diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-06-27 16:59:02 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-06-27 16:59:02 -0400 |
| commit | 64f3a8be94f41fda576330ff3523e035c3c0ebbd (patch) | |
| tree | c52a387ad2e39ba2f563cb1fdd6f3c84d95b9459 | |
| parent | Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-201506232104 (diff) | |
| download | hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.tar.gz hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.tar.bz2 hardened-patchset-64f3a8be94f41fda576330ff3523e035c3c0ebbd.zip | |
Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-20150626204720150626
| -rw-r--r-- | 3.14.45/0000_README | 2 | ||||
| -rw-r--r-- | 3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch (renamed from 3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch) | 222 | ||||
| -rw-r--r-- | 3.14.45/4435_grsec-mute-warnings.patch | 9 | ||||
| -rw-r--r-- | 3.2.69/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch (renamed from 3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch) | 138 | ||||
| -rw-r--r-- | 4.0.6/0000_README | 2 | ||||
| -rw-r--r-- | 4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch (renamed from 4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch) | 85 |
7 files changed, 366 insertions, 94 deletions
diff --git a/3.14.45/0000_README b/3.14.45/0000_README index 53a1411..b4be2cb 100644 --- a/3.14.45/0000_README +++ b/3.14.45/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-3.14.45-201506232103.patch +Patch: 4420_grsecurity-3.1-3.14.45-201506262046.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch index fe15fa1..47c91dd 100644 --- a/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch +++ b/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch @@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index c92186c..a387fb0 100644 +index c92186c..34822ca 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -304,7 +304,7 @@ index c92186c..a387fb0 100644 HOSTCXX = g++ -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu89 -HOSTCXXFLAGS = -O2 -+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 ++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks +HOSTCFLAGS += $(call cc-option, -Wno-empty-body) +HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds @@ -3947,7 +3947,7 @@ index 4370933..e77848e 100644 atomic64_set(&mm->context.id, asid); } diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index eb8830a..e8ff52e 100644 +index eb8830a..e39c4bd 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,7 @@ @@ -3965,10 +3965,10 @@ index eb8830a..e8ff52e 100644 +#ifdef CONFIG_PAX_MEMORY_UDEREF + if (addr < TASK_SIZE) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); + } +#endif @@ -3979,10 +3979,10 @@ index eb8830a..e8ff52e 100644 + (MODULES_VADDR <= addr && addr < MODULES_END))) + { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); + } +#endif @@ -4045,10 +4045,10 @@ index eb8830a..e8ff52e 100644 +#ifdef CONFIG_PAX_MEMORY_UDEREF + if (addr < TASK_SIZE && is_domain_fault(fsr)) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), addr); + goto die; + } @@ -4128,11 +4128,11 @@ index eb8830a..e8ff52e 100644 +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) + else if (is_domain_fault(ifsr) || is_xn_fault(ifsr)) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), + pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), + pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); + goto die; @@ -9450,10 +9450,23 @@ index dd14532..1dfc145 100644 - return (ret > base) ? ret : base; -} diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index 9b436c2..54fbf0a 100644 +index 9b436c2..5c64ae8 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c -@@ -95,9 +95,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -58,6 +58,12 @@ static inline int mmap_is_legacy(void) + + static unsigned long mmap_rnd(void) + { ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ return 0; ++#endif ++ + if (!(current->flags & PF_RANDOMIZE)) + return 0; + /* 8MB randomization for mmap_base */ +@@ -95,9 +101,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = mmap_base_legacy(); @@ -9475,7 +9488,7 @@ index 9b436c2..54fbf0a 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; } } -@@ -170,9 +182,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -170,9 +188,21 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = mmap_base_legacy(); @@ -31970,7 +31983,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index ebc551c..b8ee77e 100644 +index ebc551c..40d1269 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -14,11 +14,18 @@ @@ -32180,11 +32193,11 @@ index ebc551c..b8ee77e 100644 +#ifdef CONFIG_PAX_KERNEXEC + if (init_mm.start_code <= address && address < init_mm.end_code) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); + } +#endif @@ -32350,13 +32363,13 @@ index ebc551c..b8ee77e 100644 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + if (!user_mode(regs) && address < 2 * pax_user_shadow_base) { + if (!search_exception_tables(regs->ip)) { -+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); ++ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n"); + bad_area_nosemaphore(regs, error_code, address); + return; + } + if (address < pax_user_shadow_base) { -+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); -+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); ++ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n"); ++ printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip); + show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); + } else + address -= pax_user_shadow_base; @@ -52343,7 +52356,7 @@ index c21adc3..1b4155f 100644 ddb_entry->default_relogin_timeout = (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index d8afec8..3ec7152 100644 +index d8afec8..fffafb8 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -658,7 +658,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) @@ -52355,6 +52368,15 @@ index d8afec8..3ec7152 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { +@@ -804,7 +804,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd) + + good_bytes = scsi_bufflen(cmd); + if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) { +- int old_good_bytes = good_bytes; ++ unsigned int old_good_bytes = good_bytes; + drv = scsi_cmd_to_driver(cmd); + if (drv->done) + good_bytes = drv->done(cmd); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 719bd82..c996ebc 100644 --- a/drivers/scsi/scsi_lib.c @@ -52509,9 +52531,27 @@ index e3e794e..f72f20c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index a107064..a14c333 100644 +index a107064..30775cf 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c +@@ -109,7 +109,7 @@ static int sd_suspend_system(struct device *); + static int sd_suspend_runtime(struct device *); + static int sd_resume(struct device *); + static void sd_rescan(struct device *); +-static int sd_done(struct scsi_cmnd *); ++static unsigned int sd_done(struct scsi_cmnd *); + static int sd_eh_action(struct scsi_cmnd *, int); + static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer); + static void scsi_disk_release(struct device *cdev); +@@ -1645,7 +1645,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd) + * + * Note: potentially run from within an ISR. Must not block. + **/ +-static int sd_done(struct scsi_cmnd *SCpnt) ++static unsigned int sd_done(struct scsi_cmnd *SCpnt) + { + int result = SCpnt->result; + unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt); @@ -2958,7 +2958,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; @@ -52534,6 +52574,34 @@ index eb81c98..e6716ae 100644 case BLKTRACESTART: return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: +diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c +index 40d8592..8e89146 100644 +--- a/drivers/scsi/sr.c ++++ b/drivers/scsi/sr.c +@@ -79,7 +79,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM); + static DEFINE_MUTEX(sr_mutex); + static int sr_probe(struct device *); + static int sr_remove(struct device *); +-static int sr_done(struct scsi_cmnd *); ++static unsigned int sr_done(struct scsi_cmnd *); + static int sr_runtime_suspend(struct device *dev); + + static struct dev_pm_ops sr_pm_ops = { +@@ -310,11 +310,11 @@ do_tur: + * It will be notified on the end of a SCSI read / write, and will take one + * of several actions based on success or failure. + */ +-static int sr_done(struct scsi_cmnd *SCpnt) ++static unsigned int sr_done(struct scsi_cmnd *SCpnt) + { + int result = SCpnt->result; +- int this_count = scsi_bufflen(SCpnt); +- int good_bytes = (result == 0 ? this_count : 0); ++ unsigned int this_count = scsi_bufflen(SCpnt); ++ unsigned int good_bytes = (result == 0 ? this_count : 0); + int block_sectors = 0; + long error_sector; + struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index d6563ec..a1c5da2 100644 --- a/drivers/spi/spi.c @@ -65832,7 +65900,7 @@ index ca0ba15..0fa3257 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 35240a7..96dd7cf 100644 +index 35240a7..a5edf69 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -66466,10 +66534,12 @@ index 35240a7..96dd7cf 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -816,6 +1253,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -816,8 +1253,21 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif +- total_size = total_mapping_size(elf_phdata, +- loc->elf_ex.e_phnum); + +#ifdef CONFIG_PAX_RANDMMAP + /* PaX: randomize base address at the default exe base if requested */ @@ -66484,10 +66554,11 @@ index 35240a7..96dd7cf 100644 + } +#endif + - total_size = total_mapping_size(elf_phdata, - loc->elf_ex.e_phnum); ++ total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum); if (!total_size) { -@@ -854,9 +1305,9 @@ static int load_elf_binary(struct linux_binprm *bprm) + retval = -EINVAL; + goto out_free_dentry; +@@ -854,9 +1304,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -66500,7 +66571,7 @@ index 35240a7..96dd7cf 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -895,17 +1346,45 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -895,17 +1345,45 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -66552,7 +66623,7 @@ index 35240a7..96dd7cf 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1127,7 +1606,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1127,7 +1605,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -66561,7 +66632,7 @@ index 35240a7..96dd7cf 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1165,7 +1644,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1165,7 +1643,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -66570,7 +66641,7 @@ index 35240a7..96dd7cf 100644 goto whole; /* -@@ -1372,9 +1851,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1372,9 +1850,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -66582,7 +66653,7 @@ index 35240a7..96dd7cf 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1383,7 +1862,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1383,7 +1861,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -66591,7 +66662,7 @@ index 35240a7..96dd7cf 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -2007,14 +2486,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2007,14 +2485,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -66608,7 +66679,7 @@ index 35240a7..96dd7cf 100644 return size; } -@@ -2105,7 +2584,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2105,7 +2583,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -66617,7 +66688,7 @@ index 35240a7..96dd7cf 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2133,7 +2612,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2133,7 +2611,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -66626,7 +66697,7 @@ index 35240a7..96dd7cf 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2166,7 +2645,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2166,7 +2644,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -66635,7 +66706,7 @@ index 35240a7..96dd7cf 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2207,6 +2686,167 @@ out: +@@ -2207,6 +2685,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -68245,7 +68316,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 05f1942..747fc21 100644 +index 05f1942..5ea95e4 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -68892,13 +68963,13 @@ index 05f1942..747fc21 100644 +void pax_report_refcount_overflow(struct pt_regs *regs) +{ + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", ++ printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); + else -+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), ++ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); -+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); ++ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); + preempt_disable(); + show_regs(regs); + preempt_enable(); @@ -68957,10 +69028,10 @@ index 05f1942..747fc21 100644 +static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to_user, const char *type) +{ + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", ++ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", + ¤t->signal->curr_ip, to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len); + else -+ printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", ++ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", + to_user ? "leak" : "overwrite", to_user ? "from" : "to", ptr, type ? : "unknown", len); + dump_stack(); + gr_handle_kernel_exploit(); @@ -69059,7 +69130,7 @@ index 05f1942..747fc21 100644 +#ifdef CONFIG_PAX_SIZE_OVERFLOW +void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) +{ -+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); ++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); + dump_stack(); + do_group_exit(SIGKILL); +} @@ -93527,7 +93598,7 @@ index b66c211..13d2915 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h -index a964f72..b475afb 100644 +index a964f72..a6d40b4 100644 --- a/include/linux/scatterlist.h +++ b/include/linux/scatterlist.h @@ -1,6 +1,7 @@ @@ -93538,19 +93609,26 @@ index a964f72..b475afb 100644 #include <linux/string.h> #include <linux/bug.h> #include <linux/mm.h> -@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf, - #ifdef CONFIG_DEBUG_SG - BUG_ON(!virt_addr_valid(buf)); - #endif +@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg) + static inline void sg_set_buf(struct scatterlist *sg, const void *buf, + unsigned int buflen) + { ++ const void *realbuf = buf; ++ +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW -+ if (object_starts_on_stack(buf)) { -+ void *adjbuf = buf - current->stack + current->lowmem_stack; -+ sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf)); -+ } else ++ if (object_starts_on_stack(buf)) ++ realbuf = buf - current->stack + current->lowmem_stack; +#endif - sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); ++ + #ifdef CONFIG_DEBUG_SG +- BUG_ON(!virt_addr_valid(buf)); ++ BUG_ON(!virt_addr_valid(realbuf)); + #endif +- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); ++ sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf)); } + /* diff --git a/include/linux/sched.h b/include/linux/sched.h index 91fe6a3..30088db 100644 --- a/include/linux/sched.h @@ -95849,6 +95927,19 @@ index 409fafb..efc53b0 100644 struct device sdev_gendev, sdev_dev; +diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h +index 20fdfc2..5745712 100644 +--- a/include/scsi/scsi_driver.h ++++ b/include/scsi/scsi_driver.h +@@ -15,7 +15,7 @@ struct scsi_driver { + struct device_driver gendrv; + + void (*rescan)(struct device *); +- int (*done)(struct scsi_cmnd *); ++ unsigned int (*done)(struct scsi_cmnd *); + int (*eh_action)(struct scsi_cmnd *, int); + }; + #define to_scsi_driver(drv) \ diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h index b797e8f..8e2c3aa 100644 --- a/include/scsi/scsi_transport_fc.h @@ -103667,6 +103758,23 @@ index f504027..97a15c0 100644 bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); if (!bd->dbuf) +diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c +index 32adb73..ccbd787 100644 +--- a/lib/decompress_unlzma.c ++++ b/lib/decompress_unlzma.c +@@ -39,10 +39,10 @@ + + #define MIN(a, b) (((a) < (b)) ? (a) : (b)) + +-static long long INIT read_int(unsigned char *ptr, int size) ++static unsigned long long INIT read_int(unsigned char *ptr, int size) + { + int i; +- long long ret = 0; ++ unsigned long long ret = 0; + + for (i = 0; i < size; i++) + ret = (ret << 8) | ptr[size-i-1]; diff --git a/lib/devres.c b/lib/devres.c index 8235331..5881053 100644 --- a/lib/devres.c @@ -121055,7 +121163,7 @@ index 0000000..da184c5 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..77f8462 +index 0000000..1d20e32 --- /dev/null +++ b/tools/gcc/gcc-common.h @@ -0,0 +1,689 @@ @@ -121219,7 +121327,7 @@ index 0000000..77f8462 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) + +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 @@ -121459,6 +121567,7 @@ index 0000000..77f8462 +} + +#define ipa_remove_stmt_references(cnode, stmt) ++ +typedef union gimple_statement_d gasm; +typedef union gimple_statement_d gassign; +typedef union gimple_statement_d gcall; @@ -121480,7 +121589,6 @@ index 0000000..77f8462 +#define create_var_ann(var) +#define TODO_dump_func 0 +#define TODO_dump_cgraph 0 -+ +#endif + +#if BUILDING_GCC_VERSION <= 4009 diff --git a/3.14.45/4435_grsec-mute-warnings.patch b/3.14.45/4435_grsec-mute-warnings.patch index 558c435..2c2d463 100644 --- a/3.14.45/4435_grsec-mute-warnings.patch +++ b/3.14.45/4435_grsec-mute-warnings.patch @@ -29,14 +29,15 @@ warning flags of vanilla kernel versions. Acked-by: Christian Heim <phreak@gentoo.org> --- ---- a/Makefile 2011-11-18 17:50:11.000000000 -0500 -+++ b/Makefile 2011-11-18 17:50:48.000000000 -0500 +diff -Naur a/Makefile b/Makefile +--- a/Makefile 2015-06-27 15:35:56.363504156 -0400 ++++ b/Makefile 2015-06-27 16:41:08.552598625 -0400 @@ -244,7 +244,7 @@ HOSTCC = gcc HOSTCXX = g++ --HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 -+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 +-HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks ++HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -std=gnu89 -fno-delete-null-pointer-checks HOSTCFLAGS += $(call cc-option, -Wno-empty-body) HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds diff --git a/3.2.69/0000_README b/3.2.69/0000_README index 1521b73..05b7791 100644 --- a/3.2.69/0000_README +++ b/3.2.69/0000_README @@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch From: http://www.kernel.org Desc: Linux 3.2.69 -Patch: 4420_grsecurity-3.1-3.2.69-201506232100.patch +Patch: 4420_grsecurity-3.1-3.2.69-201506262041.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch index 873b401..ce279a5 100644 --- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch +++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch @@ -6836,10 +6836,23 @@ index 1df64a8..aea2a39 100644 }; diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index c70b3d8..d01c6b3 100644 +index c70b3d8..d7d5b01 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c -@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -60,6 +60,12 @@ static inline int mmap_is_legacy(void) + + static unsigned long mmap_rnd(void) + { ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ return 0; ++#endif ++ + if (!(current->flags & PF_RANDOMIZE)) + return 0; + /* 8MB randomization for mmap_base */ +@@ -92,10 +98,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -6862,7 +6875,7 @@ index c70b3d8..d01c6b3 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } -@@ -175,10 +187,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -175,10 +193,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -28417,7 +28430,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 351590e..a1132fb 100644 +index 351590e..825bba9 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -28609,10 +28622,10 @@ index 351590e..a1132fb 100644 +#ifdef CONFIG_PAX_KERNEXEC + if (init_mm.start_code <= address && address < init_mm.end_code) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ++ printk(KERN_EMERG "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ++ printk(KERN_EMERG "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", + current->comm, task_pid_nr(current), current_uid(), current_euid()); + } +#endif @@ -28787,8 +28800,8 @@ index 351590e..a1132fb 100644 + return; + } + if (address < pax_user_shadow_base) { -+ printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); -+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); ++ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n"); ++ printk(KERN_EMERG "PAX: faulting IP: %pS\n", (void *)regs->ip); + show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); + } else + address -= pax_user_shadow_base; @@ -49651,7 +49664,7 @@ index 4169c8b..a8b896b 100644 ddb_entry->default_relogin_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 831db24..aef1598 100644 +index 831db24..1b88f70 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -655,7 +655,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) @@ -49663,6 +49676,15 @@ index 831db24..aef1598 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { +@@ -837,7 +837,7 @@ void scsi_finish_command(struct scsi_cmnd *cmd) + + good_bytes = scsi_bufflen(cmd); + if (cmd->request->cmd_type != REQ_TYPE_BLOCK_PC) { +- int old_good_bytes = good_bytes; ++ unsigned int old_good_bytes = good_bytes; + drv = scsi_cmd_to_driver(cmd); + if (drv->done) + good_bytes = drv->done(cmd); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index f6a464a..797b84d 100644 --- a/drivers/scsi/scsi_lib.c @@ -49817,9 +49839,27 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 5c6b5f5..475317d 100644 +index 5c6b5f5..015ec9d 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c +@@ -105,7 +105,7 @@ static void sd_shutdown(struct device *); + static int sd_suspend(struct device *, pm_message_t state); + static int sd_resume(struct device *); + static void sd_rescan(struct device *); +-static int sd_done(struct scsi_cmnd *); ++static unsigned int sd_done(struct scsi_cmnd *); + static void sd_read_capacity(struct scsi_disk *sdkp, unsigned char *buffer); + static void scsi_disk_release(struct device *cdev); + static void sd_print_sense_hdr(struct scsi_disk *, struct scsi_sense_hdr *); +@@ -1390,7 +1390,7 @@ static unsigned int sd_completed_bytes(struct scsi_cmnd *scmd) + * + * Note: potentially run from within an ISR. Must not block. + **/ +-static int sd_done(struct scsi_cmnd *SCpnt) ++static unsigned int sd_done(struct scsi_cmnd *SCpnt) + { + int result = SCpnt->result; + unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt); @@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev) device_initialize(&sdkp->dev); sdkp->dev.parent = dev; @@ -49860,6 +49900,34 @@ index 2d25616..7502cde 100644 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); if (!sg_proc_sgp) +diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c +index 5fc97d2..5f26ccd 100644 +--- a/drivers/scsi/sr.c ++++ b/drivers/scsi/sr.c +@@ -78,7 +78,7 @@ MODULE_ALIAS_SCSI_DEVICE(TYPE_WORM); + static DEFINE_MUTEX(sr_mutex); + static int sr_probe(struct device *); + static int sr_remove(struct device *); +-static int sr_done(struct scsi_cmnd *); ++static unsigned int sr_done(struct scsi_cmnd *); + + static struct scsi_driver sr_template = { + .owner = THIS_MODULE, +@@ -296,11 +296,11 @@ do_tur: + * It will be notified on the end of a SCSI read / write, and will take one + * of several actions based on success or failure. + */ +-static int sr_done(struct scsi_cmnd *SCpnt) ++static unsigned int sr_done(struct scsi_cmnd *SCpnt) + { + int result = SCpnt->result; +- int this_count = scsi_bufflen(SCpnt); +- int good_bytes = (result == 0 ? this_count : 0); ++ unsigned int this_count = scsi_bufflen(SCpnt); ++ unsigned int good_bytes = (result == 0 ? this_count : 0); + int block_sectors = 0; + long error_sector; + struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c new file mode 100644 index 0000000..06c9d30 @@ -59288,7 +59356,7 @@ index 451b9b8..12e5a03 100644 out_free_fd: diff --git a/fs/exec.c b/fs/exec.c -index 7adb43f..9b2005c 100644 +index 7adb43f..be703f8 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,12 +55,35 @@ @@ -60069,12 +60137,12 @@ index 7adb43f..9b2005c 100644 +void pax_report_refcount_overflow(struct pt_regs *regs) +{ + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", ++ printk(KERN_EMERG "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", + ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); + else -+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", ++ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", + current->comm, task_pid_nr(current), current_uid(), current_euid()); -+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); ++ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); + preempt_disable(); + show_regs(regs); + preempt_enable(); @@ -60133,10 +60201,10 @@ index 7adb43f..9b2005c 100644 +static __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) +{ + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", ++ printk(KERN_EMERG "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", + ¤t->signal->curr_ip, to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); + else -+ printk(KERN_ERR "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", ++ printk(KERN_EMERG "PAX: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", + to ? "leak" : "overwrite", to ? "from" : "to", ptr, type ? : "unknown", len); + dump_stack(); + gr_handle_kernel_exploit(); @@ -60235,7 +60303,7 @@ index 7adb43f..9b2005c 100644 +#ifdef CONFIG_PAX_SIZE_OVERFLOW +void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) +{ -+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); ++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); + dump_stack(); + do_group_exit(SIGKILL); +} @@ -87940,6 +88008,19 @@ index 377ba61..1b6890c 100644 struct device sdev_gendev, sdev_dev; +diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h +index 9fd6702..52e04b7 100644 +--- a/include/scsi/scsi_driver.h ++++ b/include/scsi/scsi_driver.h +@@ -15,7 +15,7 @@ struct scsi_driver { + struct device_driver gendrv; + + void (*rescan)(struct device *); +- int (*done)(struct scsi_cmnd *); ++ unsigned int (*done)(struct scsi_cmnd *); + }; + #define to_scsi_driver(drv) \ + container_of((drv), struct scsi_driver, gendrv) diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h index 2a65167..91e01f8 100644 --- a/include/scsi/scsi_transport_fc.h @@ -96477,6 +96558,23 @@ index 6a110e2..799667a 100644 bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); if (!bd->dbuf) +diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c +index 476c65a..b4c50e8 100644 +--- a/lib/decompress_unlzma.c ++++ b/lib/decompress_unlzma.c +@@ -39,10 +39,10 @@ + + #define MIN(a, b) (((a) < (b)) ? (a) : (b)) + +-static long long INIT read_int(unsigned char *ptr, int size) ++static unsigned long long INIT read_int(unsigned char *ptr, int size) + { + int i; +- long long ret = 0; ++ unsigned long long ret = 0; + + for (i = 0; i < size; i++) + ret = (ret << 8) | ptr[size-i-1]; diff --git a/lib/devres.c b/lib/devres.c index 7c0e953..f642b5c 100644 --- a/lib/devres.c @@ -116469,7 +116567,7 @@ index 0000000..da184c5 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..77f8462 +index 0000000..1d20e32 --- /dev/null +++ b/tools/gcc/gcc-common.h @@ -0,0 +1,689 @@ @@ -116633,7 +116731,7 @@ index 0000000..77f8462 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) + +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 @@ -116873,6 +116971,7 @@ index 0000000..77f8462 +} + +#define ipa_remove_stmt_references(cnode, stmt) ++ +typedef union gimple_statement_d gasm; +typedef union gimple_statement_d gassign; +typedef union gimple_statement_d gcall; @@ -116894,7 +116993,6 @@ index 0000000..77f8462 +#define create_var_ann(var) +#define TODO_dump_func 0 +#define TODO_dump_cgraph 0 -+ +#endif + +#if BUILDING_GCC_VERSION <= 4009 diff --git a/4.0.6/0000_README b/4.0.6/0000_README index 62fb720..00d5c29 100644 --- a/4.0.6/0000_README +++ b/4.0.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.0.6-201506232104.patch +Patch: 4420_grsecurity-3.1-4.0.6-201506262047.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch index 91512cb..797b7c1 100644 --- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch +++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506262047.patch @@ -53187,6 +53187,34 @@ index 2270bd5..98408a5 100644 case BLKTRACESTART: return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: +diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c +index 8bd54a6..dd037a5 100644 +--- a/drivers/scsi/sr.c ++++ b/drivers/scsi/sr.c +@@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex); + static int sr_probe(struct device *); + static int sr_remove(struct device *); + static int sr_init_command(struct scsi_cmnd *SCpnt); +-static int sr_done(struct scsi_cmnd *); ++static unsigned int sr_done(struct scsi_cmnd *); + static int sr_runtime_suspend(struct device *dev); + + static struct dev_pm_ops sr_pm_ops = { +@@ -312,11 +312,11 @@ do_tur: + * It will be notified on the end of a SCSI read / write, and will take one + * of several actions based on success or failure. + */ +-static int sr_done(struct scsi_cmnd *SCpnt) ++static unsigned int sr_done(struct scsi_cmnd *SCpnt) + { + int result = SCpnt->result; +- int this_count = scsi_bufflen(SCpnt); +- int good_bytes = (result == 0 ? this_count : 0); ++ unsigned int this_count = scsi_bufflen(SCpnt); ++ unsigned int good_bytes = (result == 0 ? this_count : 0); + int block_sectors = 0; + long error_sector; + struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c index c0d660f..24a5854 100644 --- a/drivers/soc/tegra/fuse/fuse-tegra.c @@ -93167,7 +93195,7 @@ index c4c559a..6ba9a26 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h -index ed8f9e70..999bc96 100644 +index ed8f9e70..2e627f2 100644 --- a/include/linux/scatterlist.h +++ b/include/linux/scatterlist.h @@ -1,6 +1,7 @@ @@ -93178,19 +93206,26 @@ index ed8f9e70..999bc96 100644 #include <linux/string.h> #include <linux/bug.h> #include <linux/mm.h> -@@ -114,6 +115,12 @@ static inline void sg_set_buf(struct scatterlist *sg, const void *buf, - #ifdef CONFIG_DEBUG_SG - BUG_ON(!virt_addr_valid(buf)); - #endif +@@ -111,10 +112,17 @@ static inline struct page *sg_page(struct scatterlist *sg) + static inline void sg_set_buf(struct scatterlist *sg, const void *buf, + unsigned int buflen) + { ++ const void *realbuf = buf; ++ +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW -+ if (object_starts_on_stack(buf)) { -+ void *adjbuf = buf - current->stack + current->lowmem_stack; -+ sg_set_page(sg, virt_to_page(adjbuf), buflen, offset_in_page(adjbuf)); -+ } else ++ if (object_starts_on_stack(buf)) ++ realbuf = buf - current->stack + current->lowmem_stack; +#endif - sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); ++ + #ifdef CONFIG_DEBUG_SG +- BUG_ON(!virt_addr_valid(buf)); ++ BUG_ON(!virt_addr_valid(realbuf)); + #endif +- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf)); ++ sg_set_page(sg, virt_to_page(realbuf), buflen, offset_in_page(realbuf)); } + /* diff --git a/include/linux/sched.h b/include/linux/sched.h index 51348f7..8c8b0ba 100644 --- a/include/linux/sched.h @@ -95438,6 +95473,19 @@ index a4c9336..d6f8f34 100644 struct device sdev_gendev, sdev_dev; +diff --git a/include/scsi/scsi_driver.h b/include/scsi/scsi_driver.h +index 891a658..fcd68df 100644 +--- a/include/scsi/scsi_driver.h ++++ b/include/scsi/scsi_driver.h +@@ -14,7 +14,7 @@ struct scsi_driver { + void (*rescan)(struct device *); + int (*init_command)(struct scsi_cmnd *); + void (*uninit_command)(struct scsi_cmnd *); +- int (*done)(struct scsi_cmnd *); ++ unsigned int (*done)(struct scsi_cmnd *); + int (*eh_action)(struct scsi_cmnd *, int); + }; + #define to_scsi_driver(drv) \ diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h index 007a0bc..7188db8 100644 --- a/include/scsi/scsi_transport_fc.h @@ -103458,6 +103506,23 @@ index 6dd0335..1e9c239 100644 bd->dbuf = large_malloc(bd->dbufSize * sizeof(int)); if (!bd->dbuf) +diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c +index 0be83af..4605e93 100644 +--- a/lib/decompress_unlzma.c ++++ b/lib/decompress_unlzma.c +@@ -39,10 +39,10 @@ + + #define MIN(a, b) (((a) < (b)) ? (a) : (b)) + +-static long long INIT read_int(unsigned char *ptr, int size) ++static unsigned long long INIT read_int(unsigned char *ptr, int size) + { + int i; +- long long ret = 0; ++ unsigned long long ret = 0; + + for (i = 0; i < size; i++) + ret = (ret << 8) | ptr[size-i-1]; diff --git a/lib/div64.c b/lib/div64.c index 4382ad7..08aa558 100644 --- a/lib/div64.c |