summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--3.13.2/0000_README2
-rw-r--r--3.13.2/4420_grsecurity-3.0-3.13.2-201402111747.patch (renamed from 3.13.2/4420_grsecurity-3.0-3.13.2-201402091134.patch)33
-rw-r--r--3.2.54/0000_README2
-rw-r--r--3.2.54/4420_grsecurity-3.0-3.2.54-201402111745.patch (renamed from 3.2.54/4420_grsecurity-3.0-3.2.54-201402091132.patch)85
4 files changed, 69 insertions, 53 deletions
diff --git a/3.13.2/0000_README b/3.13.2/0000_README
index cb647cd..ce8a461 100644
--- a/3.13.2/0000_README
+++ b/3.13.2/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.13.2-201402091134.patch
+Patch: 4420_grsecurity-3.0-3.13.2-201402111747.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.13.2/4420_grsecurity-3.0-3.13.2-201402091134.patch b/3.13.2/4420_grsecurity-3.0-3.13.2-201402111747.patch
index df6cd99..3ac109b 100644
--- a/3.13.2/4420_grsecurity-3.0-3.13.2-201402091134.patch
+++ b/3.13.2/4420_grsecurity-3.0-3.13.2-201402111747.patch
@@ -37956,7 +37956,7 @@ index d39cca6..8c1e269 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 429b75b..03d60db 100644
+index 429b75b..a4f540d 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -270,10 +270,17 @@
@@ -37977,7 +37977,17 @@ index 429b75b..03d60db 100644
#define SEC_XFER_SIZE 512
#define EXTRACT_SIZE 10
-@@ -361,12 +368,19 @@ static struct poolinfo {
+@@ -284,9 +291,6 @@
+ /*
+ * To allow fractional bits to be tracked, the entropy_count field is
+ * denominated in units of 1/8th bits.
+- *
+- * 2*(ENTROPY_SHIFT + log2(poolbits)) must <= 31, or the multiply in
+- * credit_entropy_bits() needs to be 64 bits wide.
+ */
+ #define ENTROPY_SHIFT 3
+ #define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
+@@ -361,12 +365,19 @@ static struct poolinfo {
#define S(x) ilog2(x)+5, (x), (x)*4, (x)*32, (x) << (ENTROPY_SHIFT+5)
int tap1, tap2, tap3, tap4, tap5;
} poolinfo_table[] = {
@@ -37997,7 +38007,7 @@ index 429b75b..03d60db 100644
#if 0
/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
{ S(2048), 1638, 1231, 819, 411, 1 },
-@@ -524,8 +538,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -524,8 +535,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
input_rotate = (input_rotate + (i ? 7 : 14)) & 31;
}
@@ -38008,7 +38018,16 @@ index 429b75b..03d60db 100644
smp_wmb();
if (out)
-@@ -1151,7 +1165,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -632,7 +643,7 @@ retry:
+ /* The +2 corresponds to the /4 in the denominator */
+
+ do {
+- unsigned int anfrac = min(pnfrac, pool_size/2);
++ u64 anfrac = min(pnfrac, pool_size/2);
+ unsigned int add =
+ ((pool_size - entropy_count)*anfrac*3) >> s;
+
+@@ -1151,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -38017,7 +38036,7 @@ index 429b75b..03d60db 100644
ret = -EFAULT;
break;
}
-@@ -1507,7 +1521,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1507,7 +1518,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -38026,7 +38045,7 @@ index 429b75b..03d60db 100644
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
-@@ -1523,7 +1537,7 @@ static char sysctl_bootid[16];
+@@ -1523,7 +1534,7 @@ static char sysctl_bootid[16];
static int proc_do_uuid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -38035,7 +38054,7 @@ index 429b75b..03d60db 100644
unsigned char buf[64], tmp_uuid[16], *uuid;
uuid = table->data;
-@@ -1553,7 +1567,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
+@@ -1553,7 +1564,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
static int proc_do_entropy(ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
diff --git a/3.2.54/0000_README b/3.2.54/0000_README
index 36ebbf6..b0f9c87 100644
--- a/3.2.54/0000_README
+++ b/3.2.54/0000_README
@@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch
From: http://www.kernel.org
Desc: Linux 3.2.54
-Patch: 4420_grsecurity-3.0-3.2.54-201402091132.patch
+Patch: 4420_grsecurity-3.0-3.2.54-201402111745.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201402091132.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201402111745.patch
index c8d6e90..21543e0 100644
--- a/3.2.54/4420_grsecurity-3.0-3.2.54-201402091132.patch
+++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201402111745.patch
@@ -34264,7 +34264,7 @@ index da3cfee..a5a6606 100644
*ppos = i;
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index c244f0e..4276f28 100644
+index c244f0e..2080073 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -255,10 +255,8 @@
@@ -34280,7 +34280,7 @@ index c244f0e..4276f28 100644
#include <asm/processor.h>
#include <asm/uaccess.h>
-@@ -266,129 +264,153 @@
+@@ -266,129 +264,150 @@
#include <asm/irq_regs.h>
#include <asm/io.h>
@@ -34315,9 +34315,6 @@ index c244f0e..4276f28 100644
/*
+ * To allow fractional bits to be tracked, the entropy_count field is
+ * denominated in units of 1/8th bits.
-+ *
-+ * 2*(ENTROPY_SHIFT + log2(poolbits)) must <= 31, or the multiply in
-+ * credit_entropy_bits() needs to be 64 bits wide.
+ */
+#define ENTROPY_SHIFT 3
+#define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT)
@@ -34512,7 +34509,7 @@ index c244f0e..4276f28 100644
/*
* Static global variables
*/
-@@ -396,21 +418,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
+@@ -396,21 +415,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait);
static DECLARE_WAIT_QUEUE_HEAD(random_write_wait);
static struct fasync_struct *fasync;
@@ -34534,7 +34531,7 @@ index c244f0e..4276f28 100644
/**********************************************************************
*
* OS independent entropy store. Here are the functions which handle
-@@ -421,22 +428,26 @@ module_param(debug, bool, 0644);
+@@ -421,22 +425,26 @@ module_param(debug, bool, 0644);
struct entropy_store;
struct entropy_store {
/* read-only data: */
@@ -34565,7 +34562,7 @@ index c244f0e..4276f28 100644
static __u32 input_pool_data[INPUT_POOL_WORDS];
static __u32 blocking_pool_data[OUTPUT_POOL_WORDS];
static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS];
-@@ -445,7 +456,7 @@ static struct entropy_store input_pool = {
+@@ -445,7 +453,7 @@ static struct entropy_store input_pool = {
.poolinfo = &poolinfo_table[0],
.name = "input",
.limit = 1,
@@ -34574,7 +34571,7 @@ index c244f0e..4276f28 100644
.pool = input_pool_data
};
-@@ -454,16 +465,20 @@ static struct entropy_store blocking_pool = {
+@@ -454,16 +462,20 @@ static struct entropy_store blocking_pool = {
.name = "blocking",
.limit = 1,
.pull = &input_pool,
@@ -34599,7 +34596,7 @@ index c244f0e..4276f28 100644
};
static __u32 const twist_table[8] = {
-@@ -480,8 +495,8 @@ static __u32 const twist_table[8] = {
+@@ -480,8 +492,8 @@ static __u32 const twist_table[8] = {
* it's cheap to do so and helps slightly in the expected case where
* the entropy is concentrated in the low-order bits.
*/
@@ -34610,7 +34607,7 @@ index c244f0e..4276f28 100644
{
unsigned long i, j, tap1, tap2, tap3, tap4, tap5;
int input_rotate;
-@@ -501,7 +516,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -501,7 +513,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
/* mix one byte at a time to simplify size handling and churn faster */
while (nbytes--) {
@@ -34619,7 +34616,7 @@ index c244f0e..4276f28 100644
i = (i - 1) & wordmask;
/* XOR in the various taps */
-@@ -521,11 +536,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -521,11 +533,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
* rotation, so that successive passes spread the
* input bits across the pool evenly.
*/
@@ -34634,7 +34631,7 @@ index c244f0e..4276f28 100644
smp_wmb();
if (out)
-@@ -533,13 +548,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -533,13 +545,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in,
((__u32 *)out)[j] = r->pool[(i - j) & wordmask];
}
@@ -34658,7 +34655,7 @@ index c244f0e..4276f28 100644
spin_unlock_irqrestore(&r->lock, flags);
}
-@@ -556,58 +579,151 @@ struct fast_pool {
+@@ -556,58 +576,151 @@ struct fast_pool {
* collector. It's hardcoded for an 128 bit pool and assumes that any
* locks that might be needed are taken by the caller.
*/
@@ -34743,7 +34740,7 @@ index c244f0e..4276f28 100644
+ /* The +2 corresponds to the /4 in the denominator */
+
+ do {
-+ unsigned int anfrac = min(pnfrac, pool_size/2);
++ u64 anfrac = min(pnfrac, pool_size/2);
+ unsigned int add =
+ ((pool_size - entropy_count)*anfrac*3) >> s;
+
@@ -34834,7 +34831,7 @@ index c244f0e..4276f28 100644
/*********************************************************************
*
* Entropy input management
-@@ -621,42 +737,7 @@ struct timer_rand_state {
+@@ -621,42 +734,7 @@ struct timer_rand_state {
unsigned dont_count_entropy:1;
};
@@ -34878,7 +34875,7 @@ index c244f0e..4276f28 100644
/*
* Add device- or boot-specific data to the input and nonblocking
-@@ -669,15 +750,22 @@ static void set_timer_rand_state(unsigned int irq,
+@@ -669,15 +747,22 @@ static void set_timer_rand_state(unsigned int irq,
void add_device_randomness(const void *buf, unsigned int size)
{
unsigned long time = random_get_entropy() ^ jiffies;
@@ -34906,7 +34903,7 @@ index c244f0e..4276f28 100644
/*
* This function adds entropy to the entropy "pool" by using timing
-@@ -691,6 +779,7 @@ static struct timer_rand_state input_timer_state;
+@@ -691,6 +776,7 @@ static struct timer_rand_state input_timer_state;
*/
static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
{
@@ -34914,7 +34911,7 @@ index c244f0e..4276f28 100644
struct {
long jiffies;
unsigned cycles;
-@@ -699,15 +788,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
+@@ -699,15 +785,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
long delta, delta2, delta3;
preempt_disable();
@@ -34932,7 +34929,7 @@ index c244f0e..4276f28 100644
/*
* Calculate number of bits of randomness we probably added.
-@@ -741,10 +827,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
+@@ -741,10 +824,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
* Round down by 1 bit on general principles,
* and limit entropy entimate to 12 bits.
*/
@@ -34944,7 +34941,7 @@ index c244f0e..4276f28 100644
preempt_enable();
}
-@@ -757,10 +841,10 @@ void add_input_randomness(unsigned int type, unsigned int code,
+@@ -757,10 +838,10 @@ void add_input_randomness(unsigned int type, unsigned int code,
if (value == last_value)
return;
@@ -34956,7 +34953,7 @@ index c244f0e..4276f28 100644
}
EXPORT_SYMBOL_GPL(add_input_randomness);
-@@ -772,20 +856,21 @@ void add_interrupt_randomness(int irq, int irq_flags)
+@@ -772,20 +853,21 @@ void add_interrupt_randomness(int irq, int irq_flags)
struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness);
struct pt_regs *regs = get_irq_regs();
unsigned long now = jiffies;
@@ -34989,7 +34986,7 @@ index c244f0e..4276f28 100644
return;
fast_pool->last = now;
-@@ -814,10 +899,8 @@ void add_disk_randomness(struct gendisk *disk)
+@@ -814,10 +896,8 @@ void add_disk_randomness(struct gendisk *disk)
if (!disk || !disk->random)
return;
/* first major is 1, so we get >= 0x200 here */
@@ -35001,7 +34998,7 @@ index c244f0e..4276f28 100644
}
#endif
-@@ -835,104 +918,127 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -835,104 +915,127 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
* from the primary pool to the secondary extraction pool. We make
* sure we pull enough for a 'catastrophic reseed'.
*/
@@ -35195,7 +35192,7 @@ index c244f0e..4276f28 100644
spin_lock_irqsave(&r->lock, flags);
for (i = 0; i < r->poolinfo->poolwords; i += 16)
sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
-@@ -966,27 +1072,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -966,27 +1069,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
hash.w[1] ^= hash.w[4];
hash.w[2] ^= rol32(hash.w[2], 16);
@@ -35250,7 +35247,7 @@ index c244f0e..4276f28 100644
xfer_secondary_pool(r, nbytes);
nbytes = account(r, nbytes, min, reserved);
-@@ -994,8 +1116,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -994,8 +1113,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
extract_buf(r, tmp);
if (fips_enabled) {
@@ -35259,7 +35256,7 @@ index c244f0e..4276f28 100644
spin_lock_irqsave(&r->lock, flags);
if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
panic("Hardware RNG duplicated output!\n");
-@@ -1015,12 +1135,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -1015,12 +1132,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
return ret;
}
@@ -35277,7 +35274,7 @@ index c244f0e..4276f28 100644
xfer_secondary_pool(r, nbytes);
nbytes = account(r, nbytes, 0, 0);
-@@ -1036,7 +1161,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1036,7 +1158,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -35286,7 +35283,7 @@ index c244f0e..4276f28 100644
ret = -EFAULT;
break;
}
-@@ -1055,11 +1180,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1055,11 +1177,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
/*
* This function is the exported kernel interface. It returns some
* number of good random numbers, suitable for key generation, seeding
@@ -35309,7 +35306,7 @@ index c244f0e..4276f28 100644
extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
}
EXPORT_SYMBOL(get_random_bytes);
-@@ -1078,6 +1212,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
+@@ -1078,6 +1209,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
{
char *p = buf;
@@ -35317,7 +35314,7 @@ index c244f0e..4276f28 100644
while (nbytes) {
unsigned long v;
int chunk = min(nbytes, (int)sizeof(unsigned long));
-@@ -1111,12 +1246,11 @@ static void init_std_data(struct entropy_store *r)
+@@ -1111,12 +1243,11 @@ static void init_std_data(struct entropy_store *r)
ktime_t now = ktime_get_real();
unsigned long rv;
@@ -35333,7 +35330,7 @@ index c244f0e..4276f28 100644
mix_pool_bytes(r, &rv, sizeof(rv), NULL);
}
mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL);
-@@ -1139,25 +1273,7 @@ static int rand_initialize(void)
+@@ -1139,25 +1270,7 @@ static int rand_initialize(void)
init_std_data(&nonblocking_pool);
return 0;
}
@@ -35360,7 +35357,7 @@ index c244f0e..4276f28 100644
#ifdef CONFIG_BLOCK
void rand_initialize_disk(struct gendisk *disk)
-@@ -1169,71 +1285,59 @@ void rand_initialize_disk(struct gendisk *disk)
+@@ -1169,71 +1282,59 @@ void rand_initialize_disk(struct gendisk *disk)
* source.
*/
state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
@@ -35468,7 +35465,7 @@ index c244f0e..4276f28 100644
}
static unsigned int
-@@ -1244,9 +1348,9 @@ random_poll(struct file *file, poll_table * wait)
+@@ -1244,9 +1345,9 @@ random_poll(struct file *file, poll_table * wait)
poll_wait(file, &random_read_wait, wait);
poll_wait(file, &random_write_wait, wait);
mask = 0;
@@ -35480,7 +35477,7 @@ index c244f0e..4276f28 100644
mask |= POLLOUT | POLLWRNORM;
return mask;
}
-@@ -1297,7 +1401,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+@@ -1297,7 +1398,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
switch (cmd) {
case RNDGETENTCNT:
/* inherently racy, no point locking */
@@ -35490,7 +35487,7 @@ index c244f0e..4276f28 100644
return -EFAULT;
return 0;
case RNDADDTOENTCNT:
-@@ -1305,7 +1410,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+@@ -1305,7 +1407,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
return -EPERM;
if (get_user(ent_count, p))
return -EFAULT;
@@ -35499,7 +35496,7 @@ index c244f0e..4276f28 100644
return 0;
case RNDADDENTROPY:
if (!capable(CAP_SYS_ADMIN))
-@@ -1320,14 +1425,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+@@ -1320,14 +1422,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
size);
if (retval < 0)
return retval;
@@ -35522,7 +35519,7 @@ index c244f0e..4276f28 100644
return 0;
default:
return -EINVAL;
-@@ -1387,23 +1497,23 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1387,23 +1494,23 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -35553,7 +35550,7 @@ index c244f0e..4276f28 100644
unsigned char buf[64], tmp_uuid[16], *uuid;
uuid = table->data;
-@@ -1427,8 +1537,26 @@ static int proc_do_uuid(ctl_table *table, int write,
+@@ -1427,8 +1534,26 @@ static int proc_do_uuid(ctl_table *table, int write,
return proc_dostring(&fake_table, write, buffer, lenp, ppos);
}
@@ -35581,7 +35578,7 @@ index c244f0e..4276f28 100644
{
.procname = "poolsize",
.data = &sysctl_poolsize,
-@@ -1440,12 +1568,12 @@ ctl_table random_table[] = {
+@@ -1440,12 +1565,12 @@ ctl_table random_table[] = {
.procname = "entropy_avail",
.maxlen = sizeof(int),
.mode = 0444,
@@ -35596,7 +35593,7 @@ index c244f0e..4276f28 100644
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
-@@ -1454,7 +1582,7 @@ ctl_table random_table[] = {
+@@ -1454,7 +1579,7 @@ ctl_table random_table[] = {
},
{
.procname = "write_wakeup_threshold",
@@ -35605,7 +35602,7 @@ index c244f0e..4276f28 100644
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec_minmax,
-@@ -1462,6 +1590,13 @@ ctl_table random_table[] = {
+@@ -1462,6 +1587,13 @@ ctl_table random_table[] = {
.extra2 = &max_write_thresh,
},
{
@@ -35619,7 +35616,7 @@ index c244f0e..4276f28 100644
.procname = "boot_id",
.data = &sysctl_bootid,
.maxlen = 16,
-@@ -1492,7 +1627,7 @@ int random_int_secret_init(void)
+@@ -1492,7 +1624,7 @@ int random_int_secret_init(void)
* value is not cryptographically secure but for several uses the cost of
* depleting entropy is too high
*/
@@ -35628,7 +35625,7 @@ index c244f0e..4276f28 100644
unsigned int get_random_int(void)
{
__u32 *hash;
-@@ -1510,6 +1645,7 @@ unsigned int get_random_int(void)
+@@ -1510,6 +1642,7 @@ unsigned int get_random_int(void)
return ret;
}