Attachment #416952 for bug #564918

View | Details | Raw Unified | Return to bug 564918
Collapse All | Expand All

Lines 100-105 Link Here

(-)linux-4.2.6-hardened/arch/x86/include/uapi/asm/svm.h (+1 lines)
100	{ SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \	100	{ SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \
101	{ SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \	101	{ SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \
102	{ SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \	102	{ SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \
		103	{ SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \
103	{ SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \	104	{ SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \
104	{ SVM_EXIT_INTR, "interrupt" }, \	105	{ SVM_EXIT_INTR, "interrupt" }, \
105	{ SVM_EXIT_NMI, "nmi" }, \	106	{ SVM_EXIT_NMI, "nmi" }, \




	set_exception_intercept(svm, PF_VECTOR);
	set_exception_intercept(svm, UD_VECTOR);
	set_exception_intercept(svm, MC_VECTOR);
	set_exception_intercept(svm, AC_VECTOR);
	set_exception_intercept(svm, DB_VECTOR);

	set_intercept(svm, INTERCEPT_INTR);
	set_intercept(svm, INTERCEPT_NMI);

	mark_dirty(svm->vmcb, VMCB_SEG);
}

static void update_bp_intercept(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);

	clr_exception_intercept(svm, DB_VECTOR);
	clr_exception_intercept(svm, BP_VECTOR);

	if (svm->nmi_singlestep)
		set_exception_intercept(svm, DB_VECTOR);

	if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
		if (vcpu->guest_debug &
		    (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))
			set_exception_intercept(svm, DB_VECTOR);
		if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
			set_exception_intercept(svm, BP_VECTOR);
	} else

		if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
			svm->vmcb->save.rflags &=
				~(X86_EFLAGS_TF | X86_EFLAGS_RF);
		update_db_bp_intercept(&svm->vcpu);
	}

	if (svm->vcpu.guest_debug &

	return 1;
}

static int ac_interception(struct vcpu_svm *svm)
{
	kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
	return 1;
}

static void svm_fpu_activate(struct kvm_vcpu *vcpu)
{
	struct vcpu_svm *svm = to_svm(vcpu);

	[SVM_EXIT_EXCP_BASE + PF_VECTOR]	= pf_interception,
	[SVM_EXIT_EXCP_BASE + NM_VECTOR]	= nm_interception,
	[SVM_EXIT_EXCP_BASE + MC_VECTOR]	= mc_interception,
	[SVM_EXIT_EXCP_BASE + AC_VECTOR]	= ac_interception,
	[SVM_EXIT_INTR]				= intr_interception,
	[SVM_EXIT_NMI]				= nmi_interception,
	[SVM_EXIT_SMI]				= nop_on_interception,

	 */
	svm->nmi_singlestep = true;
	svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
	update_db_bp_intercept(vcpu);
}

static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)

	.vcpu_load = svm_vcpu_load,
	.vcpu_put = svm_vcpu_put,

	.update_db_bp_intercept = update_bp_intercept,
	.get_msr = svm_get_msr,
	.set_msr = svm_set_msr,
	.get_segment_base = svm_get_segment_base,

Lines 1567-1573 static void update_exception_bitmap(stru Link Here

(-)linux-4.2.6-hardened/arch/x86/kvm/vmx.c (-1 / +4 lines)
1567	u32 eb;	1567	u32 eb;
1568		1568
1569	eb = (1u << PF_VECTOR) \| (1u << UD_VECTOR) \| (1u << MC_VECTOR) \|	1569	eb = (1u << PF_VECTOR) \| (1u << UD_VECTOR) \| (1u << MC_VECTOR) \|
1570	(1u << NM_VECTOR) \| (1u << DB_VECTOR);	1570	(1u << NM_VECTOR) \| (1u << DB_VECTOR) \| (1u << AC_VECTOR);
1571	if ((vcpu->guest_debug &	1571	if ((vcpu->guest_debug &
1572	(KVM_GUESTDBG_ENABLE \| KVM_GUESTDBG_USE_SW_BP)) ==	1572	(KVM_GUESTDBG_ENABLE \| KVM_GUESTDBG_USE_SW_BP)) ==
1573	(KVM_GUESTDBG_ENABLE \| KVM_GUESTDBG_USE_SW_BP))	1573	(KVM_GUESTDBG_ENABLE \| KVM_GUESTDBG_USE_SW_BP))
Lines 5129-5134 static int handle_exception(struct kvm_v Link Here
5129	return handle_rmode_exception(vcpu, ex_no, error_code);	5129	return handle_rmode_exception(vcpu, ex_no, error_code);
5130		5130
5131	switch (ex_no) {	5131	switch (ex_no) {
		5132	case AC_VECTOR:
		5133	kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
		5134	return 1;
5132	case DB_VECTOR:	5135	case DB_VECTOR:
5133	dr6 = vmcs_readl(EXIT_QUALIFICATION);	5136	dr6 = vmcs_readl(EXIT_QUALIFICATION);
5134	if (!(vcpu->guest_debug &	5137	if (!(vcpu->guest_debug &

Lines 1-6 Link Here

(-)linux-4.2.6-hardened/.config (-1 / +1 lines)
1	#	1	#
2	# Automatically generated file; DO NOT EDIT.	2	# Automatically generated file; DO NOT EDIT.
3	# Linux/x86 4.2.6-hardened Kernel Configuration	3	# Linux/x86 4.2.6-hardened-r1 Kernel Configuration
4	#	4	#
5	CONFIG_64BIT=y	5	CONFIG_64BIT=y
6	CONFIG_X86_64=y	6	CONFIG_X86_64=y

Lines 7361-7366 process_pkt: Link Here

(-)linux-4.2.6-hardened/drivers/net/ethernet/realtek/r8169.c (+3 lines)
7361		7361
7362	rtl8169_rx_vlan_tag(desc, skb);	7362	rtl8169_rx_vlan_tag(desc, skb);
7363		7363
		7364	if (skb->pkt_type == PACKET_MULTICAST)
		7365	dev->stats.multicast++;
		7366
7364	napi_gro_receive(&tp->napi, skb);	7367	napi_gro_receive(&tp->napi, skb);
7365		7368
7366	u64_stats_update_begin(&tp->rx_stats.syncp);	7369	u64_stats_update_begin(&tp->rx_stats.syncp);




			 */
			would_dump(bprm, interpreter);

			/* Get the exec headers */
			retval = kernel_read(interpreter, 0,
					     (void *)&loc->interp_elf_ex,
					     sizeof(loc->interp_elf_ex));
			if (retval != sizeof(loc->interp_elf_ex)) {
				if (retval >= 0)
					retval = -EIO;
				goto out_free_dentry;
			}

			/* Get the exec headers */
			loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
			break;
		}
		elf_ppnt++;




	char *name_ptr;
	int name_len;
	int is_curr = 0;	/* ctx->pos points to the current index? */
	bool emitted;

	/* FIXME, use a real flag for deciding about the key type */
	if (root->fs_info->tree_root == root)

	if (ret < 0)
		goto err;

	emitted = false;
	while (1) {
		leaf = path->nodes[0];
		slot = path->slots[0];


			if (over)
				goto nopos;
			emitted = true;
			di_len = btrfs_dir_name_len(leaf, di) +
				 btrfs_dir_data_len(leaf, di) + sizeof(*di);
			di_cur += di_len;

			goto nopos;
	}

	/*
	 * If we haven't emitted any dir entry, we must not touch ctx->pos as
	 * it was was set to the termination value in previous call. We assume
	 * that "." and ".." were emitted if we reach this point and set the
	 * termination value as well for an empty directory.
	 */
	if (ctx->pos > 2 && !emitted)
		goto nopos;

	/* Reached end of directory/root. Bump pos past the last item. */
	ctx->pos++;


Lines 271-278 static struct dentry *start_creating(con Link Here

(-)linux-4.2.6-hardened/fs/debugfs/inode.c (-1 / +5 lines)
271	dput(dentry);	271	dput(dentry);
272	dentry = ERR_PTR(-EEXIST);	272	dentry = ERR_PTR(-EEXIST);
273	}	273	}
274	if (IS_ERR(dentry))	274
		275	if (IS_ERR(dentry)) {
275	mutex_unlock(&d_inode(parent)->i_mutex);	276	mutex_unlock(&d_inode(parent)->i_mutex);
		277	simple_release_fs(&debugfs_mount, &debugfs_mount_count);
		278	}
		279
276	return dentry;	280	return dentry;
277	}	281	}
278		282

Lines 1-7 Link Here

(-)linux-4.2.6-hardened/Makefile (-1 / +1 lines)
1	VERSION = 4	1	VERSION = 4
2	PATCHLEVEL = 2	2	PATCHLEVEL = 2
3	SUBLEVEL = 6	3	SUBLEVEL = 6
4	EXTRAVERSION = -hardened	4	EXTRAVERSION = -hardened-r1
5	NAME = Hurr durr I'ma sheep	5	NAME = Hurr durr I'ma sheep
6		6
7	# DOCUMENTATION	7	# DOCUMENTATION

Lines 45-51 static void pptp_nat_expected(struct nf_ Link Here

(-)linux-4.2.6-hardened/net/ipv4/netfilter/nf_nat_pptp.c (-1 / +1 lines)
45	struct net *net = nf_ct_net(ct);	45	struct net *net = nf_ct_net(ct);
46	const struct nf_conn *master = ct->master;	46	const struct nf_conn *master = ct->master;
47	struct nf_conntrack_expect *other_exp;	47	struct nf_conntrack_expect *other_exp;
48	struct nf_conntrack_tuple t;	48	struct nf_conntrack_tuple t = {};
49	const struct nf_ct_pptp_master *ct_pptp_info;	49	const struct nf_ct_pptp_master *ct_pptp_info;
50	const struct nf_nat_pptp *nat_pptp_info;	50	const struct nf_nat_pptp *nat_pptp_info;
51	struct nf_nat_range range;	51	struct nf_nat_range range;

Return to bug 564918

Lines 1106-1111 static void init_vmcb(struct vcpu_svm *s Link Here

(-)linux-4.2.6-hardened/arch/x86/kvm/svm.c (-11 / +11 lines)
1106	set_exception_intercept(svm, PF_VECTOR);	1106	set_exception_intercept(svm, PF_VECTOR);
1107	set_exception_intercept(svm, UD_VECTOR);	1107	set_exception_intercept(svm, UD_VECTOR);
1108	set_exception_intercept(svm, MC_VECTOR);	1108	set_exception_intercept(svm, MC_VECTOR);
		1109	set_exception_intercept(svm, AC_VECTOR);
		1110	set_exception_intercept(svm, DB_VECTOR);
1109		1111
1110	set_intercept(svm, INTERCEPT_INTR);	1112	set_intercept(svm, INTERCEPT_INTR);
1111	set_intercept(svm, INTERCEPT_NMI);	1113	set_intercept(svm, INTERCEPT_NMI);
Lines 1641-1660 static void svm_set_segment(struct kvm_v Link Here
1641	mark_dirty(svm->vmcb, VMCB_SEG);	1643	mark_dirty(svm->vmcb, VMCB_SEG);
1642	}	1644	}
1643		1645
1644	static void update_db_bp_intercept(struct kvm_vcpu *vcpu)	1646	static void update_bp_intercept(struct kvm_vcpu *vcpu)
1645	{	1647	{
1646	struct vcpu_svm *svm = to_svm(vcpu);	1648	struct vcpu_svm *svm = to_svm(vcpu);
1647		1649
1648	clr_exception_intercept(svm, DB_VECTOR);
1649	clr_exception_intercept(svm, BP_VECTOR);	1650	clr_exception_intercept(svm, BP_VECTOR);
1650		1651
1651	if (svm->nmi_singlestep)
1652	set_exception_intercept(svm, DB_VECTOR);
1653
1654	if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {	1652	if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
1655	if (vcpu->guest_debug &
1656	(KVM_GUESTDBG_SINGLESTEP \| KVM_GUESTDBG_USE_HW_BP))
1657	set_exception_intercept(svm, DB_VECTOR);
1658	if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)	1653	if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
1659	set_exception_intercept(svm, BP_VECTOR);	1654	set_exception_intercept(svm, BP_VECTOR);
1660	} else	1655	} else
Lines 1760-1766 static int db_interception(struct vcpu_s Link Here
1760	if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))	1755	if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
1761	svm->vmcb->save.rflags &=	1756	svm->vmcb->save.rflags &=
1762	~(X86_EFLAGS_TF \| X86_EFLAGS_RF);	1757	~(X86_EFLAGS_TF \| X86_EFLAGS_RF);
1763	update_db_bp_intercept(&svm->vcpu);
1764	}	1758	}
1765		1759
1766	if (svm->vcpu.guest_debug &	1760	if (svm->vcpu.guest_debug &
Lines 1795-1800 static int ud_interception(struct vcpu_s Link Here
1795	return 1;	1789	return 1;
1796	}	1790	}
1797		1791
		1792	static int ac_interception(struct vcpu_svm *svm)
		1793	{
		1794	kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
		1795	return 1;
		1796	}
		1797
1798	static void svm_fpu_activate(struct kvm_vcpu *vcpu)	1798	static void svm_fpu_activate(struct kvm_vcpu *vcpu)
1799	{	1799	{
1800	struct vcpu_svm *svm = to_svm(vcpu);	1800	struct vcpu_svm *svm = to_svm(vcpu);
Lines 3369-3374 static int (*const svm_exit_handlers[])( Link Here
3369	[SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,	3369	[SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception,
3370	[SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,	3370	[SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception,
3371	[SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,	3371	[SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception,
		3372	[SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception,
3372	[SVM_EXIT_INTR] = intr_interception,	3373	[SVM_EXIT_INTR] = intr_interception,
3373	[SVM_EXIT_NMI] = nmi_interception,	3374	[SVM_EXIT_NMI] = nmi_interception,
3374	[SVM_EXIT_SMI] = nop_on_interception,	3375	[SVM_EXIT_SMI] = nop_on_interception,
Lines 3756-3762 static void enable_nmi_window(struct kvm Link Here
3756	*/	3757	*/
3757	svm->nmi_singlestep = true;	3758	svm->nmi_singlestep = true;
3758	svm->vmcb->save.rflags \|= (X86_EFLAGS_TF \| X86_EFLAGS_RF);	3759	svm->vmcb->save.rflags \|= (X86_EFLAGS_TF \| X86_EFLAGS_RF);
3759	update_db_bp_intercept(vcpu);
3760	}	3760	}
3761		3761
3762	static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)	3762	static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr)
Lines 4382-4388 static struct kvm_x86_ops svm_x86_ops = Link Here
4382	.vcpu_load = svm_vcpu_load,	4382	.vcpu_load = svm_vcpu_load,
4383	.vcpu_put = svm_vcpu_put,	4383	.vcpu_put = svm_vcpu_put,
4384		4384
4385	.update_db_bp_intercept = update_db_bp_intercept,	4385	.update_db_bp_intercept = update_bp_intercept,
4386	.get_msr = svm_get_msr,	4386	.get_msr = svm_get_msr,
4387	.set_msr = svm_set_msr,	4387	.set_msr = svm_set_msr,
4388	.get_segment_base = svm_get_segment_base,	4388	.get_segment_base = svm_get_segment_base,

Lines 1127-1142 static int load_elf_binary(struct linux_ Link Here

(-)linux-4.2.6-hardened/fs/binfmt_elf.c (-5 / +5 lines)
1127	*/	1127	*/
1128	would_dump(bprm, interpreter);	1128	would_dump(bprm, interpreter);
1129		1129
1130	retval = kernel_read(interpreter, 0, bprm->buf,	1130	/* Get the exec headers */
1131	BINPRM_BUF_SIZE);	1131	retval = kernel_read(interpreter, 0,
1132	if (retval != BINPRM_BUF_SIZE) {	1132	(void *)&loc->interp_elf_ex,
		1133	sizeof(loc->interp_elf_ex));
		1134	if (retval != sizeof(loc->interp_elf_ex)) {
1133	if (retval >= 0)	1135	if (retval >= 0)
1134	retval = -EIO;	1136	retval = -EIO;
1135	goto out_free_dentry;	1137	goto out_free_dentry;
1136	}	1138	}
1137		1139
1138	/* Get the exec headers */
1139	loc->interp_elf_ex = ((struct elfhdr )bprm->buf);
1140	break;	1140	break;
1141	}	1141	}
1142	elf_ppnt++;	1142	elf_ppnt++;

Lines 5632-5638 static int btrfs_real_readdir(struct fil Link Here

(-)linux-4.2.6-hardened/fs/btrfs/inode.c (-12 lines)
5632	char *name_ptr;	5632	char *name_ptr;
5633	int name_len;	5633	int name_len;
5634	int is_curr = 0; /* ctx->pos points to the current index? */	5634	int is_curr = 0; /* ctx->pos points to the current index? */
5635	bool emitted;
5636		5635
5637	/* FIXME, use a real flag for deciding about the key type */	5636	/* FIXME, use a real flag for deciding about the key type */
5638	if (root->fs_info->tree_root == root)	5637	if (root->fs_info->tree_root == root)
Lines 5661-5667 static int btrfs_real_readdir(struct fil Link Here
5661	if (ret < 0)	5660	if (ret < 0)
5662	goto err;	5661	goto err;
5663		5662
5664	emitted = false;
5665	while (1) {	5663	while (1) {
5666	leaf = path->nodes[0];	5664	leaf = path->nodes[0];
5667	slot = path->slots[0];	5665	slot = path->slots[0];
Lines 5741-5747 skip: Link Here
5741		5739
5742	if (over)	5740	if (over)
5743	goto nopos;	5741	goto nopos;
5744	emitted = true;
5745	di_len = btrfs_dir_name_len(leaf, di) +	5742	di_len = btrfs_dir_name_len(leaf, di) +
5746	btrfs_dir_data_len(leaf, di) + sizeof(*di);	5743	btrfs_dir_data_len(leaf, di) + sizeof(*di);
5747	di_cur += di_len;	5744	di_cur += di_len;
Lines 5759-5773 next: Link Here
5759	goto nopos;	5756	goto nopos;
5760	}	5757	}
5761		5758
5762	/*
5763	* If we haven't emitted any dir entry, we must not touch ctx->pos as
5764	* it was was set to the termination value in previous call. We assume
5765	* that "." and ".." were emitted if we reach this point and set the
5766	* termination value as well for an empty directory.
5767	*/
5768	if (ctx->pos > 2 && !emitted)
5769	goto nopos;
5770
5771	/* Reached end of directory/root. Bump pos past the last item. */	5759	/* Reached end of directory/root. Bump pos past the last item. */
5772	ctx->pos++;	5760	ctx->pos++;
5773		5761