SOURCES (LINUX_2_6_20): grsecurity-2.1.10-2.6.20.3.patch - merged ...
Author: zbyniu Date: Tue Apr 10 19:13:02 2007 GMT Module: SOURCES Tag: LINUX_2_6_20 Log message: - merged changes from grsecurity-2.1.10-2.6.20.6-200704091818.patch - cleanups Files affected: SOURCES: grsecurity-2.1.10-2.6.20.3.patch (1.1.2.5 - 1.1.2.6) Diffs: Index: SOURCES/grsecurity-2.1.10-2.6.20.3.patch diff -u SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.5 SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.6 --- SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.5Mon Apr 9 22:36:11 2007 +++ SOURCES/grsecurity-2.1.10-2.6.20.3.patchTue Apr 10 21:12:57 2007 @@ -46,7 +46,7 @@ #include asm/uaccess.h #include asm/pgtable.h -@@ -283,6 +284,9 @@ do_sys_ptrace(long request, long pid, lo +@@ -289,6 +290,9 @@ do_sys_ptrace(long request, long pid, lo goto out; } @@ -3563,6 +3563,15 @@ unsigned long base = (kesp - uesp) -THREAD_SIZE; unsigned long new_kesp = kesp - base; unsigned long lim_pages = (new_kesp | (THREAD_SIZE - 1)) PAGE_SHIFT; +@@ -1076,7 +1095,7 @@ void __init trap_init_f00f_bug(void) +* Update the IDT descriptor and reload the IDT so that +* it uses the read-only mapped virtual address. +*/ +- idt_descr.address = fix_to_virt(FIX_F00F_IDT); ++ idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT); + load_idt(idt_descr); + } + #endif diff -urNp linux-2.6.20.3/arch/i386/kernel/tsc.c linux-2.6.20.3/arch/i386/kernel/tsc.c --- linux-2.6.20.3/arch/i386/kernel/tsc.c 2007-03-13 14:27:08.0 -0400 +++ linux-2.6.20.3/arch/i386/kernel/tsc.c 2007-03-23 08:10:06.0 -0400 @@ -5913,7 +5922,16 @@ /* User mode accesses just cause a SIGSEGV */ if (error_code 4) { /* -@@ -551,6 +708,22 @@ no_context: +@@ -508,7 +666,7 @@ bad_area_nosemaphore: + if (boot_cpu_data.f00f_bug) { + unsigned long nr; + +- nr = (address - idt_descr.address) 3; ++ nr = (address - (unsigned long)idt_descr.address) 3; + + if (nr == 6) { + do_invalid_op(regs, 0); +@@ -551,6 +709,22 @@ no_context: if (address PAGE_SIZE) printk(KERN_ALERT BUG: unable to handle kernel NULL pointer dereference); @@ -5936,7 +5954,7 @@ else printk(KERN_ALERT BUG: unable to handle kernel paging request); -@@ -558,24 +731,34 @@ no_context: +@@ -558,24 +732,34 @@ no_context: printk(KERN_ALERT printing eip:\n); printk(%08lx\n, regs-eip); } @@ -5987,7 +6005,7 @@ tsk-thread.cr2 = address; tsk-thread.trap_no = 14; tsk-thread.error_code = error_code; -@@ -652,3 +835,101 @@ void vmalloc_sync_all(void) +@@ -653,3 +837,101 @@ void vmalloc_sync_all(void) } } #endif @@ -13429,7 +13447,7 @@ diff -urNp linux-2.6.20.3/fs/namespace.c linux-2.6.20.3/fs/namespace.c --- linux-2.6.20.3/fs/namespace.c 2007-03-13 14:27:08.0 -0400 +++ linux-2.6.20.3/fs/namespace.c 2007-03-23 08:11:31.0 -0400 -@@ -25,6 +25,7 @@ +@@ -30,6 +30,7 @@ #include linux/vs_tag.h #include linux/vserver/space.h #include linux/vserver/global.h @@ -13437,8 +13455,8 @@ #include asm/uaccess.h #include asm/unistd.h #include pnode.h -@@ -599,6 +600,8 @@ static int do_umount(struct vfsmount *mn - DQUOT_OFF(sb); +@@ -658,6 +659,8 @@ static int do_umount(struct vfsmount *mn + DQUOT_OFF(sb-s_dqh); retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); unlock_kernel(); + @@ -13446,7 +13464,7 @@ } up_write(sb-s_umount); return retval; -@@ -619,6 +622,9 @@ static int do_umount(struct vfsmount *mn +@@ -678,6 +681,9 @@ static int do_umount(struct vfsmount *mn security_sb_umount_busy(mnt); up_write(namespace_sem); release_mounts(umount_list); @@ -13456,7 +13474,7 @@ return retval; } -@@ -1421,6 +1427,11 @@ long do_mount(char *dev_name, char *dir_ +@@ -1504,6 +1510,11 @@ long do_mount(char *dev_name, char *dir_ if (retval) goto dput_out; @@ -13467,8 +13485,8 @@ + if (flags MS_REMOUNT) retval = do_remount(nd, flags ~MS_REMOUNT, mnt_flags, - data_page); -@@ -1435,6 +1446,9 @@ long do_mount(char *dev_name, char *dir_ + data_page, tag); +@@ -1518,6 +1529,9 @@ long do_mount(char *dev_name, char *dir_ dev_name, data_page); dput_out: path_release(nd); @@ -13478,7 +13496,7 @@ return retval; } -@@ -1688,6 +1702,9
SOURCES (LINUX_2_6_20): grsecurity-2.1.10-2.6.20.3.patch - merged ...
Author: zbyniu Date: Fri Apr 6 15:32:36 2007 GMT Module: SOURCES Tag: LINUX_2_6_20 Log message: - merged changes from grsecurity-2.1.10-2.6.20.4-200704021831.patch Files affected: SOURCES: grsecurity-2.1.10-2.6.20.3.patch (1.1.2.3 - 1.1.2.4) Diffs: Index: SOURCES/grsecurity-2.1.10-2.6.20.3.patch diff -u SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.3 SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.4 --- SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.3Sun Mar 25 21:50:35 2007 +++ SOURCES/grsecurity-2.1.10-2.6.20.3.patchFri Apr 6 17:32:31 2007 @@ -2550,7 +2550,7 @@ /* @@ -298,7 +298,7 @@ void show_regs(struct pt_regs * regs) - printk(EIP: %04x:[%08lx] CPU: %d\n,0x regs-xcs,regs-eip, smp_processor_id()); + 0x regs-xcs,regs-eip, smp_processor_id()); print_symbol(EIP is at %s\n, regs-eip); - if (user_mode_vm(regs)) @@ -3102,7 +3102,7 @@ /* * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later -@@ -150,17 +176,42 @@ int arch_setup_additional_pages(struct l +@@ -151,17 +177,42 @@ int arch_setup_additional_pages(struct l */ vma-vm_flags |= VM_ALWAYSDUMP; vma-vm_flags |= mm-def_flags; @@ -3146,7 +3146,7 @@ + current-mm-context.vdso = addr; current_thread_info()-sysenter_return = (void *)VDSO_SYM(SYSENTER_RETURN); - mm-total_vm++; + vx_vmpages_inc(mm); @@ -171,8 +222,17 @@ up_fail: const char *arch_vma_name(struct vm_area_struct *vma) @@ -5634,7 +5634,7 @@ diff -urNp linux-2.6.20.3/arch/i386/mm/fault.c linux-2.6.20.3/arch/i386/mm/fault.c --- linux-2.6.20.3/arch/i386/mm/fault.c2007-03-13 14:27:08.0 -0400 +++ linux-2.6.20.3/arch/i386/mm/fault.c2007-03-23 08:32:22.0 -0400 -@@ -23,6 +23,9 @@ +@@ -23,11 +23,15 @@ #include linux/module.h #include linux/kprobes.h #include linux/uaccess.h @@ -5644,7 +5644,13 @@ #include asm/system.h #include asm/desc.h -@@ -104,7 +107,8 @@ static inline unsigned long get_segment_ + #include asm/kdebug.h + #include asm/segment.h ++#include asm/tlbflush.h + + extern void die(const char *,struct pt_regs *,long); + +@@ -104,7 +108,8 @@ static inline unsigned long get_segment_ { unsigned long eip = regs-eip; unsigned seg = regs-xcs 0x; @@ -5654,7 +5660,7 @@ /* Unlikely, but must come before segment checks. */ if (unlikely(regs-eflags VM_MASK)) { -@@ -118,7 +122,7 @@ static inline unsigned long get_segment_ +@@ -118,7 +123,7 @@ static inline unsigned long get_segment_ /* By far the most common cases. */ if (likely(SEGMENT_IS_FLAT_CODE(seg))) @@ -6336,7 +6342,7 @@ -#endif } - #if defined(CONFIG_SOFTWARE_SUSPEND) || defined(CONFIG_ACPI_SLEEP) + #if defined(CONFIG_SUSPEND_SHARED) || defined(CONFIG_ACPI_SLEEP) @@ -388,12 +358,12 @@ static void __init pagetable_init (void) * Swap suspend friends need this for resume because things like the intel-agp * driver might have split up a kernel 4MB mapping. @@ -8541,8 +8547,8 @@ #include asm/pgtable.h #include asm/system.h -@@ -303,6 +304,11 @@ asmlinkage void do_ptrace(struct pt_regs - goto out; +@@ -308,6 +309,11 @@ asmlinkage void do_ptrace(struct pt_regs + goto out_tsk; } + if (gr_handle_ptrace(child, request)) { @@ -8948,8 +8954,8 @@ #include asm/asi.h #include asm/pgtable.h -@@ -216,6 +217,11 @@ asmlinkage void do_ptrace(struct pt_regs - goto out; +@@ -221,6 +222,11 @@ asmlinkage void do_ptrace(struct pt_regs + goto out_tsk; } + if (gr_handle_ptrace(child, (long)request)) { @@ -9772,8 +9778,8 @@ default:/* 3: write, present */ /* fall through */ @@ -519,7 +549,14 @@ bad_area_nosemaphore: - tsk-comm, tsk-pid, address, regs-rip, - regs-rsp, error_code); + tsk-comm, tsk-pid, tsk-xid, address, + regs-rip, regs-rsp, error_code); } - + @@ -13067,14 +13073,14 @@ if (orig_start = current-signal-rlim[RLIMIT_NOFILE].rlim_cur) goto out; -@@ -82,6 +84,7 @@ repeat: +@@ -83,6 +85,7 @@ repeat: fdt-max_fds, start); error = -EMFILE; + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0); if (newfd = current-signal-rlim[RLIMIT_NOFILE].rlim_cur) goto out; - + if (!vx_files_avail(1)) @@ -140,6 +143,8 @@ asmlinkage long sys_dup2(unsigned int ol struct files_struct * files = current-files; struct fdtable *fdt;