diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-02-23 09:52:57 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-02-23 09:53:30 +0000 |
commit | 712467f3f0f0819e7e341c2b6f36e88b516a645b (patch) | |
tree | 2729e09ba81a8bf9f3e01baefaee28ba8a03a6b7 | |
parent | 7f12577d7fc415a2baf8d2fc248b52f8276a9a80 (diff) | |
download | alpine_aports-712467f3f0f0819e7e341c2b6f36e88b516a645b.tar.bz2 alpine_aports-712467f3f0f0819e7e341c2b6f36e88b516a645b.tar.xz alpine_aports-712467f3f0f0819e7e341c2b6f36e88b516a645b.zip |
main/linux-grsec: upgrade to 3.2.7 and enable 9P filesystem
-rw-r--r-- | main/linux-grsec/APKBUILD | 12 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.2-3.2.7-201202202005.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.2.6-201202131824.patch) | 427 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 6 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 6 |
4 files changed, 290 insertions, 161 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 1f5b17a825..90bf9d1be6 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | _flavor=grsec | 3 | _flavor=grsec |
4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
5 | pkgver=3.2.6 | 5 | pkgver=3.2.7 |
6 | _kernver=3.2 | 6 | _kernver=3.2 |
7 | pkgrel=0 | 7 | pkgrel=0 |
8 | pkgdesc="Linux kernel with grsecurity" | 8 | pkgdesc="Linux kernel with grsecurity" |
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} | |||
14 | install= | 14 | install= |
15 | source="http://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 | 15 | source="http://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 |
16 | http://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 | 16 | http://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 |
17 | grsecurity-2.2.2-3.2.6-201202131824.patch | 17 | grsecurity-2.2.2-3.2.7-201202202005.patch |
18 | 18 | ||
19 | 0004-arp-flush-arp-cache-on-device-change.patch | 19 | 0004-arp-flush-arp-cache-on-device-change.patch |
20 | 20 | ||
@@ -140,10 +140,10 @@ dev() { | |||
140 | } | 140 | } |
141 | 141 | ||
142 | md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2 | 142 | md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2 |
143 | 2bd4679899df503177a3b61ae2068749 patch-3.2.6.bz2 | 143 | 899624bffed6a19578613b672cc9483f patch-3.2.7.bz2 |
144 | 905e73610bfdb7fd497fa95adcbea2ce grsecurity-2.2.2-3.2.6-201202131824.patch | 144 | 1a1512cc453f2470a42968e015a26eff grsecurity-2.2.2-3.2.7-201202202005.patch |
145 | 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch | 145 | 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch |
146 | f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch | 146 | f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch |
147 | 62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch | 147 | 62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch |
148 | bd0b139de82316d44cf3376533daddb8 kernelconfig.x86 | 148 | 339d4dd7f74b87d13adff5d2d2abf86a kernelconfig.x86 |
149 | 84644f7193b0b9d9bd474b5ec322a0f8 kernelconfig.x86_64" | 149 | 68204744d18679153a2a1e932290f93d kernelconfig.x86_64" |
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.2.6-201202131824.patch b/main/linux-grsec/grsecurity-2.2.2-3.2.7-201202202005.patch index 2ac63128e2..816b75a7d9 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.2.6-201202131824.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.2.7-201202202005.patch | |||
@@ -186,7 +186,7 @@ index 81c287f..d456d02 100644 | |||
186 | 186 | ||
187 | pcd. [PARIDE] | 187 | pcd. [PARIDE] |
188 | diff --git a/Makefile b/Makefile | 188 | diff --git a/Makefile b/Makefile |
189 | index 47fe496..c50bd2a 100644 | 189 | index d1bdc90..e95fe1a 100644 |
190 | --- a/Makefile | 190 | --- a/Makefile |
191 | +++ b/Makefile | 191 | +++ b/Makefile |
192 | @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ | 192 | @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
@@ -10910,7 +10910,7 @@ index 566e803..b9521e9 100644 | |||
10910 | } | 10910 | } |
10911 | 10911 | ||
10912 | diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h | 10912 | diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h |
10913 | index 1c66d30..23ab77d 100644 | 10913 | index 1c66d30..e66922c 100644 |
10914 | --- a/arch/x86/include/asm/uaccess_64.h | 10914 | --- a/arch/x86/include/asm/uaccess_64.h |
10915 | +++ b/arch/x86/include/asm/uaccess_64.h | 10915 | +++ b/arch/x86/include/asm/uaccess_64.h |
10916 | @@ -10,6 +10,9 @@ | 10916 | @@ -10,6 +10,9 @@ |
@@ -10939,7 +10939,12 @@ index 1c66d30..23ab77d 100644 | |||
10939 | { | 10939 | { |
10940 | unsigned ret; | 10940 | unsigned ret; |
10941 | 10941 | ||
10942 | @@ -36,138 +39,222 @@ copy_user_generic(void *to, const void *from, unsigned len) | 10942 | @@ -32,142 +35,226 @@ copy_user_generic(void *to, const void *from, unsigned len) |
10943 | ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), | ||
10944 | "=d" (len)), | ||
10945 | "1" (to), "2" (from), "3" (len) | ||
10946 | - : "memory", "rcx", "r8", "r9", "r10", "r11"); | ||
10947 | + : "memory", "rcx", "r8", "r9", "r11"); | ||
10943 | return ret; | 10948 | return ret; |
10944 | } | 10949 | } |
10945 | 10950 | ||
@@ -41441,7 +41446,7 @@ index 608c1c3..7d040a8 100644 | |||
41441 | return rc; | 41446 | return rc; |
41442 | } | 41447 | } |
41443 | diff --git a/fs/exec.c b/fs/exec.c | 41448 | diff --git a/fs/exec.c b/fs/exec.c |
41444 | index 3625464..7949233 100644 | 41449 | index 3625464..7c7ce8b 100644 |
41445 | --- a/fs/exec.c | 41450 | --- a/fs/exec.c |
41446 | +++ b/fs/exec.c | 41451 | +++ b/fs/exec.c |
41447 | @@ -55,12 +55,28 @@ | 41452 | @@ -55,12 +55,28 @@ |
@@ -41504,7 +41509,25 @@ index 3625464..7949233 100644 | |||
41504 | return NULL; | 41509 | return NULL; |
41505 | 41510 | ||
41506 | if (write) { | 41511 | if (write) { |
41507 | @@ -274,6 +282,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) | 41512 | @@ -215,6 +223,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, |
41513 | if (size <= ARG_MAX) | ||
41514 | return page; | ||
41515 | |||
41516 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | ||
41517 | + // only allow 1MB for argv+env on suid/sgid binaries | ||
41518 | + // to prevent easy ASLR exhaustion | ||
41519 | + if (((bprm->cred->euid != current_euid()) || | ||
41520 | + (bprm->cred->egid != current_egid())) && | ||
41521 | + (size > (1024 * 1024))) { | ||
41522 | + put_page(page); | ||
41523 | + return NULL; | ||
41524 | + } | ||
41525 | +#endif | ||
41526 | + | ||
41527 | /* | ||
41528 | * Limit to 1/4-th the stack size for the argv+env strings. | ||
41529 | * This ensures that: | ||
41530 | @@ -274,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) | ||
41508 | vma->vm_end = STACK_TOP_MAX; | 41531 | vma->vm_end = STACK_TOP_MAX; |
41509 | vma->vm_start = vma->vm_end - PAGE_SIZE; | 41532 | vma->vm_start = vma->vm_end - PAGE_SIZE; |
41510 | vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; | 41533 | vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; |
@@ -41516,7 +41539,7 @@ index 3625464..7949233 100644 | |||
41516 | vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); | 41539 | vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); |
41517 | INIT_LIST_HEAD(&vma->anon_vma_chain); | 41540 | INIT_LIST_HEAD(&vma->anon_vma_chain); |
41518 | 41541 | ||
41519 | @@ -288,6 +301,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) | 41542 | @@ -288,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) |
41520 | mm->stack_vm = mm->total_vm = 1; | 41543 | mm->stack_vm = mm->total_vm = 1; |
41521 | up_write(&mm->mmap_sem); | 41544 | up_write(&mm->mmap_sem); |
41522 | bprm->p = vma->vm_end - sizeof(void *); | 41545 | bprm->p = vma->vm_end - sizeof(void *); |
@@ -41529,7 +41552,7 @@ index 3625464..7949233 100644 | |||
41529 | return 0; | 41552 | return 0; |
41530 | err: | 41553 | err: |
41531 | up_write(&mm->mmap_sem); | 41554 | up_write(&mm->mmap_sem); |
41532 | @@ -396,19 +415,7 @@ err: | 41555 | @@ -396,19 +426,7 @@ err: |
41533 | return err; | 41556 | return err; |
41534 | } | 41557 | } |
41535 | 41558 | ||
@@ -41550,7 +41573,7 @@ index 3625464..7949233 100644 | |||
41550 | { | 41573 | { |
41551 | const char __user *native; | 41574 | const char __user *native; |
41552 | 41575 | ||
41553 | @@ -417,14 +424,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) | 41576 | @@ -417,14 +435,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) |
41554 | compat_uptr_t compat; | 41577 | compat_uptr_t compat; |
41555 | 41578 | ||
41556 | if (get_user(compat, argv.ptr.compat + nr)) | 41579 | if (get_user(compat, argv.ptr.compat + nr)) |
@@ -41567,7 +41590,7 @@ index 3625464..7949233 100644 | |||
41567 | 41590 | ||
41568 | return native; | 41591 | return native; |
41569 | } | 41592 | } |
41570 | @@ -443,7 +450,7 @@ static int count(struct user_arg_ptr argv, int max) | 41593 | @@ -443,7 +461,7 @@ static int count(struct user_arg_ptr argv, int max) |
41571 | if (!p) | 41594 | if (!p) |
41572 | break; | 41595 | break; |
41573 | 41596 | ||
@@ -41576,7 +41599,7 @@ index 3625464..7949233 100644 | |||
41576 | return -EFAULT; | 41599 | return -EFAULT; |
41577 | 41600 | ||
41578 | if (i++ >= max) | 41601 | if (i++ >= max) |
41579 | @@ -477,7 +484,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, | 41602 | @@ -477,7 +495,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, |
41580 | 41603 | ||
41581 | ret = -EFAULT; | 41604 | ret = -EFAULT; |
41582 | str = get_user_arg_ptr(argv, argc); | 41605 | str = get_user_arg_ptr(argv, argc); |
@@ -41585,7 +41608,7 @@ index 3625464..7949233 100644 | |||
41585 | goto out; | 41608 | goto out; |
41586 | 41609 | ||
41587 | len = strnlen_user(str, MAX_ARG_STRLEN); | 41610 | len = strnlen_user(str, MAX_ARG_STRLEN); |
41588 | @@ -559,7 +566,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, | 41611 | @@ -559,7 +577,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, |
41589 | int r; | 41612 | int r; |
41590 | mm_segment_t oldfs = get_fs(); | 41613 | mm_segment_t oldfs = get_fs(); |
41591 | struct user_arg_ptr argv = { | 41614 | struct user_arg_ptr argv = { |
@@ -41594,7 +41617,7 @@ index 3625464..7949233 100644 | |||
41594 | }; | 41617 | }; |
41595 | 41618 | ||
41596 | set_fs(KERNEL_DS); | 41619 | set_fs(KERNEL_DS); |
41597 | @@ -594,7 +601,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) | 41620 | @@ -594,7 +612,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) |
41598 | unsigned long new_end = old_end - shift; | 41621 | unsigned long new_end = old_end - shift; |
41599 | struct mmu_gather tlb; | 41622 | struct mmu_gather tlb; |
41600 | 41623 | ||
@@ -41604,7 +41627,7 @@ index 3625464..7949233 100644 | |||
41604 | 41627 | ||
41605 | /* | 41628 | /* |
41606 | * ensure there are no vmas between where we want to go | 41629 | * ensure there are no vmas between where we want to go |
41607 | @@ -603,6 +611,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) | 41630 | @@ -603,6 +622,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) |
41608 | if (vma != find_vma(mm, new_start)) | 41631 | if (vma != find_vma(mm, new_start)) |
41609 | return -EFAULT; | 41632 | return -EFAULT; |
41610 | 41633 | ||
@@ -41615,7 +41638,7 @@ index 3625464..7949233 100644 | |||
41615 | /* | 41638 | /* |
41616 | * cover the whole range: [new_start, old_end) | 41639 | * cover the whole range: [new_start, old_end) |
41617 | */ | 41640 | */ |
41618 | @@ -683,10 +695,6 @@ int setup_arg_pages(struct linux_binprm *bprm, | 41641 | @@ -683,10 +706,6 @@ int setup_arg_pages(struct linux_binprm *bprm, |
41619 | stack_top = arch_align_stack(stack_top); | 41642 | stack_top = arch_align_stack(stack_top); |
41620 | stack_top = PAGE_ALIGN(stack_top); | 41643 | stack_top = PAGE_ALIGN(stack_top); |
41621 | 41644 | ||
@@ -41626,7 +41649,7 @@ index 3625464..7949233 100644 | |||
41626 | stack_shift = vma->vm_end - stack_top; | 41649 | stack_shift = vma->vm_end - stack_top; |
41627 | 41650 | ||
41628 | bprm->p -= stack_shift; | 41651 | bprm->p -= stack_shift; |
41629 | @@ -698,8 +706,28 @@ int setup_arg_pages(struct linux_binprm *bprm, | 41652 | @@ -698,8 +717,28 @@ int setup_arg_pages(struct linux_binprm *bprm, |
41630 | bprm->exec -= stack_shift; | 41653 | bprm->exec -= stack_shift; |
41631 | 41654 | ||
41632 | down_write(&mm->mmap_sem); | 41655 | down_write(&mm->mmap_sem); |
@@ -41655,7 +41678,7 @@ index 3625464..7949233 100644 | |||
41655 | /* | 41678 | /* |
41656 | * Adjust stack execute permissions; explicitly enable for | 41679 | * Adjust stack execute permissions; explicitly enable for |
41657 | * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone | 41680 | * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone |
41658 | @@ -718,13 +746,6 @@ int setup_arg_pages(struct linux_binprm *bprm, | 41681 | @@ -718,13 +757,6 @@ int setup_arg_pages(struct linux_binprm *bprm, |
41659 | goto out_unlock; | 41682 | goto out_unlock; |
41660 | BUG_ON(prev != vma); | 41683 | BUG_ON(prev != vma); |
41661 | 41684 | ||
@@ -41669,7 +41692,7 @@ index 3625464..7949233 100644 | |||
41669 | /* mprotect_fixup is overkill to remove the temporary stack flags */ | 41692 | /* mprotect_fixup is overkill to remove the temporary stack flags */ |
41670 | vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; | 41693 | vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; |
41671 | 41694 | ||
41672 | @@ -805,7 +826,7 @@ int kernel_read(struct file *file, loff_t offset, | 41695 | @@ -805,7 +837,7 @@ int kernel_read(struct file *file, loff_t offset, |
41673 | old_fs = get_fs(); | 41696 | old_fs = get_fs(); |
41674 | set_fs(get_ds()); | 41697 | set_fs(get_ds()); |
41675 | /* The cast to a user pointer is valid due to the set_fs() */ | 41698 | /* The cast to a user pointer is valid due to the set_fs() */ |
@@ -41678,7 +41701,7 @@ index 3625464..7949233 100644 | |||
41678 | set_fs(old_fs); | 41701 | set_fs(old_fs); |
41679 | return result; | 41702 | return result; |
41680 | } | 41703 | } |
41681 | @@ -1067,6 +1088,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) | 41704 | @@ -1067,6 +1099,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) |
41682 | perf_event_comm(tsk); | 41705 | perf_event_comm(tsk); |
41683 | } | 41706 | } |
41684 | 41707 | ||
@@ -41700,7 +41723,7 @@ index 3625464..7949233 100644 | |||
41700 | int flush_old_exec(struct linux_binprm * bprm) | 41723 | int flush_old_exec(struct linux_binprm * bprm) |
41701 | { | 41724 | { |
41702 | int retval; | 41725 | int retval; |
41703 | @@ -1081,6 +1117,7 @@ int flush_old_exec(struct linux_binprm * bprm) | 41726 | @@ -1081,6 +1128,7 @@ int flush_old_exec(struct linux_binprm * bprm) |
41704 | 41727 | ||
41705 | set_mm_exe_file(bprm->mm, bprm->file); | 41728 | set_mm_exe_file(bprm->mm, bprm->file); |
41706 | 41729 | ||
@@ -41708,7 +41731,7 @@ index 3625464..7949233 100644 | |||
41708 | /* | 41731 | /* |
41709 | * Release all of the old mmap stuff | 41732 | * Release all of the old mmap stuff |
41710 | */ | 41733 | */ |
41711 | @@ -1112,10 +1149,6 @@ EXPORT_SYMBOL(would_dump); | 41734 | @@ -1112,10 +1160,6 @@ EXPORT_SYMBOL(would_dump); |
41712 | 41735 | ||
41713 | void setup_new_exec(struct linux_binprm * bprm) | 41736 | void setup_new_exec(struct linux_binprm * bprm) |
41714 | { | 41737 | { |
@@ -41719,7 +41742,7 @@ index 3625464..7949233 100644 | |||
41719 | arch_pick_mmap_layout(current->mm); | 41742 | arch_pick_mmap_layout(current->mm); |
41720 | 41743 | ||
41721 | /* This is the point of no return */ | 41744 | /* This is the point of no return */ |
41722 | @@ -1126,18 +1159,7 @@ void setup_new_exec(struct linux_binprm * bprm) | 41745 | @@ -1126,18 +1170,7 @@ void setup_new_exec(struct linux_binprm * bprm) |
41723 | else | 41746 | else |
41724 | set_dumpable(current->mm, suid_dumpable); | 41747 | set_dumpable(current->mm, suid_dumpable); |
41725 | 41748 | ||
@@ -41739,7 +41762,7 @@ index 3625464..7949233 100644 | |||
41739 | 41762 | ||
41740 | /* Set the new mm task size. We have to do that late because it may | 41763 | /* Set the new mm task size. We have to do that late because it may |
41741 | * depend on TIF_32BIT which is only updated in flush_thread() on | 41764 | * depend on TIF_32BIT which is only updated in flush_thread() on |
41742 | @@ -1247,7 +1269,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) | 41765 | @@ -1247,7 +1280,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) |
41743 | } | 41766 | } |
41744 | rcu_read_unlock(); | 41767 | rcu_read_unlock(); |
41745 | 41768 | ||
@@ -41748,7 +41771,7 @@ index 3625464..7949233 100644 | |||
41748 | bprm->unsafe |= LSM_UNSAFE_SHARE; | 41771 | bprm->unsafe |= LSM_UNSAFE_SHARE; |
41749 | } else { | 41772 | } else { |
41750 | res = -EAGAIN; | 41773 | res = -EAGAIN; |
41751 | @@ -1442,6 +1464,10 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) | 41774 | @@ -1442,6 +1475,10 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) |
41752 | 41775 | ||
41753 | EXPORT_SYMBOL(search_binary_handler); | 41776 | EXPORT_SYMBOL(search_binary_handler); |
41754 | 41777 | ||
@@ -41759,7 +41782,7 @@ index 3625464..7949233 100644 | |||
41759 | /* | 41782 | /* |
41760 | * sys_execve() executes a new program. | 41783 | * sys_execve() executes a new program. |
41761 | */ | 41784 | */ |
41762 | @@ -1450,6 +1476,11 @@ static int do_execve_common(const char *filename, | 41785 | @@ -1450,6 +1487,11 @@ static int do_execve_common(const char *filename, |
41763 | struct user_arg_ptr envp, | 41786 | struct user_arg_ptr envp, |
41764 | struct pt_regs *regs) | 41787 | struct pt_regs *regs) |
41765 | { | 41788 | { |
@@ -41771,7 +41794,7 @@ index 3625464..7949233 100644 | |||
41771 | struct linux_binprm *bprm; | 41794 | struct linux_binprm *bprm; |
41772 | struct file *file; | 41795 | struct file *file; |
41773 | struct files_struct *displaced; | 41796 | struct files_struct *displaced; |
41774 | @@ -1457,6 +1488,8 @@ static int do_execve_common(const char *filename, | 41797 | @@ -1457,6 +1499,8 @@ static int do_execve_common(const char *filename, |
41775 | int retval; | 41798 | int retval; |
41776 | const struct cred *cred = current_cred(); | 41799 | const struct cred *cred = current_cred(); |
41777 | 41800 | ||
@@ -41780,7 +41803,7 @@ index 3625464..7949233 100644 | |||
41780 | /* | 41803 | /* |
41781 | * We move the actual failure in case of RLIMIT_NPROC excess from | 41804 | * We move the actual failure in case of RLIMIT_NPROC excess from |
41782 | * set*uid() to execve() because too many poorly written programs | 41805 | * set*uid() to execve() because too many poorly written programs |
41783 | @@ -1497,12 +1530,27 @@ static int do_execve_common(const char *filename, | 41806 | @@ -1497,12 +1541,27 @@ static int do_execve_common(const char *filename, |
41784 | if (IS_ERR(file)) | 41807 | if (IS_ERR(file)) |
41785 | goto out_unmark; | 41808 | goto out_unmark; |
41786 | 41809 | ||
@@ -41808,7 +41831,7 @@ index 3625464..7949233 100644 | |||
41808 | retval = bprm_mm_init(bprm); | 41831 | retval = bprm_mm_init(bprm); |
41809 | if (retval) | 41832 | if (retval) |
41810 | goto out_file; | 41833 | goto out_file; |
41811 | @@ -1532,11 +1580,46 @@ static int do_execve_common(const char *filename, | 41834 | @@ -1532,11 +1591,46 @@ static int do_execve_common(const char *filename, |
41812 | if (retval < 0) | 41835 | if (retval < 0) |
41813 | goto out; | 41836 | goto out; |
41814 | 41837 | ||
@@ -41856,7 +41879,7 @@ index 3625464..7949233 100644 | |||
41856 | current->fs->in_exec = 0; | 41879 | current->fs->in_exec = 0; |
41857 | current->in_execve = 0; | 41880 | current->in_execve = 0; |
41858 | acct_update_integrals(current); | 41881 | acct_update_integrals(current); |
41859 | @@ -1545,6 +1628,14 @@ static int do_execve_common(const char *filename, | 41882 | @@ -1545,6 +1639,14 @@ static int do_execve_common(const char *filename, |
41860 | put_files_struct(displaced); | 41883 | put_files_struct(displaced); |
41861 | return retval; | 41884 | return retval; |
41862 | 41885 | ||
@@ -41871,7 +41894,7 @@ index 3625464..7949233 100644 | |||
41871 | out: | 41894 | out: |
41872 | if (bprm->mm) { | 41895 | if (bprm->mm) { |
41873 | acct_arg_size(bprm, 0); | 41896 | acct_arg_size(bprm, 0); |
41874 | @@ -1618,7 +1709,7 @@ static int expand_corename(struct core_name *cn) | 41897 | @@ -1618,7 +1720,7 @@ static int expand_corename(struct core_name *cn) |
41875 | { | 41898 | { |
41876 | char *old_corename = cn->corename; | 41899 | char *old_corename = cn->corename; |
41877 | 41900 | ||
@@ -41880,7 +41903,7 @@ index 3625464..7949233 100644 | |||
41880 | cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); | 41903 | cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); |
41881 | 41904 | ||
41882 | if (!cn->corename) { | 41905 | if (!cn->corename) { |
41883 | @@ -1715,7 +1806,7 @@ static int format_corename(struct core_name *cn, long signr) | 41906 | @@ -1715,7 +1817,7 @@ static int format_corename(struct core_name *cn, long signr) |
41884 | int pid_in_pattern = 0; | 41907 | int pid_in_pattern = 0; |
41885 | int err = 0; | 41908 | int err = 0; |
41886 | 41909 | ||
@@ -41889,7 +41912,7 @@ index 3625464..7949233 100644 | |||
41889 | cn->corename = kmalloc(cn->size, GFP_KERNEL); | 41912 | cn->corename = kmalloc(cn->size, GFP_KERNEL); |
41890 | cn->used = 0; | 41913 | cn->used = 0; |
41891 | 41914 | ||
41892 | @@ -1812,6 +1903,218 @@ out: | 41915 | @@ -1812,6 +1914,218 @@ out: |
41893 | return ispipe; | 41916 | return ispipe; |
41894 | } | 41917 | } |
41895 | 41918 | ||
@@ -42108,7 +42131,7 @@ index 3625464..7949233 100644 | |||
42108 | static int zap_process(struct task_struct *start, int exit_code) | 42131 | static int zap_process(struct task_struct *start, int exit_code) |
42109 | { | 42132 | { |
42110 | struct task_struct *t; | 42133 | struct task_struct *t; |
42111 | @@ -2023,17 +2326,17 @@ static void wait_for_dump_helpers(struct file *file) | 42134 | @@ -2023,17 +2337,17 @@ static void wait_for_dump_helpers(struct file *file) |
42112 | pipe = file->f_path.dentry->d_inode->i_pipe; | 42135 | pipe = file->f_path.dentry->d_inode->i_pipe; |
42113 | 42136 | ||
42114 | pipe_lock(pipe); | 42137 | pipe_lock(pipe); |
@@ -42131,7 +42154,7 @@ index 3625464..7949233 100644 | |||
42131 | pipe_unlock(pipe); | 42154 | pipe_unlock(pipe); |
42132 | 42155 | ||
42133 | } | 42156 | } |
42134 | @@ -2094,7 +2397,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | 42157 | @@ -2094,7 +2408,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
42135 | int retval = 0; | 42158 | int retval = 0; |
42136 | int flag = 0; | 42159 | int flag = 0; |
42137 | int ispipe; | 42160 | int ispipe; |
@@ -42140,7 +42163,7 @@ index 3625464..7949233 100644 | |||
42140 | struct coredump_params cprm = { | 42163 | struct coredump_params cprm = { |
42141 | .signr = signr, | 42164 | .signr = signr, |
42142 | .regs = regs, | 42165 | .regs = regs, |
42143 | @@ -2109,6 +2412,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | 42166 | @@ -2109,6 +2423,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
42144 | 42167 | ||
42145 | audit_core_dumps(signr); | 42168 | audit_core_dumps(signr); |
42146 | 42169 | ||
@@ -42150,7 +42173,7 @@ index 3625464..7949233 100644 | |||
42150 | binfmt = mm->binfmt; | 42173 | binfmt = mm->binfmt; |
42151 | if (!binfmt || !binfmt->core_dump) | 42174 | if (!binfmt || !binfmt->core_dump) |
42152 | goto fail; | 42175 | goto fail; |
42153 | @@ -2176,7 +2482,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | 42176 | @@ -2176,7 +2493,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
42154 | } | 42177 | } |
42155 | cprm.limit = RLIM_INFINITY; | 42178 | cprm.limit = RLIM_INFINITY; |
42156 | 42179 | ||
@@ -42159,7 +42182,7 @@ index 3625464..7949233 100644 | |||
42159 | if (core_pipe_limit && (core_pipe_limit < dump_count)) { | 42182 | if (core_pipe_limit && (core_pipe_limit < dump_count)) { |
42160 | printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", | 42183 | printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", |
42161 | task_tgid_vnr(current), current->comm); | 42184 | task_tgid_vnr(current), current->comm); |
42162 | @@ -2203,6 +2509,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | 42185 | @@ -2203,6 +2520,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) |
42163 | } else { | 42186 | } else { |
42164 | struct inode *inode; | 42187 | struct inode *inode; |
42165 | 42188 | ||
@@ -42168,7 +42191,7 @@ index 3625464..7949233 100644 | |||
42168 | if (cprm.limit < binfmt->min_coredump) | 42191 | if (cprm.limit < binfmt->min_coredump) |
42169 | goto fail_unlock; | 42192 | goto fail_unlock; |
42170 | 42193 | ||
42171 | @@ -2246,7 +2554,7 @@ close_fail: | 42194 | @@ -2246,7 +2565,7 @@ close_fail: |
42172 | filp_close(cprm.file, NULL); | 42195 | filp_close(cprm.file, NULL); |
42173 | fail_dropcount: | 42196 | fail_dropcount: |
42174 | if (ispipe) | 42197 | if (ispipe) |
@@ -42177,7 +42200,7 @@ index 3625464..7949233 100644 | |||
42177 | fail_unlock: | 42200 | fail_unlock: |
42178 | kfree(cn.corename); | 42201 | kfree(cn.corename); |
42179 | fail_corename: | 42202 | fail_corename: |
42180 | @@ -2265,7 +2573,7 @@ fail: | 42203 | @@ -2265,7 +2584,7 @@ fail: |
42181 | */ | 42204 | */ |
42182 | int dump_write(struct file *file, const void *addr, int nr) | 42205 | int dump_write(struct file *file, const void *addr, int nr) |
42183 | { | 42206 | { |
@@ -46563,10 +46586,18 @@ index d33418f..2a5345e 100644 | |||
46563 | return -EINVAL; | 46586 | return -EINVAL; |
46564 | 46587 | ||
46565 | diff --git a/fs/seq_file.c b/fs/seq_file.c | 46588 | diff --git a/fs/seq_file.c b/fs/seq_file.c |
46566 | index dba43c3..1dfaf14 100644 | 46589 | index dba43c3..9fb8511 100644 |
46567 | --- a/fs/seq_file.c | 46590 | --- a/fs/seq_file.c |
46568 | +++ b/fs/seq_file.c | 46591 | +++ b/fs/seq_file.c |
46569 | @@ -40,6 +40,9 @@ int seq_open(struct file *file, const struct seq_operations *op) | 46592 | @@ -9,6 +9,7 @@ |
46593 | #include <linux/module.h> | ||
46594 | #include <linux/seq_file.h> | ||
46595 | #include <linux/slab.h> | ||
46596 | +#include <linux/sched.h> | ||
46597 | |||
46598 | #include <asm/uaccess.h> | ||
46599 | #include <asm/page.h> | ||
46600 | @@ -40,6 +41,9 @@ int seq_open(struct file *file, const struct seq_operations *op) | ||
46570 | memset(p, 0, sizeof(*p)); | 46601 | memset(p, 0, sizeof(*p)); |
46571 | mutex_init(&p->lock); | 46602 | mutex_init(&p->lock); |
46572 | p->op = op; | 46603 | p->op = op; |
@@ -46576,7 +46607,7 @@ index dba43c3..1dfaf14 100644 | |||
46576 | 46607 | ||
46577 | /* | 46608 | /* |
46578 | * Wrappers around seq_open(e.g. swaps_open) need to be | 46609 | * Wrappers around seq_open(e.g. swaps_open) need to be |
46579 | @@ -76,7 +79,8 @@ static int traverse(struct seq_file *m, loff_t offset) | 46610 | @@ -76,7 +80,8 @@ static int traverse(struct seq_file *m, loff_t offset) |
46580 | return 0; | 46611 | return 0; |
46581 | } | 46612 | } |
46582 | if (!m->buf) { | 46613 | if (!m->buf) { |
@@ -46586,7 +46617,7 @@ index dba43c3..1dfaf14 100644 | |||
46586 | if (!m->buf) | 46617 | if (!m->buf) |
46587 | return -ENOMEM; | 46618 | return -ENOMEM; |
46588 | } | 46619 | } |
46589 | @@ -116,7 +120,8 @@ static int traverse(struct seq_file *m, loff_t offset) | 46620 | @@ -116,7 +121,8 @@ static int traverse(struct seq_file *m, loff_t offset) |
46590 | Eoverflow: | 46621 | Eoverflow: |
46591 | m->op->stop(m, p); | 46622 | m->op->stop(m, p); |
46592 | kfree(m->buf); | 46623 | kfree(m->buf); |
@@ -46596,7 +46627,7 @@ index dba43c3..1dfaf14 100644 | |||
46596 | return !m->buf ? -ENOMEM : -EAGAIN; | 46627 | return !m->buf ? -ENOMEM : -EAGAIN; |
46597 | } | 46628 | } |
46598 | 46629 | ||
46599 | @@ -169,7 +174,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) | 46630 | @@ -169,7 +175,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) |
46600 | m->version = file->f_version; | 46631 | m->version = file->f_version; |
46601 | /* grab buffer if we didn't have one */ | 46632 | /* grab buffer if we didn't have one */ |
46602 | if (!m->buf) { | 46633 | if (!m->buf) { |
@@ -46606,7 +46637,7 @@ index dba43c3..1dfaf14 100644 | |||
46606 | if (!m->buf) | 46637 | if (!m->buf) |
46607 | goto Enomem; | 46638 | goto Enomem; |
46608 | } | 46639 | } |
46609 | @@ -210,7 +216,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) | 46640 | @@ -210,7 +217,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) |
46610 | goto Fill; | 46641 | goto Fill; |
46611 | m->op->stop(m, p); | 46642 | m->op->stop(m, p); |
46612 | kfree(m->buf); | 46643 | kfree(m->buf); |
@@ -46616,7 +46647,7 @@ index dba43c3..1dfaf14 100644 | |||
46616 | if (!m->buf) | 46647 | if (!m->buf) |
46617 | goto Enomem; | 46648 | goto Enomem; |
46618 | m->count = 0; | 46649 | m->count = 0; |
46619 | @@ -549,7 +556,7 @@ static void single_stop(struct seq_file *p, void *v) | 46650 | @@ -549,7 +557,7 @@ static void single_stop(struct seq_file *p, void *v) |
46620 | int single_open(struct file *file, int (*show)(struct seq_file *, void *), | 46651 | int single_open(struct file *file, int (*show)(struct seq_file *, void *), |
46621 | void *data) | 46652 | void *data) |
46622 | { | 46653 | { |
@@ -47033,10 +47064,10 @@ index 23ce927..e274cc1 100644 | |||
47033 | kfree(s); | 47064 | kfree(s); |
47034 | diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig | 47065 | diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
47035 | new file mode 100644 | 47066 | new file mode 100644 |
47036 | index 0000000..8faa28b | 47067 | index 0000000..41df561 |
47037 | --- /dev/null | 47068 | --- /dev/null |
47038 | +++ b/grsecurity/Kconfig | 47069 | +++ b/grsecurity/Kconfig |
47039 | @@ -0,0 +1,1073 @@ | 47070 | @@ -0,0 +1,1075 @@ |
47040 | +# | 47071 | +# |
47041 | +# grecurity configuration | 47072 | +# grecurity configuration |
47042 | +# | 47073 | +# |
@@ -47243,7 +47274,7 @@ index 0000000..8faa28b | |||
47243 | + | 47274 | + |
47244 | +endchoice | 47275 | +endchoice |
47245 | + | 47276 | + |
47246 | +menu "Address Space Protection" | 47277 | +menu "Memory Protections" |
47247 | +depends on GRKERNSEC | 47278 | +depends on GRKERNSEC |
47248 | + | 47279 | + |
47249 | +config GRKERNSEC_KMEM | 47280 | +config GRKERNSEC_KMEM |
@@ -47300,7 +47331,7 @@ index 0000000..8faa28b | |||
47300 | + protect your kernel against modification, use the RBAC system. | 47331 | + protect your kernel against modification, use the RBAC system. |
47301 | + | 47332 | + |
47302 | +config GRKERNSEC_PROC_MEMMAP | 47333 | +config GRKERNSEC_PROC_MEMMAP |
47303 | + bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]" | 47334 | + bool "Harden ASLR against information leaks and entropy reduction" |
47304 | + default y if (PAX_NOEXEC || PAX_ASLR) | 47335 | + default y if (PAX_NOEXEC || PAX_ASLR) |
47305 | + depends on PAX_NOEXEC || PAX_ASLR | 47336 | + depends on PAX_NOEXEC || PAX_ASLR |
47306 | + help | 47337 | + help |
@@ -47311,9 +47342,11 @@ index 0000000..8faa28b | |||
47311 | + dangerous sources of information, this option causes reads of sensitive | 47342 | + dangerous sources of information, this option causes reads of sensitive |
47312 | + /proc/<pid> entries where the file descriptor was opened in a different | 47343 | + /proc/<pid> entries where the file descriptor was opened in a different |
47313 | + task than the one performing the read. Such attempts are logged. | 47344 | + task than the one performing the read. Such attempts are logged. |
47314 | + If you use PaX it is greatly recommended that you say Y here as it | 47345 | + Finally, this option limits argv/env strings for suid/sgid binaries |
47315 | + closes up a hole that makes the full ASLR useless for suid | 47346 | + to 1MB to prevent a complete exhaustion of the stack entropy provided |
47316 | + binaries. | 47347 | + by ASLR. |
47348 | + If you use PaX it is essential that you say Y here as it closes up | ||
47349 | + several holes that make full ASLR useless for suid/sgid binaries. | ||
47317 | + | 47350 | + |
47318 | +config GRKERNSEC_BRUTE | 47351 | +config GRKERNSEC_BRUTE |
47319 | + bool "Deter exploit bruteforcing" | 47352 | + bool "Deter exploit bruteforcing" |
@@ -48156,7 +48189,7 @@ index 0000000..1b9afa9 | |||
48156 | +endif | 48189 | +endif |
48157 | diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c | 48190 | diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c |
48158 | new file mode 100644 | 48191 | new file mode 100644 |
48159 | index 0000000..6e989da | 48192 | index 0000000..cf294ac |
48160 | --- /dev/null | 48193 | --- /dev/null |
48161 | +++ b/grsecurity/gracl.c | 48194 | +++ b/grsecurity/gracl.c |
48162 | @@ -0,0 +1,4163 @@ | 48195 | @@ -0,0 +1,4163 @@ |
@@ -50653,8 +50686,8 @@ index 0000000..6e989da | |||
50653 | + | 50686 | + |
50654 | + /* don't change the role if we're not a privileged process */ | 50687 | + /* don't change the role if we're not a privileged process */ |
50655 | + if (role && task->role != role && | 50688 | + if (role && task->role != role && |
50656 | + (((role->roletype & GR_ROLE_USER) && gr_acl_is_capable(CAP_SETUID)) || | 50689 | + (((role->roletype & GR_ROLE_USER) && !gr_acl_is_capable(CAP_SETUID)) || |
50657 | + ((role->roletype & GR_ROLE_GROUP) && gr_acl_is_capable(CAP_SETGID)))) | 50690 | + ((role->roletype & GR_ROLE_GROUP) && !gr_acl_is_capable(CAP_SETGID)))) |
50658 | + return; | 50691 | + return; |
50659 | + | 50692 | + |
50660 | + /* perform subject lookup in possibly new role | 50693 | + /* perform subject lookup in possibly new role |
@@ -60374,7 +60407,7 @@ index 2148b12..519b820 100644 | |||
60374 | 60407 | ||
60375 | static inline void anon_vma_merge(struct vm_area_struct *vma, | 60408 | static inline void anon_vma_merge(struct vm_area_struct *vma, |
60376 | diff --git a/include/linux/sched.h b/include/linux/sched.h | 60409 | diff --git a/include/linux/sched.h b/include/linux/sched.h |
60377 | index 1c4f3e9..dafcd27 100644 | 60410 | index 1c4f3e9..b4e4851 100644 |
60378 | --- a/include/linux/sched.h | 60411 | --- a/include/linux/sched.h |
60379 | +++ b/include/linux/sched.h | 60412 | +++ b/include/linux/sched.h |
60380 | @@ -101,6 +101,7 @@ struct bio_list; | 60413 | @@ -101,6 +101,7 @@ struct bio_list; |
@@ -60491,7 +60524,7 @@ index 1c4f3e9..dafcd27 100644 | |||
60491 | +#ifdef CONFIG_GRKERNSEC | 60524 | +#ifdef CONFIG_GRKERNSEC |
60492 | + /* grsecurity */ | 60525 | + /* grsecurity */ |
60493 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | 60526 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP |
60494 | + long long exec_id; | 60527 | + u64 exec_id; |
60495 | +#endif | 60528 | +#endif |
60496 | +#ifdef CONFIG_GRKERNSEC_SETXID | 60529 | +#ifdef CONFIG_GRKERNSEC_SETXID |
60497 | + const struct cred *delayed_cred; | 60530 | + const struct cred *delayed_cred; |
@@ -60650,7 +60683,7 @@ index e8c619d..e0cbd1c 100644 | |||
60650 | 60683 | ||
60651 | /* Maximum number of letters for an LSM name string */ | 60684 | /* Maximum number of letters for an LSM name string */ |
60652 | diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h | 60685 | diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h |
60653 | index 0b69a46..4796016 100644 | 60686 | index 0b69a46..b2ffa4c 100644 |
60654 | --- a/include/linux/seq_file.h | 60687 | --- a/include/linux/seq_file.h |
60655 | +++ b/include/linux/seq_file.h | 60688 | +++ b/include/linux/seq_file.h |
60656 | @@ -24,6 +24,9 @@ struct seq_file { | 60689 | @@ -24,6 +24,9 @@ struct seq_file { |
@@ -60658,7 +60691,7 @@ index 0b69a46..4796016 100644 | |||
60658 | const struct seq_operations *op; | 60691 | const struct seq_operations *op; |
60659 | int poll_event; | 60692 | int poll_event; |
60660 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | 60693 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP |
60661 | + long long exec_id; | 60694 | + u64 exec_id; |
60662 | +#endif | 60695 | +#endif |
60663 | void *private; | 60696 | void *private; |
60664 | }; | 60697 | }; |
@@ -65836,36 +65869,6 @@ index 9feffa4..54058df 100644 | |||
65836 | rdp->dynticks->dynticks_nesting, | 65869 | rdp->dynticks->dynticks_nesting, |
65837 | rdp->dynticks->dynticks_nmi_nesting, | 65870 | rdp->dynticks->dynticks_nmi_nesting, |
65838 | rdp->dynticks_fqs); | 65871 | rdp->dynticks_fqs); |
65839 | diff --git a/kernel/relay.c b/kernel/relay.c | ||
65840 | index 226fade..b6f803a 100644 | ||
65841 | --- a/kernel/relay.c | ||
65842 | +++ b/kernel/relay.c | ||
65843 | @@ -164,10 +164,14 @@ depopulate: | ||
65844 | */ | ||
65845 | static struct rchan_buf *relay_create_buf(struct rchan *chan) | ||
65846 | { | ||
65847 | - struct rchan_buf *buf = kzalloc(sizeof(struct rchan_buf), GFP_KERNEL); | ||
65848 | + struct rchan_buf *buf; | ||
65849 | + | ||
65850 | + if (chan->n_subbufs > UINT_MAX / sizeof(size_t *)) | ||
65851 | + return NULL; | ||
65852 | + | ||
65853 | + buf = kzalloc(sizeof(struct rchan_buf), GFP_KERNEL); | ||
65854 | if (!buf) | ||
65855 | return NULL; | ||
65856 | - | ||
65857 | buf->padding = kmalloc(chan->n_subbufs * sizeof(size_t *), GFP_KERNEL); | ||
65858 | if (!buf->padding) | ||
65859 | goto free_buf; | ||
65860 | @@ -574,6 +578,8 @@ struct rchan *relay_open(const char *base_filename, | ||
65861 | |||
65862 | if (!(subbuf_size && n_subbufs)) | ||
65863 | return NULL; | ||
65864 | + if (subbuf_size > UINT_MAX / n_subbufs) | ||
65865 | + return NULL; | ||
65866 | |||
65867 | chan = kzalloc(sizeof(struct rchan), GFP_KERNEL); | ||
65868 | if (!chan) | ||
65869 | diff --git a/kernel/resource.c b/kernel/resource.c | 65872 | diff --git a/kernel/resource.c b/kernel/resource.c |
65870 | index 7640b3a..5879283 100644 | 65873 | index 7640b3a..5879283 100644 |
65871 | --- a/kernel/resource.c | 65874 | --- a/kernel/resource.c |
@@ -68676,7 +68679,7 @@ index 4f4f53b..9511904 100644 | |||
68676 | capable(CAP_IPC_LOCK)) | 68679 | capable(CAP_IPC_LOCK)) |
68677 | ret = do_mlockall(flags); | 68680 | ret = do_mlockall(flags); |
68678 | diff --git a/mm/mmap.c b/mm/mmap.c | 68681 | diff --git a/mm/mmap.c b/mm/mmap.c |
68679 | index eae90af..51ca80b 100644 | 68682 | index eae90af..44552cf 100644 |
68680 | --- a/mm/mmap.c | 68683 | --- a/mm/mmap.c |
68681 | +++ b/mm/mmap.c | 68684 | +++ b/mm/mmap.c |
68682 | @@ -46,6 +46,16 @@ | 68685 | @@ -46,6 +46,16 @@ |
@@ -69301,20 +69304,60 @@ index eae90af..51ca80b 100644 | |||
69301 | } | 69304 | } |
69302 | 69305 | ||
69303 | unsigned long | 69306 | unsigned long |
69304 | @@ -1638,6 +1864,28 @@ out: | 69307 | @@ -1603,40 +1829,42 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) |
69305 | return prev ? prev->vm_next : vma; | 69308 | |
69306 | } | 69309 | EXPORT_SYMBOL(find_vma); |
69307 | 69310 | ||
69311 | -/* Same as find_vma, but also return a pointer to the previous VMA in *pprev. */ | ||
69312 | +/* | ||
69313 | + * Same as find_vma, but also return a pointer to the previous VMA in *pprev. | ||
69314 | + * Note: pprev is set to NULL when return value is NULL. | ||
69315 | + */ | ||
69316 | struct vm_area_struct * | ||
69317 | find_vma_prev(struct mm_struct *mm, unsigned long addr, | ||
69318 | struct vm_area_struct **pprev) | ||
69319 | { | ||
69320 | - struct vm_area_struct *vma = NULL, *prev = NULL; | ||
69321 | - struct rb_node *rb_node; | ||
69322 | - if (!mm) | ||
69323 | - goto out; | ||
69324 | + struct vm_area_struct *vma; | ||
69325 | |||
69326 | - /* Guard against addr being lower than the first VMA */ | ||
69327 | - vma = mm->mmap; | ||
69328 | + vma = find_vma(mm, addr); | ||
69329 | + *pprev = vma ? vma->vm_prev : NULL; | ||
69330 | + return vma; | ||
69331 | +} | ||
69332 | |||
69333 | - /* Go through the RB tree quickly. */ | ||
69334 | - rb_node = mm->mm_rb.rb_node; | ||
69308 | +#ifdef CONFIG_PAX_SEGMEXEC | 69335 | +#ifdef CONFIG_PAX_SEGMEXEC |
69309 | +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma) | 69336 | +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma) |
69310 | +{ | 69337 | +{ |
69311 | + struct vm_area_struct *vma_m; | 69338 | + struct vm_area_struct *vma_m; |
69312 | + | 69339 | |
69340 | - while (rb_node) { | ||
69341 | - struct vm_area_struct *vma_tmp; | ||
69342 | - vma_tmp = rb_entry(rb_node, struct vm_area_struct, vm_rb); | ||
69343 | - | ||
69344 | - if (addr < vma_tmp->vm_end) { | ||
69345 | - rb_node = rb_node->rb_left; | ||
69346 | - } else { | ||
69347 | - prev = vma_tmp; | ||
69348 | - if (!prev->vm_next || (addr < prev->vm_next->vm_end)) | ||
69349 | - break; | ||
69350 | - rb_node = rb_node->rb_right; | ||
69351 | - } | ||
69313 | + BUG_ON(!vma || vma->vm_start >= vma->vm_end); | 69352 | + BUG_ON(!vma || vma->vm_start >= vma->vm_end); |
69314 | + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) { | 69353 | + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) { |
69315 | + BUG_ON(vma->vm_mirror); | 69354 | + BUG_ON(vma->vm_mirror); |
69316 | + return NULL; | 69355 | + return NULL; |
69317 | + } | 69356 | } |
69357 | - | ||
69358 | -out: | ||
69359 | - *pprev = prev; | ||
69360 | - return prev ? prev->vm_next : vma; | ||
69318 | + BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end); | 69361 | + BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end); |
69319 | + vma_m = vma->vm_mirror; | 69362 | + vma_m = vma->vm_mirror; |
69320 | + BUG_ON(!vma_m || vma_m->vm_mirror != vma); | 69363 | + BUG_ON(!vma_m || vma_m->vm_mirror != vma); |
@@ -69324,13 +69367,12 @@ index eae90af..51ca80b 100644 | |||
69324 | + BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root); | 69367 | + BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root); |
69325 | + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED | VM_RESERVED)); | 69368 | + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED | VM_RESERVED)); |
69326 | + return vma_m; | 69369 | + return vma_m; |
69327 | +} | 69370 | } |
69328 | +#endif | 69371 | +#endif |
69329 | + | 69372 | |
69330 | /* | 69373 | /* |
69331 | * Verify that the stack growth is acceptable and | 69374 | * Verify that the stack growth is acceptable and |
69332 | * update accounting. This is shared with both the | 69375 | @@ -1654,6 +1882,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns |
69333 | @@ -1654,6 +1902,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns | ||
69334 | return -ENOMEM; | 69376 | return -ENOMEM; |
69335 | 69377 | ||
69336 | /* Stack limit test */ | 69378 | /* Stack limit test */ |
@@ -69338,7 +69380,7 @@ index eae90af..51ca80b 100644 | |||
69338 | if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) | 69380 | if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) |
69339 | return -ENOMEM; | 69381 | return -ENOMEM; |
69340 | 69382 | ||
69341 | @@ -1664,6 +1913,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns | 69383 | @@ -1664,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns |
69342 | locked = mm->locked_vm + grow; | 69384 | locked = mm->locked_vm + grow; |
69343 | limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); | 69385 | limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); |
69344 | limit >>= PAGE_SHIFT; | 69386 | limit >>= PAGE_SHIFT; |
@@ -69346,7 +69388,7 @@ index eae90af..51ca80b 100644 | |||
69346 | if (locked > limit && !capable(CAP_IPC_LOCK)) | 69388 | if (locked > limit && !capable(CAP_IPC_LOCK)) |
69347 | return -ENOMEM; | 69389 | return -ENOMEM; |
69348 | } | 69390 | } |
69349 | @@ -1694,37 +1944,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns | 69391 | @@ -1694,37 +1924,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns |
69350 | * PA-RISC uses this for its stack; IA64 for its Register Backing Store. | 69392 | * PA-RISC uses this for its stack; IA64 for its Register Backing Store. |
69351 | * vma is the last one with address > vma->vm_end. Have to extend vma. | 69393 | * vma is the last one with address > vma->vm_end. Have to extend vma. |
69352 | */ | 69394 | */ |
@@ -69404,7 +69446,7 @@ index eae90af..51ca80b 100644 | |||
69404 | unsigned long size, grow; | 69446 | unsigned long size, grow; |
69405 | 69447 | ||
69406 | size = address - vma->vm_start; | 69448 | size = address - vma->vm_start; |
69407 | @@ -1739,6 +2000,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) | 69449 | @@ -1739,6 +1980,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) |
69408 | } | 69450 | } |
69409 | } | 69451 | } |
69410 | } | 69452 | } |
@@ -69413,7 +69455,7 @@ index eae90af..51ca80b 100644 | |||
69413 | vma_unlock_anon_vma(vma); | 69455 | vma_unlock_anon_vma(vma); |
69414 | khugepaged_enter_vma_merge(vma); | 69456 | khugepaged_enter_vma_merge(vma); |
69415 | return error; | 69457 | return error; |
69416 | @@ -1752,6 +2015,8 @@ int expand_downwards(struct vm_area_struct *vma, | 69458 | @@ -1752,6 +1995,8 @@ int expand_downwards(struct vm_area_struct *vma, |
69417 | unsigned long address) | 69459 | unsigned long address) |
69418 | { | 69460 | { |
69419 | int error; | 69461 | int error; |
@@ -69422,7 +69464,7 @@ index eae90af..51ca80b 100644 | |||
69422 | 69464 | ||
69423 | /* | 69465 | /* |
69424 | * We must make sure the anon_vma is allocated | 69466 | * We must make sure the anon_vma is allocated |
69425 | @@ -1765,6 +2030,15 @@ int expand_downwards(struct vm_area_struct *vma, | 69467 | @@ -1765,6 +2010,15 @@ int expand_downwards(struct vm_area_struct *vma, |
69426 | if (error) | 69468 | if (error) |
69427 | return error; | 69469 | return error; |
69428 | 69470 | ||
@@ -69438,7 +69480,7 @@ index eae90af..51ca80b 100644 | |||
69438 | vma_lock_anon_vma(vma); | 69480 | vma_lock_anon_vma(vma); |
69439 | 69481 | ||
69440 | /* | 69482 | /* |
69441 | @@ -1774,9 +2048,17 @@ int expand_downwards(struct vm_area_struct *vma, | 69483 | @@ -1774,9 +2028,17 @@ int expand_downwards(struct vm_area_struct *vma, |
69442 | */ | 69484 | */ |
69443 | 69485 | ||
69444 | /* Somebody else might have raced and expanded it already */ | 69486 | /* Somebody else might have raced and expanded it already */ |
@@ -69457,7 +69499,7 @@ index eae90af..51ca80b 100644 | |||
69457 | size = vma->vm_end - address; | 69499 | size = vma->vm_end - address; |
69458 | grow = (vma->vm_start - address) >> PAGE_SHIFT; | 69500 | grow = (vma->vm_start - address) >> PAGE_SHIFT; |
69459 | 69501 | ||
69460 | @@ -1786,11 +2068,22 @@ int expand_downwards(struct vm_area_struct *vma, | 69502 | @@ -1786,11 +2048,22 @@ int expand_downwards(struct vm_area_struct *vma, |
69461 | if (!error) { | 69503 | if (!error) { |
69462 | vma->vm_start = address; | 69504 | vma->vm_start = address; |
69463 | vma->vm_pgoff -= grow; | 69505 | vma->vm_pgoff -= grow; |
@@ -69480,7 +69522,7 @@ index eae90af..51ca80b 100644 | |||
69480 | khugepaged_enter_vma_merge(vma); | 69522 | khugepaged_enter_vma_merge(vma); |
69481 | return error; | 69523 | return error; |
69482 | } | 69524 | } |
69483 | @@ -1860,6 +2153,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) | 69525 | @@ -1860,6 +2133,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) |
69484 | do { | 69526 | do { |
69485 | long nrpages = vma_pages(vma); | 69527 | long nrpages = vma_pages(vma); |
69486 | 69528 | ||
@@ -69494,7 +69536,7 @@ index eae90af..51ca80b 100644 | |||
69494 | mm->total_vm -= nrpages; | 69536 | mm->total_vm -= nrpages; |
69495 | vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); | 69537 | vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); |
69496 | vma = remove_vma(vma); | 69538 | vma = remove_vma(vma); |
69497 | @@ -1905,6 +2205,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, | 69539 | @@ -1905,6 +2185,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, |
69498 | insertion_point = (prev ? &prev->vm_next : &mm->mmap); | 69540 | insertion_point = (prev ? &prev->vm_next : &mm->mmap); |
69499 | vma->vm_prev = NULL; | 69541 | vma->vm_prev = NULL; |
69500 | do { | 69542 | do { |
@@ -69511,7 +69553,7 @@ index eae90af..51ca80b 100644 | |||
69511 | rb_erase(&vma->vm_rb, &mm->mm_rb); | 69553 | rb_erase(&vma->vm_rb, &mm->mm_rb); |
69512 | mm->map_count--; | 69554 | mm->map_count--; |
69513 | tail_vma = vma; | 69555 | tail_vma = vma; |
69514 | @@ -1933,14 +2243,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 69556 | @@ -1933,14 +2223,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
69515 | struct vm_area_struct *new; | 69557 | struct vm_area_struct *new; |
69516 | int err = -ENOMEM; | 69558 | int err = -ENOMEM; |
69517 | 69559 | ||
@@ -69545,7 +69587,7 @@ index eae90af..51ca80b 100644 | |||
69545 | /* most fields are the same, copy all, and then fixup */ | 69587 | /* most fields are the same, copy all, and then fixup */ |
69546 | *new = *vma; | 69588 | *new = *vma; |
69547 | 69589 | ||
69548 | @@ -1953,6 +2282,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 69590 | @@ -1953,6 +2262,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
69549 | new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); | 69591 | new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); |
69550 | } | 69592 | } |
69551 | 69593 | ||
@@ -69568,7 +69610,7 @@ index eae90af..51ca80b 100644 | |||
69568 | pol = mpol_dup(vma_policy(vma)); | 69610 | pol = mpol_dup(vma_policy(vma)); |
69569 | if (IS_ERR(pol)) { | 69611 | if (IS_ERR(pol)) { |
69570 | err = PTR_ERR(pol); | 69612 | err = PTR_ERR(pol); |
69571 | @@ -1978,6 +2323,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 69613 | @@ -1978,6 +2303,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
69572 | else | 69614 | else |
69573 | err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); | 69615 | err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); |
69574 | 69616 | ||
@@ -69611,7 +69653,7 @@ index eae90af..51ca80b 100644 | |||
69611 | /* Success. */ | 69653 | /* Success. */ |
69612 | if (!err) | 69654 | if (!err) |
69613 | return 0; | 69655 | return 0; |
69614 | @@ -1990,10 +2371,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 69656 | @@ -1990,10 +2351,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
69615 | removed_exe_file_vma(mm); | 69657 | removed_exe_file_vma(mm); |
69616 | fput(new->vm_file); | 69658 | fput(new->vm_file); |
69617 | } | 69659 | } |
@@ -69631,7 +69673,7 @@ index eae90af..51ca80b 100644 | |||
69631 | kmem_cache_free(vm_area_cachep, new); | 69673 | kmem_cache_free(vm_area_cachep, new); |
69632 | out_err: | 69674 | out_err: |
69633 | return err; | 69675 | return err; |
69634 | @@ -2006,6 +2395,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 69676 | @@ -2006,6 +2375,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
69635 | int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, | 69677 | int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, |
69636 | unsigned long addr, int new_below) | 69678 | unsigned long addr, int new_below) |
69637 | { | 69679 | { |
@@ -69647,7 +69689,7 @@ index eae90af..51ca80b 100644 | |||
69647 | if (mm->map_count >= sysctl_max_map_count) | 69689 | if (mm->map_count >= sysctl_max_map_count) |
69648 | return -ENOMEM; | 69690 | return -ENOMEM; |
69649 | 69691 | ||
69650 | @@ -2017,11 +2415,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, | 69692 | @@ -2017,11 +2395,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, |
69651 | * work. This now handles partial unmappings. | 69693 | * work. This now handles partial unmappings. |
69652 | * Jeremy Fitzhardinge <jeremy@goop.org> | 69694 | * Jeremy Fitzhardinge <jeremy@goop.org> |
69653 | */ | 69695 | */ |
@@ -69678,7 +69720,7 @@ index eae90af..51ca80b 100644 | |||
69678 | if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) | 69720 | if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) |
69679 | return -EINVAL; | 69721 | return -EINVAL; |
69680 | 69722 | ||
69681 | @@ -2096,6 +2513,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | 69723 | @@ -2096,6 +2493,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) |
69682 | /* Fix up all other VM information */ | 69724 | /* Fix up all other VM information */ |
69683 | remove_vma_list(mm, vma); | 69725 | remove_vma_list(mm, vma); |
69684 | 69726 | ||
@@ -69687,7 +69729,7 @@ index eae90af..51ca80b 100644 | |||
69687 | return 0; | 69729 | return 0; |
69688 | } | 69730 | } |
69689 | 69731 | ||
69690 | @@ -2108,22 +2527,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) | 69732 | @@ -2108,22 +2507,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) |
69691 | 69733 | ||
69692 | profile_munmap(addr); | 69734 | profile_munmap(addr); |
69693 | 69735 | ||
@@ -69716,7 +69758,7 @@ index eae90af..51ca80b 100644 | |||
69716 | /* | 69758 | /* |
69717 | * this is really a simplified "do_mmap". it only handles | 69759 | * this is really a simplified "do_mmap". it only handles |
69718 | * anonymous maps. eventually we may be able to do some | 69760 | * anonymous maps. eventually we may be able to do some |
69719 | @@ -2137,6 +2552,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) | 69761 | @@ -2137,6 +2532,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) |
69720 | struct rb_node ** rb_link, * rb_parent; | 69762 | struct rb_node ** rb_link, * rb_parent; |
69721 | pgoff_t pgoff = addr >> PAGE_SHIFT; | 69763 | pgoff_t pgoff = addr >> PAGE_SHIFT; |
69722 | int error; | 69764 | int error; |
@@ -69724,7 +69766,7 @@ index eae90af..51ca80b 100644 | |||
69724 | 69766 | ||
69725 | len = PAGE_ALIGN(len); | 69767 | len = PAGE_ALIGN(len); |
69726 | if (!len) | 69768 | if (!len) |
69727 | @@ -2148,16 +2564,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) | 69769 | @@ -2148,16 +2544,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) |
69728 | 69770 | ||
69729 | flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; | 69771 | flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; |
69730 | 69772 | ||
@@ -69756,7 +69798,7 @@ index eae90af..51ca80b 100644 | |||
69756 | locked += mm->locked_vm; | 69798 | locked += mm->locked_vm; |
69757 | lock_limit = rlimit(RLIMIT_MEMLOCK); | 69799 | lock_limit = rlimit(RLIMIT_MEMLOCK); |
69758 | lock_limit >>= PAGE_SHIFT; | 69800 | lock_limit >>= PAGE_SHIFT; |
69759 | @@ -2174,22 +2604,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) | 69801 | @@ -2174,22 +2584,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) |
69760 | /* | 69802 | /* |
69761 | * Clear old maps. this also does some error checking for us | 69803 | * Clear old maps. this also does some error checking for us |
69762 | */ | 69804 | */ |
@@ -69783,7 +69825,7 @@ index eae90af..51ca80b 100644 | |||
69783 | return -ENOMEM; | 69825 | return -ENOMEM; |
69784 | 69826 | ||
69785 | /* Can we just expand an old private anonymous mapping? */ | 69827 | /* Can we just expand an old private anonymous mapping? */ |
69786 | @@ -2203,7 +2633,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) | 69828 | @@ -2203,7 +2613,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) |
69787 | */ | 69829 | */ |
69788 | vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | 69830 | vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); |
69789 | if (!vma) { | 69831 | if (!vma) { |
@@ -69792,7 +69834,7 @@ index eae90af..51ca80b 100644 | |||
69792 | return -ENOMEM; | 69834 | return -ENOMEM; |
69793 | } | 69835 | } |
69794 | 69836 | ||
69795 | @@ -2217,11 +2647,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) | 69837 | @@ -2217,11 +2627,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) |
69796 | vma_link(mm, vma, prev, rb_link, rb_parent); | 69838 | vma_link(mm, vma, prev, rb_link, rb_parent); |
69797 | out: | 69839 | out: |
69798 | perf_event_mmap(vma); | 69840 | perf_event_mmap(vma); |
@@ -69807,7 +69849,7 @@ index eae90af..51ca80b 100644 | |||
69807 | return addr; | 69849 | return addr; |
69808 | } | 69850 | } |
69809 | 69851 | ||
69810 | @@ -2268,8 +2699,10 @@ void exit_mmap(struct mm_struct *mm) | 69852 | @@ -2268,8 +2679,10 @@ void exit_mmap(struct mm_struct *mm) |
69811 | * Walk the list again, actually closing and freeing it, | 69853 | * Walk the list again, actually closing and freeing it, |
69812 | * with preemption enabled, without holding any MM locks. | 69854 | * with preemption enabled, without holding any MM locks. |
69813 | */ | 69855 | */ |
@@ -69819,7 +69861,7 @@ index eae90af..51ca80b 100644 | |||
69819 | 69861 | ||
69820 | BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); | 69862 | BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); |
69821 | } | 69863 | } |
69822 | @@ -2283,6 +2716,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) | 69864 | @@ -2283,6 +2696,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) |
69823 | struct vm_area_struct * __vma, * prev; | 69865 | struct vm_area_struct * __vma, * prev; |
69824 | struct rb_node ** rb_link, * rb_parent; | 69866 | struct rb_node ** rb_link, * rb_parent; |
69825 | 69867 | ||
@@ -69833,7 +69875,7 @@ index eae90af..51ca80b 100644 | |||
69833 | /* | 69875 | /* |
69834 | * The vm_pgoff of a purely anonymous vma should be irrelevant | 69876 | * The vm_pgoff of a purely anonymous vma should be irrelevant |
69835 | * until its first write fault, when page's anon_vma and index | 69877 | * until its first write fault, when page's anon_vma and index |
69836 | @@ -2305,7 +2745,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) | 69878 | @@ -2305,7 +2725,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) |
69837 | if ((vma->vm_flags & VM_ACCOUNT) && | 69879 | if ((vma->vm_flags & VM_ACCOUNT) && |
69838 | security_vm_enough_memory_mm(mm, vma_pages(vma))) | 69880 | security_vm_enough_memory_mm(mm, vma_pages(vma))) |
69839 | return -ENOMEM; | 69881 | return -ENOMEM; |
@@ -69856,7 +69898,7 @@ index eae90af..51ca80b 100644 | |||
69856 | return 0; | 69898 | return 0; |
69857 | } | 69899 | } |
69858 | 69900 | ||
69859 | @@ -2323,6 +2778,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, | 69901 | @@ -2323,6 +2758,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
69860 | struct rb_node **rb_link, *rb_parent; | 69902 | struct rb_node **rb_link, *rb_parent; |
69861 | struct mempolicy *pol; | 69903 | struct mempolicy *pol; |
69862 | 69904 | ||
@@ -69865,7 +69907,7 @@ index eae90af..51ca80b 100644 | |||
69865 | /* | 69907 | /* |
69866 | * If anonymous vma has not yet been faulted, update new pgoff | 69908 | * If anonymous vma has not yet been faulted, update new pgoff |
69867 | * to match new location, to increase its chance of merging. | 69909 | * to match new location, to increase its chance of merging. |
69868 | @@ -2373,6 +2830,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, | 69910 | @@ -2373,6 +2810,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
69869 | return NULL; | 69911 | return NULL; |
69870 | } | 69912 | } |
69871 | 69913 | ||
@@ -69905,7 +69947,7 @@ index eae90af..51ca80b 100644 | |||
69905 | /* | 69947 | /* |
69906 | * Return true if the calling process may expand its vm space by the passed | 69948 | * Return true if the calling process may expand its vm space by the passed |
69907 | * number of pages | 69949 | * number of pages |
69908 | @@ -2383,7 +2873,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) | 69950 | @@ -2383,7 +2853,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
69909 | unsigned long lim; | 69951 | unsigned long lim; |
69910 | 69952 | ||
69911 | lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; | 69953 | lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; |
@@ -69914,7 +69956,7 @@ index eae90af..51ca80b 100644 | |||
69914 | if (cur + npages > lim) | 69956 | if (cur + npages > lim) |
69915 | return 0; | 69957 | return 0; |
69916 | return 1; | 69958 | return 1; |
69917 | @@ -2454,6 +2944,22 @@ int install_special_mapping(struct mm_struct *mm, | 69959 | @@ -2454,6 +2924,22 @@ int install_special_mapping(struct mm_struct *mm, |
69918 | vma->vm_start = addr; | 69960 | vma->vm_start = addr; |
69919 | vma->vm_end = addr + len; | 69961 | vma->vm_end = addr + len; |
69920 | 69962 | ||
@@ -78181,10 +78223,10 @@ index 0000000..a5eabce | |||
78181 | +} | 78223 | +} |
78182 | diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c | 78224 | diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c |
78183 | new file mode 100644 | 78225 | new file mode 100644 |
78184 | index 0000000..51f747e | 78226 | index 0000000..008f159 |
78185 | --- /dev/null | 78227 | --- /dev/null |
78186 | +++ b/tools/gcc/kernexec_plugin.c | 78228 | +++ b/tools/gcc/kernexec_plugin.c |
78187 | @@ -0,0 +1,348 @@ | 78229 | @@ -0,0 +1,427 @@ |
78188 | +/* | 78230 | +/* |
78189 | + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> | 78231 | + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> |
78190 | + * Licensed under the GPL v2 | 78232 | + * Licensed under the GPL v2 |
@@ -78232,13 +78274,32 @@ index 0000000..51f747e | |||
78232 | + .help = "method=[bts|or]\tinstrumentation method\n" | 78274 | + .help = "method=[bts|or]\tinstrumentation method\n" |
78233 | +}; | 78275 | +}; |
78234 | + | 78276 | + |
78277 | +static unsigned int execute_kernexec_reload(void); | ||
78235 | +static unsigned int execute_kernexec_fptr(void); | 78278 | +static unsigned int execute_kernexec_fptr(void); |
78236 | +static unsigned int execute_kernexec_retaddr(void); | 78279 | +static unsigned int execute_kernexec_retaddr(void); |
78237 | +static bool kernexec_cmodel_check(void); | 78280 | +static bool kernexec_cmodel_check(void); |
78238 | + | 78281 | + |
78239 | +static void (*kernexec_instrument_fptr)(gimple_stmt_iterator); | 78282 | +static void (*kernexec_instrument_fptr)(gimple_stmt_iterator *); |
78240 | +static void (*kernexec_instrument_retaddr)(rtx); | 78283 | +static void (*kernexec_instrument_retaddr)(rtx); |
78241 | + | 78284 | + |
78285 | +static struct gimple_opt_pass kernexec_reload_pass = { | ||
78286 | + .pass = { | ||
78287 | + .type = GIMPLE_PASS, | ||
78288 | + .name = "kernexec_reload", | ||
78289 | + .gate = kernexec_cmodel_check, | ||
78290 | + .execute = execute_kernexec_reload, | ||
78291 | + .sub = NULL, | ||
78292 | + .next = NULL, | ||
78293 | + .static_pass_number = 0, | ||
78294 | + .tv_id = TV_NONE, | ||
78295 | + .properties_required = 0, | ||
78296 | + .properties_provided = 0, | ||
78297 | + .properties_destroyed = 0, | ||
78298 | + .todo_flags_start = 0, | ||
78299 | + .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi | ||
78300 | + } | ||
78301 | +}; | ||
78302 | + | ||
78242 | +static struct gimple_opt_pass kernexec_fptr_pass = { | 78303 | +static struct gimple_opt_pass kernexec_fptr_pass = { |
78243 | + .pass = { | 78304 | + .pass = { |
78244 | + .type = GIMPLE_PASS, | 78305 | + .type = GIMPLE_PASS, |
@@ -78294,15 +78355,66 @@ index 0000000..51f747e | |||
78294 | +} | 78355 | +} |
78295 | + | 78356 | + |
78296 | +/* | 78357 | +/* |
78358 | + * add special KERNEXEC instrumentation: reload %r10 after it has been clobbered | ||
78359 | + */ | ||
78360 | +static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi) | ||
78361 | +{ | ||
78362 | + gimple asm_movabs_stmt; | ||
78363 | + | ||
78364 | + // build asm volatile("movabs $0x8000000000000000, %%r10\n\t" : : : ); | ||
78365 | + asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r10\n\t", NULL, NULL, NULL, NULL); | ||
78366 | + gimple_asm_set_volatile(asm_movabs_stmt, true); | ||
78367 | + gsi_insert_after(gsi, asm_movabs_stmt, GSI_CONTINUE_LINKING); | ||
78368 | + update_stmt(asm_movabs_stmt); | ||
78369 | +} | ||
78370 | + | ||
78371 | +/* | ||
78372 | + * find all asm() stmts that clobber r10 and add a reload of r10 | ||
78373 | + */ | ||
78374 | +static unsigned int execute_kernexec_reload(void) | ||
78375 | +{ | ||
78376 | + basic_block bb; | ||
78377 | + | ||
78378 | + // 1. loop through BBs and GIMPLE statements | ||
78379 | + FOR_EACH_BB(bb) { | ||
78380 | + gimple_stmt_iterator gsi; | ||
78381 | + | ||
78382 | + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { | ||
78383 | + // gimple match: __asm__ ("" : : : "r10"); | ||
78384 | + gimple asm_stmt; | ||
78385 | + size_t nclobbers; | ||
78386 | + | ||
78387 | + // is it an asm ... | ||
78388 | + asm_stmt = gsi_stmt(gsi); | ||
78389 | + if (gimple_code(asm_stmt) != GIMPLE_ASM) | ||
78390 | + continue; | ||
78391 | + | ||
78392 | + // ... clobbering r10 | ||
78393 | + nclobbers = gimple_asm_nclobbers(asm_stmt); | ||
78394 | + while (nclobbers--) { | ||
78395 | + tree op = gimple_asm_clobber_op(asm_stmt, nclobbers); | ||
78396 | + if (strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "r10")) | ||
78397 | + continue; | ||
78398 | + kernexec_reload_fptr_mask(&gsi); | ||
78399 | +//print_gimple_stmt(stderr, asm_stmt, 0, TDF_LINENO); | ||
78400 | + break; | ||
78401 | + } | ||
78402 | + } | ||
78403 | + } | ||
78404 | + | ||
78405 | + return 0; | ||
78406 | +} | ||
78407 | + | ||
78408 | +/* | ||
78297 | + * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce | 78409 | + * add special KERNEXEC instrumentation: force MSB of fptr to 1, which will produce |
78298 | + * a non-canonical address from a userland ptr and will just trigger a GPF on dereference | 78410 | + * a non-canonical address from a userland ptr and will just trigger a GPF on dereference |
78299 | + */ | 78411 | + */ |
78300 | +static void kernexec_instrument_fptr_bts(gimple_stmt_iterator gsi) | 78412 | +static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi) |
78301 | +{ | 78413 | +{ |
78302 | + gimple assign_intptr, assign_new_fptr, call_stmt; | 78414 | + gimple assign_intptr, assign_new_fptr, call_stmt; |
78303 | + tree intptr, old_fptr, new_fptr, kernexec_mask; | 78415 | + tree intptr, old_fptr, new_fptr, kernexec_mask; |
78304 | + | 78416 | + |
78305 | + call_stmt = gsi_stmt(gsi); | 78417 | + call_stmt = gsi_stmt(*gsi); |
78306 | + old_fptr = gimple_call_fn(call_stmt); | 78418 | + old_fptr = gimple_call_fn(call_stmt); |
78307 | + | 78419 | + |
78308 | + // create temporary unsigned long variable used for bitops and cast fptr to it | 78420 | + // create temporary unsigned long variable used for bitops and cast fptr to it |
@@ -78310,14 +78422,14 @@ index 0000000..51f747e | |||
78310 | + add_referenced_var(intptr); | 78422 | + add_referenced_var(intptr); |
78311 | + mark_sym_for_renaming(intptr); | 78423 | + mark_sym_for_renaming(intptr); |
78312 | + assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); | 78424 | + assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); |
78313 | + gsi_insert_before(&gsi, assign_intptr, GSI_SAME_STMT); | 78425 | + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); |
78314 | + update_stmt(assign_intptr); | 78426 | + update_stmt(assign_intptr); |
78315 | + | 78427 | + |
78316 | + // apply logical or to temporary unsigned long and bitmask | 78428 | + // apply logical or to temporary unsigned long and bitmask |
78317 | + kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL); | 78429 | + kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL); |
78318 | +// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL); | 78430 | +// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL); |
78319 | + assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask)); | 78431 | + assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask)); |
78320 | + gsi_insert_before(&gsi, assign_intptr, GSI_SAME_STMT); | 78432 | + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); |
78321 | + update_stmt(assign_intptr); | 78433 | + update_stmt(assign_intptr); |
78322 | + | 78434 | + |
78323 | + // cast temporary unsigned long back to a temporary fptr variable | 78435 | + // cast temporary unsigned long back to a temporary fptr variable |
@@ -78325,7 +78437,7 @@ index 0000000..51f747e | |||
78325 | + add_referenced_var(new_fptr); | 78437 | + add_referenced_var(new_fptr); |
78326 | + mark_sym_for_renaming(new_fptr); | 78438 | + mark_sym_for_renaming(new_fptr); |
78327 | + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); | 78439 | + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); |
78328 | + gsi_insert_before(&gsi, assign_new_fptr, GSI_SAME_STMT); | 78440 | + gsi_insert_before(gsi, assign_new_fptr, GSI_SAME_STMT); |
78329 | + update_stmt(assign_new_fptr); | 78441 | + update_stmt(assign_new_fptr); |
78330 | + | 78442 | + |
78331 | + // replace call stmt fn with the new fptr | 78443 | + // replace call stmt fn with the new fptr |
@@ -78333,14 +78445,14 @@ index 0000000..51f747e | |||
78333 | + update_stmt(call_stmt); | 78445 | + update_stmt(call_stmt); |
78334 | +} | 78446 | +} |
78335 | + | 78447 | + |
78336 | +static void kernexec_instrument_fptr_or(gimple_stmt_iterator gsi) | 78448 | +static void kernexec_instrument_fptr_or(gimple_stmt_iterator *gsi) |
78337 | +{ | 78449 | +{ |
78338 | + gimple asm_or_stmt, call_stmt; | 78450 | + gimple asm_or_stmt, call_stmt; |
78339 | + tree old_fptr, new_fptr, input, output; | 78451 | + tree old_fptr, new_fptr, input, output; |
78340 | + VEC(tree, gc) *inputs = NULL; | 78452 | + VEC(tree, gc) *inputs = NULL; |
78341 | + VEC(tree, gc) *outputs = NULL; | 78453 | + VEC(tree, gc) *outputs = NULL; |
78342 | + | 78454 | + |
78343 | + call_stmt = gsi_stmt(gsi); | 78455 | + call_stmt = gsi_stmt(*gsi); |
78344 | + old_fptr = gimple_call_fn(call_stmt); | 78456 | + old_fptr = gimple_call_fn(call_stmt); |
78345 | + | 78457 | + |
78346 | + // create temporary fptr variable | 78458 | + // create temporary fptr variable |
@@ -78357,7 +78469,7 @@ index 0000000..51f747e | |||
78357 | + VEC_safe_push(tree, gc, outputs, output); | 78469 | + VEC_safe_push(tree, gc, outputs, output); |
78358 | + asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL); | 78470 | + asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL); |
78359 | + gimple_asm_set_volatile(asm_or_stmt, true); | 78471 | + gimple_asm_set_volatile(asm_or_stmt, true); |
78360 | + gsi_insert_before(&gsi, asm_or_stmt, GSI_SAME_STMT); | 78472 | + gsi_insert_before(gsi, asm_or_stmt, GSI_SAME_STMT); |
78361 | + update_stmt(asm_or_stmt); | 78473 | + update_stmt(asm_or_stmt); |
78362 | + | 78474 | + |
78363 | + // replace call stmt fn with the new fptr | 78475 | + // replace call stmt fn with the new fptr |
@@ -78371,10 +78483,11 @@ index 0000000..51f747e | |||
78371 | +static unsigned int execute_kernexec_fptr(void) | 78483 | +static unsigned int execute_kernexec_fptr(void) |
78372 | +{ | 78484 | +{ |
78373 | + basic_block bb; | 78485 | + basic_block bb; |
78374 | + gimple_stmt_iterator gsi; | ||
78375 | + | 78486 | + |
78376 | + // 1. loop through BBs and GIMPLE statements | 78487 | + // 1. loop through BBs and GIMPLE statements |
78377 | + FOR_EACH_BB(bb) { | 78488 | + FOR_EACH_BB(bb) { |
78489 | + gimple_stmt_iterator gsi; | ||
78490 | + | ||
78378 | + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { | 78491 | + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
78379 | + // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D)); | 78492 | + // gimple match: h_1 = get_fptr (); D.2709_3 = h_1 (x_2(D)); |
78380 | + tree fn; | 78493 | + tree fn; |
@@ -78401,7 +78514,7 @@ index 0000000..51f747e | |||
78401 | + if (TREE_CODE(fn) != FUNCTION_TYPE) | 78514 | + if (TREE_CODE(fn) != FUNCTION_TYPE) |
78402 | + continue; | 78515 | + continue; |
78403 | + | 78516 | + |
78404 | + kernexec_instrument_fptr(gsi); | 78517 | + kernexec_instrument_fptr(&gsi); |
78405 | + | 78518 | + |
78406 | +//debug_tree(gimple_call_fn(call_stmt)); | 78519 | +//debug_tree(gimple_call_fn(call_stmt)); |
78407 | +//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO); | 78520 | +//print_gimple_stmt(stderr, call_stmt, 0, TDF_LINENO); |
@@ -78483,6 +78596,12 @@ index 0000000..51f747e | |||
78483 | + const int argc = plugin_info->argc; | 78596 | + const int argc = plugin_info->argc; |
78484 | + const struct plugin_argument * const argv = plugin_info->argv; | 78597 | + const struct plugin_argument * const argv = plugin_info->argv; |
78485 | + int i; | 78598 | + int i; |
78599 | + struct register_pass_info kernexec_reload_pass_info = { | ||
78600 | + .pass = &kernexec_reload_pass.pass, | ||
78601 | + .reference_pass_name = "ssa", | ||
78602 | + .ref_pass_instance_number = 0, | ||
78603 | + .pos_op = PASS_POS_INSERT_AFTER | ||
78604 | + }; | ||
78486 | + struct register_pass_info kernexec_fptr_pass_info = { | 78605 | + struct register_pass_info kernexec_fptr_pass_info = { |
78487 | + .pass = &kernexec_fptr_pass.pass, | 78606 | + .pass = &kernexec_fptr_pass.pass, |
78488 | + .reference_pass_name = "ssa", | 78607 | + .reference_pass_name = "ssa", |
@@ -78528,6 +78647,8 @@ index 0000000..51f747e | |||
78528 | + if (!kernexec_instrument_fptr || !kernexec_instrument_retaddr) | 78647 | + if (!kernexec_instrument_fptr || !kernexec_instrument_retaddr) |
78529 | + error(G_("no instrumentation method was selected via '-fplugin-arg-%s-method'"), plugin_name); | 78648 | + error(G_("no instrumentation method was selected via '-fplugin-arg-%s-method'"), plugin_name); |
78530 | + | 78649 | + |
78650 | + if (kernexec_instrument_fptr == kernexec_instrument_fptr_or) | ||
78651 | + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_reload_pass_info); | ||
78531 | + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info); | 78652 | + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_fptr_pass_info); |
78532 | + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info); | 78653 | + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &kernexec_retaddr_pass_info); |
78533 | + | 78654 | + |
@@ -78535,10 +78656,10 @@ index 0000000..51f747e | |||
78535 | +} | 78656 | +} |
78536 | diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c | 78657 | diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c |
78537 | new file mode 100644 | 78658 | new file mode 100644 |
78538 | index 0000000..d44f37c | 78659 | index 0000000..8b61031 |
78539 | --- /dev/null | 78660 | --- /dev/null |
78540 | +++ b/tools/gcc/stackleak_plugin.c | 78661 | +++ b/tools/gcc/stackleak_plugin.c |
78541 | @@ -0,0 +1,291 @@ | 78662 | @@ -0,0 +1,295 @@ |
78542 | +/* | 78663 | +/* |
78543 | + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> | 78664 | + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> |
78544 | + * Licensed under the GPL v2 | 78665 | + * Licensed under the GPL v2 |
@@ -78638,7 +78759,7 @@ index 0000000..d44f37c | |||
78638 | + return track_frame_size >= 0; | 78759 | + return track_frame_size >= 0; |
78639 | +} | 78760 | +} |
78640 | + | 78761 | + |
78641 | +static void stackleak_check_alloca(gimple_stmt_iterator gsi) | 78762 | +static void stackleak_check_alloca(gimple_stmt_iterator *gsi) |
78642 | +{ | 78763 | +{ |
78643 | + gimple check_alloca; | 78764 | + gimple check_alloca; |
78644 | + tree fndecl, fntype, alloca_size; | 78765 | + tree fndecl, fntype, alloca_size; |
@@ -78647,12 +78768,12 @@ index 0000000..d44f37c | |||
78647 | + fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); | 78768 | + fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); |
78648 | + fndecl = build_fn_decl(check_function, fntype); | 78769 | + fndecl = build_fn_decl(check_function, fntype); |
78649 | + DECL_ASSEMBLER_NAME(fndecl); // for LTO | 78770 | + DECL_ASSEMBLER_NAME(fndecl); // for LTO |
78650 | + alloca_size = gimple_call_arg(gsi_stmt(gsi), 0); | 78771 | + alloca_size = gimple_call_arg(gsi_stmt(*gsi), 0); |
78651 | + check_alloca = gimple_build_call(fndecl, 1, alloca_size); | 78772 | + check_alloca = gimple_build_call(fndecl, 1, alloca_size); |
78652 | + gsi_insert_before(&gsi, check_alloca, GSI_CONTINUE_LINKING); | 78773 | + gsi_insert_before(gsi, check_alloca, GSI_SAME_STMT); |
78653 | +} | 78774 | +} |
78654 | + | 78775 | + |
78655 | +static void stackleak_add_instrumentation(gimple_stmt_iterator gsi) | 78776 | +static void stackleak_add_instrumentation(gimple_stmt_iterator *gsi) |
78656 | +{ | 78777 | +{ |
78657 | + gimple track_stack; | 78778 | + gimple track_stack; |
78658 | + tree fndecl, fntype; | 78779 | + tree fndecl, fntype; |
@@ -78662,7 +78783,7 @@ index 0000000..d44f37c | |||
78662 | + fndecl = build_fn_decl(track_function, fntype); | 78783 | + fndecl = build_fn_decl(track_function, fntype); |
78663 | + DECL_ASSEMBLER_NAME(fndecl); // for LTO | 78784 | + DECL_ASSEMBLER_NAME(fndecl); // for LTO |
78664 | + track_stack = gimple_build_call(fndecl, 0); | 78785 | + track_stack = gimple_build_call(fndecl, 0); |
78665 | + gsi_insert_after(&gsi, track_stack, GSI_CONTINUE_LINKING); | 78786 | + gsi_insert_after(gsi, track_stack, GSI_CONTINUE_LINKING); |
78666 | +} | 78787 | +} |
78667 | + | 78788 | + |
78668 | +#if BUILDING_GCC_VERSION == 4005 | 78789 | +#if BUILDING_GCC_VERSION == 4005 |
@@ -78705,16 +78826,17 @@ index 0000000..d44f37c | |||
78705 | + // 1. loop through BBs and GIMPLE statements | 78826 | + // 1. loop through BBs and GIMPLE statements |
78706 | + FOR_EACH_BB(bb) { | 78827 | + FOR_EACH_BB(bb) { |
78707 | + gimple_stmt_iterator gsi; | 78828 | + gimple_stmt_iterator gsi; |
78829 | + | ||
78708 | + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { | 78830 | + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
78709 | + // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450> | 78831 | + // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450> |
78710 | + if (!is_alloca(gsi_stmt(gsi))) | 78832 | + if (!is_alloca(gsi_stmt(gsi))) |
78711 | + continue; | 78833 | + continue; |
78712 | + | 78834 | + |
78713 | + // 2. insert stack overflow check before each __builtin_alloca call | 78835 | + // 2. insert stack overflow check before each __builtin_alloca call |
78714 | + stackleak_check_alloca(gsi); | 78836 | + stackleak_check_alloca(&gsi); |
78715 | + | 78837 | + |
78716 | + // 3. insert track call after each __builtin_alloca call | 78838 | + // 3. insert track call after each __builtin_alloca call |
78717 | + stackleak_add_instrumentation(gsi); | 78839 | + stackleak_add_instrumentation(&gsi); |
78718 | + if (bb == entry_bb) | 78840 | + if (bb == entry_bb) |
78719 | + prologue_instrumented = true; | 78841 | + prologue_instrumented = true; |
78720 | + } | 78842 | + } |
@@ -78722,10 +78844,13 @@ index 0000000..d44f37c | |||
78722 | + | 78844 | + |
78723 | + // 4. insert track call at the beginning | 78845 | + // 4. insert track call at the beginning |
78724 | + if (!prologue_instrumented) { | 78846 | + if (!prologue_instrumented) { |
78847 | + gimple_stmt_iterator gsi; | ||
78848 | + | ||
78725 | + bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; | 78849 | + bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; |
78726 | + if (dom_info_available_p(CDI_DOMINATORS)) | 78850 | + if (dom_info_available_p(CDI_DOMINATORS)) |
78727 | + set_immediate_dominator(CDI_DOMINATORS, bb, ENTRY_BLOCK_PTR); | 78851 | + set_immediate_dominator(CDI_DOMINATORS, bb, ENTRY_BLOCK_PTR); |
78728 | + stackleak_add_instrumentation(gsi_start_bb(bb)); | 78852 | + gsi = gsi_start_bb(bb); |
78853 | + stackleak_add_instrumentation(&gsi); | ||
78729 | + } | 78854 | + } |
78730 | + | 78855 | + |
78731 | + return 0; | 78856 | + return 0; |
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 38e8cd914b..d6a674883e 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 | |||
@@ -1,6 +1,6 @@ | |||
1 | # | 1 | # |
2 | # Automatically generated file; DO NOT EDIT. | 2 | # Automatically generated file; DO NOT EDIT. |
3 | # Linux/i386 3.2.2 Kernel Configuration | 3 | # Linux/i386 3.2.7 Kernel Configuration |
4 | # | 4 | # |
5 | # CONFIG_64BIT is not set | 5 | # CONFIG_64BIT is not set |
6 | CONFIG_X86_32=y | 6 | CONFIG_X86_32=y |
@@ -4905,7 +4905,9 @@ CONFIG_CIFS_ACL=y | |||
4905 | # CONFIG_NCP_FS is not set | 4905 | # CONFIG_NCP_FS is not set |
4906 | # CONFIG_CODA_FS is not set | 4906 | # CONFIG_CODA_FS is not set |
4907 | # CONFIG_AFS_FS is not set | 4907 | # CONFIG_AFS_FS is not set |
4908 | # CONFIG_9P_FS is not set | 4908 | CONFIG_9P_FS=m |
4909 | CONFIG_9P_FSCACHE=y | ||
4910 | CONFIG_9P_FS_POSIX_ACL=y | ||
4909 | 4911 | ||
4910 | # | 4912 | # |
4911 | # Partition Types | 4913 | # Partition Types |
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index 045bfa90ef..21a9dcd891 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 | |||
@@ -1,6 +1,6 @@ | |||
1 | # | 1 | # |
2 | # Automatically generated file; DO NOT EDIT. | 2 | # Automatically generated file; DO NOT EDIT. |
3 | # Linux/x86_64 3.2.1 Kernel Configuration | 3 | # Linux/x86_64 3.2.7 Kernel Configuration |
4 | # | 4 | # |
5 | CONFIG_64BIT=y | 5 | CONFIG_64BIT=y |
6 | # CONFIG_X86_32 is not set | 6 | # CONFIG_X86_32 is not set |
@@ -4880,7 +4880,9 @@ CONFIG_CIFS_ACL=y | |||
4880 | # CONFIG_NCP_FS is not set | 4880 | # CONFIG_NCP_FS is not set |
4881 | # CONFIG_CODA_FS is not set | 4881 | # CONFIG_CODA_FS is not set |
4882 | # CONFIG_AFS_FS is not set | 4882 | # CONFIG_AFS_FS is not set |
4883 | # CONFIG_9P_FS is not set | 4883 | CONFIG_9P_FS=m |
4884 | CONFIG_9P_FSCACHE=y | ||
4885 | CONFIG_9P_FS_POSIX_ACL=y | ||
4884 | 4886 | ||
4885 | # | 4887 | # |
4886 | # Partition Types | 4888 | # Partition Types |