diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-11-19 15:16:53 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-11-19 15:16:53 -0500 |
| commit | 8dd436b8f0b7757796302b67f683cdddd359824d (patch) | |
| tree | f167b0ca37953b21dc39aa04704877e8a4945448 | |
| parent | grsecurity-3.1-4.2.6-201511172005 (diff) | |
| download | hardened-patchset-20151118.tar.gz hardened-patchset-20151118.tar.bz2 hardened-patchset-20151118.zip | |
grsecurity-3.1-4.2.6-20151118204220151118
| -rw-r--r-- | 4.2.6/0000_README | 2 | ||||
| -rw-r--r-- | 4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch (renamed from 4.2.6/4420_grsecurity-3.1-4.2.6-201511172005.patch) | 55 |
2 files changed, 51 insertions, 6 deletions
diff --git a/4.2.6/0000_README b/4.2.6/0000_README index 730b6c8..9ebf533 100644 --- a/4.2.6/0000_README +++ b/4.2.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.2.6-201511172005.patch +Patch: 4420_grsecurity-3.1-4.2.6-201511182042.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201511172005.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch index 3806d62..ec705cc 100644 --- a/4.2.6/4420_grsecurity-3.1-4.2.6-201511172005.patch +++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511182042.patch @@ -17126,7 +17126,7 @@ index e970320..c006fea 100644 GCOV_PROFILE := n diff --git a/arch/x86/entry/vdso/vdso2c.h b/arch/x86/entry/vdso/vdso2c.h -index 0224987..8deb742 100644 +index 0224987..0359810 100644 --- a/arch/x86/entry/vdso/vdso2c.h +++ b/arch/x86/entry/vdso/vdso2c.h @@ -12,7 +12,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len, @@ -17147,6 +17147,24 @@ index 0224987..8deb742 100644 ELF(Sym) *sym = raw_addr + GET_LE(&symtab_hdr->sh_offset) + GET_LE(&symtab_hdr->sh_entsize) * i; const char *name = raw_addr + GET_LE(&strtab_hdr->sh_offset) + +@@ -140,7 +140,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len, + fprintf(outfile, "#include <asm/vdso.h>\n"); + fprintf(outfile, "\n"); + fprintf(outfile, +- "static unsigned char raw_data[%lu] __page_aligned_data = {", ++ "static unsigned char raw_data[%lu] __page_aligned_rodata = {", + mapping_size); + for (j = 0; j < stripped_len; j++) { + if (j % 10 == 0) +@@ -150,7 +150,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len, + } + fprintf(outfile, "\n};\n\n"); + +- fprintf(outfile, "static struct page *pages[%lu];\n\n", ++ fprintf(outfile, "static struct page *pages[%lu] __read_only;\n\n", + mapping_size / 4096); + + fprintf(outfile, "const struct vdso_image %s = {\n", name); diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index 1c9f750..cfddb1a 100644 --- a/arch/x86/entry/vdso/vma.c @@ -17314,6 +17332,19 @@ index 2dcc6ff..082dc7a 100644 BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) != (unsigned long)VSYSCALL_ADDR); +diff --git a/arch/x86/entry/vsyscall/vsyscall_emu_64.S b/arch/x86/entry/vsyscall/vsyscall_emu_64.S +index c9596a9..805b68d 100644 +--- a/arch/x86/entry/vsyscall/vsyscall_emu_64.S ++++ b/arch/x86/entry/vsyscall/vsyscall_emu_64.S +@@ -12,7 +12,7 @@ + #include <asm/page_types.h> + #include <asm/unistd_64.h> + +-__PAGE_ALIGNED_DATA ++.section ".data..read_only", "a" + .globl __vsyscall_page + .balign PAGE_SIZE, 0xcc + .type __vsyscall_page, @object diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c index ae6aad1..719d6d9 100644 --- a/arch/x86/ia32/ia32_aout.c @@ -34620,7 +34651,7 @@ index 9c0ff04..9020d5f 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index b9c78f3..9ca7e24 100644 +index b9c78f3..c757af4 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -59,8 +59,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, @@ -34691,7 +34722,7 @@ index b9c78f3..9ca7e24 100644 } -static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss; -+static pte_t __bm_pte[PAGE_SIZE/sizeof(pte_t)] __read_only __aligned(PAGE_SIZE); ++static pte_t __bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_rodata; +static pte_t *bm_pte __read_only = __bm_pte; static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) @@ -82421,7 +82452,7 @@ index ce065cf..8974fed 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index aa50d1a..7a62b7a 100644 +index aa50d1a..c202cde 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -82553,7 +82584,7 @@ index aa50d1a..7a62b7a 100644 + rcu_read_unlock(); + + if (!pid->hide_pid) -+ return false; ++ return ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); +#endif + if (pid->hide_pid < hide_pid_min) @@ -112919,6 +112950,20 @@ index dc07d88..3929c29 100644 if (err) { bdi_destroy(bdi); return err; +diff --git a/mm/debug.c b/mm/debug.c +index 76089dd..dd37b9b 100644 +--- a/mm/debug.c ++++ b/mm/debug.c +@@ -127,6 +127,9 @@ static const struct trace_print_flags vmaflags_names[] = { + {VM_RAND_READ, "randread" }, + {VM_DONTCOPY, "dontcopy" }, + {VM_DONTEXPAND, "dontexpand" }, ++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) ++ {VM_PAGEEXEC, "pageexec" }, ++#endif + {VM_ACCOUNT, "account" }, + {VM_NORESERVE, "noreserve" }, + {VM_HUGETLB, "hugetlb" }, diff --git a/mm/dmapool.c b/mm/dmapool.c index fd5fe43..39ea317 100644 --- a/mm/dmapool.c |