diff options
Diffstat (limited to '3.2.55')
-rw-r--r-- | 3.2.55/0000_README | 2 | ||||
-rw-r--r-- | 3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch (renamed from 3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch) | 196 |
2 files changed, 162 insertions, 36 deletions
diff --git a/3.2.55/0000_README b/3.2.55/0000_README index 943c944..f58c905 100644 --- a/3.2.55/0000_README +++ b/3.2.55/0000_README @@ -138,7 +138,7 @@ Patch: 1054_linux-3.2.55.patch From: http://www.kernel.org Desc: Linux 3.2.55 -Patch: 4420_grsecurity-3.0-3.2.55-201402192249.patch +Patch: 4420_grsecurity-3.0-3.2.55-201402221305.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch index 598b438..8c95615 100644 --- a/3.2.55/4420_grsecurity-3.0-3.2.55-201402192249.patch +++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201402221305.patch @@ -34290,7 +34290,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index c244f0e..2080073 100644 +index c244f0e..05e9c5e 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -255,10 +255,8 @@ @@ -34557,7 +34557,7 @@ index c244f0e..2080073 100644 /********************************************************************** * * OS independent entropy store. Here are the functions which handle -@@ -421,22 +425,26 @@ module_param(debug, bool, 0644); +@@ -421,31 +425,35 @@ module_param(debug, bool, 0644); struct entropy_store; struct entropy_store { /* read-only data: */ @@ -34584,11 +34584,15 @@ index c244f0e..2080073 100644 __u8 last_data[EXTRACT_SIZE]; }; +-static __u32 input_pool_data[INPUT_POOL_WORDS]; +-static __u32 blocking_pool_data[OUTPUT_POOL_WORDS]; +-static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS]; +static void push_to_pool(struct work_struct *work); - static __u32 input_pool_data[INPUT_POOL_WORDS]; - static __u32 blocking_pool_data[OUTPUT_POOL_WORDS]; - static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS]; -@@ -445,7 +453,7 @@ static struct entropy_store input_pool = { ++static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy; ++static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy; ++static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy; + + static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], .name = "input", .limit = 1, @@ -52713,7 +52717,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 8dd615c..52ad259 100644 +index 8dd615c..3ecdf113 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -52724,6 +52728,15 @@ index 8dd615c..52ad259 100644 #include <asm/uaccess.h> #include <asm/param.h> #include <asm/page.h> +@@ -39,7 +40,7 @@ + static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs); + static int load_elf_library(struct file *); + static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *, +- int, int, unsigned long); ++ int, int, unsigned long) __intentional_overflow(-1); + + /* + * If we don't support core dumping, then supply a NULL so we @@ -51,6 +52,14 @@ static int elf_core_dump(struct coredump_params *cprm); #define elf_core_dump NULL #endif @@ -74957,11 +74970,18 @@ index d42bd48..554dcd5 100644 /* * epoll (fs/eventpoll.c) compat bits follow ... diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index 643d6c4..289dbb3 100644 +index 643d6c4..3c5171b 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -46,6 +46,26 @@ - #endif +@@ -39,13 +39,29 @@ + * + * (asm goto is automatically volatile - the naming reflects this.) + */ +-#if GCC_VERSION <= 40801 + # define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) +-#else +-# define asm_volatile_goto(x...) do { asm goto(x); } while (0) +-#endif #if __GNUC_MINOR__ >= 5 + @@ -74987,7 +75007,7 @@ index 643d6c4..289dbb3 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -61,6 +81,11 @@ +@@ -61,6 +77,11 @@ #define __noclone __attribute__((__noclone__)) #endif @@ -81223,7 +81243,7 @@ index 1a6201a..66d9531 100644 static inline int rate_supported(struct ieee80211_sta *sta, enum ieee80211_band band, diff --git a/include/net/neighbour.h b/include/net/neighbour.h -index 2720884..bbc0141 100644 +index 2720884..0dc13cd 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -122,7 +122,7 @@ struct neigh_ops { @@ -81235,7 +81255,15 @@ index 2720884..bbc0141 100644 struct pneigh_entry { struct pneigh_entry *next; -@@ -176,7 +176,7 @@ struct neigh_table { +@@ -160,7 +160,6 @@ struct neigh_table { + void (*proxy_redo)(struct sk_buff *skb); + char *id; + struct neigh_parms parms; +- /* HACK. gc_* should follow parms without a gap! */ + int gc_interval; + int gc_thresh1; + int gc_thresh2; +@@ -176,7 +175,7 @@ struct neigh_table { struct neigh_statistics __percpu *stats; struct neigh_hash_table __rcu *nht; struct pneigh_entry **phash_buckets; @@ -97243,6 +97271,27 @@ index 139ef93..7afaa2f 100644 return -EFAULT; m->msg_iov = iov; +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index 0ea3fd3..d87fef1 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -2803,11 +2803,12 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, + /* Terminate the table early */ + memset(&t->neigh_vars[14], 0, sizeof(t->neigh_vars[14])); + } else { ++ struct neigh_table *ntable = container_of(p, struct neigh_table, parms); + dev_name_source = neigh_path[NEIGH_CTL_PATH_DEV].procname; +- t->neigh_vars[14].data = (int *)(p + 1); +- t->neigh_vars[15].data = (int *)(p + 1) + 1; +- t->neigh_vars[16].data = (int *)(p + 1) + 2; +- t->neigh_vars[17].data = (int *)(p + 1) + 3; ++ t->neigh_vars[14].data = &ntable->gc_interval; ++ t->neigh_vars[15].data = &ntable->gc_thresh1; ++ t->neigh_vars[16].data = &ntable->gc_thresh2; ++ t->neigh_vars[17].data = &ntable->gc_thresh3; + } + + diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c index 0329404..ab4e13a 100644 --- a/net/core/net-sysfs.c @@ -107829,10 +107878,10 @@ index 0000000..4f67ac1 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..312d3b6 +index 0000000..af12645 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,268 @@ +@@ -0,0 +1,274 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -108070,8 +108119,14 @@ index 0000000..312d3b6 +#endif + +#if BUILDING_GCC_VERSION <= 4008 -+#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN) -+#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN) ++#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN) ++#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN) ++#define basic_block_info_for_fn(FN) ((FN)->cfg->x_basic_block_info) ++#define n_basic_blocks_for_fn(FN) ((FN)->cfg->x_n_basic_blocks) ++#define n_edges_for_fn(FN) ((FN)->cfg->x_n_edges) ++#define last_basic_block_for_fn(FN) ((FN)->cfg->x_last_basic_block) ++#define label_to_block_map_for_fn(FN) ((FN)->cfg->x_label_to_block_map) ++#define profile_status_for_fn(FN) ((FN)->cfg->x_profile_status) + +static inline const char *get_tree_code_name(enum tree_code code) +{ @@ -108930,10 +108985,10 @@ index 0000000..dd73713 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..515d689 +index 0000000..7e39d81 --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,337 @@ +@@ -0,0 +1,403 @@ +/* + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -108944,7 +108999,7 @@ index 0000000..515d689 + * any of the gcc libraries + * + * gcc plugin to help generate a little bit of entropy from program state, -+ * used during boot in the kernel ++ * used throughout the uptime of the kernel + * + * TODO: + * - add ipa pass to identify not explicitly marked candidate functions @@ -108962,19 +109017,30 @@ index 0000000..515d689 +static tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201402131900", ++ .version = "201402210120", + .help = NULL +}; + +static unsigned HOST_WIDE_INT seed; +static unsigned HOST_WIDE_INT get_random_const(void) +{ -+ seed = (seed >> 1U) ^ (-(seed & 1ULL) & 0xD800000000000000ULL); -+ return seed; ++ unsigned int i; ++ unsigned HOST_WIDE_INT ret = 0; ++ ++ for (i = 0; i < 8 * sizeof ret; i++) { ++ ret = (ret << 1) | (seed & 1); ++ seed >>= 1; ++ if (ret & 1) ++ seed ^= 0xD800000000000000ULL; ++ } ++ ++ return ret; +} + +static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) +{ ++ tree type; ++ + switch (TREE_CODE(*node)) { + default: + *no_add_attrs = true; @@ -108987,7 +109053,65 @@ index 0000000..515d689 + error("variable %qD with %qE attribute must not be initialized", *node, name); + break; + } -+ DECL_INITIAL(*node) = build_int_cstu(long_long_unsigned_type_node, get_random_const()); ++ ++ if (!TREE_STATIC(*node)) { ++ *no_add_attrs = true; ++ error("variable %qD with %qE attribute must not be local", *node, name); ++ break; ++ } ++ ++ type = TREE_TYPE(*node); ++ switch (TREE_CODE(type)) { ++ default: ++ *no_add_attrs = true; ++ error("variable %qD with %qE attribute must be an integer or a fixed length integer array type", *node, name); ++ break; ++ ++ case INTEGER_TYPE: ++ DECL_INITIAL(*node) = build_int_cstu(type, get_random_const()); ++ break; ++ ++ case ARRAY_TYPE: { ++ tree elt_type, array_size, elt_size; ++ unsigned long long mask; ++ unsigned int i, nelt; ++#if BUILDING_GCC_VERSION <= 4007 ++ VEC(constructor_elt, gc) *vals; ++#else ++ vec<constructor_elt, va_gc> *vals; ++#endif ++ ++ elt_type = TREE_TYPE(type); ++ elt_size = TYPE_SIZE_UNIT(TREE_TYPE(type)); ++ array_size = TYPE_SIZE_UNIT(type); ++ ++ if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) { ++ *no_add_attrs = true; ++ error("variable %qD with %qE attribute must be a fixed length integer array type", *node, name); ++ break; ++ } ++ ++ nelt = TREE_INT_CST_LOW(array_size) / TREE_INT_CST_LOW(elt_size); ++#if BUILDING_GCC_VERSION <= 4007 ++ vals = VEC_alloc(constructor_elt, gc, nelt); ++#else ++ vec_alloc(vals, nelt); ++#endif ++ ++ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(elt_type)) - 1); ++ mask = 2 * (mask - 1) + 1; ++ ++ for (i = 0; i < nelt; i++) ++ if (TYPE_UNSIGNED(elt_type)) ++ CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cstu(elt_type, mask & get_random_const())); ++ else ++ CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cst(elt_type, mask & get_random_const())); ++ ++ DECL_INITIAL(*node) = build_constructor(type, vals); ++//debug_tree(DECL_INITIAL(*node)); ++ break; ++ } ++ } + break; + + case FUNCTION_DECL: @@ -109017,10 +109141,7 @@ index 0000000..515d689 + +static bool gate_latent_entropy(void) +{ -+ tree latent_entropy_attr; -+ -+ latent_entropy_attr = lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)); -+ return latent_entropy_attr != NULL_TREE; ++ return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE; +} + +static enum tree_code get_op(tree *rhs) @@ -109273,10 +109394,10 @@ index 0000000..515d689 +} diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c new file mode 100644 -index 0000000..bc490ca +index 0000000..8dafb22 --- /dev/null +++ b/tools/gcc/randomize_layout_plugin.c -@@ -0,0 +1,906 @@ +@@ -0,0 +1,910 @@ +/* + * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net> + * and PaX Team <pageexec@freemail.hu> @@ -109305,7 +109426,7 @@ index 0000000..bc490ca +static int performance_mode; + +static struct plugin_info randomize_layout_plugin_info = { -+ .version = "201402061950", ++ .version = "201402201816", + .help = "disable\t\t\tdo not activate plugin\n" + "performance-mode\tenable cacheline-aware layout randomization\n" +}; @@ -109842,6 +109963,10 @@ index 0000000..bc490ca + continue; + } + ++ /* pipacs' plugin creates franken-arrays that differ from those produced by ++ normal code which all have valid 'field' trees. work around this */ ++ if (field == NULL_TREE) ++ continue; + field_type = TREE_TYPE(field); + val_type = TREE_TYPE(val); + @@ -120249,10 +120374,10 @@ index 0000000..4aab36f +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..e684c74 +index 0000000..5c0b937 --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,373 @@ +@@ -0,0 +1,374 @@ +/* + * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -120406,7 +120531,8 @@ index 0000000..e684c74 + body = XEXP(body, 0); + if (GET_CODE(body) != SYMBOL_REF) + continue; -+ if (strcmp(XSTR(body, 0), track_function)) ++// if (strcmp(XSTR(body, 0), track_function)) ++ if (SYMBOL_REF_DECL(body) != track_function_decl) + continue; +// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size); + // 2. delete call @@ -120479,7 +120605,7 @@ index 0000000..e684c74 + .properties_provided = 0, + .properties_destroyed = 0, + .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts, -+ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa ++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa | TODO_rebuild_cgraph_edges +#if BUILDING_GCC_VERSION < 4009 + } +#endif |