diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2016-05-14 07:07:59 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2016-05-14 07:07:59 -0400 |
| commit | 65558af35749a9213e649a3b580778da10dc42dd (patch) | |
| tree | dcfe86af12317069f159b1ec1879c5e3f945c23b | |
| parent | grsecurity-3.1-4.5.4-201605122039 (diff) | |
| download | hardened-patchset-20160513.tar.gz hardened-patchset-20160513.tar.bz2 hardened-patchset-20160513.zip | |
grsecurity-3.1-4.5.4-20160513191820160513
| -rw-r--r-- | 4.5.4/0000_README | 2 | ||||
| -rw-r--r-- | 4.5.4/4420_grsecurity-3.1-4.5.4-201605131918.patch (renamed from 4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch) | 63 |
2 files changed, 45 insertions, 20 deletions
diff --git a/4.5.4/0000_README b/4.5.4/0000_README index c80ae26..d196de1 100644 --- a/4.5.4/0000_README +++ b/4.5.4/0000_README @@ -6,7 +6,7 @@ Patch: 1003_linux-4.5.4.patch From: http://www.kernel.org Desc: Linux 4.5.4 -Patch: 4420_grsecurity-3.1-4.5.4-201605122039.patch +Patch: 4420_grsecurity-3.1-4.5.4-201605131918.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch b/4.5.4/4420_grsecurity-3.1-4.5.4-201605131918.patch index 392d870..4d957ee 100644 --- a/4.5.4/4420_grsecurity-3.1-4.5.4-201605122039.patch +++ b/4.5.4/4420_grsecurity-3.1-4.5.4-201605131918.patch @@ -169974,10 +169974,10 @@ index 0000000..7c59f38 +} diff --git a/tools/gcc/rap_plugin/rap_plugin.c b/tools/gcc/rap_plugin/rap_plugin.c new file mode 100644 -index 0000000..cdac9c1 +index 0000000..bca74dc --- /dev/null +++ b/tools/gcc/rap_plugin/rap_plugin.c -@@ -0,0 +1,486 @@ +@@ -0,0 +1,511 @@ +/* + * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -170105,12 +170105,39 @@ index 0000000..cdac9c1 + return cgraph_for_node_and_aliases(node, __rap_cgraph_indirectly_callable, NULL, true); +} + ++static void rap_hash_align(tree decl) ++{ ++ const unsigned HOST_WIDE_INT rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t); ++ unsigned HOST_WIDE_INT skip; ++ ++ skip = 1ULL << align_functions_log; ++ if (DECL_USER_ALIGN(decl)) ++ return; ++ ++ if (!optimize_function_for_speed_p(cfun)) ++ return; ++ ++ if (skip <= rap_hash_offset) ++ return; ++ ++#ifdef TARGET_386 ++ { ++ char padding[skip - rap_hash_offset]; ++ ++ // this byte sequence helps disassemblers not trip up on the following rap hash ++ memset(padding, 0xcc, sizeof padding - 1); ++ padding[sizeof padding - 1] = 0xb8; ++ ASM_OUTPUT_ASCII(asm_out_file, padding, sizeof padding); ++ } ++#else ++ ASM_OUTPUT_SKIP(asm_out_file, skip - rap_hash_offset); ++#endif ++} ++ +static void rap_begin_function(tree decl) +{ + cgraph_node_ptr node; + rap_hash_t imprecise_rap_hash; -+ unsigned HOST_WIDE_INT skip; -+ const unsigned HOST_WIDE_INT rap_hash_offset = TARGET_64BIT ? 2 * sizeof(rap_hash_t) : sizeof(rap_hash_t); + + gcc_assert(debug_hooks == &rap_debug_hooks); + @@ -170119,9 +170146,7 @@ index 0000000..cdac9c1 + old_debug_hooks->begin_function(decl); + + // align the rap hash if necessary -+ skip = 1ULL << align_functions_log; -+ if (skip > rap_hash_offset) -+ ASM_OUTPUT_SKIP(asm_out_file, skip - rap_hash_offset); ++ rap_hash_align(decl); + + // don't compute hash for functions called only directly + node = cgraph_get_node(decl); @@ -170136,9 +170161,9 @@ index 0000000..cdac9c1 + inform(DECL_SOURCE_LOCATION(decl), "func rap_hash: %x %s", imprecise_rap_hash.hash, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl))); + + if (TARGET_64BIT) -+ fprintf(asm_out_file, ".quad %#lx\t%s __rap_hash_%s\n", (long)imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl))); ++ fprintf(asm_out_file, "\t.quad %#lx\t%s __rap_hash_%s\n", (long)imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl))); + else -+ fprintf(asm_out_file, ".long %#x\t%s __rap_hash_%s\n", imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl))); ++ fprintf(asm_out_file, "\t.long %#x\t%s __rap_hash_%s\n", imprecise_rap_hash.hash, ASM_COMMENT_START, IDENTIFIER_POINTER(DECL_ASSEMBLER_NAME(decl))); +} + +static void rap_start_unit_common(void *gcc_data __unused, void *user_data __unused) @@ -170611,10 +170636,10 @@ index 0000000..f74d85a +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 -index 0000000..a5916c8 +index 0000000..2a420f3 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data -@@ -0,0 +1,12441 @@ +@@ -0,0 +1,12444 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -183056,6 +183081,9 @@ index 0000000..a5916c8 +enable_so_squashfs_iget_fndecl_37485 squashfs_iget fndecl 3 37485 NULL +enable_so_new_offset_mdp_superblock_1_6501 new_offset mdp_superblock_1 0 6501 NULL +enable_so_lookup_memtype_fndecl_20192 lookup_memtype fndecl 1 20192 NULL ++enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL ++enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL ++enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d @@ -183542,7 +183570,7 @@ index 0000000..ee987da +#include "gcc-generate-gimple-pass.h" diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c new file mode 100644 -index 0000000..b12cef3 +index 0000000..a47c089 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c @@ -0,0 +1,1166 @@ @@ -184679,7 +184707,7 @@ index 0000000..b12cef3 +{ + const_tree rhs, lhs_type, rhs_type; + const_tree def_rhs1, def_rhs2; -+ const_gimple def_stmt; ++ gimple def_stmt; + gimple def_def_stmt = NULL; + + if (!gimple_assign_cast_p(stmt)) @@ -184700,7 +184728,7 @@ index 0000000..b12cef3 + + // _37 = _36 | -32768; + def_stmt = get_def_stmt(rhs); -+ if (!def_stmt || gimple_assign_rhs_code(def_stmt) != BIT_IOR_EXPR) ++ if (!def_stmt || !gimple_assign_cast_p(def_stmt) || gimple_assign_rhs_code(def_stmt) != BIT_IOR_EXPR) + return false; + def_rhs1 = gimple_assign_rhs1(def_stmt); + def_rhs2 = gimple_assign_rhs2(def_stmt); @@ -185394,10 +185422,10 @@ index 0000000..4098952 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..b3ac1cc +index 0000000..5364a49 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,21647 @@ +@@ -0,0 +1,21644 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL @@ -186994,7 +187022,6 @@ index 0000000..b3ac1cc +enable_so_SYSC_fgetxattr_fndecl_4904 SYSC_fgetxattr fndecl 4 4904 NULL +enable_so_diva_um_idi_read_fndecl_4912 diva_um_idi_read fndecl 0 4912 NULL +enable_so_tree_mod_log_eb_move_fndecl_4920 tree_mod_log_eb_move fndecl 5 4920 NULL -+enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL +enable_so_leaf_copy_items_fndecl_4923 leaf_copy_items fndecl 5 4923 NULL +enable_so_ui_size_ubifs_inode_4934 ui_size ubifs_inode 0 4934 NULL +enable_so_bpp_drm_mode_fb_cmd_4936 bpp drm_mode_fb_cmd 0 4936 NULL @@ -187083,7 +187110,6 @@ index 0000000..b3ac1cc +enable_so_len_bts_file_action_5178 len bts_file_action 0 5178 &enable_so_ext4_es_insert_extent_fndecl_5178 +enable_so_lpfc_issue_ct_rsp_fndecl_5182 lpfc_issue_ct_rsp fndecl 6 5182 NULL +enable_so_port_mlx5_ib_qp_5186 port mlx5_ib_qp 0 5186 NULL -+enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL +enable_so_SyS_lsetxattr_fndecl_5195 SyS_lsetxattr fndecl 4 5195 NULL +enable_so_size_drm_amdgpu_gem_userptr_5196 size drm_amdgpu_gem_userptr 0 5196 NULL +enable_so_hidp_raw_request_fndecl_5198 hidp_raw_request fndecl 4 5198 NULL @@ -193092,7 +193118,6 @@ index 0000000..b3ac1cc +enable_so_num_channels_sh_mtu2_device_23224 num_channels sh_mtu2_device 0 23224 NULL +enable_so_clk_core_get_rate_fndecl_23225 clk_core_get_rate fndecl 0 23225 NULL nohasharray +enable_so_vid_hdr_offset_ubi_device_23225 vid_hdr_offset ubi_device 0 23225 &enable_so_clk_core_get_rate_fndecl_23225 -+enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL +enable_so_nvkm_client_map_fndecl_23228 nvkm_client_map fndecl 3-2 23228 NULL +enable_so_ubifs_prep_grp_node_fndecl_23231 ubifs_prep_grp_node fndecl 3 23231 NULL nohasharray +enable_so_ivtv_v4l2_read_fndecl_23231 ivtv_v4l2_read fndecl 3 23231 &enable_so_ubifs_prep_grp_node_fndecl_23231 |