I've put updated patches on http://molly.corsac.net/~corsac/debian/kernel-grsec/patches/ (kernel is built but not uploaded to packages/ since it's quite huge, will do that at one point. Patches are attached to that mail too.
The first one (add-grsecurity-featureset) is against the debian kernel svn tree and add the featureset, while the second (debian-grsecurity) is against the grsecurity upstream patch and adapts it to the current debian kernel sources (removes the stuff already backported by the kernel team etc.). I expect it to be really smaller for 2.6.37. Patch and build procedure is: mkdir kernel-grsec cd kernel-grsec svn co svn://svn.debian.org/svn/kernel/dists/sid/linux-2.6 cd linux-2.6 curl http://molly.corsac.net/~corsac/debian/kernel-grsec/patches/add-grsecurity-featureset.patch |patch cd debian/patches/features/all/grsec wget http://grsecurity.net/stable/grsecurity-2.2.1-2.6.32.27-201101021130.patch cp grsecurity-2.2.1-2.6.32.27-201101021130{,+debian}.patch curl http://molly.corsac.net/~corsac/debian/kernel-grsec/patches/debian-grsecurity.patch |patch grsecurity-2.2.1-2.6.32.27-201101021130+debian.patch cd ../../../../../.. wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.32.tar.bz2 cd linux-2.6 python debian/bin/genorig.py ../linux-2.6.32.tar.bz2 debian/rules debian/control-real dpkg-buildpackage -us -uc (or fakeroot make -f debian/rules.gen binary-arch_amd64_grsec_amd64 or the variant you need) See the kernel handbook (http://kernel-handbook.alioth.debian.org/) for more info, and remember to check the various stuff you download, sha1sums for the patches are: e0a7d38f93a7857f2caceb13cac56eebb4b79530 add-grsecurity-featureset.patch 20c7c213f36f1a99a381d5fca563d9c22236e172 debian-grsecurity.patch Comments welcome. Regards, -- Yves-Alexis Perez ANSSI/ACE/LAM
Index: debian/patches/series/30-extra =================================================================== --- debian/patches/series/30-extra (revision 16770) +++ debian/patches/series/30-extra (working copy) @@ -22,3 +22,5 @@ + features/all/xen/radeon-ttm-PCIe-Use-dma_addr-if-TTM-has-set-it.patch featureset=xen + features/all/xen/nouveau-ttm-PCIe-Use-dma_addr-if-TTM-has-set-it.patch featureset=xen + features/all/xen/radeon-PCIe-Use-the-correct-index-field.patch featureset=xen + ++ features/all/grsec/grsecurity-2.2.1-2.6.32.27-201101021130+debian.patch featureset=grsec Index: debian/changelog =================================================================== --- debian/changelog (revision 16770) +++ debian/changelog (working copy) @@ -22,6 +22,9 @@ * r8169: Change RTL8111D/RTL8168D initialisation and firmware loading to match upstream version (for #564628) + [ Yves-Alexis Perez ] + * Add a grsecurity featureset. + [ maximilian attems ] * [openvz] Reenable NF_CONNTRACK_IPV6. (closes: #580507) * cifs: fix another memleak, in cifs_root_iget. Index: debian/config/i386/grsec/defines =================================================================== --- debian/config/i386/grsec/defines (revision 0) +++ debian/config/i386/grsec/defines (revision 0) @@ -0,0 +1,9 @@ +[base] +flavours: + 686 + amd64 + +[grsec] +flavours: + i386 + amd64 Index: debian/config/i386/defines =================================================================== --- debian/config/i386/defines (revision 16770) +++ debian/config/i386/defines (working copy) @@ -7,6 +7,7 @@ openvz vserver xen + grsec flavours: 486 686 Index: debian/config/featureset-grsec/config =================================================================== --- debian/config/featureset-grsec/config (revision 0) +++ debian/config/featureset-grsec/config (revision 0) @@ -0,0 +1,144 @@ +# +# Grsecurity +# +CONFIG_GRKERNSEC=y +# CONFIG_GRKERNSEC_LOW is not set +# CONFIG_GRKERNSEC_MEDIUM is not set +CONFIG_GRKERNSEC_HIGH=y +# CONFIG_GRKERNSEC_CUSTOM is not set + +# +# Address Space Protection +# +CONFIG_GRKERNSEC_KMEM=y +CONFIG_GRKERNSEC_IO=y +CONFIG_GRKERNSEC_PROC_MEMMAP=y +CONFIG_GRKERNSEC_BRUTE=y +CONFIG_GRKERNSEC_MODHARDEN=y +CONFIG_GRKERNSEC_HIDESYM=y + +# +# Role Based Access Control Options +# +# CONFIG_GRKERNSEC_NO_RBAC is not set +CONFIG_GRKERNSEC_ACL_HIDEKERN=y +CONFIG_GRKERNSEC_ACL_MAXTRIES=3 +CONFIG_GRKERNSEC_ACL_TIMEOUT=30 + +# +# Filesystem Protections +# +CONFIG_GRKERNSEC_PROC=y +CONFIG_GRKERNSEC_PROC_USER=y +CONFIG_GRKERNSEC_PROC_USERGROUP=y +CONFIG_GRKERNSEC_PROC_GID=64044 +CONFIG_GRKERNSEC_PROC_ADD=y +CONFIG_GRKERNSEC_LINK=y +CONFIG_GRKERNSEC_FIFO=y +CONFIG_GRKERNSEC_ROFS=y +CONFIG_GRKERNSEC_CHROOT=y +CONFIG_GRKERNSEC_CHROOT_MOUNT=y +CONFIG_GRKERNSEC_CHROOT_DOUBLE=y +CONFIG_GRKERNSEC_CHROOT_PIVOT=y +CONFIG_GRKERNSEC_CHROOT_CHDIR=y +CONFIG_GRKERNSEC_CHROOT_CHMOD=y +CONFIG_GRKERNSEC_CHROOT_FCHDIR=y +CONFIG_GRKERNSEC_CHROOT_MKNOD=y +CONFIG_GRKERNSEC_CHROOT_SHMAT=y +CONFIG_GRKERNSEC_CHROOT_UNIX=y +CONFIG_GRKERNSEC_CHROOT_FINDTASK=y +CONFIG_GRKERNSEC_CHROOT_NICE=y +CONFIG_GRKERNSEC_CHROOT_SYSCTL=y +CONFIG_GRKERNSEC_CHROOT_CAPS=y + +# +# Kernel Auditing +# +# CONFIG_GRKERNSEC_AUDIT_GROUP is not set +# CONFIG_GRKERNSEC_EXECLOG is not set +CONFIG_GRKERNSEC_RESLOG=y +CONFIG_GRKERNSEC_CHROOT_EXECLOG=y +CONFIG_GRKERNSEC_AUDIT_PTRACE=y +# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set +CONFIG_GRKERNSEC_AUDIT_MOUNT=y +CONFIG_GRKERNSEC_SIGNAL=y +CONFIG_GRKERNSEC_FORKFAIL=y +CONFIG_GRKERNSEC_TIME=y +CONFIG_GRKERNSEC_PROC_IPADDR=y +# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set + +# +# Executable Protections +# +CONFIG_GRKERNSEC_EXECVE=y +CONFIG_GRKERNSEC_DMESG=y +CONFIG_GRKERNSEC_HARDEN_PTRACE=y +CONFIG_GRKERNSEC_TPE=y +CONFIG_GRKERNSEC_TPE_ALL=y +CONFIG_GRKERNSEC_TPE_INVERT=y +CONFIG_GRKERNSEC_TPE_GID=64040 + +# +# Network Protections +# +CONFIG_GRKERNSEC_RANDNET=y +CONFIG_GRKERNSEC_BLACKHOLE=y +CONFIG_GRKERNSEC_SOCKET=y +CONFIG_GRKERNSEC_SOCKET_ALL=y +CONFIG_GRKERNSEC_SOCKET_ALL_GID=64041 +CONFIG_GRKERNSEC_SOCKET_CLIENT=y +CONFIG_GRKERNSEC_SOCKET_CLIENT_GID=64042 +CONFIG_GRKERNSEC_SOCKET_SERVER=y +CONFIG_GRKERNSEC_SOCKET_SERVER_GID=64043 + +# +# Sysctl support +# +CONFIG_GRKERNSEC_SYSCTL=y +CONFIG_GRKERNSEC_SYSCTL_DISTRO=y +CONFIG_GRKERNSEC_SYSCTL_ON=y + +# +# Logging Options +# +CONFIG_GRKERNSEC_FLOODTIME=10 +CONFIG_GRKERNSEC_FLOODBURST=4 + +# +# PaX +# +CONFIG_TASK_SIZE_MAX_SHIFT=47 +CONFIG_PAX=y + +# +# PaX Control +# +CONFIG_PAX_SOFTMODE=y +CONFIG_PAX_EI_PAX=y +CONFIG_PAX_PT_PAX_FLAGS=y +# CONFIG_PAX_NO_ACL_FLAGS is not set +CONFIG_PAX_HAVE_ACL_FLAGS=y +# CONFIG_PAX_HOOK_ACL_FLAGS is not set + +# +# Non-executable pages +# +CONFIG_PAX_NOEXEC=y +CONFIG_PAX_PAGEEXEC=y +# CONFIG_PAX_EMUTRAMP is not set +CONFIG_PAX_MPROTECT=y +CONFIG_PAX_ELFRELOCS=y + +# +# Address Space Layout Randomization +# +CONFIG_PAX_ASLR=y +CONFIG_PAX_RANDUSTACK=y +CONFIG_PAX_RANDMMAP=y + +# +# Miscellaneous hardening features +# +CONFIG_PAX_MEMORY_SANITIZE=y +CONFIG_PAX_REFCOUNT=y +CONFIG_PAX_USERCOPY=y Index: debian/config/featureset-grsec/defines =================================================================== --- debian/config/featureset-grsec/defines (revision 0) +++ debian/config/featureset-grsec/defines (revision 0) @@ -0,0 +1,8 @@ +[description] +part-long-grsec: This kernel includes support for Grsecurity and PaX security hardening features +part-short-grsec: Grsecurity and PaX protection +parts: grsec + +[image] +depends: linux-grsec-base,, paxctl +recommends: gradm2 Index: debian/config/amd64/grsec/defines =================================================================== --- debian/config/amd64/grsec/defines (revision 0) +++ debian/config/amd64/grsec/defines (revision 0) @@ -0,0 +1,4 @@ +[base] +flavours: + amd64 + Index: debian/config/amd64/defines =================================================================== --- debian/config/amd64/defines (revision 16770) +++ debian/config/amd64/defines (working copy) @@ -7,6 +7,7 @@ openvz vserver xen + grsec flavours: amd64 kernel-arch: x86 Index: debian/config/defines =================================================================== --- debian/config/defines (revision 16770) +++ debian/config/defines (working copy) @@ -25,6 +25,7 @@ openvz vserver xen + grsec [featureset-openvz_base] enabled: true @@ -39,6 +40,9 @@ part-long-xen: This kernel also runs on a Xen hypervisor. It supports only unprivileged (domU) operation. +[featureset-grsec_base] +enabled: true + [image] initramfs-generators: initramfs-tools initramfs-fallback type: plain
--- debian/patches/features/all/grsec/grsecurity-2.2.1-2.6.32.27-201101021130.patch 2011-01-02 17:39:51.000000000 +0100 +++ debian/patches/features/all/grsec/grsecurity-2.2.1-2.6.32.27-201101021130+debian.patch 2011-01-03 14:52:27.726032031 +0100 @@ -20471,15 +20471,15 @@ diff -urNp linux-2.6.32.27/arch/x86/vdso diff -urNp linux-2.6.32.27/arch/x86/xen/enlighten.c linux-2.6.32.27/arch/x86/xen/enlighten.c --- linux-2.6.32.27/arch/x86/xen/enlighten.c 2010-12-09 18:13:03.000000000 -0500 +++ linux-2.6.32.27/arch/x86/xen/enlighten.c 2010-12-31 14:46:53.000000000 -0500 -@@ -71,8 +71,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); +@@ -76,8 +76,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); struct shared_info xen_dummy_shared_info; -void *xen_initial_gdt; - - /* - * Point at some empty memory to start with. We map the real shared_info - * page as soon as fixmap is up and running. + __read_mostly int xen_have_vector_callback; + EXPORT_SYMBOL_GPL(xen_have_vector_callback); + @@ -548,7 +546,7 @@ static void xen_write_idt_entry(gate_des preempt_disable(); @@ -22648,6 +22648,7 @@ diff -urNp linux-2.6.32.27/drivers/ata/s .inherits = &svia_base_ops, .freeze = svia_noop_freeze, .prereset = vt6420_prereset, + .bmdma_start = vt6420_bmdma_start, }; -static struct ata_port_operations vt6421_pata_ops = { @@ -23783,15 +23784,6 @@ diff -urNp linux-2.6.32.27/drivers/block .show = kobj_pkt_show, .store = kobj_pkt_store }; -@@ -2408,7 +2408,7 @@ static void pkt_release_dev(struct pktcd - pkt_shrink_pktlist(pd); - } - --static struct pktcdvd_device *pkt_find_dev_from_minor(int dev_minor) -+static struct pktcdvd_device *pkt_find_dev_from_minor(unsigned int dev_minor) - { - if (dev_minor >= MAX_WRITERS) - return NULL; diff -urNp linux-2.6.32.27/drivers/char/agp/frontend.c linux-2.6.32.27/drivers/char/agp/frontend.c --- linux-2.6.32.27/drivers/char/agp/frontend.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.27/drivers/char/agp/frontend.c 2010-12-31 14:46:53.000000000 -0500 @@ -25151,9 +25143,9 @@ diff -urNp linux-2.6.32.27/drivers/gpu/d diff -urNp linux-2.6.32.27/drivers/gpu/drm/drm_drv.c linux-2.6.32.27/drivers/gpu/drm/drm_drv.c --- linux-2.6.32.27/drivers/gpu/drm/drm_drv.c 2010-08-29 21:08:20.000000000 -0400 +++ linux-2.6.32.27/drivers/gpu/drm/drm_drv.c 2010-12-31 14:46:53.000000000 -0500 -@@ -417,7 +417,7 @@ int drm_ioctl(struct inode *inode, struc - char *kdata = NULL; +@@ -448,7 +448,7 @@ long drm_ioctl(struct file *filp, + dev = file_priv->minor->dev; atomic_inc(&dev->ioctl_count); - atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]); + atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]); @@ -25401,9 +25393,9 @@ diff -urNp linux-2.6.32.27/drivers/gpu/d diff -urNp linux-2.6.32.27/drivers/gpu/drm/i915/i915_drv.c linux-2.6.32.27/drivers/gpu/drm/i915/i915_drv.c --- linux-2.6.32.27/drivers/gpu/drm/i915/i915_drv.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.27/drivers/gpu/drm/i915/i915_drv.c 2010-12-31 14:46:53.000000000 -0500 -@@ -285,7 +285,7 @@ i915_pci_resume(struct pci_dev *pdev) - return i915_resume(dev); - } +@@ -471,7 +471,7 @@ const struct dev_pm_ops i915_pm_ops = { + .restore = i915_pm_resume, + }; -static struct vm_operations_struct i915_gem_vm_ops = { +static const struct vm_operations_struct i915_gem_vm_ops = { @@ -25471,15 +25463,16 @@ diff -urNp linux-2.6.32.27/drivers/gpu/d uint16_t devices; int connector_type; struct radeon_i2c_bus_rec ddc_bus; + struct radeon_hpd hpd; -}; +} bios_connectors[ATOM_MAX_SUPPORTED_DEVICE]; bool radeon_get_atom_connector_info_from_supported_devices_table(struct drm_device -@@ -535,7 +535,6 @@ bool radeon_get_atom_connector_info_from +@@ -690,7 +690,6 @@ bool radeon_get_atom_connector_info_from uint8_t dac; union atom_supported_devices *supported_devices; - int i, j; + int i, j, max_device; - struct bios_connector bios_connectors[ATOM_MAX_SUPPORTED_DEVICE]; atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset); @@ -25487,9 +25480,9 @@ diff -urNp linux-2.6.32.27/drivers/gpu/d diff -urNp linux-2.6.32.27/drivers/gpu/drm/radeon/radeon_display.c linux-2.6.32.27/drivers/gpu/drm/radeon/radeon_display.c --- linux-2.6.32.27/drivers/gpu/drm/radeon/radeon_display.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.27/drivers/gpu/drm/radeon/radeon_display.c 2010-12-31 14:46:53.000000000 -0500 -@@ -482,7 +482,7 @@ void radeon_compute_pll(struct radeon_pl +@@ -552,7 +552,7 @@ void radeon_compute_pll(struct radeon_pl - if (flags & RADEON_PLL_PREFER_CLOSEST_LOWER) { + if (pll->flags & RADEON_PLL_PREFER_CLOSEST_LOWER) { error = freq - current_freq; - error = error < 0 ? 0xffffffff : error; + error = (int32_t)error < 0 ? 0xffffffff : error; @@ -31795,50 +31788,6 @@ diff -urNp linux-2.6.32.27/fs/compat.c l goto out; if (!file->f_op) goto out; -@@ -1353,6 +1371,10 @@ static int compat_count(compat_uptr_t __ - argv++; - if (i++ >= max) - return -E2BIG; -+ -+ if (fatal_signal_pending(current)) -+ return -ERESTARTNOHAND; -+ cond_resched(); - } - } - return i; -@@ -1394,6 +1416,12 @@ static int compat_copy_strings(int argc, - while (len > 0) { - int offset, bytes_to_copy; - -+ if (fatal_signal_pending(current)) { -+ ret = -ERESTARTNOHAND; -+ goto out; -+ } -+ cond_resched(); -+ - offset = pos % PAGE_SIZE; - if (offset == 0) - offset = PAGE_SIZE; -@@ -1410,17 +1438,8 @@ static int compat_copy_strings(int argc, - if (!kmapped_page || kpos != (pos & PAGE_MASK)) { - struct page *page; - --#ifdef CONFIG_STACK_GROWSUP -- ret = expand_stack_downwards(bprm->vma, pos); -- if (ret < 0) { -- /* We've exceed the stack rlimit. */ -- ret = -E2BIG; -- goto out; -- } --#endif -- ret = get_user_pages(current, bprm->mm, pos, -- 1, 1, 1, &page, NULL); -- if (ret <= 0) { -+ page = get_arg_page(bprm, pos, 1); -+ if (!page) { - /* We've exceed the stack rlimit. */ - ret = -E2BIG; - goto out; @@ -1463,6 +1482,11 @@ int compat_do_execve(char * filename, compat_uptr_t __user *envp, struct pt_regs * regs) @@ -31908,7 +31857,7 @@ diff -urNp linux-2.6.32.27/fs/compat.c l /* execve succeeded */ current->fs->in_exec = 0; -@@ -1541,9 +1604,19 @@ int compat_do_execve(char * filename, +@@ -1603,8 +1603,17 @@ int compat_do_execve(char * filename, put_files_struct(displaced); return retval; @@ -31921,14 +31870,11 @@ diff -urNp linux-2.6.32.27/fs/compat.c l +#endif + out: -- if (bprm->mm) -+ if (bprm->mm) { + if (bprm->mm) { + acct_arg_size(bprm, 0); mmput(bprm->mm); -+ } + } - out_file: - if (bprm->file) { diff -urNp linux-2.6.32.27/fs/compat_ioctl.c linux-2.6.32.27/fs/compat_ioctl.c --- linux-2.6.32.27/fs/compat_ioctl.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.27/fs/compat_ioctl.c 2010-12-31 14:46:53.000000000 -0500 @@ -32007,7 +31953,7 @@ diff -urNp linux-2.6.32.27/fs/ecryptfs/i goto out_free; diff -urNp linux-2.6.32.27/fs/exec.c linux-2.6.32.27/fs/exec.c --- linux-2.6.32.27/fs/exec.c 2010-10-31 16:44:11.000000000 -0400 -+++ linux-2.6.32.27/fs/exec.c 2010-12-31 14:46:53.000000000 -0500 ++++ linux-2.6.32.27/fs/exec.c 2010-12-09 18:12:51.000000000 -0500 @@ -56,12 +56,24 @@ #include <linux/fsnotify.h> #include <linux/fs_struct.h> @@ -32042,27 +31988,33 @@ diff -urNp linux-2.6.32.27/fs/exec.c lin MAY_READ | MAY_EXEC | MAY_OPEN); putname(tmp); error = PTR_ERR(file); -@@ -159,28 +171,35 @@ out: +@@ -171,18 +171,17 @@ out: #ifdef CONFIG_MMU --static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +-static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages, +- unsigned long old_pages) +void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) -+{ -+ struct mm_struct *mm = current->mm; + { + struct mm_struct *mm = current->mm; +- long diff = (long)(pages - old_pages); + long diff = (long)(pages - bprm->vma_pages); -+ -+ if (!mm || !diff) -+ return; -+ + + if (!mm || !diff) + return; + +- down_write(&mm->mmap_sem); +- mm->total_vm += diff; +- up_write(&mm->mmap_sem); + bprm->vma_pages = pages; + + add_mm_counter(mm, anon_rss, diff); -+} -+ -+struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, - int write) - { + } + + struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -191,25 +190,17 @@ struct page *get_arg_page(struct linux_b + unsigned long old_vma_pages = + (bprm->vma->vm_end - bprm->vma->vm_start) / PAGE_SIZE; struct page *page; - int ret; @@ -32085,11 +32037,11 @@ diff -urNp linux-2.6.32.27/fs/exec.c lin unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start; struct rlimit *rlim; +- acct_arg_size(bprm, size / PAGE_SIZE, old_vma_pages); + acct_arg_size(bprm, size / PAGE_SIZE); -+ + /* * We've historically supported up to 32 pages (ARG_MAX) - * of argument strings even with small stacks @@ -246,7 +265,17 @@ static int __bprm_mm_init(struct linux_b vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; @@ -32121,19 +32073,16 @@ diff -urNp linux-2.6.32.27/fs/exec.c lin return 0; err: up_write(&mm->mmap_sem); -@@ -269,7 +304,11 @@ static bool valid_arg_len(struct linux_b +@@ -315,8 +306,7 @@ static bool valid_arg_len(struct linux_b #else --static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +-static void acct_arg_size(struct linux_binprm *bprm, unsigned long pages, +- unsigned long old_pages) +void acct_arg_size(struct linux_binprm *bprm, unsigned long pages) -+{ -+} -+ -+struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, - int write) { - struct page *page; + } + @@ -484,7 +523,7 @@ int copy_strings_kernel(int argc,char ** int r; mm_segment_t oldfs = get_fs(); @@ -32332,7 +32281,7 @@ diff -urNp linux-2.6.32.27/fs/exec.c lin /* execve succeeded */ current->fs->in_exec = 0; -@@ -1402,9 +1503,19 @@ int do_execve(char * filename, +@@ -1515,8 +1505,17 @@ int do_execve(char * filename, put_files_struct(displaced); return retval; @@ -32345,14 +32294,11 @@ diff -urNp linux-2.6.32.27/fs/exec.c lin +#endif + out: -- if (bprm->mm) -+ if (bprm->mm) { + if (bprm->mm) { + acct_arg_size(bprm, 0); - mmput (bprm->mm); -+ } + mmput(bprm->mm); + } - out_file: - if (bprm->file) { @@ -1565,6 +1676,217 @@ out: return ispipe; } @@ -46609,16 +46555,13 @@ diff -urNp linux-2.6.32.27/include/linux #else # define MAX_ARG_PAGES 32 struct page *page[MAX_ARG_PAGES]; -@@ -59,6 +60,10 @@ struct linux_binprm{ +@@ -60,6 +60,7 @@ struct linux_binprm{ unsigned long loader, exec; }; +extern void acct_arg_size(struct linux_binprm *bprm, unsigned long pages); -+extern struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, -+ int write); -+ - #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 - #define BINPRM_FLAGS_ENFORCE_NONDUMP (1 << BINPRM_FLAGS_ENFORCE_NONDUMP_BIT) + extern struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, + int write); @@ -78,6 +83,7 @@ struct linux_binfmt { int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); @@ -48579,9 +48522,9 @@ diff -urNp linux-2.6.32.27/include/linux #endif + + struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */ - }; - - struct core_thread { + #ifndef __GENKSYMS__ + struct vm_area_struct *vm_prev; + #endif @@ -287,6 +289,24 @@ struct mm_struct { #ifdef CONFIG_MMU_NOTIFIER struct mmu_notifier_mm *mmu_notifier_mm; @@ -49006,7 +48949,7 @@ diff -urNp linux-2.6.32.27/include/linux extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, unsigned long, unsigned long); -@@ -666,6 +669,16 @@ struct signal_struct { +@@ -666,6 +666,16 @@ struct signal_struct { struct tty_audit_buf *tty_audit_buf; #endif @@ -49021,8 +48964,8 @@ diff -urNp linux-2.6.32.27/include/linux +#endif + int oom_adj; /* OOM kill score adjustment (bit shift) */ - }; + #ifndef __GENKSYMS__ @@ -1223,7 +1236,7 @@ struct rcu_node; struct task_struct { @@ -50730,21 +50673,6 @@ diff -urNp linux-2.6.32.27/kernel/exit.c static void exit_mm(struct task_struct * tsk); static void __unhash_process(struct task_struct *p) -@@ -92,6 +96,14 @@ static void __exit_signal(struct task_st - posix_cpu_timers_exit_group(tsk); - else { - /* -+ * This can only happen if the caller is de_thread(). -+ * FIXME: this is the temporary hack, we should teach -+ * posix-cpu-timers to handle this case correctly. -+ */ -+ if (unlikely(has_group_leader_pid(tsk))) -+ posix_cpu_timers_exit_group(tsk); -+ -+ /* - * If there is any task waiting for the group exit - * then notify it: - */ @@ -167,6 +179,8 @@ void release_task(struct task_struct * p struct task_struct *leader; int zap_leader; @@ -53659,11 +53587,6 @@ diff -urNp linux-2.6.32.27/lib/vsprintf. break; } -diff -urNp linux-2.6.32.27/localversion-grsec linux-2.6.32.27/localversion-grsec ---- linux-2.6.32.27/localversion-grsec 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.27/localversion-grsec 2010-12-31 14:46:53.000000000 -0500 -@@ -0,0 +1 @@ -+-grsec diff -urNp linux-2.6.32.27/Makefile linux-2.6.32.27/Makefile --- linux-2.6.32.27/Makefile 2010-12-09 18:13:03.000000000 -0500 +++ linux-2.6.32.27/Makefile 2010-12-31 14:46:53.000000000 -0500 @@ -57750,18 +57673,6 @@ diff -urNp linux-2.6.32.27/net/ipv4/netf if (*octets == NULL) { if (net_ratelimit()) printk("OOM in bsalg (%d)\n", __LINE__); -diff -urNp linux-2.6.32.27/net/ipv4/tcp.c linux-2.6.32.27/net/ipv4/tcp.c ---- linux-2.6.32.27/net/ipv4/tcp.c 2010-12-09 18:13:03.000000000 -0500 -+++ linux-2.6.32.27/net/ipv4/tcp.c 2010-12-31 14:46:53.000000000 -0500 -@@ -2117,7 +2117,7 @@ static int do_tcp_setsockopt(struct sock - /* Values greater than interface MTU won't take effect. However - * at the point when this call is done we typically don't yet - * know which interface is going to be used */ -- if (val < 8 || val > MAX_TCP_WINDOW) { -+ if (val < 64 || val > MAX_TCP_WINDOW) { - err = -EINVAL; - break; - } diff -urNp linux-2.6.32.27/net/ipv4/tcp_ipv4.c linux-2.6.32.27/net/ipv4/tcp_ipv4.c --- linux-2.6.32.27/net/ipv4/tcp_ipv4.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.27/net/ipv4/tcp_ipv4.c 2010-12-31 14:46:53.000000000 -0500 @@ -58201,42 +58112,6 @@ diff -urNp linux-2.6.32.27/net/ipv6/udp. atomic_read(&sp->sk_drops)); } -diff -urNp linux-2.6.32.27/net/irda/af_irda.c linux-2.6.32.27/net/irda/af_irda.c ---- linux-2.6.32.27/net/irda/af_irda.c 2010-09-26 17:26:06.000000000 -0400 -+++ linux-2.6.32.27/net/irda/af_irda.c 2010-12-31 15:16:57.000000000 -0500 -@@ -2164,6 +2164,15 @@ static int irda_getsockopt(struct socket - - switch (optname) { - case IRLMP_ENUMDEVICES: -+ -+ /* Offset to first device entry */ -+ offset = sizeof(struct irda_device_list) - sizeof(struct irda_device_info); -+ -+ if (len < offset) { -+ err = -EINVAL; -+ goto out; -+ } -+ - /* Ask lmp for the current discovery log */ - discoveries = irlmp_get_discoveries(&list.len, self->mask.word, - self->nslots); -@@ -2173,15 +2182,9 @@ static int irda_getsockopt(struct socket - err = 0; - - /* Write total list length back to client */ -- if (copy_to_user(optval, &list, -- sizeof(struct irda_device_list) - -- sizeof(struct irda_device_info))) -+ if (copy_to_user(optval, &list, offset)) - err = -EFAULT; - -- /* Offset to first device entry */ -- offset = sizeof(struct irda_device_list) - -- sizeof(struct irda_device_info); -- - /* Copy the list itself - watch for overflow */ - if(list.len > 2048) - { diff -urNp linux-2.6.32.27/net/irda/ircomm/ircomm_tty.c linux-2.6.32.27/net/irda/ircomm/ircomm_tty.c --- linux-2.6.32.27/net/irda/ircomm/ircomm_tty.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.27/net/irda/ircomm/ircomm_tty.c 2010-12-31 14:46:53.000000000 -0500 @@ -58748,32 +58623,6 @@ diff -urNp linux-2.6.32.27/net/rds/Kconf ---help--- The RDS (Reliable Datagram Sockets) protocol provides reliable, sequenced delivery of datagrams over Infiniband, iWARP, -diff -urNp linux-2.6.32.27/net/sctp/auth.c linux-2.6.32.27/net/sctp/auth.c ---- linux-2.6.32.27/net/sctp/auth.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.27/net/sctp/auth.c 2010-12-31 14:46:53.000000000 -0500 -@@ -542,16 +542,20 @@ struct sctp_hmac *sctp_auth_asoc_get_hma - id = ntohs(hmacs->hmac_ids[i]); - - /* Check the id is in the supported range */ -- if (id > SCTP_AUTH_HMAC_ID_MAX) -+ if (id > SCTP_AUTH_HMAC_ID_MAX) { -+ id = 0; - continue; -+ } - - /* See is we support the id. Supported IDs have name and - * length fields set, so that we can allocated and use - * them. We can safely just check for name, for without the - * name, we can't allocate the TFM. - */ -- if (!sctp_hmac_list[id].hmac_name) -+ if (!sctp_hmac_list[id].hmac_name) { -+ id = 0; - continue; -+ } - - break; - } diff -urNp linux-2.6.32.27/net/sctp/proc.c linux-2.6.32.27/net/sctp/proc.c --- linux-2.6.32.27/net/sctp/proc.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.27/net/sctp/proc.c 2010-12-31 14:46:53.000000000 -0500
signature.asc
Description: This is a digitally signed message part