diff options
| -rw-r--r-- | 3.10.7/0000_README | 2 | ||||
| -rw-r--r-- | 3.10.7/4420_grsecurity-2.9.1-3.10.7-201308182203.patch (renamed from 3.10.7/4420_grsecurity-2.9.1-3.10.7-201308171249.patch) | 308 | ||||
| -rw-r--r-- | 3.10.7/4427_force_XATTR_PAX_tmpfs.patch | 4 | ||||
| -rw-r--r-- | 3.10.7/4440_grsec-remove-protected-paths.patch | 2 | ||||
| -rw-r--r-- | 3.10.7/4450_grsec-kconfig-default-gids.patch | 12 | ||||
| -rw-r--r-- | 3.10.7/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 3.10.7/4470_disable-compat_vdso.patch | 2 | ||||
| -rw-r--r-- | 3.10.7/4475_emutramp_default_on.patch | 2 | ||||
| -rw-r--r-- | 3.2.50/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.50/4420_grsecurity-2.9.1-3.2.50-201308181813.patch (renamed from 3.2.50/4420_grsecurity-2.9.1-3.2.50-201308171247.patch) | 80 | ||||
| -rw-r--r-- | 3.2.50/4440_grsec-remove-protected-paths.patch | 2 | ||||
| -rw-r--r-- | 3.2.50/4450_grsec-kconfig-default-gids.patch | 12 | ||||
| -rw-r--r-- | 3.2.50/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 3.2.50/4475_emutramp_default_on.patch | 2 |
14 files changed, 280 insertions, 154 deletions
diff --git a/3.10.7/0000_README b/3.10.7/0000_README index a11d231..9ec844e 100644 --- a/3.10.7/0000_README +++ b/3.10.7/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.10.7-201308171249.patch +Patch: 4420_grsecurity-2.9.1-3.10.7-201308182203.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308171249.patch b/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308182203.patch index 9a72c3e..18163ce 100644 --- a/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308171249.patch +++ b/3.10.7/4420_grsecurity-2.9.1-3.10.7-201308182203.patch @@ -16960,31 +16960,31 @@ index a1df6e8..e002940 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h -index 50a7fc0..d00c622 100644 +index 50a7fc0..7c437a7 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h -@@ -17,18 +17,39 @@ +@@ -17,18 +17,40 @@ static inline void __native_flush_tlb(void) { -- native_write_cr3(native_read_cr3()); ++ if (static_cpu_has(X86_FEATURE_INVPCID)) { ++ unsigned long descriptor[2]; ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory"); ++ return; ++ } + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + if (static_cpu_has(X86_FEATURE_PCID)) { + unsigned int cpu = raw_get_cpu(); + -+ if (static_cpu_has(X86_FEATURE_INVPCID)) { -+ unsigned long descriptor[2]; -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory"); -+ } else { -+ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); -+ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); -+ } ++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); ++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); + raw_put_cpu_no_resched(); -+ } else ++ return; ++ } +#endif + -+ native_write_cr3(native_read_cr3()); + native_write_cr3(native_read_cr3()); } static inline void __native_flush_tlb_global_irq_disabled(void) @@ -17010,41 +17010,49 @@ index 50a7fc0..d00c622 100644 } static inline void __native_flush_tlb_global(void) -@@ -49,7 +70,33 @@ static inline void __native_flush_tlb_global(void) +@@ -49,6 +71,42 @@ static inline void __native_flush_tlb_global(void) static inline void __native_flush_tlb_single(unsigned long addr) { -- asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); + -+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ if (static_cpu_has(X86_FEATURE_PCID) && addr < TASK_SIZE_MAX) { -+ unsigned int cpu = raw_get_cpu(); ++ if (static_cpu_has(X86_FEATURE_INVPCID)) { ++ unsigned long descriptor[2]; + -+ if (static_cpu_has(X86_FEATURE_INVPCID)) { -+ unsigned long descriptor[2]; -+ descriptor[0] = PCID_USER; -+ descriptor[1] = addr; ++ descriptor[0] = PCID_KERNEL; ++ descriptor[1] = addr; ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) { ++ if (addr < TASK_SIZE_MAX) ++ descriptor[1] += pax_user_shadow_base; + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory"); -+ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) { -+ descriptor[0] = PCID_KERNEL; -+ descriptor[1] = addr + pax_user_shadow_base; -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory"); -+ } -+ } else { -+ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); -+ asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); -+ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); -+ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) -+ asm volatile("invlpg (%0)" ::"r" (addr + pax_user_shadow_base) : "memory"); + } -+ raw_put_cpu_no_resched(); -+ } else ++ ++ descriptor[0] = PCID_USER; ++ descriptor[1] = addr; +#endif + ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory"); ++ return; ++ } ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (static_cpu_has(X86_FEATURE_PCID)) { ++ unsigned int cpu = raw_get_cpu(); ++ ++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); + asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); ++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); ++ raw_put_cpu_no_resched(); ++ ++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) && addr < TASK_SIZE_MAX) ++ addr += pax_user_shadow_base; ++ } ++#endif ++ + asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); } - static inline void __flush_tlb_all(void) diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h index 5ee2687..74590b9 100644 --- a/arch/x86/include/asm/uaccess.h @@ -18604,7 +18612,7 @@ index 5013a48..0782c53 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 22018f7..a5883af 100644 +index 22018f7..2ae0e75 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -18668,48 +18676,61 @@ index 22018f7..a5883af 100644 static int __init x86_xsave_setup(char *s) { setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -288,6 +234,40 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) +@@ -288,6 +234,53 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) set_in_cr4(X86_CR4_SMAP); } -+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++#ifdef CONFIG_X86_64 +static __init int setup_disable_pcid(char *arg) +{ + setup_clear_cpu_cap(X86_FEATURE_PCID); ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF + if (clone_pgd_mask != ~(pgdval_t)0UL) + pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; ++#endif ++ + return 1; +} +__setup("nopcid", setup_disable_pcid); + +static void setup_pcid(struct cpuinfo_x86 *c) +{ -+ if (cpu_has(c, X86_FEATURE_PCID)) -+ printk("PAX: PCID detected\n"); ++ if (!cpu_has(c, X86_FEATURE_PCID)) { ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (clone_pgd_mask != ~(pgdval_t)0UL) { ++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; ++ printk("PAX: slow and weak UDEREF enabled\n"); ++ } else ++ printk("PAX: UDEREF disabled\n"); ++#endif ++ ++ return; ++ } ++ ++ printk("PAX: PCID detected\n"); ++ set_in_cr4(X86_CR4_PCIDE); ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ clone_pgd_mask = ~(pgdval_t)0UL; ++ if (pax_user_shadow_base) ++ printk("PAX: weak UDEREF enabled\n"); ++ else { ++ set_cpu_cap(c, X86_FEATURE_STRONGUDEREF); ++ printk("PAX: strong UDEREF enabled\n"); ++ } ++#endif + + if (cpu_has(c, X86_FEATURE_INVPCID)) + printk("PAX: INVPCID detected\n"); -+ -+ if (cpu_has(c, X86_FEATURE_PCID)) { -+ set_in_cr4(X86_CR4_PCIDE); -+ clone_pgd_mask = ~(pgdval_t)0UL; -+ if (pax_user_shadow_base) -+ printk("PAX: weak UDEREF enabled\n"); -+ else { -+ set_cpu_cap(c, X86_FEATURE_STRONGUDEREF); -+ printk("PAX: strong UDEREF enabled\n"); -+ } -+ } else if (pax_user_shadow_base) -+ printk("PAX: slow and weak UDEREF enabled\n"); -+ else -+ printk("PAX: UDEREF disabled\n"); +} +#endif + /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization -@@ -386,7 +366,7 @@ void switch_to_new_gdt(int cpu) +@@ -386,7 +379,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -18718,18 +18739,18 @@ index 22018f7..a5883af 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -874,6 +854,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -874,6 +867,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); -+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++#ifdef CONFIG_X86_64 + setup_pcid(c); +#endif + /* * The vendor-specific functions might have changed features. * Now we do "generic changes." -@@ -882,6 +866,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -882,6 +879,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -18740,7 +18761,7 @@ index 22018f7..a5883af 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1069,10 +1057,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1069,10 +1070,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -18755,7 +18776,7 @@ index 22018f7..a5883af 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE); -@@ -1086,7 +1076,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1086,7 +1089,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -18764,7 +18785,7 @@ index 22018f7..a5883af 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1231,7 +1221,7 @@ void __cpuinit cpu_init(void) +@@ -1231,7 +1234,7 @@ void __cpuinit cpu_init(void) load_ucode_ap(); cpu = stack_smp_processor_id(); @@ -18773,7 +18794,7 @@ index 22018f7..a5883af 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1257,7 +1247,7 @@ void __cpuinit cpu_init(void) +@@ -1257,7 +1260,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -18782,7 +18803,7 @@ index 22018f7..a5883af 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1266,7 +1256,6 @@ void __cpuinit cpu_init(void) +@@ -1266,7 +1269,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -18790,7 +18811,7 @@ index 22018f7..a5883af 100644 enable_x2apic(); /* -@@ -1318,7 +1307,7 @@ void __cpuinit cpu_init(void) +@@ -1318,7 +1320,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -20461,7 +20482,7 @@ index 8f3e2de..6b71e39 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 7272089..833fdf8 100644 +index 7272089..ee191c7 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -20548,7 +20569,7 @@ index 7272089..833fdf8 100644 #endif -@@ -284,6 +293,427 @@ ENTRY(native_usergs_sysret64) +@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -20738,10 +20759,11 @@ index 7272089..833fdf8 100644 + .popsection + GET_CR3_INTO_RDI + cmp $1,%dil -+ jnz 3f ++ jnz 4f + sub $4097,%rdi + bts $63,%rdi -+ jmp 2f ++ SET_RDI_INTO_CR3 ++ jmp 3f +111: + + GET_CR3_INTO_RDI @@ -20772,13 +20794,15 @@ index 7272089..833fdf8 100644 + i = i + 1 + .endr + ++2: SET_RDI_INTO_CR3 ++ +#ifdef CONFIG_PAX_KERNEXEC + GET_CR0_INTO_RDI + bts $16,%rdi + SET_RDI_INTO_CR0 +#endif + -+2: SET_RDI_INTO_CR3 ++3: + +#ifdef CONFIG_PARAVIRT + PV_RESTORE_REGS(CLBR_RDI) @@ -20788,7 +20812,7 @@ index 7272089..833fdf8 100644 + popq %rdi + pax_force_retaddr + retq -+3: ud2 ++4: ud2 +ENDPROC(pax_enter_kernel_user) + +ENTRY(pax_exit_kernel_user) @@ -20976,7 +21000,7 @@ index 7272089..833fdf8 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -375,8 +805,8 @@ ENDPROC(native_usergs_sysret64) +@@ -375,8 +808,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -20987,7 +21011,7 @@ index 7272089..833fdf8 100644 .endm /* -@@ -463,7 +893,7 @@ ENDPROC(native_usergs_sysret64) +@@ -463,7 +896,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -20996,7 +21020,7 @@ index 7272089..833fdf8 100644 je 1f SWAPGS /* -@@ -498,9 +928,10 @@ ENTRY(save_rest) +@@ -498,9 +931,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -21008,7 +21032,7 @@ index 7272089..833fdf8 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -529,9 +960,10 @@ ENTRY(save_paranoid) +@@ -529,9 +963,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -21021,7 +21045,7 @@ index 7272089..833fdf8 100644 .popsection /* -@@ -553,7 +985,7 @@ ENTRY(ret_from_fork) +@@ -553,7 +988,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -21030,7 +21054,7 @@ index 7272089..833fdf8 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -571,7 +1003,7 @@ ENTRY(ret_from_fork) +@@ -571,7 +1006,7 @@ ENTRY(ret_from_fork) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -21039,7 +21063,7 @@ index 7272089..833fdf8 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -608,7 +1040,7 @@ END(ret_from_fork) +@@ -608,7 +1043,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -21048,7 +21072,7 @@ index 7272089..833fdf8 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -621,16 +1053,23 @@ GLOBAL(system_call_after_swapgs) +@@ -621,16 +1056,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -21074,7 +21098,7 @@ index 7272089..833fdf8 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -640,7 +1079,7 @@ system_call_fastpath: +@@ -640,7 +1082,7 @@ system_call_fastpath: cmpl $__NR_syscall_max,%eax #endif ja badsys @@ -21083,7 +21107,7 @@ index 7272089..833fdf8 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -654,10 +1093,13 @@ sysret_check: +@@ -654,10 +1096,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -21098,7 +21122,7 @@ index 7272089..833fdf8 100644 /* * sysretq will re-enable interrupts: */ -@@ -709,14 +1151,18 @@ badsys: +@@ -709,14 +1154,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -21118,7 +21142,7 @@ index 7272089..833fdf8 100644 jmp system_call_fastpath /* -@@ -737,7 +1183,7 @@ sysret_audit: +@@ -737,7 +1186,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -21127,7 +21151,7 @@ index 7272089..833fdf8 100644 jz auditsys #endif SAVE_REST -@@ -745,12 +1191,16 @@ tracesys: +@@ -745,12 +1194,16 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -21144,7 +21168,7 @@ index 7272089..833fdf8 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -759,7 +1209,7 @@ tracesys: +@@ -759,7 +1212,7 @@ tracesys: cmpl $__NR_syscall_max,%eax #endif ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ @@ -21153,7 +21177,7 @@ index 7272089..833fdf8 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -780,7 +1230,9 @@ GLOBAL(int_with_check) +@@ -780,7 +1233,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -21164,7 +21188,7 @@ index 7272089..833fdf8 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -826,7 +1278,7 @@ int_restore_rest: +@@ -826,7 +1281,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -21173,7 +21197,7 @@ index 7272089..833fdf8 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -839,9 +1291,10 @@ ENTRY(stub_\func) +@@ -839,9 +1294,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -21185,7 +21209,7 @@ index 7272089..833fdf8 100644 .endm .macro FIXED_FRAME label,func -@@ -851,9 +1304,10 @@ ENTRY(\label) +@@ -851,9 +1307,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -21197,7 +21221,7 @@ index 7272089..833fdf8 100644 .endm FORK_LIKE clone -@@ -870,9 +1324,10 @@ ENTRY(ptregscall_common) +@@ -870,9 +1327,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -21209,7 +21233,7 @@ index 7272089..833fdf8 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -885,7 +1340,7 @@ ENTRY(stub_execve) +@@ -885,7 +1343,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -21218,7 +21242,7 @@ index 7272089..833fdf8 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -902,7 +1357,7 @@ ENTRY(stub_rt_sigreturn) +@@ -902,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -21227,7 +21251,7 @@ index 7272089..833fdf8 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -916,7 +1371,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -916,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -21236,7 +21260,7 @@ index 7272089..833fdf8 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -930,7 +1385,7 @@ ENTRY(stub_x32_execve) +@@ -930,7 +1388,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -21245,7 +21269,7 @@ index 7272089..833fdf8 100644 #endif -@@ -967,7 +1422,7 @@ vector=vector+1 +@@ -967,7 +1425,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -21254,7 +21278,7 @@ index 7272089..833fdf8 100644 .previous END(interrupt) -@@ -987,6 +1442,16 @@ END(interrupt) +@@ -987,6 +1445,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -21271,7 +21295,7 @@ index 7272089..833fdf8 100644 call \func .endm -@@ -1019,7 +1484,7 @@ ret_from_intr: +@@ -1019,7 +1487,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -21280,7 +21304,7 @@ index 7272089..833fdf8 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1041,12 +1506,16 @@ retint_swapgs: /* return to user-space */ +@@ -1041,12 +1509,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -21297,7 +21321,7 @@ index 7272089..833fdf8 100644 /* * The iretq could re-enable interrupts: */ -@@ -1129,7 +1598,7 @@ ENTRY(retint_kernel) +@@ -1129,7 +1601,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -21306,7 +21330,7 @@ index 7272089..833fdf8 100644 /* * End of kprobes section */ -@@ -1147,7 +1616,7 @@ ENTRY(\sym) +@@ -1147,7 +1619,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -21315,7 +21339,7 @@ index 7272089..833fdf8 100644 .endm #ifdef CONFIG_SMP -@@ -1208,12 +1677,22 @@ ENTRY(\sym) +@@ -1208,12 +1680,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -21339,7 +21363,7 @@ index 7272089..833fdf8 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1226,15 +1705,25 @@ ENTRY(\sym) +@@ -1226,15 +1708,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -21367,7 +21391,7 @@ index 7272089..833fdf8 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1245,14 +1734,30 @@ ENTRY(\sym) +@@ -1245,14 +1737,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -21399,7 +21423,7 @@ index 7272089..833fdf8 100644 .endm .macro errorentry sym do_sym -@@ -1264,13 +1769,23 @@ ENTRY(\sym) +@@ -1264,13 +1772,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -21424,7 +21448,7 @@ index 7272089..833fdf8 100644 .endm /* error code is on the stack already */ -@@ -1284,13 +1799,23 @@ ENTRY(\sym) +@@ -1284,13 +1802,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -21449,7 +21473,7 @@ index 7272089..833fdf8 100644 .endm zeroentry divide_error do_divide_error -@@ -1320,9 +1845,10 @@ gs_change: +@@ -1320,9 +1848,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -21461,7 +21485,7 @@ index 7272089..833fdf8 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1350,9 +1876,10 @@ ENTRY(call_softirq) +@@ -1350,9 +1879,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -21473,7 +21497,7 @@ index 7272089..833fdf8 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1390,7 +1917,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1390,7 +1920,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -21482,7 +21506,7 @@ index 7272089..833fdf8 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1449,7 +1976,7 @@ ENTRY(xen_failsafe_callback) +@@ -1449,7 +1979,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -21491,7 +21515,7 @@ index 7272089..833fdf8 100644 apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1501,18 +2028,33 @@ ENTRY(paranoid_exit) +@@ -1501,18 +2031,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -21527,7 +21551,7 @@ index 7272089..833fdf8 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1541,7 +2083,7 @@ paranoid_schedule: +@@ -1541,7 +2086,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -21536,7 +21560,7 @@ index 7272089..833fdf8 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1568,12 +2110,13 @@ ENTRY(error_entry) +@@ -1568,12 +2113,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -21551,7 +21575,7 @@ index 7272089..833fdf8 100644 ret /* -@@ -1600,7 +2143,7 @@ bstep_iret: +@@ -1600,7 +2146,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -21560,7 +21584,7 @@ index 7272089..833fdf8 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1611,7 +2154,7 @@ ENTRY(error_exit) +@@ -1611,7 +2157,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -21569,7 +21593,7 @@ index 7272089..833fdf8 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1620,7 +2163,7 @@ ENTRY(error_exit) +@@ -1620,7 +2166,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -21578,7 +21602,7 @@ index 7272089..833fdf8 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1678,9 +2221,11 @@ ENTRY(nmi) +@@ -1678,9 +2224,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -21591,7 +21615,7 @@ index 7272089..833fdf8 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1714,8 +2259,7 @@ nested_nmi: +@@ -1714,8 +2262,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -21601,7 +21625,7 @@ index 7272089..833fdf8 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1733,6 +2277,7 @@ nested_nmi_out: +@@ -1733,6 +2280,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -21609,7 +21633,7 @@ index 7272089..833fdf8 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1849,6 +2394,8 @@ end_repeat_nmi: +@@ -1849,6 +2397,8 @@ end_repeat_nmi: */ movq %cr2, %r12 @@ -21618,7 +21642,7 @@ index 7272089..833fdf8 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1861,26 +2408,31 @@ end_repeat_nmi: +@@ -1861,26 +2411,31 @@ end_repeat_nmi: movq %r12, %cr2 1: @@ -51934,6 +51958,28 @@ index f02d82b..2632cf86 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; +diff --git a/fs/ceph/super.c b/fs/ceph/super.c +index 7d377c9..3fb6559 100644 +--- a/fs/ceph/super.c ++++ b/fs/ceph/super.c +@@ -839,7 +839,7 @@ static int ceph_compare_super(struct super_block *sb, void *data) + /* + * construct our own bdi so we can control readahead, etc. + */ +-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); ++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); + + static int ceph_register_bdi(struct super_block *sb, + struct ceph_fs_client *fsc) +@@ -856,7 +856,7 @@ static int ceph_register_bdi(struct super_block *sb, + default_backing_dev_info.ra_pages; + + err = bdi_register(&fsc->backing_dev_info, NULL, "ceph-%ld", +- atomic_long_inc_return(&bdi_seq)); ++ atomic_long_inc_return_unchecked(&bdi_seq)); + if (!err) + sb->s_bdi = &fsc->backing_dev_info; + return err; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index d597483..747901b 100644 --- a/fs/cifs/cifs_debug.c @@ -80739,7 +80785,7 @@ index 42670e9..8719c2f 100644 .clock_get = thread_cpu_clock_get, .timer_create = thread_cpu_timer_create, diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c -index 424c2d4..a9194f7 100644 +index 424c2d4..679242f 100644 --- a/kernel/posix-timers.c +++ b/kernel/posix-timers.c @@ -43,6 +43,7 @@ @@ -80831,6 +80877,15 @@ index 424c2d4..a9194f7 100644 } static int common_timer_create(struct k_itimer *new_timer) +@@ -597,7 +598,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock, + struct k_clock *kc = clockid_to_kclock(which_clock); + struct k_itimer *new_timer; + int error, new_timer_id; +- sigevent_t event; ++ sigevent_t event = { }; + int it_id_set = IT_ID_NOT_SET; + + if (!kc) @@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; @@ -84318,9 +84373,18 @@ index e742d06..c56fdd8 100644 config NOMMU_INITIAL_TRIM_EXCESS diff --git a/mm/backing-dev.c b/mm/backing-dev.c -index 5025174..9fc1c5c 100644 +index 5025174..9d67dcd 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c +@@ -12,7 +12,7 @@ + #include <linux/device.h> + #include <trace/events/writeback.h> + +-static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); ++static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); + + struct backing_dev_info default_backing_dev_info = { + .name = "default", @@ -515,7 +515,6 @@ EXPORT_SYMBOL(bdi_destroy); int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, unsigned int cap) @@ -84335,7 +84399,7 @@ index 5025174..9fc1c5c 100644 - sprintf(tmp, "%.28s%s", name, "-%d"); - err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq)); -+ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq)); ++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return_unchecked(&bdi_seq)); if (err) { bdi_destroy(bdi); return err; diff --git a/3.10.7/4427_force_XATTR_PAX_tmpfs.patch b/3.10.7/4427_force_XATTR_PAX_tmpfs.patch index e2a9551..3090b07 100644 --- a/3.10.7/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.10.7/4427_force_XATTR_PAX_tmpfs.patch @@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge. diff -Naur a/mm/shmem.c b/mm/shmem.c --- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400 +++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400 -@@ -2201,11 +2201,7 @@ +@@ -2203,11 +2203,7 @@ static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2261,14 +2257,12 @@ +@@ -2263,14 +2259,12 @@ if (err) return err; diff --git a/3.10.7/4440_grsec-remove-protected-paths.patch b/3.10.7/4440_grsec-remove-protected-paths.patch index 637934a..e2c2dc9 100644 --- a/3.10.7/4440_grsec-remove-protected-paths.patch +++ b/3.10.7/4440_grsec-remove-protected-paths.patch @@ -6,7 +6,7 @@ the filesystem. diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile --- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400 +++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400 -@@ -29,10 +29,4 @@ +@@ -33,10 +33,4 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y := grsec_hidesym.o $(obj)/grsec_hidesym.o: diff --git a/3.10.7/4450_grsec-kconfig-default-gids.patch b/3.10.7/4450_grsec-kconfig-default-gids.patch index f144c0e..7a1010d 100644 --- a/3.10.7/4450_grsec-kconfig-default-gids.patch +++ b/3.10.7/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -610,7 +610,7 @@ +@@ -611,7 +611,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -830,7 +830,7 @@ +@@ -820,7 +820,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -839,7 +839,7 @@ +@@ -829,7 +829,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -932,7 +932,7 @@ +@@ -922,7 +922,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -953,7 +953,7 @@ +@@ -943,7 +943,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -971,7 +971,7 @@ +@@ -961,7 +961,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch b/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch index b0786d4..042c034 100644 --- a/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.10.7/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1030,6 +1030,27 @@ +@@ -1020,6 +1020,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.10.7/4470_disable-compat_vdso.patch b/3.10.7/4470_disable-compat_vdso.patch index 424d91f..a2d6ed9 100644 --- a/3.10.7/4470_disable-compat_vdso.patch +++ b/3.10.7/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1786,17 +1786,8 @@ +@@ -1783,17 +1783,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.10.7/4475_emutramp_default_on.patch b/3.10.7/4475_emutramp_default_on.patch index 27bfc2d..cfde6f8 100644 --- a/3.10.7/4475_emutramp_default_on.patch +++ b/3.10.7/4475_emutramp_default_on.patch @@ -10,7 +10,7 @@ See bug: diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig --- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400 +++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400 -@@ -429,7 +429,7 @@ +@@ -427,7 +427,7 @@ config PAX_EMUTRAMP bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) diff --git a/3.2.50/0000_README b/3.2.50/0000_README index 574e6bc..df20efb 100644 --- a/3.2.50/0000_README +++ b/3.2.50/0000_README @@ -118,7 +118,7 @@ Patch: 1049_linux-3.2.50.patch From: http://www.kernel.org Desc: Linux 3.2.50 -Patch: 4420_grsecurity-2.9.1-3.2.50-201308171247.patch +Patch: 4420_grsecurity-2.9.1-3.2.50-201308181813.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308171247.patch b/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308181813.patch index a0281fe..d8e4449 100644 --- a/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308171247.patch +++ b/3.2.50/4420_grsecurity-2.9.1-3.2.50-201308181813.patch @@ -54513,7 +54513,7 @@ index 516f337..82a82df 100644 ret = PTR_ERR(cb_info->task); svc_exit_thread(cb_info->rqst); diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c -index 168cb93..20486571 100644 +index 168cb93..de27202 100644 --- a/fs/nfs/callback_xdr.c +++ b/fs/nfs/callback_xdr.c @@ -50,7 +50,7 @@ struct callback_op { @@ -54525,6 +54525,19 @@ index 168cb93..20486571 100644 static struct callback_op callback_ops[]; +@@ -451,9 +451,9 @@ static __be32 decode_cb_sequence_args(struct svc_rqst *rqstp, + args->csa_nrclists = ntohl(*p++); + args->csa_rclists = NULL; + if (args->csa_nrclists) { +- args->csa_rclists = kmalloc(args->csa_nrclists * +- sizeof(*args->csa_rclists), +- GFP_KERNEL); ++ args->csa_rclists = kmalloc_array(args->csa_nrclists, ++ sizeof(*args->csa_rclists), ++ GFP_KERNEL); + if (unlikely(args->csa_rclists == NULL)) + goto out; + diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 756f4df..8bd49ca 100644 --- a/fs/nfs/dir.c @@ -73541,7 +73554,7 @@ index efe50af..0d0b145 100644 static inline void nf_reset_trace(struct sk_buff *skb) diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..d82a501 100644 +index 573c809..36fe1a8 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,14 +11,29 @@ @@ -73609,16 +73622,42 @@ index 573c809..d82a501 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -242,7 +271,7 @@ size_t ksize(const void *); +@@ -190,7 +219,7 @@ size_t ksize(const void *); + #endif + + /** +- * kcalloc - allocate memory for an array. The memory is set to zero. ++ * kmalloc_array - allocate memory for an array. + * @n: number of elements. + * @size: element size. + * @flags: the type of memory to allocate. +@@ -240,11 +269,22 @@ size_t ksize(const void *); + * for general use, and so are not documented here. For a full list of + * potential flags, always refer to linux/gfp.h. */ - static inline void *kcalloc(size_t n, size_t size, gfp_t flags) +-static inline void *kcalloc(size_t n, size_t size, gfp_t flags) ++static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) { - if (size != 0 && n > ULONG_MAX / size) + if (size != 0 && n > SIZE_MAX / size) return NULL; - return __kmalloc(n * size, flags | __GFP_ZERO); +- return __kmalloc(n * size, flags | __GFP_ZERO); ++ return __kmalloc(n * size, flags); ++} ++ ++/** ++ * kcalloc - allocate memory for an array. The memory is set to zero. ++ * @n: number of elements. ++ * @size: element size. ++ * @flags: the type of memory to allocate (see kmalloc). ++ */ ++static inline void *kcalloc(size_t n, size_t size, gfp_t flags) ++{ ++ return kmalloc_array(n, size, flags | __GFP_ZERO); } -@@ -287,7 +316,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, + + #if !defined(CONFIG_NUMA) && !defined(CONFIG_SLOB) +@@ -287,7 +327,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -73627,7 +73666,7 @@ index 573c809..d82a501 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -306,7 +335,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -306,7 +346,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -91195,10 +91234,20 @@ index 403be43..87f09da 100644 }; diff --git a/net/key/af_key.c b/net/key/af_key.c -index 6fefdfc..b603137 100644 +index 6fefdfc..454598b 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c -@@ -3018,10 +3018,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc +@@ -1924,6 +1924,9 @@ parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol) + int len = pol->sadb_x_policy_len*8 - sizeof(struct sadb_x_policy); + struct sadb_x_ipsecrequest *rq = (void*)(pol+1); + ++ if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy)) ++ return -EINVAL; ++ + while (len >= sizeof(struct sadb_x_ipsecrequest)) { + if ((err = parse_ipsecrequest(xp, rq)) < 0) + return err; +@@ -3018,10 +3021,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc static u32 get_acqseq(void) { u32 res; @@ -97679,6 +97728,19 @@ index cd094ec..eca1277 100644 break; default: return -EINVAL; +diff --git a/sound/i2c/other/ak4xxx-adda.c b/sound/i2c/other/ak4xxx-adda.c +index cef813d..ed726d1 100644 +--- a/sound/i2c/other/ak4xxx-adda.c ++++ b/sound/i2c/other/ak4xxx-adda.c +@@ -571,7 +571,7 @@ static int ak4xxx_capture_source_info(struct snd_kcontrol *kcontrol, + struct snd_akm4xxx *ak = snd_kcontrol_chip(kcontrol); + int mixer_ch = AK_GET_SHIFT(kcontrol->private_value); + const char **input_names; +- int num_names, idx; ++ unsigned int num_names, idx; + + num_names = ak4xxx_capture_num_inputs(ak, mixer_ch); + if (!num_names) diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c index 733b014..56ce96f 100644 --- a/sound/oss/sb_audio.c diff --git a/3.2.50/4440_grsec-remove-protected-paths.patch b/3.2.50/4440_grsec-remove-protected-paths.patch index 637934a..e2c2dc9 100644 --- a/3.2.50/4440_grsec-remove-protected-paths.patch +++ b/3.2.50/4440_grsec-remove-protected-paths.patch @@ -6,7 +6,7 @@ the filesystem. diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile --- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400 +++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400 -@@ -29,10 +29,4 @@ +@@ -33,10 +33,4 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y := grsec_hidesym.o $(obj)/grsec_hidesym.o: diff --git a/3.2.50/4450_grsec-kconfig-default-gids.patch b/3.2.50/4450_grsec-kconfig-default-gids.patch index c882e28..bb13fd4 100644 --- a/3.2.50/4450_grsec-kconfig-default-gids.patch +++ b/3.2.50/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -610,7 +610,7 @@ +@@ -611,7 +611,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -830,7 +830,7 @@ +@@ -820,7 +820,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -839,7 +839,7 @@ +@@ -829,7 +829,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -932,7 +932,7 @@ +@@ -922,7 +922,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -953,7 +953,7 @@ +@@ -943,7 +943,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -971,7 +971,7 @@ +@@ -961,7 +961,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch index 5607ab4..28ec979 100644 --- a/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.50/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1030,6 +1030,27 @@ +@@ -1020,6 +1020,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.2.50/4475_emutramp_default_on.patch b/3.2.50/4475_emutramp_default_on.patch index 30f6978..df700e6 100644 --- a/3.2.50/4475_emutramp_default_on.patch +++ b/3.2.50/4475_emutramp_default_on.patch @@ -10,7 +10,7 @@ See bug: diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig --- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400 +++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400 -@@ -428,7 +428,7 @@ +@@ -426,7 +426,7 @@ config PAX_EMUTRAMP bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) |