grsecurity updated source code

All of lore.kernel.org
 help / color / mirror / Atom feed

* grsecurity updated source code
@ 2018-12-18  2:13 James Hilliard
  2018-12-18 14:11 ` Solar Designer
  2018-12-22  8:09 ` Boris Lukashev
  0 siblings, 2 replies; 4+ messages in thread
From: James Hilliard @ 2018-12-18  2:13 UTC (permalink / raw)
  To: kernel-hardening

I've obtained and uploaded a recent grsecurity kernel here:
https://github.com/jameshilliard/linux-grsec/

>From my understanding this is the stable patch.

Source code was obtained from a vendor via GPL request.

James

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: grsecurity updated source code
  2018-12-18  2:13 grsecurity updated source code James Hilliard
@ 2018-12-18 14:11 ` Solar Designer
  2018-12-22  8:09 ` Boris Lukashev
  1 sibling, 0 replies; 4+ messages in thread
From: Solar Designer @ 2018-12-18 14:11 UTC (permalink / raw)
  To: kernel-hardening; +Cc: James Hilliard

On Mon, Dec 17, 2018 at 07:13:53PM -0700, James Hilliard wrote:
> I've obtained and uploaded a recent grsecurity kernel here:
> https://github.com/jameshilliard/linux-grsec/
> 
> From my understanding this is the stable patch.
> 
> Source code was obtained from a vendor via GPL request.

As a moderator, I reluctantly accepted James' message.  Here are the
aspects I considered:

- Availability of Linux kernel hardening changes is on-topic here.

- The kernel-hardening mailing list isn't limited to KSPP, so even if
KSPP's current stance is possibly not to use code from "closed"
grsecurity this doesn't make the message inappropriate for the list.

I also thought of many other aspects, but found them personal,
subjective, and/or outright irrelevant to my decision-making as a
moderator, so I didn't let them affect the moderation decision:

- Having this posted might result in some vendor's access to further
grsecurity patches getting revoked.  Maybe that will negatively affect
that vendors' product security, and thus security of their users.

- Having this posted might boost "accusations" against KSPP of
"stealing" "closed" grsecurity work, regardless of whether there will be
any use of this work by KSPP or not.  (I've seen such things stated as
if they were accusations on some discussion forums, but not
substantiated.  Now they might start referring to this thread.)

- The reasons not to reuse "closed" grsecurity work under KSPP are that
it's not independent innovation (does independent innovation have value
on its own or/and would it be NIH syndrome?), that there's still more
than enough to go through in older grsecurity, and that reusing the
"closed" grsecurity work would go against their preference.  As far as
I'm aware, there's nothing really stopping KSPP from doing that, and
doing it might be for the benefit of Linux users.

- I dislike the drama.  I wish James' message were never sent in here,
as having it posted might contribute to further drama.

- Having this posted might upset Brad.  That makes me unhappy.

- I guess having this posted won't negatively affect grsecurity's
business.  In fact, this is more like availability of a temporary
free trial, which might boost sales a bit later.

- I actually have mixed feelings about their business.  On one hand,
it's cutting-edge Linux kernel hardening work that still benefits some
users, and it's great that people are paid for the work.  On the other,
grsecurity has demonstrated that they may use money against free speech.

- At this point, I would be only slightly surprised if approving this
kind of messages results in Brad threatening me.  I still have enough
respect for him that I hope he won't.

I also thought of possibly not commenting on my moderation decision, or
not listing the "personal, subjective, and/or outright irrelevant"
thoughts above as they might contribute to the drama.  But in the end I
have included them, (naively?) hoping they'd help avoid further drama
and need to explain that/why these things didn't affect the decision.

Alexander

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: grsecurity updated source code
  2018-12-18  2:13 grsecurity updated source code James Hilliard
  2018-12-18 14:11 ` Solar Designer
@ 2018-12-22  8:09 ` Boris Lukashev
  2018-12-22 11:38   ` Lionel Debroux
  1 sibling, 1 reply; 4+ messages in thread
From: Boris Lukashev @ 2018-12-22  8:09 UTC (permalink / raw)
  To: James Hilliard; +Cc: kernel-hardening

Seeing how it's been a few days, a few commits into the 4.4 tree from
upstream, and no statement from the grsec folks in response to this
drop on this list anyway, it may be prudent to have a warning label on
this patch considering it is (at least sourced from work) intended to
enhance the security posture of a system:
1 - keeping these up to date is not for the faint of heart, and
realistically even people doing that for their own education still use
the official work in production (or base off of it). For example,
rebasing the tip commit from this repo into 4.4.169 should provide for
some interesting reading into the Linux codebase in everything from
memory management to the KVM hypervisor, and some interesting choices
for the reader at the end of it all. Getting it wrong may not be
apparent at compile time, and wrong may not even be a crash but an
unsafe condition affecting filesystem or memory/execution-flow
protections. The effort of going through that process of figuring out
"how it works" and "how to keep it working" is incredibly valuable
when it produces understanding of the intent and implementation, but
in terms of executable binary images, it does not produce safe/stable
results suited for production use without some practice.
2 - without a trusted entity blessing the sha256sum of that commit's
contents, it may be unsafe to use without full review, _especially_ in
security-sensitive implementations. Searching for basic backdoors in
that amount of code is already a problem (try something that leaves
write holes into EFI/memory/ME/etc when wrapped with the first
analysis), finding changes to compiler plugins which could weaken
their functionality, compromise, or destabilize the system would
require someone trusted, with verified access to the real deal (on
this kernel version no less), willing to do the work, etc.
2a - even the act of compiling this should be performed in a sandboxed
environment until its known to not cause harm during that process. Its
still code execution.

See #2 for why few people are able to confirm/deny if this patch "is
real," but it is at least sourced from the real deal. The GPL seems to
have worked to give the public a snapshot view of work at least
derived from the grsec folks' significant efforts over the last year
and a half. This is an opportunity to learn and improve the public
ecosystem, not a security solution for anyone actually responsible for
their/client/etc security unless they _really_ know what they're doing
when working with the codebase.
Nobody from Open Source Security Inc (i think that's the grsec authors
official designation) asked me to write this, i actually do not have
direct communication with them at all, and i have no idea how they
will view these warnings. Considering their work, i assume they would
also suggest everyone practice safe exec...

-Boris

On Tue, Dec 18, 2018 at 9:09 AM James Hilliard
<james.hilliard1@gmail.com> wrote:
>
> I've obtained and uploaded a recent grsecurity kernel here:
> https://github.com/jameshilliard/linux-grsec/
>
> From my understanding this is the stable patch.
>
> Source code was obtained from a vendor via GPL request.
>
> James

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: grsecurity updated source code
  2018-12-22  8:09 ` Boris Lukashev
@ 2018-12-22 11:38   ` Lionel Debroux
  0 siblings, 0 replies; 4+ messages in thread
From: Lionel Debroux @ 2018-12-22 11:38 UTC (permalink / raw)
  To: kernel-hardening


[-- Attachment #1.1.1: Type: text/plain, Size: 4463 bytes --]

Hi,

Well... the updated grsec patch makes using the outdated Linux 4.4.x
branch _much_ safer on average, even when not taking advantage of the
RAP (patented) and Respectre plugins:
* KERNEXEC, MEMORY_UDEREF, the full versions of CONSTIFY (+ manual
fixes) and RANDSTRUCT, and other hallmark grsec features, close up
immensely more holes than they might (that's unproven, AFAIK) open;
* the patch shows a wide sampling of security-related fixes missing from
4.4.x and sometimes newer official LTS trees;
* various scattered fixes and improvements (e.g. enums instead of ints
as function argument or return types), most of which were already
visible in earlier versions of the grsec patch, are also useful.

The LF and commercial Linux vendors really ought to take advantage of
the contents of that patch, buying some more developer time if they
don't currently have the resources to do so, for both mainline and LTS
kernels to become less insecure, and for the many-year LTS maintenance
figures to be less meaningless ;)


The result of several hours of work browsing through the updated grsec
patch is reproduced below and attached:
* patch review notes I posted on IRC several days ago;
* my patch hunk extractions, << 1% of the size of the grsec patch.
It was interesting, but I don't plan on doing more such work. There are
limits to working as an unpaid volunteer for the benefit of the LF and
large companies who have near-unlimited resources to buy developer time.

These notes and hunks should be a usable starting point for finding the
commit IDs of a number of mainline changes whose backports to LTS trees
are missing, as well as integrating brand-new fixes to mainline :)


"
The grsec diff against mainline 4.4.162, and comparing against 4.4.168
and 4.20-rc7, pinpoints some missing stable backports, e.g. the second
hunk of arch/x86/kernel/ksysfs.c .
Also possibly the first hunk of arch/x86/kernel/kvm.c .

Also missing from 4.4.168 are the "We should not singlestep on the
exception masking instructions" hunks in arch/x86/kernel/kprobes/core.c
and arch/x86/kernel/uprobes.c and the related hunk in
arch/x86/include/asm/insn.h .
This [ku]probes fix is also missing from the 4.9 series.

Besides a backport of L1TF / nosmt and a (better ?) backport of SSBD,
the new grsec patch also shows a backport of kcov.

In arch/x86/kernel/cpu/perf_event.c , get_segment_base(), do I really
see a fix preventing an access to the LDT entry at
&ldt->entries[ldt->size] ?

The arch/x86/kernel/e820.c hunk shows that 4.4.x versions pass the
argument of early_panic() directly to early_printk() + panic(). Too bad
if said argument somehow ends up being a format string. 4.20-rc7 still
behaves that way.

In arch/x86/kernel/fpu/xstate.c , fpu__xstate_clear_all_cpu_caps() and
fpu__init_disable_system_xstate() are only called from that file or an
__init function in arch/x86/kernel/fpu/init.c , so the __init
annotations on these functions look useful.

In arch/x86/kernel/i8259.c , the hunk related to io_apic_irqs is useful,
since that variable is unsigned long.

The format string changes in drivers/acpi/acpica/* are correct and
useful, and at least those from drivers/acpi/acpica/dbinput.c still
apply verbatim to 4.20-rc7.
The constification hunks for drivers/acpi/blacklist.c and
drivers/acpi/bus.c are in 4.20-rc7 but missing from 4.4.168.
So are the constification hunks for drivers/acpi/ec.c ,
drivers/acpi/pci_slot.c , drivers/acpi/processor_pdc.c ,
drivers/acpi/sleep.c , drivers/acpi/thermal.c and the kfree() addition
in drivers/acpi/utils.c.

I remember the drivers/cpufreq/sparc-us3-cpufreq.c hunks from earlier
iterations of the grsec patch; the grsec changes make the code simpler.

The changes in drivers/crypto/marvell/hash.c look like another missing
stable backport.

Likewise for the cleanup in drivers/dma/img-mdc-dma.c .

At least one of the hunks in drivers/gpu/drm/ttm/ttm_page_alloc.c is an
actual fix, not available in 4.20-rc7.
Same type of code in drivers/gpu/drm/ttm/ttm_page_alloc_dma.c .

Various hunks in ISDN and elsewhere constifying the struct kernel_param
* arguments are available in 4.20-rc7 but missing from 4.4.168.

drivers/isdn/isdnloop/isdnloop.c , drivers/isdn/mISDN/tei.c and other
missing backports in ISDN code.

Locking annotations not backported in e.g. drivers/md/dm.c and elsewhere.
"


Regards,
Lionel Debroux.

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.2: grsec_hunks_acpi1.diff --]
[-- Type: text/x-patch; name="grsec_hunks_acpi1.diff", Size: 7640 bytes --]

diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c
index 2f24b578bcaf..9b5c2ac1739a 100644
--- a/drivers/acpi/blacklist.c
+++ b/drivers/acpi/blacklist.c
@@ -47,7 +47,7 @@ struct acpi_blacklist_item {
 	u32 is_critical_error;
 };
 
-static struct dmi_system_id acpi_osi_dmi_table[] __initdata;
+static const struct dmi_system_id acpi_osi_dmi_table[] __initconst;
 
 /*
  * POLICY: If *anything* doesn't work, put it on the blacklist.
@@ -168,7 +168,7 @@ static int __init dmi_enable_rev_override(const struct dmi_system_id *d)
 }
 #endif
 
-static struct dmi_system_id acpi_osi_dmi_table[] __initdata = {
+static const struct dmi_system_id acpi_osi_dmi_table[] __initconst = {
 	{
 	.callback = dmi_disable_osi_vista,
 	.ident = "Fujitsu Siemens",
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index ca4f28432d87..ae18affb7f4a 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -63,7 +63,7 @@ static int set_copy_dsdt(const struct dmi_system_id *id)
 }
 #endif
 
-static struct dmi_system_id dsdt_dmi_table[] __initdata = {
+static const struct dmi_system_id dsdt_dmi_table[] __initconst = {
 	/*
 	 * Invoke DSDT corruption work-around on all Toshiba Satellite.
 	 * https://bugzilla.kernel.org/show_bug.cgi?id=14679
@@ -79,7 +79,7 @@ static struct dmi_system_id dsdt_dmi_table[] __initdata = {
 	{}
 };
 #else
-static struct dmi_system_id dsdt_dmi_table[] __initdata = {
+static const struct dmi_system_id dsdt_dmi_table[] __initconst = {
 	{}
 };
 #endif
diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c
index 2f24b578bcaf..9b5c2ac1739a 100644
--- a/drivers/acpi/blacklist.c
+++ b/drivers/acpi/blacklist.c
@@ -47,7 +47,7 @@ struct acpi_blacklist_item {
 	u32 is_critical_error;
 };
 
-static struct dmi_system_id acpi_osi_dmi_table[] __initdata;
+static const struct dmi_system_id acpi_osi_dmi_table[] __initconst;
 
 /*
  * POLICY: If *anything* doesn't work, put it on the blacklist.
@@ -168,7 +168,7 @@ static int __init dmi_enable_rev_override(const struct dmi_system_id *d)
 }
 #endif
 
-static struct dmi_system_id acpi_osi_dmi_table[] __initdata = {
+static const struct dmi_system_id acpi_osi_dmi_table[] __initconst = {
 	{
 	.callback = dmi_disable_osi_vista,
 	.ident = "Fujitsu Siemens",
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
index ca4f28432d87..ae18affb7f4a 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -63,7 +63,7 @@ static int set_copy_dsdt(const struct dmi_system_id *id)
 }
 #endif
 
-static struct dmi_system_id dsdt_dmi_table[] __initdata = {
+static const struct dmi_system_id dsdt_dmi_table[] __initconst = {
 	/*
 	 * Invoke DSDT corruption work-around on all Toshiba Satellite.
 	 * https://bugzilla.kernel.org/show_bug.cgi?id=14679
@@ -79,7 +79,7 @@ static struct dmi_system_id dsdt_dmi_table[] __initdata = {
 	{}
 };
 #else
-static struct dmi_system_id dsdt_dmi_table[] __initdata = {
+static const struct dmi_system_id dsdt_dmi_table[] __initconst = {
 	{}
 };
 #endif
diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
index 43f20328f830..c1a103d81f6b 100644
--- a/drivers/acpi/ec.c
+++ b/drivers/acpi/ec.c
@@ -1509,7 +1509,7 @@ static int ec_clear_on_resume(const struct dmi_system_id *id)
 	return 0;
 }
 
-static struct dmi_system_id ec_dmi_table[] __initdata = {
+static const struct dmi_system_id ec_dmi_table[] __initconst = {
 	{
 	ec_skip_dsdt_scan, "Compal JFL92", {
 	DMI_MATCH(DMI_BIOS_VENDOR, "COMPAL"),
@@ -1616,7 +1616,7 @@ error:
 	return -ENODEV;
 }
 
-static int param_set_event_clearing(const char *val, struct kernel_param *kp)
+static int param_set_event_clearing(const char *val, const struct kernel_param *kp)
 {
 	int result = 0;
 
@@ -1634,7 +1634,7 @@ static int param_set_event_clearing(const char *val, struct kernel_param *kp)
 	return result;
 }
 
-static int param_get_event_clearing(char *buffer, struct kernel_param *kp)
+static int param_get_event_clearing(char *buffer, const struct kernel_param *kp)
 {
 	switch (ec_event_clearing) {
 	case ACPI_EC_EVT_TIMING_STATUS:
diff --git a/drivers/acpi/pci_slot.c b/drivers/acpi/pci_slot.c
index 7188e53b6b7c..6012bc465382 100644
--- a/drivers/acpi/pci_slot.c
+++ b/drivers/acpi/pci_slot.c
@@ -191,7 +191,7 @@ static int do_sta_before_sun(const struct dmi_system_id *d)
 	return 0;
 }
 
-static struct dmi_system_id acpi_pci_slot_dmi_table[] __initdata = {
+static const struct dmi_system_id acpi_pci_slot_dmi_table[] __initconst = {
 	/*
 	 * Fujitsu Primequest machines will return 1023 to indicate an
 	 * error if the _SUN method is evaluated on SxFy objects that
diff --git a/drivers/acpi/processor_pdc.c b/drivers/acpi/processor_pdc.c
index 7cfbda4d7c51..74f738cb6073 100644
--- a/drivers/acpi/processor_pdc.c
+++ b/drivers/acpi/processor_pdc.c
@@ -173,7 +173,7 @@ static int __init set_no_mwait(const struct dmi_system_id *id)
 	return 0;
 }
 
-static struct dmi_system_id processor_idle_dmi_table[] __initdata = {
+static const struct dmi_system_id processor_idle_dmi_table[] __initconst = {
 	{
 	set_no_mwait, "Extensa 5220", {
 	DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies LTD"),
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index 4f07029de209..b57c10b9c75a 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -154,7 +154,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
 	return 0;
 }
 
-static struct dmi_system_id acpisleep_dmi_table[] __initdata = {
+static const struct dmi_system_id acpisleep_dmi_table[] __initconst = {
 	{
 	.callback = init_old_suspend_ordering,
 	.ident = "Abit KN9 (nForce4 variant)",
diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
index 4b3a9e27f1b6..c80f3c28cfb3 100644
--- a/drivers/acpi/sysfs.c
+++ b/drivers/acpi/sysfs.c
@@ -227,7 +227,7 @@ module_param_cb(trace_method_name, &param_ops_trace_method, &trace_method_name,
 module_param_cb(trace_debug_layer, &param_ops_trace_attrib, &acpi_gbl_trace_dbg_layer, 0644);
 module_param_cb(trace_debug_level, &param_ops_trace_attrib, &acpi_gbl_trace_dbg_level, 0644);
 
-static int param_set_trace_state(const char *val, struct kernel_param *kp)
+static int param_set_trace_state(const char *val, const struct kernel_param *kp)
 {
 	acpi_status status;
 	const char *method = trace_method_name;
@@ -263,7 +263,7 @@ static int param_set_trace_state(const char *val, struct kernel_param *kp)
 	return 0;
 }
 
-static int param_get_trace_state(char *buffer, struct kernel_param *kp)
+static int param_get_trace_state(char *buffer, const struct kernel_param *kp)
 {
 	if (!(acpi_gbl_trace_flags & ACPI_TRACE_ENABLED))
 		return sprintf(buffer, "disable");
@@ -292,7 +292,7 @@ MODULE_PARM_DESC(aml_debug_output,
 		 "To enable/disable the ACPI Debug Object output.");
 
 /* /sys/module/acpi/parameters/acpica_version */
-static int param_get_acpica_version(char *buffer, struct kernel_param *kp)
+static int param_get_acpica_version(char *buffer, const struct kernel_param *kp)
 {
 	int result;
 
diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c
index 82707f9824ca..a6b19f584e6b 100644
--- a/drivers/acpi/thermal.c
+++ b/drivers/acpi/thermal.c
@@ -1208,7 +1208,7 @@ static int thermal_psv(const struct dmi_system_id *d) {
 	return 0;
 }
 
-static struct dmi_system_id thermal_dmi_table[] __initdata = {
+static const struct dmi_system_id thermal_dmi_table[] __initconst = {
 	/*
 	 * Award BIOS on this AOpen makes thermal control almost worthless.
 	 * http://bugzilla.kernel.org/show_bug.cgi?id=8842

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.3: grsec_hunks_acpi2.diff --]
[-- Type: text/x-patch; name="grsec_hunks_acpi2.diff", Size: 2168 bytes --]

diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c
index 08a02cdc737c..1fa97875259f 100644
--- a/drivers/acpi/device_pm.c
+++ b/drivers/acpi/device_pm.c
@@ -1024,6 +1024,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
 
 #endif /* CONFIG_PM_SLEEP */
 
+static void acpi_dev_pm_detach(struct device *dev, bool power_off);
+
 static struct dev_pm_domain acpi_general_pm_domain = {
 	.ops = {
 		.runtime_suspend = acpi_subsys_runtime_suspend,
@@ -1040,6 +1042,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
 		.restore_early = acpi_subsys_resume_early,
 #endif
 	},
+	.detach = acpi_dev_pm_detach
 };
 
 /**
@@ -1117,7 +1120,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
 		acpi_device_wakeup(adev, ACPI_STATE_S0, false);
 	}
 
-	dev->pm_domain->detach = acpi_dev_pm_detach;
 	return 0;
 }
 EXPORT_SYMBOL_GPL(acpi_dev_pm_attach);
diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
index 8c5503c0bad7..9e094c5d6d5a 100644
--- a/drivers/acpi/video_detect.c
+++ b/drivers/acpi/video_detect.c
@@ -41,7 +41,6 @@ ACPI_MODULE_NAME("video");
 void acpi_video_unregister_backlight(void);
 
 static bool backlight_notifier_registered;
-static struct notifier_block backlight_nb;
 static struct work_struct backlight_notify_work;
 
 static enum acpi_backlight_type acpi_backlight_cmdline = acpi_backlight_undef;
@@ -323,6 +322,10 @@ static int acpi_video_backlight_notify(struct notifier_block *nb,
 	return NOTIFY_OK;
 }
 
+static struct notifier_block backlight_nb = {
+	.notifier_call = acpi_video_backlight_notify,
+};
+
 /*
  * Determine which type of backlight interface to use on this system,
  * First check cmdline, then dmi quirks, then do autodetect.
@@ -353,8 +356,6 @@ enum acpi_backlight_type acpi_video_get_backlight_type(void)
 				    &video_caps, NULL);
 		INIT_WORK(&backlight_notify_work,
 			  acpi_video_backlight_notify_work);
-		backlight_nb.notifier_call = acpi_video_backlight_notify;
-		backlight_nb.priority = 0;
 		if (backlight_register_notifier(&backlight_nb) == 0)
 			backlight_notifier_registered = true;
 		init_done = true;

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.4: grsec_hunks_acpi3.diff --]
[-- Type: text/x-patch; name="grsec_hunks_acpi3.diff", Size: 715 bytes --]

diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
index 4b3a9e27f1b6..c80f3c28cfb3 100644
--- a/drivers/acpi/sysfs.c
+++ b/drivers/acpi/sysfs.c
@@ -776,13 +776,13 @@ static void __exit interrupt_stats_exit(void)
 }
 
 static ssize_t
-acpi_show_profile(struct device *dev, struct device_attribute *attr,
+acpi_show_profile(struct kobject *kobj, struct kobj_attribute *attr,
 		  char *buf)
 {
 	return sprintf(buf, "%d\n", acpi_gbl_FADT.preferred_profile);
 }
 
-static const struct device_attribute pm_profile_attr =
+static const struct kobj_attribute pm_profile_attr =
 	__ATTR(pm_profile, S_IRUGO, acpi_show_profile, NULL);
 
 static ssize_t hotplug_enabled_show(struct kobject *kobj,

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.5: grsec_hunks_acpi4.diff --]
[-- Type: text/x-patch; name="grsec_hunks_acpi4.diff", Size: 371 bytes --]

diff --git a/drivers/acpi/utils.c b/drivers/acpi/utils.c
index 475c9079bf85..ce3d3248ebe5 100644
--- a/drivers/acpi/utils.c
+++ b/drivers/acpi/utils.c
@@ -358,6 +358,7 @@ acpi_evaluate_reference(acpi_handle handle,
 	}
 
 	if (package->package.count > ACPI_MAX_HANDLES) {
+		kfree(package);
 		return AE_NO_MEMORY;
 	}
 	list->count = package->package.count;

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.6: grsec_hunks_acpica.diff --]
[-- Type: text/x-patch; name="grsec_hunks_acpica.diff", Size: 10022 bytes --]

diff --git a/drivers/acpi/acpica/dbhistry.c b/drivers/acpi/acpica/dbhistry.c
index 9c66a9eadd38..b4aa3a6cd5e8 100644
--- a/drivers/acpi/acpica/dbhistry.c
+++ b/drivers/acpi/acpica/dbhistry.c
@@ -155,7 +155,7 @@ void acpi_db_display_history(void)
 
 	for (i = 0; i < acpi_gbl_num_history; i++) {
 		if (acpi_gbl_history_buffer[history_index].command) {
-			acpi_os_printf("%3ld %s\n",
+			acpi_os_printf("%3u %s\n",
 				       acpi_gbl_history_buffer[history_index].
 				       cmd_num,
 				       acpi_gbl_history_buffer[history_index].
diff --git a/drivers/acpi/acpica/dbinput.c b/drivers/acpi/acpica/dbinput.c
index 0480254437f1..ce2cfbd6d3bb 100644
--- a/drivers/acpi/acpica/dbinput.c
+++ b/drivers/acpi/acpica/dbinput.c
@@ -604,7 +604,7 @@ static u32 acpi_db_get_line(char *input_buffer)
 	    (acpi_gbl_db_parsed_buf, sizeof(acpi_gbl_db_parsed_buf),
 	     input_buffer)) {
 		acpi_os_printf
-		    ("Buffer overflow while parsing input line (max %u characters)\n",
+		    ("Buffer overflow while parsing input line (max %lu characters)\n",
 		     sizeof(acpi_gbl_db_parsed_buf));
 		return (0);
 	}
@@ -861,24 +861,24 @@ acpi_db_command_dispatch(char *input_buffer,
 
 		if (param_count == 0) {
 			acpi_os_printf
-			    ("Current debug level for file output is:    %8.8lX\n",
+			    ("Current debug level for file output is:    %8.8X\n",
 			     acpi_gbl_db_debug_level);
 			acpi_os_printf
-			    ("Current debug level for console output is: %8.8lX\n",
+			    ("Current debug level for console output is: %8.8X\n",
 			     acpi_gbl_db_console_debug_level);
 		} else if (param_count == 2) {
 			temp = acpi_gbl_db_console_debug_level;
 			acpi_gbl_db_console_debug_level =
 			    strtoul(acpi_gbl_db_args[1], NULL, 16);
 			acpi_os_printf
-			    ("Debug Level for console output was %8.8lX, now %8.8lX\n",
+			    ("Debug Level for console output was %8.8X, now %8.8X\n",
 			     temp, acpi_gbl_db_console_debug_level);
 		} else {
 			temp = acpi_gbl_db_debug_level;
 			acpi_gbl_db_debug_level =
 			    strtoul(acpi_gbl_db_args[1], NULL, 16);
 			acpi_os_printf
-			    ("Debug Level for file output was %8.8lX, now %8.8lX\n",
+			    ("Debug Level for file output was %8.8X, now %8.8X\n",
 			     temp, acpi_gbl_db_debug_level);
 		}
 		break;
diff --git a/drivers/acpi/acpica/dbstats.c b/drivers/acpi/acpica/dbstats.c
index 4ba0a20811eb..278c696ac715 100644
--- a/drivers/acpi/acpica/dbstats.c
+++ b/drivers/acpi/acpica/dbstats.c
@@ -377,16 +377,17 @@ acpi_status acpi_db_display_statistics(char *type_arg)
 			       "ACPI_TYPE", "NODES", "OBJECTS");
 
 		for (i = 0; i < ACPI_TYPE_NS_NODE_MAX; i++) {
-			acpi_os_printf("%16.16s % 10ld% 10ld\n",
+			acpi_os_printf("%16.16s % 10d% 10d\n",
 				       acpi_ut_get_type_name(i),
 				       acpi_gbl_node_type_count[i],
 				       acpi_gbl_obj_type_count[i]);
 		}
-		acpi_os_printf("%16.16s % 10ld% 10ld\n", "Misc/Unknown",
+
+		acpi_os_printf("%16.16s % 10d% 10d\n", "Misc/Unknown",
 			       acpi_gbl_node_type_count_misc,
 			       acpi_gbl_obj_type_count_misc);
 
-		acpi_os_printf("%16.16s % 10ld% 10ld\n", "TOTALS:",
+		acpi_os_printf("%16.16s % 10d% 10d\n", "TOTALS:",
 			       acpi_gbl_num_nodes, acpi_gbl_num_objects);
 		break;
 
@@ -414,16 +415,16 @@ acpi_status acpi_db_display_statistics(char *type_arg)
 	case CMD_STAT_MISC:
 
 		acpi_os_printf("\nMiscellaneous Statistics:\n\n");
-		acpi_os_printf("Calls to AcpiPsFind:.. ........% 7ld\n",
+		acpi_os_printf("Calls to AcpiPsFind:.. ........% 7u\n",
 			       acpi_gbl_ps_find_count);
-		acpi_os_printf("Calls to AcpiNsLookup:..........% 7ld\n",
+		acpi_os_printf("Calls to AcpiNsLookup:..........% 7u\n",
 			       acpi_gbl_ns_lookup_count);
 
 		acpi_os_printf("\n");
 
 		acpi_os_printf("Mutex usage:\n\n");
 		for (i = 0; i < ACPI_NUM_MUTEX; i++) {
-			acpi_os_printf("%-28s:     % 7ld\n",
+			acpi_os_printf("%-28s:     % 7u\n",
 				       acpi_ut_get_mutex_name(i),
 				       acpi_gbl_mutex_info[i].use_count);
 		}
@@ -433,87 +434,87 @@ acpi_status acpi_db_display_statistics(char *type_arg)
 
 		acpi_os_printf("\nInternal object sizes:\n\n");
 
-		acpi_os_printf("Common         %3d\n",
+		acpi_os_printf("Common         %3lu\n",
 			       sizeof(struct acpi_object_common));
-		acpi_os_printf("Number         %3d\n",
+		acpi_os_printf("Number         %3lu\n",
 			       sizeof(struct acpi_object_integer));
-		acpi_os_printf("String         %3d\n",
+		acpi_os_printf("String         %3lu\n",
 			       sizeof(struct acpi_object_string));
-		acpi_os_printf("Buffer         %3d\n",
+		acpi_os_printf("Buffer         %3lu\n",
 			       sizeof(struct acpi_object_buffer));
-		acpi_os_printf("Package        %3d\n",
+		acpi_os_printf("Package        %3lu\n",
 			       sizeof(struct acpi_object_package));
-		acpi_os_printf("BufferField    %3d\n",
+		acpi_os_printf("BufferField    %3lu\n",
 			       sizeof(struct acpi_object_buffer_field));
-		acpi_os_printf("Device         %3d\n",
+		acpi_os_printf("Device         %3lu\n",
 			       sizeof(struct acpi_object_device));
-		acpi_os_printf("Event          %3d\n",
+		acpi_os_printf("Event          %3lu\n",
 			       sizeof(struct acpi_object_event));
-		acpi_os_printf("Method         %3d\n",
+		acpi_os_printf("Method         %3lu\n",
 			       sizeof(struct acpi_object_method));
-		acpi_os_printf("Mutex          %3d\n",
+		acpi_os_printf("Mutex          %3lu\n",
 			       sizeof(struct acpi_object_mutex));
-		acpi_os_printf("Region         %3d\n",
+		acpi_os_printf("Region         %3lu\n",
 			       sizeof(struct acpi_object_region));
-		acpi_os_printf("PowerResource  %3d\n",
+		acpi_os_printf("PowerResource  %3lu\n",
 			       sizeof(struct acpi_object_power_resource));
-		acpi_os_printf("Processor      %3d\n",
+		acpi_os_printf("Processor      %3lu\n",
 			       sizeof(struct acpi_object_processor));
-		acpi_os_printf("ThermalZone    %3d\n",
+		acpi_os_printf("ThermalZone    %3lu\n",
 			       sizeof(struct acpi_object_thermal_zone));
-		acpi_os_printf("RegionField    %3d\n",
+		acpi_os_printf("RegionField    %3lu\n",
 			       sizeof(struct acpi_object_region_field));
-		acpi_os_printf("BankField      %3d\n",
+		acpi_os_printf("BankField      %3lu\n",
 			       sizeof(struct acpi_object_bank_field));
-		acpi_os_printf("IndexField     %3d\n",
+		acpi_os_printf("IndexField     %3lu\n",
 			       sizeof(struct acpi_object_index_field));
-		acpi_os_printf("Reference      %3d\n",
+		acpi_os_printf("Reference      %3lu\n",
 			       sizeof(struct acpi_object_reference));
-		acpi_os_printf("Notify         %3d\n",
+		acpi_os_printf("Notify         %3lu\n",
 			       sizeof(struct acpi_object_notify_handler));
-		acpi_os_printf("AddressSpace   %3d\n",
+		acpi_os_printf("AddressSpace   %3lu\n",
 			       sizeof(struct acpi_object_addr_handler));
-		acpi_os_printf("Extra          %3d\n",
+		acpi_os_printf("Extra          %3lu\n",
 			       sizeof(struct acpi_object_extra));
-		acpi_os_printf("Data           %3d\n",
+		acpi_os_printf("Data           %3lu\n",
 			       sizeof(struct acpi_object_data));
 
 		acpi_os_printf("\n");
 
-		acpi_os_printf("ParseObject    %3d\n",
+		acpi_os_printf("ParseObject    %3lu\n",
 			       sizeof(struct acpi_parse_obj_common));
-		acpi_os_printf("ParseObjectNamed %3d\n",
+		acpi_os_printf("ParseObjectNamed %3lu\n",
 			       sizeof(struct acpi_parse_obj_named));
-		acpi_os_printf("ParseObjectAsl %3d\n",
+		acpi_os_printf("ParseObjectAsl %3lu\n",
 			       sizeof(struct acpi_parse_obj_asl));
-		acpi_os_printf("OperandObject  %3d\n",
+		acpi_os_printf("OperandObject  %3lu\n",
 			       sizeof(union acpi_operand_object));
-		acpi_os_printf("NamespaceNode  %3d\n",
+		acpi_os_printf("NamespaceNode  %3lu\n",
 			       sizeof(struct acpi_namespace_node));
-		acpi_os_printf("AcpiObject     %3d\n",
+		acpi_os_printf("AcpiObject     %3lu\n",
 			       sizeof(union acpi_object));
 
 		acpi_os_printf("\n");
 
-		acpi_os_printf("Generic State  %3d\n",
+		acpi_os_printf("Generic State  %3lu\n",
 			       sizeof(union acpi_generic_state));
-		acpi_os_printf("Common State   %3d\n",
+		acpi_os_printf("Common State   %3lu\n",
 			       sizeof(struct acpi_common_state));
-		acpi_os_printf("Control State  %3d\n",
+		acpi_os_printf("Control State  %3lu\n",
 			       sizeof(struct acpi_control_state));
-		acpi_os_printf("Update State   %3d\n",
+		acpi_os_printf("Update State   %3lu\n",
 			       sizeof(struct acpi_update_state));
-		acpi_os_printf("Scope State    %3d\n",
+		acpi_os_printf("Scope State    %3lu\n",
 			       sizeof(struct acpi_scope_state));
-		acpi_os_printf("Parse Scope    %3d\n",
+		acpi_os_printf("Parse Scope    %3lu\n",
 			       sizeof(struct acpi_pscope_state));
-		acpi_os_printf("Package State  %3d\n",
+		acpi_os_printf("Package State  %3lu\n",
 			       sizeof(struct acpi_pkg_state));
-		acpi_os_printf("Thread State   %3d\n",
+		acpi_os_printf("Thread State   %3lu\n",
 			       sizeof(struct acpi_thread_state));
-		acpi_os_printf("Result Values  %3d\n",
+		acpi_os_printf("Result Values  %3lu\n",
 			       sizeof(struct acpi_result_values));
-		acpi_os_printf("Notify Info    %3d\n",
+		acpi_os_printf("Notify Info    %3lu\n",
 			       sizeof(struct acpi_notify_info));
 		break;
 
diff --git a/drivers/acpi/acpica/utdebug.c b/drivers/acpi/acpica/utdebug.c
index 4146229103c8..615a20d283b2 100644
--- a/drivers/acpi/acpica/utdebug.c
+++ b/drivers/acpi/acpica/utdebug.c
@@ -193,7 +193,7 @@ acpi_debug_print(u32 requested_debug_level,
 	 * Display the module name, current line number, thread ID (if requested),
 	 * current procedure nesting level, and the current procedure name
 	 */
-	acpi_os_printf("%9s-%04ld ", module_name, line_number);
+	acpi_os_printf("%9s-%04u ", module_name, line_number);
 
 #ifdef ACPI_APPLICATION
 	/*

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.7: grsec_hunks_firmware1.diff --]
[-- Type: text/x-patch; name="grsec_hunks_firmware1.diff", Size: 988 bytes --]

diff --git a/drivers/firmware/google/gsmi.c b/drivers/firmware/google/gsmi.c
index f1ab05ea56bb..ab5122883f71 100644
--- a/drivers/firmware/google/gsmi.c
+++ b/drivers/firmware/google/gsmi.c
@@ -709,7 +709,7 @@ static u32 __init hash_oem_table_id(char s[8])
 	return local_hash_64(input, 32);
 }
 
-static struct dmi_system_id gsmi_dmi_table[] __initdata = {
+static const struct dmi_system_id gsmi_dmi_table[] __initconst = {
 	{
 		.ident = "Google Board",
 		.matches = {
diff --git a/drivers/firmware/google/memconsole.c b/drivers/firmware/google/memconsole.c
index 2f569aaed4c7..3af549743e8e 100644
--- a/drivers/firmware/google/memconsole.c
+++ b/drivers/firmware/google/memconsole.c
@@ -136,7 +136,7 @@ static bool __init found_memconsole(void)
 	return false;
 }
 
-static struct dmi_system_id memconsole_dmi_table[] __initdata = {
+static const struct dmi_system_id memconsole_dmi_table[] __initconst = {
 	{
 		.ident = "Google Board",
 		.matches = {

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.8: grsec_hunks_hid.diff --]
[-- Type: text/x-patch; name="grsec_hunks_hid.diff", Size: 471 bytes --]

diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index c13fb5bd79e8..55a380241f05 100644
--- a/drivers/hid/hid-wiimote-debug.c
+++ b/drivers/hid/hid-wiimote-debug.c
@@ -66,7 +66,7 @@ static ssize_t wiidebug_eeprom_read(struct file *f, char __user *u, size_t s,
 	else if (size == 0)
 		return -EIO;
 
-	if (copy_to_user(u, buf, size))
+	if (size > sizeof(buf) || copy_to_user(u, buf, size))
 		return -EFAULT;
 
 	*off += size;

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.9: grsec_hunks_input.diff --]
[-- Type: text/x-patch; name="grsec_hunks_input.diff", Size: 457 bytes --]

diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
index 30328e57fdda..095c7dd87eae 100644
--- a/drivers/input/mousedev.c
+++ b/drivers/input/mousedev.c
@@ -750,7 +750,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
 
 	spin_unlock_irq(&client->packet_lock);
 
-	if (copy_to_user(buffer, data, count))
+	if (count > sizeof(data) || copy_to_user(buffer, data, count))
 		return -EFAULT;
 
 	return count;

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.10: grsec_hunks_md.diff --]
[-- Type: text/x-patch; name="grsec_hunks_md.diff", Size: 2784 bytes --]

diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index de628883ee3d..61a2b1f2e7a0 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1451,7 +1451,7 @@ static int crypt_alloc_tfms(struct crypt_config *cc, char *ciphermode)
 	unsigned i;
 	int err;
 
-	cc->tfms = kmalloc(cc->tfms_count * sizeof(struct crypto_ablkcipher *),
+	cc->tfms = kzalloc(cc->tfms_count * sizeof(struct crypto_ablkcipher *),
 			   GFP_KERNEL);
 	if (!cc->tfms)
 		return -ENOMEM;
diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c
index 1b84d2890fbf..ad9a470e5382 100644
--- a/drivers/md/dm-io.c
+++ b/drivers/md/dm-io.c
@@ -50,7 +50,7 @@ struct dm_io_client *dm_io_client_create(void)
 	struct dm_io_client *client;
 	unsigned min_ios = dm_get_reserved_bio_based_ios();
 
-	client = kmalloc(sizeof(*client), GFP_KERNEL);
+	client = kzalloc(sizeof(*client), GFP_KERNEL);
 	if (!client)
 		return ERR_PTR(-ENOMEM);
 
diff --git a/drivers/md/dm-kcopyd.c b/drivers/md/dm-kcopyd.c
index 54c308e6704f..531f2e1d767b 100644
--- a/drivers/md/dm-kcopyd.c
+++ b/drivers/md/dm-kcopyd.c
@@ -820,7 +820,7 @@ struct dm_kcopyd_client *dm_kcopyd_client_create(struct dm_kcopyd_throttle *thro
 	int r = -ENOMEM;
 	struct dm_kcopyd_client *kc;
 
-	kc = kmalloc(sizeof(*kc), GFP_KERNEL);
+	kc = kzalloc(sizeof(*kc), GFP_KERNEL);
 	if (!kc)
 		return ERR_PTR(-ENOMEM);
 
diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c
index 74cb7b991d41..a93a4e683999 100644
--- a/drivers/md/dm-region-hash.c
+++ b/drivers/md/dm-region-hash.c
@@ -179,7 +179,7 @@ struct dm_region_hash *dm_region_hash_create(
 		;
 	nr_buckets >>= 1;
 
-	rh = kmalloc(sizeof(*rh), GFP_KERNEL);
+	rh = kzalloc(sizeof(*rh), GFP_KERNEL);
 	if (!rh) {
 		DMERR("unable to allocate region hash memory");
 		return ERR_PTR(-ENOMEM);
diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
index e108deebbaaa..bed5412b51f9 100644
--- a/drivers/md/dm-snap.c
+++ b/drivers/md/dm-snap.c
@@ -1121,7 +1121,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 		origin_mode = FMODE_WRITE;
 	}
 
-	s = kmalloc(sizeof(*s), GFP_KERNEL);
+	s = kzalloc(sizeof(*s), GFP_KERNEL);
 	if (!s) {
 		ti->error = "Cannot allocate private snapshot structure";
 		r = -ENOMEM;
diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c
index bc4e6825ff62..8b36a6fa7ccf 100644
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -2838,7 +2837,7 @@ static struct pool *pool_create(struct mapped_device *pool_md,
 		return (struct pool *)pmd;
 	}
 
-	pool = kmalloc(sizeof(*pool), GFP_KERNEL);
+	pool = kzalloc(sizeof(*pool), GFP_KERNEL);
 	if (!pool) {
 		*error = "Error allocating memory for pool";
 		err_p = ERR_PTR(-ENOMEM);

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1.11: grsec_hunks_media.diff --]
[-- Type: text/x-patch; name="grsec_hunks_media.diff", Size: 1301 bytes --]

diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c
index 82affaedf067..42833ec0020f 100644
--- a/drivers/media/radio/radio-cadet.c
+++ b/drivers/media/radio/radio-cadet.c
@@ -333,6 +333,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
 	unsigned char readbuf[RDS_BUFFER];
 	int i = 0;
 
+	if (count > RDS_BUFFER)
+		return -EFAULT;
 	mutex_lock(&dev->lock);
 	if (dev->rdsstat == 0)
 		cadet_start_rds(dev);
@@ -349,8 +351,9 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
 		readbuf[i++] = dev->rdsbuf[dev->rdsout++];
 	mutex_unlock(&dev->lock);
 
-	if (i && copy_to_user(data, readbuf, i))
-		return -EFAULT;
+	if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i)))
+		i = -EFAULT;
+
 	return i;
 }
 
diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c
index 5a503a6bb8c5..f75b1f831b81 100644
--- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c
+++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c
@@ -1715,7 +1715,7 @@ static int rtl2832u_rc_query(struct dvb_usb_device *d)
 		goto exit;
 
 	ret = rtl28xxu_rd_reg(d, IR_RX_BC, &buf[0]);
-	if (ret)
+	if (ret || buf[0] > sizeof(buf))
 		goto err;
 
 	len = buf[0];

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2018-12-22 11:38 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-12-18  2:13 grsecurity updated source code James Hilliard
2018-12-18 14:11 ` Solar Designer
2018-12-22  8:09 ` Boris Lukashev
2018-12-22 11:38   ` Lionel Debroux

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.