Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/3.2.55
diff options
context:
space:
mode:
Diffstat (limited to '3.2.55')
-rw-r--r--3.2.55/0000_README2
-rw-r--r--3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch (renamed from 3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch)196
2 files changed, 162 insertions, 36 deletions
diff --git a/3.2.55/0000_README b/3.2.55/0000_README
index 943c944..f58c905 100644
--- a/3.2.55/0000_README
+++ b/3.2.55/0000_README
@@ -138,7 +138,7 @@ Patch: 1054_linux-3.2.55.patch
From: http://www.kernel.org
Desc: Linux 3.2.55
-Patch: 4420_grsecurity-3.0-3.2.55-201402192249.patch
+Patch: 4420_grsecurity-3.0-3.2.55-201402221305.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch
index 598b438..8c95615 100644
--- a/3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch
+++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch
@@ -34290,7 +34290,7 @@ index da3cfee..a5a6606 100644
*ppos = i;
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index c244f0e..2080073 100644
+index c244f0e..05e9c5e 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -255,10 +255,8 @@
@@ -34557,7 +34557,7 @@ index c244f0e..2080073 100644
/**********************************************************************
*
* OS independent entropy store. Here are the functions which handle
-@@ -421,22 +425,26 @@ module_param(debug, bool, 0644);
+@@ -421,31 +425,35 @@ module_param(debug, bool, 0644);
struct entropy_store;
struct entropy_store {
/* read-only data: */
@@ -34584,11 +34584,15 @@ index c244f0e..2080073 100644
__u8 last_data[EXTRACT_SIZE];
};
+-static __u32 input_pool_data[INPUT_POOL_WORDS];
+-static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
+-static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
+static void push_to_pool(struct work_struct *work);
- static __u32 input_pool_data[INPUT_POOL_WORDS];
- static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
- static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
-@@ -445,7 +453,7 @@ static struct entropy_store input_pool = {
++static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
++static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
++static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
+
+ static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
.name = "input",
.limit = 1,
@@ -52713,7 +52717,7 @@ index a6395bd..f1e376a 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 8dd615c..52ad259 100644
+index 8dd615c..3ecdf113 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -52724,6 +52728,15 @@ index 8dd615c..52ad259 100644
#include <asm/uaccess.h>
#include <asm/param.h>
#include <asm/page.h>
+@@ -39,7 +40,7 @@
+ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
+ static int load_elf_library(struct file *);
+ static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
+- int, int, unsigned long);
++ int, int, unsigned long) __intentional_overflow(-1);
+
+ /*
+ * If we don't support core dumping, then supply a NULL so we
@@ -51,6 +52,14 @@ static int elf_core_dump(struct coredump_params *cprm);
#define elf_core_dump NULL
#endif
@@ -74957,11 +74970,18 @@ index d42bd48..554dcd5 100644
/*
* epoll (fs/eventpoll.c) compat bits follow ...
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index 643d6c4..289dbb3 100644
+index 643d6c4..3c5171b 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
-@@ -46,6 +46,26 @@
- #endif
+@@ -39,13 +39,29 @@
+ *
+ * (asm goto is automatically volatile - the naming reflects this.)
+ */
+-#if GCC_VERSION <= 40801
+ # define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
+-#else
+-# define asm_volatile_goto(x...) do { asm goto(x); } while (0)
+-#endif
#if __GNUC_MINOR__ >= 5
+
@@ -74987,7 +75007,7 @@ index 643d6c4..289dbb3 100644
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -61,6 +81,11 @@
+@@ -61,6 +77,11 @@
#define __noclone __attribute__((__noclone__))
#endif
@@ -81223,7 +81243,7 @@ index 1a6201a..66d9531 100644
static inline int rate_supported(struct ieee80211_sta *sta,
enum ieee80211_band band,
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
-index 2720884..bbc0141 100644
+index 2720884..0dc13cd 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -122,7 +122,7 @@ struct neigh_ops {
@@ -81235,7 +81255,15 @@ index 2720884..bbc0141 100644
struct pneigh_entry {
struct pneigh_entry *next;
-@@ -176,7 +176,7 @@ struct neigh_table {
+@@ -160,7 +160,6 @@ struct neigh_table {
+ void (*proxy_redo)(struct sk_buff *skb);
+ char *id;
+ struct neigh_parms parms;
+- /* HACK. gc_* should follow parms without a gap! */
+ int gc_interval;
+ int gc_thresh1;
+ int gc_thresh2;
+@@ -176,7 +175,7 @@ struct neigh_table {
struct neigh_statistics __percpu *stats;
struct neigh_hash_table __rcu *nht;
struct pneigh_entry **phash_buckets;
@@ -97243,6 +97271,27 @@ index 139ef93..7afaa2f 100644
return -EFAULT;
m->msg_iov = iov;
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c
+index 0ea3fd3..d87fef1 100644
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -2803,11 +2803,12 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
+ /* Terminate the table early */
+ memset(&t->neigh_vars[14], 0, sizeof(t->neigh_vars[14]));
+ } else {
++ struct neigh_table *ntable = container_of(p, struct neigh_table, parms);
+ dev_name_source = neigh_path[NEIGH_CTL_PATH_DEV].procname;
+- t->neigh_vars[14].data = (int *)(p + 1);
+- t->neigh_vars[15].data = (int *)(p + 1) + 1;
+- t->neigh_vars[16].data = (int *)(p + 1) + 2;
+- t->neigh_vars[17].data = (int *)(p + 1) + 3;
++ t->neigh_vars[14].data = &ntable->gc_interval;
++ t->neigh_vars[15].data = &ntable->gc_thresh1;
++ t->neigh_vars[16].data = &ntable->gc_thresh2;
++ t->neigh_vars[17].data = &ntable->gc_thresh3;
+ }
+
+
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index 0329404..ab4e13a 100644
--- a/net/core/net-sysfs.c
@@ -107829,10 +107878,10 @@ index 0000000..4f67ac1
+}
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
new file mode 100644
-index 0000000..312d3b6
+index 0000000..af12645
--- /dev/null
+++ b/tools/gcc/gcc-common.h
-@@ -0,0 +1,268 @@
+@@ -0,0 +1,274 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -108070,8 +108119,14 @@ index 0000000..312d3b6
+#endif
+
+#if BUILDING_GCC_VERSION <= 4008
-+#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN)
-+#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN)
++#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN)
++#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN)
++#define basic_block_info_for_fn(FN) ((FN)->cfg->x_basic_block_info)
++#define n_basic_blocks_for_fn(FN) ((FN)->cfg->x_n_basic_blocks)
++#define n_edges_for_fn(FN) ((FN)->cfg->x_n_edges)
++#define last_basic_block_for_fn(FN) ((FN)->cfg->x_last_basic_block)
++#define label_to_block_map_for_fn(FN) ((FN)->cfg->x_label_to_block_map)
++#define profile_status_for_fn(FN) ((FN)->cfg->x_profile_status)
+
+static inline const char *get_tree_code_name(enum tree_code code)
+{
@@ -108930,10 +108985,10 @@ index 0000000..dd73713
+}
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
new file mode 100644
-index 0000000..515d689
+index 0000000..7e39d81
--- /dev/null
+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,337 @@
+@@ -0,0 +1,403 @@
+/*
+ * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -108944,7 +108999,7 @@ index 0000000..515d689
+ * any of the gcc libraries
+ *
+ * gcc plugin to help generate a little bit of entropy from program state,
-+ * used during boot in the kernel
++ * used throughout the uptime of the kernel
+ *
+ * TODO:
+ * - add ipa pass to identify not explicitly marked candidate functions
@@ -108962,19 +109017,30 @@ index 0000000..515d689
+static tree latent_entropy_decl;
+
+static struct plugin_info latent_entropy_plugin_info = {
-+ .version = "201402131900",
++ .version = "201402210120",
+ .help = NULL
+};
+
+static unsigned HOST_WIDE_INT seed;
+static unsigned HOST_WIDE_INT get_random_const(void)
+{
-+ seed = (seed >> 1U) ^ (-(seed & 1ULL) & 0xD800000000000000ULL);
-+ return seed;
++ unsigned int i;
++ unsigned HOST_WIDE_INT ret = 0;
++
++ for (i = 0; i < 8 * sizeof ret; i++) {
++ ret = (ret << 1) | (seed & 1);
++ seed >>= 1;
++ if (ret & 1)
++ seed ^= 0xD800000000000000ULL;
++ }
++
++ return ret;
+}
+
+static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
+{
++ tree type;
++
+ switch (TREE_CODE(*node)) {
+ default:
+ *no_add_attrs = true;
@@ -108987,7 +109053,65 @@ index 0000000..515d689
+ error("variable %qD with %qE attribute must not be initialized", *node, name);
+ break;
+ }
-+ DECL_INITIAL(*node) = build_int_cstu(long_long_unsigned_type_node, get_random_const());
++
++ if (!TREE_STATIC(*node)) {
++ *no_add_attrs = true;
++ error("variable %qD with %qE attribute must not be local", *node, name);
++ break;
++ }
++
++ type = TREE_TYPE(*node);
++ switch (TREE_CODE(type)) {
++ default:
++ *no_add_attrs = true;
++ error("variable %qD with %qE attribute must be an integer or a fixed length integer array type", *node, name);
++ break;
++
++ case INTEGER_TYPE:
++ DECL_INITIAL(*node) = build_int_cstu(type, get_random_const());
++ break;
++
++ case ARRAY_TYPE: {
++ tree elt_type, array_size, elt_size;
++ unsigned long long mask;
++ unsigned int i, nelt;
++#if BUILDING_GCC_VERSION <= 4007
++ VEC(constructor_elt, gc) *vals;
++#else
++ vec<constructor_elt, va_gc> *vals;
++#endif
++
++ elt_type = TREE_TYPE(type);
++ elt_size = TYPE_SIZE_UNIT(TREE_TYPE(type));
++ array_size = TYPE_SIZE_UNIT(type);
++
++ if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) {
++ *no_add_attrs = true;
++ error("variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
++ break;
++ }
++
++ nelt = TREE_INT_CST_LOW(array_size) / TREE_INT_CST_LOW(elt_size);
++#if BUILDING_GCC_VERSION <= 4007
++ vals = VEC_alloc(constructor_elt, gc, nelt);
++#else
++ vec_alloc(vals, nelt);
++#endif
++
++ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(elt_type)) - 1);
++ mask = 2 * (mask - 1) + 1;
++
++ for (i = 0; i < nelt; i++)
++ if (TYPE_UNSIGNED(elt_type))
++ CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cstu(elt_type, mask & get_random_const()));
++ else
++ CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cst(elt_type, mask & get_random_const()));
++
++ DECL_INITIAL(*node) = build_constructor(type, vals);
++//debug_tree(DECL_INITIAL(*node));
++ break;
++ }
++ }
+ break;
+
+ case FUNCTION_DECL:
@@ -109017,10 +109141,7 @@ index 0000000..515d689
+
+static bool gate_latent_entropy(void)
+{
-+ tree latent_entropy_attr;
-+
-+ latent_entropy_attr = lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl));
-+ return latent_entropy_attr != NULL_TREE;
++ return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
+}
+
+static enum tree_code get_op(tree *rhs)
@@ -109273,10 +109394,10 @@ index 0000000..515d689
+}
diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
new file mode 100644
-index 0000000..bc490ca
+index 0000000..8dafb22
--- /dev/null
+++ b/tools/gcc/randomize_layout_plugin.c
-@@ -0,0 +1,906 @@
+@@ -0,0 +1,910 @@
+/*
+ * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
+ * and PaX Team <pageexec@freemail.hu>
@@ -109305,7 +109426,7 @@ index 0000000..bc490ca
+static int performance_mode;
+
+static struct plugin_info randomize_layout_plugin_info = {
-+ .version = "201402061950",
++ .version = "201402201816",
+ .help = "disable\t\t\tdo not activate plugin\n"
+ "performance-mode\tenable cacheline-aware layout randomization\n"
+};
@@ -109842,6 +109963,10 @@ index 0000000..bc490ca
+ continue;
+ }
+
++ /* pipacs' plugin creates franken-arrays that differ from those produced by
++ normal code which all have valid 'field' trees. work around this */
++ if (field == NULL_TREE)
++ continue;
+ field_type = TREE_TYPE(field);
+ val_type = TREE_TYPE(val);
+
@@ -120249,10 +120374,10 @@ index 0000000..4aab36f
+}
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
new file mode 100644
-index 0000000..e684c74
+index 0000000..5c0b937
--- /dev/null
+++ b/tools/gcc/stackleak_plugin.c
-@@ -0,0 +1,373 @@
+@@ -0,0 +1,374 @@
+/*
+ * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -120406,7 +120531,8 @@ index 0000000..e684c74
+ body = XEXP(body, 0);
+ if (GET_CODE(body) != SYMBOL_REF)
+ continue;
-+ if (strcmp(XSTR(body, 0), track_function))
++// if (strcmp(XSTR(body, 0), track_function))
++ if (SYMBOL_REF_DECL(body) != track_function_decl)
+ continue;
+// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size);
+ // 2. delete call
@@ -120479,7 +120605,7 @@ index 0000000..e684c74
+ .properties_provided = 0,
+ .properties_destroyed = 0,
+ .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts,
-+ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa
++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa | TODO_rebuild_cgraph_edges
+#if BUILDING_GCC_VERSION < 4009
+ }
+#endif