diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-11-08 07:12:21 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-11-08 07:12:21 -0500 |
| commit | ff6e8b2b912e491042af8475e8cc1aa2aea9744f (patch) | |
| tree | 68b396c22f68ee927c00d3a4935f73a4fe6667b8 | |
| parent | patch 3.6.5 and 3.6.6 are in genpatches (diff) | |
| download | hardened-patchset-ff6e8b2b912e491042af8475e8cc1aa2aea9744f.tar.gz hardened-patchset-ff6e8b2b912e491042af8475e8cc1aa2aea9744f.tar.bz2 hardened-patchset-ff6e8b2b912e491042af8475e8cc1aa2aea9744f.zip | |
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211071959.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211042106.patch) | 29 | ||||
| -rw-r--r-- | 3.2.33/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.33/4420_grsecurity-2.9.1-3.2.33-201211072000.patch (renamed from 3.2.33/4420_grsecurity-2.9.1-3.2.33-201211042155.patch) | 38 | ||||
| -rw-r--r-- | 3.6.6/0000_README | 2 | ||||
| -rw-r--r-- | 3.6.6/4420_grsecurity-2.9.1-3.6.6-201211072001.patch (renamed from 3.6.6/4420_grsecurity-2.9.1-3.6.6-201211051957.patch) | 38 |
6 files changed, 89 insertions, 22 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index bbe4567..8bd0698 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201211042106.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201211071959.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211042106.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211071959.patch index e2f2160..82352cf 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211042106.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201211071959.patch @@ -27117,10 +27117,18 @@ index f46c3407..f7e72b0 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 73ffd55..5c2a82a 100644 +index 73ffd55..e88dff5 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -13,6 +13,7 @@ +@@ -1,6 +1,7 @@ + #include <linux/initrd.h> + #include <linux/ioport.h> + #include <linux/swap.h> ++#include <linux/tboot.h> + + #include <asm/cacheflush.h> + #include <asm/e820.h> +@@ -13,6 +14,7 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include <asm/proto.h> @@ -27128,7 +27136,7 @@ index 73ffd55..5c2a82a 100644 DEFINE_PER_CPU(struct mmu_gather, mmu_gathers); -@@ -69,11 +70,7 @@ static void __init find_early_table_space(unsigned long end, int use_pse, +@@ -69,11 +71,7 @@ static void __init find_early_table_space(unsigned long end, int use_pse, * cause a hotspot and fill up ZONE_DMA. The page tables * need roughly 0.5KB per GB. */ @@ -27141,7 +27149,7 @@ index 73ffd55..5c2a82a 100644 e820_table_start = find_e820_area(start, max_pfn_mapped<<PAGE_SHIFT, tables, PAGE_SIZE); if (e820_table_start == -1UL) -@@ -147,7 +144,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -147,7 +145,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, #endif set_nx(); @@ -27150,7 +27158,7 @@ index 73ffd55..5c2a82a 100644 printk(KERN_INFO "NX (Execute Disable) protection: active\n"); /* Enable PSE if available */ -@@ -329,10 +326,32 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -329,10 +327,35 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -27169,21 +27177,24 @@ index 73ffd55..5c2a82a 100644 + /* allow EBDA */ + if (pagenr >= ebda_start && pagenr < ebda_end) + return 1; ++ /* if tboot is in use, allow access to its hardcoded serial log range */ ++ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT))) ++ return 1; + /* allow ISA/video mem */ + if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT)) + return 1; + /* throw out everything else below 1MB */ -+ if (pagenr <= 256) + if (pagenr <= 256) + return 0; +#else - if (pagenr <= 256) ++ if (pagenr < 256) return 1; +#endif + if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -377,8 +396,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -377,8 +400,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -112040,7 +112051,7 @@ index b9644d8..537313b 100644 return -EFAULT; diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c -index 1eba160..c35d91f 100644 +index 1eba160b..c35d91f 100644 --- a/net/ipv4/tcp_illinois.c +++ b/net/ipv4/tcp_illinois.c @@ -313,11 +313,13 @@ static void tcp_illinois_info(struct sock *sk, u32 ext, diff --git a/3.2.33/0000_README b/3.2.33/0000_README index cef651c..4f37d3a 100644 --- a/3.2.33/0000_README +++ b/3.2.33/0000_README @@ -50,7 +50,7 @@ Patch: 1032_linux-3.2.33.patch From: http://www.kernel.org Desc: Linux 3.2.33 -Patch: 4420_grsecurity-2.9.1-3.2.33-201211042155.patch +Patch: 4420_grsecurity-2.9.1-3.2.33-201211072000.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.33/4420_grsecurity-2.9.1-3.2.33-201211042155.patch b/3.2.33/4420_grsecurity-2.9.1-3.2.33-201211072000.patch index 42ec9ae..3d86532 100644 --- a/3.2.33/4420_grsecurity-2.9.1-3.2.33-201211042155.patch +++ b/3.2.33/4420_grsecurity-2.9.1-3.2.33-201211072000.patch @@ -24864,10 +24864,18 @@ index df7d12c..abafe9e 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 87488b9..cb10023 100644 +index 87488b9..ec24280 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -15,6 +15,8 @@ +@@ -3,6 +3,7 @@ + #include <linux/ioport.h> + #include <linux/swap.h> + #include <linux/memblock.h> ++#include <linux/tboot.h> + + #include <asm/cacheflush.h> + #include <asm/e820.h> +@@ -15,6 +16,8 @@ #include <asm/tlbflush.h> #include <asm/tlb.h> #include <asm/proto.h> @@ -24876,7 +24884,7 @@ index 87488b9..cb10023 100644 unsigned long __initdata pgt_buf_start; unsigned long __meminitdata pgt_buf_end; -@@ -31,7 +33,7 @@ int direct_gbpages +@@ -31,7 +34,7 @@ int direct_gbpages static void __init find_early_table_space(unsigned long end, int use_pse, int use_gbpages) { @@ -24885,7 +24893,7 @@ index 87488b9..cb10023 100644 phys_addr_t base; puds = (end + PUD_SIZE - 1) >> PUD_SHIFT; -@@ -310,10 +312,37 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -310,10 +313,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -24904,6 +24912,9 @@ index 87488b9..cb10023 100644 + /* allow EBDA */ + if (pagenr >= ebda_start && pagenr < ebda_end) + return 1; ++ /* if tboot is in use, allow access to its hardcoded serial log range */ ++ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT))) ++ return 1; +#else + if (!pagenr) + return 1; @@ -24924,7 +24935,7 @@ index 87488b9..cb10023 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -370,8 +399,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -370,8 +403,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -43028,6 +43039,23 @@ index e56c934..fc22f4b 100644 } u; struct list_head list; }; +diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c +index fef20db..d28b1ab 100644 +--- a/drivers/xen/xenfs/xenstored.c ++++ b/drivers/xen/xenfs/xenstored.c +@@ -24,7 +24,12 @@ static int xsd_release(struct inode *inode, struct file *file) + static int xsd_kva_open(struct inode *inode, struct file *file) + { + file->private_data = (void *)kasprintf(GFP_KERNEL, "0x%p", ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ NULL); ++#else + xen_store_interface); ++#endif ++ + if (!file->private_data) + return -ENOMEM; + return 0; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 879ed88..bc03a01 100644 --- a/fs/9p/vfs_inode.c diff --git a/3.6.6/0000_README b/3.6.6/0000_README index 3c4b928..b78c8e4 100644 --- a/3.6.6/0000_README +++ b/3.6.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.6.6-201211051957.patch +Patch: 4420_grsecurity-2.9.1-3.6.6-201211072001.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.6.6/4420_grsecurity-2.9.1-3.6.6-201211051957.patch b/3.6.6/4420_grsecurity-2.9.1-3.6.6-201211072001.patch index b18fa60..e6e5d8f 100644 --- a/3.6.6/4420_grsecurity-2.9.1-3.6.6-201211051957.patch +++ b/3.6.6/4420_grsecurity-2.9.1-3.6.6-201211072001.patch @@ -24594,10 +24594,18 @@ index b91e485..d00e7c9 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index d7aea41..f753ad2 100644 +index d7aea41..0fc945b 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -16,6 +16,8 @@ +@@ -4,6 +4,7 @@ + #include <linux/swap.h> + #include <linux/memblock.h> + #include <linux/bootmem.h> /* for max_low_pfn */ ++#include <linux/tboot.h> + + #include <asm/cacheflush.h> + #include <asm/e820.h> +@@ -16,6 +17,8 @@ #include <asm/tlb.h> #include <asm/proto.h> #include <asm/dma.h> /* for MAX_DMA_PFN */ @@ -24606,7 +24614,7 @@ index d7aea41..f753ad2 100644 unsigned long __initdata pgt_buf_start; unsigned long __meminitdata pgt_buf_end; -@@ -44,7 +46,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range) +@@ -44,7 +47,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range) { int i; unsigned long puds = 0, pmds = 0, ptes = 0, tables; @@ -24615,7 +24623,7 @@ index d7aea41..f753ad2 100644 phys_addr_t base; for (i = 0; i < nr_range; i++) { -@@ -321,10 +323,37 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -321,10 +324,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -24635,6 +24643,9 @@ index d7aea41..f753ad2 100644 + /* allow EBDA */ + if (pagenr >= ebda_start && pagenr < ebda_end) + return 1; ++ /* if tboot is in use, allow access to its hardcoded serial log range */ ++ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT))) ++ return 1; +#else + if (!pagenr) + return 1; @@ -24654,7 +24665,7 @@ index d7aea41..f753ad2 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -381,8 +410,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -381,8 +414,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -42746,6 +42757,23 @@ index 89f7625..ac72702 100644 /* On error, dump existing buffer */ u->len = 0; rc = -EINVAL; +diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c +index fef20db..d28b1ab 100644 +--- a/drivers/xen/xenfs/xenstored.c ++++ b/drivers/xen/xenfs/xenstored.c +@@ -24,7 +24,12 @@ static int xsd_release(struct inode *inode, struct file *file) + static int xsd_kva_open(struct inode *inode, struct file *file) + { + file->private_data = (void *)kasprintf(GFP_KERNEL, "0x%p", ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ NULL); ++#else + xen_store_interface); ++#endif ++ + if (!file->private_data) + return -ENOMEM; + return 0; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index cbf9dbb..35c3af7 100644 --- a/fs/9p/vfs_inode.c |