diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2014-06-20 20:55:46 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-06-20 20:55:46 -0400 |
commit | 03a14056c44091c6c4d1a75e9145a62a3b6531a8 (patch) | |
tree | d98c5df03212ac99508cd8a49470943dde923b65 | |
parent | Grsec/PaX: 3.0-{3.2.60,3.14.6}-201406101411 (diff) | |
download | hardened-patchset-03a14056c44091c6c4d1a75e9145a62a3b6531a8.tar.gz hardened-patchset-03a14056c44091c6c4d1a75e9145a62a3b6531a8.tar.bz2 hardened-patchset-03a14056c44091c6c4d1a75e9145a62a3b6531a8.zip |
Grsec/PaX: 3.0-{3.2.60,3.14.8}-20140619134720140619
-rw-r--r-- | 3.14.8/0000_README (renamed from 3.14.6/0000_README) | 2 | ||||
-rw-r--r-- | 3.14.8/4420_grsecurity-3.0-3.14.8-201406191347.patch (renamed from 3.14.6/4420_grsecurity-3.0-3.14.6-201406101411.patch) | 649 | ||||
-rw-r--r-- | 3.14.8/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.6/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.14.8/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.6/4427_force_XATTR_PAX_tmpfs.patch) | 4 | ||||
-rw-r--r-- | 3.14.8/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.6/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.14.8/4435_grsec-mute-warnings.patch (renamed from 3.14.6/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.14.8/4440_grsec-remove-protected-paths.patch (renamed from 3.14.6/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.14.8/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.6/4450_grsec-kconfig-default-gids.patch) | 12 | ||||
-rw-r--r-- | 3.14.8/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.6/4465_selinux-avc_audit-log-curr_ip.patch) | 2 | ||||
-rw-r--r-- | 3.14.8/4470_disable-compat_vdso.patch (renamed from 3.14.6/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.14.8/4475_emutramp_default_on.patch (renamed from 3.14.6/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.2.60/0000_README | 2 | ||||
-rw-r--r-- | 3.2.60/4420_grsecurity-3.0-3.2.60-201406191345.patch (renamed from 3.2.60/4420_grsecurity-3.0-3.2.60-201406101410.patch) | 231 | ||||
-rw-r--r-- | 3.2.60/4450_grsec-kconfig-default-gids.patch | 12 | ||||
-rw-r--r-- | 3.2.60/4465_selinux-avc_audit-log-curr_ip.patch | 2 |
15 files changed, 549 insertions, 367 deletions
diff --git a/3.14.6/0000_README b/3.14.8/0000_README index 982ffca..d9d0e9a 100644 --- a/3.14.6/0000_README +++ b/3.14.8/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.6-201406101411.patch +Patch: 4420_grsecurity-3.0-3.14.8-201406191347.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.6/4420_grsecurity-3.0-3.14.6-201406101411.patch b/3.14.8/4420_grsecurity-3.0-3.14.8-201406191347.patch index 274a809..cf0e6f3 100644 --- a/3.14.6/4420_grsecurity-3.0-3.14.6-201406101411.patch +++ b/3.14.8/4420_grsecurity-3.0-3.14.8-201406191347.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 0d499e6..2318683 100644 +index ef1d59b..7030652 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -2170,7 +2170,7 @@ index 71a06b2..8bb9ae1 100644 /* * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index 72abdc5..35acac1 100644 +index 7f3f3cc..bdf0665 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -18,6 +18,7 @@ @@ -2235,7 +2235,7 @@ index 72abdc5..35acac1 100644 }) extern int __put_user_1(void *, unsigned int); -@@ -195,8 +227,12 @@ extern int __put_user_8(void *, unsigned long long); +@@ -196,8 +228,12 @@ extern int __put_user_8(void *, unsigned long long); #define put_user(x,p) \ ({ \ @@ -2249,7 +2249,7 @@ index 72abdc5..35acac1 100644 }) #else /* CONFIG_MMU */ -@@ -220,6 +256,7 @@ static inline void set_fs(mm_segment_t fs) +@@ -221,6 +257,7 @@ static inline void set_fs(mm_segment_t fs) #endif /* CONFIG_MMU */ @@ -2257,7 +2257,7 @@ index 72abdc5..35acac1 100644 #define access_ok(type,addr,size) (__range_ok(addr,size) == 0) #define user_addr_max() \ -@@ -237,13 +274,17 @@ static inline void set_fs(mm_segment_t fs) +@@ -238,13 +275,17 @@ static inline void set_fs(mm_segment_t fs) #define __get_user(x,ptr) \ ({ \ long __gu_err = 0; \ @@ -2275,7 +2275,7 @@ index 72abdc5..35acac1 100644 (void) 0; \ }) -@@ -319,13 +360,17 @@ do { \ +@@ -320,13 +361,17 @@ do { \ #define __put_user(x,ptr) \ ({ \ long __pu_err = 0; \ @@ -2293,7 +2293,7 @@ index 72abdc5..35acac1 100644 (void) 0; \ }) -@@ -425,11 +470,44 @@ do { \ +@@ -426,11 +471,44 @@ do { \ #ifdef CONFIG_MMU @@ -2341,7 +2341,7 @@ index 72abdc5..35acac1 100644 #else #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) -@@ -438,6 +516,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l +@@ -439,6 +517,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -2351,7 +2351,7 @@ index 72abdc5..35acac1 100644 if (access_ok(VERIFY_READ, from, n)) n = __copy_from_user(to, from, n); else /* security hole - plug it */ -@@ -447,6 +528,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u +@@ -448,6 +529,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -2665,10 +2665,10 @@ index a2dcafd..1048b5a 100644 #if defined(CONFIG_OABI_COMPAT) diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S -index 39f89fb..d612bd9 100644 +index 88c6bab..652981b 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S -@@ -184,6 +184,60 @@ +@@ -188,6 +188,60 @@ msr cpsr_c, \rtemp @ switch back to the SVC mode .endm @@ -2729,7 +2729,7 @@ index 39f89fb..d612bd9 100644 #ifndef CONFIG_THUMB2_KERNEL .macro svc_exit, rpsr, irq = 0 .if \irq != 0 -@@ -203,6 +257,9 @@ +@@ -207,6 +261,9 @@ blne trace_hardirqs_off #endif .endif @@ -2739,7 +2739,7 @@ index 39f89fb..d612bd9 100644 msr spsr_cxsf, \rpsr #if defined(CONFIG_CPU_V6) ldr r0, [sp] -@@ -266,6 +323,9 @@ +@@ -270,6 +327,9 @@ blne trace_hardirqs_off #endif .endif @@ -6739,7 +6739,7 @@ index 25da651..ae2a259 100644 #endif /* __ASM_SMTC_PROC_H */ diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index 24846f9..61c49f0 100644 +index e80ae50..4404147 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h @@ -116,6 +116,8 @@ static inline struct thread_info *current_thread_info(void) @@ -6751,15 +6751,16 @@ index 24846f9..61c49f0 100644 #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) -@@ -134,13 +136,14 @@ static inline struct thread_info *current_thread_info(void) +@@ -134,14 +136,15 @@ static inline struct thread_info *current_thread_info(void) #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH) #define _TIF_32BIT_FPREGS (1<<TIF_32BIT_FPREGS) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID) #define _TIF_WORK_SYSCALL_ENTRY (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \ -- _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT) -+ _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) + _TIF_SYSCALL_AUDIT | \ +- _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) ++ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID) /* work to do in syscall_trace_leave() */ #define _TIF_WORK_SYSCALL_EXIT (_TIF_NOHZ | _TIF_SYSCALL_TRACE | \ @@ -6768,7 +6769,7 @@ index 24846f9..61c49f0 100644 /* work to do on interrupt/exception return */ #define _TIF_WORK_MASK \ -@@ -148,7 +151,7 @@ static inline struct thread_info *current_thread_info(void) +@@ -149,7 +152,7 @@ static inline struct thread_info *current_thread_info(void) /* work to do on any return to u-space */ #define _TIF_ALLWORK_MASK (_TIF_NOHZ | _TIF_WORK_MASK | \ _TIF_WORK_SYSCALL_EXIT | \ @@ -7088,7 +7089,7 @@ index c24ad5f..9983ab2 100644 } /* Arrange for an interrupt in a short while */ diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c -index e0b4996..6b43ce7 100644 +index 81e6ae0..6ab6e79 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -691,7 +691,18 @@ asmlinkage void do_ov(struct pt_regs *regs) @@ -36699,7 +36700,7 @@ index 36605ab..6ef6d4b 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index bb26636..09cbdb4 100644 +index 62fda16..8063873 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -39505,7 +39506,7 @@ index 199b52b..e3503bb 100644 ret = cpufreq_sysfs_create_file(&boost.attr); if (ret) { diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c -index ba43991..23858ffb 100644 +index e1c6433..31203ae 100644 --- a/drivers/cpufreq/cpufreq_governor.c +++ b/drivers/cpufreq/cpufreq_governor.c @@ -191,7 +191,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, @@ -39592,10 +39593,10 @@ index 18d4091..434be15 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index 9ac3783..652b033 100644 +index de9ef4a..0b29fc9 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c -@@ -126,10 +126,10 @@ struct pstate_funcs { +@@ -125,10 +125,10 @@ struct pstate_funcs { struct cpu_defaults { struct pstate_adjust_policy pid_policy; struct pstate_funcs funcs; @@ -39608,7 +39609,7 @@ index 9ac3783..652b033 100644 struct perf_limits { int no_turbo; -@@ -527,7 +527,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -529,7 +529,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -39617,7 +39618,7 @@ index 9ac3783..652b033 100644 } static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -549,12 +549,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) +@@ -551,12 +551,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { sprintf(cpu->name, "Intel 2nd generation core"); @@ -39635,7 +39636,7 @@ index 9ac3783..652b033 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); } -@@ -830,9 +830,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -39648,7 +39649,7 @@ index 9ac3783..652b033 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -846,7 +846,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -39657,7 +39658,7 @@ index 9ac3783..652b033 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -858,11 +858,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -40176,7 +40177,7 @@ index eb6935c..3cc2bfa 100644 #include <asm/byteorder.h> diff --git a/drivers/firewire/core.h b/drivers/firewire/core.h -index c98764a..551b520 100644 +index f477308..2795f24 100644 --- a/drivers/firewire/core.h +++ b/drivers/firewire/core.h @@ -111,6 +111,7 @@ struct fw_card_driver { @@ -40188,7 +40189,7 @@ index c98764a..551b520 100644 void fw_card_initialize(struct fw_card *card, const struct fw_card_driver *driver, struct device *device); diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c -index 8db6632..9bbc8ca 100644 +index 586f2f7..3545ad2 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c @@ -2049,10 +2049,12 @@ static void bus_reset_work(struct work_struct *work) @@ -40680,7 +40681,7 @@ index 15a74f9..4278889 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 697f215..6f89b7f 100644 +index 4677af9..cd79971 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -1362,7 +1362,7 @@ typedef struct drm_i915_private { @@ -40693,7 +40694,7 @@ index 697f215..6f89b7f 100644 /* protects the irq masks */ spinlock_t irq_lock; diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index d269ecf..6d857bc 100644 +index 768e666..68cf44d 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -860,9 +860,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) @@ -40865,7 +40866,7 @@ index 4050450..f67c5c1 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 9d4d837..6836e22 100644 +index b6fb3eb..e0fa1e1 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -10798,13 +10798,13 @@ struct intel_quirk { @@ -41462,7 +41463,7 @@ index 4a85bb6..aaea819 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 7f370b3..4e92ca6 100644 +index 0bf6f4a..18e2437 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -1128,7 +1128,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) @@ -44516,7 +44517,7 @@ index 8c53b09..f1fb2b0 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 51c431c..be0fbd6 100644 +index 8b013f8..93eed41 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -44773,10 +44774,33 @@ index cb882aa..9bd076e 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 16f5c21..4df20dc 100644 +index 16f5c21..522b82e 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1991,21 +1991,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) + return 1; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t raid5_cache_id = ATOMIC_INIT(0); ++#endif ++ + static int grow_stripes(struct r5conf *conf, int num) + { + struct kmem_cache *sc; +@@ -1718,7 +1722,11 @@ static int grow_stripes(struct r5conf *conf, int num) + "raid%d-%s", conf->level, mdname(conf->mddev)); + else + sprintf(conf->cache_name[0], ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ "raid%d-%08lx", conf->level, atomic_inc_return_unchecked(&raid5_cache_id)); ++#else + "raid%d-%p", conf->level, conf->mddev); ++#endif + sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]); + + conf->active_name = 0; +@@ -1991,21 +1999,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -44802,7 +44826,7 @@ index 16f5c21..4df20dc 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -2033,7 +2033,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2033,7 +2041,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -48190,7 +48214,7 @@ index 53b58de..4479896 100644 int retval = -ENOMEM; diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c -index 955ab79..d1df9c7 100644 +index fb02fc2..83dc2c3 100644 --- a/drivers/pci/msi.c +++ b/drivers/pci/msi.c @@ -524,8 +524,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev) @@ -52475,7 +52499,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index d498d03..e26f959 100644 +index 3baa51b..92907cf 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -52486,7 +52510,7 @@ index d498d03..e26f959 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4472,6 +4473,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4483,6 +4484,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -56472,7 +56496,7 @@ index 04cd768..25949c1 100644 file = aio_private_file(ctx, nr_pages); diff --git a/fs/attr.c b/fs/attr.c -index 5d4e59d..fd02418 100644 +index 6530ced..4a827e2 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -58847,7 +58871,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 31e46b1..f5c70a3 100644 +index 31e46b1..88754df 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,8 +55,20 @@ @@ -59595,8 +59619,8 @@ index 31e46b1..f5c70a3 100644 +#ifndef CONFIG_STACK_GROWSUP + unsigned long stackstart = (unsigned long)task_stack_page(current); + unsigned long currentsp = (unsigned long)&stackstart; -+ if (unlikely(currentsp < stackstart + 512 || -+ currentsp >= stackstart + THREAD_SIZE)) ++ if (unlikely((currentsp < stackstart + 512 || ++ currentsp >= stackstart + THREAD_SIZE) && !in_interrupt())) + BUG(); +#endif + @@ -59978,10 +60002,18 @@ index ef68665..5deacdc 100644 return 0; } diff --git a/fs/fhandle.c b/fs/fhandle.c -index 999ff5c..41f4109 100644 +index 999ff5c..ac037c9 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c -@@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path, +@@ -8,6 +8,7 @@ + #include <linux/fs_struct.h> + #include <linux/fsnotify.h> + #include <linux/personality.h> ++#include <linux/grsecurity.h> + #include <asm/uaccess.h> + #include "internal.h" + #include "mount.h" +@@ -67,8 +68,7 @@ static long do_sys_name_to_handle(struct path *path, } else retval = 0; /* copy the mount id */ @@ -59991,6 +60023,15 @@ index 999ff5c..41f4109 100644 copy_to_user(ufh, handle, sizeof(struct file_handle) + handle_bytes)) retval = -EFAULT; +@@ -175,7 +175,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, + * the directory. Ideally we would like CAP_DAC_SEARCH. + * But we don't have that + */ +- if (!capable(CAP_DAC_READ_SEARCH)) { ++ if (!capable(CAP_DAC_READ_SEARCH) || !gr_chroot_fhandle()) { + retval = -EPERM; + goto out_err; + } diff --git a/fs/file.c b/fs/file.c index eb56a13..ccee850 100644 --- a/fs/file.c @@ -61655,7 +61696,7 @@ index d19b30a..ef89c36 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index 4bcdad3..1883822 100644 +index e846a32..6b22e15 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -841,8 +841,8 @@ unsigned int get_next_ino(void) @@ -61904,10 +61945,10 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index 4a3c105..0d718f4 100644 +index 8274c8d..922e189 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -330,16 +330,32 @@ int generic_permission(struct inode *inode, int mask) +@@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -61919,14 +61960,16 @@ index 4a3c105..0d718f4 100644 + if (S_ISDIR(inode->i_mode)) { /* DACs are overridable for directories */ -- if (inode_capable(inode, CAP_DAC_OVERRIDE)) +- if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) - return 0; if (!(mask & MAY_WRITE)) -- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) -+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) || -+ inode_capable(inode, CAP_DAC_READ_SEARCH)) +- if (capable_wrt_inode_uidgid(inode, ++ if (capable_wrt_inode_uidgid_nolog(inode, ++ CAP_DAC_OVERRIDE) || ++ capable_wrt_inode_uidgid(inode, + CAP_DAC_READ_SEARCH)) return 0; -+ if (inode_capable(inode, CAP_DAC_OVERRIDE)) ++ if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) + return 0; return -EACCES; } @@ -61935,16 +61978,16 @@ index 4a3c105..0d718f4 100644 + */ + mask &= MAY_READ | MAY_WRITE | MAY_EXEC; + if (mask == MAY_READ) -+ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) || -+ inode_capable(inode, CAP_DAC_READ_SEARCH)) ++ if (capable_wrt_inode_uidgid_nolog(inode, CAP_DAC_OVERRIDE) || ++ capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) + return 0; + + /* * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -348,14 +364,6 @@ int generic_permission(struct inode *inode, int mask) - if (inode_capable(inode, CAP_DAC_OVERRIDE)) +@@ -349,14 +366,6 @@ int generic_permission(struct inode *inode, int mask) + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; - /* @@ -61952,13 +61995,13 @@ index 4a3c105..0d718f4 100644 - */ - mask &= MAY_READ | MAY_WRITE | MAY_EXEC; - if (mask == MAY_READ) -- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) +- if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH)) - return 0; - return -EACCES; } -@@ -821,7 +829,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -822,7 +831,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -61967,7 +62010,7 @@ index 4a3c105..0d718f4 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -842,6 +850,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -843,6 +852,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -61980,7 +62023,7 @@ index 4a3c105..0d718f4 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1590,6 +1604,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1591,6 +1606,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -61989,7 +62032,7 @@ index 4a3c105..0d718f4 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1663,7 +1679,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1664,7 +1681,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -61998,7 +62041,7 @@ index 4a3c105..0d718f4 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1947,6 +1963,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1948,6 +1965,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -62007,7 +62050,7 @@ index 4a3c105..0d718f4 100644 put_link(nd, &link, cookie); } } -@@ -1954,6 +1972,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1955,6 +1974,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -62021,7 +62064,7 @@ index 4a3c105..0d718f4 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!d_is_directory(nd->path.dentry)) { path_put(&nd->path); -@@ -1981,8 +2006,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -1982,8 +2008,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -62038,7 +62081,7 @@ index 4a3c105..0d718f4 100644 return retval; } -@@ -2556,6 +2588,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2557,6 +2590,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -62052,7 +62095,7 @@ index 4a3c105..0d718f4 100644 return 0; } -@@ -2787,7 +2826,7 @@ looked_up: +@@ -2788,7 +2828,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -62061,7 +62104,7 @@ index 4a3c105..0d718f4 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2822,6 +2861,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2823,6 +2863,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -62079,7 +62122,7 @@ index 4a3c105..0d718f4 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2843,6 +2893,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2844,6 +2895,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -62088,7 +62131,7 @@ index 4a3c105..0d718f4 100644 } out_no_open: path->dentry = dentry; -@@ -2857,7 +2909,7 @@ out_dput: +@@ -2858,7 +2911,7 @@ out_dput: /* * Handle the last step of open() */ @@ -62097,7 +62140,7 @@ index 4a3c105..0d718f4 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2907,6 +2959,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2908,6 +2961,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -62113,7 +62156,7 @@ index 4a3c105..0d718f4 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2926,7 +2987,7 @@ retry_lookup: +@@ -2927,7 +2989,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -62122,7 +62165,7 @@ index 4a3c105..0d718f4 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2950,11 +3011,28 @@ retry_lookup: +@@ -2951,11 +3013,28 @@ retry_lookup: goto finish_open_created; } @@ -62152,7 +62195,7 @@ index 4a3c105..0d718f4 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2995,6 +3073,11 @@ finish_lookup: +@@ -2996,6 +3075,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -62164,7 +62207,7 @@ index 4a3c105..0d718f4 100644 return 1; } -@@ -3004,7 +3087,6 @@ finish_lookup: +@@ -3005,7 +3089,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -62172,7 +62215,7 @@ index 4a3c105..0d718f4 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3014,7 +3096,18 @@ finish_open: +@@ -3015,7 +3098,18 @@ finish_open: path_put(&save_parent); return error; } @@ -62191,7 +62234,7 @@ index 4a3c105..0d718f4 100644 error = -EISDIR; if ((open_flag & O_CREAT) && (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3178,7 +3271,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -62200,7 +62243,7 @@ index 4a3c105..0d718f4 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3196,7 +3289,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -62209,7 +62252,7 @@ index 4a3c105..0d718f4 100644 put_link(nd, &link, cookie); } out: -@@ -3296,9 +3389,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -62223,7 +62266,7 @@ index 4a3c105..0d718f4 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3350,6 +3445,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -62244,7 +62287,7 @@ index 4a3c105..0d718f4 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3412,6 +3521,17 @@ retry: +@@ -3413,6 +3523,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62262,7 +62305,7 @@ index 4a3c105..0d718f4 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3428,6 +3548,8 @@ retry: +@@ -3429,6 +3550,8 @@ retry: break; } out: @@ -62271,7 +62314,7 @@ index 4a3c105..0d718f4 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3480,9 +3602,16 @@ retry: +@@ -3481,9 +3604,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62288,7 +62331,7 @@ index 4a3c105..0d718f4 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3563,6 +3692,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -62297,7 +62340,7 @@ index 4a3c105..0d718f4 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3595,10 +3726,21 @@ retry: +@@ -3596,10 +3728,21 @@ retry: error = -ENOENT; goto exit3; } @@ -62319,7 +62362,7 @@ index 4a3c105..0d718f4 100644 exit3: dput(dentry); exit2: -@@ -3688,6 +3830,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -62328,7 +62371,7 @@ index 4a3c105..0d718f4 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3714,10 +3858,22 @@ retry_deleg: +@@ -3715,10 +3860,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -62351,7 +62394,7 @@ index 4a3c105..0d718f4 100644 exit2: dput(dentry); } -@@ -3805,9 +3961,17 @@ retry: +@@ -3806,9 +3963,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -62369,7 +62412,7 @@ index 4a3c105..0d718f4 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3910,6 +4074,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -62377,7 +62420,7 @@ index 4a3c105..0d718f4 100644 int how = 0; int error; -@@ -3933,7 +4098,7 @@ retry: +@@ -3934,7 +4100,7 @@ retry: if (error) return error; @@ -62386,7 +62429,7 @@ index 4a3c105..0d718f4 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3945,11 +4110,28 @@ retry: +@@ -3946,11 +4112,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -62415,7 +62458,7 @@ index 4a3c105..0d718f4 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4236,6 +4418,12 @@ retry_deleg: +@@ -4237,6 +4420,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -62428,7 +62471,7 @@ index 4a3c105..0d718f4 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4243,6 +4431,9 @@ retry_deleg: +@@ -4244,6 +4433,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -62438,7 +62481,7 @@ index 4a3c105..0d718f4 100644 exit5: dput(new_dentry); exit4: -@@ -4279,6 +4470,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -62447,7 +62490,7 @@ index 4a3c105..0d718f4 100644 int len; len = PTR_ERR(link); -@@ -4288,7 +4481,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -64809,7 +64852,7 @@ index 6f599c6..bd00271 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index fb52b54..5fc7c14 100644 +index 8f78819..ba6c272 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -12,12 +12,19 @@ @@ -65965,7 +66008,7 @@ index aead369..0dfecfd 100644 return 0; sfep = dp->d_ops->sf_nextentry(sfp, sfep); diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index bcfe612..aa399c0 100644 +index 78e62cc..eec3706 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -122,7 +122,7 @@ xfs_find_handle( @@ -65979,10 +66022,10 @@ index bcfe612..aa399c0 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..a14eb52 +index 0000000..bfd482c --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1174 @@ +@@ -0,0 +1,1176 @@ +# +# grecurity configuration +# @@ -66544,14 +66587,16 @@ index 0000000..a14eb52 + created. + +config GRKERNSEC_CHROOT_FCHDIR -+ bool "Deny fchdir out of chroot" ++ bool "Deny fchdir and fhandle out of chroot" + default y if GRKERNSEC_CONFIG_AUTO + depends on GRKERNSEC_CHROOT + help + If you say Y here, a well-known method of breaking chroots by fchdir'ing + to a file descriptor of the chrooting process that points to a directory -+ outside the filesystem will be stopped. If the sysctl option -+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created. ++ outside the filesystem will be stopped. Additionally, this option prevents ++ use of the recently-created syscall for opening files by a guessable "file ++ handle" inside a chroot. If the sysctl option is enabled, a sysctl option ++ with name "chroot_deny_fchdir" is created. + +config GRKERNSEC_CHROOT_MKNOD + bool "Deny mknod" @@ -73707,10 +73752,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..651d6c2 +index 0000000..baa635c --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,370 @@ +@@ -0,0 +1,387 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -73885,6 +73930,23 @@ index 0000000..651d6c2 +} + +int ++gr_chroot_fhandle(void) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR ++ if (!grsec_enable_chroot_fchdir) ++ return 1; ++ ++ if (!proc_is_chrooted(current)) ++ return 1; ++ else { ++ gr_log_noargs(GR_DONT_AUDIT, GR_CHROOT_FHANDLE_MSG); ++ return 0; ++ } ++#endif ++ return 1; ++} ++ ++int +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, + const time_t shm_createtime) +{ @@ -77916,16 +77978,16 @@ index 17e7e82..1d7da26 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index a6ee1f9..e1ca49d 100644 +index 84b13ad..d7b6550 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -212,8 +212,13 @@ extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); - extern bool inode_capable(const struct inode *inode, int cap); + extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); +extern bool capable_nolog(int cap); +extern bool ns_capable_nolog(struct user_namespace *ns, int cap); -+extern bool inode_capable_nolog(const struct inode *inode, int cap); ++extern bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap); /* audit system wants to get cap info from files as well */ extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); @@ -79749,10 +79811,10 @@ index 0000000..d25522e +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..ba93581 +index 0000000..b02ba9d --- /dev/null +++ b/include/linux/grmsg.h -@@ -0,0 +1,116 @@ +@@ -0,0 +1,117 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -79799,6 +79861,7 @@ index 0000000..ba93581 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " ++#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by " +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by " +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by " @@ -79871,10 +79934,10 @@ index 0000000..ba93581 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..f2d8c6c +index 0000000..5c4bdee --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,248 @@ +@@ -0,0 +1,249 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -79920,6 +79983,7 @@ index 0000000..f2d8c6c +int gr_handle_chroot_setpriority(struct task_struct *p, + const int niceval); +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); ++int gr_chroot_fhandle(void); +int gr_handle_chroot_chroot(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_handle_chroot_chdir(const struct path *path); @@ -81565,37 +81629,6 @@ index 5f2e559..7d59314 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot -diff --git a/include/linux/percpu-refcount.h b/include/linux/percpu-refcount.h -index 95961f0..0afb48f 100644 ---- a/include/linux/percpu-refcount.h -+++ b/include/linux/percpu-refcount.h -@@ -110,7 +110,7 @@ static inline void percpu_ref_get(struct percpu_ref *ref) - pcpu_count = ACCESS_ONCE(ref->pcpu_count); - - if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) -- __this_cpu_inc(*pcpu_count); -+ this_cpu_inc(*pcpu_count); - else - atomic_inc(&ref->count); - -@@ -139,7 +139,7 @@ static inline bool percpu_ref_tryget(struct percpu_ref *ref) - pcpu_count = ACCESS_ONCE(ref->pcpu_count); - - if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) { -- __this_cpu_inc(*pcpu_count); -+ this_cpu_inc(*pcpu_count); - ret = true; - } - -@@ -164,7 +164,7 @@ static inline void percpu_ref_put(struct percpu_ref *ref) - pcpu_count = ACCESS_ONCE(ref->pcpu_count); - - if (likely(REF_STATUS(pcpu_count) == PCPU_REF_PTR)) -- __this_cpu_dec(*pcpu_count); -+ this_cpu_dec(*pcpu_count); - else if (unlikely(atomic_dec_and_test(&ref->count))) - ref->release(ref); - diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index e56b07f..aef789b 100644 --- a/include/linux/perf_event.h @@ -85752,68 +85785,10 @@ index d5f31c1..06646e1 100644 s.version = AUDIT_VERSION_LATEST; s.backlog_wait_time = audit_backlog_wait_time; diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 3b29605..3604797 100644 +index 37e6216..3604797 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -720,6 +720,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) - return AUDIT_BUILD_CONTEXT; - } - -+static int audit_in_mask(const struct audit_krule *rule, unsigned long val) -+{ -+ int word, bit; -+ -+ if (val > 0xffffffff) -+ return false; -+ -+ word = AUDIT_WORD(val); -+ if (word >= AUDIT_BITMASK_SIZE) -+ return false; -+ -+ bit = AUDIT_BIT(val); -+ -+ return rule->mask[word] & bit; -+} -+ - /* At syscall entry and exit time, this filter is called if the - * audit_state is not low enough that auditing cannot take place, but is - * also not high enough that we already know we have to write an audit -@@ -737,11 +753,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, - - rcu_read_lock(); - if (!list_empty(list)) { -- int word = AUDIT_WORD(ctx->major); -- int bit = AUDIT_BIT(ctx->major); -- - list_for_each_entry_rcu(e, list, list) { -- if ((e->rule.mask[word] & bit) == bit && -+ if (audit_in_mask(&e->rule, ctx->major) && - audit_filter_rules(tsk, &e->rule, ctx, NULL, - &state, false)) { - rcu_read_unlock(); -@@ -761,20 +774,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, - static int audit_filter_inode_name(struct task_struct *tsk, - struct audit_names *n, - struct audit_context *ctx) { -- int word, bit; - int h = audit_hash_ino((u32)n->ino); - struct list_head *list = &audit_inode_hash[h]; - struct audit_entry *e; - enum audit_state state; - -- word = AUDIT_WORD(ctx->major); -- bit = AUDIT_BIT(ctx->major); -- - if (list_empty(list)) - return 0; - - list_for_each_entry_rcu(e, list, list) { -- if ((e->rule.mask[word] & bit) == bit && -+ if (audit_in_mask(&e->rule, ctx->major) && - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { - ctx->current_state = state; - return 1; -@@ -1945,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -1954,7 +1954,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -85822,7 +85797,7 @@ index 3b29605..3604797 100644 static int audit_set_loginuid_perm(kuid_t loginuid) { -@@ -2014,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid) +@@ -2023,7 +2023,7 @@ int audit_set_loginuid(kuid_t loginuid) /* are we setting or clearing? */ if (uid_valid(loginuid)) @@ -85832,7 +85807,7 @@ index 3b29605..3604797 100644 task->sessionid = sessionid; task->loginuid = loginuid; diff --git a/kernel/capability.c b/kernel/capability.c -index 34019c5..363f279 100644 +index 1191a44..7c81292 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -85914,20 +85889,21 @@ index 34019c5..363f279 100644 +EXPORT_SYMBOL(capable_nolog); + /** - * inode_capable - Check superior capability over inode + * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped * @inode: The inode in question -@@ -453,3 +478,11 @@ bool inode_capable(const struct inode *inode, int cap) - return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +@@ -449,3 +474,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) + kgid_has_mapping(ns, inode->i_gid); } - EXPORT_SYMBOL(inode_capable); + EXPORT_SYMBOL(capable_wrt_inode_uidgid); + -+bool inode_capable_nolog(const struct inode *inode, int cap) ++bool capable_wrt_inode_uidgid_nolog(const struct inode *inode, int cap) +{ + struct user_namespace *ns = current_user_ns(); + -+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); ++ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid) && ++ kgid_has_mapping(ns, inode->i_gid); +} -+EXPORT_SYMBOL(inode_capable_nolog); ++EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 0c753dd..dd7d3d6 100644 --- a/kernel/cgroup.c @@ -86358,7 +86334,7 @@ index 0b097c8..11dd5c5 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index fa0b2d4..67a1c7a 100644 +index 0e7fea7..f869fde 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu; @@ -86396,7 +86372,7 @@ index fa0b2d4..67a1c7a 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2986,7 +2993,7 @@ static void __perf_event_read(void *info) +@@ -3000,7 +3007,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -86405,7 +86381,7 @@ index fa0b2d4..67a1c7a 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3354,9 +3361,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3365,9 +3372,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -86417,7 +86393,7 @@ index fa0b2d4..67a1c7a 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3785,10 +3792,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3796,10 +3803,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -86430,7 +86406,7 @@ index fa0b2d4..67a1c7a 100644 arch_perf_update_userpage(userpg, now); -@@ -4339,7 +4346,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, +@@ -4350,7 +4357,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, /* Data. */ sp = perf_user_stack_pointer(regs); @@ -86439,7 +86415,7 @@ index fa0b2d4..67a1c7a 100644 dyn_size = dump_size - rem; perf_output_skip(handle, rem); -@@ -4430,11 +4437,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -4441,11 +4448,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -86453,7 +86429,7 @@ index fa0b2d4..67a1c7a 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -6704,7 +6711,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6724,7 +6731,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(task_active_pid_ns(current)); @@ -86462,7 +86438,7 @@ index fa0b2d4..67a1c7a 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -7004,6 +7011,11 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -7024,6 +7031,11 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -86474,7 +86450,7 @@ index fa0b2d4..67a1c7a 100644 err = perf_copy_attr(attr_uptr, &attr); if (err) return err; -@@ -7339,10 +7351,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -7362,10 +7374,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -90051,7 +90027,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index f5c6635..7133356 100644 +index 0aae0fc..2ba2b81 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -90094,7 +90070,7 @@ index f5c6635..7133356 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3332,6 +3337,7 @@ recheck: +@@ -3355,6 +3360,7 @@ recheck: if (policy != p->policy && !rlim_rtprio) return -EPERM; @@ -90102,7 +90078,7 @@ index f5c6635..7133356 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4702,8 +4708,10 @@ void idle_task_exit(void) +@@ -4726,8 +4732,10 @@ void idle_task_exit(void) BUG_ON(cpu_online(smp_processor_id())); @@ -90114,7 +90090,7 @@ index f5c6635..7133356 100644 mmdrop(mm); } -@@ -4781,7 +4789,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4805,7 +4813,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -90123,7 +90099,7 @@ index f5c6635..7133356 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4798,17 +4806,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4822,17 +4830,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -90145,7 +90121,7 @@ index f5c6635..7133356 100644 /* * In the intermediate directories, both the child directory and -@@ -4816,22 +4824,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4840,22 +4848,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -90177,7 +90153,7 @@ index f5c6635..7133356 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4851,7 +4862,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4875,7 +4886,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -90186,7 +90162,7 @@ index f5c6635..7133356 100644 if (table == NULL) return NULL; -@@ -4886,9 +4897,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -4910,9 +4921,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -90198,7 +90174,7 @@ index f5c6635..7133356 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -4915,11 +4926,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -4939,11 +4950,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -90213,7 +90189,7 @@ index f5c6635..7133356 100644 if (entry == NULL) return; -@@ -4942,8 +4955,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -4966,8 +4979,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -92905,7 +92881,7 @@ index 539eeb9..e24a987 100644 if (end == start) return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 66586bb..73ab487 100644 +index e346fa9..5d32f0a 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -92953,7 +92929,15 @@ index 66586bb..73ab487 100644 unlock_page(hpage); return 0; } -@@ -1162,7 +1162,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1157,14 +1157,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags) + */ + if (!PageHWPoison(p)) { + printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn); +- atomic_long_sub(nr_pages, &num_poisoned_pages); ++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages); + put_page(hpage); + res = 0; + goto out; } if (hwpoison_filter(p)) { if (TestClearPageHWPoison(p)) @@ -92962,7 +92946,7 @@ index 66586bb..73ab487 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1384,7 +1384,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1386,7 +1386,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -92971,7 +92955,7 @@ index 66586bb..73ab487 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1398,7 +1398,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1400,7 +1400,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -92980,7 +92964,7 @@ index 66586bb..73ab487 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1523,11 +1523,11 @@ static int soft_offline_huge_page(struct page *page, int flags) +@@ -1525,11 +1525,11 @@ static int soft_offline_huge_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -92994,7 +92978,7 @@ index 66586bb..73ab487 100644 } } return ret; -@@ -1566,7 +1566,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1568,7 +1568,7 @@ static int __soft_offline_page(struct page *page, int flags) put_page(page); pr_info("soft_offline: %#lx: invalidated\n", pfn); SetPageHWPoison(page); @@ -93003,7 +92987,7 @@ index 66586bb..73ab487 100644 return 0; } -@@ -1617,7 +1617,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1619,7 +1619,7 @@ static int __soft_offline_page(struct page *page, int flags) if (!is_free_buddy_page(page)) pr_info("soft offline: %#lx: page leaked\n", pfn); @@ -93012,7 +92996,7 @@ index 66586bb..73ab487 100644 } } else { pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", -@@ -1691,11 +1691,11 @@ int soft_offline_page(struct page *page, int flags) +@@ -1693,11 +1693,11 @@ int soft_offline_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -93722,10 +93706,10 @@ index 49e930f..90d7ec5 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index ae3c8f3..fa4ee8e 100644 +index 56224d9..a74c77e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -746,6 +746,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -750,6 +750,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, unsigned long vmstart; unsigned long vmend; @@ -93736,7 +93720,7 @@ index ae3c8f3..fa4ee8e 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -789,6 +793,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -793,6 +797,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, err = vma_replace_policy(vma, new_pol); if (err) goto out; @@ -93753,7 +93737,7 @@ index ae3c8f3..fa4ee8e 100644 } out: -@@ -1252,6 +1266,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1256,6 +1270,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -93771,7 +93755,7 @@ index ae3c8f3..fa4ee8e 100644 if (end == start) return 0; -@@ -1480,8 +1505,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1484,8 +1509,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -93781,7 +93765,7 @@ index ae3c8f3..fa4ee8e 100644 rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1512,6 +1536,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1516,6 +1540,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -95742,7 +95726,7 @@ index fd26d04..0cea1b0 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index d3cbac5..3784601 100644 +index 5d91bb7..3784601 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -95844,20 +95828,8 @@ index d3cbac5..3784601 100644 } /* -@@ -1554,10 +1590,9 @@ void __put_anon_vma(struct anon_vma *anon_vma) - { - struct anon_vma *root = anon_vma->root; - -+ anon_vma_free(anon_vma); - if (root != anon_vma && atomic_dec_and_test(&root->refcount)) - anon_vma_free(root); -- -- anon_vma_free(anon_vma); - } - - static struct anon_vma *rmap_walk_anon_lock(struct page *page, diff --git a/mm/shmem.c b/mm/shmem.c -index 1f18c9d..3e03d33 100644 +index 1f18c9d..b550bab 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -95869,7 +95841,7 @@ index 1f18c9d..3e03d33 100644 #ifdef CONFIG_SHMEM /* -@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt; +@@ -77,14 +77,15 @@ static struct vfsmount *shm_mnt; #define BOGO_DIRENT_SIZE 20 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */ @@ -95877,8 +95849,99 @@ index 1f18c9d..3e03d33 100644 +#define SHORT_SYMLINK_LEN 64 /* - * shmem_fallocate and shmem_writepage communicate via inode->i_private -@@ -2218,6 +2218,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +- * shmem_fallocate and shmem_writepage communicate via inode->i_private +- * (with i_mutex making sure that it has only one user at a time): +- * we would prefer not to enlarge the shmem inode just for that. ++ * shmem_fallocate communicates with shmem_fault or shmem_writepage via ++ * inode->i_private (with i_mutex making sure that it has only one user at ++ * a time): we would prefer not to enlarge the shmem inode just for that. + */ + struct shmem_falloc { ++ int mode; /* FALLOC_FL mode currently operating */ + pgoff_t start; /* start of range currently being fallocated */ + pgoff_t next; /* the next page offset to be fallocated */ + pgoff_t nr_falloced; /* how many new pages have been fallocated */ +@@ -824,6 +825,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) + spin_lock(&inode->i_lock); + shmem_falloc = inode->i_private; + if (shmem_falloc && ++ !shmem_falloc->mode && + index >= shmem_falloc->start && + index < shmem_falloc->next) + shmem_falloc->nr_unswapped++; +@@ -1298,6 +1300,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) + int error; + int ret = VM_FAULT_LOCKED; + ++ /* ++ * Trinity finds that probing a hole which tmpfs is punching can ++ * prevent the hole-punch from ever completing: which in turn ++ * locks writers out with its hold on i_mutex. So refrain from ++ * faulting pages into the hole while it's being punched, and ++ * wait on i_mutex to be released if vmf->flags permits, ++ */ ++ if (unlikely(inode->i_private)) { ++ struct shmem_falloc *shmem_falloc; ++ spin_lock(&inode->i_lock); ++ shmem_falloc = inode->i_private; ++ if (!shmem_falloc || ++ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE || ++ vmf->pgoff < shmem_falloc->start || ++ vmf->pgoff >= shmem_falloc->next) ++ shmem_falloc = NULL; ++ spin_unlock(&inode->i_lock); ++ /* ++ * i_lock has protected us from taking shmem_falloc seriously ++ * once return from shmem_fallocate() went back up that stack. ++ * i_lock does not serialize with i_mutex at all, but it does ++ * not matter if sometimes we wait unnecessarily, or sometimes ++ * miss out on waiting: we just need to make those cases rare. ++ */ ++ if (shmem_falloc) { ++ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) && ++ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) { ++ up_read(&vma->vm_mm->mmap_sem); ++ mutex_lock(&inode->i_mutex); ++ mutex_unlock(&inode->i_mutex); ++ return VM_FAULT_RETRY; ++ } ++ /* cond_resched? Leave that to GUP or return to user */ ++ return VM_FAULT_NOPAGE; ++ } ++ } ++ + error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret); + if (error) + return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); +@@ -1813,18 +1852,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, + + mutex_lock(&inode->i_mutex); + ++ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE; ++ + if (mode & FALLOC_FL_PUNCH_HOLE) { + struct address_space *mapping = file->f_mapping; + loff_t unmap_start = round_up(offset, PAGE_SIZE); + loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1; + ++ shmem_falloc.start = unmap_start >> PAGE_SHIFT; ++ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT; ++ spin_lock(&inode->i_lock); ++ inode->i_private = &shmem_falloc; ++ spin_unlock(&inode->i_lock); ++ + if ((u64)unmap_end > (u64)unmap_start) + unmap_mapping_range(mapping, unmap_start, + 1 + unmap_end - unmap_start, 0); + shmem_truncate_range(inode, offset, offset + len - 1); + /* No need to unmap again: hole-punching leaves COWed pages */ + error = 0; +- goto out; ++ goto undone; + } + + /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */ +@@ -2218,6 +2265,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -95890,7 +95953,7 @@ index 1f18c9d..3e03d33 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2273,6 +2278,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2273,6 +2325,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -95906,7 +95969,7 @@ index 1f18c9d..3e03d33 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2585,8 +2599,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2585,8 +2646,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -97743,7 +97806,7 @@ index 7552f9e..074ce29 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index b0ad2c7..96f6a5e 100644 +index 6afa3b4..7a14180 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -3740,8 +3740,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, @@ -99470,7 +99533,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index e21934b..16f52a6 100644 +index e21934b..3ae545c 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -99482,15 +99545,6 @@ index e21934b..16f52a6 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -259,7 +259,7 @@ int ping_init_sock(struct sock *sk) - - inet_get_ping_group_range_net(net, &low, &high); - if (gid_lte(low, group) && gid_lte(group, high)) -- return 0; -+ goto out_release_group; - - group_info = get_current_groups(); - count = group_info->ngroups; @@ -348,7 +348,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } @@ -104111,26 +104165,53 @@ index 078fe1d..fbdb363 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..edcbc3a +index 0000000..3fd3699 --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,16 @@ +@@ -0,0 +1,43 @@ +#!/bin/bash +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF +#include "gcc-common.h" +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) -+#warning $2 ++#warning $2 CXX +#else -+#warning $1 ++#warning $1 CC +#endif +EOF +) ++ ++if [ $? -ne 0 ] ++then ++ exit 1 ++fi ++ ++if [[ "$plugincc" =~ "$1 CC" ]] ++then ++ echo "$1" ++ exit 0 ++fi ++ ++if [[ "$plugincc" =~ "$2 CXX" ]] ++then ++plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++#include "gcc-common.h" ++class test { ++public: ++ int test; ++} test = { ++ .test = 1 ++}; ++EOF ++) +if [ $? -eq 0 ] +then -+ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" ) ++ echo "$2" ++ exit 0 ++fi +fi ++exit 1 diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh index 5de5660..d3deb89 100644 --- a/scripts/headers_install.sh @@ -104414,7 +104495,7 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..1776e5eb7 100644 +index beb86b5..40b1edb 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -4,6 +4,957 @@ @@ -104727,13 +104808,13 @@ index beb86b5..1776e5eb7 100644 + bool 'Use filesystem extended attributes marking' + default y if GRKERNSEC_CONFIG_AUTO + select CIFS_XATTR if CIFS ++ select F2FS_FS_XATTR if F2FS_FS + select EXT2_FS_XATTR if EXT2_FS + select EXT3_FS_XATTR if EXT3_FS + select JFFS2_FS_XATTR if JFFS2_FS + select REISERFS_FS_XATTR if REISERFS_FS + select SQUASHFS_XATTR if SQUASHFS + select TMPFS_XATTR if TMPFS -+ select UBIFS_FS_XATTR if UBIFS_FS + help + Enabling this option will allow you to control PaX features on + a per executable basis via the 'setfattr' utility. The control diff --git a/3.14.6/4425_grsec_remove_EI_PAX.patch b/3.14.8/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.6/4425_grsec_remove_EI_PAX.patch +++ b/3.14.8/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.6/4427_force_XATTR_PAX_tmpfs.patch b/3.14.8/4427_force_XATTR_PAX_tmpfs.patch index bbcef41..3db2112 100644 --- a/3.14.6/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.8/4427_force_XATTR_PAX_tmpfs.patch @@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge. diff -Naur a/mm/shmem.c b/mm/shmem.c --- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400 +++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400 -@@ -2218,11 +2218,7 @@ +@@ -2265,11 +2265,7 @@ static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2278,14 +2274,12 @@ +@@ -2325,14 +2321,12 @@ if (err) return err; diff --git a/3.14.6/4430_grsec-remove-localversion-grsec.patch b/3.14.8/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.6/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.8/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.6/4435_grsec-mute-warnings.patch b/3.14.8/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.6/4435_grsec-mute-warnings.patch +++ b/3.14.8/4435_grsec-mute-warnings.patch diff --git a/3.14.6/4440_grsec-remove-protected-paths.patch b/3.14.8/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.6/4440_grsec-remove-protected-paths.patch +++ b/3.14.8/4440_grsec-remove-protected-paths.patch diff --git a/3.14.6/4450_grsec-kconfig-default-gids.patch b/3.14.8/4450_grsec-kconfig-default-gids.patch index 19a4285..af218a8 100644 --- a/3.14.6/4450_grsec-kconfig-default-gids.patch +++ b/3.14.8/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -678,7 +678,7 @@ +@@ -680,7 +680,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -909,7 +909,7 @@ +@@ -911,7 +911,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -918,7 +918,7 @@ +@@ -920,7 +920,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -1011,7 +1011,7 @@ +@@ -1013,7 +1013,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -1032,7 +1032,7 @@ +@@ -1034,7 +1034,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -1050,7 +1050,7 @@ +@@ -1052,7 +1052,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.14.6/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.8/4465_selinux-avc_audit-log-curr_ip.patch index 2765cdc..fb528d0 100644 --- a/3.14.6/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.8/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1145,6 +1145,27 @@ +@@ -1147,6 +1147,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.14.6/4470_disable-compat_vdso.patch b/3.14.8/4470_disable-compat_vdso.patch index 677174c..677174c 100644 --- a/3.14.6/4470_disable-compat_vdso.patch +++ b/3.14.8/4470_disable-compat_vdso.patch diff --git a/3.14.6/4475_emutramp_default_on.patch b/3.14.8/4475_emutramp_default_on.patch index a453a5b..a453a5b 100644 --- a/3.14.6/4475_emutramp_default_on.patch +++ b/3.14.8/4475_emutramp_default_on.patch diff --git a/3.2.60/0000_README b/3.2.60/0000_README index daa1871..b5b1f29 100644 --- a/3.2.60/0000_README +++ b/3.2.60/0000_README @@ -158,7 +158,7 @@ Patch: 1059_linux-3.2.60.patch From: http://www.kernel.org Desc: Linux 3.2.60 -Patch: 4420_grsecurity-3.0-3.2.60-201406101410.patch +Patch: 4420_grsecurity-3.0-3.2.60-201406191345.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.60/4420_grsecurity-3.0-3.2.60-201406101410.patch b/3.2.60/4420_grsecurity-3.0-3.2.60-201406191345.patch index c00f5cd..9f3ccfb 100644 --- a/3.2.60/4420_grsecurity-3.0-3.2.60-201406101410.patch +++ b/3.2.60/4420_grsecurity-3.0-3.2.60-201406191345.patch @@ -3951,7 +3951,7 @@ index 6018c80..7c37203 100644 #endif /* _ASM_SYSTEM_H */ diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index adda036..e0f33bb 100644 +index adda036..d4f1f45 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h @@ -124,6 +124,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); @@ -3969,7 +3969,7 @@ index adda036..e0f33bb 100644 #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH) +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID) + -+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_GRSEC_SETXID) ++#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SECCOMP | _TIF_GRSEC_SETXID) /* work to do in syscall_trace_leave() */ -#define _TIF_WORK_SYSCALL_EXIT (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT) @@ -15936,7 +15936,7 @@ index d7ef849..b1b009a 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 36361bf..be257d9 100644 +index 36361bf..9efdc12 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -15960,6 +15960,15 @@ index 36361bf..be257d9 100644 #define segment_eq(a, b) ((a).seg == (b).seg) +@@ -52,7 +58,7 @@ + __chk_user_ptr(addr); \ + asm("add %3,%1 ; sbb %0,%0 ; cmp %1,%4 ; sbb $0,%0" \ + : "=&r" (flag), "=r" (roksum) \ +- : "1" (addr), "g" ((long)(size)), \ ++ : "1" (addr), "rm" ((long)(size)), \ + "rm" (current_thread_info()->addr_limit.seg)); \ + flag; \ + }) @@ -76,7 +82,35 @@ * checks that the pointer is in the user space range - after calling * this function, memory access functions may still return -EFAULT. @@ -34901,7 +34910,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index c244f0e..0fa19d6 100644 +index c244f0e..8b3452f 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -255,10 +255,8 @@ @@ -35639,7 +35648,7 @@ index c244f0e..0fa19d6 100644 } #endif -@@ -835,104 +915,130 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -835,104 +915,131 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, * from the primary pool to the secondary extraction pool. We make * sure we pull enough for a 'catastrophic reseed'. */ @@ -35733,7 +35742,6 @@ index c244f0e..0fa19d6 100644 int reserved) { - unsigned long flags; -+ int have_bytes; + int entropy_count, orig; + size_t ibytes; @@ -35756,17 +35764,10 @@ index c244f0e..0fa19d6 100644 - if (r->limit && nbytes + reserved >= entropy_count / 8) - nbytes = entropy_count/8 - reserved; + entropy_count = orig = ACCESS_ONCE(r->entropy_count); -+ have_bytes = entropy_count >> (ENTROPY_SHIFT + 3); + ibytes = nbytes; + /* If limited, never pull more than available */ -+ if (r->limit) -+ ibytes = min_t(size_t, ibytes, max(0, have_bytes - reserved)); -+ if (ibytes < min) -+ ibytes = 0; -+ if (have_bytes >= ibytes + reserved) -+ entropy_count -= ibytes << (ENTROPY_SHIFT + 3); -+ else -+ entropy_count = reserved << (ENTROPY_SHIFT + 3); ++ if (r->limit) { ++ int have_bytes = entropy_count >> (ENTROPY_SHIFT + 3); - if (entropy_count / 8 >= nbytes + reserved) { - entropy_count -= nbytes*8; @@ -35777,25 +35778,33 @@ index c244f0e..0fa19d6 100644 - if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) - goto retry; - } -+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) -+ goto retry; - +- - if (entropy_count < random_write_wakeup_thresh) { - wake_up_interruptible(&random_write_wait); - kill_fasync(&fasync, SIGIO, POLL_OUT); - } ++ if ((have_bytes -= reserved) < 0) ++ have_bytes = 0; ++ ibytes = min_t(size_t, ibytes, have_bytes); + } ++ if (ibytes < min) ++ ibytes = 0; ++ if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0) ++ entropy_count = 0; + +- DEBUG_ENT("debiting %d entropy credits from %s%s\n", +- nbytes * 8, r->name, r->limit ? "" : " (unlimited)"); ++ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) ++ goto retry; + +- spin_unlock_irqrestore(&r->lock, flags); + trace_debit_entropy(r->name, 8 * ibytes); + if (ibytes && + (r->entropy_count >> ENTROPY_SHIFT) < random_write_wakeup_bits) { + wake_up_interruptible(&random_write_wait); + kill_fasync(&fasync, SIGIO, POLL_OUT); - } ++ } -- DEBUG_ENT("debiting %d entropy credits from %s%s\n", -- nbytes * 8, r->name, r->limit ? "" : " (unlimited)"); -- -- spin_unlock_irqrestore(&r->lock, flags); -- - return nbytes; + return ibytes; } @@ -35835,7 +35844,7 @@ index c244f0e..0fa19d6 100644 spin_lock_irqsave(&r->lock, flags); for (i = 0; i < r->poolinfo->poolwords; i += 16) sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); -@@ -966,27 +1072,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) +@@ -966,27 +1073,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) hash.w[1] ^= hash.w[4]; hash.w[2] ^= rol32(hash.w[2], 16); @@ -35890,7 +35899,7 @@ index c244f0e..0fa19d6 100644 xfer_secondary_pool(r, nbytes); nbytes = account(r, nbytes, min, reserved); -@@ -994,8 +1116,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -994,8 +1117,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, extract_buf(r, tmp); if (fips_enabled) { @@ -35899,7 +35908,7 @@ index c244f0e..0fa19d6 100644 spin_lock_irqsave(&r->lock, flags); if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) panic("Hardware RNG duplicated output!\n"); -@@ -1015,12 +1135,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -1015,12 +1136,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, return ret; } @@ -35917,7 +35926,7 @@ index c244f0e..0fa19d6 100644 xfer_secondary_pool(r, nbytes); nbytes = account(r, nbytes, 0, 0); -@@ -1036,7 +1161,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1036,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -35926,7 +35935,7 @@ index c244f0e..0fa19d6 100644 ret = -EFAULT; break; } -@@ -1055,11 +1180,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1055,11 +1181,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, /* * This function is the exported kernel interface. It returns some * number of good random numbers, suitable for key generation, seeding @@ -35949,7 +35958,7 @@ index c244f0e..0fa19d6 100644 extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0); } EXPORT_SYMBOL(get_random_bytes); -@@ -1078,6 +1212,7 @@ void get_random_bytes_arch(void *buf, int nbytes) +@@ -1078,6 +1213,7 @@ void get_random_bytes_arch(void *buf, int nbytes) { char *p = buf; @@ -35957,7 +35966,7 @@ index c244f0e..0fa19d6 100644 while (nbytes) { unsigned long v; int chunk = min(nbytes, (int)sizeof(unsigned long)); -@@ -1111,12 +1246,11 @@ static void init_std_data(struct entropy_store *r) +@@ -1111,12 +1247,11 @@ static void init_std_data(struct entropy_store *r) ktime_t now = ktime_get_real(); unsigned long rv; @@ -35973,7 +35982,7 @@ index c244f0e..0fa19d6 100644 mix_pool_bytes(r, &rv, sizeof(rv), NULL); } mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL); -@@ -1139,25 +1273,7 @@ static int rand_initialize(void) +@@ -1139,25 +1274,7 @@ static int rand_initialize(void) init_std_data(&nonblocking_pool); return 0; } @@ -36000,7 +36009,7 @@ index c244f0e..0fa19d6 100644 #ifdef CONFIG_BLOCK void rand_initialize_disk(struct gendisk *disk) -@@ -1169,71 +1285,59 @@ void rand_initialize_disk(struct gendisk *disk) +@@ -1169,71 +1286,59 @@ void rand_initialize_disk(struct gendisk *disk) * source. */ state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL); @@ -36108,7 +36117,7 @@ index c244f0e..0fa19d6 100644 } static unsigned int -@@ -1244,9 +1348,9 @@ random_poll(struct file *file, poll_table * wait) +@@ -1244,9 +1349,9 @@ random_poll(struct file *file, poll_table * wait) poll_wait(file, &random_read_wait, wait); poll_wait(file, &random_write_wait, wait); mask = 0; @@ -36120,7 +36129,7 @@ index c244f0e..0fa19d6 100644 mask |= POLLOUT | POLLWRNORM; return mask; } -@@ -1297,7 +1401,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) +@@ -1297,7 +1402,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) switch (cmd) { case RNDGETENTCNT: /* inherently racy, no point locking */ @@ -36130,7 +36139,7 @@ index c244f0e..0fa19d6 100644 return -EFAULT; return 0; case RNDADDTOENTCNT: -@@ -1305,7 +1410,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) +@@ -1305,7 +1411,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) return -EPERM; if (get_user(ent_count, p)) return -EFAULT; @@ -36139,7 +36148,7 @@ index c244f0e..0fa19d6 100644 return 0; case RNDADDENTROPY: if (!capable(CAP_SYS_ADMIN)) -@@ -1320,14 +1425,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) +@@ -1320,14 +1426,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) size); if (retval < 0) return retval; @@ -36162,7 +36171,7 @@ index c244f0e..0fa19d6 100644 return 0; default: return -EINVAL; -@@ -1387,23 +1497,23 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1387,23 +1498,23 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -36193,7 +36202,7 @@ index c244f0e..0fa19d6 100644 unsigned char buf[64], tmp_uuid[16], *uuid; uuid = table->data; -@@ -1427,8 +1537,26 @@ static int proc_do_uuid(ctl_table *table, int write, +@@ -1427,8 +1538,26 @@ static int proc_do_uuid(ctl_table *table, int write, return proc_dostring(&fake_table, write, buffer, lenp, ppos); } @@ -36221,7 +36230,7 @@ index c244f0e..0fa19d6 100644 { .procname = "poolsize", .data = &sysctl_poolsize, -@@ -1440,12 +1568,12 @@ ctl_table random_table[] = { +@@ -1440,12 +1569,12 @@ ctl_table random_table[] = { .procname = "entropy_avail", .maxlen = sizeof(int), .mode = 0444, @@ -36236,7 +36245,7 @@ index c244f0e..0fa19d6 100644 .maxlen = sizeof(int), .mode = 0644, .proc_handler = proc_dointvec_minmax, -@@ -1454,7 +1582,7 @@ ctl_table random_table[] = { +@@ -1454,7 +1583,7 @@ ctl_table random_table[] = { }, { .procname = "write_wakeup_threshold", @@ -36245,7 +36254,7 @@ index c244f0e..0fa19d6 100644 .maxlen = sizeof(int), .mode = 0644, .proc_handler = proc_dointvec_minmax, -@@ -1462,6 +1590,13 @@ ctl_table random_table[] = { +@@ -1462,6 +1591,13 @@ ctl_table random_table[] = { .extra2 = &max_write_thresh, }, { @@ -36259,7 +36268,7 @@ index c244f0e..0fa19d6 100644 .procname = "boot_id", .data = &sysctl_bootid, .maxlen = 16, -@@ -1492,7 +1627,7 @@ int random_int_secret_init(void) +@@ -1492,7 +1628,7 @@ int random_int_secret_init(void) * value is not cryptographically secure but for several uses the cost of * depleting entropy is too high */ @@ -36268,7 +36277,7 @@ index c244f0e..0fa19d6 100644 unsigned int get_random_int(void) { __u32 *hash; -@@ -1510,6 +1645,7 @@ unsigned int get_random_int(void) +@@ -1510,6 +1646,7 @@ unsigned int get_random_int(void) return ret; } @@ -42173,10 +42182,33 @@ index 6d05e26..a579e8c 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 7c963c4..1204886 100644 +index 7c963c4..8d07287e 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1618,19 +1618,19 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1364,6 +1364,10 @@ static int grow_one_stripe(struct r5conf *conf) + return 1; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t raid5_cache_id = ATOMIC_INIT(0); ++#endif ++ + static int grow_stripes(struct r5conf *conf, int num) + { + struct kmem_cache *sc; +@@ -1374,7 +1378,11 @@ static int grow_stripes(struct r5conf *conf, int num) + "raid%d-%s", conf->level, mdname(conf->mddev)); + else + sprintf(conf->cache_name[0], ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ "raid%d-%08lx", conf->level, atomic_inc_return_unchecked(&raid5_cache_id)); ++#else + "raid%d-%p", conf->level, conf->mddev); ++#endif + sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]); + + conf->active_name = 0; +@@ -1618,19 +1626,19 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -42200,7 +42232,7 @@ index 7c963c4..1204886 100644 if (conf->mddev->degraded >= conf->max_degraded) printk_ratelimited( KERN_WARNING -@@ -1650,7 +1650,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1650,7 +1658,7 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdn); @@ -58189,6 +58221,27 @@ index 22764c7..86372c9 100644 if (arg >= rlimit(RLIMIT_NOFILE)) break; err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0); +diff --git a/fs/fhandle.c b/fs/fhandle.c +index 6b08864..4b42b2d 100644 +--- a/fs/fhandle.c ++++ b/fs/fhandle.c +@@ -8,6 +8,7 @@ + #include <linux/fs_struct.h> + #include <linux/fsnotify.h> + #include <linux/personality.h> ++#include <linux/grsecurity.h> + #include <asm/uaccess.h> + #include "internal.h" + +@@ -176,7 +177,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, + * the directory. Ideally we would like CAP_DAC_SEARCH. + * But we don't have that + */ +- if (!capable(CAP_DAC_READ_SEARCH)) { ++ if (!capable(CAP_DAC_READ_SEARCH) || !gr_chroot_fhandle()) { + retval = -EPERM; + goto out_err; + } diff --git a/fs/fifo.c b/fs/fifo.c index cf6f434..3d7942c 100644 --- a/fs/fifo.c @@ -64823,10 +64876,10 @@ index 8a89949..6776861 100644 xfs_init_zones(void) diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..ddeec00 +index 0000000..155d9f5 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1160 @@ +@@ -0,0 +1,1162 @@ +# +# grecurity configuration +# @@ -65374,14 +65427,16 @@ index 0000000..ddeec00 + created. + +config GRKERNSEC_CHROOT_FCHDIR -+ bool "Deny fchdir out of chroot" ++ bool "Deny fchdir and fhandle out of chroot" + default y if GRKERNSEC_CONFIG_AUTO + depends on GRKERNSEC_CHROOT + help + If you say Y here, a well-known method of breaking chroots by fchdir'ing + to a file descriptor of the chrooting process that points to a directory -+ outside the filesystem will be stopped. If the sysctl option -+ is enabled, a sysctl option with name "chroot_deny_fchdir" is created. ++ outside the filesystem will be stopped. Additionally, this option prevents ++ use of the recently-created syscall for opening files by a guessable "file ++ handle" inside a chroot. If the sysctl option is enabled, a sysctl option ++ with name "chroot_deny_fchdir" is created. + +config GRKERNSEC_CHROOT_MKNOD + bool "Deny mknod" @@ -72671,10 +72726,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..12eb2bd +index 0000000..60b786f --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,353 @@ +@@ -0,0 +1,370 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -72849,6 +72904,23 @@ index 0000000..12eb2bd +} + +int ++gr_chroot_fhandle(void) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR ++ if (!grsec_enable_chroot_fchdir) ++ return 1; ++ ++ if (!proc_is_chrooted(current)) ++ return 1; ++ else { ++ gr_log_noargs(GR_DONT_AUDIT, GR_CHROOT_FHANDLE_MSG); ++ return 0; ++ } ++#endif ++ return 1; ++} ++ ++int +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, + const time_t shm_createtime) +{ @@ -78952,10 +79024,10 @@ index 0000000..7dc4203 +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..ba93581 +index 0000000..b02ba9d --- /dev/null +++ b/include/linux/grmsg.h -@@ -0,0 +1,116 @@ +@@ -0,0 +1,117 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -79002,6 +79074,7 @@ index 0000000..ba93581 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " ++#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by " +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by " +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by " @@ -79074,10 +79147,10 @@ index 0000000..ba93581 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..053a2fa +index 0000000..2a0fe35 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,227 @@ +@@ -0,0 +1,228 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -79121,6 +79194,7 @@ index 0000000..053a2fa +int gr_handle_chroot_setpriority(struct task_struct *p, + const int niceval); +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); ++int gr_chroot_fhandle(void); +int gr_handle_chroot_chroot(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_handle_chroot_chdir(struct path *path); @@ -106609,7 +106683,7 @@ index 3626666..4d873cd 100644 + +clean-files := randstruct.seed diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index d2b366c..2d5a6f8 100644 +index d2b366c1..2d5a6f8 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -109,7 +109,7 @@ endif @@ -106797,26 +106871,53 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..edcbc3a +index 0000000..3fd3699 --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,16 @@ +@@ -0,0 +1,43 @@ +#!/bin/bash +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF +#include "gcc-common.h" +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) -+#warning $2 ++#warning $2 CXX +#else -+#warning $1 ++#warning $1 CC +#endif +EOF +) ++ ++if [ $? -ne 0 ] ++then ++ exit 1 ++fi ++ ++if [[ "$plugincc" =~ "$1 CC" ]] ++then ++ echo "$1" ++ exit 0 ++fi ++ ++if [[ "$plugincc" =~ "$2 CXX" ]] ++then ++plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++#include "gcc-common.h" ++class test { ++public: ++ int test; ++} test = { ++ .test = 1 ++}; ++EOF ++) +if [ $? -eq 0 ] +then -+ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" ) ++ echo "$2" ++ exit 0 ++fi +fi ++exit 1 diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl index 48462be..3e08f94 100644 --- a/scripts/headers_install.pl diff --git a/3.2.60/4450_grsec-kconfig-default-gids.patch b/3.2.60/4450_grsec-kconfig-default-gids.patch index f3f6f14..e3c7c72 100644 --- a/3.2.60/4450_grsec-kconfig-default-gids.patch +++ b/3.2.60/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -664,7 +664,7 @@ +@@ -666,7 +666,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -895,7 +895,7 @@ +@@ -897,7 +897,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -904,7 +904,7 @@ +@@ -906,7 +906,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -997,7 +997,7 @@ +@@ -999,7 +999,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -1018,7 +1018,7 @@ +@@ -1020,7 +1020,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -1036,7 +1036,7 @@ +@@ -1038,7 +1038,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch index e10ec6d..035fe2d 100644 --- a/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.60/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1131,6 +1131,27 @@ +@@ -1133,6 +1133,27 @@ menu "Logging Options" depends on GRKERNSEC |