Author: mguevara Date: Mon Aug 13 10:32:03 2007 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- up to grsecurity-2.1.11-2.6.22.2-200708101800.patch + one change from
pax-linux-2.6.22.2-test17.patch
---- Files affected:
SOURCES:
linux-2.6-grsec_full.patch (1.1.2.13 -> 1.1.2.14)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.13
SOURCES/linux-2.6-grsec_full.patch:1.1.2.14
--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.13 Sun Aug 12 01:31:22 2007
+++ SOURCES/linux-2.6-grsec_full.patch Mon Aug 13 12:31:57 2007
@@ -3356,7 +3356,7 @@
diff -urNp linux-2.6.22.1/arch/i386/kernel/time.c
linux-2.6.22.1/arch/i386/kernel/time.c
--- linux-2.6.22.1/arch/i386/kernel/time.c 2007-07-10 14:56:30.000000000
-0400
+++ linux-2.6.22.1/arch/i386/kernel/time.c 2007-08-02 11:38:45.000000000
-0400
-@@ -132,18 +132,24 @@ unsigned long profile_pc(struct pt_regs
+@@ -132,20 +132,30 @@ unsigned long profile_pc(struct pt_regs
if (!v8086_mode(regs) && SEGMENT_IS_KERNEL_CODE(regs->xcs) &&
in_lock_functions(pc)) {
#ifdef CONFIG_FRAME_POINTER
@@ -3381,7 +3381,13 @@
+#endif
}
#endif
++
++ if (!v8086_mode(regs) && SEGMENT_IS_KERNEL_CODE(regs->xcs))
++ pc += __KERNEL_TEXT_OFFSET;
++
return pc;
+ }
+ EXPORT_SYMBOL(profile_pc);
diff -urNp linux-2.6.22.1/arch/i386/kernel/traps.c
linux-2.6.22.1/arch/i386/kernel/traps.c
--- linux-2.6.22.1/arch/i386/kernel/traps.c 2007-07-10 14:56:30.000000000
-0400
+++ linux-2.6.22.1/arch/i386/kernel/traps.c 2007-08-02 11:38:45.000000000
-0400
@@ -6161,6 +6167,15 @@
else
printk(KERN_ALERT "BUG: unable to handle kernel paging"
" request");
+@@ -560,7 +750,7 @@ no_context:
+ * it's allocated already.
+ */
+ if ((page >> PAGE_SHIFT) < max_low_pfn
+- && (page & _PAGE_PRESENT)) {
++ && (page & (_PAGE_PRESENT | _PAGE_PSE)) == _PAGE_PRESENT) {
+ page &= PAGE_MASK;
+ page = ((__typeof__(page) *) __va(page))[(address >>
PAGE_SHIFT)
+ &
(PTRS_PER_PTE - 1)];
@@ -645,3 +835,110 @@ void vmalloc_sync_all(void)
start = address + PGDIR_SIZE;
}
@@ -12288,7 +12303,7 @@
diff -urNp linux-2.6.22.1/fs/binfmt_elf.c linux-2.6.22.1/fs/binfmt_elf.c
--- linux-2.6.22.1/fs/binfmt_elf.c 2007-07-10 14:56:30.000000000 -0400
+++ linux-2.6.22.1/fs/binfmt_elf.c 2007-08-02 11:38:47.000000000 -0400
-@@ -39,10 +39,16 @@
+@@ -39,10 +39,25 @@
#include <linux/elf.h>
#include <linux/utsname.h>
#include <linux/vs_memory.h>
@@ -12302,6 +12317,15 @@
+#include <asm/desc.h>
+#endif
+
++#ifdef CONFIG_PAX_SOFTMODE
++unsigned int pax_softmode;
++#endif
++
++#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
++void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
++EXPORT_SYMBOL(pax_set_initial_flags_func);
++#endif
++
static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
static int load_elf_library(struct file *);
static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr
*, int, int);
@@ -13147,18 +13171,6 @@
out:
/* Something went wrong, return the inode and free the argument pages*/
for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
-diff -urNp linux-2.6.22.1/fs/dcache.c linux-2.6.22.1/fs/dcache.c
---- linux-2.6.22.1/fs/dcache.c 2007-07-10 14:56:30.000000000 -0400
-+++ linux-2.6.22.1/fs/dcache.c 2007-08-02 11:09:15.000000000 -0400
-@@ -1776,7 +1776,7 @@ shouldnt_be_hashed:
- *
- * "buflen" should be positive. Caller holds the dcache_lock.
- */
--static char * __d_path( struct dentry *dentry, struct vfsmount *vfsmnt,
-+char * __d_path( struct dentry *dentry, struct vfsmount *vfsmnt,
- struct dentry *root, struct vfsmount *rootmnt,
- char *buffer, int buflen)
- {
diff -urNp linux-2.6.22.1/fs/debugfs/inode.c linux-2.6.22.1/fs/debugfs/inode.c
--- linux-2.6.22.1/fs/debugfs/inode.c 2007-07-10 14:56:30.000000000 -0400
+++ linux-2.6.22.1/fs/debugfs/inode.c 2007-08-02 11:38:47.000000000 -0400
@@ -13183,18 +13195,6 @@
#include <asm/uaccess.h>
#include <asm/mmu_context.h>
-@@ -70,6 +72,11 @@ EXPORT_SYMBOL(suid_dumpable);
- static struct linux_binfmt *formats;
- static DEFINE_RWLOCK(binfmt_lock);
-
-+#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
-+void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
-+EXPORT_SYMBOL(pax_set_initial_flags_func);
-+#endif
-+
- int register_binfmt(struct linux_binfmt * fmt)
- {
- struct linux_binfmt ** tmp = &formats;
@@ -309,7 +320,7 @@ EXPORT_SYMBOL(copy_strings_kernel);
*
* vma->vm_mm->mmap_sem is held for writing.
@@ -13223,9 +13223,9 @@
/* no need for flush_tlb */
- return;
+ return 0;
-+out:
-+ __free_page(page);
-+ force_sig(SIGKILL, current);
+ out:
+ __free_page(page);
+ force_sig(SIGKILL, current);
+ return -ENOMEM;
+}
+
@@ -13252,11 +13252,11 @@
+ /* no need for flush_tlb */
+ unlock_page(page);
+ return 0;
- out:
++out:
+ unlock_page(page);
+ page_cache_release(page);
- __free_page(page);
- force_sig(SIGKILL, current);
++ __free_page(page);
++ force_sig(SIGKILL, current);
+ return -ENOMEM;
}
@@ -15554,7 +15554,7 @@
diff -urNp linux-2.6.22.1/grsecurity/gracl.c linux-2.6.22.1/grsecurity/gracl.c
--- linux-2.6.22.1/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.22.1/grsecurity/gracl.c 2007-08-03 10:51:44.000000000 -0400
-@@ -0,0 +1,3679 @@
+@@ -0,0 +1,3675 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -15617,10 +15617,6 @@
+ const int res, const unsigned long wanted, const
int gt);
+#endif
+
-+extern char * __d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
-+ struct dentry *root, struct vfsmount *rootmnt,
-+ char *buffer, int buflen);
-+
+unsigned char *gr_system_salt;
+unsigned char *gr_system_sum;
+
@@ -30660,8 +30656,8 @@
+ if (!pte_present(entry)) {
+ if (!pte_none(entry)) {
+ BUG_ON(pte_file(entry));
-+ ptep_get_and_clear(mm, address, pte);
+ free_swap_and_cache(pte_to_swp_entry(entry));
++ pte_clear_not_present_full(mm, address, pte, 0);
+ }
+ } else {
+ struct page *page;
@@ -30838,19 +30834,20 @@
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -1719,6 +1923,11 @@ gotten:
- cow_user_page(new_page, old_page, address, vma);
- }
-
+@@ -1724,6 +1928,12 @@ gotten:
+ */
+ page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
+ if (likely(pte_same(*page_table, orig_pte))) {
++
+#ifdef CONFIG_PAX_SEGMEXEC
+ if (pax_find_mirror_vma(vma))
+ BUG_ON(TestSetPageLocked(new_page));
+#endif
+
- /*
- * Re-check the pte - we dropped the lock
- */
-@@ -1748,6 +1957,10 @@ gotten:
+ if (old_page) {
+ page_remove_rmap(old_page, vma);
+ if (!PageAnon(old_page)) {
+@@ -1748,6 +1958,10 @@ gotten:
lru_cache_add_active(new_page);
page_add_new_anon_rmap(new_page, vma, address);
@@ -30921,19 +30918,28 @@
unlock:
pte_unmap_unlock(page_table, ptl);
return VM_FAULT_MINOR;
-@@ -2342,6 +2580,11 @@ retry:
+@@ -2341,7 +2580,6 @@ retry:
+ page_cache_release(new_page);
new_page = page;
anon = 1;
-
-+#ifdef CONFIG_PAX_SEGMEXEC
-+ if (pax_find_mirror_vma(vma))
-+ BUG_ON(TestSetPageLocked(new_page));
-+#endif
-+
+-
} else {
/* if the page will be shareable, see if the backing
* address space wants to know that the page is about
-@@ -2408,6 +2651,14 @@ retry:
+@@ -2382,6 +2620,12 @@ retry:
+ */
+ /* Only go through if we didn't race with anybody else... */
+ if (pte_none(*page_table)) {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++ if (anon && pax_find_mirror_vma(vma))
++ BUG_ON(TestSetPageLocked(new_page));
++#endif
++
+ flush_icache_page(vma, new_page);
+ entry = mk_pte(new_page, vma->vm_page_prot);
+ if (write_access)
+@@ -2408,6 +2652,14 @@ retry:
/* no need to invalidate: a not-present page shouldn't be cached */
update_mmu_cache(vma, address, entry);
lazy_mmu_prot_update(entry);
@@ -31396,13 +31402,12 @@
mm->stack_vm += pages;
if (flags & (VM_RESERVED|VM_IO))
mm->reserved_vm += pages;
-@@ -903,28 +977,33 @@ unsigned long do_mmap_pgoff(struct file
+@@ -903,28 +977,32 @@ unsigned long do_mmap_pgoff(struct file
int accountable = 1;
unsigned long charged = 0, reqprot = prot;
+#ifdef CONFIG_PAX_SEGMEXEC
-+ struct vm_area_struct *vma_m = NULL, *prev_m;
-+ struct rb_node **rb_link_m, *rb_parent_m;
++ struct vm_area_struct *vma_m = NULL;
+#endif
+
/*
@@ -31710,7 +31715,7 @@
}
unsigned long
-@@ -1459,6 +1622,26 @@ out:
+@@ -1459,6 +1622,32 @@ out:
return prev ? prev->vm_next : vma;
}
@@ -31729,7 +31734,13 @@
+ BUG_ON(!vma_m || vma_m->vm_mirror != vma);
+ BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start);
+ BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma !=
vma_m->anon_vma);
++
++#ifdef CONFIG_PAX_MPROTECT
++ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE |
VM_ACCOUNT | VM_MAYNOTWRITE));
++#else
+ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE |
VM_ACCOUNT));
++#endif
++
+ return vma_m;
+}
+#endif
@@ -33731,8 +33742,8 @@
+ by your particular system.
+
+ - "none": if your MAC system does not interact with PaX,
-+ - "direct": if your MAC system defines pax_set_flags() itself,
-+ - "hook": if your MAC system uses the pax_set_flags_func callback.
++ - "direct": if your MAC system defines pax_set_initial_flags() itself,
++ - "hook": if your MAC system uses the pax_set_initial_flags_func
callback.
+
+ NOTE: this option is for developers/integrators only.
+
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.13&r2=1.1.2.14&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
