grsecurity-3.1-4.3.3-20151216214120151216

2 files changed, 142 insertions, 32 deletions

diff --git a/4.3.3/0000_README b/4.3.3/0000_README
index 651d7dc..3e1d5a0 100644
--- a/4.3.3/0000_README
+++ b/4.3.3/0000_README
@@ -6,7 +6,7 @@ Patch:	1002_linux-4.3.3.patch
 From:	http://www.kernel.org
 Desc:	Linux 4.3.3
 
-Patch:	4420_grsecurity-3.1-4.3.3-201512151908.patch
+Patch:	4420_grsecurity-3.1-4.3.3-201512162141.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.3.3/4420_grsecurity-3.1-4.3.3-201512151908.patch b/4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch
index 38b71b4..4b7bff5 100644
--- a/4.3.3/4420_grsecurity-3.1-4.3.3-201512151908.patch
+++ b/4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch
@@ -2622,7 +2622,7 @@ index 3e1c26e..9ea61e6 100644
  #endif
  	mov	r5, r0
 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
-index 30a7228..fc55cca 100644
+index 30a7228..d071196 100644
 --- a/arch/arm/kernel/entry-common.S
 +++ b/arch/arm/kernel/entry-common.S
 @@ -11,18 +11,46 @@
@@ -2675,7 +2675,29 @@ index 30a7228..fc55cca 100644
  	.align	5
  #if !(IS_ENABLED(CONFIG_TRACE_IRQFLAGS) || IS_ENABLED(CONFIG_CONTEXT_TRACKING))
  /*
-@@ -199,6 +227,12 @@ ENTRY(vector_swi)
+@@ -36,7 +64,9 @@ ret_fast_syscall:
+  UNWIND(.cantunwind	)
+ 	disable_irq_notrace			@ disable interrupts
+ 	ldr	r1, [tsk, #TI_FLAGS]		@ re-check for syscall tracing
+-	tst	r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
++	tst	r1, #_TIF_SYSCALL_WORK
++	bne	fast_work_pending
++	tst	r1, #_TIF_WORK_MASK
+ 	bne	fast_work_pending
+ 
+ 	/* perform architecture specific actions before user return */
+@@ -62,7 +92,9 @@ ret_fast_syscall:
+ 	str	r0, [sp, #S_R0 + S_OFF]!	@ save returned r0
+ 	disable_irq_notrace			@ disable interrupts
+ 	ldr	r1, [tsk, #TI_FLAGS]		@ re-check for syscall tracing
+-	tst	r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
++	tst	r1, #_TIF_SYSCALL_WORK
++	bne	__sys_trace_return_nosave
++	tst	r1, #_TIF_WORK_MASK
+ 	beq	no_work_pending
+  UNWIND(.fnend		)
+ ENDPROC(ret_fast_syscall)
+@@ -199,6 +231,12 @@ ENTRY(vector_swi)
  
  	uaccess_disable tbl
  
@@ -56491,9 +56513,76 @@ index c3fe026..9cfe421 100644
  
  	dlci->modem_rx = 0;
 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index a0285da..bddb306 100644
+index a0285da..e84f8de 100644
 --- a/drivers/tty/n_tty.c
 +++ b/drivers/tty/n_tty.c
+@@ -1514,7 +1514,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
+ 
+ static void
+ n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
+-			   char *fp, int count)
++			   char *fp, size_t count)
+ {
+ 	struct n_tty_data *ldata = tty->disc_data;
+ 	size_t n, head;
+@@ -1534,7 +1534,7 @@ n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
+ 
+ static void
+ n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
+-		      char *fp, int count)
++		      char *fp, size_t count)
+ {
+ 	struct n_tty_data *ldata = tty->disc_data;
+ 	char flag = TTY_NORMAL;
+@@ -1551,7 +1551,7 @@ n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
+ 
+ static void
+ n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
+-			  char *fp, int count)
++			  char *fp, size_t count)
+ {
+ 	char flag = TTY_NORMAL;
+ 
+@@ -1567,7 +1567,7 @@ n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
+ 
+ static void
+ n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
+-			  char *fp, int count)
++			  char *fp, size_t count)
+ {
+ 	struct n_tty_data *ldata = tty->disc_data;
+ 	char flag = TTY_NORMAL;
+@@ -1601,7 +1601,7 @@ n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
+ 
+ static void
+ n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
+-		       char *fp, int count)
++		       char *fp, size_t count)
+ {
+ 	struct n_tty_data *ldata = tty->disc_data;
+ 	char flag = TTY_NORMAL;
+@@ -1626,7 +1626,7 @@ n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
+ }
+ 
+ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
+-			  char *fp, int count)
++			  char *fp, size_t count)
+ {
+ 	struct n_tty_data *ldata = tty->disc_data;
+ 	bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
+@@ -1704,10 +1704,10 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
+  */
+ static int
+ n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
+-			 char *fp, int count, int flow)
++			 char *fp, size_t count, int flow)
+ {
+ 	struct n_tty_data *ldata = tty->disc_data;
+-	int room, n, rcvd = 0, overflow;
++	size_t room, n, rcvd = 0, overflow;
+ 
+ 	down_read(&tty->termios_rwsem);
+ 
 @@ -2583,6 +2583,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
  {
  	*ops = tty_ldisc_N_TTY;
@@ -121765,7 +121854,7 @@ index c10a9ee..c621a01 100644
  	return -ENOMEM;
  }
 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 3939dd2..d99c89d 100644
+index 3939dd2..ea4fbed 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -178,7 +178,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
@@ -121786,7 +121875,20 @@ index 3939dd2..d99c89d 100644
  	.autoconf		= 1,
  	.force_mld_version	= 0,
  	.mldv1_unsolicited_report_interval = 10 * HZ,
-@@ -636,7 +636,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
+@@ -349,6 +349,12 @@ static struct inet6_dev *ipv6_add_dev(struct net_device *dev)
+ 	setup_timer(&ndev->rs_timer, addrconf_rs_timer,
+ 		    (unsigned long)ndev);
+ 	memcpy(&ndev->cnf, dev_net(dev)->ipv6.devconf_dflt, sizeof(ndev->cnf));
++
++	if (ndev->cnf.stable_secret.initialized)
++		ndev->addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY;
++	else
++		ndev->addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64;
++
+ 	ndev->cnf.mtu6 = dev->mtu;
+ 	ndev->cnf.sysctl = NULL;
+ 	ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl);
+@@ -636,7 +642,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
  		idx = 0;
  		head = &net->dev_index_head[h];
  		rcu_read_lock();
@@ -121795,7 +121897,7 @@ index 3939dd2..d99c89d 100644
  			  net->dev_base_seq;
  		hlist_for_each_entry_rcu(dev, head, index_hlist) {
  			if (idx < s_idx)
-@@ -2576,7 +2576,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -2576,7 +2582,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
  		p.iph.ihl = 5;
  		p.iph.protocol = IPPROTO_IPV6;
  		p.iph.ttl = 64;
@@ -121804,7 +121906,7 @@ index 3939dd2..d99c89d 100644
  
  		if (ops->ndo_do_ioctl) {
  			mm_segment_t oldfs = get_fs();
-@@ -3844,16 +3844,23 @@ static const struct file_operations if6_fops = {
+@@ -3844,16 +3850,23 @@ static const struct file_operations if6_fops = {
  	.release	= seq_release_net,
  };
  
@@ -121829,7 +121931,7 @@ index 3939dd2..d99c89d 100644
  }
  
  static struct pernet_operations if6_proc_net_ops = {
-@@ -4472,7 +4479,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
+@@ -4472,7 +4485,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
  	s_ip_idx = ip_idx = cb->args[2];
  
  	rcu_read_lock();
@@ -121838,7 +121940,7 @@ index 3939dd2..d99c89d 100644
  	for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
  		idx = 0;
  		head = &net->dev_index_head[h];
-@@ -5140,7 +5147,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -5140,7 +5153,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
  		rt_genid_bump_ipv6(net);
  		break;
  	}
@@ -121847,7 +121949,7 @@ index 3939dd2..d99c89d 100644
  }
  
  static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
-@@ -5160,7 +5167,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -5160,7 +5173,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
  	int *valp = ctl->data;
  	int val = *valp;
  	loff_t pos = *ppos;
@@ -121856,7 +121958,7 @@ index 3939dd2..d99c89d 100644
  	int ret;
  
  	/*
-@@ -5185,7 +5192,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
+@@ -5185,7 +5198,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
  {
  	struct inet6_dev *idev = ctl->extra1;
  	int min_mtu = IPV6_MIN_MTU;
@@ -121865,7 +121967,7 @@ index 3939dd2..d99c89d 100644
  
  	lctl = *ctl;
  	lctl.extra1 = &min_mtu;
-@@ -5260,7 +5267,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -5260,7 +5273,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
  	int *valp = ctl->data;
  	int val = *valp;
  	loff_t pos = *ppos;
@@ -121874,7 +121976,7 @@ index 3939dd2..d99c89d 100644
  	int ret;
  
  	/*
-@@ -5325,7 +5332,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
+@@ -5325,7 +5338,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write,
  	int err;
  	struct in6_addr addr;
  	char str[IPV6_MAX_STRLEN];
@@ -121883,7 +121985,7 @@ index 3939dd2..d99c89d 100644
  	struct net *net = ctl->extra2;
  	struct ipv6_stable_secret *secret = ctl->data;
  
-@@ -5397,7 +5404,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
+@@ -5397,7 +5410,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
  	int *valp = ctl->data;
  	int val = *valp;
  	loff_t pos = *ppos;
@@ -124486,7 +124588,7 @@ index 26d50c5..dfae665 100644
  
  	table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
 diff --git a/net/socket.c b/net/socket.c
-index 9963a0b..aca2d16 100644
+index 9963a0b..b88ff74 100644
 --- a/net/socket.c
 +++ b/net/socket.c
 @@ -89,6 +89,7 @@
@@ -124687,7 +124789,15 @@ index 9963a0b..aca2d16 100644
  	int err, err2;
  	int fput_needed;
  
-@@ -1927,7 +1992,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
+@@ -1702,6 +1767,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
+ 	msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
+ 	/* We assume all kernel code knows the size of sockaddr_storage */
+ 	msg.msg_namelen = 0;
++	msg.msg_iocb = NULL;
+ 	if (sock->file->f_flags & O_NONBLOCK)
+ 		flags |= MSG_DONTWAIT;
+ 	err = sock_recvmsg(sock, &msg, iov_iter_count(&msg.msg_iter), flags);
+@@ -1927,7 +1993,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
  		 * checking falls down on this.
  		 */
  		if (copy_from_user(ctl_buf,
@@ -124696,7 +124806,7 @@ index 9963a0b..aca2d16 100644
  				   ctl_len))
  			goto out_freectl;
  		msg_sys->msg_control = ctl_buf;
-@@ -2077,7 +2142,7 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
+@@ -2077,7 +2143,7 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
  	ssize_t err;
  
  	/* kernel mode address */
@@ -124705,7 +124815,7 @@ index 9963a0b..aca2d16 100644
  
  	/* user mode address pointers */
  	struct sockaddr __user *uaddr;
-@@ -2722,7 +2787,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2722,7 +2788,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
  	ifr = compat_alloc_user_space(buf_size);
  	rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
  
@@ -124714,7 +124824,7 @@ index 9963a0b..aca2d16 100644
  		return -EFAULT;
  
  	if (put_user(convert_in ? rxnfc : compat_ptr(data),
-@@ -2833,7 +2898,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2833,7 +2899,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
  		old_fs = get_fs();
  		set_fs(KERNEL_DS);
  		err = dev_ioctl(net, cmd,
@@ -124723,7 +124833,7 @@ index 9963a0b..aca2d16 100644
  		set_fs(old_fs);
  
  		return err;
-@@ -2926,7 +2991,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -2926,7 +2992,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
  
  	old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -124732,7 +124842,7 @@ index 9963a0b..aca2d16 100644
  	set_fs(old_fs);
  
  	if (cmd == SIOCGIFMAP && !err) {
-@@ -3010,7 +3075,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3010,7 +3076,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
  		ret |= get_user(rtdev, &(ur4->rt_dev));
  		if (rtdev) {
  			ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -124741,7 +124851,7 @@ index 9963a0b..aca2d16 100644
  			devname[15] = 0;
  		} else
  			r4.rt_dev = NULL;
-@@ -3237,8 +3302,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3237,8 +3303,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
  	int __user *uoptlen;
  	int err;
  
@@ -124752,7 +124862,7 @@ index 9963a0b..aca2d16 100644
  
  	set_fs(KERNEL_DS);
  	if (level == SOL_SOCKET)
-@@ -3258,7 +3323,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3258,7 +3324,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
  	char __user *uoptval;
  	int err;
  
@@ -133880,10 +133990,10 @@ index 0000000..f74d85a
 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
 diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
 new file mode 100644
-index 0000000..eeb57be
+index 0000000..b7a7596
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
-@@ -0,0 +1,12429 @@
+@@ -0,0 +1,12431 @@
 +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
 +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
 +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -146313,6 +146423,8 @@ index 0000000..eeb57be
 +enable_so_rate_n_flags_iwlagn_tx_resp_63401 rate_n_flags iwlagn_tx_resp 0 63401 NULL
 +enable_so_iwlagn_hwrate_to_mac80211_idx_fndecl_57485 iwlagn_hwrate_to_mac80211_idx fndecl 0-1 57485 NULL
 +enable_so_rate_n_flags_iwl_rx_phy_info_45542 rate_n_flags iwl_rx_phy_info 0 45542 NULL
++enable_so_deh_location_reiserfs_de_head_7682 deh_location reiserfs_de_head 0 7682 NULL
++enable_so_deh_offset_reiserfs_de_head_42314 deh_offset reiserfs_de_head 0 42314 NULL
 diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
 new file mode 100644
 index 0000000..be9724d
@@ -148556,10 +148668,10 @@ index 0000000..fc58e16
 +}
 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
 new file mode 100644
-index 0000000..311b440
+index 0000000..7a7776b
 --- /dev/null
 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,21748 @@
+@@ -0,0 +1,21746 @@
 +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
 +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
 +enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL
@@ -151082,8 +151194,7 @@ index 0000000..311b440
 +enable_so_rds_sendmsg_fndecl_7675 rds_sendmsg fndecl 3 7675 NULL
 +enable_so_nfsd_max_blksize_vardecl_7678 nfsd_max_blksize vardecl 0 7678 NULL
 +enable_so_shmem_read_mapping_page_gfp_fndecl_7681 shmem_read_mapping_page_gfp fndecl 2 7681 NULL
-+enable_so_deh_location_reiserfs_de_head_7682 deh_location reiserfs_de_head 0 7682 NULL nohasharray
-+enable_so_UniStrnlen_fndecl_7682 UniStrnlen fndecl 0 7682 &enable_so_deh_location_reiserfs_de_head_7682
++enable_so_UniStrnlen_fndecl_7682 UniStrnlen fndecl 0 7682 NULL
 +enable_so_pm860x_page_bulk_read_fndecl_7685 pm860x_page_bulk_read fndecl 3 7685 NULL nohasharray
 +enable_so_l1oip_socket_send_fndecl_7685 l1oip_socket_send fndecl 7 7685 &enable_so_pm860x_page_bulk_read_fndecl_7685
 +enable_so_ipoib_dev_init_fndecl_7687 ipoib_dev_init fndecl 3 7687 NULL nohasharray
@@ -162643,8 +162754,7 @@ index 0000000..311b440
 +enable_so_ubi_more_leb_change_data_fndecl_42301 ubi_more_leb_change_data fndecl 4 42301 &enable_so_generic_cont_expand_simple_fndecl_42301
 +enable_so_dcache_dir_lseek_fndecl_42308 dcache_dir_lseek fndecl 2 42308 NULL nohasharray
 +enable_so_iwch_reg_user_mr_fndecl_42308 iwch_reg_user_mr fndecl 2-3 42308 &enable_so_dcache_dir_lseek_fndecl_42308
-+enable_so_deh_offset_reiserfs_de_head_42314 deh_offset reiserfs_de_head 0 42314 NULL nohasharray
-+enable_so_rproc_alloc_fndecl_42314 rproc_alloc fndecl 5 42314 &enable_so_deh_offset_reiserfs_de_head_42314
++enable_so_rproc_alloc_fndecl_42314 rproc_alloc fndecl 5 42314 NULL
 +enable_so_log_pg_sz_remote_qpn_mlx5_qp_context_42315 log_pg_sz_remote_qpn mlx5_qp_context 0 42315 NULL
 +enable_so_num_rcv_contexts_hfi1_devdata_42317 num_rcv_contexts hfi1_devdata 0 42317 NULL
 +enable_so_kvm_write_guest_page_fndecl_42320 kvm_write_guest_page fndecl 2-5 42320 NULL nohasharray