commit: 0c730e5a2e5c2dec64ee4c031fb82ad7f044df4b Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Mon Apr 11 11:08:32 2016 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Mon Apr 11 11:08:32 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=0c730e5a
grsecurity-3.1-4.4.6-201604100830 4.4.6/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.4.6-201604100830.patch} | 135 +++++++++++++++++++-- 2 files changed, 124 insertions(+), 13 deletions(-) diff --git a/4.4.6/0000_README b/4.4.6/0000_README index 5a53479..938fbaa 100644 --- a/4.4.6/0000_README +++ b/4.4.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.4.6-201604021734.patch +Patch: 4420_grsecurity-3.1-4.4.6-201604100830.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.4.6/4420_grsecurity-3.1-4.4.6-201604021734.patch b/4.4.6/4420_grsecurity-3.1-4.4.6-201604100830.patch similarity index 99% rename from 4.4.6/4420_grsecurity-3.1-4.4.6-201604021734.patch rename to 4.4.6/4420_grsecurity-3.1-4.4.6-201604100830.patch index 33aecb1..62aa16c 100644 --- a/4.4.6/4420_grsecurity-3.1-4.4.6-201604021734.patch +++ b/4.4.6/4420_grsecurity-3.1-4.4.6-201604100830.patch @@ -37537,7 +37537,7 @@ index a83e3c6..c3d617f 100644 bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj); if (!bgrt_kobj) diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c -index 96809cd..6a49f97 100644 +index 96809cd..6a49f979 100644 --- a/drivers/acpi/blacklist.c +++ b/drivers/acpi/blacklist.c @@ -47,7 +47,7 @@ struct acpi_blacklist_item { @@ -127676,8 +127676,41 @@ index e5ea177..54bf9fb 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 31144c4..a175152 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1091,8 +1091,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, + int getfrag(void *from, char *to, int offset, int len, + int odd, struct sk_buff *skb), + void *from, int length, int hh_len, int fragheaderlen, +- int transhdrlen, int mtu, unsigned int flags, +- const struct flowi6 *fl6) ++ int exthdrlen, int transhdrlen, int mtu, ++ unsigned int flags, const struct flowi6 *fl6) + + { + struct sk_buff *skb; +@@ -1117,7 +1117,7 @@ static inline int ip6_ufo_append_data(struct sock *sk, + skb_put(skb, fragheaderlen + transhdrlen); + + /* initialize network header pointer */ +- skb_reset_network_header(skb); ++ skb_set_network_header(skb, exthdrlen); + + /* initialize protocol header pointer */ + skb->transport_header = skb->network_header + fragheaderlen; +@@ -1359,7 +1359,7 @@ emsgsize: + (rt->dst.dev->features & NETIF_F_UFO) && + (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) { + err = ip6_ufo_append_data(sk, queue, getfrag, from, length, +- hh_len, fragheaderlen, ++ hh_len, fragheaderlen, exthdrlen, + transhdrlen, mtu, flags, fl6); + if (err) + goto error; diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index 137fca4..2671d8c 100644 +index 137fca4..dcda1fa 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -80,7 +80,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) @@ -127689,6 +127722,20 @@ index 137fca4..2671d8c 100644 static int ip6_tnl_net_id __read_mostly; struct ip6_tnl_net { +@@ -343,12 +343,12 @@ static int ip6_tnl_create2(struct net_device *dev) + + t = netdev_priv(dev); + ++ dev->rtnl_link_ops = &ip6_link_ops; + err = register_netdevice(dev); + if (err < 0) + goto out; + + strcpy(t->parms.name, dev->name); +- dev->rtnl_link_ops = &ip6_link_ops; + + dev_hold(dev); + ip6_tnl_link(ip6n, t); @@ -1841,7 +1841,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, }; @@ -130169,7 +130216,7 @@ index ec76398..52091dd 100644 }; diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 992396a..9269534 100644 +index 992396a..d0b3a3d 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -278,7 +278,7 @@ static int packet_direct_xmit(struct sk_buff *skb) @@ -130224,7 +130271,15 @@ index 992396a..9269534 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -3770,7 +3770,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3441,6 +3441,7 @@ static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq) + i->ifindex = mreq->mr_ifindex; + i->alen = mreq->mr_alen; + memcpy(i->addr, mreq->mr_address, i->alen); ++ memset(i->addr + i->alen, 0, sizeof(i->addr) - i->alen); + i->count = 1; + i->next = po->mclist; + po->mclist = i; +@@ -3770,7 +3771,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -130233,7 +130288,7 @@ index 992396a..9269534 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3805,9 +3805,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3805,9 +3806,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_ROLLOVER_STATS: if (!po->rollover) return -EINVAL; @@ -130246,7 +130301,7 @@ index 992396a..9269534 100644 data = &rstats; lv = sizeof(rstats); break; -@@ -3825,7 +3825,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3825,7 +3826,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -140389,10 +140444,10 @@ index 0000000..6fbcd39 +} diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c new file mode 100644 -index 0000000..ca6ce54 +index 0000000..c77d26d --- /dev/null +++ b/tools/gcc/randomize_layout_plugin.c -@@ -0,0 +1,879 @@ +@@ -0,0 +1,935 @@ +/* + * Copyright 2014,2015 by Open Source Security, Inc., Brad Spengler <[email protected]> + * and PaX Team <[email protected]> @@ -140680,8 +140735,8 @@ index 0000000..ca6ce54 + return true; + + if (typesize != NULL_TREE && -+ (TREE_CONSTANT(typesize) && (!TREE_INT_CST_LOW(typesize) || -+ TREE_INT_CST_LOW(typesize) == TREE_INT_CST_LOW(elemsize)))) ++ (TREE_CONSTANT(typesize) && (!tree_to_uhwi(typesize) || ++ tree_to_uhwi(typesize) == tree_to_uhwi(elemsize)))) + return true; + + return false; @@ -140698,6 +140753,7 @@ index 0000000..ca6ce54 + tree variant; + tree main_variant; + expanded_location xloc; ++ bool has_flexarray = false; + + if (TYPE_FIELDS(type) == NULL_TREE) + return 0; @@ -140734,8 +140790,10 @@ index 0000000..ca6ce54 + * element of a struct if it's a 0 or 1-length array + * or a proper flexible array + */ -+ if (is_flexible_array(newtree[num_fields - 1])) ++ if (is_flexible_array(newtree[num_fields - 1])) { ++ has_flexarray = true; + shuffle_length--; ++ } + + shuffle(type, (tree *)newtree, shuffle_length); + @@ -140764,6 +140822,8 @@ index 0000000..ca6ce54 + TYPE_FIELDS(variant) = list; + TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); + TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); ++ if (has_flexarray) ++ TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); + } + + /* @@ -140844,6 +140904,51 @@ index 0000000..ca6ce54 +#endif +} + ++static void update_decl_size(tree decl) ++{ ++ tree lastval, lastidx, field, init, type, flexsize; ++ unsigned HOST_WIDE_INT len; ++ ++ type = TREE_TYPE(decl); ++ ++ if (!lookup_attribute("has_flexarray", TYPE_ATTRIBUTES(type))) ++ return; ++ ++ init = DECL_INITIAL(decl); ++ if (init == NULL_TREE || init == error_mark_node) ++ return; ++ ++ if (TREE_CODE(init) != CONSTRUCTOR) ++ return; ++ ++ len = CONSTRUCTOR_NELTS(init); ++ if (!len) ++ return; ++ ++ lastval = CONSTRUCTOR_ELT(init, CONSTRUCTOR_NELTS(init) - 1)->value; ++ lastidx = CONSTRUCTOR_ELT(init, CONSTRUCTOR_NELTS(init) - 1)->index; ++ ++ for (field = TYPE_FIELDS(TREE_TYPE(decl)); TREE_CHAIN(field); field = TREE_CHAIN(field)) ++ ; ++ ++ if (lastidx != field) ++ return; ++ ++ if (TREE_CODE(lastval) != STRING_CST) { ++ error("Only string constants are supported as initializers " ++ "for randomized structures with flexible arrays"); ++ return; ++ } ++ ++ flexsize = bitsize_int(TREE_STRING_LENGTH(lastval) * ++ tree_to_uhwi(TYPE_SIZE(TREE_TYPE(TREE_TYPE(lastval))))); ++ ++ DECL_SIZE(decl) = size_binop(PLUS_EXPR, TYPE_SIZE(type), flexsize); ++ ++ return; ++} ++ ++ +static void randomize_layout_finish_decl(void *event_data, void *data) +{ + tree decl = (tree)event_data; @@ -140863,7 +140968,13 @@ index 0000000..ca6ce54 + if (!lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(type))) + return; + -+ relayout_decl(decl); ++ DECL_SIZE(decl) = 0; ++ DECL_SIZE_UNIT(decl) = 0; ++ DECL_ALIGN(decl) = 0; ++ DECL_MODE (decl) = VOIDmode; ++ SET_DECL_RTL(decl, 0); ++ update_decl_size(decl); ++ layout_decl(decl, 0); +} + +static void finish_type(void *event_data, void *data)
