diff options
| -rw-r--r-- | 4.3.3/0000_README | 2 | ||||
| -rw-r--r-- | 4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch (renamed from 4.3.3/4420_grsecurity-3.1-4.3.3-201512151908.patch) | 172 |
2 files changed, 142 insertions, 32 deletions
diff --git a/4.3.3/0000_README b/4.3.3/0000_README index 651d7dc..3e1d5a0 100644 --- a/4.3.3/0000_README +++ b/4.3.3/0000_README @@ -6,7 +6,7 @@ Patch: 1002_linux-4.3.3.patch From: http://www.kernel.org Desc: Linux 4.3.3 -Patch: 4420_grsecurity-3.1-4.3.3-201512151908.patch +Patch: 4420_grsecurity-3.1-4.3.3-201512162141.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.3.3/4420_grsecurity-3.1-4.3.3-201512151908.patch b/4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch index 38b71b4..4b7bff5 100644 --- a/4.3.3/4420_grsecurity-3.1-4.3.3-201512151908.patch +++ b/4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch @@ -2622,7 +2622,7 @@ index 3e1c26e..9ea61e6 100644 #endif mov r5, r0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S -index 30a7228..fc55cca 100644 +index 30a7228..d071196 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -11,18 +11,46 @@ @@ -2675,7 +2675,29 @@ index 30a7228..fc55cca 100644 .align 5 #if !(IS_ENABLED(CONFIG_TRACE_IRQFLAGS) || IS_ENABLED(CONFIG_CONTEXT_TRACKING)) /* -@@ -199,6 +227,12 @@ ENTRY(vector_swi) +@@ -36,7 +64,9 @@ ret_fast_syscall: + UNWIND(.cantunwind ) + disable_irq_notrace @ disable interrupts + ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing +- tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK ++ tst r1, #_TIF_SYSCALL_WORK ++ bne fast_work_pending ++ tst r1, #_TIF_WORK_MASK + bne fast_work_pending + + /* perform architecture specific actions before user return */ +@@ -62,7 +92,9 @@ ret_fast_syscall: + str r0, [sp, #S_R0 + S_OFF]! @ save returned r0 + disable_irq_notrace @ disable interrupts + ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing +- tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK ++ tst r1, #_TIF_SYSCALL_WORK ++ bne __sys_trace_return_nosave ++ tst r1, #_TIF_WORK_MASK + beq no_work_pending + UNWIND(.fnend ) + ENDPROC(ret_fast_syscall) +@@ -199,6 +231,12 @@ ENTRY(vector_swi) uaccess_disable tbl @@ -56491,9 +56513,76 @@ index c3fe026..9cfe421 100644 dlci->modem_rx = 0; diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index a0285da..bddb306 100644 +index a0285da..e84f8de 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c +@@ -1514,7 +1514,7 @@ n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag) + + static void + n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp, +- char *fp, int count) ++ char *fp, size_t count) + { + struct n_tty_data *ldata = tty->disc_data; + size_t n, head; +@@ -1534,7 +1534,7 @@ n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp, + + static void + n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp, +- char *fp, int count) ++ char *fp, size_t count) + { + struct n_tty_data *ldata = tty->disc_data; + char flag = TTY_NORMAL; +@@ -1551,7 +1551,7 @@ n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp, + + static void + n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp, +- char *fp, int count) ++ char *fp, size_t count) + { + char flag = TTY_NORMAL; + +@@ -1567,7 +1567,7 @@ n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp, + + static void + n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp, +- char *fp, int count) ++ char *fp, size_t count) + { + struct n_tty_data *ldata = tty->disc_data; + char flag = TTY_NORMAL; +@@ -1601,7 +1601,7 @@ n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp, + + static void + n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp, +- char *fp, int count) ++ char *fp, size_t count) + { + struct n_tty_data *ldata = tty->disc_data; + char flag = TTY_NORMAL; +@@ -1626,7 +1626,7 @@ n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp, + } + + static void __receive_buf(struct tty_struct *tty, const unsigned char *cp, +- char *fp, int count) ++ char *fp, size_t count) + { + struct n_tty_data *ldata = tty->disc_data; + bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty)); +@@ -1704,10 +1704,10 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp, + */ + static int + n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp, +- char *fp, int count, int flow) ++ char *fp, size_t count, int flow) + { + struct n_tty_data *ldata = tty->disc_data; +- int room, n, rcvd = 0, overflow; ++ size_t room, n, rcvd = 0, overflow; + + down_read(&tty->termios_rwsem); + @@ -2583,6 +2583,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; @@ -121765,7 +121854,7 @@ index c10a9ee..c621a01 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 3939dd2..d99c89d 100644 +index 3939dd2..ea4fbed 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -178,7 +178,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { @@ -121786,7 +121875,20 @@ index 3939dd2..d99c89d 100644 .autoconf = 1, .force_mld_version = 0, .mldv1_unsolicited_report_interval = 10 * HZ, -@@ -636,7 +636,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, +@@ -349,6 +349,12 @@ static struct inet6_dev *ipv6_add_dev(struct net_device *dev) + setup_timer(&ndev->rs_timer, addrconf_rs_timer, + (unsigned long)ndev); + memcpy(&ndev->cnf, dev_net(dev)->ipv6.devconf_dflt, sizeof(ndev->cnf)); ++ ++ if (ndev->cnf.stable_secret.initialized) ++ ndev->addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY; ++ else ++ ndev->addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64; ++ + ndev->cnf.mtu6 = dev->mtu; + ndev->cnf.sysctl = NULL; + ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl); +@@ -636,7 +642,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); @@ -121795,7 +121897,7 @@ index 3939dd2..d99c89d 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2576,7 +2576,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2576,7 +2582,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -121804,7 +121906,7 @@ index 3939dd2..d99c89d 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -3844,16 +3844,23 @@ static const struct file_operations if6_fops = { +@@ -3844,16 +3850,23 @@ static const struct file_operations if6_fops = { .release = seq_release_net, }; @@ -121829,7 +121931,7 @@ index 3939dd2..d99c89d 100644 } static struct pernet_operations if6_proc_net_ops = { -@@ -4472,7 +4479,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -4472,7 +4485,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -121838,7 +121940,7 @@ index 3939dd2..d99c89d 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -5140,7 +5147,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -5140,7 +5153,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) rt_genid_bump_ipv6(net); break; } @@ -121847,7 +121949,7 @@ index 3939dd2..d99c89d 100644 } static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) -@@ -5160,7 +5167,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -5160,7 +5173,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -121856,7 +121958,7 @@ index 3939dd2..d99c89d 100644 int ret; /* -@@ -5185,7 +5192,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write, +@@ -5185,7 +5198,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write, { struct inet6_dev *idev = ctl->extra1; int min_mtu = IPV6_MIN_MTU; @@ -121865,7 +121967,7 @@ index 3939dd2..d99c89d 100644 lctl = *ctl; lctl.extra1 = &min_mtu; -@@ -5260,7 +5267,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -5260,7 +5273,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -121874,7 +121976,7 @@ index 3939dd2..d99c89d 100644 int ret; /* -@@ -5325,7 +5332,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write, +@@ -5325,7 +5338,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write, int err; struct in6_addr addr; char str[IPV6_MAX_STRLEN]; @@ -121883,7 +121985,7 @@ index 3939dd2..d99c89d 100644 struct net *net = ctl->extra2; struct ipv6_stable_secret *secret = ctl->data; -@@ -5397,7 +5404,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl, +@@ -5397,7 +5410,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -124486,7 +124588,7 @@ index 26d50c5..dfae665 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index 9963a0b..aca2d16 100644 +index 9963a0b..b88ff74 100644 --- a/net/socket.c +++ b/net/socket.c @@ -89,6 +89,7 @@ @@ -124687,7 +124789,15 @@ index 9963a0b..aca2d16 100644 int err, err2; int fput_needed; -@@ -1927,7 +1992,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg, +@@ -1702,6 +1767,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, + msg.msg_name = addr ? (struct sockaddr *)&address : NULL; + /* We assume all kernel code knows the size of sockaddr_storage */ + msg.msg_namelen = 0; ++ msg.msg_iocb = NULL; + if (sock->file->f_flags & O_NONBLOCK) + flags |= MSG_DONTWAIT; + err = sock_recvmsg(sock, &msg, iov_iter_count(&msg.msg_iter), flags); +@@ -1927,7 +1993,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -124696,7 +124806,7 @@ index 9963a0b..aca2d16 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2077,7 +2142,7 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg, +@@ -2077,7 +2143,7 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg, ssize_t err; /* kernel mode address */ @@ -124705,7 +124815,7 @@ index 9963a0b..aca2d16 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2722,7 +2787,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2722,7 +2788,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -124714,7 +124824,7 @@ index 9963a0b..aca2d16 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -2833,7 +2898,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2833,7 +2899,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -124723,7 +124833,7 @@ index 9963a0b..aca2d16 100644 set_fs(old_fs); return err; -@@ -2926,7 +2991,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -2926,7 +2992,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -124732,7 +124842,7 @@ index 9963a0b..aca2d16 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3010,7 +3075,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3010,7 +3076,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -124741,7 +124851,7 @@ index 9963a0b..aca2d16 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3237,8 +3302,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3237,8 +3303,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -124752,7 +124862,7 @@ index 9963a0b..aca2d16 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3258,7 +3323,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3258,7 +3324,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -133880,10 +133990,10 @@ index 0000000..f74d85a +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 -index 0000000..eeb57be +index 0000000..b7a7596 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data -@@ -0,0 +1,12429 @@ +@@ -0,0 +1,12431 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -146313,6 +146423,8 @@ index 0000000..eeb57be +enable_so_rate_n_flags_iwlagn_tx_resp_63401 rate_n_flags iwlagn_tx_resp 0 63401 NULL +enable_so_iwlagn_hwrate_to_mac80211_idx_fndecl_57485 iwlagn_hwrate_to_mac80211_idx fndecl 0-1 57485 NULL +enable_so_rate_n_flags_iwl_rx_phy_info_45542 rate_n_flags iwl_rx_phy_info 0 45542 NULL ++enable_so_deh_location_reiserfs_de_head_7682 deh_location reiserfs_de_head 0 7682 NULL ++enable_so_deh_offset_reiserfs_de_head_42314 deh_offset reiserfs_de_head 0 42314 NULL diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d @@ -148556,10 +148668,10 @@ index 0000000..fc58e16 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..311b440 +index 0000000..7a7776b --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,21748 @@ +@@ -0,0 +1,21746 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL @@ -151082,8 +151194,7 @@ index 0000000..311b440 +enable_so_rds_sendmsg_fndecl_7675 rds_sendmsg fndecl 3 7675 NULL +enable_so_nfsd_max_blksize_vardecl_7678 nfsd_max_blksize vardecl 0 7678 NULL +enable_so_shmem_read_mapping_page_gfp_fndecl_7681 shmem_read_mapping_page_gfp fndecl 2 7681 NULL -+enable_so_deh_location_reiserfs_de_head_7682 deh_location reiserfs_de_head 0 7682 NULL nohasharray -+enable_so_UniStrnlen_fndecl_7682 UniStrnlen fndecl 0 7682 &enable_so_deh_location_reiserfs_de_head_7682 ++enable_so_UniStrnlen_fndecl_7682 UniStrnlen fndecl 0 7682 NULL +enable_so_pm860x_page_bulk_read_fndecl_7685 pm860x_page_bulk_read fndecl 3 7685 NULL nohasharray +enable_so_l1oip_socket_send_fndecl_7685 l1oip_socket_send fndecl 7 7685 &enable_so_pm860x_page_bulk_read_fndecl_7685 +enable_so_ipoib_dev_init_fndecl_7687 ipoib_dev_init fndecl 3 7687 NULL nohasharray @@ -162643,8 +162754,7 @@ index 0000000..311b440 +enable_so_ubi_more_leb_change_data_fndecl_42301 ubi_more_leb_change_data fndecl 4 42301 &enable_so_generic_cont_expand_simple_fndecl_42301 +enable_so_dcache_dir_lseek_fndecl_42308 dcache_dir_lseek fndecl 2 42308 NULL nohasharray +enable_so_iwch_reg_user_mr_fndecl_42308 iwch_reg_user_mr fndecl 2-3 42308 &enable_so_dcache_dir_lseek_fndecl_42308 -+enable_so_deh_offset_reiserfs_de_head_42314 deh_offset reiserfs_de_head 0 42314 NULL nohasharray -+enable_so_rproc_alloc_fndecl_42314 rproc_alloc fndecl 5 42314 &enable_so_deh_offset_reiserfs_de_head_42314 ++enable_so_rproc_alloc_fndecl_42314 rproc_alloc fndecl 5 42314 NULL +enable_so_log_pg_sz_remote_qpn_mlx5_qp_context_42315 log_pg_sz_remote_qpn mlx5_qp_context 0 42315 NULL +enable_so_num_rcv_contexts_hfi1_devdata_42317 num_rcv_contexts hfi1_devdata 0 42317 NULL +enable_so_kvm_write_guest_page_fndecl_42320 kvm_write_guest_page fndecl 2-5 42320 NULL nohasharray |