summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2015-11-13 06:55:00 -0500
committerAnthony G. Basile <blueness@gentoo.org>2015-11-13 06:55:00 -0500
commitef4e6b9ae3aaf03c60f72e1e507df27fe3dce242 (patch)
treea7f2c73d0b33a198102e75174ce9b78c4feaefc1
parentgrsecurity-3.1-4.2.6-201511092040 (diff)
downloadhardened-patchset-ef4e6b9ae3aaf03c60f72e1e507df27fe3dce242.tar.gz
hardened-patchset-ef4e6b9ae3aaf03c60f72e1e507df27fe3dce242.tar.bz2
hardened-patchset-ef4e6b9ae3aaf03c60f72e1e507df27fe3dce242.zip
grsecurity-3.1-4.2.6-20151112204020151112
-rw-r--r--4.2.6/0000_README2
-rw-r--r--4.2.6/4420_grsecurity-3.1-4.2.6-201511122040.patch (renamed from 4.2.6/4420_grsecurity-3.1-4.2.6-201511092040.patch)247
2 files changed, 188 insertions, 61 deletions
diff --git a/4.2.6/0000_README b/4.2.6/0000_README
index 235ce67..9993992 100644
--- a/4.2.6/0000_README
+++ b/4.2.6/0000_README
@@ -6,7 +6,7 @@ Patch: 1005_linux-4.2.6.patch
From: http://www.kernel.org
Desc: Linux 4.2.6
-Patch: 4420_grsecurity-3.1-4.2.6-201511092040.patch
+Patch: 4420_grsecurity-3.1-4.2.6-201511122040.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511092040.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511122040.patch
index e91c83d..2f80639 100644
--- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511092040.patch
+++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511122040.patch
@@ -23000,6 +23000,18 @@ index 0f457e6..5970c0a 100644
#define BIOS_END 0x00100000
#define BIOS_ROM_BASE 0xffe00000
+diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
+index b5d7640..8a4add8 100644
+--- a/arch/x86/include/uapi/asm/svm.h
++++ b/arch/x86/include/uapi/asm/svm.h
+@@ -100,6 +100,7 @@
+ { SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \
+ { SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \
+ { SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \
++ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \
+ { SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \
+ { SVM_EXIT_INTR, "interrupt" }, \
+ { SVM_EXIT_NMI, "nmi" }, \
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 0f15af4..501a76a 100644
--- a/arch/x86/kernel/Makefile
@@ -29920,10 +29932,70 @@ index 0f67d7e..4b9fa11 100644
goto error;
walker->ptep_user[walker->level - 1] = ptep_user;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index 2d32b67..2cd298b 100644
+index 2d32b67..06cac10 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3586,7 +3586,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -1106,6 +1106,8 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event)
+ set_exception_intercept(svm, PF_VECTOR);
+ set_exception_intercept(svm, UD_VECTOR);
+ set_exception_intercept(svm, MC_VECTOR);
++ set_exception_intercept(svm, AC_VECTOR);
++ set_exception_intercept(svm, DB_VECTOR);
+
+ set_intercept(svm, INTERCEPT_INTR);
+ set_intercept(svm, INTERCEPT_NMI);
+@@ -1641,20 +1643,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu,
+ mark_dirty(svm->vmcb, VMCB_SEG);
+ }
+
+-static void update_db_bp_intercept(struct kvm_vcpu *vcpu)
++static void update_bp_intercept(struct kvm_vcpu *vcpu)
+ {
+ struct vcpu_svm *svm = to_svm(vcpu);
+
+- clr_exception_intercept(svm, DB_VECTOR);
+ clr_exception_intercept(svm, BP_VECTOR);
+
+- if (svm->nmi_singlestep)
+- set_exception_intercept(svm, DB_VECTOR);
+-
+ if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
+- if (vcpu->guest_debug &
+- (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
+- set_exception_intercept(svm, DB_VECTOR);
+ if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
+ set_exception_intercept(svm, BP_VECTOR);
+ } else
+@@ -1760,7 +1755,6 @@ static int db_interception(struct vcpu_svm *svm)
+ if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
+ svm->vmcb->save.rflags &=
+ ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
+- update_db_bp_intercept(&svm->vcpu);
+ }
+
+ if (svm->vcpu.guest_debug &
+@@ -1795,6 +1789,12 @@ static int ud_interception(struct vcpu_svm *svm)
+ return 1;
+ }
+
++static int ac_interception(struct vcpu_svm *svm)
++{
++ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
++ return 1;
++}
++
+ static void svm_fpu_activate(struct kvm_vcpu *vcpu)
+ {
+ struct vcpu_svm *svm = to_svm(vcpu);
+@@ -3369,6 +3369,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
+ [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
+ [SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
+ [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
++ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
+ [SVM_EXIT_INTR] = intr_interception,
+ [SVM_EXIT_NMI] = nmi_interception,
+ [SVM_EXIT_SMI] = nop_on_interception,
+@@ -3586,7 +3587,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
@@ -29935,6 +30007,14 @@ index 2d32b67..2cd298b 100644
load_TR_desc();
}
+@@ -3752,7 +3757,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
+ */
+ svm->nmi_singlestep = true;
+ svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
+- update_db_bp_intercept(vcpu);
+ }
+
+ static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
@@ -3982,6 +3986,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
@@ -29946,8 +30026,17 @@ index 2d32b67..2cd298b 100644
reload_tss(vcpu);
local_irq_disable();
+@@ -4374,7 +4382,7 @@ static struct kvm_x86_ops svm_x86_ops = {
+ .vcpu_load = svm_vcpu_load,
+ .vcpu_put = svm_vcpu_put,
+
+- .update_db_bp_intercept = update_db_bp_intercept,
++ .update_db_bp_intercept = update_bp_intercept,
+ .get_msr = svm_get_msr,
+ .set_msr = svm_set_msr,
+ .get_segment_base = svm_get_segment_base,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index aa9e8229..ab09cc4 100644
+index aa9e8229..6223041 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1440,12 +1440,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -29965,6 +30054,15 @@ index aa9e8229..ab09cc4 100644
{
vmcs_writel(field, vmcs_readl(field) | mask);
}
+@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
+ u32 eb;
+
+ eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
+- (1u << NM_VECTOR) | (1u << DB_VECTOR);
++ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
+ if ((vcpu->guest_debug &
+ (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
+ (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
@@ -1705,7 +1705,11 @@ static void reload_tss(void)
struct desc_struct *descs;
@@ -30017,7 +30115,17 @@ index aa9e8229..ab09cc4 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6097,11 +6108,17 @@ static __init int hardware_setup(void)
+@@ -5118,6 +5129,9 @@ static int handle_exception(struct kvm_vcpu *vcpu)
+ return handle_rmode_exception(vcpu, ex_no, error_code);
+
+ switch (ex_no) {
++ case AC_VECTOR:
++ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
++ return 1;
+ case DB_VECTOR:
+ dr6 = vmcs_readl(EXIT_QUALIFICATION);
+ if (!(vcpu->guest_debug &
+@@ -6097,11 +6111,17 @@ static __init int hardware_setup(void)
* page upon invalidation. No need to do anything if not
* using the APIC_ACCESS_ADDR VMCS field.
*/
@@ -30039,7 +30147,7 @@ index aa9e8229..ab09cc4 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -6112,14 +6129,16 @@ static __init int hardware_setup(void)
+@@ -6112,14 +6132,16 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_apicv())
enable_apicv = 0;
@@ -30061,7 +30169,7 @@ index aa9e8229..ab09cc4 100644
vmx_disable_intercept_for_msr(MSR_FS_BASE, false);
vmx_disable_intercept_for_msr(MSR_GS_BASE, false);
-@@ -6174,10 +6193,12 @@ static __init int hardware_setup(void)
+@@ -6174,10 +6196,12 @@ static __init int hardware_setup(void)
enable_pml = 0;
if (!enable_pml) {
@@ -30078,7 +30186,7 @@ index aa9e8229..ab09cc4 100644
}
return alloc_kvm_area();
-@@ -8380,6 +8401,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8380,6 +8404,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -30091,7 +30199,7 @@ index aa9e8229..ab09cc4 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -8432,6 +8459,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8432,6 +8462,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -30103,7 +30211,7 @@ index aa9e8229..ab09cc4 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -8445,7 +8477,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8445,7 +8480,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -30112,7 +30220,7 @@ index aa9e8229..ab09cc4 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -8454,8 +8486,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8454,8 +8489,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -51133,7 +51241,7 @@ index 332bb8a..e6adcd1 100644
u32 entry_offset, dump, no_entries, buf_offset = 0;
int i, k, ops_cnt, ops_index, dump_size = 0;
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index f790f61..f1faafe 100644
+index f790f61..cb663ef8 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
@@ -788,22 +788,22 @@ struct rtl8169_private {
@@ -51163,6 +51271,16 @@ index f790f61..f1faafe 100644
int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
int (*get_settings)(struct net_device *, struct ethtool_cmd *);
+@@ -7361,6 +7361,9 @@ process_pkt:
+
+ rtl8169_rx_vlan_tag(desc, skb);
+
++ if (skb->pkt_type == PACKET_MULTICAST)
++ dev->stats.multicast++;
++
+ napi_gro_receive(&tp->napi, skb);
+
+ u64_stats_update_begin(&tp->rx_stats.syncp);
diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c
index ad62615..a4c124d 100644
--- a/drivers/net/ethernet/sfc/ptp.c
@@ -74473,7 +74591,7 @@ index 4c55668..eeae150 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex))
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 6b65996..17bd3c4 100644
+index 6b65996..be797cf 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -35,6 +35,7 @@
@@ -75007,6 +75125,32 @@ index 6b65996..17bd3c4 100644
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
+@@ -759,16 +1127,16 @@ static int load_elf_binary(struct linux_binprm *bprm)
+ */
+ would_dump(bprm, interpreter);
+
+- retval = kernel_read(interpreter, 0, bprm->buf,
+- BINPRM_BUF_SIZE);
+- if (retval != BINPRM_BUF_SIZE) {
+- if (retval >= 0)
+- retval = -EIO;
+- goto out_free_dentry;
+- }
+-
+ /* Get the exec headers */
+- loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
++ retval = kernel_read(interpreter, 0,
++ (void *)&loc->interp_elf_ex,
++ sizeof(loc->interp_elf_ex));
++ if (retval != sizeof(loc->interp_elf_ex)) {
++ if (retval >= 0)
++ retval = -EIO;
++ goto out_free_dentry;
++ }
++
+ break;
+ }
+ elf_ppnt++;
@@ -840,6 +1208,77 @@ static int load_elf_binary(struct linux_binprm *bprm)
/* Do this immediately, since STACK_TOP as used in setup_arg_pages
may depend on the personality. */
@@ -75549,50 +75693,6 @@ index b823fac..c5155de 100644
if (ret) {
btrfs_end_transaction(trans, root);
goto out;
-diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index b54e630..a1c76da 100644
---- a/fs/btrfs/inode.c
-+++ b/fs/btrfs/inode.c
-@@ -5632,6 +5632,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx)
- char *name_ptr;
- int name_len;
- int is_curr = 0; /* ctx->pos points to the current index? */
-+ bool emitted;
-
- /* FIXME, use a real flag for deciding about the key type */
- if (root->fs_info->tree_root == root)
-@@ -5660,6 +5661,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx)
- if (ret < 0)
- goto err;
-
-+ emitted = false;
- while (1) {
- leaf = path->nodes[0];
- slot = path->slots[0];
-@@ -5739,6 +5741,7 @@ skip:
-
- if (over)
- goto nopos;
-+ emitted = true;
- di_len = btrfs_dir_name_len(leaf, di) +
- btrfs_dir_data_len(leaf, di) + sizeof(*di);
- di_cur += di_len;
-@@ -5756,6 +5759,15 @@ next:
- goto nopos;
- }
-
-+ /*
-+ * If we haven't emitted any dir entry, we must not touch ctx->pos as
-+ * it was was set to the termination value in previous call. We assume
-+ * that "." and ".." were emitted if we reach this point and set the
-+ * termination value as well for an empty directory.
-+ */
-+ if (ctx->pos > 2 && !emitted)
-+ goto nopos;
-+
- /* Reached end of directory/root. Bump pos past the last item. */
- ctx->pos++;
-
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index cd7ef34..1e31ae3 100644
--- a/fs/btrfs/super.c
@@ -76886,10 +76986,24 @@ index e3b44ca..e0d94f1 100644
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index c711be8..23b8df9 100644
+index c711be8..79cf56b 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
-@@ -402,6 +402,10 @@ EXPORT_SYMBOL_GPL(debugfs_create_file_size);
+@@ -271,8 +271,12 @@ static struct dentry *start_creating(const char *name, struct dentry *parent)
+ dput(dentry);
+ dentry = ERR_PTR(-EEXIST);
+ }
+- if (IS_ERR(dentry))
++
++ if (IS_ERR(dentry)) {
+ mutex_unlock(&d_inode(parent)->i_mutex);
++ simple_release_fs(&debugfs_mount, &debugfs_mount_count);
++ }
++
+ return dentry;
+ }
+
+@@ -402,6 +406,10 @@ EXPORT_SYMBOL_GPL(debugfs_create_file_size);
* If debugfs is not enabled in the kernel, the value -%ENODEV will be
* returned.
*/
@@ -76900,7 +77014,7 @@ index c711be8..23b8df9 100644
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
{
struct dentry *dentry = start_creating(name, parent);
-@@ -414,7 +418,12 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
+@@ -414,7 +422,12 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
if (unlikely(!inode))
return failed_creating(dentry);
@@ -120073,6 +120187,19 @@ index 45cb16a..cef4ecd 100644
if (!cn->procdir) {
pr_err("Unable to proc dir entry\n");
return -ENOMEM;
+diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
+index 657d230..b3ca21b 100644
+--- a/net/ipv4/netfilter/nf_nat_pptp.c
++++ b/net/ipv4/netfilter/nf_nat_pptp.c
+@@ -45,7 +45,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
+ struct net *net = nf_ct_net(ct);
+ const struct nf_conn *master = ct->master;
+ struct nf_conntrack_expect *other_exp;
+- struct nf_conntrack_tuple t;
++ struct nf_conntrack_tuple t = {};
+ const struct nf_ct_pptp_master *ct_pptp_info;
+ const struct nf_nat_pptp *nat_pptp_info;
+ struct nf_nat_range range;
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index 05ff44b..da00000 100644
--- a/net/ipv4/ping.c
@@ -124844,7 +124971,7 @@ index b304068..462d24e 100644
if (*p != INT_CONF) {
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
diff --git a/scripts/dtc/checks.c b/scripts/dtc/checks.c
-index e81a8c7..a615ad7 100644
+index e81a8c74..a615ad7 100644
--- a/scripts/dtc/checks.c
+++ b/scripts/dtc/checks.c
@@ -277,7 +277,7 @@ NODE_ERROR(duplicate_property_names, NULL);