Grsec/PaX: 3.0-{3.2.58,3.14.3}-20140511200520140511

author: Anthony G. Basile <blueness@gentoo.org> 2014-05-12 08:35:58 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2014-05-12 08:35:58 -0400
commit: 77b297713485d2da87bfe9b58e57627ecc71b222 (patch)
tree: b9435787c9d83aad33649f70b4c47a3bb5b057ad
parent: Grsec/PaX: 3.0-{3.2.58,3.14.3}-201405101947 (diff)
download: hardened-patchset-20140511.tar.gz
hardened-patchset-20140511.tar.bz2
hardened-patchset-20140511.zip
4 files changed, 468 insertions, 25 deletions
diff --git a/3.14.3/0000_README b/3.14.3/0000_README
index 4ea0a4a..99900e8 100644
--- a/3.14.3/0000_README
+++ b/3.14.3/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.0-3.14.3-201405101947.patch
+Patch:	4420_grsecurity-3.0-3.14.3-201405112005.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch b/3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch
index d17eca9..c5fa685 100644
--- a/3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch
+++ b/3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch
@@ -9763,6 +9763,142 @@ index 502f632..da1917f 100644
  #define __S100	PAGE_READONLY
  #define __S101	PAGE_READONLY
  #define __S110	PAGE_SHARED
+diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
+index 0f9e945..a949e55 100644
+--- a/arch/sparc/include/asm/pgtable_64.h
++++ b/arch/sparc/include/asm/pgtable_64.h
+@@ -71,6 +71,23 @@
+ 
+ #include <linux/sched.h>
+ 
++extern unsigned long sparc64_valid_addr_bitmap[];
++
++/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
++static inline bool __kern_addr_valid(unsigned long paddr)
++{
++	if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
++		return false;
++	return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
++}
++
++static inline bool kern_addr_valid(unsigned long addr)
++{
++	unsigned long paddr = __pa(addr);
++
++	return __kern_addr_valid(paddr);
++}
++
+ /* Entries per page directory level. */
+ #define PTRS_PER_PTE	(1UL << (PAGE_SHIFT-3))
+ #define PTRS_PER_PMD	(1UL << PMD_BITS)
+@@ -79,9 +96,12 @@
+ /* Kernel has a separate 44bit address space. */
+ #define FIRST_USER_ADDRESS	0
+ 
+-#define pte_ERROR(e)	__builtin_trap()
+-#define pmd_ERROR(e)	__builtin_trap()
+-#define pgd_ERROR(e)	__builtin_trap()
++#define pmd_ERROR(e)							\
++	pr_err("%s:%d: bad pmd %p(%016lx) seen at (%pS)\n",		\
++	       __FILE__, __LINE__, &(e), pmd_val(e), __builtin_return_address(0))
++#define pgd_ERROR(e)							\
++	pr_err("%s:%d: bad pgd %p(%016lx) seen at (%pS)\n",		\
++	       __FILE__, __LINE__, &(e), pgd_val(e), __builtin_return_address(0))
+ 
+ #endif /* !(__ASSEMBLY__) */
+ 
+@@ -633,7 +653,7 @@ static inline unsigned long pmd_large(pmd_t pmd)
+ {
+ 	pte_t pte = __pte(pmd_val(pmd));
+ 
+-	return (pte_val(pte) & _PAGE_PMD_HUGE) && pte_present(pte);
++	return pte_val(pte) & _PAGE_PMD_HUGE;
+ }
+ 
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+@@ -719,20 +739,6 @@ static inline pmd_t pmd_mkwrite(pmd_t pmd)
+ 	return __pmd(pte_val(pte));
+ }
+ 
+-static inline pmd_t pmd_mknotpresent(pmd_t pmd)
+-{
+-	unsigned long mask;
+-
+-	if (tlb_type == hypervisor)
+-		mask = _PAGE_PRESENT_4V;
+-	else
+-		mask = _PAGE_PRESENT_4U;
+-
+-	pmd_val(pmd) &= ~mask;
+-
+-	return pmd;
+-}
+-
+ static inline pmd_t pmd_mksplitting(pmd_t pmd)
+ {
+ 	pte_t pte = __pte(pmd_val(pmd));
+@@ -757,6 +763,20 @@ static inline int pmd_present(pmd_t pmd)
+ 
+ #define pmd_none(pmd)			(!pmd_val(pmd))
+ 
++/* pmd_bad() is only called on non-trans-huge PMDs.  Our encoding is
++ * very simple, it's just the physical address.  PTE tables are of
++ * size PAGE_SIZE so make sure the sub-PAGE_SIZE bits are clear and
++ * the top bits outside of the range of any physical address size we
++ * support are clear as well.  We also validate the physical itself.
++ */
++#define pmd_bad(pmd)			((pmd_val(pmd) & ~PAGE_MASK) || \
++					 !__kern_addr_valid(pmd_val(pmd)))
++
++#define pud_none(pud)			(!pud_val(pud))
++
++#define pud_bad(pud)			((pud_val(pud) & ~PAGE_MASK) || \
++					 !__kern_addr_valid(pud_val(pud)))
++
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ extern void set_pmd_at(struct mm_struct *mm, unsigned long addr,
+ 		       pmd_t *pmdp, pmd_t pmd);
+@@ -790,10 +810,7 @@ static inline unsigned long __pmd_page(pmd_t pmd)
+ #define pud_page_vaddr(pud)		\
+ 	((unsigned long) __va(pud_val(pud)))
+ #define pud_page(pud) 			virt_to_page((void *)pud_page_vaddr(pud))
+-#define pmd_bad(pmd)			(0)
+ #define pmd_clear(pmdp)			(pmd_val(*(pmdp)) = 0UL)
+-#define pud_none(pud)			(!pud_val(pud))
+-#define pud_bad(pud)			(0)
+ #define pud_present(pud)		(pud_val(pud) != 0U)
+ #define pud_clear(pudp)			(pud_val(*(pudp)) = 0UL)
+ 
+@@ -893,6 +910,10 @@ extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *);
+ extern void update_mmu_cache_pmd(struct vm_area_struct *vma, unsigned long addr,
+ 				 pmd_t *pmd);
+ 
++#define __HAVE_ARCH_PMDP_INVALIDATE
++extern void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
++			    pmd_t *pmdp);
++
+ #define __HAVE_ARCH_PGTABLE_DEPOSIT
+ extern void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
+ 				       pgtable_t pgtable);
+@@ -919,18 +940,6 @@ extern unsigned long pte_file(pte_t);
+ extern pte_t pgoff_to_pte(unsigned long);
+ #define PTE_FILE_MAX_BITS	(64UL - PAGE_SHIFT - 1UL)
+ 
+-extern unsigned long sparc64_valid_addr_bitmap[];
+-
+-/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
+-static inline bool kern_addr_valid(unsigned long addr)
+-{
+-	unsigned long paddr = __pa(addr);
+-
+-	if ((paddr >> 41UL) != 0UL)
+-		return false;
+-	return test_bit(paddr >> 22, sparc64_valid_addr_bitmap);
+-}
+-
+ extern int page_in_phys_avail(unsigned long paddr);
+ 
+ /*
 diff --git a/arch/sparc/include/asm/pgtsrmmu.h b/arch/sparc/include/asm/pgtsrmmu.h
 index 79da178..c2eede8 100644
 --- a/arch/sparc/include/asm/pgtsrmmu.h
@@ -9940,6 +10076,20 @@ index a5f01ac..703b554 100644
  /*
   * Thread-synchronous status.
   *
+diff --git a/arch/sparc/include/asm/tsb.h b/arch/sparc/include/asm/tsb.h
+index 2230f80..90916f9 100644
+--- a/arch/sparc/include/asm/tsb.h
++++ b/arch/sparc/include/asm/tsb.h
+@@ -171,7 +171,8 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
+ 	andcc		REG1, REG2, %g0;		\
+ 	be,pt		%xcc, 700f;			\
+ 	 sethi		%hi(4 * 1024 * 1024), REG2;	\
+-	andn		REG1, REG2, REG1;		\
++	brgez,pn	REG1, FAIL_LABEL;		\
++	 andn		REG1, REG2, REG1;		\
+ 	and		VADDR, REG2, REG2;		\
+ 	brlz,pt		REG1, PTE_LABEL;		\
+ 	 or		REG1, REG2, REG1;		\
 diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h
 index 0167d26..767bb0c 100644
 --- a/arch/sparc/include/asm/uaccess.h
@@ -10688,10 +10838,37 @@ index 4ced92f..965eeed 100644
  }
  EXPORT_SYMBOL(die_if_kernel);
 diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c
-index 3c1a7cb..73e1923 100644
+index 3c1a7cb..9046547 100644
 --- a/arch/sparc/kernel/unaligned_64.c
 +++ b/arch/sparc/kernel/unaligned_64.c
-@@ -289,7 +289,7 @@ static void log_unaligned(struct pt_regs *regs)
+@@ -166,17 +166,23 @@ static unsigned long *fetch_reg_addr(unsigned int reg, struct pt_regs *regs)
+ unsigned long compute_effective_address(struct pt_regs *regs,
+ 					unsigned int insn, unsigned int rd)
+ {
++	int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
+ 	unsigned int rs1 = (insn >> 14) & 0x1f;
+ 	unsigned int rs2 = insn & 0x1f;
+-	int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
++	unsigned long addr;
+ 
+ 	if (insn & 0x2000) {
+ 		maybe_flush_windows(rs1, 0, rd, from_kernel);
+-		return (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
++		addr = (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
+ 	} else {
+ 		maybe_flush_windows(rs1, rs2, rd, from_kernel);
+-		return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
++		addr = (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
+ 	}
++
++	if (!from_kernel && test_thread_flag(TIF_32BIT))
++		addr &= 0xffffffff;
++
++	return addr;
+ }
+ 
+ /* This is just to make gcc think die_if_kernel does return... */
+@@ -289,7 +295,7 @@ static void log_unaligned(struct pt_regs *regs)
  	static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
  
  	if (__ratelimit(&ratelimit)) {
@@ -11281,7 +11458,7 @@ index 59dbd46..1dd7f5e 100644
  		if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
  			goto bad_area;
 diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
-index 69bb818..6ca35c8 100644
+index 69bb818..3542236 100644
 --- a/arch/sparc/mm/fault_64.c
 +++ b/arch/sparc/mm/fault_64.c
 @@ -22,6 +22,9 @@
@@ -11303,7 +11480,124 @@ index 69bb818..6ca35c8 100644
  	printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
  	dump_stack();
  	unhandled_fault(regs->tpc, current, regs);
-@@ -271,6 +274,466 @@ static void noinline __kprobes bogus_32bit_fault_address(struct pt_regs *regs,
+@@ -96,38 +99,51 @@ static unsigned int get_user_insn(unsigned long tpc)
+ 	pte_t *ptep, pte;
+ 	unsigned long pa;
+ 	u32 insn = 0;
+-	unsigned long pstate;
+ 
+-	if (pgd_none(*pgdp))
+-		goto outret;
++	if (pgd_none(*pgdp) || unlikely(pgd_bad(*pgdp)))
++		goto out;
+ 	pudp = pud_offset(pgdp, tpc);
+-	if (pud_none(*pudp))
+-		goto outret;
+-	pmdp = pmd_offset(pudp, tpc);
+-	if (pmd_none(*pmdp))
+-		goto outret;
++	if (pud_none(*pudp) || unlikely(pud_bad(*pudp)))
++		goto out;
+ 
+ 	/* This disables preemption for us as well. */
+-	__asm__ __volatile__("rdpr %%pstate, %0" : "=r" (pstate));
+-	__asm__ __volatile__("wrpr %0, %1, %%pstate"
+-				: : "r" (pstate), "i" (PSTATE_IE));
+-	ptep = pte_offset_map(pmdp, tpc);
+-	pte = *ptep;
+-	if (!pte_present(pte))
+-		goto out;
++	local_irq_disable();
+ 
+-	pa  = (pte_pfn(pte) << PAGE_SHIFT);
+-	pa += (tpc & ~PAGE_MASK);
++	pmdp = pmd_offset(pudp, tpc);
++	if (pmd_none(*pmdp) || unlikely(pmd_bad(*pmdp)))
++		goto out_irq_enable;
+ 
+-	/* Use phys bypass so we don't pollute dtlb/dcache. */
+-	__asm__ __volatile__("lduwa [%1] %2, %0"
+-			     : "=r" (insn)
+-			     : "r" (pa), "i" (ASI_PHYS_USE_EC));
++#ifdef CONFIG_TRANSPARENT_HUGEPAGE
++	if (pmd_trans_huge(*pmdp)) {
++		if (pmd_trans_splitting(*pmdp))
++			goto out_irq_enable;
+ 
++		pa  = pmd_pfn(*pmdp) << PAGE_SHIFT;
++		pa += tpc & ~HPAGE_MASK;
++
++		/* Use phys bypass so we don't pollute dtlb/dcache. */
++		__asm__ __volatile__("lduwa [%1] %2, %0"
++				     : "=r" (insn)
++				     : "r" (pa), "i" (ASI_PHYS_USE_EC));
++	} else
++#endif
++	{
++		ptep = pte_offset_map(pmdp, tpc);
++		pte = *ptep;
++		if (pte_present(pte)) {
++			pa  = (pte_pfn(pte) << PAGE_SHIFT);
++			pa += (tpc & ~PAGE_MASK);
++
++			/* Use phys bypass so we don't pollute dtlb/dcache. */
++			__asm__ __volatile__("lduwa [%1] %2, %0"
++					     : "=r" (insn)
++					     : "r" (pa), "i" (ASI_PHYS_USE_EC));
++		}
++		pte_unmap(ptep);
++	}
++out_irq_enable:
++	local_irq_enable();
+ out:
+-	pte_unmap(ptep);
+-	__asm__ __volatile__("wrpr %0, 0x0, %%pstate" : : "r" (pstate));
+-outret:
+ 	return insn;
+ }
+ 
+@@ -153,7 +169,8 @@ show_signal_msg(struct pt_regs *regs, int sig, int code,
+ }
+ 
+ static void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
+-			     unsigned int insn, int fault_code)
++			     unsigned long fault_addr, unsigned int insn,
++			     int fault_code)
+ {
+ 	unsigned long addr;
+ 	siginfo_t info;
+@@ -161,10 +178,18 @@ static void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
+ 	info.si_code = code;
+ 	info.si_signo = sig;
+ 	info.si_errno = 0;
+-	if (fault_code & FAULT_CODE_ITLB)
++	if (fault_code & FAULT_CODE_ITLB) {
+ 		addr = regs->tpc;
+-	else
+-		addr = compute_effective_address(regs, insn, 0);
++	} else {
++		/* If we were able to probe the faulting instruction, use it
++		 * to compute a precise fault address.  Otherwise use the fault
++		 * time provided address which may only have page granularity.
++		 */
++		if (insn)
++			addr = compute_effective_address(regs, insn, 0);
++		else
++			addr = fault_addr;
++	}
+ 	info.si_addr = (void __user *) addr;
+ 	info.si_trapno = 0;
+ 
+@@ -239,7 +264,7 @@ static void __kprobes do_kernel_fault(struct pt_regs *regs, int si_code,
+ 		/* The si_code was set to make clear whether
+ 		 * this was a SEGV_MAPERR or SEGV_ACCERR fault.
+ 		 */
+-		do_fault_siginfo(si_code, SIGSEGV, regs, insn, fault_code);
++		do_fault_siginfo(si_code, SIGSEGV, regs, address, insn, fault_code);
+ 		return;
+ 	}
+ 
+@@ -271,6 +296,466 @@ static void noinline __kprobes bogus_32bit_fault_address(struct pt_regs *regs,
  	show_regs(regs);
  }
  
@@ -11770,7 +12064,7 @@ index 69bb818..6ca35c8 100644
  asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
  {
  	enum ctx_state prev_state = exception_enter();
-@@ -344,6 +807,29 @@ retry:
+@@ -344,6 +829,29 @@ retry:
  	if (!vma)
  		goto bad_area;
  
@@ -11800,6 +12094,28 @@ index 69bb818..6ca35c8 100644
  	/* Pure DTLB misses do not tell us whether the fault causing
  	 * load/store/atomic was a write or not, it only says that there
  	 * was no match.  So in such a case we (carefully) read the
+@@ -525,7 +1033,7 @@ do_sigbus:
+ 	 * Send a sigbus, regardless of whether we were in kernel
+ 	 * or user mode.
+ 	 */
+-	do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, insn, fault_code);
++	do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, address, insn, fault_code);
+ 
+ 	/* Kernel mode? Handle exceptions or die */
+ 	if (regs->tstate & TSTATE_PRIV)
+diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
+index c4d3da6..1aed043 100644
+--- a/arch/sparc/mm/gup.c
++++ b/arch/sparc/mm/gup.c
+@@ -73,7 +73,7 @@ static int gup_huge_pmd(pmd_t *pmdp, pmd_t pmd, unsigned long addr,
+ 	struct page *head, *page, *tail;
+ 	int refs;
+ 
+-	if (!pmd_large(pmd))
++	if (!(pmd_val(pmd) & _PAGE_VALID))
+ 		return 0;
+ 
+ 	if (write && !pmd_write(pmd))
 diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
 index 9bd9ce8..dc84852 100644
 --- a/arch/sparc/mm/hugetlbpage.c
@@ -11944,6 +12260,67 @@ index eafbc65..5a8070d 100644
  #endif /* CONFIG_SMP */
  #endif /* CONFIG_DEBUG_DCFLUSH */
  }
+diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
+index b12cb5e..b89aba2 100644
+--- a/arch/sparc/mm/tlb.c
++++ b/arch/sparc/mm/tlb.c
+@@ -134,7 +134,7 @@ no_cache_flush:
+ 
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr,
+-			       pmd_t pmd, bool exec)
++			       pmd_t pmd)
+ {
+ 	unsigned long end;
+ 	pte_t *pte;
+@@ -142,8 +142,11 @@ static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr,
+ 	pte = pte_offset_map(&pmd, vaddr);
+ 	end = vaddr + HPAGE_SIZE;
+ 	while (vaddr < end) {
+-		if (pte_val(*pte) & _PAGE_VALID)
++		if (pte_val(*pte) & _PAGE_VALID) {
++			bool exec = pte_exec(*pte);
++
+ 			tlb_batch_add_one(mm, vaddr, exec);
++		}
+ 		pte++;
+ 		vaddr += PAGE_SIZE;
+ 	}
+@@ -177,19 +180,30 @@ void set_pmd_at(struct mm_struct *mm, unsigned long addr,
+ 	}
+ 
+ 	if (!pmd_none(orig)) {
+-		pte_t orig_pte = __pte(pmd_val(orig));
+-		bool exec = pte_exec(orig_pte);
+-
+ 		addr &= HPAGE_MASK;
+ 		if (pmd_trans_huge(orig)) {
++			pte_t orig_pte = __pte(pmd_val(orig));
++			bool exec = pte_exec(orig_pte);
++
+ 			tlb_batch_add_one(mm, addr, exec);
+ 			tlb_batch_add_one(mm, addr + REAL_HPAGE_SIZE, exec);
+ 		} else {
+-			tlb_batch_pmd_scan(mm, addr, orig, exec);
++			tlb_batch_pmd_scan(mm, addr, orig);
+ 		}
+ 	}
+ }
+ 
++void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
++		     pmd_t *pmdp)
++{
++	pmd_t entry = *pmdp;
++
++	pmd_val(entry) &= ~_PAGE_VALID;
++
++	set_pmd_at(vma->vm_mm, address, pmdp, entry);
++	flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE);
++}
++
+ void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
+ 				pgtable_t pgtable)
+ {
 diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
 index b3692ce..e4517c9 100644
 --- a/arch/tile/Kconfig
@@ -27950,7 +28327,7 @@ index da6b35a..977e9cf 100644
  
  #ifdef CONFIG_SMP
 diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
-index 1f96f93..d5c8f7a 100644
+index 1f96f93..6f29be7 100644
 --- a/arch/x86/kernel/vsyscall_64.c
 +++ b/arch/x86/kernel/vsyscall_64.c
 @@ -56,15 +56,13 @@
@@ -27970,6 +28347,15 @@ index 1f96f93..d5c8f7a 100644
  		else if (!strcmp("none", str))
  			vsyscall_mode = NONE;
  		else
+@@ -101,7 +99,7 @@ void update_vsyscall(struct timekeeper *tk)
+ 	vdata->monotonic_time_sec	= tk->xtime_sec
+ 					+ tk->wall_to_monotonic.tv_sec;
+ 	vdata->monotonic_time_snsec	= tk->xtime_nsec
+-					+ (tk->wall_to_monotonic.tv_nsec
++					+ ((u64)tk->wall_to_monotonic.tv_nsec
+ 						<< tk->shift);
+ 	while (vdata->monotonic_time_snsec >=
+ 					(((u64)NSEC_PER_SEC) << tk->shift)) {
 @@ -323,8 +321,7 @@ do_ret:
  	return true;
  
@@ -39200,7 +39586,7 @@ index 3d1cba9..0ab21d2 100644
  	if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) {
  		printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. "
 diff --git a/drivers/cpufreq/sparc-us3-cpufreq.c b/drivers/cpufreq/sparc-us3-cpufreq.c
-index 724ffbd..ad83692 100644
+index 724ffbd..f06aaaa 100644
 --- a/drivers/cpufreq/sparc-us3-cpufreq.c
 +++ b/drivers/cpufreq/sparc-us3-cpufreq.c
 @@ -18,14 +18,12 @@
@@ -39219,7 +39605,7 @@ index 724ffbd..ad83692 100644
  
  /* UltraSPARC-III has three dividers: 1, 2, and 32.  These are controlled
   * in the Safari config register.
-@@ -156,14 +154,26 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy)
+@@ -156,18 +154,28 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy)
  
  static int us3_freq_cpu_exit(struct cpufreq_policy *policy)
  {
@@ -39242,7 +39628,6 @@ index 724ffbd..ad83692 100644
 +	.target_index	= us3_freq_target,
 +	.get		= us3_freq_get,
 +	.exit		= us3_freq_cpu_exit,
-+	.owner		= THIS_MODULE,
 +	.name		= "UltraSPARC-III",
 +
 +};
@@ -39250,7 +39635,11 @@ index 724ffbd..ad83692 100644
  static int __init us3_freq_init(void)
  {
  	unsigned long manuf, impl, ver;
-@@ -180,55 +190,15 @@ static int __init us3_freq_init(void)
+-	int ret;
+ 
+ 	if (tlb_type != cheetah && tlb_type != cheetah_plus)
+ 		return -ENODEV;
+@@ -180,55 +188,15 @@ static int __init us3_freq_init(void)
  	    (impl == CHEETAH_IMPL ||
  	     impl == CHEETAH_PLUS_IMPL ||
  	     impl == JAGUAR_IMPL ||
@@ -94729,7 +95118,7 @@ index 769a67a..414d24f 100644
  
  		if (nstart < prev->vm_end)
 diff --git a/mm/mremap.c b/mm/mremap.c
-index 0843feb..4f5b2e6 100644
+index 0843feb..c3cde48 100644
 --- a/mm/mremap.c
 +++ b/mm/mremap.c
 @@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
@@ -94745,7 +95134,26 @@ index 0843feb..4f5b2e6 100644
  		pte = move_soft_dirty_pte(pte);
  		set_pte_at(mm, new_addr, new_pte, pte);
  	}
-@@ -337,6 +343,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
+@@ -194,10 +200,17 @@ unsigned long move_page_tables(struct vm_area_struct *vma,
+ 			break;
+ 		if (pmd_trans_huge(*old_pmd)) {
+ 			int err = 0;
+-			if (extent == HPAGE_PMD_SIZE)
++			if (extent == HPAGE_PMD_SIZE) {
++				VM_BUG_ON(vma->vm_file || !vma->anon_vma);
++				/* See comment in move_ptes() */
++				if (need_rmap_locks)
++					anon_vma_lock_write(vma->anon_vma);
+ 				err = move_huge_pmd(vma, new_vma, old_addr,
+ 						    new_addr, old_end,
+ 						    old_pmd, new_pmd);
++				if (need_rmap_locks)
++					anon_vma_unlock_write(vma->anon_vma);
++			}
+ 			if (err > 0) {
+ 				need_flush = true;
+ 				continue;
+@@ -337,6 +350,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
  	if (is_vm_hugetlb_page(vma))
  		goto Einval;
  
@@ -94757,7 +95165,7 @@ index 0843feb..4f5b2e6 100644
  	/* We can't remap across vm area boundaries */
  	if (old_len > vma->vm_end - addr)
  		goto Efault;
-@@ -392,20 +403,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len,
+@@ -392,20 +410,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len,
  	unsigned long ret = -EINVAL;
  	unsigned long charged = 0;
  	unsigned long map_flags;
@@ -94788,7 +95196,7 @@ index 0843feb..4f5b2e6 100644
  		goto out;
  
  	ret = do_munmap(mm, new_addr, new_len);
-@@ -474,6 +490,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -474,6 +497,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
  	unsigned long ret = -EINVAL;
  	unsigned long charged = 0;
  	bool locked = false;
@@ -94796,7 +95204,7 @@ index 0843feb..4f5b2e6 100644
  
  	if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
  		return ret;
-@@ -495,6 +512,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -495,6 +519,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
  	if (!new_len)
  		return ret;
  
@@ -94814,7 +95222,7 @@ index 0843feb..4f5b2e6 100644
  	down_write(&current->mm->mmap_sem);
  
  	if (flags & MREMAP_FIXED) {
-@@ -545,6 +573,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -545,6 +580,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
  				new_addr = addr;
  			}
  			ret = addr;
@@ -94822,7 +95230,7 @@ index 0843feb..4f5b2e6 100644
  			goto out;
  		}
  	}
-@@ -568,7 +597,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -568,7 +604,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
  			goto out;
  		}
  
diff --git a/3.2.58/0000_README b/3.2.58/0000_README
index ad7286d..5094122 100644
--- a/3.2.58/0000_README
+++ b/3.2.58/0000_README
@@ -150,7 +150,7 @@ Patch:	1057_linux-3.2.58.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.58
 
-Patch:	4420_grsecurity-3.0-3.2.58-201405101946.patch
+Patch:	4420_grsecurity-3.0-3.2.58-201405112002.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch b/3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch
index ed3fd8f..b77f99b 100644
--- a/3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch
+++ b/3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch
@@ -8351,10 +8351,37 @@ index 0cbdaa4..f37a97c 100644
  }
  EXPORT_SYMBOL(die_if_kernel);
 diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c
-index 76e4ac1..78f8bb1 100644
+index 76e4ac1..439d7e8 100644
 --- a/arch/sparc/kernel/unaligned_64.c
 +++ b/arch/sparc/kernel/unaligned_64.c
-@@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs *regs)
+@@ -156,17 +156,23 @@ static unsigned long *fetch_reg_addr(unsigned int reg, struct pt_regs *regs)
+ unsigned long compute_effective_address(struct pt_regs *regs,
+ 					unsigned int insn, unsigned int rd)
+ {
++	int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
+ 	unsigned int rs1 = (insn >> 14) & 0x1f;
+ 	unsigned int rs2 = insn & 0x1f;
+-	int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
++	unsigned long addr;
+ 
+ 	if (insn & 0x2000) {
+ 		maybe_flush_windows(rs1, 0, rd, from_kernel);
+-		return (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
++		addr = (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
+ 	} else {
+ 		maybe_flush_windows(rs1, rs2, rd, from_kernel);
+-		return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
++		addr = (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
+ 	}
++
++	if (!from_kernel && test_thread_flag(TIF_32BIT))
++		addr &= 0xffffffff;
++
++	return addr;
+ }
+ 
+ /* This is just to make gcc think die_if_kernel does return... */
+@@ -279,7 +285,7 @@ static void log_unaligned(struct pt_regs *regs)
  	static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
  
  	if (__ratelimit(&ratelimit)) {
@@ -63174,10 +63201,18 @@ index 03102d9..4ae347e 100644
  }
  
 diff --git a/fs/proc/stat.c b/fs/proc/stat.c
-index 4c9a859..0b51e6b 100644
+index 4c9a859..8c9ebb1 100644
 --- a/fs/proc/stat.c
 +++ b/fs/proc/stat.c
-@@ -67,6 +67,18 @@ static int show_stat(struct seq_file *p, void *v)
+@@ -11,6 +11,7 @@
+ #include <linux/irqnr.h>
+ #include <asm/cputime.h>
+ #include <linux/tick.h>
++#include <linux/grsecurity.h>
+ 
+ #ifndef arch_irq_stat_cpu
+ #define arch_irq_stat_cpu(cpu) 0
+@@ -67,6 +68,18 @@ static int show_stat(struct seq_file *p, void *v)
  	u64 sum_softirq = 0;
  	unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
  	struct timespec boottime;
@@ -63196,7 +63231,7 @@ index 4c9a859..0b51e6b 100644
  
  	user = nice = system = idle = iowait =
  		irq = softirq = steal = cputime64_zero;
-@@ -79,24 +91,27 @@ static int show_stat(struct seq_file *p, void *v)
+@@ -79,24 +92,27 @@ static int show_stat(struct seq_file *p, void *v)
  		nice = cputime64_add(nice, kstat_cpu(i).cpustat.nice);
  		system = cputime64_add(system, kstat_cpu(i).cpustat.system);
  		idle = cputime64_add(idle, get_idle_time(i));
@@ -63238,7 +63273,7 @@ index 4c9a859..0b51e6b 100644
  
  	seq_printf(p, "cpu  %llu %llu %llu %llu %llu %llu %llu %llu %llu "
  		"%llu\n",
-@@ -116,12 +131,14 @@ static int show_stat(struct seq_file *p, void *v)
+@@ -116,12 +132,14 @@ static int show_stat(struct seq_file *p, void *v)
  		nice = kstat_cpu(i).cpustat.nice;
  		system = kstat_cpu(i).cpustat.system;
  		idle = get_idle_time(i);
author	Anthony G. Basile <blueness@gentoo.org>	2014-05-12 08:35:58 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2014-05-12 08:35:58 -0400
commit	77b297713485d2da87bfe9b58e57627ecc71b222 (patch)
tree	b9435787c9d83aad33649f70b4c47a3bb5b057ad
parent	Grsec/PaX: 3.0-{3.2.58,3.14.3}-201405101947 (diff)
download	hardened-patchset-20140511.tar.gz hardened-patchset-20140511.tar.bz2 hardened-patchset-20140511.zip