From 899ea17d4ecad09a73af7febbd736e0bbe29dd6e Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 4 Jun 2022 10:56:44 -0400 Subject: [PATCH] Add the missing page sanitization to 3.18 kernels All along they only had slub sanization :( Signed-off-by: Tad --- Misc/Features/Page_Sanizization.txt | 15 ++++++++------- Patches/Linux | 2 +- .../android_kernel_samsung_universal8890.sh | 3 ++- .../CVE_Patchers/android_kernel_google_dragon.sh | 3 ++- .../CVE_Patchers/android_kernel_lge_msm8996.sh | 3 ++- .../CVE_Patchers/android_kernel_zte_msm8996.sh | 3 ++- .../CVE_Patchers/android_kernel_xiaomi_msm8937.sh | 3 ++- .../android_kernel_motorola_msm8996.sh | 3 ++- .../CVE_Patchers/android_kernel_lge_msm8996.sh | 3 ++- .../android_kernel_oneplus_msm8996.sh | 3 ++- 10 files changed, 25 insertions(+), 16 deletions(-) diff --git a/Misc/Features/Page_Sanizization.txt b/Misc/Features/Page_Sanizization.txt index 6f4e3646..09d1bbb1 100644 --- a/Misc/Features/Page_Sanizization.txt +++ b/Misc/Features/Page_Sanizization.txt @@ -1,21 +1,24 @@ +All 3.4+ kernels have some form of page sanitization, however 3.0, 3.4 and 4.4 lacks slub sanitization + +3.0 and 3.4 +NEEDS slub_debug=P + 3.10 0006-AndroidHardening-Kernel_Hardening/3.10/0007.patch:Subject: [PATCH] add page sanitization / verification 0006-AndroidHardening-Kernel_Hardening/3.10/0008.patch:Subject: [PATCH] add slub sanitization 0006-AndroidHardening-Kernel_Hardening/3.10/0009.patch:Subject: [PATCH] slub: add check for write-after-free -TODO 3.18 0006-AndroidHardening-Kernel_Hardening/3.18/0024.patch:Subject: [PATCH] add page sanitization / verification 0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch:Subject: [PATCH] add slub sanitization 0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch:Subject: [PATCH] slub: add check for write-after-free -DOES NOT SUPPORT page_posion=1: zte/msm8996, google/dragon, motorola/msm8996, lge/msm8996, samsung/universal8890, xiaomi/msm8937, oneplus/msm8996 4.4 0008-Graphene-Kernel_Hardening/4.4/0020.patch:Subject: [PATCH] add simpler page sanitization 0008-Graphene-Kernel_Hardening/4.4/0021.patch:Subject: [PATCH] add support for verifying page sanitization 0008-Graphene-Kernel_Hardening/4.4/0022.patch:Subject: [PATCH] slub: add basic full slab sanitization 0008-Graphene-Kernel_Hardening/4.4/0023.patch:Subject: [PATCH] slub: add support for verifying slab sanitization -NEEDS slub_debug=P and page_poison=1: yandex/sdm660, oneplus/msm8998, razer/msm8998, sony/sdm660, xiaomi/sdm660, essential/msm8998, fxtec/msm8998, zuk/msm8996 +NEEDS slub_debug=P: yandex/sdm660, oneplus/msm8998, razer/msm8998, sony/sdm660, xiaomi/sdm660, essential/msm8998, fxtec/msm8998, zuk/msm8996 4.9 0008-Graphene-Kernel_Hardening/4.9/0035.patch:Subject: [PATCH] add simpler page sanitization @@ -23,18 +26,16 @@ NEEDS slub_debug=P and page_poison=1: yandex/sdm660, oneplus/msm8998, razer/msm8 0008-Graphene-Kernel_Hardening/4.9/0037.patch:Subject: [PATCH] slub: add basic full slab sanitization 0008-Graphene-Kernel_Hardening/4.9/0038.patch:Subject: [PATCH] slub: add support for verifying slab sanitization -INIT_ON_ALLOC/INIT_ON_FREE 4.14 0008-Graphene-Kernel_Hardening/4.14/0063.patch:Subject: [PATCH] mm: add support for verifying page sanitization 0008-Graphene-Kernel_Hardening/4.14/0064.patch:Subject: [PATCH] slub: Extend init_on_free to slab caches with constructors 0008-Graphene-Kernel_Hardening/4.14/0065.patch:Subject: [PATCH] slub: Add support for verifying slab sanitization 0008-Graphene-Kernel_Hardening/4.14/0066.patch:Subject: [PATCH] slub: Extend init_on_alloc to slab caches with constructors -NEEDS slub_debug=P and page_poison=1: xiaomi/sm6150 +NEEDS slub_debug=P: xiaomi/sm6150 4.19 0008-Graphene-Kernel_Hardening/4.19/0093.patch:Subject: [PATCH] mm: add support for verifying page sanitization 0008-Graphene-Kernel_Hardening/4.19/0094.patch:Subject: [PATCH] slub: Extend init_on_free to slab caches with constructors 0008-Graphene-Kernel_Hardening/4.19/0095.patch:Subject: [PATCH] slub: Add support for verifying slab sanitization 0008-Graphene-Kernel_Hardening/4.19/0096.patch:Subject: [PATCH] slub: Extend init_on_alloc to slab caches with constructors -NEEDS slub_debug=P and page_poison=1: oneplus/sm7250 -MISSING: oneplus/sm8150, google/redbull +NEEDS slub_debug=P: oneplus/sm7250 diff --git a/Patches/Linux b/Patches/Linux index eda155c1..c24dc1e8 160000 --- a/Patches/Linux +++ b/Patches/Linux @@ -1 +1 @@ -Subproject commit eda155c1f9eab8bdd1dca500e60b6457f09aac8b +Subproject commit c24dc1e845c5835a316edd43d109b426bde077f1 diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh index 7ff83122..f21ddccc 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh @@ -13,6 +13,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0021.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other3.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -704,5 +705,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p704" +editKernelLocalversion "-dos.p705" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh index 3db19f12..26f68b0b 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh @@ -10,6 +10,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0011.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0021.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other1.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch #git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -667,5 +668,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p667" +editKernelLocalversion "-dos.p668" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8996.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8996.sh index 59ac53c5..db97954a 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8996.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8996.sh @@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -557,5 +558,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p557" +editKernelLocalversion "-dos.p558" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_zte_msm8996.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_zte_msm8996.sh index d965cf3a..3e46d127 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_zte_msm8996.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_zte_msm8996.sh @@ -7,6 +7,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0021.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -647,5 +648,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p647" +editKernelLocalversion "-dos.p648" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh index 5f4b0616..a3f8fe5a 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh @@ -4,6 +4,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -418,5 +419,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p418" +editKernelLocalversion "-dos.p419" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8996.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8996.sh index 3080eb4b..d1b9bfb5 100644 --- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8996.sh +++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8996.sh @@ -5,6 +5,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -565,5 +566,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p565" +editKernelLocalversion "-dos.p566" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_msm8996.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_msm8996.sh index 17dc86d5..e8a26517 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_msm8996.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_msm8996.sh @@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -544,5 +545,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p544" +editKernelLocalversion "-dos.p545" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh index 130a468f..9cc0d451 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh @@ -4,6 +4,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch @@ -463,5 +464,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p463" +editKernelLocalversion "-dos.p464" cd "$DOS_BUILD_BASE"