Author: hawk Date: Thu May 3 12:03:47 2012 GMT Module: packages Tag: LINUX_2_6_32 ---- Log message: - http://grsecurity.net/~spender/grsecurity-2.9-2.6.32.59-201204272005.patch
---- Files affected: packages/kernel: kernel-grsec_full.patch (1.29.2.12 -> 1.29.2.13) ---- Diffs: ================================================================ Index: packages/kernel/kernel-grsec_full.patch diff -u packages/kernel/kernel-grsec_full.patch:1.29.2.12 packages/kernel/kernel-grsec_full.patch:1.29.2.13 --- packages/kernel/kernel-grsec_full.patch:1.29.2.12 Thu Apr 19 15:12:02 2012 +++ packages/kernel/kernel-grsec_full.patch Thu May 3 14:03:30 2012 @@ -213,7 +213,7 @@ M: Liam Girdwood <[email protected]> M: Mark Brown <[email protected]> diff --git a/Makefile b/Makefile -index 3a9a721..e5a22f7 100644 +index 3a9a721..683dc09 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -248,15 +248,17 @@ include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -526,6 +527,53 @@ else +@@ -526,6 +527,55 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN ++ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif ++endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN +STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 @@ -302,7 +304,7 @@ include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -647,7 +695,7 @@ export mod_strip_cmd +@@ -647,7 +697,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -311,7 +313,7 @@ vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -868,6 +916,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -868,6 +918,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -320,7 +322,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -877,7 +927,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -877,7 +929,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -329,7 +331,7 @@ $(Q)$(MAKE) $(build)=$@ # Build the kernel release string -@@ -986,6 +1036,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1038,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. @@ -337,7 +339,7 @@ prepare: prepare0 # The asm symlink changes when $(ARCH) changes. -@@ -1127,6 +1178,8 @@ all: modules +@@ -1127,6 +1180,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -346,7 +348,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1136,7 +1189,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) +@@ -1136,7 +1191,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) # Target to prepare building external modules PHONY += modules_prepare @@ -355,7 +357,7 @@ # Target to install modules PHONY += modules_install -@@ -1201,7 +1254,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ +@@ -1201,7 +1256,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ include/linux/autoconf.h include/linux/version.h \ include/linux/utsrelease.h \ include/linux/bounds.h include/asm*/asm-offsets.h \ @@ -364,7 +366,7 @@ # clean - Delete most, but leave enough to build external modules # -@@ -1245,7 +1298,7 @@ distclean: mrproper +@@ -1245,7 +1300,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -373,7 +375,7 @@ -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1292,6 +1345,7 @@ help: +@@ -1292,6 +1347,7 @@ help: @echo ' modules_prepare - Set up for building external modules' @echo ' tags/TAGS - Generate tags file for editors' @echo ' cscope - Generate cscope index' @@ -381,7 +383,7 @@ @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ -@@ -1393,6 +1447,8 @@ PHONY += $(module-dirs) modules +@@ -1393,6 +1449,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -390,7 +392,7 @@ modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1448,7 +1504,7 @@ endif # KBUILD_EXTMOD +@@ -1448,7 +1506,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -399,7 +401,7 @@ $(call cmd,tags) # Scripts to check various things for consistency -@@ -1513,17 +1569,21 @@ else +@@ -1513,17 +1571,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -425,7 +427,7 @@ $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1533,11 +1593,15 @@ endif +@@ -1533,11 +1595,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -752,7 +754,7 @@ select HAVE_KRETPROBES if (HAVE_KPROBES) select HAVE_FUNCTION_TRACER if (!XIP_KERNEL) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index d0daeab..99ab713 100644 +index d0daeab..8d7cb84 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -830,7 +832,7 @@ +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" +" mov %0, %1\n" -+"2: bkpt 0xf103\n" ++"2: bkpt 0xf103\n" +"3:\n" +#endif + @@ -5938,6 +5940,16 @@ extra-y := head_$(BITS).o extra-y += init_task.o +diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c +index 4a700f4..6a831bd 100644 +--- a/arch/sparc/kernel/ds.c ++++ b/arch/sparc/kernel/ds.c +@@ -1242,4 +1242,4 @@ static int __init ds_init(void) + return vio_register_driver(&ds_driver); + } + +-subsys_initcall(ds_init); ++fs_initcall(ds_init); diff --git a/arch/sparc/kernel/iommu.c b/arch/sparc/kernel/iommu.c index 7690cc2..ece64c9 100644 --- a/arch/sparc/kernel/iommu.c @@ -6108,6 +6120,32 @@ (void *) gp->tpc, (void *) gp->o7, (void *) gp->i7, +diff --git a/arch/sparc/kernel/rtrap_64.S b/arch/sparc/kernel/rtrap_64.S +index fd3cee4..cc4b1ff 100644 +--- a/arch/sparc/kernel/rtrap_64.S ++++ b/arch/sparc/kernel/rtrap_64.S +@@ -20,11 +20,6 @@ + + .text + .align 32 +-__handle_softirq: +- call do_softirq +- nop +- ba,a,pt %xcc, __handle_softirq_continue +- nop + __handle_preemption: + call schedule + wrpr %g0, RTRAP_PSTATE, %pstate +@@ -159,9 +154,7 @@ rtrap: + cmp %l1, 0 + + /* mm/ultra.S:xcall_report_regs KNOWS about this load. */ +- bne,pn %icc, __handle_softirq + ldx [%sp + PTREGS_OFF + PT_V9_TSTATE], %l1 +-__handle_softirq_continue: + rtrap_xcall: + sethi %hi(0xf << 20), %l4 + and %l1, %l4, %l4 diff --git a/arch/sparc/kernel/sigutil_64.c b/arch/sparc/kernel/sigutil_64.c index 6edc4e5..06a69b4 100644 --- a/arch/sparc/kernel/sigutil_64.c @@ -15592,9 +15630,9 @@ @@ -180,7 +180,7 @@ void dump_stack(void) #endif - printk("Pid: %d, comm: %.20s xid: #%u %s %s %.*s\n", -- current->pid, current->comm, current->xid, print_tainted(), -+ task_pid_nr(current), current->comm, current->xid, print_tainted(), + printk("Pid: %d, comm: %.20s %s %s %.*s\n", +- current->pid, current->comm, print_tainted(), ++ task_pid_nr(current), current->comm, print_tainted(), init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version); @@ -20211,9 +20249,9 @@ @@ -170,7 +170,7 @@ void __show_regs(struct pt_regs *regs, int all) if (!board) board = ""; - printk(KERN_INFO "Pid: %d, comm: %.20s xid: #%u %s %s %.*s %s\n", -- current->pid, current->comm, current->xid, print_tainted(), -+ task_pid_nr(current), current->comm, current->xid, print_tainted(), + printk(KERN_INFO "Pid: %d, comm: %.20s %s %s %.*s %s\n", +- current->pid, current->comm, print_tainted(), ++ task_pid_nr(current), current->comm, print_tainted(), init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version, board); @@ -22613,18 +22651,10 @@ sptep, *sptep, write_pt); diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 7c6e63e..1b7dac1 100644 +index 7c6e63e..c5d92c1 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -2240,6 +2240,7 @@ static int rdmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run) - return 1; - } - -+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3); - static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) - { - struct vcpu_svm *svm = to_svm(vcpu); -@@ -2486,7 +2487,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -2486,7 +2486,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu); @@ -22636,7 +22666,7 @@ load_TR_desc(); } -@@ -2947,7 +2952,7 @@ static bool svm_gb_page_enable(void) +@@ -2947,7 +2951,7 @@ static bool svm_gb_page_enable(void) return true; } @@ -65219,9 +65249,9 @@ --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ + #include <linux/random.h> #include <linux/elf.h> #include <linux/utsname.h> - #include <linux/vs_memory.h> +#include <linux/xattr.h> #include <asm/uaccess.h> #include <asm/param.h> @@ -68540,9 +68570,9 @@ --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ + #include <linux/path.h> #include <linux/slab.h> #include <linux/fs_struct.h> - #include <linux/vserver/global.h> +#include <linux/grsecurity.h> /* @@ -69564,7 +69594,7 @@ for (loop = 0; loop < pagevec->nr; loop++) { diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c -index 46435f3..8cddf18 100644 +index 46435f3a..8cddf18 100644 --- a/fs/fscache/stats.c +++ b/fs/fscache/stats.c @@ -18,95 +18,95 @@ @@ -70297,7 +70327,7 @@ index ba36e93..3153fce 100644 --- a/fs/libfs.c +++ b/fs/libfs.c -@@ -157,14 +157,22 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir) +@@ -157,12 +157,20 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir) for (p=q->next; p != &dentry->d_subdirs; p=p->next) { struct dentry *next; @@ -70307,8 +70337,6 @@ next = list_entry(p, struct dentry, d_u.d_child); if (d_unhashed(next) || !next->d_inode) continue; - if (filter && !filter(next)) - continue; spin_unlock(&dcache_lock); - if (filldir(dirent, next->d_name.name, @@ -70365,7 +70393,7 @@ index a8794f2..4041e55 100644 --- a/fs/locks.c +++ b/fs/locks.c -@@ -145,12 +145,30 @@ static LIST_HEAD(blocked_list); +@@ -145,10 +145,28 @@ static LIST_HEAD(blocked_list); static struct kmem_cache *filelock_cache __read_mostly; @@ -70385,8 +70413,6 @@ /* Allocate an empty lock structure. */ static struct file_lock *locks_alloc_lock(void) { - if (!vx_locks_avail(1)) - return NULL; - return kmem_cache_alloc(filelock_cache, GFP_KERNEL); + struct file_lock *fl = kmem_cache_alloc(filelock_cache, GFP_KERNEL); + @@ -70397,7 +70423,7 @@ } void locks_release_private(struct file_lock *fl) -@@ -183,18 +201,10 @@ void locks_init_lock(struct file_lock *fl) +@@ -183,17 +201,9 @@ void locks_init_lock(struct file_lock *fl) INIT_LIST_HEAD(&fl->fl_link); INIT_LIST_HEAD(&fl->fl_block); init_waitqueue_head(&fl->fl_wait); @@ -70412,7 +70438,6 @@ - fl->fl_start = fl->fl_end = 0; fl->fl_ops = NULL; fl->fl_lmops = NULL; - fl->fl_xid = -1; + locks_init_lock_always(fl); } @@ -71485,7 +71510,7 @@ error = 0; dput_and_out: path_put(&path); -@@ -596,70 +618,60 @@ out: +@@ -596,66 +618,57 @@ out: return error; } @@ -71565,10 +71590,6 @@ error = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); - if (error) - goto out; -- -- error = cow_check_and_break(&path); -- if (error) -- goto dput_and_out; - inode = path.dentry->d_inode; - - error = mnt_want_write(path.mnt); @@ -71586,10 +71607,7 @@ - path_put(&path); -out: + if (!error) { -+ error = cow_check_and_break(&path); -+ if (!error) { -+ error = chmod_common(&path, mode); -+ } ++ error = chmod_common(&path, mode); + path_put(&path); + } return error; @@ -71613,29 +71631,29 @@ if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; @@ -700,7 +716,7 @@ SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) - error = cow_check_and_break(&path); - if (!error) - #endif -- error = chown_common(path.dentry, user, group); -+ error = chown_common(path.dentry, user, group, path.mnt); + error = mnt_want_write(path.mnt); + if (error) + goto out_release; +- error = chown_common(path.dentry, user, group); ++ error = chown_common(path.dentry, user, group, path.mnt); mnt_drop_write(path.mnt); out_release: path_put(&path); @@ -725,7 +741,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, - error = cow_check_and_break(&path); - if (!error) - #endif -- error = chown_common(path.dentry, user, group); -+ error = chown_common(path.dentry, user, group, path.mnt); + error = mnt_want_write(path.mnt); + if (error) + goto out_release; +- error = chown_common(path.dentry, user, group); ++ error = chown_common(path.dentry, user, group, path.mnt); mnt_drop_write(path.mnt); out_release: path_put(&path); @@ -744,7 +760,7 @@ SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group - error = cow_check_and_break(&path); - if (!error) - #endif -- error = chown_common(path.dentry, user, group); -+ error = chown_common(path.dentry, user, group, path.mnt); + error = mnt_want_write(path.mnt); + if (error) + goto out_release; +- error = chown_common(path.dentry, user, group); ++ error = chown_common(path.dentry, user, group, path.mnt); mnt_drop_write(path.mnt); out_release: path_put(&path); @@ -72405,11 +72423,11 @@ INF("io", S_IRUSR, proc_tgid_io_accounting), #endif +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR -+ INF("ipaddr", S_IRUSR, proc_pid_ipaddr), ++ INF("ipaddr", S_IRUSR, proc_pid_ipaddr), +#endif - ONE("nsproxy", S_IRUGO, proc_pid_nsproxy), }; + static int proc_tgid_base_readdir(struct file * filp, @@ -2735,7 +2867,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -72473,8 +72491,6 @@ + rcu_read_unlock(); +#endif filp->f_pos = iter.tgid + TGID_OFFSET; - if (!vx_proc_task_visible(iter.task)) - continue; - if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) { + if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) { put_task_struct(iter.task); @@ -72590,14 +72606,14 @@ +++ b/fs/proc/internal.h @@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); - extern int proc_pid_nsproxy(struct seq_file *m, struct pid_namespace *ns, + extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR +extern int proc_pid_ipaddr(struct task_struct *task, char *buffer); +#endif - extern loff_t mem_lseek(struct file *file, loff_t offset, int orig); + extern const struct file_operations proc_maps_operations; diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index b442dac..aab29cb 100644 --- a/fs/proc/kcore.c @@ -73202,7 +73218,7 @@ reiserfs_check_lock_depth(inode->i_sb, "readdir"); diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c -index 128d3f7..8840d44 100644 +index 128d3f7c..8840d44 100644 --- a/fs/reiserfs/do_balan.c +++ b/fs/reiserfs/do_balan.c @@ -2058,7 +2058,7 @@ void do_balance(struct tree_balance *tb, /* tree_balance structure */ @@ -85796,9 +85812,6 @@ + void (* const clear_inode) (struct inode *); + void (* const umount_begin) (struct super_block *); -- void (*sync_inodes)(struct super_block *sb, -+ void (* const sync_inodes)(struct super_block *sb, - struct writeback_control *wbc); - int (*show_options)(struct seq_file *, struct vfsmount *); - int (*show_stats)(struct seq_file *, struct vfsmount *); + int (* const show_options)(struct seq_file *, struct vfsmount *); @@ -87993,9 +88006,9 @@ mode_t mode, struct proc_dir_entry *base, read_proc_t *read_proc, void * data) @@ -256,7 +269,7 @@ union proc_op { - int (*proc_vs_read)(char *page); - int (*proc_vxi_read)(struct vx_info *vxi, char *page); - int (*proc_nxi_read)(struct nx_info *nxi, char *page); + int (*proc_show)(struct seq_file *m, + struct pid_namespace *ns, struct pid *pid, + struct task_struct *task); -}; +} __no_const; @@ -88869,6 +88882,27 @@ __SONET_ITEMS #undef __HANDLE_ITEM }; +diff --git a/include/linux/stddef.h b/include/linux/stddef.h +index 6a40c76..1747b67 100644 +--- a/include/linux/stddef.h ++++ b/include/linux/stddef.h +@@ -3,14 +3,10 @@ + + #include <linux/compiler.h> + ++#ifdef __KERNEL__ ++ + #undef NULL +-#if defined(__cplusplus) +-#define NULL 0 +-#else + #define NULL ((void *)0) +-#endif +- +-#ifdef __KERNEL__ + + enum { + false = 0, diff --git a/include/linux/sunrpc/cache.h b/include/linux/sunrpc/cache.h index 6f52b4d..5500323 100644 --- a/include/linux/sunrpc/cache.h @@ -91566,12 +91600,10 @@ return 0; } -@@ -1033,14 +1060,18 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1033,12 +1060,16 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; - if (!vx_nproc_avail(1)) - goto bad_fork_cleanup_vm; + + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0); + @@ -91581,7 +91613,7 @@ - p->real_cred->user != INIT_USER) + if (p->real_cred->user != INIT_USER && + !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) - goto bad_fork_cleanup_vm; + goto bad_fork_free; } + current->flags &= ~PF_NPROC_EXCEEDED; @@ -93410,10 +93442,10 @@ */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { -- return pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID); +- return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID); + struct task_struct *task; + -+ task = pid_task(find_pid_ns(vx_rmap_pid(nr), ns), PIDTYPE_PID); ++ task = pid_task(find_pid_ns(nr, ns), PIDTYPE_PID); + + if (gr_pid_is_chrooted(task)) + return NULL; @@ -93687,15 +93719,15 @@ index 4cade47..4d17900 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -35,6 +35,7 @@ +@@ -33,6 +33,7 @@ + #include <linux/bootmem.h> #include <linux/syscalls.h> #include <linux/kexec.h> - #include <linux/vs_cvirt.h> +#include <linux/syslog.h> #include <asm/uaccess.h> -@@ -259,29 +260,21 @@ static inline void boot_delay_msec(void) +@@ -256,38 +257,30 @@ static inline void boot_delay_msec(void) } #endif @@ -93720,7 +93752,7 @@ unsigned i, j, limit, count; int do_clear = 0; char c; - int error; + int error = 0; <<Diff was trimmed, longer than 597 lines>> ---- CVS-web: http://cvs.pld-linux.org/packages/kernel/kernel-grsec_full.patch?r1=1.29.2.12&r2=1.29.2.13 _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
