FN)	((FN)->cfg->x_basic_block_info)
++#define n_basic_blocks_for_fn(FN)	((FN)->cfg->x_n_basic_blocks)
++#define n_edges_for_fn(FN)		((FN)->cfg->x_n_edges)
++#define last_basic_block_for_fn(FN)	((FN)->cfg->x_last_basic_block)
++#define label_to_block_map_for_fn(FN)	((FN)->cfg->x_label_to_block_map)
++#define profile_status_for_fn(FN)	((FN)->cfg->x_profile_status)
 +
 +static inline const char *get_tree_code_name(enum tree_code code)
 +{
@@ -108930,10 +108985,10 @@ index 0000000..dd73713
 +}
 diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
 new file mode 100644
-index 0000000..515d689
+index 0000000..7e39d81
 --- /dev/null
 +++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,337 @@
+@@ -0,0 +1,403 @@
 +/*
 + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -108944,7 +108999,7 @@ index 0000000..515d689
 + *       any of the gcc libraries
 + *
 + * gcc plugin to help generate a little bit of entropy from program state,
-+ * used during boot in the kernel
++ * used throughout the uptime of the kernel
 + *
 + * TODO:
 + * - add ipa pass to identify not explicitly marked candidate functions
@@ -108962,19 +109017,30 @@ index 0000000..515d689
 +static tree latent_entropy_decl;
 +
 +static struct plugin_info latent_entropy_plugin_info = {
-+	.version	= "201402131900",
++	.version	= "201402210120",
 +	.help		= NULL
 +};
 +
 +static unsigned HOST_WIDE_INT seed;
 +static unsigned HOST_WIDE_INT get_random_const(void)
 +{
-+	seed = (seed >> 1U) ^ (-(seed & 1ULL) & 0xD800000000000000ULL);
-+	return seed;
++	unsigned int i;
++	unsigned HOST_WIDE_INT ret = 0;
++
++	for (i = 0; i < 8 * sizeof ret; i++) {
++		ret = (ret << 1) | (seed & 1);
++		seed >>= 1;
++		if (ret & 1)
++			seed ^= 0xD800000000000000ULL;
++	}
++
++	return ret;
 +}
 +
 +static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
 +{
++	tree type;
++
 +	switch (TREE_CODE(*node)) {
 +	default:
 +		*no_add_attrs = true;
@@ -108987,7 +109053,65 @@ index 0000000..515d689
 +			error("variable %qD with %qE attribute must not be initialized", *node, name);
 +			break;
 +		}
-+		DECL_INITIAL(*node) = build_int_cstu(long_long_unsigned_type_node, get_random_const());
++
++		if (!TREE_STATIC(*node)) {
++			*no_add_attrs = true;
++			error("variable %qD with %qE attribute must not be local", *node, name);
++			break;
++		}
++
++		type = TREE_TYPE(*node);
++		switch (TREE_CODE(type)) {
++		default:
++			*no_add_attrs = true;
++			error("variable %qD with %qE attribute must be an integer or a fixed length integer array type", *node, name);
++			break;
++
++		case INTEGER_TYPE:
++			DECL_INITIAL(*node) = build_int_cstu(type, get_random_const());
++			break;
++
++		case ARRAY_TYPE: {
++			tree elt_type, array_size, elt_size;
++			unsigned long long mask;
++			unsigned int i, nelt;
++#if BUILDING_GCC_VERSION <= 4007
++			VEC(constructor_elt, gc) *vals;
++#else
++			vec<constructor_elt, va_gc> *vals;
++#endif
++
++			elt_type = TREE_TYPE(type);
++			elt_size = TYPE_SIZE_UNIT(TREE_TYPE(type));
++			array_size = TYPE_SIZE_UNIT(type);
++
++			if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) {
++				*no_add_attrs = true;
++				error("variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
++				break;
++			}
++
++			nelt = TREE_INT_CST_LOW(array_size) / TREE_INT_CST_LOW(elt_size);
++#if BUILDING_GCC_VERSION <= 4007
++			vals = VEC_alloc(constructor_elt, gc, nelt);
++#else
++			vec_alloc(vals, nelt);
++#endif
++
++			mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(elt_type)) - 1);
++			mask = 2 * (mask - 1) + 1;
++
++			for (i = 0; i < nelt; i++)
++				if (TYPE_UNSIGNED(elt_type))
++					CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cstu(elt_type, mask & get_random_const()));
++				else
++					CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cst(elt_type, mask & get_random_const()));
++
++			DECL_INITIAL(*node) = build_constructor(type, vals);
++//debug_tree(DECL_INITIAL(*node));
++			break;
++		}
++		}
 +		break;
 +
 +	case FUNCTION_DECL:
@@ -109017,10 +109141,7 @@ index 0000000..515d689
 +
 +static bool gate_latent_entropy(void)
 +{
-+	tree latent_entropy_attr;
-+
-+	latent_entropy_attr = lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl));
-+	return latent_entropy_attr != NULL_TREE;
++	return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
 +}
 +
 +static enum tree_code get_op(tree *rhs)
@@ -109273,10 +109394,10 @@ index 0000000..515d689
 +}
 diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
 new file mode 100644
-index 0000000..bc490ca
+index 0000000..8dafb22
 --- /dev/null
 +++ b/tools/gcc/randomize_layout_plugin.c
-@@ -0,0 +1,906 @@
+@@ -0,0 +1,910 @@
 +/*
 + * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
 + *                   and PaX Team <pageexec@freemail.hu>
@@ -109305,7 +109426,7 @@ index 0000000..bc490ca
 +static int performance_mode;
 +
 +static struct plugin_info randomize_layout_plugin_info = {
-+	.version	= "201402061950",
++	.version	= "201402201816",
 +	.help		= "disable\t\t\tdo not activate plugin\n"
 +			  "performance-mode\tenable cacheline-aware layout randomization\n"
 +};
@@ -109842,6 +109963,10 @@ index 0000000..bc490ca
 +			continue;
 +		}
 +
++		/* pipacs' plugin creates franken-arrays that differ from those produced by
++		   normal code which all have valid 'field' trees. work around this */
++		if (field == NULL_TREE)
++			continue;
 +		field_type = TREE_TYPE(field);
 +		val_type = TREE_TYPE(val);
 +
@@ -120249,10 +120374,10 @@ index 0000000..4aab36f
 +}
 diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
 new file mode 100644
-index 0000000..e684c74
+index 0000000..5c0b937
 --- /dev/null
 +++ b/tools/gcc/stackleak_plugin.c
-@@ -0,0 +1,373 @@
+@@ -0,0 +1,374 @@
 +/*
 + * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -120406,7 +120531,8 @@ index 0000000..e684c74
 +		body = XEXP(body, 0);
 +		if (GET_CODE(body) != SYMBOL_REF)
 +			continue;
-+		if (strcmp(XSTR(body, 0), track_function))
++//		if (strcmp(XSTR(body, 0), track_function))
++		if (SYMBOL_REF_DECL(body) != track_function_decl)
 +			continue;
 +//		warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size);
 +		// 2. delete call
@@ -120479,7 +120605,7 @@ index 0000000..e684c74
 +		.properties_provided	= 0,
 +		.properties_destroyed	= 0,
 +		.todo_flags_start	= 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
-+		.todo_flags_finish	= TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa
++		.todo_flags_finish	= TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa | TODO_rebuild_cgraph_edges
 +#if BUILDING_GCC_VERSION < 4009
 +	}
 +#endif
author	Anthony G. Basile <blueness@gentoo.org>	2014-02-25 09:34:41 -0500
committer	Anthony G. Basile <blueness@gentoo.org>	2014-02-25 09:34:41 -0500
commit	dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065 (patch)
tree	2ca33ace65e0bc57ccd82bbad8f2e5564be4d9e7
parent	Grsec/PaX: 3.0-{3.2.55,3.13.3}-201402192252 (diff)
download	hardened-patchset-dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065.tar.gz hardened-patchset-dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065.tar.bz2 hardened-patchset-dc5a4e9bf9471a2e93a27d65a0d6877fb05d3065.zip