SOURCES (LINUX_2_6_20): grsecurity-2.1.10-2.6.20.3.patch - merged ...

Fri, 06 Apr 2007 08:32:44 -0700 

Author: zbyniu                       Date: Fri Apr  6 15:32:36 2007 GMT
Module: SOURCES                       Tag: LINUX_2_6_20
---- Log message:
- merged changes from grsecurity-2.1.10-2.6.20.4-200704021831.patch

---- Files affected:
SOURCES:
   grsecurity-2.1.10-2.6.20.3.patch (1.1.2.3 -> 1.1.2.4) 

---- Diffs:

================================================================
Index: SOURCES/grsecurity-2.1.10-2.6.20.3.patch
diff -u SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.3 
SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.4
--- SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.3    Sun Mar 25 21:50:35 2007
+++ SOURCES/grsecurity-2.1.10-2.6.20.3.patch    Fri Apr  6 17:32:31 2007
@@ -2550,7 +2550,7 @@
  
  /*
 @@ -298,7 +298,7 @@ void show_regs(struct pt_regs * regs)
-       printk("EIP: %04x:[<%08lx>] CPU: %d\n",0xffff & regs->xcs,regs->eip, 
smp_processor_id());
+               0xffff & regs->xcs,regs->eip, smp_processor_id());
        print_symbol("EIP is at %s\n", regs->eip);
  
 -      if (user_mode_vm(regs))
@@ -3102,7 +3102,7 @@
        /*
         * Make sure the vDSO gets into every core dump.
         * Dumping its contents makes post-mortem fully interpretable later
-@@ -150,17 +176,42 @@ int arch_setup_additional_pages(struct l
+@@ -151,17 +177,42 @@ int arch_setup_additional_pages(struct l
         */
        vma->vm_flags |= VM_ALWAYSDUMP;
        vma->vm_flags |= mm->def_flags;
@@ -3146,7 +3146,7 @@
 +      current->mm->context.vdso = addr;
        current_thread_info()->sysenter_return =
                                    (void *)VDSO_SYM(&SYSENTER_RETURN);
-       mm->total_vm++;
+       vx_vmpages_inc(mm);
 @@ -171,8 +222,17 @@ up_fail:
  
  const char *arch_vma_name(struct vm_area_struct *vma)
@@ -5634,7 +5634,7 @@
 diff -urNp linux-2.6.20.3/arch/i386/mm/fault.c 
linux-2.6.20.3/arch/i386/mm/fault.c
 --- linux-2.6.20.3/arch/i386/mm/fault.c        2007-03-13 14:27:08.000000000 
-0400
 +++ linux-2.6.20.3/arch/i386/mm/fault.c        2007-03-23 08:32:22.000000000 
-0400
-@@ -23,6 +23,9 @@
+@@ -23,11 +23,15 @@
  #include <linux/module.h>
  #include <linux/kprobes.h>
  #include <linux/uaccess.h>
@@ -5644,7 +5644,13 @@
  
  #include <asm/system.h>
  #include <asm/desc.h>
-@@ -104,7 +107,8 @@ static inline unsigned long get_segment_
+ #include <asm/kdebug.h>
+ #include <asm/segment.h>
++#include <asm/tlbflush.h>
+ 
+ extern void die(const char *,struct pt_regs *,long);
+ 
+@@ -104,7 +108,8 @@ static inline unsigned long get_segment_
  {
        unsigned long eip = regs->eip;
        unsigned seg = regs->xcs & 0xffff;
@@ -5654,7 +5660,7 @@
  
        /* Unlikely, but must come before segment checks. */
        if (unlikely(regs->eflags & VM_MASK)) {
-@@ -118,7 +122,7 @@ static inline unsigned long get_segment_
+@@ -118,7 +123,7 @@ static inline unsigned long get_segment_
        
        /* By far the most common cases. */
        if (likely(SEGMENT_IS_FLAT_CODE(seg)))
@@ -6336,7 +6342,7 @@
 -#endif
  }
  
- #if defined(CONFIG_SOFTWARE_SUSPEND) || defined(CONFIG_ACPI_SLEEP)
+ #if defined(CONFIG_SUSPEND_SHARED) || defined(CONFIG_ACPI_SLEEP)
 @@ -388,12 +358,12 @@ static void __init pagetable_init (void)
   * Swap suspend & friends need this for resume because things like the 
intel-agp
   * driver might have split up a kernel 4MB mapping.
@@ -8541,8 +8547,8 @@
  
  #include <asm/pgtable.h>
  #include <asm/system.h>
-@@ -303,6 +304,11 @@ asmlinkage void do_ptrace(struct pt_regs
-               goto out;
+@@ -308,6 +309,11 @@ asmlinkage void do_ptrace(struct pt_regs
+               goto out_tsk;
        }
  
 +      if (gr_handle_ptrace(child, request)) {
@@ -8948,8 +8954,8 @@
  
  #include <asm/asi.h>
  #include <asm/pgtable.h>
-@@ -216,6 +217,11 @@ asmlinkage void do_ptrace(struct pt_regs
-               goto out;
+@@ -221,6 +222,11 @@ asmlinkage void do_ptrace(struct pt_regs
+               goto out_tsk;
        }
  
 +      if (gr_handle_ptrace(child, (long)request)) {
@@ -9772,8 +9778,8 @@
                default:        /* 3: write, present */
                        /* fall through */
 @@ -519,7 +549,14 @@ bad_area_nosemaphore:
-                                       tsk->comm, tsk->pid, address, regs->rip,
-                                       regs->rsp, error_code);
+                                       tsk->comm, tsk->pid, tsk->xid, address,
+                                       regs->rip, regs->rsp, error_code);
                }
 -       
 +
@@ -13067,14 +13073,14 @@
        if (orig_start >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
                goto out;
  
-@@ -82,6 +84,7 @@ repeat:
+@@ -83,6 +85,7 @@ repeat:
                                           fdt->max_fds, start);
        
        error = -EMFILE;
 +      gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0);
        if (newfd >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
                goto out;
- 
+       if (!vx_files_avail(1))
 @@ -140,6 +143,8 @@ asmlinkage long sys_dup2(unsigned int ol
        struct files_struct * files = current->files;
        struct fdtable *fdt;
@@ -14037,8 +14043,8 @@
                        inode->i_gid = de->gid;
 +#endif
                }
-               if (de->size)
-                       inode->i_size = de->size;
+               if (de->vx_flags)
+                       PROC_I(inode)->vx_flags = de->vx_flags;
 diff -urNp linux-2.6.20.3/fs/proc/internal.h linux-2.6.20.3/fs/proc/internal.h
 --- linux-2.6.20.3/fs/proc/internal.h  2007-03-13 14:27:08.000000000 -0400
 +++ linux-2.6.20.3/fs/proc/internal.h  2007-03-23 08:11:31.000000000 -0400
@@ -18204,7 +18210,7 @@
 diff -urNp linux-2.6.20.3/grsecurity/gracl_cap.c 
linux-2.6.20.3/grsecurity/gracl_cap.c
 --- linux-2.6.20.3/grsecurity/gracl_cap.c      1969-12-31 19:00:00.000000000 
-0500
 +++ linux-2.6.20.3/grsecurity/gracl_cap.c      2007-03-23 08:11:31.000000000 
-0400
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,110 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -18246,6 +18252,7 @@
 +};
 +
 +EXPORT_SYMBOL(gr_task_is_capable);
++EXPORT_SYMBOL(gr_is_capable_nolog);
 +
 +int
 +gr_task_is_capable(struct task_struct *task, const int cap)
@@ -20023,7 +20030,7 @@
 diff -urNp linux-2.6.20.3/grsecurity/grsec_disabled.c 
linux-2.6.20.3/grsecurity/grsec_disabled.c
 --- linux-2.6.20.3/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 
-0500
 +++ linux-2.6.20.3/grsecurity/grsec_disabled.c 2007-03-23 08:11:31.000000000 
-0400
-@@ -0,0 +1,417 @@
+@@ -0,0 +1,418 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -20435,6 +20442,7 @@
 +
 +
 +EXPORT_SYMBOL(gr_task_is_capable);
++EXPORT_SYMBOL(gr_is_capable_nolog);
 +EXPORT_SYMBOL(gr_learn_resource);
 +EXPORT_SYMBOL(gr_set_kernel_label);
 +#ifdef CONFIG_SECURITY
@@ -23510,7 +23518,7 @@
  
  #define LDT_empty(info) (\
        (info)->base_addr       == 0    && \
-@@ -176,15 +197,25 @@ static inline void load_LDT(mm_context_t
+@@ -176,15 +197,23 @@ static inline void load_LDT(mm_context_t
        preempt_enable();
  }
  
@@ -23529,12 +23537,10 @@
  
 +static inline void set_user_cs(unsigned long base, unsigned long limit, int 
cpu)
 +{
-+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
 +      __u32 a, b;
 +
 +      pack_descriptor(&a, &b, base, limit - 1, 0xFB, 0xC);
 +      write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, a, 
b);
-+#endif
 +}
 +
  #else /* __ASSEMBLY__ */
@@ -23772,26 +23778,28 @@
 diff -urNp linux-2.6.20.3/include/asm-i386/mmu_context.h 
linux-2.6.20.3/include/asm-i386/mmu_context.h
 --- linux-2.6.20.3/include/asm-i386/mmu_context.h      2007-03-13 
14:27:08.000000000 -0400
 +++ linux-2.6.20.3/include/asm-i386/mmu_context.h      2007-03-23 
09:11:44.000000000 -0400
-@@ -45,6 +45,18 @@ static inline void switch_mm(struct mm_s
+@@ -45,6 +45,20 @@ static inline void switch_mm(struct mm_s
                 */
                if (unlikely(prev->context.ldt != next->context.ldt))
                        load_LDT_nolock(&next->context);
 +
 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
++              smp_mb__before_clear_bit();
 +              cpu_clear(cpu, prev->context.cpu_user_cs_mask);
++              smp_mb__after_clear_bit();
 +              cpu_set(cpu, next->context.cpu_user_cs_mask);
 +#endif
 +
 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
 +              if (unlikely(prev->context.user_cs_base != 
next->context.user_cs_base ||
 +                           prev->context.user_cs_limit != 
next->context.user_cs_limit))
-+#endif
 +                      set_user_cs(next->context.user_cs_base, 
next->context.user_cs_limit, cpu);
++#endif
 +
        }
  #ifdef CONFIG_SMP
        else {
-@@ -57,6 +69,12 @@ static inline void switch_mm(struct mm_s
+@@ -57,6 +71,15 @@ static inline void switch_mm(struct mm_s
                         */
                        load_cr3(next->pgd);
                        load_LDT_nolock(&next->context);
@@ -23800,7 +23808,10 @@
 +                      cpu_set(cpu, next->context.cpu_user_cs_mask);
 +#endif
 +
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
 +                      set_user_cs(next->context.user_cs_base, 
next->context.user_cs_limit, cpu);
++#endif
++
                }
        }
  #endif
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.10-2.6.20.3.patch?r1=1.1.2.3&r2=1.1.2.4&f=u

_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to