SOURCES (LINUX_2_6_20): grsecurity-2.1.10-2.6.20.3.patch - merged ...
Author: zbyniu Date: Tue Apr 10 19:13:02 2007 GMT
Module: SOURCES Tag: LINUX_2_6_20
Log message:
- merged changes from grsecurity-2.1.10-2.6.20.6-200704091818.patch
- cleanups
Files affected:
SOURCES:
grsecurity-2.1.10-2.6.20.3.patch (1.1.2.5 - 1.1.2.6)
Diffs:
Index: SOURCES/grsecurity-2.1.10-2.6.20.3.patch
diff -u SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.5
SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.6
--- SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.5Mon Apr 9 22:36:11 2007
+++ SOURCES/grsecurity-2.1.10-2.6.20.3.patchTue Apr 10 21:12:57 2007
@@ -46,7 +46,7 @@
#include asm/uaccess.h
#include asm/pgtable.h
-@@ -283,6 +284,9 @@ do_sys_ptrace(long request, long pid, lo
+@@ -289,6 +290,9 @@ do_sys_ptrace(long request, long pid, lo
goto out;
}
@@ -3563,6 +3563,15 @@
unsigned long base = (kesp - uesp) -THREAD_SIZE;
unsigned long new_kesp = kesp - base;
unsigned long lim_pages = (new_kesp | (THREAD_SIZE - 1)) PAGE_SHIFT;
+@@ -1076,7 +1095,7 @@ void __init trap_init_f00f_bug(void)
+* Update the IDT descriptor and reload the IDT so that
+* it uses the read-only mapped virtual address.
+*/
+- idt_descr.address = fix_to_virt(FIX_F00F_IDT);
++ idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT);
+ load_idt(idt_descr);
+ }
+ #endif
diff -urNp linux-2.6.20.3/arch/i386/kernel/tsc.c
linux-2.6.20.3/arch/i386/kernel/tsc.c
--- linux-2.6.20.3/arch/i386/kernel/tsc.c 2007-03-13 14:27:08.0
-0400
+++ linux-2.6.20.3/arch/i386/kernel/tsc.c 2007-03-23 08:10:06.0
-0400
@@ -5913,7 +5922,16 @@
/* User mode accesses just cause a SIGSEGV */
if (error_code 4) {
/*
-@@ -551,6 +708,22 @@ no_context:
+@@ -508,7 +666,7 @@ bad_area_nosemaphore:
+ if (boot_cpu_data.f00f_bug) {
+ unsigned long nr;
+
+- nr = (address - idt_descr.address) 3;
++ nr = (address - (unsigned long)idt_descr.address) 3;
+
+ if (nr == 6) {
+ do_invalid_op(regs, 0);
+@@ -551,6 +709,22 @@ no_context:
if (address PAGE_SIZE)
printk(KERN_ALERT BUG: unable to handle kernel NULL
pointer dereference);
@@ -5936,7 +5954,7 @@
else
printk(KERN_ALERT BUG: unable to handle kernel paging
request);
-@@ -558,24 +731,34 @@ no_context:
+@@ -558,24 +732,34 @@ no_context:
printk(KERN_ALERT printing eip:\n);
printk(%08lx\n, regs-eip);
}
@@ -5987,7 +6005,7 @@
tsk-thread.cr2 = address;
tsk-thread.trap_no = 14;
tsk-thread.error_code = error_code;
-@@ -652,3 +835,101 @@ void vmalloc_sync_all(void)
+@@ -653,3 +837,101 @@ void vmalloc_sync_all(void)
}
}
#endif
@@ -13429,7 +13447,7 @@
diff -urNp linux-2.6.20.3/fs/namespace.c linux-2.6.20.3/fs/namespace.c
--- linux-2.6.20.3/fs/namespace.c 2007-03-13 14:27:08.0 -0400
+++ linux-2.6.20.3/fs/namespace.c 2007-03-23 08:11:31.0 -0400
-@@ -25,6 +25,7 @@
+@@ -30,6 +30,7 @@
#include linux/vs_tag.h
#include linux/vserver/space.h
#include linux/vserver/global.h
@@ -13437,8 +13455,8 @@
#include asm/uaccess.h
#include asm/unistd.h
#include pnode.h
-@@ -599,6 +600,8 @@ static int do_umount(struct vfsmount *mn
- DQUOT_OFF(sb);
+@@ -658,6 +659,8 @@ static int do_umount(struct vfsmount *mn
+ DQUOT_OFF(sb-s_dqh);
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
unlock_kernel();
+
@@ -13446,7 +13464,7 @@
}
up_write(sb-s_umount);
return retval;
-@@ -619,6 +622,9 @@ static int do_umount(struct vfsmount *mn
+@@ -678,6 +681,9 @@ static int do_umount(struct vfsmount *mn
security_sb_umount_busy(mnt);
up_write(namespace_sem);
release_mounts(umount_list);
@@ -13456,7 +13474,7 @@
return retval;
}
-@@ -1421,6 +1427,11 @@ long do_mount(char *dev_name, char *dir_
+@@ -1504,6 +1510,11 @@ long do_mount(char *dev_name, char *dir_
if (retval)
goto dput_out;
@@ -13467,8 +13485,8 @@
+
if (flags MS_REMOUNT)
retval = do_remount(nd, flags ~MS_REMOUNT, mnt_flags,
- data_page);
-@@ -1435,6 +1446,9 @@ long do_mount(char *dev_name, char *dir_
+ data_page, tag);
+@@ -1518,6 +1529,9 @@ long do_mount(char *dev_name, char *dir_
dev_name, data_page);
dput_out:
path_release(nd);
@@ -13478,7 +13496,7 @@
return retval;
}
-@@ -1688,6 +1702,9
SOURCES (LINUX_2_6_20): grsecurity-2.1.10-2.6.20.3.patch - merged ...
Author: zbyniu Date: Fri Apr 6 15:32:36 2007 GMT
Module: SOURCES Tag: LINUX_2_6_20
Log message:
- merged changes from grsecurity-2.1.10-2.6.20.4-200704021831.patch
Files affected:
SOURCES:
grsecurity-2.1.10-2.6.20.3.patch (1.1.2.3 - 1.1.2.4)
Diffs:
Index: SOURCES/grsecurity-2.1.10-2.6.20.3.patch
diff -u SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.3
SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.4
--- SOURCES/grsecurity-2.1.10-2.6.20.3.patch:1.1.2.3Sun Mar 25 21:50:35 2007
+++ SOURCES/grsecurity-2.1.10-2.6.20.3.patchFri Apr 6 17:32:31 2007
@@ -2550,7 +2550,7 @@
/*
@@ -298,7 +298,7 @@ void show_regs(struct pt_regs * regs)
- printk(EIP: %04x:[%08lx] CPU: %d\n,0x regs-xcs,regs-eip,
smp_processor_id());
+ 0x regs-xcs,regs-eip, smp_processor_id());
print_symbol(EIP is at %s\n, regs-eip);
- if (user_mode_vm(regs))
@@ -3102,7 +3102,7 @@
/*
* Make sure the vDSO gets into every core dump.
* Dumping its contents makes post-mortem fully interpretable later
-@@ -150,17 +176,42 @@ int arch_setup_additional_pages(struct l
+@@ -151,17 +177,42 @@ int arch_setup_additional_pages(struct l
*/
vma-vm_flags |= VM_ALWAYSDUMP;
vma-vm_flags |= mm-def_flags;
@@ -3146,7 +3146,7 @@
+ current-mm-context.vdso = addr;
current_thread_info()-sysenter_return =
(void *)VDSO_SYM(SYSENTER_RETURN);
- mm-total_vm++;
+ vx_vmpages_inc(mm);
@@ -171,8 +222,17 @@ up_fail:
const char *arch_vma_name(struct vm_area_struct *vma)
@@ -5634,7 +5634,7 @@
diff -urNp linux-2.6.20.3/arch/i386/mm/fault.c
linux-2.6.20.3/arch/i386/mm/fault.c
--- linux-2.6.20.3/arch/i386/mm/fault.c2007-03-13 14:27:08.0
-0400
+++ linux-2.6.20.3/arch/i386/mm/fault.c2007-03-23 08:32:22.0
-0400
-@@ -23,6 +23,9 @@
+@@ -23,11 +23,15 @@
#include linux/module.h
#include linux/kprobes.h
#include linux/uaccess.h
@@ -5644,7 +5644,13 @@
#include asm/system.h
#include asm/desc.h
-@@ -104,7 +107,8 @@ static inline unsigned long get_segment_
+ #include asm/kdebug.h
+ #include asm/segment.h
++#include asm/tlbflush.h
+
+ extern void die(const char *,struct pt_regs *,long);
+
+@@ -104,7 +108,8 @@ static inline unsigned long get_segment_
{
unsigned long eip = regs-eip;
unsigned seg = regs-xcs 0x;
@@ -5654,7 +5660,7 @@
/* Unlikely, but must come before segment checks. */
if (unlikely(regs-eflags VM_MASK)) {
-@@ -118,7 +122,7 @@ static inline unsigned long get_segment_
+@@ -118,7 +123,7 @@ static inline unsigned long get_segment_
/* By far the most common cases. */
if (likely(SEGMENT_IS_FLAT_CODE(seg)))
@@ -6336,7 +6342,7 @@
-#endif
}
- #if defined(CONFIG_SOFTWARE_SUSPEND) || defined(CONFIG_ACPI_SLEEP)
+ #if defined(CONFIG_SUSPEND_SHARED) || defined(CONFIG_ACPI_SLEEP)
@@ -388,12 +358,12 @@ static void __init pagetable_init (void)
* Swap suspend friends need this for resume because things like the
intel-agp
* driver might have split up a kernel 4MB mapping.
@@ -8541,8 +8547,8 @@
#include asm/pgtable.h
#include asm/system.h
-@@ -303,6 +304,11 @@ asmlinkage void do_ptrace(struct pt_regs
- goto out;
+@@ -308,6 +309,11 @@ asmlinkage void do_ptrace(struct pt_regs
+ goto out_tsk;
}
+ if (gr_handle_ptrace(child, request)) {
@@ -8948,8 +8954,8 @@
#include asm/asi.h
#include asm/pgtable.h
-@@ -216,6 +217,11 @@ asmlinkage void do_ptrace(struct pt_regs
- goto out;
+@@ -221,6 +222,11 @@ asmlinkage void do_ptrace(struct pt_regs
+ goto out_tsk;
}
+ if (gr_handle_ptrace(child, (long)request)) {
@@ -9772,8 +9778,8 @@
default:/* 3: write, present */
/* fall through */
@@ -519,7 +549,14 @@ bad_area_nosemaphore:
- tsk-comm, tsk-pid, address, regs-rip,
- regs-rsp, error_code);
+ tsk-comm, tsk-pid, tsk-xid, address,
+ regs-rip, regs-rsp, error_code);
}
-
+
@@ -13067,14 +13073,14 @@
if (orig_start = current-signal-rlim[RLIMIT_NOFILE].rlim_cur)
goto out;
-@@ -82,6 +84,7 @@ repeat:
+@@ -83,6 +85,7 @@ repeat:
fdt-max_fds, start);
error = -EMFILE;
+ gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0);
if (newfd = current-signal-rlim[RLIMIT_NOFILE].rlim_cur)
goto out;
-
+ if (!vx_files_avail(1))
@@ -140,6 +143,8 @@ asmlinkage long sys_dup2(unsigned int ol
struct files_struct * files = current-files;
struct fdtable *fdt;
