grsecurity-3.1-4.3.3-20151228213420151228

author: Anthony G. Basile <blueness@gentoo.org> 2015-12-31 07:31:34 -0500
committer: Anthony G. Basile <blueness@gentoo.org> 2015-12-31 07:31:34 -0500
commit: 8653be659f83e207eded0dbd8917a1898acf2727 (patch)
tree: d816b06ee46d9a164ab25bb5143b6b387d786380
parent: grsecurity-3.1-4.3.3-201512222129 (diff)
download: hardened-patchset-8653be659f83e207eded0dbd8917a1898acf2727.tar.gz
hardened-patchset-8653be659f83e207eded0dbd8917a1898acf2727.tar.bz2
hardened-patchset-8653be659f83e207eded0dbd8917a1898acf2727.zip
2 files changed, 160 insertions, 93 deletions
diff --git a/4.3.3/0000_README b/4.3.3/0000_README
index 2c1a853..0d44c02 100644
--- a/4.3.3/0000_README
+++ b/4.3.3/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.3.3-201512222129.patch
+Patch:	4420_grsecurity-3.1-4.3.3-201512282134.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch b/4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch
index 2c1d2ad..0e5c122 100644
--- a/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch
+++ b/4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch
@@ -1040,7 +1040,7 @@ index 0cfd7f947..63ed4c0 100644
  	  Say Y here if you want to show the kernel pagetable layout in a
  	  debugfs file. This information is only useful for kernel developers
 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index fe3ef39..9406984 100644
+index fe3ef39..60e6ae2 100644
 --- a/arch/arm/include/asm/atomic.h
 +++ b/arch/arm/include/asm/atomic.h
 @@ -18,17 +18,41 @@
@@ -1158,8 +1158,11 @@ index fe3ef39..9406984 100644
  	: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)		\
  	: "r" (&v->counter), "Ir" (i)					\
  	: "cc");							\
-@@ -80,6 +130,9 @@ static inline int atomic_##op##_return_relaxed(int i, atomic_t *v)	\
+@@ -78,8 +128,12 @@ static inline int atomic_##op##_return_relaxed(int i, atomic_t *v)	\
+ }
+ 
  #define atomic_add_return_relaxed	atomic_add_return_relaxed
++#define atomic_add_return_unchecked	atomic_add_return_unchecked_relaxed
  #define atomic_sub_return_relaxed	atomic_sub_return_relaxed
  
 +#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op, , )\
@@ -1168,7 +1171,7 @@ index fe3ef39..9406984 100644
  static inline int atomic_cmpxchg_relaxed(atomic_t *ptr, int old, int new)
  {
  	int oldval;
-@@ -113,12 +166,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -113,12 +167,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
  	__asm__ __volatile__ ("@ atomic_add_unless\n"
  "1:	ldrex	%0, [%4]\n"
  "	teq	%0, %5\n"
@@ -1196,7 +1199,7 @@ index fe3ef39..9406984 100644
  	: "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter)
  	: "r" (&v->counter), "r" (u), "r" (a)
  	: "cc");
-@@ -129,14 +194,36 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -129,14 +195,36 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
  	return oldval;
  }
  
@@ -1235,7 +1238,7 @@ index fe3ef39..9406984 100644
  {									\
  	unsigned long flags;						\
  									\
-@@ -145,8 +232,11 @@ static inline void atomic_##op(int i, atomic_t *v)			\
+@@ -145,8 +233,11 @@ static inline void atomic_##op(int i, atomic_t *v)			\
  	raw_local_irq_restore(flags);					\
  }									\
  
@@ -1249,7 +1252,7 @@ index fe3ef39..9406984 100644
  {									\
  	unsigned long flags;						\
  	int val;							\
-@@ -159,6 +249,9 @@ static inline int atomic_##op##_return(int i, atomic_t *v)		\
+@@ -159,6 +250,9 @@ static inline int atomic_##op##_return(int i, atomic_t *v)		\
  	return val;							\
  }
  
@@ -1259,7 +1262,7 @@ index fe3ef39..9406984 100644
  static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
  {
  	int ret;
-@@ -173,6 +266,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+@@ -173,6 +267,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
  	return ret;
  }
  
@@ -1271,7 +1274,7 @@ index fe3ef39..9406984 100644
  static inline int __atomic_add_unless(atomic_t *v, int a, int u)
  {
  	int c, old;
-@@ -201,16 +299,38 @@ ATOMIC_OP(xor, ^=, eor)
+@@ -201,16 +300,38 @@ ATOMIC_OP(xor, ^=, eor)
  
  #undef ATOMIC_OPS
  #undef ATOMIC_OP_RETURN
@@ -1299,18 +1302,18 @@ index fe3ef39..9406984 100644
  #define atomic_inc_and_test(v)	(atomic_add_return(1, v) == 0)
 +static inline int atomic_inc_and_test_unchecked(atomic_unchecked_t *v)
 +{
-+	return atomic_add_return_unchecked_relaxed(1, v) == 0;
++	return atomic_add_return_unchecked(1, v) == 0;
 +}
  #define atomic_dec_and_test(v)	(atomic_sub_return(1, v) == 0)
  #define atomic_inc_return(v)    (atomic_add_return(1, v))
 +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
 +{
-+	return atomic_add_return_unchecked_relaxed(1, v);
++	return atomic_add_return_unchecked(1, v);
 +}
  #define atomic_dec_return(v)    (atomic_sub_return(1, v))
  #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
  
-@@ -221,6 +341,14 @@ typedef struct {
+@@ -221,6 +342,14 @@ typedef struct {
  	long long counter;
  } atomic64_t;
  
@@ -1325,7 +1328,7 @@ index fe3ef39..9406984 100644
  #define ATOMIC64_INIT(i) { (i) }
  
  #ifdef CONFIG_ARM_LPAE
-@@ -237,6 +365,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -237,6 +366,19 @@ static inline long long atomic64_read(const atomic64_t *v)
  	return result;
  }
  
@@ -1345,7 +1348,7 @@ index fe3ef39..9406984 100644
  static inline void atomic64_set(atomic64_t *v, long long i)
  {
  	__asm__ __volatile__("@ atomic64_set\n"
-@@ -245,6 +386,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -245,6 +387,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
  	: "r" (&v->counter), "r" (i)
  	);
  }
@@ -1361,7 +1364,7 @@ index fe3ef39..9406984 100644
  #else
  static inline long long atomic64_read(const atomic64_t *v)
  {
-@@ -259,6 +409,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -259,6 +410,19 @@ static inline long long atomic64_read(const atomic64_t *v)
  	return result;
  }
  
@@ -1381,7 +1384,7 @@ index fe3ef39..9406984 100644
  static inline void atomic64_set(atomic64_t *v, long long i)
  {
  	long long tmp;
-@@ -273,43 +436,73 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -273,43 +437,73 @@ static inline void atomic64_set(atomic64_t *v, long long i)
  	: "r" (&v->counter), "r" (i)
  	: "cc");
  }
@@ -1463,7 +1466,7 @@ index fe3ef39..9406984 100644
  	: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)		\
  	: "r" (&v->counter), "r" (i)					\
  	: "cc");							\
-@@ -317,6 +510,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v)		\
+@@ -317,6 +511,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v)		\
  	return result;							\
  }
  
@@ -1473,7 +1476,15 @@ index fe3ef39..9406984 100644
  #define ATOMIC64_OPS(op, op1, op2)					\
  	ATOMIC64_OP(op, op1, op2)					\
  	ATOMIC64_OP_RETURN(op, op1, op2)
-@@ -336,7 +532,12 @@ ATOMIC64_OP(xor, eor, eor)
+@@ -325,6 +522,7 @@ ATOMIC64_OPS(add, adds, adc)
+ ATOMIC64_OPS(sub, subs, sbc)
+ 
+ #define atomic64_add_return_relaxed	atomic64_add_return_relaxed
++#define atomic64_add_return_unchecked	atomic64_add_return_unchecked_relaxed
+ #define atomic64_sub_return_relaxed	atomic64_sub_return_relaxed
+ 
+ #define atomic64_andnot atomic64_andnot
+@@ -336,7 +534,12 @@ ATOMIC64_OP(xor, eor, eor)
  
  #undef ATOMIC64_OPS
  #undef ATOMIC64_OP_RETURN
@@ -1486,10 +1497,12 @@ index fe3ef39..9406984 100644
  
  static inline long long
  atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
-@@ -362,6 +563,32 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
+@@ -361,6 +564,33 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new)
+ 	return oldval;
  }
  #define atomic64_cmpxchg_relaxed	atomic64_cmpxchg_relaxed
- 
++#define atomic64_cmpxchg_unchecked	atomic64_cmpxchg_unchecked_relaxed
++
 +static inline long long
 +atomic64_cmpxchg_unchecked_relaxed(atomic64_unchecked_t *ptr, long long old,
 +					long long new)
@@ -1515,11 +1528,10 @@ index fe3ef39..9406984 100644
 +
 +	return oldval;
 +}
-+
+ 
  static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
  {
- 	long long result;
-@@ -385,21 +612,35 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
+@@ -385,21 +615,35 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new)
  static inline long long atomic64_dec_if_positive(atomic64_t *v)
  {
  	long long result;
@@ -1561,7 +1573,7 @@ index fe3ef39..9406984 100644
  	: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
  	: "r" (&v->counter)
  	: "cc");
-@@ -423,13 +664,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -423,13 +667,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
  "	teq	%0, %5\n"
  "	teqeq	%H0, %H5\n"
  "	moveq	%1, #0\n"
@@ -1590,7 +1602,7 @@ index fe3ef39..9406984 100644
  	: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
  	: "r" (&v->counter), "r" (u), "r" (a)
  	: "cc");
-@@ -442,10 +695,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -442,10 +698,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
  
  #define atomic64_add_negative(a, v)	(atomic64_add_return((a), (v)) < 0)
  #define atomic64_inc(v)			atomic64_add(1LL, (v))
@@ -1694,23 +1706,22 @@ index 0f84249..8e83c55 100644
  struct of_cpuidle_method {
  	const char *method;
 diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h
-index fc8ba16..805a183 100644
+index fc8ba16..8b84f53 100644
 --- a/arch/arm/include/asm/domain.h
 +++ b/arch/arm/include/asm/domain.h
-@@ -42,7 +42,7 @@
+@@ -42,7 +42,6 @@
  #define DOMAIN_USER	1
  #define DOMAIN_IO	0
  #endif
 -#define DOMAIN_VECTORS	3
-+//#define DOMAIN_VECTORS	3
  
  /*
   * Domain types
-@@ -51,8 +51,26 @@
+@@ -51,9 +50,27 @@
  #define DOMAIN_CLIENT	1
  #ifdef CONFIG_CPU_USE_DOMAINS
  #define DOMAIN_MANAGER	3
-+#define DOMAIN_VECTORS		DOMAIN_USER
++#define DOMAIN_VECTORS	3
  #else
 +
 +#ifdef CONFIG_PAX_KERNEXEC
@@ -1728,12 +1739,13 @@ index fc8ba16..805a183 100644
 +#define DOMAIN_USERCLIENT	1
 +#define DOMAIN_VECTORS		DOMAIN_USER
 +#endif
-+#define DOMAIN_KERNELCLIENT	1
 +
  #endif
++#define DOMAIN_KERNELCLIENT	1
  
  #define domain_mask(dom)	((3) << (2 * (dom)))
-@@ -62,7 +80,7 @@
+ #define domain_val(dom,type)	((type) << (2 * (dom)))
+@@ -62,7 +79,7 @@
  #define DACR_INIT \
  	(domain_val(DOMAIN_USER, DOMAIN_NOACCESS) | \
  	 domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
@@ -28770,7 +28782,7 @@ index 10e0272..b4bb9a7 100644
  	if (!(addr & ~PAGE_MASK))
  		return addr;
 diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
-index 91a4496..42fc304 100644
+index 91a4496..6414b5c 100644
 --- a/arch/x86/kernel/tboot.c
 +++ b/arch/x86/kernel/tboot.c
 @@ -44,6 +44,7 @@
@@ -28781,27 +28793,42 @@ index 91a4496..42fc304 100644
  
  #include "../realmode/rm/wakeup.h"
  
-@@ -221,7 +222,7 @@ static int tboot_setup_sleep(void)
+@@ -151,6 +152,10 @@ static int map_tboot_pages(unsigned long vaddr, unsigned long start_pfn,
+ 	if (!tboot_pg_dir)
+ 		return -1;
+ 
++	clone_pgd_range(tboot_pg_dir + KERNEL_PGD_BOUNDARY,
++			swapper_pg_dir + KERNEL_PGD_BOUNDARY,
++			KERNEL_PGD_PTRS);
++
+ 	for (; nr > 0; nr--, vaddr += PAGE_SIZE, start_pfn++) {
+ 		if (map_tboot_page(vaddr, start_pfn, PAGE_KERNEL_EXEC))
+ 			return -1;
+@@ -221,8 +226,6 @@ static int tboot_setup_sleep(void)
  
  void tboot_shutdown(u32 shutdown_type)
  {
 -	void (*shutdown)(void);
-+	void (* __noreturn shutdown)(void);
- 
+-
  	if (!tboot_enabled())
  		return;
-@@ -242,8 +243,9 @@ void tboot_shutdown(u32 shutdown_type)
+ 
+@@ -242,9 +245,12 @@ void tboot_shutdown(u32 shutdown_type)
  	tboot->shutdown_type = shutdown_type;
  
  	switch_to_tboot_pt();
-+	cr4_clear_bits(X86_CR4_PCIDE);
++	__write_cr4(__read_cr4() & ~X86_CR4_PCIDE);
  
 -	shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry;
-+	shutdown = (void *)(unsigned long)tboot->shutdown_entry;
- 	shutdown();
+-	shutdown();
++	/*
++	 * PaX: can't be a C indirect function call due to KERNEXEC
++	 */
++	asm volatile("jmp *%0" : : "r"((unsigned long)tboot->shutdown_entry));
  
  	/* should not reach here */
-@@ -310,7 +312,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
+ 	while (1)
+@@ -310,7 +316,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b)
  	return -ENODEV;
  }
  
@@ -28810,7 +28837,7 @@ index 91a4496..42fc304 100644
  
  static int tboot_wait_for_aps(int num_aps)
  {
-@@ -334,9 +336,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action,
+@@ -334,9 +340,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action,
  {
  	switch (action) {
  	case CPU_DYING:
@@ -28822,7 +28849,7 @@ index 91a4496..42fc304 100644
  				return NOTIFY_BAD;
  		break;
  	}
-@@ -422,7 +424,7 @@ static __init int tboot_late_init(void)
+@@ -422,7 +428,7 @@ static __init int tboot_late_init(void)
  
  	tboot_create_trampoline();
  
@@ -44150,7 +44177,7 @@ index c13fb5b..55a3802 100644
  
  	*off += size;
 diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index c4dcab0..89d8045 100644
+index c4dcab0..a505f18 100644
 --- a/drivers/hv/channel.c
 +++ b/drivers/hv/channel.c
 @@ -382,7 +382,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
@@ -44162,6 +44189,17 @@ index c4dcab0..89d8045 100644
  
  	ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
  	if (ret)
+@@ -696,9 +696,7 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel,
+ 	 * Adjust the size down since vmbus_channel_packet_page_buffer is the
+ 	 * largest size we support
+ 	 */
+-	descsize = sizeof(struct vmbus_channel_packet_page_buffer) -
+-			  ((MAX_PAGE_BUFFER_COUNT - pagecount) *
+-			  sizeof(struct hv_page_buffer));
++	descsize = offsetof(struct vmbus_channel_packet_page_buffer, range[pagecount]);
+ 	packetlen = descsize + bufferlen;
+ 	packetlen_aligned = ALIGN(packetlen, sizeof(u64));
+ 
 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
 index 6341be8..1a2fc8d 100644
 --- a/drivers/hv/hv.c
@@ -44570,6 +44608,19 @@ index 65e3240..e6c511d 100644
  
  /* Wrapper access functions for multiplexed SMBus */
  static DEFINE_MUTEX(amd756_lock);
+diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c
+index df23e8c..1354d8e 100644
+--- a/drivers/i2c/busses/i2c-designware-pcidrv.c
++++ b/drivers/i2c/busses/i2c-designware-pcidrv.c
+@@ -60,7 +60,7 @@ struct dw_scl_sda_cfg {
+ };
+ 
+ struct dw_pci_controller {
+-	u32 bus_num;
++	int bus_num;
+ 	u32 bus_cfg;
+ 	u32 tx_fifo_depth;
+ 	u32 rx_fifo_depth;
 diff --git a/drivers/i2c/busses/i2c-nforce2-s4985.c b/drivers/i2c/busses/i2c-nforce2-s4985.c
 index 88eda09..cf40434 100644
 --- a/drivers/i2c/busses/i2c-nforce2-s4985.c
@@ -51116,7 +51167,7 @@ index 5fa98f5..322f0f8 100644
  	spinlock_t request_lock;
  	struct list_head req_list;
 diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
-index 5931a79..d536e64 100644
+index 5931a79..134ce31 100644
 --- a/drivers/net/hyperv/rndis_filter.c
 +++ b/drivers/net/hyperv/rndis_filter.c
 @@ -101,7 +101,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
@@ -51137,6 +51188,16 @@ index 5931a79..d536e64 100644
  
  	/* Ignore return since this msg is optional. */
  	rndis_filter_send_request(dev, request);
+@@ -1138,8 +1138,7 @@ int rndis_filter_device_add(struct hv_device *dev,
+ 	if (net_device->num_chn == 1)
+ 		goto out;
+ 
+-	net_device->sub_cb_buf = vzalloc((net_device->num_chn - 1) *
+-					 NETVSC_PACKET_SIZE);
++	net_device->sub_cb_buf = vzalloc(net_device->num_sc_offered * NETVSC_PACKET_SIZE);
+ 	if (!net_device->sub_cb_buf) {
+ 		net_device->num_chn = 1;
+ 		dev_info(&dev->device, "No memory for subchannels.\n");
 diff --git a/drivers/net/ifb.c b/drivers/net/ifb.c
 index cc56fac..c15b884 100644
 --- a/drivers/net/ifb.c
@@ -77227,7 +77288,7 @@ index e4141f2..d8263e8 100644
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 diff --git a/fs/exec.c b/fs/exec.c
-index b06623a..1c50b96 100644
+index b06623a..122301f 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -56,8 +56,20 @@
@@ -77736,7 +77797,7 @@ index b06623a..1c50b96 100644
 +	if (*flags & MF_PAX_SEGMEXEC)
 +	{
 +		*flags &= ~MF_PAX_SEGMEXEC;
-+	retval = -EINVAL;
++		retval = -EINVAL;
 +	}
 +#endif
 +
@@ -77761,7 +77822,7 @@ index b06623a..1c50b96 100644
 +	   )
 +	{
 +		*flags &= ~MF_PAX_MPROTECT;
-+	retval = -EINVAL;
++		retval = -EINVAL;
 +	}
 +
 +	if ((*flags & MF_PAX_EMUTRAMP)
@@ -97176,46 +97237,10 @@ index c1da539..1dcec55 100644
  struct atmphy_ops {
  	int (*start)(struct atm_dev *dev);
 diff --git a/include/linux/atomic.h b/include/linux/atomic.h
-index 00a5763..5322059 100644
+index 00a5763..93fe7f4 100644
 --- a/include/linux/atomic.h
 +++ b/include/linux/atomic.h
-@@ -79,6 +79,11 @@
- #define  atomic_add_return(...)						\
- 	__atomic_op_fence(atomic_add_return, __VA_ARGS__)
- #endif
-+
-+#ifndef atomic_add_return_unchecked
-+#define  atomic_add_return_unchecked(...)				\
-+	__atomic_op_fence(atomic_add_return_unchecked, __VA_ARGS__)
-+#endif
- #endif /* atomic_add_return_relaxed */
- 
- /* atomic_sub_return_relaxed */
-@@ -183,6 +188,11 @@
- #define  atomic64_add_return(...)					\
- 	__atomic_op_fence(atomic64_add_return, __VA_ARGS__)
- #endif
-+
-+#ifndef atomic64_add_return_unchecked
-+#define  atomic64_add_return_unchecked(...)				\
-+	__atomic_op_fence(atomic64_add_return_unchecked, __VA_ARGS__)
-+#endif
- #endif /* atomic64_add_return_relaxed */
- 
- /* atomic64_sub_return_relaxed */
-@@ -255,6 +265,11 @@
- #define  atomic64_cmpxchg(...)						\
- 	__atomic_op_fence(atomic64_cmpxchg, __VA_ARGS__)
- #endif
-+
-+#ifndef atomic64_cmpxchg_unchecked
-+#define  atomic64_cmpxchg_unchecked(...)				\
-+	__atomic_op_fence(atomic64_cmpxchg_unchecked, __VA_ARGS__)
-+#endif
- #endif /* atomic64_cmpxchg_relaxed */
- 
- /* cmpxchg_relaxed */
-@@ -335,7 +350,7 @@
+@@ -335,7 +335,7 @@
   * Atomically adds @a to @v, so long as @v was not already @u.
   * Returns non-zero if @v was not @u, and zero otherwise.
   */
@@ -120311,10 +120336,20 @@ index 8a1741b..20d20e7 100644
  		if (!err)
  			err = put_user(SCM_RIGHTS, &cm->cmsg_type);
 diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index fab4599..e488a92 100644
+index fab4599..daf360d 100644
 --- a/net/core/skbuff.c
 +++ b/net/core/skbuff.c
-@@ -2103,7 +2103,7 @@ EXPORT_SYMBOL(__skb_checksum);
+@@ -969,7 +969,8 @@ static void skb_headers_offset_update(struct sk_buff *skb, int off)
+ 	if (skb->ip_summed == CHECKSUM_PARTIAL)
+ 		skb->csum_start += off;
+ 	/* {transport,network,mac}_header and tail are relative to skb->head */
+-	skb->transport_header += off;
++	if (skb_transport_header_was_set(skb))
++		skb->transport_header += off;
+ 	skb->network_header   += off;
+ 	if (skb_mac_header_was_set(skb))
+ 		skb->mac_header += off;
+@@ -2103,7 +2104,7 @@ EXPORT_SYMBOL(__skb_checksum);
  __wsum skb_checksum(const struct sk_buff *skb, int offset,
  		    int len, __wsum csum)
  {
@@ -120323,7 +120358,7 @@ index fab4599..e488a92 100644
  		.update  = csum_partial_ext,
  		.combine = csum_block_add_ext,
  	};
-@@ -3318,12 +3318,14 @@ void __init skb_init(void)
+@@ -3318,12 +3319,14 @@ void __init skb_init(void)
  	skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
  					      sizeof(struct sk_buff),
  					      0,
@@ -120340,7 +120375,7 @@ index fab4599..e488a92 100644
  						NULL);
  }
  
-@@ -3643,7 +3645,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb,
+@@ -3643,7 +3646,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb,
  	serr->ee.ee_info = tstype;
  	if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) {
  		serr->ee.ee_data = skb_shinfo(skb)->tskey;
@@ -128018,6 +128053,36 @@ index aee2ec5..c276071 100644
  
  	/* record the root user tracking */
  	rb_link_node(&root_key_user.node,
+diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
+index 0b9ec78..26f0e0a 100644
+--- a/security/keys/keyctl.c
++++ b/security/keys/keyctl.c
+@@ -757,16 +757,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
+ 
+ 	/* the key is probably readable - now try to read it */
+ can_read_key:
+-	ret = key_validate(key);
+-	if (ret == 0) {
+-		ret = -EOPNOTSUPP;
+-		if (key->type->read) {
+-			/* read the data with the semaphore held (since we
+-			 * might sleep) */
+-			down_read(&key->sem);
++	ret = -EOPNOTSUPP;
++	if (key->type->read) {
++		/* Read the data with the semaphore held (since we might sleep)
++		 * to protect against the key being updated or revoked.
++		 */
++		down_read(&key->sem);
++		ret = key_validate(key);
++		if (ret == 0)
+ 			ret = key->type->read(key, buffer, buflen);
+-			up_read(&key->sem);
+-		}
++		up_read(&key->sem);
+ 	}
+ 
+ error2:
 diff --git a/security/keys/keyring.c b/security/keys/keyring.c
 index d334370..b03e5a8 100644
 --- a/security/keys/keyring.c
@@ -131375,10 +131440,10 @@ index 0000000..7514850
 +fi
 diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c
 new file mode 100644
-index 0000000..9da49be
+index 0000000..ed3a502
 --- /dev/null
 +++ b/tools/gcc/initify_plugin.c
-@@ -0,0 +1,586 @@
+@@ -0,0 +1,588 @@
 +/*
 + * Copyright 2011-2015 by Emese Revfy <re.emese@gmail.com>
 + * Licensed under the GPL v2, or (at your option) v3
@@ -131399,7 +131464,7 @@ index 0000000..9da49be
 +int plugin_is_GPL_compatible;
 +
 +static struct plugin_info initify_plugin_info = {
-+	.version	= "20151213",
++	.version	= "20151228",
 +	.help		= "initify_plugin\n",
 +};
 +
@@ -131603,6 +131668,7 @@ index 0000000..9da49be
 +	decl = get_inner_reference(op, &bitsize, &bitpos, &offset, &mode, &unsignedp, &reversep, &volatilep, true);
 +
 +	switch (TREE_CODE_CLASS(TREE_CODE(decl))) {
++	case tcc_comparison:
 +	case tcc_constant:
 +	case tcc_statement:
 +		return false;
@@ -131634,6 +131700,7 @@ index 0000000..9da49be
 +		return false;
 +
 +	if (!DECL_P(decl)) {
++		debug_tree(vardecl);
 +		debug_tree(op);
 +		debug_tree(decl);
 +		gcc_unreachable();
author	Anthony G. Basile <blueness@gentoo.org>	2015-12-31 07:31:34 -0500
committer	Anthony G. Basile <blueness@gentoo.org>	2015-12-31 07:31:34 -0500
commit	8653be659f83e207eded0dbd8917a1898acf2727 (patch)
tree	d816b06ee46d9a164ab25bb5143b6b387d786380
parent	grsecurity-3.1-4.3.3-201512222129 (diff)
download	hardened-patchset-8653be659f83e207eded0dbd8917a1898acf2727.tar.gz hardened-patchset-8653be659f83e207eded0dbd8917a1898acf2727.tar.bz2 hardened-patchset-8653be659f83e207eded0dbd8917a1898acf2727.zip