Author: hawk Date: Sun Jan 28 10:55:50 2007 GMT
Module: SOURCES Tag: hawk-LINUX_2_6
---- Log message:
- adjusted for vserver patched kernel
---- Files affected:
SOURCES:
grsecurity-vs-2.1.10-2.6.19.2-200701222307.patch (1.1.2.2 -> 1.1.2.3)
---- Diffs:
================================================================
Index: SOURCES/grsecurity-vs-2.1.10-2.6.19.2-200701222307.patch
diff -u SOURCES/grsecurity-vs-2.1.10-2.6.19.2-200701222307.patch:1.1.2.2
SOURCES/grsecurity-vs-2.1.10-2.6.19.2-200701222307.patch:1.1.2.3
--- SOURCES/grsecurity-vs-2.1.10-2.6.19.2-200701222307.patch:1.1.2.2 Sun Jan
28 08:56:20 2007
+++ SOURCES/grsecurity-vs-2.1.10-2.6.19.2-200701222307.patch Sun Jan 28
11:55:45 2007
@@ -39,9 +39,9 @@
--- linux-2.6.19.2/arch/alpha/kernel/ptrace.c 2006-11-29 16:57:37.000000000
-0500
+++ linux-2.6.19.2/arch/alpha/kernel/ptrace.c 2007-01-20 17:29:54.000000000
-0500
@@ -15,6 +15,7 @@
- #include <linux/slab.h>
#include <linux/security.h>
#include <linux/signal.h>
+ #include <linux/vs_base.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -5933,9 +5933,9 @@
--- linux-2.6.19.2/arch/ia64/kernel/ptrace.c 2006-11-29 16:57:37.000000000
-0500
+++ linux-2.6.19.2/arch/ia64/kernel/ptrace.c 2007-01-20 17:29:54.000000000
-0500
@@ -17,6 +17,7 @@
- #include <linux/security.h>
#include <linux/audit.h>
#include <linux/signal.h>
+ #include <linux/vs_base.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -5983,9 +5983,9 @@
--- linux-2.6.19.2/arch/ia64/mm/fault.c 2006-11-29 16:57:37.000000000
-0500
+++ linux-2.6.19.2/arch/ia64/mm/fault.c 2007-01-20 17:29:54.000000000
-0500
@@ -10,6 +10,7 @@
- #include <linux/smp_lock.h>
#include <linux/interrupt.h>
#include <linux/kprobes.h>
+ #include <linux/vs_memory.h>
+#include <linux/binfmts.h>
#include <asm/pgtable.h>
@@ -7657,9 +7657,9 @@
--- linux-2.6.19.2/arch/sparc/kernel/ptrace.c 2006-11-29 16:57:37.000000000
-0500
+++ linux-2.6.19.2/arch/sparc/kernel/ptrace.c 2007-01-20 17:29:54.000000000
-0500
@@ -19,6 +19,7 @@
- #include <linux/smp_lock.h>
#include <linux/security.h>
#include <linux/signal.h>
+ #include <linux/vs_base.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -8040,9 +8040,9 @@
--- linux-2.6.19.2/arch/sparc64/kernel/ptrace.c 2006-11-29
16:57:37.000000000 -0500
+++ linux-2.6.19.2/arch/sparc64/kernel/ptrace.c 2007-01-20
17:29:54.000000000 -0500
@@ -22,6 +22,7 @@
- #include <linux/seccomp.h>
#include <linux/audit.h>
#include <linux/signal.h>
+ #include <linux/vs_base.h>
+#include <linux/grsecurity.h>
#include <asm/asi.h>
@@ -9586,9 +9586,9 @@
--- linux-2.6.19.2/fs/binfmt_aout.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/binfmt_aout.c 2007-01-20 17:29:55.000000000 -0500
@@ -24,6 +24,7 @@
- #include <linux/binfmts.h>
#include <linux/personality.h>
#include <linux/init.h>
+ #include <linux/vs_memory.h>
+#include <linux/grsecurity.h>
#include <asm/system.h>
@@ -9670,9 +9670,9 @@
--- linux-2.6.19.2/fs/binfmt_elf.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/binfmt_elf.c 2007-01-20 17:29:55.000000000 -0500
@@ -39,10 +39,16 @@
- #include <linux/syscalls.h>
#include <linux/random.h>
#include <linux/elf.h>
+ #include <linux/vs_memory.h>
+#include <linux/grsecurity.h>
+
#include <asm/uaccess.h>
@@ -10539,9 +10539,9 @@
--- linux-2.6.19.2/fs/exec.c 2006-12-10 21:40:26.000000000 -0500
+++ linux-2.6.19.2/fs/exec.c 2007-01-20 17:29:55.000000000 -0500
@@ -49,6 +49,8 @@
- #include <linux/tsacct_kern.h>
#include <linux/cn_proc.h>
#include <linux/audit.h>
+ #include <linux/vs_memory.h>
+#include <linux/random.h>
+#include <linux/grsecurity.h>
@@ -10629,7 +10629,7 @@
down_write(&mm->mmap_sem);
{
-@@ -430,13 +469,50 @@
+@@ -430,14 +469,51 @@
else
mpnt->vm_flags = VM_STACK_FLAGS;
mpnt->vm_flags |= mm->def_flags;
@@ -10653,7 +10653,8 @@
+
return ret;
}
- mm->stack_vm = mm->total_vm = vma_pages(mpnt);
+ vx_vmpages_sub(mm, mm->total_vm - vma_pages(mpnt));
+ mm->stack_vm = mm->total_vm;
+
+#ifdef CONFIG_PAX_SEGMEXEC
+ if (mpnt_m) {
@@ -10966,9 +10967,9 @@
--- linux-2.6.19.2/fs/fcntl.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/fcntl.c 2007-01-20 17:29:55.000000000 -0500
@@ -18,6 +18,7 @@
- #include <linux/ptrace.h>
#include <linux/signal.h>
#include <linux/rcupdate.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
#include <asm/poll.h>
@@ -11024,9 +11025,9 @@
--- linux-2.6.19.2/fs/namei.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/namei.c 2007-01-20 17:29:55.000000000 -0500
@@ -32,6 +32,7 @@
- #include <linux/file.h>
- #include <linux/fcntl.h>
- #include <linux/namei.h>
+ #include <linux/vs_base.h>
+ #include <linux/vs_tag.h>
+ #include <linux/vs_cowbl.h>
+#include <linux/grsecurity.h>
#include <asm/namei.h>
#include <asm/uaccess.h>
@@ -11183,7 +11184,7 @@
+
if (!IS_POSIXACL(nd.dentry->d_inode))
mode &= ~current->fs->umask;
- error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+ error = vfs_mkdir(nd.dentry->d_inode, dentry, mode, &nd);
+
+ if (!error)
+ gr_handle_create(dentry, nd.mnt);
@@ -11216,7 +11217,7 @@
+ goto dput_exit2;
+ }
+ }
- error = vfs_rmdir(nd.dentry->d_inode, dentry);
+ error = vfs_rmdir(nd.dentry->d_inode, dentry, &nd);
+ if (!error && (saved_dev || saved_ino))
+ gr_handle_delete(saved_ino, saved_dev);
+dput_exit2:
@@ -11252,10 +11253,10 @@
+ error = -EACCES;
+
atomic_inc(&inode->i_count);
-- error = vfs_unlink(nd.dentry->d_inode, dentry);
+- error = vfs_unlink(nd.dentry->d_inode, dentry, &nd);
+ }
+ if (!error)
-+ error = vfs_unlink(nd.dentry->d_inode, dentry);
++ error = vfs_unlink(nd.dentry->d_inode, dentry, &nd);
+ if (!error && (saved_ino || saved_dev))
+ gr_handle_delete(saved_ino, saved_dev);
exit2:
@@ -11270,7 +11271,7 @@
+ goto out_dput_unlock;
+ }
+
- error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
+ error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO, &nd);
+
+ if (!error)
+ gr_handle_create(dentry, nd.mnt);
@@ -11296,7 +11297,7 @@
+ goto out_unlock_dput;
+ }
+
- error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
+ error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry, &nd);
+
+ if (!error)
+ gr_handle_create(new_dentry, nd.mnt);
@@ -11326,9 +11327,9 @@
--- linux-2.6.19.2/fs/namespace.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/namespace.c 2007-01-20 17:29:55.000000000 -0500
@@ -25,6 +25,7 @@
- #include <linux/security.h>
- #include <linux/mount.h>
- #include <linux/ramfs.h>
+ #include <linux/vserver/space.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_tag.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
@@ -11388,9 +11389,9 @@
--- linux-2.6.19.2/fs/open.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/open.c 2007-01-20 17:29:55.000000000 -0500
@@ -27,6 +27,7 @@
- #include <linux/syscalls.h>
- #include <linux/rcupdate.h>
- #include <linux/audit.h>
+ #include <linux/vs_dlimit.h>
+ #include <linux/vs_tag.h>
+ #include <linux/vs_cowbl.h>
+#include <linux/grsecurity.h>
int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
@@ -11500,15 +11501,6 @@
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
error = notify_change(nd.dentry, &newattrs);
-@@ -568,7 +617,7 @@
- return sys_fchmodat(AT_FDCWD, filename, mode);
- }
-
--static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
-+static int chown_common(struct dentry * dentry, uid_t user, gid_t group,
struct vfsmount *mnt)
- {
- struct inode * inode;
- int error;
@@ -585,6 +634,12 @@
error = -EPERM;
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
@@ -11522,42 +11514,6 @@
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-@@ -611,7 +666,7 @@
- error = user_path_walk(filename, &nd);
- if (error)
- goto out;
-- error = chown_common(nd.dentry, user, group);
-+ error = chown_common(nd.dentry, user, group, nd.mnt);
- path_release(&nd);
- out:
- return error;
-@@ -631,7 +686,7 @@
- error = __user_walk_fd(dfd, filename, follow, &nd);
- if (error)
- goto out;
-- error = chown_common(nd.dentry, user, group);
-+ error = chown_common(nd.dentry, user, group, nd.mnt);
- path_release(&nd);
- out:
- return error;
-@@ -645,7 +700,7 @@
- error = user_path_walk_link(filename, &nd);
- if (error)
- goto out;
-- error = chown_common(nd.dentry, user, group);
-+ error = chown_common(nd.dentry, user, group, nd.mnt);
- path_release(&nd);
- out:
- return error;
-@@ -664,7 +719,7 @@
-
- dentry = file->f_dentry;
- audit_inode(NULL, dentry->d_inode);
-- error = chown_common(dentry, user, group);
-+ error = chown_common(dentry, user, group, file->f_vfsmnt);
- fput(file);
- out:
- return error;
@@ -872,6 +927,7 @@
* N.B. For clone tasks sharing a files structure, this test
* will limit the total number of files that can be opened.
@@ -11691,13 +11647,13 @@
--- linux-2.6.19.2/fs/proc/base.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/proc/base.c 2007-01-20 17:29:55.000000000 -0500
@@ -73,6 +73,7 @@
- #include <linux/poll.h>
- #include <linux/nsproxy.h>
#include <linux/oom.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_network.h>
+#include <linux/grsecurity.h>
+
#include "internal.h"
- /* NOTE:
@@ -194,7 +195,7 @@
(task->parent == current && \
(task->ptrace & PT_PTRACED) && \
@@ -11734,7 +11690,7 @@
goto out;
copied = -ENOMEM;
-@@ -969,7 +972,11 @@
+@@ -969,8 +972,13 @@
inode->i_gid = 0;
if (task_dumpable(task)) {
inode->i_uid = task->euid;
@@ -11744,8 +11700,10 @@
inode->i_gid = task->egid;
+#endif
}
++
+ /* procfs is xid tagged */
+ inode->i_tag = (tag_t)vx_task_xid(task);
security_task_to_inode(task, inode);
-
@@ -985,17 +992,38 @@
{
struct inode *inode = dentry->d_inode;
@@ -11864,7 +11822,7 @@
@@ -1992,6 +2048,9 @@
{
unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
- struct task_struct *reaper = get_proc_task(filp->f_dentry->d_inode);
+ struct task_struct *reaper =
get_proc_task_real(filp->f_dentry->d_inode);
+#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ struct task_struct *tmp = current;
+#endif
@@ -11903,8 +11861,8 @@
inode->i_gid = de->gid;
+#endif
}
- if (de->size)
- inode->i_size = de->size;
+ if (de->vx_flags)
+ PROC_I(inode)->vx_flags = de->vx_flags;
diff -urNP linux-2.6.19.2/fs/proc/internal.h linux-2.6.19.2/fs/proc/internal.h
--- linux-2.6.19.2/fs/proc/internal.h 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/proc/internal.h 2007-01-20 17:29:55.000000000 -0500
@@ -12018,9 +11976,9 @@
+#else
proc_bus = proc_mkdir("bus", NULL);
+#endif
+ proc_vx_init();
}
- static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry,
struct kstat *stat
diff -urNP linux-2.6.19.2/fs/proc/task_mmu.c linux-2.6.19.2/fs/proc/task_mmu.c
--- linux-2.6.19.2/fs/proc/task_mmu.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/proc/task_mmu.c 2007-01-20 17:29:55.000000000 -0500
@@ -12364,9 +12322,9 @@
--- linux-2.6.19.2/fs/utimes.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/fs/utimes.c 2007-01-20 17:29:55.000000000 -0500
@@ -3,6 +3,7 @@
- #include <linux/linkage.h>
#include <linux/namei.h>
#include <linux/utime.h>
+ #include <linux/vs_cowbl.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
@@ -21450,7 +21408,7 @@
+#ifdef CONFIG_PAX_SEGMEXEC
+#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ?
SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
+#else
- #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2)
+ #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2)
+#endif
+
+#ifdef CONFIG_PAX_ASLR
@@ -24906,9 +24864,9 @@
--- linux-2.6.19.2/ipc/msg.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/ipc/msg.c 2007-01-20 17:29:55.000000000 -0500
@@ -36,6 +36,7 @@
- #include <linux/seq_file.h>
#include <linux/mutex.h>
#include <linux/nsproxy.h>
+ #include <linux/vs_base.h>
+#include <linux/grsecurity.h>
#include <asm/current.h>
@@ -24934,9 +24892,9 @@
--- linux-2.6.19.2/ipc/sem.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/ipc/sem.c 2007-01-20 17:29:55.000000000 -0500
@@ -83,6 +83,7 @@
- #include <linux/seq_file.h>
- #include <linux/mutex.h>
#include <linux/nsproxy.h>
+ #include <linux/vs_base.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -24963,9 +24921,9 @@
--- linux-2.6.19.2/ipc/shm.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/ipc/shm.c 2007-01-20 17:29:55.000000000 -0500
@@ -37,6 +37,7 @@
- #include <linux/seq_file.h>
- #include <linux/mutex.h>
#include <linux/nsproxy.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -25103,9 +25061,9 @@
--- linux-2.6.19.2/kernel/capability.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/kernel/capability.c 2007-01-20 17:29:55.000000000 -0500
@@ -12,6 +12,7 @@
- #include <linux/module.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+ #include <linux/vs_context.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -25166,9 +25124,9 @@
--- linux-2.6.19.2/kernel/exit.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/kernel/exit.c 2007-01-20 17:29:55.000000000 -0500
@@ -41,6 +41,11 @@
- #include <linux/audit.h> /* for audit_free() */
- #include <linux/resource.h>
- #include <linux/blkdev.h>
+ #include <linux/vs_limit.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_network.h>
+#include <linux/grsecurity.h>
+
+#ifdef CONFIG_GRKERNSEC
@@ -25248,9 +25206,9 @@
--- linux-2.6.19.2/kernel/fork.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/kernel/fork.c 2007-01-20 17:29:55.000000000 -0500
@@ -48,6 +48,7 @@
- #include <linux/delayacct.h>
- #include <linux/taskstats_kern.h>
- #include <linux/random.h>
+ #include <linux/vs_network.h>
+ #include <linux/vs_limit.h>
+ #include <linux/vs_memory.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -25284,11 +25242,10 @@
mm->cached_hole_size = ~0UL;
if (likely(!mm_alloc_pgd(mm))) {
-@@ -990,6 +991,9 @@
- DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
- #endif
- retval = -EAGAIN;
-+
+@@ -990,6 +991,8 @@
+ if (!vx_nproc_avail(1))
+ goto bad_fork_cleanup_vm;
+
+ gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes), 0);
+
if (atomic_read(&p->user->processes) >=
@@ -25839,20 +25796,25 @@
--- linux-2.6.19.2/kernel/pid.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/kernel/pid.c 2007-01-20 17:29:55.000000000 -0500
@@ -27,6 +27,7 @@
- #include <linux/bootmem.h>
#include <linux/hash.h>
#include <linux/pspace.h>
+ #include <linux/vs_pid.h>
+#include <linux/grsecurity.h>
#define pid_hashfn(nr) hash_long((unsigned long)nr, pidhash_shift)
static struct hlist_head *pid_hash;
-@@ -299,7 +300,14 @@
+@@ -300,11 +300,19 @@
*/
struct task_struct *find_task_by_pid_type(int type, int nr)
{
-- return pid_task(find_pid(nr), type);
+ struct task_struct *task;
-+
++
+ if (type == PIDTYPE_PID)
+ nr = vx_rmap_pid(nr);
+ else if (type == PIDTYPE_REALPID)
+ type = PIDTYPE_PID;
+- return pid_task(find_pid(nr), type);
++
+ task = pid_task(find_pid(nr), type);
+
+ if (gr_pid_is_chrooted(task))
@@ -25897,9 +25859,9 @@
--- linux-2.6.19.2/kernel/printk.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/kernel/printk.c 2007-01-20 17:29:55.000000000 -0500
@@ -32,6 +32,7 @@
- #include <linux/bootmem.h>
#include <linux/syscalls.h>
#include <linux/jiffies.h>
+ #include <linux/vs_cvirt.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -25920,9 +25882,9 @@
--- linux-2.6.19.2/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/kernel/ptrace.c 2007-01-20 17:29:55.000000000 -0500
@@ -18,6 +18,7 @@
- #include <linux/ptrace.h>
#include <linux/security.h>
#include <linux/signal.h>
+ #include <linux/vs_context.h>
+#include <linux/grsecurity.h>
#include <asm/pgtable.h>
@@ -26003,33 +25965,36 @@
- if (increment < 0 && !can_nice(current, nice))
+ if (increment < 0 && (!can_nice(current, nice) ||
+ gr_handle_chroot_nice()))
- return -EPERM;
+ return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM;
retval = security_task_setnice(current, nice);
diff -urNP linux-2.6.19.2/kernel/signal.c linux-2.6.19.2/kernel/signal.c
--- linux-2.6.19.2/kernel/signal.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/kernel/signal.c 2007-01-20 17:29:55.000000000 -0500
@@ -23,6 +23,7 @@
- #include <linux/ptrace.h>
#include <linux/signal.h>
#include <linux/capability.h>
+ #include <linux/vs_context.h>
+#include <linux/grsecurity.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
-@@ -581,16 +582,18 @@
- return error;
+@@ -587,11 +587,11 @@
+ goto skip;
+
error = -EPERM;
- if ((info == SEND_SIG_NOINFO || (!is_si_special(info) &&
SI_FROMUSER(info)))
-- && ((sig != SIGCONT) ||
-+ && ((((sig != SIGCONT) ||
+- if (((sig != SIGCONT) ||
++ if ((((sig != SIGCONT) ||
(current->signal->session != t->signal->session))
&& (current->euid ^ t->suid) && (current->euid ^ t->uid)
&& (current->uid ^ t->suid) && (current->uid ^ t->uid)
- && !capable(CAP_KILL))
-+ && !capable(CAP_KILL)) || gr_handle_signal(t, sig)))
++ && !capable(CAP_KILL)) || gr_handle_signal(t, sig))
return error;
+ error = -ESRCH;
+@@ -604,7 +604,9 @@
+ skip:
error = security_task_kill(t, info, sig, 0);
- if (!error)
+ if (!error) {
@@ -26266,7 +26231,7 @@
@@ -93,6 +94,9 @@
return err;
- do_settimeofday(&tv);
+ vx_settimeofday(&tv);
+
+ gr_log_timechange();
+
@@ -26701,9 +26666,9 @@
--- linux-2.6.19.2/mm/mlock.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/mm/mlock.c 2007-01-20 17:29:55.000000000 -0500
@@ -10,14 +10,85 @@
- #include <linux/mm.h>
#include <linux/mempolicy.h>
#include <linux/syscalls.h>
+ #include <linux/vs_memory.h>
+#include <linux/grsecurity.h>
+static int __mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct
**prev,
@@ -26825,7 +26790,7 @@
- ret = make_pages_present(start, end);
- }
-
-- vma->vm_mm->locked_vm -= pages;
+- vx_vmlocked_sub(vma->vm_mm, pages);
out:
if (ret == -ENOMEM)
ret = -EAGAIN;
@@ -26877,9 +26842,9 @@
ret = -ENOMEM;
+ gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
+ if (!vx_vmlocked_avail(current->mm, current->mm->total_vm))
+ goto out;
if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
- capable(CAP_IPC_LOCK))
- ret = do_mlockall(flags);
diff -urNP linux-2.6.19.2/mm/mmap.c linux-2.6.19.2/mm/mmap.c
--- linux-2.6.19.2/mm/mmap.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/mm/mmap.c 2007-01-22 22:58:01.000000000 -0500
@@ -28659,9 +28624,9 @@
--- linux-2.6.19.2/net/unix/af_unix.c 2006-11-29 16:57:37.000000000 -0500
+++ linux-2.6.19.2/net/unix/af_unix.c 2007-01-20 17:29:55.000000000 -0500
@@ -116,6 +116,7 @@
- #include <linux/mount.h>
- #include <net/checksum.h>
#include <linux/security.h>
+ #include <linux/vs_context.h>
+ #include <linux/vs_limit.h>
+#include <linux/grsecurity.h>
int sysctl_unix_max_dgram_qlen __read_mostly = 10;
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/grsecurity-vs-2.1.10-2.6.19.2-200701222307.patch?r1=1.1.2.2&r2=1.1.2.3&f=u
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
