Author: arekm Date: Sat Nov 19 08:37:27 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 0.2; grsec up to
http://grsecurity.net/~spender/grsecurity-2.2.2-3.1.1-201111181902.patch
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.88 -> 1.89) , kernel.spec (1.1001 -> 1.1002)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.88
packages/kernel/kernel-grsec_full.patch:1.89
--- packages/kernel/kernel-grsec_full.patch:1.88 Thu Nov 17 21:03:19 2011
+++ packages/kernel/kernel-grsec_full.patch Sat Nov 19 09:37:21 2011
@@ -5689,7 +5689,7 @@
has_dumped = 1;
diff -urNp linux-3.1.1/arch/x86/ia32/ia32entry.S
linux-3.1.1/arch/x86/ia32/ia32entry.S
--- linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-11 15:19:27.000000000
-0500
-+++ linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-16 18:40:08.000000000
-0500
++++ linux-3.1.1/arch/x86/ia32/ia32entry.S 2011-11-17 18:27:57.000000000
-0500
@@ -13,7 +13,9 @@
#include <asm/thread_info.h>
#include <asm/segment.h>
@@ -5721,11 +5721,11 @@
+#endif
+ .endm
+
-+ .macro pax_erase_kstack
++.macro pax_erase_kstack
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
+ call pax_erase_kstack
+#endif
-+ .endm
++.endm
+
/*
* 32bit SYSENTER instruction entry.
@@ -12370,7 +12370,7 @@
/*
diff -urNp linux-3.1.1/arch/x86/kernel/entry_64.S
linux-3.1.1/arch/x86/kernel/entry_64.S
--- linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-11 15:19:27.000000000
-0500
-+++ linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-16 18:40:08.000000000
-0500
++++ linux-3.1.1/arch/x86/kernel/entry_64.S 2011-11-17 18:28:56.000000000
-0500
@@ -55,6 +55,8 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
@@ -12653,11 +12653,11 @@
+ENDPROC(pax_exit_kernel_user)
+#endif
+
-+ .macro pax_erase_kstack
++.macro pax_erase_kstack
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
+ call pax_erase_kstack
+#endif
-+ .endm
++.endm
+
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
+/*
@@ -14811,7 +14811,7 @@
goto overflow;
diff -urNp linux-3.1.1/arch/x86/kernel/paravirt.c
linux-3.1.1/arch/x86/kernel/paravirt.c
--- linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-11 15:19:27.000000000
-0500
-+++ linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-16 18:40:08.000000000
-0500
++++ linux-3.1.1/arch/x86/kernel/paravirt.c 2011-11-17 18:29:42.000000000
-0500
@@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x)
{
return x;
@@ -14822,15 +14822,6 @@
void __init default_banner(void)
{
-@@ -122,7 +125,7 @@ unsigned paravirt_patch_jmp(void *insnbu
- * corresponding structure. */
- static void *get_call_destination(u8 type)
- {
-- struct paravirt_patch_template tmpl = {
-+ const struct paravirt_patch_template tmpl = {
- .pv_init_ops = pv_init_ops,
- .pv_time_ops = pv_time_ops,
- .pv_cpu_ops = pv_cpu_ops,
@@ -133,6 +136,9 @@ static void *get_call_destination(u8 typ
.pv_lock_ops = pv_lock_ops,
#endif
@@ -19809,15 +19800,15 @@
unsigned zero_len;
diff -urNp linux-3.1.1/arch/x86/Makefile linux-3.1.1/arch/x86/Makefile
--- linux-3.1.1/arch/x86/Makefile 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/arch/x86/Makefile 2011-11-16 18:40:08.000000000 -0500
-@@ -44,6 +44,7 @@ ifeq ($(CONFIG_X86_32),y)
- else
- BITS := 64
++++ linux-3.1.1/arch/x86/Makefile 2011-11-17 18:30:30.000000000 -0500
+@@ -46,6 +46,7 @@ else
UTS_MACHINE := x86_64
-+ biarch := $(call cc-option,-m64)
CHECKFLAGS += -D__x86_64__ -m64
++ biarch := $(call cc-option,-m64)
KBUILD_AFLAGS += -m64
+ KBUILD_CFLAGS += -m64
+
@@ -195,3 +196,12 @@ define archhelp
echo ' FDARGS="..." arguments for the booted kernel'
echo ' FDINITRD=file initrd for the booted kernel'
@@ -21168,7 +21159,7 @@
return "[vsyscall]";
diff -urNp linux-3.1.1/arch/x86/mm/init.c linux-3.1.1/arch/x86/mm/init.c
--- linux-3.1.1/arch/x86/mm/init.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/arch/x86/mm/init.c 2011-11-16 18:40:08.000000000 -0500
++++ linux-3.1.1/arch/x86/mm/init.c 2011-11-17 18:31:28.000000000 -0500
@@ -31,7 +31,7 @@ int direct_gbpages
static void __init find_early_table_space(unsigned long end, int use_pse,
int use_gbpages)
@@ -21178,7 +21169,7 @@
phys_addr_t base;
puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
-@@ -312,12 +312,34 @@ unsigned long __init_refok init_memory_m
+@@ -312,8 +312,29 @@ unsigned long __init_refok init_memory_m
*/
int devmem_is_allowed(unsigned long pagenr)
{
@@ -21209,12 +21200,7 @@
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
- return 1;
-+
- return 0;
- }
-
-@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigne
+@@ -372,6 +393,86 @@ void free_init_pages(char *what, unsigne
void free_initmem(void)
{
@@ -21987,9 +21973,13 @@
diff -urNp linux-3.1.1/arch/x86/net/bpf_jit_comp.c
linux-3.1.1/arch/x86/net/bpf_jit_comp.c
--- linux-3.1.1/arch/x86/net/bpf_jit_comp.c 2011-11-11 15:19:27.000000000
-0500
-+++ linux-3.1.1/arch/x86/net/bpf_jit_comp.c 2011-11-16 18:39:07.000000000
-0500
-@@ -589,7 +589,9 @@ cond_branch: f_offset = addrs[i +
filt
- module_free(NULL, image);
++++ linux-3.1.1/arch/x86/net/bpf_jit_comp.c 2011-11-18 17:57:33.000000000
-0500
+@@ -586,10 +586,12 @@ cond_branch: f_offset = addrs[i +
filt
+ if (unlikely(proglen + ilen > oldproglen)) {
+ pr_err("bpb_jit_compile fatal error\n");
+ kfree(addrs);
+- module_free(NULL, image);
++ module_free_exec(NULL, image);
return;
}
+ pax_open_kernel();
@@ -22007,6 +21997,20 @@
proglen,
sizeof(struct work_struct)));
if (!image)
+@@ -637,11 +639,11 @@ out:
+
+ static void jit_free_defer(struct work_struct *arg)
+ {
+- module_free(NULL, arg);
++ module_free_exec(NULL, arg);
+ }
+
+ /* run from softirq, we must use a work_struct to call
+- * module_free() from process context
++ * module_free_exec() from process context
+ */
+ void bpf_jit_free(struct sk_filter *fp)
+ {
diff -urNp linux-3.1.1/arch/x86/net/bpf_jit.S
linux-3.1.1/arch/x86/net/bpf_jit.S
--- linux-3.1.1/arch/x86/net/bpf_jit.S 2011-11-11 15:19:27.000000000 -0500
+++ linux-3.1.1/arch/x86/net/bpf_jit.S 2011-11-16 18:39:07.000000000 -0500
@@ -25478,7 +25482,7 @@
.mfg_num = MBCS_MFG_NUM,
diff -urNp linux-3.1.1/drivers/char/mem.c linux-3.1.1/drivers/char/mem.c
--- linux-3.1.1/drivers/char/mem.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/drivers/char/mem.c 2011-11-16 18:40:10.000000000 -0500
++++ linux-3.1.1/drivers/char/mem.c 2011-11-17 18:31:56.000000000 -0500
@@ -18,6 +18,7 @@
#include <linux/raw.h>
#include <linux/tty.h>
@@ -25492,7 +25496,7 @@
#endif
+#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
-+extern struct file_operations grsec_fops;
++extern const struct file_operations grsec_fops;
+#endif
+
static inline unsigned long size_inside_page(unsigned long start,
@@ -29898,14 +29902,8 @@
/* Incoming packet has a 2 byte header. hdr[0] = slot_id, hdr[1] =
connection_id */
diff -urNp linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h
linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h
--- linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-11
15:19:27.000000000 -0500
-+++ linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-16
18:40:10.000000000 -0500
-@@ -68,12 +68,12 @@ struct dvb_demux_feed {
- union {
- struct dmx_ts_feed ts;
- struct dmx_section_feed sec;
-- } feed;
-+ } __no_const feed;
-
++++ linux-3.1.1/drivers/media/dvb/dvb-core/dvb_demux.h 2011-11-17
18:34:32.000000000 -0500
+@@ -73,7 +73,7 @@ struct dvb_demux_feed {
union {
dmx_ts_cb ts;
dmx_section_cb sec;
@@ -29950,18 +29948,6 @@
while ((ret = dvb_usb_get_hexline(fw, &hx, &pos)) > 0) {
deb_fwdata("writing to address 0x%08x (buffer: 0x%02x %02x)\n",
hx.addr, hx.len, hx.chk);
-diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h
linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h
---- linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h 2011-11-11
15:19:27.000000000 -0500
-+++ linux-3.1.1/drivers/media/dvb/dvb-usb/dibusb.h 2011-11-16
18:40:10.000000000 -0500
-@@ -97,7 +97,7 @@
- #define DIBUSB_IOCTL_CMD_DISABLE_STREAM 0x02
-
- struct dibusb_state {
-- struct dib_fe_xfer_ops ops;
-+ dib_fe_xfer_ops_no_const ops;
- int mt2060_present;
- u8 tuner_addr;
- };
diff -urNp linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c
linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c
--- linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c 2011-11-11
15:19:27.000000000 -0500
+++ linux-3.1.1/drivers/media/dvb/dvb-usb/dw2102.c 2011-11-16
18:39:07.000000000 -0500
@@ -29996,32 +29982,16 @@
info("FRM Firmware Cold Reset");
diff -urNp linux-3.1.1/drivers/media/dvb/frontends/dib3000.h
linux-3.1.1/drivers/media/dvb/frontends/dib3000.h
--- linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-11
15:19:27.000000000 -0500
-+++ linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-16
18:40:10.000000000 -0500
-@@ -40,10 +40,11 @@ struct dib_fe_xfer_ops
++++ linux-3.1.1/drivers/media/dvb/frontends/dib3000.h 2011-11-17
18:38:05.000000000 -0500
+@@ -39,7 +39,7 @@ struct dib_fe_xfer_ops
+ int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
- };
-+typedef struct dib_fe_xfer_ops __no_const dib_fe_xfer_ops_no_const;
+-};
++} __no_const;
#if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) &&
defined(MODULE))
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config*
config,
-- struct i2c_adapter* i2c, struct
dib_fe_xfer_ops *xfer_ops);
-+ struct i2c_adapter* i2c,
dib_fe_xfer_ops_no_const *xfer_ops);
- #else
- static inline struct dvb_frontend* dib3000mb_attach(const struct
dib3000_config* config,
- struct i2c_adapter* i2c, struct
dib_fe_xfer_ops *xfer_ops)
-diff -urNp linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c
linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c
---- linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c 2011-11-11
15:19:27.000000000 -0500
-+++ linux-3.1.1/drivers/media/dvb/frontends/dib3000mb.c 2011-11-16
18:40:10.000000000 -0500
-@@ -756,7 +756,7 @@ static int dib3000mb_tuner_pass_ctrl(str
- static struct dvb_frontend_ops dib3000mb_ops;
-
- struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
-- struct i2c_adapter* i2c, struct
dib_fe_xfer_ops *xfer_ops)
-+ struct i2c_adapter* i2c,
dib_fe_xfer_ops_no_const *xfer_ops)
- {
- struct dib3000_state* state = NULL;
-
diff -urNp linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c
linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c
--- linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c 2011-11-11
15:19:27.000000000 -0500
+++ linux-3.1.1/drivers/media/dvb/frontends/mb86a16.c 2011-11-16
18:40:10.000000000 -0500
@@ -30177,7 +30147,7 @@
struct tmComResInfo tRsp = { 0, 0, 0, 0, 0, 0 };
diff -urNp linux-3.1.1/drivers/media/video/timblogiw.c
linux-3.1.1/drivers/media/video/timblogiw.c
--- linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-11
15:19:27.000000000 -0500
-+++ linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-16
18:40:10.000000000 -0500
++++ linux-3.1.1/drivers/media/video/timblogiw.c 2011-11-17
18:36:32.000000000 -0500
@@ -744,7 +744,7 @@ static int timblogiw_mmap(struct file *f
/* Platform device functions */
@@ -30187,6 +30157,15 @@
.vidioc_querycap = timblogiw_querycap,
.vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt,
.vidioc_g_fmt_vid_cap = timblogiw_g_fmt,
+@@ -766,7 +766,7 @@ static __devinitconst struct v4l2_ioctl_
+ .vidioc_enum_framesizes = timblogiw_enum_framesizes,
+ };
+
+-static __devinitconst struct v4l2_file_operations timblogiw_fops = {
++static __devinitconst v4l2_file_operations_no_const timblogiw_fops = {
+ .owner = THIS_MODULE,
+ .open = timblogiw_open,
+ .release = timblogiw_close,
diff -urNp linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c
linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c
--- linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c 2011-11-11
15:19:27.000000000 -0500
+++ linux-3.1.1/drivers/media/video/usbvision/usbvision-core.c 2011-11-16
18:40:10.000000000 -0500
@@ -34962,6 +34941,27 @@
struct iio_ring_setup_ops {
int (*preenable)(struct iio_dev *);
+diff -urNp linux-3.1.1/drivers/staging/mei/interface.c
linux-3.1.1/drivers/staging/mei/interface.c
+--- linux-3.1.1/drivers/staging/mei/interface.c 2011-11-11
15:19:27.000000000 -0500
++++ linux-3.1.1/drivers/staging/mei/interface.c 2011-11-17
18:39:18.000000000 -0500
+@@ -332,7 +332,7 @@ int mei_send_flow_control(struct mei_dev
+ mei_hdr->reserved = 0;
+
+ mei_flow_control = (struct hbm_flow_control *) &dev->wr_msg_buf[1];
+- memset(mei_flow_control, 0, sizeof(mei_flow_control));
++ memset(mei_flow_control, 0, sizeof(*mei_flow_control));
+ mei_flow_control->host_addr = cl->host_client_id;
+ mei_flow_control->me_addr = cl->me_client_id;
+ mei_flow_control->cmd.cmd = MEI_FLOW_CONTROL_CMD;
+@@ -396,7 +396,7 @@ int mei_disconnect(struct mei_device *de
+
+ mei_cli_disconnect =
+ (struct hbm_client_disconnect_request *) &dev->wr_msg_buf[1];
+- memset(mei_cli_disconnect, 0, sizeof(mei_cli_disconnect));
++ memset(mei_cli_disconnect, 0, sizeof(*mei_cli_disconnect));
+ mei_cli_disconnect->host_addr = cl->host_client_id;
+ mei_cli_disconnect->me_addr = cl->me_client_id;
+ mei_cli_disconnect->cmd.cmd = CLIENT_DISCONNECT_REQ_CMD;
diff -urNp linux-3.1.1/drivers/staging/octeon/ethernet.c
linux-3.1.1/drivers/staging/octeon/ethernet.c
--- linux-3.1.1/drivers/staging/octeon/ethernet.c 2011-11-11
15:19:27.000000000 -0500
+++ linux-3.1.1/drivers/staging/octeon/ethernet.c 2011-11-16
18:39:07.000000000 -0500
@@ -40501,7 +40501,7 @@
WARN_ON(trans->transid != btrfs_header_generation(parent));
diff -urNp linux-3.1.1/fs/btrfs/inode.c linux-3.1.1/fs/btrfs/inode.c
--- linux-3.1.1/fs/btrfs/inode.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/fs/btrfs/inode.c 2011-11-16 18:40:29.000000000 -0500
++++ linux-3.1.1/fs/btrfs/inode.c 2011-11-17 18:12:11.000000000 -0500
@@ -6922,7 +6922,7 @@ fail:
return -ENOMEM;
}
@@ -41341,7 +41341,7 @@
}
diff -urNp linux-3.1.1/fs/exec.c linux-3.1.1/fs/exec.c
--- linux-3.1.1/fs/exec.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/fs/exec.c 2011-11-16 23:41:58.000000000 -0500
++++ linux-3.1.1/fs/exec.c 2011-11-17 18:40:47.000000000 -0500
@@ -55,12 +55,24 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
@@ -41694,7 +41694,7 @@
cn->corename = kmalloc(cn->size, GFP_KERNEL);
cn->used = 0;
-@@ -1816,6 +1889,219 @@ out:
+@@ -1816,6 +1889,218 @@ out:
return ispipe;
}
@@ -41885,7 +41885,6 @@
+#endif
+}
+
-+
+NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool
to, const char *type)
+{
+ if (current->signal->curr_ip)
@@ -41914,7 +41913,7 @@
static int zap_process(struct task_struct *start, int exit_code)
{
struct task_struct *t;
-@@ -2027,17 +2313,17 @@ static void wait_for_dump_helpers(struct
+@@ -2027,17 +2312,17 @@ static void wait_for_dump_helpers(struct
pipe = file->f_path.dentry->d_inode->i_pipe;
pipe_lock(pipe);
@@ -41937,7 +41936,7 @@
pipe_unlock(pipe);
}
-@@ -2098,7 +2384,7 @@ void do_coredump(long signr, int exit_co
+@@ -2098,7 +2383,7 @@ void do_coredump(long signr, int exit_co
int retval = 0;
int flag = 0;
int ispipe;
@@ -41946,7 +41945,7 @@
struct coredump_params cprm = {
.signr = signr,
.regs = regs,
-@@ -2113,6 +2399,9 @@ void do_coredump(long signr, int exit_co
+@@ -2113,6 +2398,9 @@ void do_coredump(long signr, int exit_co
audit_core_dumps(signr);
@@ -41956,7 +41955,7 @@
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
goto fail;
-@@ -2180,7 +2469,7 @@ void do_coredump(long signr, int exit_co
+@@ -2180,7 +2468,7 @@ void do_coredump(long signr, int exit_co
}
cprm.limit = RLIM_INFINITY;
@@ -41965,7 +41964,7 @@
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -2207,6 +2496,8 @@ void do_coredump(long signr, int exit_co
+@@ -2207,6 +2495,8 @@ void do_coredump(long signr, int exit_co
} else {
struct inode *inode;
@@ -41974,7 +41973,7 @@
if (cprm.limit < binfmt->min_coredump)
goto fail_unlock;
-@@ -2250,7 +2541,7 @@ close_fail:
+@@ -2250,7 +2540,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
@@ -41983,7 +41982,7 @@
fail_unlock:
kfree(cn.corename);
fail_corename:
-@@ -2269,7 +2560,7 @@ fail:
+@@ -2269,7 +2559,7 @@ fail:
*/
int dump_write(struct file *file, const void *addr, int nr)
{
@@ -43843,6 +43842,61 @@
if (!IS_ERR(s))
kfree(s);
}
+diff -urNp linux-3.1.1/fs/hfs/btree.c linux-3.1.1/fs/hfs/btree.c
+--- linux-3.1.1/fs/hfs/btree.c 2011-11-11 15:19:27.000000000 -0500
++++ linux-3.1.1/fs/hfs/btree.c 2011-11-18 18:48:11.000000000 -0500
+@@ -46,11 +46,27 @@ struct hfs_btree *hfs_btree_open(struct
+ case HFS_EXT_CNID:
+ hfs_inode_read_fork(tree->inode, mdb->drXTExtRec,
mdb->drXTFlSize,
+ mdb->drXTFlSize,
be32_to_cpu(mdb->drXTClpSiz));
++
++ if (HFS_I(tree->inode)->alloc_blocks >
++ HFS_I(tree->inode)->first_blocks) {
++ printk(KERN_ERR "hfs: invalid btree extent records\n");
++ unlock_new_inode(tree->inode);
++ goto free_inode;
++ }
++
+ tree->inode->i_mapping->a_ops = &hfs_btree_aops;
+ break;
+ case HFS_CAT_CNID:
+ hfs_inode_read_fork(tree->inode, mdb->drCTExtRec,
mdb->drCTFlSize,
+ mdb->drCTFlSize,
be32_to_cpu(mdb->drCTClpSiz));
++
++ if (!HFS_I(tree->inode)->first_blocks) {
++ printk(KERN_ERR "hfs: invalid btree extent records "
++ "(0 size).\n");
++ unlock_new_inode(tree->inode);
++ goto free_inode;
++ }
++
+ tree->inode->i_mapping->a_ops = &hfs_btree_aops;
+ break;
+ default:
+@@ -59,11 +75,6 @@ struct hfs_btree *hfs_btree_open(struct
+ }
+ unlock_new_inode(tree->inode);
+
+- if (!HFS_I(tree->inode)->first_blocks) {
+- printk(KERN_ERR "hfs: invalid btree extent records (0
size).\n");
+- goto free_inode;
+- }
+-
+ mapping = tree->inode->i_mapping;
+ page = read_mapping_page(mapping, 0, NULL);
+ if (IS_ERR(page))
+diff -urNp linux-3.1.1/fs/hfs/trans.c linux-3.1.1/fs/hfs/trans.c
+--- linux-3.1.1/fs/hfs/trans.c 2011-11-11 15:19:27.000000000 -0500
++++ linux-3.1.1/fs/hfs/trans.c 2011-11-18 18:37:38.000000000 -0500
+@@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb,
+
+ src = in->name;
+ srclen = in->len;
++ if (srclen > HFS_NAMELEN)
++ srclen = HFS_NAMELEN;
+ dst = out;
+ dstlen = HFS_MAX_NAMELEN;
+ if (nls_io) {
diff -urNp linux-3.1.1/fs/hfsplus/catalog.c linux-3.1.1/fs/hfsplus/catalog.c
--- linux-3.1.1/fs/hfsplus/catalog.c 2011-11-11 15:19:27.000000000 -0500
+++ linux-3.1.1/fs/hfsplus/catalog.c 2011-11-16 19:23:09.000000000 -0500
@@ -45059,7 +45113,7 @@
}
diff -urNp linux-3.1.1/fs/open.c linux-3.1.1/fs/open.c
--- linux-3.1.1/fs/open.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/fs/open.c 2011-11-16 23:40:57.000000000 -0500
++++ linux-3.1.1/fs/open.c 2011-11-17 19:07:55.000000000 -0500
@@ -112,6 +112,10 @@ static long do_sys_truncate(const char _
error = locks_verify_truncate(inode, NULL, length);
if (!error)
@@ -45145,28 +45199,10 @@
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-@@ -976,7 +1011,8 @@ long do_sys_open(int dfd, const char __u
- if (!IS_ERR(tmp)) {
- fd = get_unused_fd_flags(flags);
- if (fd >= 0) {
-- struct file *f = do_filp_open(dfd, tmp, &op, lookup);
-+ struct file *f;
-+ f = do_filp_open(dfd, tmp, &op, lookup);
- if (IS_ERR(f)) {
- put_unused_fd(fd);
- fd = PTR_ERR(f);
diff -urNp linux-3.1.1/fs/partitions/ldm.c linux-3.1.1/fs/partitions/ldm.c
--- linux-3.1.1/fs/partitions/ldm.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/fs/partitions/ldm.c 2011-11-16 18:40:29.000000000 -0500
-@@ -1311,6 +1311,7 @@ static bool ldm_frag_add (const u8 *data
- ldm_error ("A VBLK claims to have %d parts.", num);
- return false;
- }
-+
- if (rec >= num) {
- ldm_error("REC value (%d) exceeds NUM value (%d)", rec, num);
- return false;
-@@ -1322,7 +1323,7 @@ static bool ldm_frag_add (const u8 *data
++++ linux-3.1.1/fs/partitions/ldm.c 2011-11-17 19:08:15.000000000 -0500
+@@ -1322,7 +1322,7 @@ static bool ldm_frag_add (const u8 *data
goto found;
}
@@ -45303,7 +45339,7 @@
/*
diff -urNp linux-3.1.1/fs/proc/array.c linux-3.1.1/fs/proc/array.c
--- linux-3.1.1/fs/proc/array.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/fs/proc/array.c 2011-11-16 18:40:29.000000000 -0500
++++ linux-3.1.1/fs/proc/array.c 2011-11-17 18:42:02.000000000 -0500
@@ -60,6 +60,7 @@
#include <linux/tty.h>
#include <linux/string.h>
@@ -45359,12 +45395,8 @@
static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task, int whole)
{
-@@ -375,9 +406,11 @@ static int do_task_stat(struct seq_file
- cputime_t cutime, cstime, utime, stime;
- cputime_t cgtime, gtime;
- unsigned long rsslim = 0;
-- char tcomm[sizeof(task->comm)];
-+ char tcomm[sizeof(task->comm)] = { 0 };
+@@ -378,6 +409,8 @@ static int do_task_stat(struct seq_file
+ char tcomm[sizeof(task->comm)];
unsigned long flags;
+ pax_track_stack();
@@ -45429,7 +45461,7 @@
+#endif
diff -urNp linux-3.1.1/fs/proc/base.c linux-3.1.1/fs/proc/base.c
--- linux-3.1.1/fs/proc/base.c 2011-11-11 15:19:27.000000000 -0500
-+++ linux-3.1.1/fs/proc/base.c 2011-11-16 19:25:48.000000000 -0500
++++ linux-3.1.1/fs/proc/base.c 2011-11-17 18:43:19.000000000 -0500
@@ -107,6 +107,22 @@ struct pid_entry {
union proc_op op;
};
@@ -45645,12 +45677,12 @@
+#else
stat->gid = cred->egid;
+#endif
-+ }
+ }
+#if defined(CONFIG_GRKERNSEC_PROC_USER) ||
defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ } else {
+ rcu_read_unlock();
+ return -ENOENT;
- }
++ }
+#endif
}
rcu_read_unlock();
@@ -45739,15 +45771,7 @@
if (!IS_ERR(s))
__putname(s);
}
-@@ -2663,6 +2778,7 @@ static struct dentry *proc_base_instanti
- if (p->fop)
- inode->i_fop = p->fop;
- ei->op = p->op;
-+
- d_add(dentry, inode);
- error = NULL;
- out:
-@@ -2802,7 +2918,7 @@ static const struct pid_entry tgid_base_
+@@ -2802,7 +2917,7 @@ static const struct pid_entry tgid_base_
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -45756,7 +45780,7 @@
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2827,10 +2943,10 @@ static const struct pid_entry tgid_base_
+@@ -2827,10 +2942,10 @@ static const struct pid_entry tgid_base_
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations,
proc_attr_dir_operations),
#endif
@@ -45769,7 +45793,7 @@
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2864,6 +2980,9 @@ static const struct pid_entry tgid_base_
+@@ -2864,6 +2979,9 @@ static const struct pid_entry tgid_base_
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
ONE("nsproxy", S_IRUGO, proc_pid_nsproxy),
@@ -45779,7 +45803,7 @@
};
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.88&r2=1.89&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.1001&r2=1.1002&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
