diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2014-02-12 10:44:05 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-02-12 10:44:05 -0500 |
commit | 4d138fee3fb5155dcf5f411f81a65b340c6a46ca (patch) | |
tree | 77cf05a7d3833ee2524190aed807be8fe3981780 | |
parent | Grsec/PaX: 3.0-{3.2.54,3.13.2}-201402091134 (diff) | |
download | hardened-patchset-20140211.tar.gz hardened-patchset-20140211.tar.bz2 hardened-patchset-20140211.zip |
Grsec/PaX: 3.0-{3.2.54,3.13.2}-20140211174720140211
-rw-r--r-- | 3.13.2/0000_README | 2 | ||||
-rw-r--r-- | 3.13.2/4420_grsecurity-3.0-3.13.2-201402111747.patch (renamed from 3.13.2/4420_grsecurity-3.0-3.13.2-201402091134.patch) | 33 | ||||
-rw-r--r-- | 3.2.54/0000_README | 2 | ||||
-rw-r--r-- | 3.2.54/4420_grsecurity-3.0-3.2.54-201402111745.patch (renamed from 3.2.54/4420_grsecurity-3.0-3.2.54-201402091132.patch) | 85 |
4 files changed, 69 insertions, 53 deletions
diff --git a/3.13.2/0000_README b/3.13.2/0000_README index cb647cd..ce8a461 100644 --- a/3.13.2/0000_README +++ b/3.13.2/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.13.2-201402091134.patch +Patch: 4420_grsecurity-3.0-3.13.2-201402111747.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.13.2/4420_grsecurity-3.0-3.13.2-201402091134.patch b/3.13.2/4420_grsecurity-3.0-3.13.2-201402111747.patch index df6cd99..3ac109b 100644 --- a/3.13.2/4420_grsecurity-3.0-3.13.2-201402091134.patch +++ b/3.13.2/4420_grsecurity-3.0-3.13.2-201402111747.patch @@ -37956,7 +37956,7 @@ index d39cca6..8c1e269 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 429b75b..03d60db 100644 +index 429b75b..a4f540d 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -270,10 +270,17 @@ @@ -37977,7 +37977,17 @@ index 429b75b..03d60db 100644 #define SEC_XFER_SIZE 512 #define EXTRACT_SIZE 10 -@@ -361,12 +368,19 @@ static struct poolinfo { +@@ -284,9 +291,6 @@ + /* + * To allow fractional bits to be tracked, the entropy_count field is + * denominated in units of 1/8th bits. +- * +- * 2*(ENTROPY_SHIFT + log2(poolbits)) must <= 31, or the multiply in +- * credit_entropy_bits() needs to be 64 bits wide. + */ + #define ENTROPY_SHIFT 3 + #define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT) +@@ -361,12 +365,19 @@ static struct poolinfo { #define S(x) ilog2(x)+5, (x), (x)*4, (x)*32, (x) << (ENTROPY_SHIFT+5) int tap1, tap2, tap3, tap4, tap5; } poolinfo_table[] = { @@ -37997,7 +38007,7 @@ index 429b75b..03d60db 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { S(2048), 1638, 1231, 819, 411, 1 }, -@@ -524,8 +538,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, +@@ -524,8 +535,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, input_rotate = (input_rotate + (i ? 7 : 14)) & 31; } @@ -38008,7 +38018,16 @@ index 429b75b..03d60db 100644 smp_wmb(); if (out) -@@ -1151,7 +1165,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -632,7 +643,7 @@ retry: + /* The +2 corresponds to the /4 in the denominator */ + + do { +- unsigned int anfrac = min(pnfrac, pool_size/2); ++ u64 anfrac = min(pnfrac, pool_size/2); + unsigned int add = + ((pool_size - entropy_count)*anfrac*3) >> s; + +@@ -1151,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -38017,7 +38036,7 @@ index 429b75b..03d60db 100644 ret = -EFAULT; break; } -@@ -1507,7 +1521,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1507,7 +1518,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -38026,7 +38045,7 @@ index 429b75b..03d60db 100644 static int max_write_thresh = INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; -@@ -1523,7 +1537,7 @@ static char sysctl_bootid[16]; +@@ -1523,7 +1534,7 @@ static char sysctl_bootid[16]; static int proc_do_uuid(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -38035,7 +38054,7 @@ index 429b75b..03d60db 100644 unsigned char buf[64], tmp_uuid[16], *uuid; uuid = table->data; -@@ -1553,7 +1567,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, +@@ -1553,7 +1564,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, static int proc_do_entropy(ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { diff --git a/3.2.54/0000_README b/3.2.54/0000_README index 36ebbf6..b0f9c87 100644 --- a/3.2.54/0000_README +++ b/3.2.54/0000_README @@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch From: http://www.kernel.org Desc: Linux 3.2.54 -Patch: 4420_grsecurity-3.0-3.2.54-201402091132.patch +Patch: 4420_grsecurity-3.0-3.2.54-201402111745.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201402091132.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201402111745.patch index c8d6e90..21543e0 100644 --- a/3.2.54/4420_grsecurity-3.0-3.2.54-201402091132.patch +++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201402111745.patch @@ -34264,7 +34264,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index c244f0e..4276f28 100644 +index c244f0e..2080073 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -255,10 +255,8 @@ @@ -34280,7 +34280,7 @@ index c244f0e..4276f28 100644 #include <asm/processor.h> #include <asm/uaccess.h> -@@ -266,129 +264,153 @@ +@@ -266,129 +264,150 @@ #include <asm/irq_regs.h> #include <asm/io.h> @@ -34315,9 +34315,6 @@ index c244f0e..4276f28 100644 /* + * To allow fractional bits to be tracked, the entropy_count field is + * denominated in units of 1/8th bits. -+ * -+ * 2*(ENTROPY_SHIFT + log2(poolbits)) must <= 31, or the multiply in -+ * credit_entropy_bits() needs to be 64 bits wide. + */ +#define ENTROPY_SHIFT 3 +#define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT) @@ -34512,7 +34509,7 @@ index c244f0e..4276f28 100644 /* * Static global variables */ -@@ -396,21 +418,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait); +@@ -396,21 +415,6 @@ static DECLARE_WAIT_QUEUE_HEAD(random_read_wait); static DECLARE_WAIT_QUEUE_HEAD(random_write_wait); static struct fasync_struct *fasync; @@ -34534,7 +34531,7 @@ index c244f0e..4276f28 100644 /********************************************************************** * * OS independent entropy store. Here are the functions which handle -@@ -421,22 +428,26 @@ module_param(debug, bool, 0644); +@@ -421,22 +425,26 @@ module_param(debug, bool, 0644); struct entropy_store; struct entropy_store { /* read-only data: */ @@ -34565,7 +34562,7 @@ index c244f0e..4276f28 100644 static __u32 input_pool_data[INPUT_POOL_WORDS]; static __u32 blocking_pool_data[OUTPUT_POOL_WORDS]; static __u32 nonblocking_pool_data[OUTPUT_POOL_WORDS]; -@@ -445,7 +456,7 @@ static struct entropy_store input_pool = { +@@ -445,7 +453,7 @@ static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], .name = "input", .limit = 1, @@ -34574,7 +34571,7 @@ index c244f0e..4276f28 100644 .pool = input_pool_data }; -@@ -454,16 +465,20 @@ static struct entropy_store blocking_pool = { +@@ -454,16 +462,20 @@ static struct entropy_store blocking_pool = { .name = "blocking", .limit = 1, .pull = &input_pool, @@ -34599,7 +34596,7 @@ index c244f0e..4276f28 100644 }; static __u32 const twist_table[8] = { -@@ -480,8 +495,8 @@ static __u32 const twist_table[8] = { +@@ -480,8 +492,8 @@ static __u32 const twist_table[8] = { * it's cheap to do so and helps slightly in the expected case where * the entropy is concentrated in the low-order bits. */ @@ -34610,7 +34607,7 @@ index c244f0e..4276f28 100644 { unsigned long i, j, tap1, tap2, tap3, tap4, tap5; int input_rotate; -@@ -501,7 +516,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in, +@@ -501,7 +513,7 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in, /* mix one byte at a time to simplify size handling and churn faster */ while (nbytes--) { @@ -34619,7 +34616,7 @@ index c244f0e..4276f28 100644 i = (i - 1) & wordmask; /* XOR in the various taps */ -@@ -521,11 +536,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in, +@@ -521,11 +533,11 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in, * rotation, so that successive passes spread the * input bits across the pool evenly. */ @@ -34634,7 +34631,7 @@ index c244f0e..4276f28 100644 smp_wmb(); if (out) -@@ -533,13 +548,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in, +@@ -533,13 +545,21 @@ static void __mix_pool_bytes(struct entropy_store *r, const void *in, ((__u32 *)out)[j] = r->pool[(i - j) & wordmask]; } @@ -34658,7 +34655,7 @@ index c244f0e..4276f28 100644 spin_unlock_irqrestore(&r->lock, flags); } -@@ -556,58 +579,151 @@ struct fast_pool { +@@ -556,58 +576,151 @@ struct fast_pool { * collector. It's hardcoded for an 128 bit pool and assumes that any * locks that might be needed are taken by the caller. */ @@ -34743,7 +34740,7 @@ index c244f0e..4276f28 100644 + /* The +2 corresponds to the /4 in the denominator */ + + do { -+ unsigned int anfrac = min(pnfrac, pool_size/2); ++ u64 anfrac = min(pnfrac, pool_size/2); + unsigned int add = + ((pool_size - entropy_count)*anfrac*3) >> s; + @@ -34834,7 +34831,7 @@ index c244f0e..4276f28 100644 /********************************************************************* * * Entropy input management -@@ -621,42 +737,7 @@ struct timer_rand_state { +@@ -621,42 +734,7 @@ struct timer_rand_state { unsigned dont_count_entropy:1; }; @@ -34878,7 +34875,7 @@ index c244f0e..4276f28 100644 /* * Add device- or boot-specific data to the input and nonblocking -@@ -669,15 +750,22 @@ static void set_timer_rand_state(unsigned int irq, +@@ -669,15 +747,22 @@ static void set_timer_rand_state(unsigned int irq, void add_device_randomness(const void *buf, unsigned int size) { unsigned long time = random_get_entropy() ^ jiffies; @@ -34906,7 +34903,7 @@ index c244f0e..4276f28 100644 /* * This function adds entropy to the entropy "pool" by using timing -@@ -691,6 +779,7 @@ static struct timer_rand_state input_timer_state; +@@ -691,6 +776,7 @@ static struct timer_rand_state input_timer_state; */ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) { @@ -34914,7 +34911,7 @@ index c244f0e..4276f28 100644 struct { long jiffies; unsigned cycles; -@@ -699,15 +788,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) +@@ -699,15 +785,12 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) long delta, delta2, delta3; preempt_disable(); @@ -34932,7 +34929,7 @@ index c244f0e..4276f28 100644 /* * Calculate number of bits of randomness we probably added. -@@ -741,10 +827,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) +@@ -741,10 +824,8 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) * Round down by 1 bit on general principles, * and limit entropy entimate to 12 bits. */ @@ -34944,7 +34941,7 @@ index c244f0e..4276f28 100644 preempt_enable(); } -@@ -757,10 +841,10 @@ void add_input_randomness(unsigned int type, unsigned int code, +@@ -757,10 +838,10 @@ void add_input_randomness(unsigned int type, unsigned int code, if (value == last_value) return; @@ -34956,7 +34953,7 @@ index c244f0e..4276f28 100644 } EXPORT_SYMBOL_GPL(add_input_randomness); -@@ -772,20 +856,21 @@ void add_interrupt_randomness(int irq, int irq_flags) +@@ -772,20 +853,21 @@ void add_interrupt_randomness(int irq, int irq_flags) struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness); struct pt_regs *regs = get_irq_regs(); unsigned long now = jiffies; @@ -34989,7 +34986,7 @@ index c244f0e..4276f28 100644 return; fast_pool->last = now; -@@ -814,10 +899,8 @@ void add_disk_randomness(struct gendisk *disk) +@@ -814,10 +896,8 @@ void add_disk_randomness(struct gendisk *disk) if (!disk || !disk->random) return; /* first major is 1, so we get >= 0x200 here */ @@ -35001,7 +34998,7 @@ index c244f0e..4276f28 100644 } #endif -@@ -835,104 +918,127 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -835,104 +915,127 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, * from the primary pool to the secondary extraction pool. We make * sure we pull enough for a 'catastrophic reseed'. */ @@ -35195,7 +35192,7 @@ index c244f0e..4276f28 100644 spin_lock_irqsave(&r->lock, flags); for (i = 0; i < r->poolinfo->poolwords; i += 16) sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); -@@ -966,27 +1072,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) +@@ -966,27 +1069,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) hash.w[1] ^= hash.w[4]; hash.w[2] ^= rol32(hash.w[2], 16); @@ -35250,7 +35247,7 @@ index c244f0e..4276f28 100644 xfer_secondary_pool(r, nbytes); nbytes = account(r, nbytes, min, reserved); -@@ -994,8 +1116,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -994,8 +1113,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, extract_buf(r, tmp); if (fips_enabled) { @@ -35259,7 +35256,7 @@ index c244f0e..4276f28 100644 spin_lock_irqsave(&r->lock, flags); if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) panic("Hardware RNG duplicated output!\n"); -@@ -1015,12 +1135,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -1015,12 +1132,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, return ret; } @@ -35277,7 +35274,7 @@ index c244f0e..4276f28 100644 xfer_secondary_pool(r, nbytes); nbytes = account(r, nbytes, 0, 0); -@@ -1036,7 +1161,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1036,7 +1158,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -35286,7 +35283,7 @@ index c244f0e..4276f28 100644 ret = -EFAULT; break; } -@@ -1055,11 +1180,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1055,11 +1177,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, /* * This function is the exported kernel interface. It returns some * number of good random numbers, suitable for key generation, seeding @@ -35309,7 +35306,7 @@ index c244f0e..4276f28 100644 extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0); } EXPORT_SYMBOL(get_random_bytes); -@@ -1078,6 +1212,7 @@ void get_random_bytes_arch(void *buf, int nbytes) +@@ -1078,6 +1209,7 @@ void get_random_bytes_arch(void *buf, int nbytes) { char *p = buf; @@ -35317,7 +35314,7 @@ index c244f0e..4276f28 100644 while (nbytes) { unsigned long v; int chunk = min(nbytes, (int)sizeof(unsigned long)); -@@ -1111,12 +1246,11 @@ static void init_std_data(struct entropy_store *r) +@@ -1111,12 +1243,11 @@ static void init_std_data(struct entropy_store *r) ktime_t now = ktime_get_real(); unsigned long rv; @@ -35333,7 +35330,7 @@ index c244f0e..4276f28 100644 mix_pool_bytes(r, &rv, sizeof(rv), NULL); } mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL); -@@ -1139,25 +1273,7 @@ static int rand_initialize(void) +@@ -1139,25 +1270,7 @@ static int rand_initialize(void) init_std_data(&nonblocking_pool); return 0; } @@ -35360,7 +35357,7 @@ index c244f0e..4276f28 100644 #ifdef CONFIG_BLOCK void rand_initialize_disk(struct gendisk *disk) -@@ -1169,71 +1285,59 @@ void rand_initialize_disk(struct gendisk *disk) +@@ -1169,71 +1282,59 @@ void rand_initialize_disk(struct gendisk *disk) * source. */ state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL); @@ -35468,7 +35465,7 @@ index c244f0e..4276f28 100644 } static unsigned int -@@ -1244,9 +1348,9 @@ random_poll(struct file *file, poll_table * wait) +@@ -1244,9 +1345,9 @@ random_poll(struct file *file, poll_table * wait) poll_wait(file, &random_read_wait, wait); poll_wait(file, &random_write_wait, wait); mask = 0; @@ -35480,7 +35477,7 @@ index c244f0e..4276f28 100644 mask |= POLLOUT | POLLWRNORM; return mask; } -@@ -1297,7 +1401,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) +@@ -1297,7 +1398,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) switch (cmd) { case RNDGETENTCNT: /* inherently racy, no point locking */ @@ -35490,7 +35487,7 @@ index c244f0e..4276f28 100644 return -EFAULT; return 0; case RNDADDTOENTCNT: -@@ -1305,7 +1410,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) +@@ -1305,7 +1407,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) return -EPERM; if (get_user(ent_count, p)) return -EFAULT; @@ -35499,7 +35496,7 @@ index c244f0e..4276f28 100644 return 0; case RNDADDENTROPY: if (!capable(CAP_SYS_ADMIN)) -@@ -1320,14 +1425,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) +@@ -1320,14 +1422,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) size); if (retval < 0) return retval; @@ -35522,7 +35519,7 @@ index c244f0e..4276f28 100644 return 0; default: return -EINVAL; -@@ -1387,23 +1497,23 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1387,23 +1494,23 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -35553,7 +35550,7 @@ index c244f0e..4276f28 100644 unsigned char buf[64], tmp_uuid[16], *uuid; uuid = table->data; -@@ -1427,8 +1537,26 @@ static int proc_do_uuid(ctl_table *table, int write, +@@ -1427,8 +1534,26 @@ static int proc_do_uuid(ctl_table *table, int write, return proc_dostring(&fake_table, write, buffer, lenp, ppos); } @@ -35581,7 +35578,7 @@ index c244f0e..4276f28 100644 { .procname = "poolsize", .data = &sysctl_poolsize, -@@ -1440,12 +1568,12 @@ ctl_table random_table[] = { +@@ -1440,12 +1565,12 @@ ctl_table random_table[] = { .procname = "entropy_avail", .maxlen = sizeof(int), .mode = 0444, @@ -35596,7 +35593,7 @@ index c244f0e..4276f28 100644 .maxlen = sizeof(int), .mode = 0644, .proc_handler = proc_dointvec_minmax, -@@ -1454,7 +1582,7 @@ ctl_table random_table[] = { +@@ -1454,7 +1579,7 @@ ctl_table random_table[] = { }, { .procname = "write_wakeup_threshold", @@ -35605,7 +35602,7 @@ index c244f0e..4276f28 100644 .maxlen = sizeof(int), .mode = 0644, .proc_handler = proc_dointvec_minmax, -@@ -1462,6 +1590,13 @@ ctl_table random_table[] = { +@@ -1462,6 +1587,13 @@ ctl_table random_table[] = { .extra2 = &max_write_thresh, }, { @@ -35619,7 +35616,7 @@ index c244f0e..4276f28 100644 .procname = "boot_id", .data = &sysctl_bootid, .maxlen = 16, -@@ -1492,7 +1627,7 @@ int random_int_secret_init(void) +@@ -1492,7 +1624,7 @@ int random_int_secret_init(void) * value is not cryptographically secure but for several uses the cost of * depleting entropy is too high */ @@ -35628,7 +35625,7 @@ index c244f0e..4276f28 100644 unsigned int get_random_int(void) { __u32 *hash; -@@ -1510,6 +1645,7 @@ unsigned int get_random_int(void) +@@ -1510,6 +1642,7 @@ unsigned int get_random_int(void) return ret; } |