Author: zbyniu Date: Tue Apr 10 19:13:02 2007 GMT Module: SOURCES Tag: LINUX_2_6_20 ---- Log message: - merged changes from grsecurity-2.1.10-2.6.20.6-200704091818.patch - cleanups
---- Files affected: SOURCES: grsecurity-2.1.10-2.6.20.3.patch (1.1.2.5 -> 1.1.2.6) ---- Diffs: ================================================================ Index: SOURCES/grsecurity-2.1.10-2.6.20.3.patch diff -u SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.5 SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.6 --- SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.5 Mon Apr 9 22:36:11 2007 +++ SOURCES/grsecurity-2.1.10-2.6.20.3.patch Tue Apr 10 21:12:57 2007 @@ -46,7 +46,7 @@ #include <asm/uaccess.h> #include <asm/pgtable.h> -@@ -283,6 +284,9 @@ do_sys_ptrace(long request, long pid, lo +@@ -289,6 +290,9 @@ do_sys_ptrace(long request, long pid, lo goto out; } @@ -3563,6 +3563,15 @@ unsigned long base = (kesp - uesp) & -THREAD_SIZE; unsigned long new_kesp = kesp - base; unsigned long lim_pages = (new_kesp | (THREAD_SIZE - 1)) >> PAGE_SHIFT; +@@ -1076,7 +1095,7 @@ void __init trap_init_f00f_bug(void) + * Update the IDT descriptor and reload the IDT so that + * it uses the read-only mapped virtual address. + */ +- idt_descr.address = fix_to_virt(FIX_F00F_IDT); ++ idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT); + load_idt(&idt_descr); + } + #endif diff -urNp linux-2.6.20.3/arch/i386/kernel/tsc.c linux-2.6.20.3/arch/i386/kernel/tsc.c --- linux-2.6.20.3/arch/i386/kernel/tsc.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/arch/i386/kernel/tsc.c 2007-03-23 08:10:06.000000000 -0400 @@ -5913,7 +5922,16 @@ /* User mode accesses just cause a SIGSEGV */ if (error_code & 4) { /* -@@ -551,6 +708,22 @@ no_context: +@@ -508,7 +666,7 @@ bad_area_nosemaphore: + if (boot_cpu_data.f00f_bug) { + unsigned long nr; + +- nr = (address - idt_descr.address) >> 3; ++ nr = (address - (unsigned long)idt_descr.address) >> 3; + + if (nr == 6) { + do_invalid_op(regs, 0); +@@ -551,6 +709,22 @@ no_context: if (address < PAGE_SIZE) printk(KERN_ALERT "BUG: unable to handle kernel NULL " "pointer dereference"); @@ -5936,7 +5954,7 @@ else printk(KERN_ALERT "BUG: unable to handle kernel paging" " request"); -@@ -558,24 +731,34 @@ no_context: +@@ -558,24 +732,34 @@ no_context: printk(KERN_ALERT " printing eip:\n"); printk("%08lx\n", regs->eip); } @@ -5987,7 +6005,7 @@ tsk->thread.cr2 = address; tsk->thread.trap_no = 14; tsk->thread.error_code = error_code; -@@ -652,3 +835,101 @@ void vmalloc_sync_all(void) +@@ -653,3 +837,101 @@ void vmalloc_sync_all(void) } } #endif @@ -13429,7 +13447,7 @@ diff -urNp linux-2.6.20.3/fs/namespace.c linux-2.6.20.3/fs/namespace.c --- linux-2.6.20.3/fs/namespace.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/fs/namespace.c 2007-03-23 08:11:31.000000000 -0400 -@@ -25,6 +25,7 @@ +@@ -30,6 +30,7 @@ #include <linux/vs_tag.h> #include <linux/vserver/space.h> #include <linux/vserver/global.h> @@ -13437,8 +13455,8 @@ #include <asm/uaccess.h> #include <asm/unistd.h> #include "pnode.h" -@@ -599,6 +600,8 @@ static int do_umount(struct vfsmount *mn - DQUOT_OFF(sb); +@@ -658,6 +659,8 @@ static int do_umount(struct vfsmount *mn + DQUOT_OFF(sb->s_dqh); retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); unlock_kernel(); + @@ -13446,7 +13464,7 @@ } up_write(&sb->s_umount); return retval; -@@ -619,6 +622,9 @@ static int do_umount(struct vfsmount *mn +@@ -678,6 +681,9 @@ static int do_umount(struct vfsmount *mn security_sb_umount_busy(mnt); up_write(&namespace_sem); release_mounts(&umount_list); @@ -13456,7 +13474,7 @@ return retval; } -@@ -1421,6 +1427,11 @@ long do_mount(char *dev_name, char *dir_ +@@ -1504,6 +1510,11 @@ long do_mount(char *dev_name, char *dir_ if (retval) goto dput_out; @@ -13467,8 +13485,8 @@ + if (flags & MS_REMOUNT) retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags, - data_page); -@@ -1435,6 +1446,9 @@ long do_mount(char *dev_name, char *dir_ + data_page, tag); +@@ -1518,6 +1529,9 @@ long do_mount(char *dev_name, char *dir_ dev_name, data_page); dput_out: path_release(&nd); @@ -13478,7 +13496,7 @@ return retval; } -@@ -1688,6 +1702,9 @@ asmlinkage long sys_pivot_root(const cha +@@ -1772,6 +1786,9 @@ asmlinkage long sys_pivot_root(const cha if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -13676,8 +13694,8 @@ diff -urNp linux-2.6.20.3/fs/proc/array.c linux-2.6.20.3/fs/proc/array.c --- linux-2.6.20.3/fs/proc/array.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/fs/proc/array.c 2007-03-23 08:11:31.000000000 -0400 -@@ -291,6 +291,21 @@ static inline char *task_cap(struct task - cap_t(p->cap_effective)); +@@ -304,6 +304,21 @@ static inline char *task_cap(struct task + (unsigned)vx_info_mbcap(vxi, p->cap_effective)); } +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) @@ -13773,7 +13791,7 @@ diff -urNp linux-2.6.20.3/fs/proc/base.c linux-2.6.20.3/fs/proc/base.c --- linux-2.6.20.3/fs/proc/base.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/fs/proc/base.c 2007-03-23 08:11:31.000000000 -0400 -@@ -73,6 +73,7 @@ +@@ -75,6 +75,7 @@ #include <linux/oom.h> #include <linux/vs_context.h> #include <linux/vs_network.h> @@ -13781,7 +13799,7 @@ #include "internal.h" -@@ -194,7 +195,7 @@ static int proc_root_link(struct inode * +@@ -197,7 +198,7 @@ static int proc_root_link(struct inode * (task->parent == current && \ (task->ptrace & PT_PTRACED) && \ (task->state == TASK_STOPPED || task->state == TASK_TRACED) && \ @@ -13930,9 +13948,9 @@ files = get_files_struct(p); if (!files) goto out; -@@ -1486,6 +1542,9 @@ static struct dentry *proc_pident_lookup +@@ -1479,6 +1535,9 @@ static struct dentry *proc_pident_lookup !memcmp(dentry->d_name.name, "ninfo", 5))) - goto out_no_task; + goto out; + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task)) + goto out; @@ -14007,7 +14025,7 @@ struct task_struct *task; int tgid; -@@ -2100,6 +2182,18 @@ int proc_pid_readdir(struct file * filp, +@@ -2117,6 +2199,18 @@ int proc_pid_readdir(struct file * filp, task; put_task_struct(task), task = next_tgid(tgid + 1)) { tgid = task->pid; @@ -14024,8 +14042,8 @@ + continue; + filp->f_pos = tgid + TGID_OFFSET; - if (proc_pid_fill_cache(filp, dirent, filldir, task, tgid) < 0) { - put_task_struct(task); + if (!vx_proc_task_visible(task)) + continue; diff -urNp linux-2.6.20.3/fs/proc/inode.c linux-2.6.20.3/fs/proc/inode.c --- linux-2.6.20.3/fs/proc/inode.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/fs/proc/inode.c 2007-03-23 08:11:31.000000000 -0400 @@ -14492,15 +14510,15 @@ diff -urNp linux-2.6.20.3/fs/utimes.c linux-2.6.20.3/fs/utimes.c --- linux-2.6.20.3/fs/utimes.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/fs/utimes.c 2007-03-23 08:11:31.000000000 -0400 -@@ -5,6 +5,7 @@ - #include <linux/sched.h> +@@ -6,6 +6,7 @@ #include <linux/utime.h> + #include <linux/mount.h> #include <linux/vs_cowbl.h> +#include <linux/grsecurity.h> #include <asm/uaccess.h> #include <asm/unistd.h> -@@ -61,6 +62,12 @@ asmlinkage long sys_utime(char __user * +@@ -63,6 +64,12 @@ asmlinkage long sys_utime(char __user * (error = vfs_permission(&nd, MAY_WRITE)) != 0) goto dput_and_out; } @@ -14513,7 +14531,7 @@ mutex_lock(&inode->i_mutex); error = notify_change(nd.dentry, &newattrs); mutex_unlock(&inode->i_mutex); -@@ -114,6 +121,12 @@ long do_utimes(int dfd, char __user *fil +@@ -115,6 +122,12 @@ long do_utimes(int dfd, char __user *fil (error = vfs_permission(&nd, MAY_WRITE)) != 0) goto dput_and_out; } @@ -27422,7 +27440,7 @@ #include <asm/uaccess.h> unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ -@@ -234,14 +235,25 @@ out: +@@ -237,14 +238,25 @@ out: return ret; } @@ -27448,7 +27466,7 @@ +} EXPORT_SYMBOL(__capable); - int capable(int cap) + #include <linux/vserver/base.h> @@ -249,3 +261,4 @@ int capable(int cap) return __capable(current, cap); } @@ -28256,7 +28274,7 @@ #include <asm/pgtable.h> #include <asm/uaccess.h> -@@ -137,12 +138,12 @@ static int may_attach(struct task_struct +@@ -138,12 +139,12 @@ static int may_attach(struct task_struct (current->uid != task->uid) || (current->gid != task->egid) || (current->gid != task->sgid) || @@ -28269,9 +28287,9 @@ - if (!dumpable && !capable(CAP_SYS_PTRACE)) + if (!dumpable && !capable_nolog(CAP_SYS_PTRACE)) return -EPERM; - - return security_ptrace(current, task); -@@ -477,6 +478,11 @@ asmlinkage long sys_ptrace(long request, + if (!vx_check(task->xid, VS_ADMIN_P|VS_IDENT)) + return -EPERM; +@@ -487,6 +488,11 @@ asmlinkage long sys_ptrace(long request, if (ret < 0) goto out_put_task_struct; @@ -28363,8 +28381,8 @@ +#include <linux/grsecurity.h> #include <linux/nsproxy.h> #include <linux/vs_context.h> - -@@ -595,11 +596,11 @@ static int check_kill_permission(int sig + #include <linux/vs_pid.h> +@@ -596,11 +597,11 @@ static int check_kill_permission(int sig sig, info, t, vx_task_xid(t), t->pid); error = -EPERM; @@ -28378,7 +28396,7 @@ return error; error = -ESRCH; -@@ -611,8 +612,10 @@ static int check_kill_permission(int sig +@@ -612,8 +613,10 @@ static int check_kill_permission(int sig } skip: error = security_task_kill(t, info, sig, 0); @@ -28390,7 +28408,7 @@ return error; } -@@ -790,7 +793,7 @@ out_set: +@@ -791,7 +794,7 @@ out_set: (((sig) < SIGRTMIN) && sigismember(&(sigptr)->signal, (sig))) @@ -28399,7 +28417,7 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { int ret = 0; -@@ -844,6 +847,10 @@ force_sig_info(int sig, struct siginfo * +@@ -845,6 +848,10 @@ force_sig_info(int sig, struct siginfo * } } ret = specific_send_sig_info(sig, info, t); @@ -28421,8 +28439,8 @@ #include <linux/compat.h> #include <linux/syscalls.h> -@@ -579,6 +580,12 @@ static int set_one_prio(struct task_stru - error = -EACCES; +@@ -583,6 +584,12 @@ static int set_one_prio(struct task_stru + error = -EACCES; goto out; } + @@ -28525,7 +28543,7 @@ /* External variables not in a header file. */ extern int C_A_D; -@@ -155,7 +163,7 @@ static int proc_do_cad_pid(ctl_table *ta +@@ -156,7 +164,7 @@ static int proc_do_cad_pid(ctl_table *ta static ctl_table root_table[]; static struct ctl_table_header root_table_header = @@ -28534,7 +28552,7 @@ static ctl_table kern_table[]; static ctl_table vm_table[]; -@@ -169,6 +177,7 @@ extern ctl_table pty_table[]; +@@ -170,6 +178,7 @@ extern ctl_table pty_table[]; #ifdef CONFIG_INOTIFY_USER extern ctl_table inotify_table[]; #endif @@ -28542,7 +28560,7 @@ #ifdef HAVE_ARCH_PICK_MMAP_LAYOUT int sysctl_legacy_va_layout; -@@ -208,6 +217,21 @@ static void *get_ipc(ctl_table *table, i +@@ -209,6 +218,21 @@ static void *get_ipc(ctl_table *table, i #define get_ipc(T,W) ((T)->data) #endif @@ -28564,7 +28582,7 @@ /* /proc declarations: */ #ifdef CONFIG_PROC_SYSCTL -@@ -269,7 +293,6 @@ static ctl_table root_table[] = { +@@ -270,7 +294,6 @@ static ctl_table root_table[] = { .mode = 0555, .child = dev_table, }, @@ -28572,7 +28590,7 @@ { .ctl_name = 0 } }; -@@ -781,6 +804,23 @@ static ctl_table kern_table[] = { +@@ -791,6 +814,23 @@ static ctl_table kern_table[] = { }, #endif @@ -28596,7 +28614,7 @@ { .ctl_name = 0 } }; -@@ -1295,6 +1335,10 @@ static int test_perm(int mode, int op) +@@ -1305,6 +1345,10 @@ static int test_perm(int mode, int op) static inline int ctl_perm(ctl_table *table, int op) { int error; @@ -28607,7 +28625,7 @@ error = security_sysctl(table, op); if (error) return error; -@@ -1334,6 +1378,10 @@ repeat: +@@ -1344,6 +1388,10 @@ repeat: table = table->child; goto repeat; } @@ -28996,7 +29014,7 @@ unlock: pte_unmap_unlock(page_table, ptl); if (dirty_page) { -@@ -2438,6 +2562,12 @@ static inline int handle_pte_fault(struc +@@ -2464,6 +2588,12 @@ static inline int handle_pte_fault(struc flush_tlb_page(vma, address); } unlock: @@ -29007,8 +29025,8 @@ +#endif + pte_unmap_unlock(pte, ptl); - return VM_FAULT_MINOR; - } + ret = VM_FAULT_MINOR; + out: @@ -2460,6 +2590,49 @@ int __handle_mm_fault(struct mm_struct * if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, write_access); @@ -29529,11 +29547,11 @@ vma->vm_flags, NULL, file, pgoff, vma_policy(vma))) { @@ -1143,6 +1262,7 @@ munmap_back: out: - mm->total_vm += len >> PAGE_SHIFT; + vx_vmpages_add(mm, len >> PAGE_SHIFT); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); + track_exec_limit(mm, addr, addr + len, vm_flags); if (vm_flags & VM_LOCKED) { - mm->locked_vm += len >> PAGE_SHIFT; + vx_vmlocked_add(mm, len >> PAGE_SHIFT); make_pages_present(addr, addr + len); @@ -1197,6 +1317,10 @@ arch_get_unmapped_area(struct file *filp if (len > TASK_SIZE) @@ -29873,8 +29891,8 @@ + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1); if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; - } -@@ -1918,12 +2120,12 @@ unsigned long do_brk(unsigned long addr, + if (!vx_vmlocked_avail(mm, len >> PAGE_SHIFT)) +@@ -1920,12 +2122,12 @@ unsigned long do_brk(unsigned long addr, /* * Clear old maps. this also does some error checking for us */ @@ -29889,7 +29907,7 @@ } /* Check against address space limits *after* clearing old maps... */ -@@ -1955,6 +2157,13 @@ unsigned long do_brk(unsigned long addr, +@@ -1958,6 +2160,13 @@ unsigned long do_brk(unsigned long addr, vma->vm_end = addr + len; vma->vm_pgoff = pgoff; vma->vm_flags = flags; @@ -29903,15 +29921,15 @@ vma->vm_page_prot = protection_map[flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; vma_link(mm, vma, prev, rb_link, rb_parent); -@@ -1964,6 +2173,7 @@ out: - mm->locked_vm += len >> PAGE_SHIFT; +@@ -1967,6 +2176,7 @@ out: + vx_vmlocked_add(mm, len >> PAGE_SHIFT); make_pages_present(addr, addr + len); } + track_exec_limit(mm, addr, addr + len, flags); return addr; } -@@ -2096,7 +2306,7 @@ int may_expand_vm(struct mm_struct *mm, +@@ -2105,7 +2315,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long lim; lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; @@ -29919,7 +29937,7 @@ + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; - return 1; + if (!vx_vmpages_avail(mm, npages)) diff -urNp linux-2.6.20.3/mm/mprotect.c linux-2.6.20.3/mm/mprotect.c --- linux-2.6.20.3/mm/mprotect.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/mm/mprotect.c 2007-03-23 08:27:30.000000000 -0400 @@ -30744,7 +30762,7 @@ diff -urNp linux-2.6.20.3/net/ipv4/netfilter/Kconfig linux-2.6.20.3/net/ipv4/netfilter/Kconfig --- linux-2.6.20.3/net/ipv4/netfilter/Kconfig 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/net/ipv4/netfilter/Kconfig 2007-03-23 08:11:31.000000000 -0400 -@@ -312,6 +312,21 @@ config IP_NF_MATCH_ADDRTYPE +@@ -330,6 +330,21 @@ config IP_NF_MATCH_ADDRTYPE If you want to compile it as a module, say M here and read <file:Documentation/modules.txt>. If unsure, say `N'. @@ -30766,22 +30784,17 @@ # `filter', generic and specific targets config IP_NF_FILTER tristate "Packet filtering" -@@ -682,4 +697,3 @@ config IP_NF_ARP_MANGLE - hardware and network addresses. - - endmenu -- diff -urNp linux-2.6.20.3/net/ipv4/netfilter/Makefile linux-2.6.20.3/net/ipv4/netfilter/Makefile --- linux-2.6.20.3/net/ipv4/netfilter/Makefile 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/net/ipv4/netfilter/Makefile 2007-03-23 08:11:31.000000000 -0400 -@@ -91,6 +91,7 @@ obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn - obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o +@@ -104,6 +104,7 @@ obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o + obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o +obj-$(CONFIG_IP_NF_MATCH_STEALTH) += ipt_stealth.o - # targets - obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o + obj-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7.o + diff -urNp linux-2.6.20.3/net/ipv4/tcp_ipv4.c linux-2.6.20.3/net/ipv4/tcp_ipv4.c --- linux-2.6.20.3/net/ipv4/tcp_ipv4.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/net/ipv4/tcp_ipv4.c 2007-03-23 08:11:31.000000000 -0400 @@ -31004,9 +31017,9 @@ #include <asm/uaccess.h> #include <asm/unistd.h> -@@ -93,6 +94,21 @@ - #include <net/sock.h> - #include <linux/netfilter.h> +@@ -95,6 +96,21 @@ + #include <linux/vs_base.h> + #include <linux/vs_socket.h> +extern void gr_attach_curr_ip(const struct sock *sk); +extern int gr_handle_sock_all(const int family, const int type, @@ -31026,7 +31039,7 @@ static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); -@@ -295,7 +311,7 @@ static int sockfs_get_sb(struct file_sys +@@ -297,7 +313,7 @@ static int sockfs_get_sb(struct file_sys mnt); } @@ -31341,7 +31354,7 @@ static int dummy_ptrace (struct task_struct *parent, struct task_struct *child) { -@@ -138,8 +139,11 @@ static void dummy_bprm_apply_creds (stru +@@ -139,8 +140,11 @@ static void dummy_bprm_apply_creds (stru } } @@ -31790,7 +31803,7 @@ + config KEYS bool "Enable access key retention support" - help + depends on !VSERVER_SECURITY diff -urNp linux-2.6.20.3/sound/core/oss/pcm_oss.c linux-2.6.20.3/sound/core/oss/pcm_oss.c --- linux-2.6.20.3/sound/core/oss/pcm_oss.c 2007-03-13 14:27:08.000000000 -0400 +++ linux-2.6.20.3/sound/core/oss/pcm_oss.c 2007-03-23 08:10:06.000000000 -0400 ================================================================ ---- CVS-web: http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.10-2.6.20.3.patch?r1=1.1.2.5&r2=1.1.2.6&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit