diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2014-05-12 08:35:58 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-05-12 08:35:58 -0400 |
commit | 77b297713485d2da87bfe9b58e57627ecc71b222 (patch) | |
tree | b9435787c9d83aad33649f70b4c47a3bb5b057ad | |
parent | Grsec/PaX: 3.0-{3.2.58,3.14.3}-201405101947 (diff) | |
download | hardened-patchset-20140511.tar.gz hardened-patchset-20140511.tar.bz2 hardened-patchset-20140511.zip |
Grsec/PaX: 3.0-{3.2.58,3.14.3}-20140511200520140511
-rw-r--r-- | 3.14.3/0000_README | 2 | ||||
-rw-r--r-- | 3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch (renamed from 3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch) | 442 | ||||
-rw-r--r-- | 3.2.58/0000_README | 2 | ||||
-rw-r--r-- | 3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch (renamed from 3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch) | 47 |
4 files changed, 468 insertions, 25 deletions
diff --git a/3.14.3/0000_README b/3.14.3/0000_README index 4ea0a4a..99900e8 100644 --- a/3.14.3/0000_README +++ b/3.14.3/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.3-201405101947.patch +Patch: 4420_grsecurity-3.0-3.14.3-201405112005.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch b/3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch index d17eca9..c5fa685 100644 --- a/3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch +++ b/3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch @@ -9763,6 +9763,142 @@ index 502f632..da1917f 100644 #define __S100 PAGE_READONLY #define __S101 PAGE_READONLY #define __S110 PAGE_SHARED +diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h +index 0f9e945..a949e55 100644 +--- a/arch/sparc/include/asm/pgtable_64.h ++++ b/arch/sparc/include/asm/pgtable_64.h +@@ -71,6 +71,23 @@ + + #include <linux/sched.h> + ++extern unsigned long sparc64_valid_addr_bitmap[]; ++ ++/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */ ++static inline bool __kern_addr_valid(unsigned long paddr) ++{ ++ if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL) ++ return false; ++ return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap); ++} ++ ++static inline bool kern_addr_valid(unsigned long addr) ++{ ++ unsigned long paddr = __pa(addr); ++ ++ return __kern_addr_valid(paddr); ++} ++ + /* Entries per page directory level. */ + #define PTRS_PER_PTE (1UL << (PAGE_SHIFT-3)) + #define PTRS_PER_PMD (1UL << PMD_BITS) +@@ -79,9 +96,12 @@ + /* Kernel has a separate 44bit address space. */ + #define FIRST_USER_ADDRESS 0 + +-#define pte_ERROR(e) __builtin_trap() +-#define pmd_ERROR(e) __builtin_trap() +-#define pgd_ERROR(e) __builtin_trap() ++#define pmd_ERROR(e) \ ++ pr_err("%s:%d: bad pmd %p(%016lx) seen at (%pS)\n", \ ++ __FILE__, __LINE__, &(e), pmd_val(e), __builtin_return_address(0)) ++#define pgd_ERROR(e) \ ++ pr_err("%s:%d: bad pgd %p(%016lx) seen at (%pS)\n", \ ++ __FILE__, __LINE__, &(e), pgd_val(e), __builtin_return_address(0)) + + #endif /* !(__ASSEMBLY__) */ + +@@ -633,7 +653,7 @@ static inline unsigned long pmd_large(pmd_t pmd) + { + pte_t pte = __pte(pmd_val(pmd)); + +- return (pte_val(pte) & _PAGE_PMD_HUGE) && pte_present(pte); ++ return pte_val(pte) & _PAGE_PMD_HUGE; + } + + #ifdef CONFIG_TRANSPARENT_HUGEPAGE +@@ -719,20 +739,6 @@ static inline pmd_t pmd_mkwrite(pmd_t pmd) + return __pmd(pte_val(pte)); + } + +-static inline pmd_t pmd_mknotpresent(pmd_t pmd) +-{ +- unsigned long mask; +- +- if (tlb_type == hypervisor) +- mask = _PAGE_PRESENT_4V; +- else +- mask = _PAGE_PRESENT_4U; +- +- pmd_val(pmd) &= ~mask; +- +- return pmd; +-} +- + static inline pmd_t pmd_mksplitting(pmd_t pmd) + { + pte_t pte = __pte(pmd_val(pmd)); +@@ -757,6 +763,20 @@ static inline int pmd_present(pmd_t pmd) + + #define pmd_none(pmd) (!pmd_val(pmd)) + ++/* pmd_bad() is only called on non-trans-huge PMDs. Our encoding is ++ * very simple, it's just the physical address. PTE tables are of ++ * size PAGE_SIZE so make sure the sub-PAGE_SIZE bits are clear and ++ * the top bits outside of the range of any physical address size we ++ * support are clear as well. We also validate the physical itself. ++ */ ++#define pmd_bad(pmd) ((pmd_val(pmd) & ~PAGE_MASK) || \ ++ !__kern_addr_valid(pmd_val(pmd))) ++ ++#define pud_none(pud) (!pud_val(pud)) ++ ++#define pud_bad(pud) ((pud_val(pud) & ~PAGE_MASK) || \ ++ !__kern_addr_valid(pud_val(pud))) ++ + #ifdef CONFIG_TRANSPARENT_HUGEPAGE + extern void set_pmd_at(struct mm_struct *mm, unsigned long addr, + pmd_t *pmdp, pmd_t pmd); +@@ -790,10 +810,7 @@ static inline unsigned long __pmd_page(pmd_t pmd) + #define pud_page_vaddr(pud) \ + ((unsigned long) __va(pud_val(pud))) + #define pud_page(pud) virt_to_page((void *)pud_page_vaddr(pud)) +-#define pmd_bad(pmd) (0) + #define pmd_clear(pmdp) (pmd_val(*(pmdp)) = 0UL) +-#define pud_none(pud) (!pud_val(pud)) +-#define pud_bad(pud) (0) + #define pud_present(pud) (pud_val(pud) != 0U) + #define pud_clear(pudp) (pud_val(*(pudp)) = 0UL) + +@@ -893,6 +910,10 @@ extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *); + extern void update_mmu_cache_pmd(struct vm_area_struct *vma, unsigned long addr, + pmd_t *pmd); + ++#define __HAVE_ARCH_PMDP_INVALIDATE ++extern void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, ++ pmd_t *pmdp); ++ + #define __HAVE_ARCH_PGTABLE_DEPOSIT + extern void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp, + pgtable_t pgtable); +@@ -919,18 +940,6 @@ extern unsigned long pte_file(pte_t); + extern pte_t pgoff_to_pte(unsigned long); + #define PTE_FILE_MAX_BITS (64UL - PAGE_SHIFT - 1UL) + +-extern unsigned long sparc64_valid_addr_bitmap[]; +- +-/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */ +-static inline bool kern_addr_valid(unsigned long addr) +-{ +- unsigned long paddr = __pa(addr); +- +- if ((paddr >> 41UL) != 0UL) +- return false; +- return test_bit(paddr >> 22, sparc64_valid_addr_bitmap); +-} +- + extern int page_in_phys_avail(unsigned long paddr); + + /* diff --git a/arch/sparc/include/asm/pgtsrmmu.h b/arch/sparc/include/asm/pgtsrmmu.h index 79da178..c2eede8 100644 --- a/arch/sparc/include/asm/pgtsrmmu.h @@ -9940,6 +10076,20 @@ index a5f01ac..703b554 100644 /* * Thread-synchronous status. * +diff --git a/arch/sparc/include/asm/tsb.h b/arch/sparc/include/asm/tsb.h +index 2230f80..90916f9 100644 +--- a/arch/sparc/include/asm/tsb.h ++++ b/arch/sparc/include/asm/tsb.h +@@ -171,7 +171,8 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end; + andcc REG1, REG2, %g0; \ + be,pt %xcc, 700f; \ + sethi %hi(4 * 1024 * 1024), REG2; \ +- andn REG1, REG2, REG1; \ ++ brgez,pn REG1, FAIL_LABEL; \ ++ andn REG1, REG2, REG1; \ + and VADDR, REG2, REG2; \ + brlz,pt REG1, PTE_LABEL; \ + or REG1, REG2, REG1; \ diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h index 0167d26..767bb0c 100644 --- a/arch/sparc/include/asm/uaccess.h @@ -10688,10 +10838,37 @@ index 4ced92f..965eeed 100644 } EXPORT_SYMBOL(die_if_kernel); diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c -index 3c1a7cb..73e1923 100644 +index 3c1a7cb..9046547 100644 --- a/arch/sparc/kernel/unaligned_64.c +++ b/arch/sparc/kernel/unaligned_64.c -@@ -289,7 +289,7 @@ static void log_unaligned(struct pt_regs *regs) +@@ -166,17 +166,23 @@ static unsigned long *fetch_reg_addr(unsigned int reg, struct pt_regs *regs) + unsigned long compute_effective_address(struct pt_regs *regs, + unsigned int insn, unsigned int rd) + { ++ int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; + unsigned int rs1 = (insn >> 14) & 0x1f; + unsigned int rs2 = insn & 0x1f; +- int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; ++ unsigned long addr; + + if (insn & 0x2000) { + maybe_flush_windows(rs1, 0, rd, from_kernel); +- return (fetch_reg(rs1, regs) + sign_extend_imm13(insn)); ++ addr = (fetch_reg(rs1, regs) + sign_extend_imm13(insn)); + } else { + maybe_flush_windows(rs1, rs2, rd, from_kernel); +- return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs)); ++ addr = (fetch_reg(rs1, regs) + fetch_reg(rs2, regs)); + } ++ ++ if (!from_kernel && test_thread_flag(TIF_32BIT)) ++ addr &= 0xffffffff; ++ ++ return addr; + } + + /* This is just to make gcc think die_if_kernel does return... */ +@@ -289,7 +295,7 @@ static void log_unaligned(struct pt_regs *regs) static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5); if (__ratelimit(&ratelimit)) { @@ -11281,7 +11458,7 @@ index 59dbd46..1dd7f5e 100644 if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c -index 69bb818..6ca35c8 100644 +index 69bb818..3542236 100644 --- a/arch/sparc/mm/fault_64.c +++ b/arch/sparc/mm/fault_64.c @@ -22,6 +22,9 @@ @@ -11303,7 +11480,124 @@ index 69bb818..6ca35c8 100644 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr); dump_stack(); unhandled_fault(regs->tpc, current, regs); -@@ -271,6 +274,466 @@ static void noinline __kprobes bogus_32bit_fault_address(struct pt_regs *regs, +@@ -96,38 +99,51 @@ static unsigned int get_user_insn(unsigned long tpc) + pte_t *ptep, pte; + unsigned long pa; + u32 insn = 0; +- unsigned long pstate; + +- if (pgd_none(*pgdp)) +- goto outret; ++ if (pgd_none(*pgdp) || unlikely(pgd_bad(*pgdp))) ++ goto out; + pudp = pud_offset(pgdp, tpc); +- if (pud_none(*pudp)) +- goto outret; +- pmdp = pmd_offset(pudp, tpc); +- if (pmd_none(*pmdp)) +- goto outret; ++ if (pud_none(*pudp) || unlikely(pud_bad(*pudp))) ++ goto out; + + /* This disables preemption for us as well. */ +- __asm__ __volatile__("rdpr %%pstate, %0" : "=r" (pstate)); +- __asm__ __volatile__("wrpr %0, %1, %%pstate" +- : : "r" (pstate), "i" (PSTATE_IE)); +- ptep = pte_offset_map(pmdp, tpc); +- pte = *ptep; +- if (!pte_present(pte)) +- goto out; ++ local_irq_disable(); + +- pa = (pte_pfn(pte) << PAGE_SHIFT); +- pa += (tpc & ~PAGE_MASK); ++ pmdp = pmd_offset(pudp, tpc); ++ if (pmd_none(*pmdp) || unlikely(pmd_bad(*pmdp))) ++ goto out_irq_enable; + +- /* Use phys bypass so we don't pollute dtlb/dcache. */ +- __asm__ __volatile__("lduwa [%1] %2, %0" +- : "=r" (insn) +- : "r" (pa), "i" (ASI_PHYS_USE_EC)); ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE ++ if (pmd_trans_huge(*pmdp)) { ++ if (pmd_trans_splitting(*pmdp)) ++ goto out_irq_enable; + ++ pa = pmd_pfn(*pmdp) << PAGE_SHIFT; ++ pa += tpc & ~HPAGE_MASK; ++ ++ /* Use phys bypass so we don't pollute dtlb/dcache. */ ++ __asm__ __volatile__("lduwa [%1] %2, %0" ++ : "=r" (insn) ++ : "r" (pa), "i" (ASI_PHYS_USE_EC)); ++ } else ++#endif ++ { ++ ptep = pte_offset_map(pmdp, tpc); ++ pte = *ptep; ++ if (pte_present(pte)) { ++ pa = (pte_pfn(pte) << PAGE_SHIFT); ++ pa += (tpc & ~PAGE_MASK); ++ ++ /* Use phys bypass so we don't pollute dtlb/dcache. */ ++ __asm__ __volatile__("lduwa [%1] %2, %0" ++ : "=r" (insn) ++ : "r" (pa), "i" (ASI_PHYS_USE_EC)); ++ } ++ pte_unmap(ptep); ++ } ++out_irq_enable: ++ local_irq_enable(); + out: +- pte_unmap(ptep); +- __asm__ __volatile__("wrpr %0, 0x0, %%pstate" : : "r" (pstate)); +-outret: + return insn; + } + +@@ -153,7 +169,8 @@ show_signal_msg(struct pt_regs *regs, int sig, int code, + } + + static void do_fault_siginfo(int code, int sig, struct pt_regs *regs, +- unsigned int insn, int fault_code) ++ unsigned long fault_addr, unsigned int insn, ++ int fault_code) + { + unsigned long addr; + siginfo_t info; +@@ -161,10 +178,18 @@ static void do_fault_siginfo(int code, int sig, struct pt_regs *regs, + info.si_code = code; + info.si_signo = sig; + info.si_errno = 0; +- if (fault_code & FAULT_CODE_ITLB) ++ if (fault_code & FAULT_CODE_ITLB) { + addr = regs->tpc; +- else +- addr = compute_effective_address(regs, insn, 0); ++ } else { ++ /* If we were able to probe the faulting instruction, use it ++ * to compute a precise fault address. Otherwise use the fault ++ * time provided address which may only have page granularity. ++ */ ++ if (insn) ++ addr = compute_effective_address(regs, insn, 0); ++ else ++ addr = fault_addr; ++ } + info.si_addr = (void __user *) addr; + info.si_trapno = 0; + +@@ -239,7 +264,7 @@ static void __kprobes do_kernel_fault(struct pt_regs *regs, int si_code, + /* The si_code was set to make clear whether + * this was a SEGV_MAPERR or SEGV_ACCERR fault. + */ +- do_fault_siginfo(si_code, SIGSEGV, regs, insn, fault_code); ++ do_fault_siginfo(si_code, SIGSEGV, regs, address, insn, fault_code); + return; + } + +@@ -271,6 +296,466 @@ static void noinline __kprobes bogus_32bit_fault_address(struct pt_regs *regs, show_regs(regs); } @@ -11770,7 +12064,7 @@ index 69bb818..6ca35c8 100644 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) { enum ctx_state prev_state = exception_enter(); -@@ -344,6 +807,29 @@ retry: +@@ -344,6 +829,29 @@ retry: if (!vma) goto bad_area; @@ -11800,6 +12094,28 @@ index 69bb818..6ca35c8 100644 /* Pure DTLB misses do not tell us whether the fault causing * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the +@@ -525,7 +1033,7 @@ do_sigbus: + * Send a sigbus, regardless of whether we were in kernel + * or user mode. + */ +- do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, insn, fault_code); ++ do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, address, insn, fault_code); + + /* Kernel mode? Handle exceptions or die */ + if (regs->tstate & TSTATE_PRIV) +diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c +index c4d3da6..1aed043 100644 +--- a/arch/sparc/mm/gup.c ++++ b/arch/sparc/mm/gup.c +@@ -73,7 +73,7 @@ static int gup_huge_pmd(pmd_t *pmdp, pmd_t pmd, unsigned long addr, + struct page *head, *page, *tail; + int refs; + +- if (!pmd_large(pmd)) ++ if (!(pmd_val(pmd) & _PAGE_VALID)) + return 0; + + if (write && !pmd_write(pmd)) diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index 9bd9ce8..dc84852 100644 --- a/arch/sparc/mm/hugetlbpage.c @@ -11944,6 +12260,67 @@ index eafbc65..5a8070d 100644 #endif /* CONFIG_SMP */ #endif /* CONFIG_DEBUG_DCFLUSH */ } +diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c +index b12cb5e..b89aba2 100644 +--- a/arch/sparc/mm/tlb.c ++++ b/arch/sparc/mm/tlb.c +@@ -134,7 +134,7 @@ no_cache_flush: + + #ifdef CONFIG_TRANSPARENT_HUGEPAGE + static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr, +- pmd_t pmd, bool exec) ++ pmd_t pmd) + { + unsigned long end; + pte_t *pte; +@@ -142,8 +142,11 @@ static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr, + pte = pte_offset_map(&pmd, vaddr); + end = vaddr + HPAGE_SIZE; + while (vaddr < end) { +- if (pte_val(*pte) & _PAGE_VALID) ++ if (pte_val(*pte) & _PAGE_VALID) { ++ bool exec = pte_exec(*pte); ++ + tlb_batch_add_one(mm, vaddr, exec); ++ } + pte++; + vaddr += PAGE_SIZE; + } +@@ -177,19 +180,30 @@ void set_pmd_at(struct mm_struct *mm, unsigned long addr, + } + + if (!pmd_none(orig)) { +- pte_t orig_pte = __pte(pmd_val(orig)); +- bool exec = pte_exec(orig_pte); +- + addr &= HPAGE_MASK; + if (pmd_trans_huge(orig)) { ++ pte_t orig_pte = __pte(pmd_val(orig)); ++ bool exec = pte_exec(orig_pte); ++ + tlb_batch_add_one(mm, addr, exec); + tlb_batch_add_one(mm, addr + REAL_HPAGE_SIZE, exec); + } else { +- tlb_batch_pmd_scan(mm, addr, orig, exec); ++ tlb_batch_pmd_scan(mm, addr, orig); + } + } + } + ++void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, ++ pmd_t *pmdp) ++{ ++ pmd_t entry = *pmdp; ++ ++ pmd_val(entry) &= ~_PAGE_VALID; ++ ++ set_pmd_at(vma->vm_mm, address, pmdp, entry); ++ flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); ++} ++ + void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp, + pgtable_t pgtable) + { diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index b3692ce..e4517c9 100644 --- a/arch/tile/Kconfig @@ -27950,7 +28327,7 @@ index da6b35a..977e9cf 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 1f96f93..d5c8f7a 100644 +index 1f96f93..6f29be7 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -56,15 +56,13 @@ @@ -27970,6 +28347,15 @@ index 1f96f93..d5c8f7a 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else +@@ -101,7 +99,7 @@ void update_vsyscall(struct timekeeper *tk) + vdata->monotonic_time_sec = tk->xtime_sec + + tk->wall_to_monotonic.tv_sec; + vdata->monotonic_time_snsec = tk->xtime_nsec +- + (tk->wall_to_monotonic.tv_nsec ++ + ((u64)tk->wall_to_monotonic.tv_nsec + << tk->shift); + while (vdata->monotonic_time_snsec >= + (((u64)NSEC_PER_SEC) << tk->shift)) { @@ -323,8 +321,7 @@ do_ret: return true; @@ -39200,7 +39586,7 @@ index 3d1cba9..0ab21d2 100644 if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) { printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. " diff --git a/drivers/cpufreq/sparc-us3-cpufreq.c b/drivers/cpufreq/sparc-us3-cpufreq.c -index 724ffbd..ad83692 100644 +index 724ffbd..f06aaaa 100644 --- a/drivers/cpufreq/sparc-us3-cpufreq.c +++ b/drivers/cpufreq/sparc-us3-cpufreq.c @@ -18,14 +18,12 @@ @@ -39219,7 +39605,7 @@ index 724ffbd..ad83692 100644 /* UltraSPARC-III has three dividers: 1, 2, and 32. These are controlled * in the Safari config register. -@@ -156,14 +154,26 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy) +@@ -156,18 +154,28 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy) static int us3_freq_cpu_exit(struct cpufreq_policy *policy) { @@ -39242,7 +39628,6 @@ index 724ffbd..ad83692 100644 + .target_index = us3_freq_target, + .get = us3_freq_get, + .exit = us3_freq_cpu_exit, -+ .owner = THIS_MODULE, + .name = "UltraSPARC-III", + +}; @@ -39250,7 +39635,11 @@ index 724ffbd..ad83692 100644 static int __init us3_freq_init(void) { unsigned long manuf, impl, ver; -@@ -180,55 +190,15 @@ static int __init us3_freq_init(void) +- int ret; + + if (tlb_type != cheetah && tlb_type != cheetah_plus) + return -ENODEV; +@@ -180,55 +188,15 @@ static int __init us3_freq_init(void) (impl == CHEETAH_IMPL || impl == CHEETAH_PLUS_IMPL || impl == JAGUAR_IMPL || @@ -94729,7 +95118,7 @@ index 769a67a..414d24f 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index 0843feb..4f5b2e6 100644 +index 0843feb..c3cde48 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, @@ -94745,7 +95134,26 @@ index 0843feb..4f5b2e6 100644 pte = move_soft_dirty_pte(pte); set_pte_at(mm, new_addr, new_pte, pte); } -@@ -337,6 +343,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, +@@ -194,10 +200,17 @@ unsigned long move_page_tables(struct vm_area_struct *vma, + break; + if (pmd_trans_huge(*old_pmd)) { + int err = 0; +- if (extent == HPAGE_PMD_SIZE) ++ if (extent == HPAGE_PMD_SIZE) { ++ VM_BUG_ON(vma->vm_file || !vma->anon_vma); ++ /* See comment in move_ptes() */ ++ if (need_rmap_locks) ++ anon_vma_lock_write(vma->anon_vma); + err = move_huge_pmd(vma, new_vma, old_addr, + new_addr, old_end, + old_pmd, new_pmd); ++ if (need_rmap_locks) ++ anon_vma_unlock_write(vma->anon_vma); ++ } + if (err > 0) { + need_flush = true; + continue; +@@ -337,6 +350,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, if (is_vm_hugetlb_page(vma)) goto Einval; @@ -94757,7 +95165,7 @@ index 0843feb..4f5b2e6 100644 /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr) goto Efault; -@@ -392,20 +403,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, +@@ -392,20 +410,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, unsigned long ret = -EINVAL; unsigned long charged = 0; unsigned long map_flags; @@ -94788,7 +95196,7 @@ index 0843feb..4f5b2e6 100644 goto out; ret = do_munmap(mm, new_addr, new_len); -@@ -474,6 +490,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -474,6 +497,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, unsigned long ret = -EINVAL; unsigned long charged = 0; bool locked = false; @@ -94796,7 +95204,7 @@ index 0843feb..4f5b2e6 100644 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) return ret; -@@ -495,6 +512,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -495,6 +519,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, if (!new_len) return ret; @@ -94814,7 +95222,7 @@ index 0843feb..4f5b2e6 100644 down_write(¤t->mm->mmap_sem); if (flags & MREMAP_FIXED) { -@@ -545,6 +573,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -545,6 +580,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, new_addr = addr; } ret = addr; @@ -94822,7 +95230,7 @@ index 0843feb..4f5b2e6 100644 goto out; } } -@@ -568,7 +597,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -568,7 +604,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, goto out; } diff --git a/3.2.58/0000_README b/3.2.58/0000_README index ad7286d..5094122 100644 --- a/3.2.58/0000_README +++ b/3.2.58/0000_README @@ -150,7 +150,7 @@ Patch: 1057_linux-3.2.58.patch From: http://www.kernel.org Desc: Linux 3.2.58 -Patch: 4420_grsecurity-3.0-3.2.58-201405101946.patch +Patch: 4420_grsecurity-3.0-3.2.58-201405112002.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch b/3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch index ed3fd8f..b77f99b 100644 --- a/3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch +++ b/3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch @@ -8351,10 +8351,37 @@ index 0cbdaa4..f37a97c 100644 } EXPORT_SYMBOL(die_if_kernel); diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c -index 76e4ac1..78f8bb1 100644 +index 76e4ac1..439d7e8 100644 --- a/arch/sparc/kernel/unaligned_64.c +++ b/arch/sparc/kernel/unaligned_64.c -@@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs *regs) +@@ -156,17 +156,23 @@ static unsigned long *fetch_reg_addr(unsigned int reg, struct pt_regs *regs) + unsigned long compute_effective_address(struct pt_regs *regs, + unsigned int insn, unsigned int rd) + { ++ int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; + unsigned int rs1 = (insn >> 14) & 0x1f; + unsigned int rs2 = insn & 0x1f; +- int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; ++ unsigned long addr; + + if (insn & 0x2000) { + maybe_flush_windows(rs1, 0, rd, from_kernel); +- return (fetch_reg(rs1, regs) + sign_extend_imm13(insn)); ++ addr = (fetch_reg(rs1, regs) + sign_extend_imm13(insn)); + } else { + maybe_flush_windows(rs1, rs2, rd, from_kernel); +- return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs)); ++ addr = (fetch_reg(rs1, regs) + fetch_reg(rs2, regs)); + } ++ ++ if (!from_kernel && test_thread_flag(TIF_32BIT)) ++ addr &= 0xffffffff; ++ ++ return addr; + } + + /* This is just to make gcc think die_if_kernel does return... */ +@@ -279,7 +285,7 @@ static void log_unaligned(struct pt_regs *regs) static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5); if (__ratelimit(&ratelimit)) { @@ -63174,10 +63201,18 @@ index 03102d9..4ae347e 100644 } diff --git a/fs/proc/stat.c b/fs/proc/stat.c -index 4c9a859..0b51e6b 100644 +index 4c9a859..8c9ebb1 100644 --- a/fs/proc/stat.c +++ b/fs/proc/stat.c -@@ -67,6 +67,18 @@ static int show_stat(struct seq_file *p, void *v) +@@ -11,6 +11,7 @@ + #include <linux/irqnr.h> + #include <asm/cputime.h> + #include <linux/tick.h> ++#include <linux/grsecurity.h> + + #ifndef arch_irq_stat_cpu + #define arch_irq_stat_cpu(cpu) 0 +@@ -67,6 +68,18 @@ static int show_stat(struct seq_file *p, void *v) u64 sum_softirq = 0; unsigned int per_softirq_sums[NR_SOFTIRQS] = {0}; struct timespec boottime; @@ -63196,7 +63231,7 @@ index 4c9a859..0b51e6b 100644 user = nice = system = idle = iowait = irq = softirq = steal = cputime64_zero; -@@ -79,24 +91,27 @@ static int show_stat(struct seq_file *p, void *v) +@@ -79,24 +92,27 @@ static int show_stat(struct seq_file *p, void *v) nice = cputime64_add(nice, kstat_cpu(i).cpustat.nice); system = cputime64_add(system, kstat_cpu(i).cpustat.system); idle = cputime64_add(idle, get_idle_time(i)); @@ -63238,7 +63273,7 @@ index 4c9a859..0b51e6b 100644 seq_printf(p, "cpu %llu %llu %llu %llu %llu %llu %llu %llu %llu " "%llu\n", -@@ -116,12 +131,14 @@ static int show_stat(struct seq_file *p, void *v) +@@ -116,12 +132,14 @@ static int show_stat(struct seq_file *p, void *v) nice = kstat_cpu(i).cpustat.nice; system = kstat_cpu(i).cpustat.system; idle = get_idle_time(i); |