Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-05-14 07:07:59 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-05-14 07:07:59 -0400
commit65558af35749a9213e649a3b580778da10dc42dd (patch)
treedcfe86af12317069f159b1ec1879c5e3f945c23b
parentgrsecurity-3.1-4.5.4-201605122039 (diff)
downloadhardened-patchset-65558af35749a9213e649a3b580778da10dc42dd.tar.gz
hardened-patchset-65558af35749a9213e649a3b580778da10dc42dd.tar.bz2
hardened-patchset-65558af35749a9213e649a3b580778da10dc42dd.zip
grsecurity-3.1-4.5.4-20160513191820160513
Diffstat
-rw-r--r--4.5.4/0000_README2
-rw-r--r--4.5.4/4420_grsecurity-3.1-4.5.4-201605131918.patch (renamed from 4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch)63
2 files changed, 45 insertions, 20 deletions
diff --git a/4.5.4/0000_README b/4.5.4/0000_README
index c80ae26..d196de1 100644
--- a/4.5.4/0000_README
+++ b/4.5.4/0000_README
@@ -6,7 +6,7 @@ Patch: 1003_linux-4.5.4.patch
From: http://www.kernel.org
Desc: Linux 4.5.4
-Patch: 4420_grsecurity-3.1-4.5.4-201605122039.patch
+Patch: 4420_grsecurity-3.1-4.5.4-201605131918.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch b/4.5.4/4420_grsecurity-3.1-4.5.4-201605131918.patch
index 392d870..4d957ee 100644
--- a/4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch
+++ b/4.5.4/4420_grsecurity-3.1-4.5.4-201605131918.patch
@@ -169974,10 +169974,10 @@ index 0000000..7c59f38
+}
diff --git a/tools/gcc/rap_plugin/rap_plugin.c b/tools/gcc/rap_plugin/rap_plugin.c
new file mode 100644
-index 0000000..cdac9c1
+index 0000000..bca74dc
--- /dev/null
+++ b/tools/gcc/rap_plugin/rap_plugin.c
-@@ -0,0 +1,486 @@
+@@ -0,0 +1,511 @@
+/*
+ * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -170105,12 +170105,39 @@ index 0000000..cdac9c1
+ return cgraph_for_node_and_aliases(node, __rap_cgraph_indirectly_callable, NULL, true);
+}
+
++static void rap_hash_align(tree decl)
++{
++ const unsigned HOST_WIDE_INT rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
++ unsigned HOST_WIDE_INT skip;
++
++ skip = 1ULL << align_functions_log;
++ if (DECL_USER_ALIGN(decl))
++ return;
++
++ if (!optimize_function_for_speed_p(cfun))
++ return;
++
++ if (skip <= rap_hash_offset)
++ return;
++
++#ifdef TARGET_386
++ {
++ char padding[skip - rap_hash_offset];
++
++ // this byte sequence helps disassemblers not trip up on the following rap hash
++ memset(padding, 0xcc, sizeof padding - 1);
++ padding[sizeof padding - 1] = 0xb8;
++ ASM_OUTPUT_ASCII(asm_out_file, padding, sizeof padding);
++ }
++#else
++ ASM_OUTPUT_SKIP(asm_out_file, skip - rap_hash_offset);
++#endif
++}
++
+static void rap_begin_function(tree decl)
+{
+ cgraph_node_ptr node;
+ rap_hash_t imprecise_rap_hash;
-+ unsigned HOST_WIDE_INT skip;
-+ const unsigned HOST_WIDE_INT rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t);
+
+ gcc_assert(debug_hooks == &rap_debug_hooks);
+
@@ -170119,9 +170146,7 @@ index 0000000..cdac9c1
+ old_debug_hooks->begin_function(decl);
+
+ // align the rap hash if necessary
-+ skip = 1ULL << align_functions_log;
-+ if (skip > rap_hash_offset)
-+ ASM_OUTPUT_SKIP(asm_out_file, skip - rap_hash_offset);
++ rap_hash_align(decl);
+
+ // don't compute hash for functions called only directly
+ node = cgraph_get_node(decl);
@@ -170136,9 +170161,9 @@ index 0000000..cdac9c1
+ inform(DECL_SOURCE_LOCATION(decl), "func rap_hash: %x %s", imprecise_rap_hash.hash, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
+
+ if (TARGET_64BIT)
-+ fprintf(asm_out_file, ".quad %#lx\t%s __rap_hash_%s\n", (long)imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
++ fprintf(asm_out_file, "\t.quad %#lx\t%s __rap_hash_%s\n", (long)imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
+ else
-+ fprintf(asm_out_file, ".long %#x\t%s __rap_hash_%s\n", imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
++ fprintf(asm_out_file, "\t.long %#x\t%s __rap_hash_%s\n", imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl)));
+}
+
+static void rap_start_unit_common(void *gcc_data __unused, void *user_data __unused)
@@ -170611,10 +170636,10 @@ index 0000000..f74d85a
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
new file mode 100644
-index 0000000..a5916c8
+index 0000000..2a420f3
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
-@@ -0,0 +1,12441 @@
+@@ -0,0 +1,12444 @@
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
+disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -183056,6 +183081,9 @@ index 0000000..a5916c8
+enable_so_squashfs_iget_fndecl_37485 squashfs_iget fndecl 3 37485 NULL
+enable_so_new_offset_mdp_superblock_1_6501 new_offset mdp_superblock_1 0 6501 NULL
+enable_so_lookup_memtype_fndecl_20192 lookup_memtype fndecl 1 20192 NULL
++enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL
++enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL
++enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL
diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
new file mode 100644
index 0000000..be9724d
@@ -183542,7 +183570,7 @@ index 0000000..ee987da
+#include "gcc-generate-gimple-pass.h"
diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
new file mode 100644
-index 0000000..b12cef3
+index 0000000..a47c089
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
@@ -0,0 +1,1166 @@
@@ -184679,7 +184707,7 @@ index 0000000..b12cef3
+{
+ const_tree rhs, lhs_type, rhs_type;
+ const_tree def_rhs1, def_rhs2;
-+ const_gimple def_stmt;
++ gimple def_stmt;
+ gimple def_def_stmt = NULL;
+
+ if (!gimple_assign_cast_p(stmt))
@@ -184700,7 +184728,7 @@ index 0000000..b12cef3
+
+ // _37 = _36 | -32768;
+ def_stmt = get_def_stmt(rhs);
-+ if (!def_stmt || gimple_assign_rhs_code(def_stmt) != BIT_IOR_EXPR)
++ if (!def_stmt || !gimple_assign_cast_p(def_stmt) || gimple_assign_rhs_code(def_stmt) != BIT_IOR_EXPR)
+ return false;
+ def_rhs1 = gimple_assign_rhs1(def_stmt);
+ def_rhs2 = gimple_assign_rhs2(def_stmt);
@@ -185394,10 +185422,10 @@ index 0000000..4098952
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..b3ac1cc
+index 0000000..5364a49
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,21647 @@
+@@ -0,0 +1,21644 @@
+enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
+enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
+enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL
@@ -186994,7 +187022,6 @@ index 0000000..b3ac1cc
+enable_so_SYSC_fgetxattr_fndecl_4904 SYSC_fgetxattr fndecl 4 4904 NULL
+enable_so_diva_um_idi_read_fndecl_4912 diva_um_idi_read fndecl 0 4912 NULL
+enable_so_tree_mod_log_eb_move_fndecl_4920 tree_mod_log_eb_move fndecl 5 4920 NULL
-+enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL
+enable_so_leaf_copy_items_fndecl_4923 leaf_copy_items fndecl 5 4923 NULL
+enable_so_ui_size_ubifs_inode_4934 ui_size ubifs_inode 0 4934 NULL
+enable_so_bpp_drm_mode_fb_cmd_4936 bpp drm_mode_fb_cmd 0 4936 NULL
@@ -187083,7 +187110,6 @@ index 0000000..b3ac1cc
+enable_so_len_bts_file_action_5178 len bts_file_action 0 5178 &enable_so_ext4_es_insert_extent_fndecl_5178
+enable_so_lpfc_issue_ct_rsp_fndecl_5182 lpfc_issue_ct_rsp fndecl 6 5182 NULL
+enable_so_port_mlx5_ib_qp_5186 port mlx5_ib_qp 0 5186 NULL
-+enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL
+enable_so_SyS_lsetxattr_fndecl_5195 SyS_lsetxattr fndecl 4 5195 NULL
+enable_so_size_drm_amdgpu_gem_userptr_5196 size drm_amdgpu_gem_userptr 0 5196 NULL
+enable_so_hidp_raw_request_fndecl_5198 hidp_raw_request fndecl 4 5198 NULL
@@ -193092,7 +193118,6 @@ index 0000000..b3ac1cc
+enable_so_num_channels_sh_mtu2_device_23224 num_channels sh_mtu2_device 0 23224 NULL
+enable_so_clk_core_get_rate_fndecl_23225 clk_core_get_rate fndecl 0 23225 NULL nohasharray
+enable_so_vid_hdr_offset_ubi_device_23225 vid_hdr_offset ubi_device 0 23225 &enable_so_clk_core_get_rate_fndecl_23225
-+enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL
+enable_so_nvkm_client_map_fndecl_23228 nvkm_client_map fndecl 3-2 23228 NULL
+enable_so_ubifs_prep_grp_node_fndecl_23231 ubifs_prep_grp_node fndecl 3 23231 NULL nohasharray
+enable_so_ivtv_v4l2_read_fndecl_23231 ivtv_v4l2_read fndecl 3 23231 &enable_so_ubifs_prep_grp_node_fndecl_23231