diff options
Diffstat (limited to '3.2.69')
-rw-r--r-- | 3.2.69/0000_README | 2 | ||||
-rw-r--r-- | 3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch (renamed from 3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch) | 138 |
2 files changed, 119 insertions, 21 deletions
diff --git a/3.2.69/0000_README b/3.2.69/0000_README index 1521b73..05b7791 100644 --- a/3.2.69/0000_README +++ b/3.2.69/0000_README @@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch From: http://www.kernel.org Desc: Linux 3.2.69 -Patch: 4420_grsecurity-3.1-3.2.69-201506232100.patch +Patch: 4420_grsecurity-3.1-3.2.69-201506262041.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch index 873b401..ce279a5 100644 --- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch +++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch @@ -6836,10 +6836,23 @@ index 1df64a8..aea2a39 100644 }; diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index c70b3d8..d01c6b3 100644 +index c70b3d8..d7d5b01 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c -@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -60,6 +60,12 @@ static inline int mmap_is_legacy(void) + + static unsigned long mmap_rnd(void) + { ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ return 0; ++#endif ++ + if (!(current->flags & PF_RANDOMIZE)) + return 0; + /* 8MB randomization for mmap_base */ +@@ -92,10 +98,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -6862,7 +6875,7 @@ index c70b3d8..d01c6b3 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } -@@ -175,10 +187,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -175,10 +193,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -28417,7 +28430,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 351590e..a1132fb 100644 +index 351590e..825bba9 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -28609,10 +28622,10 @@ index 351590e..a1132fb 100644 +#ifdef CONFIG_PAX_KERNEXEC + if (init_mm.start_code <= address && address < init_mm.end_code) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", + current->comm, task_pid_nr(current), current_uid(), current_euid()); + } +#endif @@ -28787,8 +28800,8 @@ index 351590e..a1132fb 100644 + return; + } + if (address < pax_user_shadow_base) { -+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); -+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); ++ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n"); ++ printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip); + show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); + } else + address -= pax_user_shadow_base; @@ -49651,7 +49664,7 @@ index 4169c8b..a8b896b 100644 ddb_entry->default_relogin_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 831db24..aef1598 100644 +index 831db24..1b88f70 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -655,7 +655,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) @@ -49663,6 +49676,15 @@ index 831db24..aef1598 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { +@@ -837,7 +837,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd) + + good_bytes = scsi_bufflen(cmd); + if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) { +- int old_good_bytes = good_bytes; ++ unsigned int old_good_bytes = good_bytes; + drv = scsi_cmd_to_driver(cmd); + if (drv->done) + good_bytes = drv->done(cmd); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index f6a464a..797b84d 100644 --- a/drivers/scsi/scsi_lib.c @@ -49817,9 +49839,27 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 5c6b5f5..475317d 100644 +index 5c6b5f5..015ec9d 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c +@@ -105,7 +105,7 @@ static void sd_shutdown(struct device *); + static int sd_suspend(struct device *, pm_message_t state); + static int sd_resume(struct device *); + static void sd_rescan(struct device *); +-static int sd_done(struct scsi_cmnd *); ++static unsigned int sd_done(struct scsi_cmnd *); + static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer); + static void scsi_disk_release(struct device *cdev); + static void sd_print_sense_hdr(struct scsi_disk *, struct scsi_sense_hdr *); +@@ -1390,7 +1390,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd) + * + * Note: potentially run from within an ISR. Must not block. + **/ +-static int sd_done(struct scsi_cmnd *SCpnt) ++static unsigned int sd_done(struct scsi_cmnd *SCpnt) + { + int result = SCpnt->result; + unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt); @@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev) device_initialize(&sdkp->dev); sdkp->dev.parent = dev; @@ -49860,6 +49900,34 @@ index 2d25616..7502cde 100644 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); if (!sg_proc_sgp) +diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c +index 5fc97d2..5f26ccd 100644 +--- a/drivers/scsi/sr.c ++++ b/drivers/scsi/sr.c +@@ -78,7 +78,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM); + static DEFINE_MUTEX(sr_mutex); + static int sr_probe(struct device *); + static int sr_remove(struct device *); +-static int sr_done(struct scsi_cmnd *); ++static unsigned int sr_done(struct scsi_cmnd *); + + static struct scsi_driver sr_template = { + .owner = THIS_MODULE, +@@ -296,11 +296,11 @@ do_tur: + * It will be notified on the end of a SCSI read / write, and will take one + * of several actions based on success or failure. + */ +-static int sr_done(struct scsi_cmnd *SCpnt) ++static unsigned int sr_done(struct scsi_cmnd *SCpnt) + { + int result = SCpnt->result; +- int this_count = scsi_bufflen(SCpnt); +- int good_bytes = (result == 0 ? this_count : 0); ++ unsigned int this_count = scsi_bufflen(SCpnt); ++ unsigned int good_bytes = (result == 0 ? this_count : 0); + int block_sectors = 0; + long error_sector; + struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c new file mode 100644 index 0000000..06c9d30 @@ -59288,7 +59356,7 @@ index 451b9b8..12e5a03 100644 out_free_fd: diff --git a/fs/exec.c b/fs/exec.c -index 7adb43f..9b2005c 100644 +index 7adb43f..be703f8 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,12 +55,35 @@ @@ -60069,12 +60137,12 @@ index 7adb43f..9b2005c 100644 +void pax_report_refcount_overflow(struct pt_regs *regs) +{ + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", ++ printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); + else -+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", ++ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", + current->comm, task_pid_nr(current), current_uid(), current_euid()); -+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); ++ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); + preempt_disable(); + show_regs(regs); + preempt_enable(); @@ -60133,10 +60201,10 @@ index 7adb43f..9b2005c 100644 +static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) +{ + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", ++ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", + ¤t->signal->curr_ip, to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); + else -+ printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", ++ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", + to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); + dump_stack(); + gr_handle_kernel_exploit(); @@ -60235,7 +60303,7 @@ index 7adb43f..9b2005c 100644 +#ifdef CONFIG_PAX_SIZE_OVERFLOW +void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) +{ -+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); ++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); + dump_stack(); + do_group_exit(SIGKILL); +} @@ -87940,6 +88008,19 @@ index 377ba61..1b6890c 100644 struct device sdev_gendev, sdev_dev; +diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h +index 9fd6702..52e04b7 100644 +--- a/include/scsi/scsi_driver.h ++++ b/include/scsi/scsi_driver.h +@@ -15,7 +15,7 @@ struct scsi_driver { + struct device_driver gendrv; + + void (*rescan)(struct device *); +- int (*done)(struct scsi_cmnd *); ++ unsigned int (*done)(struct scsi_cmnd *); + }; + #define to_scsi_driver(drv) \ + container_of((drv), struct scsi_driver, gendrv) diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h index 2a65167..91e01f8 100644 --- a/include/scsi/scsi_transport_fc.h @@ -96477,6 +96558,23 @@ index 6a110e2..799667a 100644 bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); if (!bd->dbuf) +diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c +index 476c65a..b4c50e8 100644 +--- a/lib/decompress_unlzma.c ++++ b/lib/decompress_unlzma.c +@@ -39,10 +39,10 @@ + + #define MIN(a, b) (((a) < (b)) ? (a) : (b)) + +-static long long INIT read_int(unsigned char *ptr, int size) ++static unsigned long long INIT read_int(unsigned char *ptr, int size) + { + int i; +- long long ret = 0; ++ unsigned long long ret = 0; + + for (i = 0; i < size; i++) + ret = (ret << 8) | ptr[size-i-1]; diff --git a/lib/devres.c b/lib/devres.c index 7c0e953..f642b5c 100644 --- a/lib/devres.c @@ -116469,7 +116567,7 @@ index 0000000..da184c5 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..77f8462 +index 0000000..1d20e32 --- /dev/null +++ b/tools/gcc/gcc-common.h @@ -0,0 +1,689 @@ @@ -116633,7 +116731,7 @@ index 0000000..77f8462 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) + +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 @@ -116873,6 +116971,7 @@ index 0000000..77f8462 +} + +#define ipa_remove_stmt_references(cnode, stmt) ++ +typedef union gimple_statement_d gasm; +typedef union gimple_statement_d gassign; +typedef union gimple_statement_d gcall; @@ -116894,7 +116993,6 @@ index 0000000..77f8462 +#define create_var_ann(var) +#define TODO_dump_func 0 +#define TODO_dump_cgraph 0 -+ +#endif + +#if BUILDING_GCC_VERSION <= 4009 |