grsecurity-3.1-4.5.3-20160510213820160510

2 files changed, 132 insertions, 41 deletions

diff --git a/4.5.3/0000_README b/4.5.3/0000_README
index 8d5157e..c2119b3 100644
--- a/4.5.3/0000_README
+++ b/4.5.3/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.3-201605080858.patch
+Patch:	4420_grsecurity-3.1-4.5.3-201605102138.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.5.3/4420_grsecurity-3.1-4.5.3-201605080858.patch b/4.5.3/4420_grsecurity-3.1-4.5.3-201605102138.patch
index c17a23a..b4dce97 100644
--- a/4.5.3/4420_grsecurity-3.1-4.5.3-201605080858.patch
+++ b/4.5.3/4420_grsecurity-3.1-4.5.3-201605102138.patch
@@ -12996,7 +12996,7 @@ index 9105655..41779c1 100644
  	movq	r1,r2;			\
  	movq	r3,r4;			\
 diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
-index 6bd2c6c..cd46c9d 100644
+index 6bd2c6c..a551119 100644
 --- a/arch/x86/crypto/aesni-intel_asm.S
 +++ b/arch/x86/crypto/aesni-intel_asm.S
 @@ -31,6 +31,7 @@
@@ -13089,11 +13089,13 @@ index 6bd2c6c..cd46c9d 100644
  	jne	   _get_AAD_loop2\num_initial_blocks\operation
  _get_AAD_loop2_done\num_initial_blocks\operation:
  	PSHUFB_XMM   %xmm14, %xmm\i # byte-reflect the AAD data
-@@ -1280,7 +1281,7 @@ _esb_loop_\@:
+@@ -1279,8 +1280,8 @@ _esb_loop_\@:
+ * poly = x^128 + x^127 + x^126 + x^121 + 1
  *
  *****************************************************************************/
- ENTRY(aesni_gcm_dec)
+-ENTRY(aesni_gcm_dec)
 -	push	%r12
++RAP_ENTRY(aesni_gcm_dec)
 +	push	%r15
  	push	%r13
  	push	%r14
@@ -13167,11 +13169,13 @@ index 6bd2c6c..cd46c9d 100644
  	ret
  ENDPROC(aesni_gcm_dec)
  
-@@ -1540,7 +1542,7 @@ ENDPROC(aesni_gcm_dec)
+@@ -1539,8 +1541,8 @@ ENDPROC(aesni_gcm_dec)
+ *
  * poly = x^128 + x^127 + x^126 + x^121 + 1
  ***************************************************************************/
- ENTRY(aesni_gcm_enc)
+-ENTRY(aesni_gcm_enc)
 -	push	%r12
++RAP_ENTRY(aesni_gcm_enc)
 +	push	%r15
  	push	%r13
  	push	%r14
@@ -13398,6 +13402,15 @@ index 6bd2c6c..cd46c9d 100644
  	ret
  ENDPROC(_aesni_inc)
  
+@@ -2597,7 +2617,7 @@ ENDPROC(_aesni_inc)
+  * void aesni_ctr_enc(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src,
+  *		      size_t len, u8 *iv)
+  */
+-ENTRY(aesni_ctr_enc)
++RAP_ENTRY(aesni_ctr_enc)
+ 	cmp $16, LEN
+ 	jb .Lctr_enc_just_ret
+ 	mov 480(KEYP), KLEN
 @@ -2651,6 +2671,7 @@ ENTRY(aesni_ctr_enc)
  .Lctr_enc_ret:
  	movups IV, (IVP)
@@ -14683,6 +14696,41 @@ index 3643dd5..17d5e30 100644
  	u128 ivs[SERPENT_PARALLEL_BLOCKS - 1];
  	unsigned int j;
  
+diff --git a/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S
+index 85c4e1c..665efaa 100644
+--- a/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S
++++ b/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S
+@@ -112,7 +112,7 @@ offset = \_offset
+ 
+ # JOB* sha1_mb_mgr_flush_avx2(MB_MGR *state)
+ # arg 1 : rcx : state
+-ENTRY(sha1_mb_mgr_flush_avx2)
++RAP_ENTRY(sha1_mb_mgr_flush_avx2)
+ 	mov	%rsp, %r10
+ 	sub     $STACK_SPACE, %rsp
+ 	and     $~31, %rsp
+@@ -251,7 +251,7 @@ ENDPROC(sha1_mb_mgr_flush_avx2)
+ #################################################################
+ 
+ .align 16
+-ENTRY(sha1_mb_mgr_get_comp_job_avx2)
++RAP_ENTRY(sha1_mb_mgr_get_comp_job_avx2)
+ 	push    %rbx
+ 
+ 	## if bit 32+3 is set, then all lanes are empty
+diff --git a/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
+index 2ab9560..d4ae8714 100644
+--- a/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
++++ b/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
+@@ -100,7 +100,7 @@ STACK_SPACE     = 8*8 + 16*10 + 8
+ # JOB* submit_mb_mgr_submit_avx2(MB_MGR *state, job_sha1 *job)
+ # arg 1 : rcx : state
+ # arg 2 : rdx : job
+-ENTRY(sha1_mb_mgr_submit_avx2)
++RAP_ENTRY(sha1_mb_mgr_submit_avx2)
+ 
+ 	mov	%rsp, %r10
+ 	sub     $STACK_SPACE, %rsp
 diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
 index a410950..02d2056 100644
 --- a/arch/x86/crypto/sha1_ssse3_asm.S
@@ -14972,6 +15020,19 @@ index 2cedc44..6fb8582 100644
  	ret
  ENDPROC(sha256_transform_ssse3)
  
+diff --git a/arch/x86/crypto/sha256_ni_asm.S b/arch/x86/crypto/sha256_ni_asm.S
+index 748cdf2..959bb4d 100644
+--- a/arch/x86/crypto/sha256_ni_asm.S
++++ b/arch/x86/crypto/sha256_ni_asm.S
+@@ -97,7 +97,7 @@
+ 
+ .text
+ .align 32
+-ENTRY(sha256_ni_transform)
++RAP_ENTRY(sha256_ni_transform)
+ 
+ 	shl		$6, NUM_BLKS		/*  convert to bytes */
+ 	jz		.Ldone_hash
 diff --git a/arch/x86/crypto/sha256_ssse3_glue.c b/arch/x86/crypto/sha256_ssse3_glue.c
 index 5f4d608..ddce00d 100644
 --- a/arch/x86/crypto/sha256_ssse3_glue.c
@@ -15336,7 +15397,7 @@ index 0505813..912c9c1 100644
  	ret;
  ENDPROC(twofish_xts_dec_8way)
 diff --git a/arch/x86/crypto/twofish-i586-asm_32.S b/arch/x86/crypto/twofish-i586-asm_32.S
-index 694ea45..91cc5b2 100644
+index 694ea45..f2c1418 100644
 --- a/arch/x86/crypto/twofish-i586-asm_32.S
 +++ b/arch/x86/crypto/twofish-i586-asm_32.S
 @@ -220,7 +220,7 @@
@@ -15348,6 +15409,15 @@ index 694ea45..91cc5b2 100644
  	push	%ebp			/* save registers according to calling convention*/
  	push    %ebx
  	push    %esi
+@@ -276,7 +276,7 @@ ENTRY(twofish_enc_blk)
+ 	ret
+ ENDPROC(twofish_enc_blk)
+ 
+-ENTRY(twofish_dec_blk)
++RAP_ENTRY(twofish_dec_blk)
+ 	push	%ebp			/* save registers according to calling convention*/
+ 	push    %ebx
+ 	push    %esi
 diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
 index 1c3b7ce..c9912c7 100644
 --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
@@ -15686,7 +15756,7 @@ index e32206e0..809adae 100644
  
  	.macro REMOVE_PT_GPREGS_FROM_STACK addskip=0
 diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
-index 1a4477c..0031513 100644
+index 1a4477c..95199ec4 100644
 --- a/arch/x86/entry/common.c
 +++ b/arch/x86/entry/common.c
 @@ -32,9 +32,7 @@
@@ -15777,7 +15847,7 @@ index 1a4477c..0031513 100644
  	/*
  	 * First do one-time work.  If these work items are enabled, we
  	 * want to run them exactly once per syscall exit with IRQs on.
-@@ -387,10 +404,52 @@ __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs)
+@@ -387,10 +404,51 @@ __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs)
  		 * the high bits are zero.  Make sure we zero-extend all
  		 * of the args.
  		 */
@@ -15801,7 +15871,6 @@ index 1a4477c..0031513 100644
 +			  [param6] "m" (regs->bp)
 +			: "di", "si", "dx", "cx", "r8", "r9", "memory");
 +#else
-+#error XXX VERIFY
 +		asm volatile("pushl %[param6]\n\t"
 +			     "pushl %[param5]\n\t"
 +			     "pushl %[param4]\n\t"
@@ -15830,7 +15899,7 @@ index 1a4477c..0031513 100644
  	}
  
  	syscall_return_slowpath(regs);
-@@ -415,6 +474,7 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
+@@ -415,6 +473,7 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
  
  	unsigned long landing_pad = (unsigned long)current->mm->context.vdso +
  		vdso_image_32.sym_int80_landing_pad;
@@ -15838,7 +15907,7 @@ index 1a4477c..0031513 100644
  
  	/*
  	 * SYSENTER loses EIP, and even SYSCALL32 needs us to skip forward
-@@ -435,11 +495,9 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
+@@ -435,11 +494,9 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
  		 * Micro-optimization: the pointer we're following is explicitly
  		 * 32 bits, so it can't be out of range.
  		 */
@@ -58568,7 +58637,7 @@ index 6446af1..e669e35 100644
  	struct arc_emac_priv *priv = netdev_priv(ndev);
  	unsigned int len, *txbd_curr = &priv->txbd_curr;
 diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
-index 55b118e..6de7cd0 100644
+index 55b118e8..6de7cd0 100644
 --- a/drivers/net/ethernet/atheros/alx/main.c
 +++ b/drivers/net/ethernet/atheros/alx/main.c
 @@ -1451,7 +1451,7 @@ static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume);
@@ -129682,10 +129751,18 @@ index 2c4ebef..f452c4d 100644
  struct ata_port_info {
  	unsigned long		flags;
 diff --git a/include/linux/linkage.h b/include/linux/linkage.h
-index a6a42dd..6408042 100644
+index a6a42dd..e270819 100644
 --- a/include/linux/linkage.h
 +++ b/include/linux/linkage.h
-@@ -36,6 +36,7 @@
+@@ -5,6 +5,7 @@
+ #include <linux/stringify.h>
+ #include <linux/export.h>
+ #include <asm/linkage.h>
++#include <asm/bitsperlong.h>
+ 
+ /* Some toolchains use other characters (e.g. '`') to mark new line in macro */
+ #ifndef ASM_NL
+@@ -36,6 +37,7 @@
  #endif
  
  #define __page_aligned_data	__section(.data..page_aligned) __aligned(PAGE_SIZE)
@@ -129693,21 +129770,34 @@ index a6a42dd..6408042 100644
  #define __page_aligned_bss	__section(.bss..page_aligned) __aligned(PAGE_SIZE)
  
  /*
-@@ -84,6 +85,17 @@
+@@ -79,11 +81,29 @@
+ #define ALIGN_STR __ALIGN_STR
+ 
+ #ifndef ENTRY
+-#define ENTRY(name) \
++#define __ENTRY(name, rap_hash) \
+ 	.globl name ASM_NL \
  	ALIGN ASM_NL \
++	rap_hash \
  	name:
- #endif
++
++#define ENTRY(name) __ENTRY(name,)
 +
 +#ifdef CONFIG_PAX_RAP
-+#define RAP_ENTRY(name) \
-+  .globl name; \
-+  ALIGN; \
-+  .quad __rap_hash_##name; \
-+  name:
++#if BITS_PER_LONG == 64
++#define __ASM_RAP_HASH(hash) .quad 0, hash ASM_NL
++#elif BITS_PER_LONG == 32
++#define __ASM_RAP_HASH(hash) .long 0, 0, 0, hash ASM_NL
++#else
++#error incompatible BITS_PER_LONG
+ #endif
++#define RAP_ENTRY(name) __ENTRY(name, __ASM_RAP_HASH(__rap_hash_##name))
 +#else
 +#define RAP_ENTRY(name) ENTRY(name)
 +#endif
 +
++#endif
++
  #endif /* LINKER_SCRIPT */
  
  #ifndef WEAK
@@ -169226,7 +169316,7 @@ index 0000000..f6a284d
 +#endif
 diff --git a/tools/gcc/rap_plugin/rap_fptr_pass.c b/tools/gcc/rap_plugin/rap_fptr_pass.c
 new file mode 100644
-index 0000000..7e377d7
+index 0000000..828b7c3
 --- /dev/null
 +++ b/tools/gcc/rap_plugin/rap_fptr_pass.c
 @@ -0,0 +1,220 @@
@@ -169281,7 +169371,7 @@ index 0000000..7e377d7
 +#endif
 +	basic_block cond_bb, join_bb, true_bb;
 +	edge e;
-+	const HOST_WIDE_INT rap_hash_offset = 2 * sizeof(rap_hash_t);
++	const int rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
 +
 +	call_stmt = gsi_stmt(*gsi);
 +	loc = gimple_location(call_stmt);
@@ -169452,10 +169542,10 @@ index 0000000..7e377d7
 +#include "gcc-generate-gimple-pass.h"
 diff --git a/tools/gcc/rap_plugin/rap_hash.c b/tools/gcc/rap_plugin/rap_hash.c
 new file mode 100644
-index 0000000..ebdcf7c
+index 0000000..7c59f38
 --- /dev/null
 +++ b/tools/gcc/rap_plugin/rap_hash.c
-@@ -0,0 +1,381 @@
+@@ -0,0 +1,382 @@
 +/*
 + * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -169662,6 +169752,7 @@ index 0000000..ebdcf7c
 +		break;
 +
 +	case POINTER_TYPE:
++	case REFERENCE_TYPE:
 +		rap_hash_tree(TREE_TYPE(type), flags, sip_hash);
 +		break;
 +
@@ -169839,7 +169930,7 @@ index 0000000..ebdcf7c
 +}
 diff --git a/tools/gcc/rap_plugin/rap_plugin.c b/tools/gcc/rap_plugin/rap_plugin.c
 new file mode 100644
-index 0000000..a6d423f
+index 0000000..afdc89d
 --- /dev/null
 +++ b/tools/gcc/rap_plugin/rap_plugin.c
 @@ -0,0 +1,480 @@
@@ -169975,6 +170066,7 @@ index 0000000..a6d423f
 +	cgraph_node_ptr node;
 +	rap_hash_t imprecise_rap_hash;
 +	unsigned HOST_WIDE_INT skip;
++	const int rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
 +
 +	gcc_assert(debug_hooks == &rap_debug_hooks);
 +
@@ -169984,8 +170076,8 @@ index 0000000..a6d423f
 +
 +	// align the rap hash if necessary
 +	skip = 1ULL << align_functions_log;
-+	if (skip > 4 * sizeof(rap_hash_t))
-+		ASM_OUTPUT_SKIP(asm_out_file, skip - 4 * sizeof(rap_hash_t));
++	if (skip > rap_hash_offset)
++		ASM_OUTPUT_SKIP(asm_out_file, skip - rap_hash_offset);
 +
 +	// don't compute hash for functions called only directly
 +	node = cgraph_get_node(decl);
@@ -169999,7 +170091,10 @@ index 0000000..a6d423f
 +	if (report_func_hash)
 +		inform(DECL_SOURCE_LOCATION(decl), "func rap_hash: %x %s", imprecise_rap_hash.hash, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
 +
-+	fprintf(asm_out_file, ASM_QUAD " %#lx\t%s __rap_hash_%s\n", (long)imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
++	if (TARGET_64BIT)
++		fprintf(asm_out_file, ".quad %#lx\t%s __rap_hash_%s\n", (long)imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
++	else
++		fprintf(asm_out_file, ".long %#lx\t%s __rap_hash_%s\n", imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
 +}
 +
 +static void rap_start_unit_common(void *gcc_data __unused, void *user_data __unused)
@@ -170235,7 +170330,7 @@ index 0000000..a6d423f
 +			value = strtok_r(values, ",", &saveptr);
 +			while (value) {
 +				if (!strcmp(value, "call"))
-+					enable_call = TARGET_64BIT;//true;
++					enable_call = true;
 +				else
 +					error(G_("unknown value supplied for option '-fplugin-arg-%s-%s=%s'"), plugin_name, argv[i].key, value);
 +				value = strtok_r(NULL, ",", &saveptr);
@@ -170313,13 +170408,9 @@ index 0000000..a6d423f
 +		register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)&gt_ggc_r_gt_rap);
 +		if (enable_abs_finish)
 +			register_callback(plugin_name, PLUGIN_FINISH_UNIT, rap_finish_unit, NULL);
-+	}
-+
-+	if (enable_call)
 +		register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &rap_fptr_pass_info);
-+
-+	if (enable_call)
 +		register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, rap_calculate_func_hashes, NULL);
++	}
 +
 +	return 0;
 +}
@@ -170470,10 +170561,10 @@ index 0000000..f74d85a
 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
 diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
 new file mode 100644
-index 0000000..9957f8c
+index 0000000..a5916c8
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
-@@ -0,0 +1,12440 @@
+@@ -0,0 +1,12441 @@
 +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
 +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
 +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -182914,6 +183005,7 @@ index 0000000..9957f8c
 +enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL
 +enable_so_squashfs_iget_fndecl_37485 squashfs_iget fndecl 3 37485 NULL
 +enable_so_new_offset_mdp_superblock_1_6501 new_offset mdp_superblock_1 0 6501 NULL
++enable_so_lookup_memtype_fndecl_20192 lookup_memtype fndecl 1 20192 NULL
 diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
 new file mode 100644
 index 0000000..be9724d
@@ -185252,10 +185344,10 @@ index 0000000..4098952
 +}
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
 new file mode 100644
-index 0000000..837e6d0
+index 0000000..b3ac1cc
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,21648 @@
+@@ -0,0 +1,21647 @@
 +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
 +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
 +enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL
@@ -191911,7 +192003,6 @@ index 0000000..837e6d0
 +enable_so_swapRB_sd_20181 swapRB sd 0 20181 &enable_so_usb_ftdi_elan_edset_single_fndecl_20181
 +enable_so___kmalloc_track_caller_fndecl_20188 __kmalloc_track_caller fndecl 1 20188 NULL
 +enable_so_qp_attach_mbox_size_fndecl_20191 qp_attach_mbox_size fndecl 0 20191 NULL
-+enable_so_lookup_memtype_fndecl_20192 lookup_memtype fndecl 1 20192 NULL
 +enable_so_agp_memory_reserved_vardecl_20196 agp_memory_reserved vardecl 0 20196 NULL nohasharray
 +enable_so_iram_base_intel_sst_drv_20196 iram_base intel_sst_drv 0 20196 &enable_so_agp_memory_reserved_vardecl_20196
 +enable_so_qxl_gem_object_create_with_handle_fndecl_20198 qxl_gem_object_create_with_handle fndecl 4 20198 NULL