diff options
| -rw-r--r-- | main/linux-grsec/APKBUILD | 10 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.2.2-201201302345.patch) | 919 |
2 files changed, 430 insertions, 499 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 3726f6cd39..500e8b4c42 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,9 +2,9 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.2.2 +pkgver=3.2.4 _kernver=3.2 -pkgrel=3 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 - grsecurity-2.2.2-3.2.2-201201302345.patch + grsecurity-2.2.2-3.2.4-201202051927.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -140,8 +140,8 @@ dev() { } md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2 -e9e53fba37c5e2afa4cdecab234120bd patch-3.2.2.bz2 -54c66601d38283f4561acd7cf48f7a0a grsecurity-2.2.2-3.2.2-201201302345.patch +02adf3e0450969dec6219ca52ff2a68a patch-3.2.4.bz2 +87a8ebc1d936b51263e09f0ba95ca0ad grsecurity-2.2.2-3.2.4-201202051927.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch 62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch diff --git a/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201302345.patch b/main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch index 5a35b2ea25..b2dcf41b69 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.2.2-201201302345.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.2.4-201202051927.patch @@ -186,7 +186,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 2f684da..bf21f8d 100644 +index c8e187e..c445af7 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -12223,19 +12223,18 @@ index 2af127d..8ff7ac0 100644 atomic_set(&mce_callin, 0); atomic_set(&global_nwo, 0); diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c -index 5c0e653..51ddf2c 100644 +index 5c0e653..0882b0a 100644 --- a/arch/x86/kernel/cpu/mcheck/p5.c +++ b/arch/x86/kernel/cpu/mcheck/p5.c -@@ -11,7 +11,7 @@ - #include <asm/processor.h> +@@ -12,6 +12,7 @@ #include <asm/system.h> #include <asm/mce.h> --#include <asm/msr.h> + #include <asm/msr.h> +#include <asm/pgtable.h> /* By default disabled */ int mce_p5_enabled __read_mostly; -@@ -50,7 +50,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c) +@@ -50,7 +51,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c) if (!cpu_has(c, X86_FEATURE_MCE)) return; @@ -22963,7 +22962,7 @@ index 7b179b4..6bd1777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index be1ef57..9680edc 100644 +index be1ef57..55f0160 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, @@ -22975,7 +22974,17 @@ index be1ef57..9680edc 100644 return NULL; WARN_ON_ONCE(is_ram); } -@@ -344,7 +344,7 @@ static int __init early_ioremap_debug_setup(char *str) +@@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) + + /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ + if (page_is_ram(start >> PAGE_SHIFT)) ++#ifdef CONFIG_HIGHMEM ++ if ((start >> PAGE_SHIFT) < max_low_pfn) ++#endif + return __va(phys); + + addr = (void __force *)ioremap_cache(start, PAGE_SIZE); +@@ -344,7 +347,7 @@ static int __init early_ioremap_debug_setup(char *str) early_param("early_ioremap_debug", early_ioremap_debug_setup); static __initdata int after_paging_init; @@ -22984,7 +22993,7 @@ index be1ef57..9680edc 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -381,8 +381,7 @@ void __init early_ioremap_init(void) +@@ -381,8 +384,7 @@ void __init early_ioremap_init(void) slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -23725,7 +23734,7 @@ index 6687022..ceabcfa 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 7b65f75..63097f6 100644 +index 7c1b765..180e3b2 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end) @@ -23750,7 +23759,7 @@ index 7b65f75..63097f6 100644 /* Before first pass, make a rough estimation of addrs[] * each bpf instruction is translated to less than 64 bytes */ -@@ -585,11 +593,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -592,11 +600,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; if (image) { if (unlikely(proglen + ilen > oldproglen)) { pr_err("bpb_jit_compile fatal error\n"); @@ -23766,7 +23775,7 @@ index 7b65f75..63097f6 100644 } proglen += ilen; addrs[i] = proglen; -@@ -609,7 +618,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -617,7 +626,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -23775,7 +23784,7 @@ index 7b65f75..63097f6 100644 proglen, sizeof(struct work_struct))); if (!image) -@@ -631,24 +640,27 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -639,24 +648,27 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; fp->bpf_func = (void *)image; } out: @@ -24994,109 +25003,6 @@ index 671d4d6..5f24030 100644 static void cryptd_queue_worker(struct work_struct *work); -diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c -index 9ed9f60..88f160b 100644 ---- a/crypto/sha512_generic.c -+++ b/crypto/sha512_generic.c -@@ -21,8 +21,6 @@ - #include <linux/percpu.h> - #include <asm/byteorder.h> - --static DEFINE_PER_CPU(u64[80], msg_schedule); -- - static inline u64 Ch(u64 x, u64 y, u64 z) - { - return z ^ (x & (y ^ z)); -@@ -80,7 +78,7 @@ static inline void LOAD_OP(int I, u64 *W, const u8 *input) - - static inline void BLEND_OP(int I, u64 *W) - { -- W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16]; -+ W[I % 16] += s1(W[(I-2) % 16]) + W[(I-7) % 16] + s0(W[(I-15) % 16]); - } - - static void -@@ -89,38 +87,48 @@ sha512_transform(u64 *state, const u8 *input) - u64 a, b, c, d, e, f, g, h, t1, t2; - - int i; -- u64 *W = get_cpu_var(msg_schedule); -+ u64 W[16]; - - /* load the input */ - for (i = 0; i < 16; i++) - LOAD_OP(i, W, input); - -- for (i = 16; i < 80; i++) { -- BLEND_OP(i, W); -- } -- - /* load the state into our registers */ - a=state[0]; b=state[1]; c=state[2]; d=state[3]; - e=state[4]; f=state[5]; g=state[6]; h=state[7]; - -- /* now iterate */ -- for (i=0; i<80; i+=8) { -- t1 = h + e1(e) + Ch(e,f,g) + sha512_K[i ] + W[i ]; -- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; -- t1 = g + e1(d) + Ch(d,e,f) + sha512_K[i+1] + W[i+1]; -- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; -- t1 = f + e1(c) + Ch(c,d,e) + sha512_K[i+2] + W[i+2]; -- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; -- t1 = e + e1(b) + Ch(b,c,d) + sha512_K[i+3] + W[i+3]; -- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; -- t1 = d + e1(a) + Ch(a,b,c) + sha512_K[i+4] + W[i+4]; -- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; -- t1 = c + e1(h) + Ch(h,a,b) + sha512_K[i+5] + W[i+5]; -- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; -- t1 = b + e1(g) + Ch(g,h,a) + sha512_K[i+6] + W[i+6]; -- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; -- t1 = a + e1(f) + Ch(f,g,h) + sha512_K[i+7] + W[i+7]; -- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; -+#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \ -+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \ -+ t2 = e0(a) + Maj(a, b, c); \ -+ d += t1; \ -+ h = t1 + t2 -+ -+#define SHA512_16_79(i, a, b, c, d, e, f, g, h) \ -+ BLEND_OP(i, W); \ -+ t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i)%16]; \ -+ t2 = e0(a) + Maj(a, b, c); \ -+ d += t1; \ -+ h = t1 + t2 -+ -+ for (i = 0; i < 16; i += 8) { -+ SHA512_0_15(i, a, b, c, d, e, f, g, h); -+ SHA512_0_15(i + 1, h, a, b, c, d, e, f, g); -+ SHA512_0_15(i + 2, g, h, a, b, c, d, e, f); -+ SHA512_0_15(i + 3, f, g, h, a, b, c, d, e); -+ SHA512_0_15(i + 4, e, f, g, h, a, b, c, d); -+ SHA512_0_15(i + 5, d, e, f, g, h, a, b, c); -+ SHA512_0_15(i + 6, c, d, e, f, g, h, a, b); -+ SHA512_0_15(i + 7, b, c, d, e, f, g, h, a); -+ } -+ for (i = 16; i < 80; i += 8) { -+ SHA512_16_79(i, a, b, c, d, e, f, g, h); -+ SHA512_16_79(i + 1, h, a, b, c, d, e, f, g); -+ SHA512_16_79(i + 2, g, h, a, b, c, d, e, f); -+ SHA512_16_79(i + 3, f, g, h, a, b, c, d, e); -+ SHA512_16_79(i + 4, e, f, g, h, a, b, c, d); -+ SHA512_16_79(i + 5, d, e, f, g, h, a, b, c); -+ SHA512_16_79(i + 6, c, d, e, f, g, h, a, b); -+ SHA512_16_79(i + 7, b, c, d, e, f, g, h, a); - } - - state[0] += a; state[1] += b; state[2] += c; state[3] += d; -@@ -128,8 +136,6 @@ sha512_transform(u64 *state, const u8 *input) - - /* erase our data */ - a = b = c = d = e = f = g = h = t1 = t2 = 0; -- memset(W, 0, sizeof(__get_cpu_var(msg_schedule))); -- put_cpu_var(msg_schedule); - } - - static int diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c index 5d41894..22021e4 100644 --- a/drivers/acpi/apei/cper.c @@ -27943,7 +27849,7 @@ index 40c187c..5746164 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 4911e1d..484c8a3 100644 +index 828bf65..cdaa0e9 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -27982,9 +27888,9 @@ index 4911e1d..484c8a3 100644 - dev->open_count); + local_read(&dev->open_count)); - /* if the master has gone away we can't do anything with the lock */ - if (file_priv->minor->master) -@@ -566,8 +566,8 @@ int drm_release(struct inode *inode, struct file *filp) + /* Release any auth tokens that might point to this file_priv, + (do that under the drm_global_mutex) */ +@@ -571,8 +571,8 @@ int drm_release(struct inode *inode, struct file *filp) * End inline drm_release */ @@ -29164,7 +29070,7 @@ index 66f6729..2d6de0a 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] = temp; diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index fe4104c..346febb 100644 +index 5357925..6cf0418 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -166,7 +166,7 @@ struct sht15_data { @@ -41419,80 +41325,8 @@ index f3a257d..715ac0f 100644 parent, NULL, NULL); } EXPORT_SYMBOL_GPL(debugfs_create_dir); -diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c -index 2a83425..b082cec 100644 ---- a/fs/ecryptfs/crypto.c -+++ b/fs/ecryptfs/crypto.c -@@ -417,17 +417,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, - (unsigned long long)(extent_base + extent_offset), rc); - goto out; - } -- if (unlikely(ecryptfs_verbosity > 0)) { -- ecryptfs_printk(KERN_DEBUG, "Encrypting extent " -- "with iv:\n"); -- ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes); -- ecryptfs_printk(KERN_DEBUG, "First 8 bytes before " -- "encryption:\n"); -- ecryptfs_dump_hex((char *) -- (page_address(page) -- + (extent_offset * crypt_stat->extent_size)), -- 8); -- } - rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0, - page, (extent_offset - * crypt_stat->extent_size), -@@ -440,14 +429,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page, - goto out; - } - rc = 0; -- if (unlikely(ecryptfs_verbosity > 0)) { -- ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16llx]; " -- "rc = [%d]\n", -- (unsigned long long)(extent_base + extent_offset), rc); -- ecryptfs_printk(KERN_DEBUG, "First 8 bytes after " -- "encryption:\n"); -- ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8); -- } - out: - return rc; - } -@@ -543,17 +524,6 @@ static int ecryptfs_decrypt_extent(struct page *page, - (unsigned long long)(extent_base + extent_offset), rc); - goto out; - } -- if (unlikely(ecryptfs_verbosity > 0)) { -- ecryptfs_printk(KERN_DEBUG, "Decrypting extent " -- "with iv:\n"); -- ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes); -- ecryptfs_printk(KERN_DEBUG, "First 8 bytes before " -- "decryption:\n"); -- ecryptfs_dump_hex((char *) -- (page_address(enc_extent_page) -- + (extent_offset * crypt_stat->extent_size)), -- 8); -- } - rc = ecryptfs_decrypt_page_offset(crypt_stat, page, - (extent_offset - * crypt_stat->extent_size), -@@ -567,16 +537,6 @@ static int ecryptfs_decrypt_extent(struct page *page, - goto out; - } - rc = 0; -- if (unlikely(ecryptfs_verbosity > 0)) { -- ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16llx]; " -- "rc = [%d]\n", -- (unsigned long long)(extent_base + extent_offset), rc); -- ecryptfs_printk(KERN_DEBUG, "First 8 bytes after " -- "decryption:\n"); -- ecryptfs_dump_hex((char *)(page_address(page) -- + (extent_offset -- * crypt_stat->extent_size)), 8); -- } - out: - return rc; - } diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index 32f90a3..a766407 100644 +index d2039ca..a766407 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, @@ -41522,84 +41356,8 @@ index 32f90a3..a766407 100644 if (!IS_ERR(buf)) { /* Free the char* */ kfree(buf); -@@ -841,18 +841,6 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia, - size_t num_zeros = (PAGE_CACHE_SIZE - - (ia->ia_size & ~PAGE_CACHE_MASK)); - -- -- /* -- * XXX(truncate) this should really happen at the begginning -- * of ->setattr. But the code is too messy to that as part -- * of a larger patch. ecryptfs is also totally missing out -- * on the inode_change_ok check at the beginning of -- * ->setattr while would include this. -- */ -- rc = inode_newsize_ok(inode, ia->ia_size); -- if (rc) -- goto out; -- - if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { - truncate_setsize(inode, ia->ia_size); - lower_ia->ia_size = ia->ia_size; -@@ -902,6 +890,28 @@ out: - return rc; - } - -+static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset) -+{ -+ struct ecryptfs_crypt_stat *crypt_stat; -+ loff_t lower_oldsize, lower_newsize; -+ -+ crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; -+ lower_oldsize = upper_size_to_lower_size(crypt_stat, -+ i_size_read(inode)); -+ lower_newsize = upper_size_to_lower_size(crypt_stat, offset); -+ if (lower_newsize > lower_oldsize) { -+ /* -+ * The eCryptfs inode and the new *lower* size are mixed here -+ * because we may not have the lower i_mutex held and/or it may -+ * not be appropriate to call inode_newsize_ok() with inodes -+ * from other filesystems. -+ */ -+ return inode_newsize_ok(inode, lower_newsize); -+ } -+ -+ return 0; -+} -+ - /** - * ecryptfs_truncate - * @dentry: The ecryptfs layer dentry -@@ -918,6 +928,10 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) - struct iattr lower_ia = { .ia_valid = 0 }; - int rc; - -+ rc = ecryptfs_inode_newsize_ok(dentry->d_inode, new_length); -+ if (rc) -+ return rc; -+ - rc = truncate_upper(dentry, &ia, &lower_ia); - if (!rc && lower_ia.ia_valid & ATTR_SIZE) { - struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); -@@ -997,6 +1011,16 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) - } - } - mutex_unlock(&crypt_stat->cs_mutex); -+ -+ rc = inode_change_ok(inode, ia); -+ if (rc) -+ goto out; -+ if (ia->ia_valid & ATTR_SIZE) { -+ rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size); -+ if (rc) -+ goto out; -+ } -+ - if (S_ISREG(inode->i_mode)) { - rc = filemap_write_and_wait(inode->i_mapping); - if (rc) diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c -index 940a82e..d3cdeea 100644 +index 0dc5a3d..d3cdeea 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c @@ -328,7 +328,7 @@ check_list: @@ -41611,82 +41369,8 @@ index 940a82e..d3cdeea 100644 goto out_unlock_msg_ctx; i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) -@@ -409,11 +409,47 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, - ssize_t sz = 0; - char *data; - uid_t euid = current_euid(); -+ unsigned char packet_size_peek[3]; - int rc; - -- if (count == 0) -+ if (count == 0) { - goto out; -+ } else if (count == (1 + 4)) { -+ /* Likely a harmless MSG_HELO or MSG_QUIT - no packet length */ -+ goto memdup; -+ } else if (count < (1 + 4 + 1) -+ || count > (1 + 4 + 2 + sizeof(struct ecryptfs_message) + 4 -+ + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES)) { -+ printk(KERN_WARNING "%s: Acceptable packet size range is " -+ "[%d-%lu], but amount of data written is [%zu].", -+ __func__, (1 + 4 + 1), -+ (1 + 4 + 2 + sizeof(struct ecryptfs_message) + 4 -+ + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES), count); -+ return -EINVAL; -+ } - -+ if (copy_from_user(packet_size_peek, (buf + 1 + 4), -+ sizeof(packet_size_peek))) { -+ printk(KERN_WARNING "%s: Error while inspecting packet size\n", -+ __func__); -+ return -EFAULT; -+ } -+ -+ rc = ecryptfs_parse_packet_length(packet_size_peek, &packet_size, -+ &packet_size_length); -+ if (rc) { -+ printk(KERN_WARNING "%s: Error parsing packet length; " -+ "rc = [%d]\n", __func__, rc); -+ return rc; -+ } -+ -+ if ((1 + 4 + packet_size_length + packet_size) != count) { -+ printk(KERN_WARNING "%s: Invalid packet size [%zu]\n", __func__, -+ packet_size); -+ return -EINVAL; -+ } -+ -+memdup: - data = memdup_user(buf, count); - if (IS_ERR(data)) { - printk(KERN_ERR "%s: memdup_user returned error [%ld]\n", -@@ -435,23 +471,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, - } - memcpy(&counter_nbo, &data[i], 4); - seq = be32_to_cpu(counter_nbo); -- i += 4; -- rc = ecryptfs_parse_packet_length(&data[i], &packet_size, -- &packet_size_length); -- if (rc) { -- printk(KERN_WARNING "%s: Error parsing packet length; " -- "rc = [%d]\n", __func__, rc); -- goto out_free; -- } -- i += packet_size_length; -- if ((1 + 4 + packet_size_length + packet_size) != count) { -- printk(KERN_WARNING "%s: (1 + packet_size_length([%zd])" -- " + packet_size([%zd]))([%zd]) != " -- "count([%zd]). Invalid packet format.\n", -- __func__, packet_size_length, packet_size, -- (1 + packet_size_length + packet_size), count); -- goto out_free; -- } -+ i += 4 + packet_size_length; - rc = ecryptfs_miscdev_response(&data[i], packet_size, - euid, current_user_ns(), - task_pid(current), seq); diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c -index 3745f7c..7d040a8 100644 +index 54eb14c..e51b453 100644 --- a/fs/ecryptfs/read_write.c +++ b/fs/ecryptfs/read_write.c @@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, @@ -41698,7 +41382,7 @@ index 3745f7c..7d040a8 100644 set_fs(fs_save); mark_inode_dirty_sync(ecryptfs_inode); return rc; -@@ -130,13 +130,18 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset, +@@ -130,7 +130,12 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset, pgoff_t ecryptfs_page_idx = (pos >> PAGE_CACHE_SHIFT); size_t start_offset_in_page = (pos & ~PAGE_CACHE_MASK); size_t num_bytes = (PAGE_CACHE_SIZE - start_offset_in_page); @@ -41710,7 +41394,9 @@ index 3745f7c..7d040a8 100644 + break; + } - if (num_bytes > total_remaining_bytes) + if (fatal_signal_pending(current)) { + rc = -EINTR; +@@ -141,7 +146,7 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset, num_bytes = total_remaining_bytes; if (pos < offset) { /* remaining zeros to write, up to destination offset */ @@ -41719,32 +41405,7 @@ index 3745f7c..7d040a8 100644 if (num_bytes > total_remaining_zeros) num_bytes = total_remaining_zeros; -@@ -193,15 +198,19 @@ int ecryptfs_write(struct inode *ecryptfs_inode, char *data, loff_t offset, - } - pos += num_bytes; - } -- if ((offset + size) > ecryptfs_file_size) { -- i_size_write(ecryptfs_inode, (offset + size)); -+ if (pos > ecryptfs_file_size) { -+ i_size_write(ecryptfs_inode, pos); - if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) { -- rc = ecryptfs_write_inode_size_to_metadata( -+ int rc2; -+ -+ rc2 = ecryptfs_write_inode_size_to_metadata( - ecryptfs_inode); -- if (rc) { -+ if (rc2) { - printk(KERN_ERR "Problem with " - "ecryptfs_write_inode_size_to_metadata; " -- "rc = [%d]\n", rc); -+ "rc = [%d]\n", rc2); -+ if (!rc) -+ rc = rc2; - goto out; - } - } -@@ -235,7 +244,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size, +@@ -244,7 +249,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size, return -EIO; fs_save = get_fs(); set_fs(get_ds()); @@ -45601,7 +45262,7 @@ index 3a1dafd..d41fc37 100644 +} +#endif diff --git a/fs/proc/base.c b/fs/proc/base.c -index 1fc1dca..813fd0b 100644 +index 1fc1dca..357b933 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -107,6 +107,22 @@ struct pid_entry { @@ -45627,24 +45288,34 @@ index 1fc1dca..813fd0b 100644 #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name = (NAME), \ .len = sizeof(NAME) - 1, \ -@@ -204,10 +220,12 @@ static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) - return ERR_PTR(err); +@@ -194,26 +210,6 @@ static int proc_root_link(struct inode *inode, struct path *path) + return result; + } - mm = get_task_mm(task); +-static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +-{ +- struct mm_struct *mm; +- int err; +- +- err = mutex_lock_killable(&task->signal->cred_guard_mutex); +- if (err) +- return ERR_PTR(err); +- +- mm = get_task_mm(task); - if (mm && mm != current->mm && - !ptrace_may_access(task, mode)) { - mmput(mm); - mm = ERR_PTR(-EACCES); -+ if (mm) { -+ if ((mm != current->mm && !ptrace_may_access(task, mode)) || -+ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task)))) { -+ mmput(mm); -+ mm = ERR_PTR(-EACCES); -+ } - } - mutex_unlock(&task->signal->cred_guard_mutex); - -@@ -229,6 +247,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) +- } +- mutex_unlock(&task->signal->cred_guard_mutex); +- +- return mm; +-} +- + struct mm_struct *mm_for_maps(struct task_struct *task) + { + return mm_access(task, PTRACE_MODE_READ); +@@ -229,6 +225,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -45654,7 +45325,7 @@ index 1fc1dca..813fd0b 100644 len = mm->arg_end - mm->arg_start; if (len > PAGE_SIZE) -@@ -256,12 +277,28 @@ out: +@@ -256,12 +255,28 @@ out: return res; } @@ -45683,7 +45354,7 @@ index 1fc1dca..813fd0b 100644 do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ -@@ -275,7 +312,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) +@@ -275,7 +290,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) } @@ -45692,7 +45363,7 @@ index 1fc1dca..813fd0b 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -314,7 +351,7 @@ static void unlock_trace(struct task_struct *task) +@@ -314,7 +329,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -45701,7 +45372,7 @@ index 1fc1dca..813fd0b 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -505,7 +542,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) +@@ -505,7 +520,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) return count; } @@ -45710,7 +45381,7 @@ index 1fc1dca..813fd0b 100644 static int proc_pid_syscall(struct task_struct *task, char *buffer) { long nr; -@@ -534,7 +571,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) +@@ -534,7 +549,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) /************************************************************************/ /* permission checks */ @@ -45719,7 +45390,7 @@ index 1fc1dca..813fd0b 100644 { struct task_struct *task; int allowed = 0; -@@ -544,7 +581,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -544,7 +559,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { @@ -45731,26 +45402,164 @@ index 1fc1dca..813fd0b 100644 put_task_struct(task); } return allowed; -@@ -826,6 +866,10 @@ static ssize_t mem_read(struct file * file, char __user * buf, - return ret; - } +@@ -775,6 +793,13 @@ static int mem_open(struct inode* inode, struct file* file) + if (IS_ERR(mm)) + return PTR_ERR(mm); -+#define mem_write NULL ++ if (mm) { ++ /* ensure this mm_struct can't be freed */ ++ atomic_inc(&mm->mm_count); ++ /* but do not pin its memory */ ++ mmput(mm); ++ } + -+#ifndef mem_write -+/* They were right the first time */ - static ssize_t mem_write(struct file * file, const char __user *buf, - size_t count, loff_t *ppos) + /* OK to pass negative loff_t, we can catch out-of-range */ + file->f_mode |= FMODE_UNSIGNED_OFFSET; + file->private_data = mm; +@@ -782,57 +807,18 @@ static int mem_open(struct inode* inode, struct file* file) + return 0; + } + +-static ssize_t mem_read(struct file * file, char __user * buf, +- size_t count, loff_t *ppos) ++static ssize_t mem_rw(struct file *file, char __user *buf, ++ size_t count, loff_t *ppos, int write) { -@@ -866,6 +910,7 @@ static ssize_t mem_write(struct file * file, const char __user *buf, +- int ret; +- char *page; +- unsigned long src = *ppos; + struct mm_struct *mm = file->private_data; +- +- if (!mm) +- return 0; +- +- page = (char *)__get_free_page(GFP_TEMPORARY); +- if (!page) +- return -ENOMEM; +- +- ret = 0; +- +- while (count > 0) { +- int this_len, retval; +- +- this_len = (count > PAGE_SIZE) ? PAGE_SIZE : count; +- retval = access_remote_vm(mm, src, page, this_len, 0); +- if (!retval) { +- if (!ret) +- ret = -EIO; +- break; +- } +- +- if (copy_to_user(buf, page, retval)) { +- ret = -EFAULT; +- break; +- } +- +- ret += retval; +- src += retval; +- buf += retval; +- count -= retval; +- } +- *ppos = src; +- +- free_page((unsigned long) page); +- return ret; +-} +- +-static ssize_t mem_write(struct file * file, const char __user *buf, +- size_t count, loff_t *ppos) +-{ +- int copied; ++ unsigned long addr = *ppos; ++ ssize_t copied; + char *page; +- unsigned long dst = *ppos; +- struct mm_struct *mm = file->private_data; ++ ++#ifdef CONFIG_GRKERNSEC ++ if (write) ++ return -EPERM; ++#endif + + if (!mm) + return 0; +@@ -842,31 +828,54 @@ static ssize_t mem_write(struct file * file, const char __user *buf, + return -ENOMEM; + + copied = 0; ++ if (!atomic_inc_not_zero(&mm->mm_users)) ++ goto free; ++ + while (count > 0) { +- int this_len, retval; ++ int this_len = min_t(int, count, PAGE_SIZE); + +- this_len = (count > PAGE_SIZE) ? PAGE_SIZE : count; +- if (copy_from_user(page, buf, this_len)) { ++ if (write && copy_from_user(page, buf, this_len)) { + copied = -EFAULT; + break; + } +- retval = access_remote_vm(mm, dst, page, this_len, 1); +- if (!retval) { ++ ++ this_len = access_remote_vm(mm, addr, page, this_len, write); ++ if (!this_len) { + if (!copied) + copied = -EIO; + break; + } +- copied += retval; +- buf += retval; +- dst += retval; +- count -= retval; ++ ++ if (!write && copy_to_user(buf, page, this_len)) { ++ copied = -EFAULT; ++ break; ++ } ++ ++ buf += this_len; ++ addr += this_len; ++ copied += this_len; ++ count -= this_len; + } +- *ppos = dst; ++ *ppos = addr; + ++ mmput(mm); ++free: free_page((unsigned long) page); return copied; } -+#endif ++static ssize_t mem_read(struct file *file, char __user *buf, ++ size_t count, loff_t *ppos) ++{ ++ return mem_rw(file, buf, count, ppos, 0); ++} ++ ++static ssize_t mem_write(struct file *file, const char __user *buf, ++ size_t count, loff_t *ppos) ++{ ++ return mem_rw(file, (char __user*)buf, count, ppos, 1); ++} ++ loff_t mem_lseek(struct file *file, loff_t offset, int orig) { -@@ -911,6 +956,9 @@ static ssize_t environ_read(struct file *file, char __user *buf, + switch (orig) { +@@ -886,8 +895,8 @@ loff_t mem_lseek(struct file *file, loff_t offset, int orig) + static int mem_release(struct inode *inode, struct file *file) + { + struct mm_struct *mm = file->private_data; +- +- mmput(mm); ++ if (mm) ++ mmdrop(mm); + return 0; + } + +@@ -911,6 +920,9 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!task) goto out_no_task; @@ -45760,7 +45569,7 @@ index 1fc1dca..813fd0b 100644 ret = -ENOMEM; page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) -@@ -1533,7 +1581,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1533,7 +1545,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) path_put(&nd->path); /* Are we allowed to snoop on the tasks file descriptors? */ @@ -45769,7 +45578,7 @@ index 1fc1dca..813fd0b 100644 goto out; error = PROC_I(inode)->op.proc_get_link(inode, &nd->path); -@@ -1572,8 +1620,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1572,8 +1584,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -45790,7 +45599,7 @@ index 1fc1dca..813fd0b 100644 error = PROC_I(inode)->op.proc_get_link(inode, &path); if (error) -@@ -1638,7 +1696,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1638,7 +1660,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -45802,7 +45611,7 @@ index 1fc1dca..813fd0b 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1656,6 +1718,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1656,6 +1682,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) struct inode *inode = dentry->d_inode; struct task_struct *task; const struct cred *cred; @@ -45812,7 +45621,7 @@ index 1fc1dca..813fd0b 100644 generic_fillattr(inode, stat); -@@ -1663,13 +1728,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1663,13 +1692,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) stat->uid = 0; stat->gid = 0; task = pid_task(proc_pid(inode), PIDTYPE_PID); @@ -45855,7 +45664,7 @@ index 1fc1dca..813fd0b 100644 } rcu_read_unlock(); return 0; -@@ -1706,11 +1799,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) +@@ -1706,11 +1763,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -45876,7 +45685,7 @@ index 1fc1dca..813fd0b 100644 rcu_read_unlock(); } else { inode->i_uid = 0; -@@ -1828,7 +1930,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) +@@ -1828,7 +1894,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) int fd = proc_fd(inode); if (task) { @@ -45886,7 +45695,7 @@ index 1fc1dca..813fd0b 100644 put_task_struct(task); } if (files) { -@@ -2096,11 +2199,21 @@ static const struct file_operations proc_fd_operations = { +@@ -2096,11 +2163,21 @@ static const struct file_operations proc_fd_operations = { */ static int proc_fd_permission(struct inode *inode, int mask) { @@ -45910,7 +45719,7 @@ index 1fc1dca..813fd0b 100644 return rv; } -@@ -2210,6 +2323,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2210,6 +2287,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -45920,7 +45729,7 @@ index 1fc1dca..813fd0b 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2254,6 +2370,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2254,6 +2334,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -45930,7 +45739,7 @@ index 1fc1dca..813fd0b 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2524,7 +2643,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -2524,7 +2607,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -45939,7 +45748,7 @@ index 1fc1dca..813fd0b 100644 if (!IS_ERR(s)) __putname(s); } -@@ -2722,7 +2841,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2722,7 +2805,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -45948,7 +45757,7 @@ index 1fc1dca..813fd0b 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2747,10 +2866,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2747,10 +2830,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -45961,7 +45770,7 @@ index 1fc1dca..813fd0b 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2784,6 +2903,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2784,6 +2867,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -45971,7 +45780,7 @@ index 1fc1dca..813fd0b 100644 }; static int proc_tgid_base_readdir(struct file * filp, -@@ -2909,7 +3031,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -2909,7 +2995,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -45986,7 +45795,7 @@ index 1fc1dca..813fd0b 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2951,7 +3080,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct +@@ -2951,7 +3044,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct if (!task) goto out; @@ -45998,7 +45807,7 @@ index 1fc1dca..813fd0b 100644 put_task_struct(task); out: return result; -@@ -3016,6 +3149,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) +@@ -3016,6 +3113,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) { unsigned int nr; struct task_struct *reaper; @@ -46010,7 +45819,7 @@ index 1fc1dca..813fd0b 100644 struct tgid_iter iter; struct pid_namespace *ns; -@@ -3039,8 +3177,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) +@@ -3039,8 +3141,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) for (iter = next_tgid(ns, iter); iter.task; iter.tgid += 1, iter = next_tgid(ns, iter)) { @@ -46039,7 +45848,7 @@ index 1fc1dca..813fd0b 100644 put_task_struct(iter.task); goto out; } -@@ -3068,7 +3225,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3068,7 +3189,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -46048,7 +45857,7 @@ index 1fc1dca..813fd0b 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3092,10 +3249,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3092,10 +3213,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -46934,7 +46743,7 @@ index 7fdf6a7..e6cd8ad 100644 sd = sysfs_new_dirent(name, mode, SYSFS_DIR); if (!sd) diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index d4e6080b..0e58b99 100644 +index 779789a..f58193c 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock); @@ -47174,20 +46983,6 @@ index 23ce927..e274cc1 100644 if (!IS_ERR(s)) kfree(s); -diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c -index ce9268a..ee98d0b 100644 ---- a/fs/xfs/xfs_vnodeops.c -+++ b/fs/xfs/xfs_vnodeops.c -@@ -131,7 +131,8 @@ xfs_readlink( - __func__, (unsigned long long) ip->i_ino, - (long long) pathlen); - ASSERT(0); -- return XFS_ERROR(EFSCORRUPTED); -+ error = XFS_ERROR(EFSCORRUPTED); -+ goto out; - } - - diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 index 0000000..dfd3d34 @@ -56975,7 +56770,7 @@ index 0000000..0dc13c3 +EXPORT_SYMBOL(gr_log_timechange); diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c new file mode 100644 -index 0000000..a35ba33 +index 0000000..07e0dc0 --- /dev/null +++ b/grsecurity/grsec_tpe.c @@ -0,0 +1,73 @@ @@ -57026,7 +56821,7 @@ index 0000000..a35ba33 + msg2 = "file in group-writable directory"; + + if (msg && msg2) { -+ char fullmsg[64] = {0}; ++ char fullmsg[70] = {0}; + snprintf(fullmsg, sizeof(fullmsg)-1, "%s and %s", msg, msg2); + gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, fullmsg, file->f_path.dentry, file->f_path.mnt); + return 0; @@ -57650,7 +57445,7 @@ index b5e2e4c..6a5373e 100644 /** * PERCPU_SECTION - define output section for percpu area, simple version diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index 1f9e951..14ef517 100644 +index bf4b2dc..2d0762f 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -59075,7 +58870,7 @@ index 0000000..da390f1 +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..b3347e2 +index 0000000..7f62b30 --- /dev/null +++ b/include/linux/grmsg.h @@ -0,0 +1,109 @@ @@ -59113,7 +58908,7 @@ index 0000000..b3347e2 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by " +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " -+#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.64s) of %.950s by " ++#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by " +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds" +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds" +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by " @@ -59190,10 +58985,10 @@ index 0000000..b3347e2 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..eb4885f +index 0000000..cb9f1c1 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,233 @@ +@@ -0,0 +1,227 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -59208,12 +59003,6 @@ index 0000000..eb4885f +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." +#endif -+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS) -+#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled." -+#endif -+#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS) -+#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled." -+#endif +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP) +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled." +#endif @@ -60496,7 +60285,7 @@ index 2148b12..519b820 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 1c4f3e9..c5b241a 100644 +index 1c4f3e9..f29cbeb 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio_list; @@ -60700,7 +60489,20 @@ index 1c4f3e9..c5b241a 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2251,7 +2343,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2235,6 +2327,12 @@ static inline void mmdrop(struct mm_struct * mm) + extern void mmput(struct mm_struct *); + /* Grab a reference to a task's mm, if it is not already going away */ + extern struct mm_struct *get_task_mm(struct task_struct *task); ++/* ++ * Grab a reference to a task's mm, if it is not already going away ++ * and ptrace_may_access with the mode parameter passed to it ++ * succeeds. ++ */ ++extern struct mm_struct *mm_access(struct task_struct *task, unsigned int mode); + /* Remove the current tasks stale references to the old mm_struct */ + extern void mm_release(struct task_struct *, struct mm_struct *); + /* Allocate a new mm structure and copy contents from tsk->mm */ +@@ -2251,7 +2349,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -60709,7 +60511,7 @@ index 1c4f3e9..c5b241a 100644 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2416,13 +2508,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2416,13 +2514,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -61087,6 +60889,44 @@ index 703cfa3..0b8ca72ac 100644 extern int proc_dointvec(struct ctl_table *, int, void __user *, size_t *, loff_t *); extern int proc_dointvec_minmax(struct ctl_table *, int, +diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h +index a71a292..51bd91d 100644 +--- a/include/linux/tracehook.h ++++ b/include/linux/tracehook.h +@@ -54,12 +54,12 @@ struct linux_binprm; + /* + * ptrace report for syscall entry and exit looks identical. + */ +-static inline void ptrace_report_syscall(struct pt_regs *regs) ++static inline int ptrace_report_syscall(struct pt_regs *regs) + { + int ptrace = current->ptrace; + + if (!(ptrace & PT_PTRACED)) +- return; ++ return 0; + + ptrace_notify(SIGTRAP | ((ptrace & PT_TRACESYSGOOD) ? 0x80 : 0)); + +@@ -72,6 +72,8 @@ static inline void ptrace_report_syscall(struct pt_regs *regs) + send_sig(current->exit_code, current, 1); + current->exit_code = 0; + } ++ ++ return fatal_signal_pending(current); + } + + /** +@@ -96,8 +98,7 @@ static inline void ptrace_report_syscall(struct pt_regs *regs) + static inline __must_check int tracehook_report_syscall_entry( + struct pt_regs *regs) + { +- ptrace_report_syscall(regs); +- return 0; ++ return ptrace_report_syscall(regs); + } + + /** diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h index ff7dc08..893e1bd 100644 --- a/include/linux/tty_ldisc.h @@ -63380,7 +63220,7 @@ index e6e01b9..619f837 100644 if (group_dead) diff --git a/kernel/fork.c b/kernel/fork.c -index da4a6a1..c04943c 100644 +index da4a6a1..0973380 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -280,7 +280,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -63597,7 +63437,34 @@ index da4a6a1..c04943c 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -829,13 +866,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -644,6 +681,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) + } + EXPORT_SYMBOL_GPL(get_task_mm); + ++struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) ++{ ++ struct mm_struct *mm; ++ int err; ++ ++ err = mutex_lock_killable(&task->signal->cred_guard_mutex); ++ if (err) ++ return ERR_PTR(err); ++ ++ mm = get_task_mm(task); ++ if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) || ++ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) { ++ mmput(mm); ++ mm = ERR_PTR(-EACCES); ++ } ++ mutex_unlock(&task->signal->cred_guard_mutex); ++ ++ return mm; ++} ++ + /* Please note the differences between mmput and mm_release. + * mmput is called whenever we stop holding onto a mm_struct, + * error success whatever. +@@ -829,13 +886,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -63613,7 +63480,7 @@ index da4a6a1..c04943c 100644 return 0; } -@@ -1097,6 +1135,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1097,6 +1155,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -63623,7 +63490,7 @@ index da4a6a1..c04943c 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1256,6 +1297,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1256,6 +1317,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -63632,7 +63499,7 @@ index da4a6a1..c04943c 100644 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1418,6 +1461,8 @@ bad_fork_cleanup_count: +@@ -1418,6 +1481,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -63641,7 +63508,7 @@ index da4a6a1..c04943c 100644 return ERR_PTR(retval); } -@@ -1518,6 +1563,8 @@ long do_fork(unsigned long clone_flags, +@@ -1518,6 +1583,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -63650,7 +63517,7 @@ index da4a6a1..c04943c 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1627,7 +1674,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1627,7 +1694,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -63659,7 +63526,7 @@ index da4a6a1..c04943c 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1716,7 +1763,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1716,7 +1783,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -66288,7 +66155,7 @@ index 2c71d91..1021f81 100644 struct tasklet_struct *list; diff --git a/kernel/sys.c b/kernel/sys.c -index 481611f..0754d86 100644 +index 481611f..4665125 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -66357,7 +66224,29 @@ index 481611f..0754d86 100644 if (nsown_capable(CAP_SETUID)) { new->suid = new->uid = uid; if (uid != old->uid) { -@@ -786,6 +808,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) +@@ -775,9 +797,18 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) + + retval = -EPERM; + if (!nsown_capable(CAP_SETUID)) { +- if (ruid != (uid_t) -1 && ruid != old->uid && +- ruid != old->euid && ruid != old->suid) +- goto error; ++ // if RBAC is enabled, require CAP_SETUID to change ++ // uid to euid (from a suid binary, for instance) ++ // this is a hardening of normal permissions, not ++ // weakening ++ if (gr_acl_is_enabled()) { ++ if (ruid != (uid_t) -1 && ruid != old->uid) ++ goto error; ++ } else { ++ if (ruid != (uid_t) -1 && ruid != old->uid && ++ ruid != old->euid && ruid != old->suid) ++ goto error; ++ } + if (euid != (uid_t) -1 && euid != old->uid && + euid != old->euid && euid != old->suid) + goto error; +@@ -786,6 +817,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) goto error; } @@ -66367,7 +66256,29 @@ index 481611f..0754d86 100644 if (ruid != (uid_t) -1) { new->uid = ruid; if (ruid != old->uid) { -@@ -850,6 +875,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) +@@ -839,9 +873,18 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) + + retval = -EPERM; + if (!nsown_capable(CAP_SETGID)) { +- if (rgid != (gid_t) -1 && rgid != old->gid && +- rgid != old->egid && rgid != old->sgid) +- goto error; ++ // if RBAC is enabled, require CAP_SETGID to change ++ // gid to egid (from a sgid binary, for instance) ++ // this is a hardening of normal permissions, not ++ // weakening ++ if (gr_acl_is_enabled()) { ++ if (rgid != (gid_t) -1 && rgid != old->gid) ++ goto error; ++ } else { ++ if (rgid != (gid_t) -1 && rgid != old->gid && ++ rgid != old->egid && rgid != old->sgid) ++ goto error; ++ } + if (egid != (gid_t) -1 && egid != old->gid && + egid != old->egid && egid != old->sgid) + goto error; +@@ -850,6 +893,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) goto error; } @@ -66377,7 +66288,7 @@ index 481611f..0754d86 100644 if (rgid != (gid_t) -1) new->gid = rgid; if (egid != (gid_t) -1) -@@ -896,6 +924,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -896,6 +942,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) old = current_cred(); old_fsuid = old->fsuid; @@ -66387,7 +66298,7 @@ index 481611f..0754d86 100644 if (uid == old->uid || uid == old->euid || uid == old->suid || uid == old->fsuid || nsown_capable(CAP_SETUID)) { -@@ -906,6 +937,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -906,6 +955,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) } } @@ -66395,7 +66306,7 @@ index 481611f..0754d86 100644 abort_creds(new); return old_fsuid; -@@ -932,12 +964,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) +@@ -932,12 +982,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) if (gid == old->gid || gid == old->egid || gid == old->sgid || gid == old->fsgid || nsown_capable(CAP_SETGID)) { @@ -66412,7 +66323,7 @@ index 481611f..0754d86 100644 abort_creds(new); return old_fsgid; -@@ -1189,7 +1225,10 @@ static int override_release(char __user *release, int len) +@@ -1189,7 +1243,10 @@ static int override_release(char __user *release, int len) } v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40; snprintf(buf, len, "2.6.%u%s", v, rest); @@ -66424,7 +66335,7 @@ index 481611f..0754d86 100644 } return ret; } -@@ -1243,19 +1282,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) +@@ -1243,19 +1300,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) return -EFAULT; down_read(&uts_sem); @@ -66449,7 +66360,7 @@ index 481611f..0754d86 100644 __OLD_UTS_LEN); error |= __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1720,7 +1759,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, +@@ -1720,7 +1777,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, error = get_dumpable(me->mm); break; case PR_SET_DUMPABLE: @@ -70421,7 +70332,7 @@ index 716eb4a..8d10419 100644 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c -index e920aa3..78fe584 100644 +index e920aa3..137702a 100644 --- a/mm/process_vm_access.c +++ b/mm/process_vm_access.c @@ -13,6 +13,7 @@ @@ -70459,21 +70370,40 @@ index e920aa3..78fe584 100644 } if (nr_pages == 0) -@@ -298,8 +299,13 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec, +@@ -298,23 +299,23 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec, goto free_proc_pages; } -+ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) { -+ rc = -EPERM; -+ goto put_task_struct; -+ } -+ - task_lock(task); +- task_lock(task); - if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) { -+ if (ptrace_may_access_nolock(task, PTRACE_MODE_ATTACH)) { - task_unlock(task); +- task_unlock(task); ++ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) { rc = -EPERM; goto put_task_struct; + } +- mm = task->mm; + +- if (!mm || (task->flags & PF_KTHREAD)) { +- task_unlock(task); +- rc = -EINVAL; ++ mm = mm_access(task, PTRACE_MODE_ATTACH); ++ if (!mm || IS_ERR(mm)) { ++ rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; ++ /* ++ * Explicitly map EACCES to EPERM as EPERM is a more a ++ * appropriate error code for process_vw_readv/writev ++ */ ++ if (rc == -EACCES) ++ rc = -EPERM; + goto put_task_struct; + } + +- atomic_inc(&mm->mm_users); +- task_unlock(task); +- + for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) { + rc = process_vm_rw_single_vec( + (unsigned long)rvec[i].iov_base, rvec[i].iov_len, diff --git a/mm/rmap.c b/mm/rmap.c index a4fd368..e0ffec7 100644 --- a/mm/rmap.c @@ -73055,7 +72985,7 @@ index 94cdbc5..0cb0063 100644 ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index a9db4b1..3c03301 100644 +index c89e354..8bd55c8 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; @@ -73338,7 +73268,7 @@ index 5a65eea..bd913a1 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 36806de..b86f74c 100644 +index 836c4ea..cbb74dc 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2149,7 +2149,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) @@ -73386,7 +73316,7 @@ index 26cb08c..8af9877 100644 msg.msg_flags = flags; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 331af3b..7789844 100644 +index 361ebf3..d5628fb 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -73476,7 +73406,7 @@ index 331af3b..7789844 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 2dea4bb..dca8ac5 100644 +index b859e4a..f9d1589 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, @@ -74343,7 +74273,7 @@ index d9d4970..d5a6a68 100644 return 0; } diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c -index bf10ea8..aeb4c3e 100644 +index d65f699..05aa6ce 100644 --- a/net/phonet/af_phonet.c +++ b/net/phonet/af_phonet.c @@ -41,7 +41,7 @@ static struct phonet_protocol *phonet_proto_get(unsigned int protocol) @@ -74396,7 +74326,7 @@ index 2ba6e9f..409573f 100644 break; } diff --git a/net/phonet/socket.c b/net/phonet/socket.c -index 3f8d0b1..74635e0 100644 +index 4c7eff3..59c727f 100644 --- a/net/phonet/socket.c +++ b/net/phonet/socket.c @@ -613,8 +613,13 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) @@ -74856,7 +74786,7 @@ index 54a7cd2..944edae 100644 to += addrlen; cnt++; diff --git a/net/socket.c b/net/socket.c -index 2877647..08e2fde 100644 +index 2dce67a..1e91168 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -75421,7 +75351,7 @@ index 1983717..4d6102c 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index b595a3d..b1cd354 100644 +index d99678a..3514a21 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net, @@ -75912,10 +75842,10 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..8465ae6 100644 +index 51bd5a0..eeabc9f 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,626 @@ +@@ -4,6 +4,627 @@ menu "Security options" @@ -76425,6 +76355,7 @@ index 51bd5a0..8465ae6 100644 + +config PAX_MEMORY_SANITIZE + bool "Sanitize all freed memory" ++ depends on !HIBERNATION + help + By saying Y here the kernel will erase memory pages as soon as they + are freed. This in turn reduces the lifetime of data stored in the @@ -76542,7 +76473,7 @@ index 51bd5a0..8465ae6 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +789,7 @@ config INTEL_TXT +@@ -169,7 +790,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX |