SOURCES (hawk-LINUX_2_6): linux-2.6-grsec-minimal.patch - grsecuri...

hawk hawk at pld-linux.org
Sat Jan 27 22:10:36 CET 2007 

Author: hawk                         Date: Sat Jan 27 21:10:36 2007 GMT
Module: SOURCES                       Tag: hawk-LINUX_2_6
---- Log message:
- grsecurity minimal (proc, link, fifo) for vanilla 2.6.19.2 kernel, based
  on official full grsecurity for 2.6.19.2 kernel

---- Files affected:
SOURCES:
   linux-2.6-grsec-minimal.patch (1.1.2.20 -> 1.1.2.20.4.1) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-grsec-minimal.patch
diff -u SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.20 SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.20.4.1
--- SOURCES/linux-2.6-grsec-minimal.patch:1.1.2.20	Tue Jan  2 17:58:00 2007
+++ SOURCES/linux-2.6-grsec-minimal.patch	Sat Jan 27 22:10:31 2007
@@ -1,7 +1,7 @@
-diff -urNp linux-2.6.16.2/arch/sparc/Makefile linux-2.6.16.2/arch/sparc/Makefile
---- linux-2.6.16.2/arch/sparc/Makefile	2006-04-07 12:56:47.000000000 -0400
-+++ linux-2.6.16.2/arch/sparc/Makefile	2006-04-09 21:23:54.000000000 -0400
-@@ -34,7 +34,7 @@ libs-y += arch/sparc/prom/ arch/sparc/li
+diff -urNP linux-2.6.19.2/arch/sparc/Makefile linux-2.6.19.2/arch/sparc/Makefile
+--- linux-2.6.19.2/arch/sparc/Makefile	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/arch/sparc/Makefile	2007-01-20 17:29:54.000000000 -0500
+@@ -36,7 +36,7 @@
  # Renaming is done to avoid confusing pattern matching rules in 2.5.45 (multy-)
  INIT_Y		:= $(patsubst %/, %/built-in.o, $(init-y))
  CORE_Y		:= $(core-y)
@@ -10,10 +10,10 @@
  CORE_Y		:= $(patsubst %/, %/built-in.o, $(CORE_Y))
  DRIVERS_Y	:= $(patsubst %/, %/built-in.o, $(drivers-y))
  NET_Y		:= $(patsubst %/, %/built-in.o, $(net-y))
-diff -urN linux-2.6.16.2/Makefile linux-2.6.16.2-grsec/Makefile
---- linux-2.6.16.2/Makefile	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/Makefile	2006-04-11 17:44:40.069707000 +0200
-@@ -556,7 +556,7 @@
+diff -urNP linux-2.6.19.2/Makefile linux-2.6.19.2/Makefile
+--- linux-2.6.19.2/Makefile	2007-01-12 11:32:03.000000000 -0500
++++ linux-2.6.19.2/Makefile	2007-01-20 17:29:55.000000000 -0500
+@@ -559,7 +559,7 @@
  
  
  ifeq ($(KBUILD_EXTMOD),)
@@ -22,10 +22,10 @@
  
  vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
  		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-diff -urN linux-2.6.16.2/drivers/char/keyboard.c linux-2.6.16.2-grsec/drivers/char/keyboard.c
---- linux-2.6.16.2/drivers/char/keyboard.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/drivers/char/keyboard.c	2006-04-11 17:44:40.073707250 +0200
-@@ -607,6 +607,16 @@
+diff -urNP linux-2.6.19.2/drivers/char/keyboard.c linux-2.6.19.2/drivers/char/keyboard.c
+--- linux-2.6.19.2/drivers/char/keyboard.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/drivers/char/keyboard.c	2007-01-20 17:29:55.000000000 -0500
+@@ -628,6 +628,16 @@
  	     kbd->kbdmode == VC_MEDIUMRAW) &&
  	     value != KVAL(K_SAK))
  		return;		/* SAK is allowed even in raw mode */
@@ -42,17 +42,17 @@
  	fn_handler[value](vc);
  }
  
-diff -urNp linux-2.6.16.2/drivers/pci/proc.c linux-2.6.16.2-grsec/drivers/pci/proc.c
---- linux-2.6.16.2/drivers/pci/proc.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/drivers/pci/proc.c	2006-04-11 17:44:40.073707250 +0200
-@@ -467,7 +467,15 @@ static int __init pci_proc_init(void)
+diff -urNP linux-2.6.19.2/drivers/pci/proc.c linux-2.6.19.2/drivers/pci/proc.c
+--- linux-2.6.19.2/drivers/pci/proc.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/drivers/pci/proc.c	2007-01-20 17:29:55.000000000 -0500
+@@ -467,7 +467,15 @@
  {
  	struct proc_dir_entry *entry;
  	struct pci_dev *dev = NULL;
 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
 +#ifdef CONFIG_GRKERNSEC_PROC_USER
 +	proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR, proc_bus);
-+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#elif CONFIG_GRKERNSEC_PROC_USERGROUP
 +	proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, proc_bus);
 +#endif
 +#else
@@ -61,10 +61,10 @@
  	entry = create_proc_entry("devices", 0, proc_bus_pci_dir);
  	if (entry)
  		entry->proc_fops = &proc_bus_pci_dev_operations;
-diff -urNp linux-2.6.16.2/fs/Kconfig linux-2.6.16.2-grsec/fs/Kconfig
---- linux-2.6.16.2/fs/Kconfig	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/Kconfig	2006-04-11 17:44:40.073707250 +0200
-@@ -817,7 +817,7 @@ config PROC_FS
+diff -urNP linux-2.6.19.2/fs/Kconfig linux-2.6.19.2/fs/Kconfig
+--- linux-2.6.19.2/fs/Kconfig	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/fs/Kconfig	2007-01-20 17:29:55.000000000 -0500
+@@ -929,7 +929,7 @@
  
  config PROC_KCORE
  	bool "/proc/kcore support" if !ARM
@@ -73,18 +73,18 @@
  
  config PROC_VMCORE
          bool "/proc/vmcore support (EXPERIMENTAL)"
-diff -urN linux-2.6.16.2/fs/namei.c linux-2.6.16.2-grsec/fs/namei.c
---- linux-2.6.16.2/fs/namei.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/namei.c	2006-04-11 18:10:35.961452750 +0200
+diff -urNP linux-2.6.19.2/fs/namei.c linux-2.6.19.2/fs/namei.c
+--- linux-2.6.19.2/fs/namei.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/fs/namei.c	2007-01-20 17:29:55.000000000 -0500
 @@ -32,6 +32,7 @@
- #include <linux/vs_tag.h>
- #include <linux/vserver/debug.h>
- #include <linux/vs_cowbl.h>
+ #include <linux/file.h>
+ #include <linux/fcntl.h>
+ #include <linux/namei.h>
 +#include <linux/grsecurity.h>
  #include <asm/namei.h>
  #include <asm/uaccess.h>
  
-@@ -608,6 +609,13 @@
+@@ -640,6 +641,13 @@
  	err = security_inode_follow_link(path->dentry, nd);
  	if (err)
  		goto loop;
@@ -98,7 +98,7 @@
  	current->link_count++;
  	current->total_link_count++;
  	nd->depth++;
-@@ -1647,6 +1655,13 @@
+@@ -1703,6 +1737,13 @@
  	/*
  	 * It already exists.
  	 */
@@ -112,7 +112,7 @@
  	mutex_unlock(&dir->d_inode->i_mutex);
  	audit_inode_update(path.dentry->d_inode);
  
-@@ -1700,6 +1715,13 @@
+@@ -1758,6 +1809,13 @@
  	error = security_inode_follow_link(path.dentry, nd);
  	if (error)
  		goto exit_dput;
@@ -126,7 +126,7 @@
  	error = __do_follow_link(&path, nd);
  	if (error) {
  		/* Does someone understand code flow here? Or it is only
-@@ -2326,7 +2454,16 @@ asmlinkage long sys_linkat(int olddfd, c
+@@ -2326,7 +2454,16 @@
  	error = PTR_ERR(new_dentry);
  	if (IS_ERR(new_dentry))
  		goto out_unlock;
@@ -138,15 +138,15 @@
 +		goto out_unlock_dput;
 +	}
 +
- 	error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry, &nd);
+ 	error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
 +out_unlock_dput:
  	dput(new_dentry);
  out_unlock:
  	mutex_unlock(&nd.dentry->d_inode->i_mutex);
-diff -urN linux-2.6.16.2/fs/proc/array.c linux-2.6.16.2-grsec/fs/proc/array.c
---- linux-2.6.16.2/fs/proc/array.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/array.c	2006-04-11 17:44:40.077707500 +0200
-@@ -488,3 +488,14 @@
+diff -urNP linux-2.6.19.2/fs/proc/array.c linux-2.6.19.2/fs/proc/array.c
+--- linux-2.6.19.2/fs/proc/array.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/fs/proc/array.c	2007-01-20 17:29:55.000000000 -0500
+@@ -494,3 +539,14 @@
  	return sprintf(buffer,"%d %d %d %d %d %d %d\n",
  		       size, resident, shared, text, lib, data, 0);
  }
@@ -161,10 +161,10 @@
 +}
 +#endif
 +
-diff -urNp linux-2.6.16.2/fs/proc/inode.c linux-2.6.16.2-grsec/fs/proc/inode.c
---- linux-2.6.16.2/fs/proc/inode.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/inode.c	2006-04-11 17:44:40.077707500 +0200
-@@ -166,7 +166,11 @@ struct inode *proc_get_inode(struct supe
+diff -urNP linux-2.6.19.2/fs/proc/inode.c linux-2.6.19.2/fs/proc/inode.c
+--- linux-2.6.19.2/fs/proc/inode.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/fs/proc/inode.c	2007-01-20 17:29:55.000000000 -0500
+@@ -166,7 +166,11 @@
  		if (de->mode) {
  			inode->i_mode = de->mode;
  			inode->i_uid = de->uid;
@@ -174,12 +174,12 @@
  			inode->i_gid = de->gid;
 +#endif
  		}
- 		if (de->vx_flags)
- 			PROC_I(inode)->vx_flags = de->vx_flags;
-diff -urNp linux-2.6.16.2/fs/proc/internal.h linux-2.6.16.2-grsec/fs/proc/internal.h
---- linux-2.6.16.2/fs/proc/internal.h	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/internal.h	2006-04-11 17:44:40.077707500 +0200
-@@ -36,6 +36,9 @@ extern int proc_tid_stat(struct task_str
+ 		if (de->size)
+ 			inode->i_size = de->size;
+diff -urNP linux-2.6.19.2/fs/proc/internal.h linux-2.6.19.2/fs/proc/internal.h
+--- linux-2.6.19.2/fs/proc/internal.h	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/fs/proc/internal.h	2007-01-20 17:29:55.000000000 -0500
+@@ -37,6 +37,9 @@
  extern int proc_tgid_stat(struct task_struct *, char *);
  extern int proc_pid_status(struct task_struct *, char *);
  extern int proc_pid_statm(struct task_struct *, char *);
@@ -189,13 +189,14 @@
  
  extern struct file_operations proc_maps_operations;
  extern struct file_operations proc_numa_maps_operations;
-diff -urN linux-2.6.16.2/fs/proc/proc_misc.c linux-2.6.16.2-grsec/fs/proc/proc_misc.c
---- linux-2.6.16.2/fs/proc/proc_misc.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/proc_misc.c	2006-04-11 17:44:40.109709500 +0200
-@@ -670,6 +670,10 @@ void create_seq_entry(char *name, mode_t
+diff -urNP linux-2.6.19.2/fs/proc/proc_misc.c linux-2.6.19.2/fs/proc/proc_misc.c
+--- linux-2.6.19.2/fs/proc/proc_misc.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/fs/proc/proc_misc.c	2007-01-20 17:29:55.000000000 -0500
+@@ -670,6 +670,11 @@
  void __init proc_misc_init(void)
  {
  	struct proc_dir_entry *entry;
++
 +#ifdef CONFIG_GRKERNSEC_PROC
 +	int gr_mode = 0;
 +#endif
@@ -203,7 +204,7 @@
  	static struct {
  		char *name;
  		int (*read_proc)(char*,char**,off_t,int,int*,void*);
-@@ -685,7 +687,9 @@ void __init proc_misc_init(void)
+@@ -685,7 +687,9 @@
  		{"stram",	stram_read_proc},
  #endif
  		{"filesystems",	filesystems_read_proc},
@@ -213,7 +214,7 @@
  		{"locks",	locks_read_proc},
  		{"execdomains",	execdomains_read_proc},
  		{NULL,}
-@@ -693,13 +697,26 @@ void __init proc_misc_init(void)
+@@ -693,13 +697,26 @@
  	for (p = simple_ones; p->name; p++)
  		create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL);
  
@@ -240,7 +241,7 @@
  	create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations);
  #ifdef CONFIG_BLOCK
  	create_seq_entry("partitions", 0, &proc_partitions_operations);
-@@ -707,7 +724,11 @@ void __init proc_misc_init(void)
+@@ -707,7 +724,11 @@
  	create_seq_entry("stat", 0, &proc_stat_operations);
  	create_seq_entry("interrupts", 0, &proc_interrupts_operations);
  #ifdef CONFIG_SLAB
@@ -252,7 +253,7 @@
  #ifdef CONFIG_DEBUG_SLAB_LEAK
  	create_seq_entry("slab_allocators", 0 ,&proc_slabstats_operations);
  #endif
-@@ -724,7 +745,7 @@ void __init proc_misc_init(void)
+@@ -724,7 +745,7 @@
  #ifdef CONFIG_SCHEDSTATS
  	create_seq_entry("schedstat", 0, &proc_schedstat_operations);
  #endif
@@ -261,10 +262,10 @@
  	proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL);
  	if (proc_root_kcore) {
  		proc_root_kcore->proc_fops = &proc_kcore_operations;
-diff -urN linux-2.6.16.2/fs/proc/root.c linux-2.6.16.2-grsec/fs/proc/root.c
---- linux-2.6.16.2/fs/proc/root.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/fs/proc/root.c	2006-04-11 17:44:40.113709750 +0200
-@@ -53,7 +53,13 @@
+diff -urNP linux-2.6.19.2/fs/proc/root.c linux-2.6.19.2/fs/proc/root.c
+--- linux-2.6.19.2/fs/proc/root.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/fs/proc/root.c	2007-01-20 17:29:55.000000000 -0500
+@@ -64,7 +64,13 @@
  		return;
  	}
  	proc_misc_init();
@@ -278,7 +279,7 @@
  	proc_net_stat = proc_mkdir("net/stat", NULL);
  
  #ifdef CONFIG_SYSVIPC
-@@ -77,7 +83,15 @@
+@@ -88,7 +94,15 @@
  #ifdef CONFIG_PROC_DEVICETREE
  	proc_device_tree_init();
  #endif
@@ -291,12 +292,12 @@
 +#else
  	proc_bus = proc_mkdir("bus", NULL);
 +#endif
- 	proc_vx_init();
  }
  
-diff -urN linux-2.6.16.2/grsecurity/Kconfig linux-2.6.16.2-grsec/grsecurity/Kconfig
---- linux-2.6.16.2/grsecurity/Kconfig	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/Kconfig	2006-04-11 19:03:04.020561250 +0200
+ static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
+diff -urNP linux-2.6.19.2/grsecurity/Kconfig linux-2.6.19.2/grsecurity/Kconfig
+--- linux-2.6.19.2/grsecurity/Kconfig	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/Kconfig	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,135 @@
 +#
 +# grecurity configuration
@@ -433,9 +434,9 @@
 +	  the sysctl entries.
 +
 +endmenu
-diff -urN linux-2.6.16.2/grsecurity/Makefile linux-2.6.16.2-grsec/grsecurity/Makefile
---- linux-2.6.16.2/grsecurity/Makefile	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/Makefile	2006-04-11 19:03:17.509404250 +0200
+diff -urNP linux-2.6.19.2/grsecurity/Makefile linux-2.6.19.2/grsecurity/Makefile
+--- linux-2.6.19.2/grsecurity/Makefile	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/Makefile	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,11 @@
 +# All code in this directory and various hooks inserted throughout the kernel
 +# are copyright Brad Spengler, and released under the GPL v2 or higher
@@ -448,18 +449,18 @@
 +obj-y += grsec_disabled.o
 +endif
 +
-diff -urN linux-2.6.16.2/grsecurity/grsec_disabled.c linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c
---- linux-2.6.16.2/grsecurity/grsec_disabled.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_disabled.c	2006-04-11 17:44:40.113709750 +0200
+diff -urNP linux-2.6.19.2/grsecurity/grsec_disabled.c linux-2.6.19.2/grsecurity/grsec_disabled.c
+--- linux-2.6.19.2/grsecurity/grsec_disabled.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/grsec_disabled.c	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,5 @@
 +void
 +grsecurity_init(void)
 +{
 +	return;
 +}
-diff -urN linux-2.6.16.2/grsecurity/grsec_fifo.c linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c
---- linux-2.6.16.2/grsecurity/grsec_fifo.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_fifo.c	2006-04-11 19:04:02.872239250 +0200
+diff -urNP linux-2.6.19.2/grsecurity/grsec_fifo.c linux-2.6.19.2/grsecurity/grsec_fifo.c
+--- linux-2.6.19.2/grsecurity/grsec_fifo.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/grsec_fifo.c	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,20 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
@@ -481,10 +482,10 @@
 +#endif
 +	return 0;
 +}
-diff -urN linux-2.6.16.2/grsecurity/grsec_init.c linux-2.6.16.2-grsec/grsecurity/grsec_init.c
---- linux-2.6.16.2/grsecurity/grsec_init.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_init.c	2006-04-11 19:04:24.693603000 +0200
-@@ -0,0 +1,33 @@
+diff -urNP linux-2.6.19.2/grsecurity/grsec_init.c linux-2.6.19.2/grsecurity/grsec_init.c
+--- linux-2.6.19.2/grsecurity/grsec_init.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/grsec_init.c	2007-01-20 17:29:55.000000000 -0500
+@@ -0,0 +1,34 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/mm.h>
@@ -501,6 +502,7 @@
 +void
 +grsecurity_init(void)
 +{
++
 +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
 +#ifndef CONFIG_GRKERNSEC_SYSCTL
 +	grsec_lock = 1;
@@ -518,9 +520,9 @@
 +
 +	return;
 +}
-diff -urN linux-2.6.16.2/grsecurity/grsec_link.c linux-2.6.16.2-grsec/grsecurity/grsec_link.c
---- linux-2.6.16.2/grsecurity/grsec_link.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_link.c	2006-04-11 19:04:40.258575750 +0200
+diff -urNP linux-2.6.19.2/grsecurity/grsec_link.c linux-2.6.19.2/grsecurity/grsec_link.c
+--- linux-2.6.19.2/grsecurity/grsec_link.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/grsec_link.c	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,37 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
@@ -559,9 +561,9 @@
 +#endif
 +	return 0;
 +}
-diff -urN linux-2.6.16.2/grsecurity/grsec_sock.c linux-2.6.16.2-grsec/grsecurity/grsec_sock.c
---- linux-2.6.16.2/grsecurity/grsec_sock.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_sock.c	2006-04-11 19:20:18.301199750 +0200
+diff -urNP linux-2.6.19.2/grsecurity/grsec_sock.c linux-2.6.19.2/grsecurity/grsec_sock.c
+--- linux-2.6.19.2/grsecurity/grsec_sock.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/grsec_sock.c	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,164 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
@@ -677,7 +679,7 @@
 +	newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
 +	if (newent == NULL)
 +		return;
-+	
++	/* no bh lock needed since we are called with bh disabled */
 +	spin_lock(&gr_conn_table_lock);
 +	gr_del_task_from_ip_table_nolock(sig);
 +	sig->gr_saddr = inet->rcv_saddr;
@@ -712,25 +714,25 @@
 +
 +	set = current->signal;
 +
-+	spin_lock(&gr_conn_table_lock);
++	spin_lock_bh(&gr_conn_table_lock);
 +	p = gr_lookup_task_ip_table(inet->daddr, inet->rcv_saddr,
 +				    inet->dport, inet->sport);
 +	if (unlikely(p != NULL)) {
 +		set->curr_ip = p->curr_ip;
 +		gr_del_task_from_ip_table_nolock(p);
-+		spin_unlock(&gr_conn_table_lock);
++		spin_unlock_bh(&gr_conn_table_lock);
 +		return;
 +	}
-+	spin_unlock(&gr_conn_table_lock);
++	spin_unlock_bh(&gr_conn_table_lock);
 +
 +	set->curr_ip = inet->daddr;
 +#endif
 +	return;
 +}
-diff -urN linux-2.6.16.2/grsecurity/grsec_sysctl.c linux-2.6.16.2-grsec/grsecurity/grsec_sysctl.c
---- linux-2.6.16.2/grsecurity/grsec_sysctl.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/grsecurity/grsec_sysctl.c	2006-04-11 19:04:50.363207250 +0200
-@@ -0,0 +1,65 @@
+diff -urNP linux-2.6.19.2/grsecurity/grsec_sysctl.c linux-2.6.19.2/grsecurity/grsec_sysctl.c
+--- linux-2.6.19.2/grsecurity/grsec_sysctl.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/grsecurity/grsec_sysctl.c	2007-01-20 17:29:55.000000000 -0500
+@@ -0,0 +1,64 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/sysctl.h>
@@ -796,9 +798,9 @@
 +	{ .ctl_name = 0 }
 +};
 +#endif
-diff -urN linux-2.6.16.2/include/linux/grinternal.h linux-2.6.16.2-grsec/include/linux/grinternal.h
---- linux-2.6.16.2/include/linux/grinternal.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/include/linux/grinternal.h	2006-04-11 19:03:34.734480750 +0200
+diff -urNP linux-2.6.19.2/include/linux/grinternal.h linux-2.6.19.2/include/linux/grinternal.h
+--- linux-2.6.19.2/include/linux/grinternal.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/include/linux/grinternal.h	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,15 @@
 +#ifndef __GRINTERNAL_H
 +#define __GRINTERNAL_H
@@ -815,9 +817,9 @@
 +#endif
 +
 +#endif
-diff -urN linux-2.6.16.2/include/linux/grsecurity.h linux-2.6.16.2-grsec/include/linux/grsecurity.h
---- linux-2.6.16.2/include/linux/grsecurity.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.16.2-grsec/include/linux/grsecurity.h	2006-04-11 18:06:03.000000000 +0200
+diff -urNP linux-2.6.19.2/include/linux/grsecurity.h linux-2.6.19.2/include/linux/grsecurity.h
+--- linux-2.6.19.2/include/linux/grsecurity.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.19.2/include/linux/grsecurity.h	2007-01-20 17:29:55.000000000 -0500
 @@ -0,0 +1,34 @@
 +#ifndef GR_SECURITY_H
 +#define GR_SECURITY_H
@@ -853,13 +855,14 @@
 +#endif
 +
 +#endif
-diff -urNp linux-2.6.16.2/include/linux/sched.h linux-2.6.16.2-grsec/include/linux/sched.h
---- linux-2.6.16.2/include/linux/sched.h	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/include/linux/sched.h	2006-04-11 19:14:15.574530750 +0200
-@@ -474,6 +474,13 @@ struct signal_struct {
- 	spinlock_t stats_lock;
+diff -urNP linux-2.6.19.2/include/linux/sched.h linux-2.6.19.2/include/linux/sched.h
+--- linux-2.6.19.2/include/linux/sched.h	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/include/linux/sched.h	2007-01-20 17:29:55.000000000 -0500
+@@ -468,6 +495,14 @@
+ #ifdef CONFIG_TASKSTATS
  	struct taskstats *stats;
  #endif
++
 +#ifdef CONFIG_GRKERNSEC
 +	u32 curr_ip;
 +	u32 gr_saddr;
@@ -870,9 +873,9 @@
  };
  
  /* Context switch must be unlocked if interrupts are to be enabled */
-diff -urN linux-2.6.16.2/include/linux/shm.h linux-2.6.16.2-grsec/include/linux/shm.h
---- linux-2.6.16.2/include/linux/shm.h	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/include/linux/shm.h	2006-04-11 17:44:40.121710250 +0200
+diff -urNP linux-2.6.19.2/include/linux/shm.h linux-2.6.19.2/include/linux/shm.h
+--- linux-2.6.19.2/include/linux/shm.h	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/include/linux/shm.h	2007-01-20 17:29:55.000000000 -0500
 @@ -86,6 +86,10 @@
  	pid_t			shm_cprid;
  	pid_t			shm_lprid;
@@ -887,7 +890,7 @@
 diff -urN linux-2.6.16.2/include/linux/sysctl.h linux-2.6.16.2-grsec/include/linux/sysctl.h
 --- linux-2.6.16.2/include/linux/sysctl.h	2006-04-07 18:56:47.000000000 +0200
 +++ linux-2.6.16.2-grsec/include/linux/sysctl.h	2006-04-11 18:09:09.244033250 +0200
-@@ -155,6 +155,9 @@
+@@ -167,6 +167,9 @@
  /* CTL_VM names: */
  enum
  {
@@ -897,18 +900,18 @@
  	VM_UNUSED1=1,		/* was: struct: Set vm swapping control */
  	VM_UNUSED2=2,		/* was; int: Linear or sqrt() swapout for hogs */
  	VM_UNUSED3=3,		/* was: struct: Set free page thresholds */
-diff -urNp linux-2.6.16.2/ipc/shm.c linux-2.6.16.2-grsec/ipc/shm.c
---- linux-2.6.16.2/ipc/shm.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/ipc/shm.c	2006-04-11 17:44:40.121710250 +0200
-@@ -34,6 +34,7 @@
+diff -urNP linux-2.6.19.2/ipc/shm.c linux-2.6.19.2/ipc/shm.c
+--- linux-2.6.19.2/ipc/shm.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/ipc/shm.c	2007-01-20 17:29:55.000000000 -0500
+@@ -37,6 +37,7 @@
+ #include <linux/seq_file.h>
  #include <linux/mutex.h>
- #include <linux/vs_context.h>
- #include <linux/vs_limit.h>
+ #include <linux/nsproxy.h>
 +#include <linux/grsecurity.h>
  
  #include <asm/uaccess.h>
  
-@@ -156,6 +157,17 @@ static void shm_close (struct vm_area_st
+@@ -216,6 +227,17 @@
  	shp->shm_lprid = current->tgid;
  	shp->shm_dtim = get_seconds();
  	shp->shm_nattch--;
@@ -925,8 +928,8 @@
 +#endif
  	if(shp->shm_nattch == 0 &&
  	   shp->shm_perm.mode & SHM_DEST)
- 		shm_destroy (shp);
-@@ -258,6 +270,9 @@ static int newseg (key_t key, int shmflg
+ 		shm_destroy(ns, shp);
+@@ -326,6 +348,9 @@
  	shp->shm_lprid = 0;
  	shp->shm_atim = shp->shm_dtim = 0;
  	shp->shm_ctim = get_seconds();
@@ -935,8 +938,8 @@
 +#endif
  	shp->shm_segsz = size;
  	shp->shm_nattch = 0;
- 	shp->id = shm_buildid(id,shp->shm_perm.seq);
-@@ -774,6 +789,11 @@ long do_shmat(int shmid, char __user *sh
+ 	shp->id = shm_buildid(ns, id, shp->shm_perm.seq);
+@@ -845,6 +872,11 @@
  	file = shp->shm_file;
  	size = i_size_read(file->f_dentry->d_inode);
  	shp->shm_nattch++;
@@ -948,7 +951,7 @@
  	shm_unlock(shp);
  
  	down_write(&current->mm->mmap_sem);
-@@ -1014,3 +1059,27 @@ static int sysvipc_shm_proc_show(struct 
+@@ -1014,3 +1059,27 @@
  			  shp->shm_ctim);
  }
  #endif
@@ -976,17 +979,17 @@
 +#endif
 +	return;
 +}
-diff -urNp linux-2.6.18/kernel/configs.c linux-2.6.18/kernel/configs.c
---- linux-2.6.18/kernel/configs.c	2006-09-19 23:42:06.000000000 -0400
-+++ linux-2.6.18/kernel/configs.c	2006-09-22 20:04:35.000000000 -0400
-@@ -88,8 +88,16 @@ static int __init ikconfig_init(void)
+diff -urNP linux-2.6.19.2/kernel/configs.c linux-2.6.19.2/kernel/configs.c
+--- linux-2.6.19.2/kernel/configs.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/kernel/configs.c	2007-01-20 17:29:55.000000000 -0500
+@@ -88,8 +88,16 @@
  	struct proc_dir_entry *entry;
  
  	/* create the current config file */
 +#ifdef CONFIG_GRKERNSEC_PROC_ADD
 +#ifdef CONFIG_GRKERNSEC_PROC_USER
 +	entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR, &proc_root);
-+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#elif CONFIG_GRKERNSEC_PROC_USERGROUP
 +	entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR | S_IRGRP, &proc_root);
 +#endif
 +#else
@@ -996,18 +999,18 @@
  	if (!entry)
  		return -ENOMEM;
  
-diff -urN linux-2.6.16.2/kernel/exit.c linux-2.6.16.2-grsec/kernel/exit.c
---- linux-2.6.16.2/kernel/exit.c	2006-04-07 18:56:47.000000000 +0200
-+++ linux-2.6.16.2-grsec/kernel/exit.c	2006-04-11 17:44:40.125710500 +0200
-@@ -36,6 +36,7 @@
+diff -urNP linux-2.6.19.2/kernel/exit.c linux-2.6.19.2/kernel/exit.c
+--- linux-2.6.19.2/kernel/exit.c	2006-11-29 16:57:37.000000000 -0500
++++ linux-2.6.19.2/kernel/exit.c	2007-01-20 17:29:55.000000000 -0500
+@@ -41,6 +41,7 @@
  #include <linux/audit.h> /* for audit_free() */
  #include <linux/resource.h>
  #include <linux/blkdev.h>
 +#include <linux/grsecurity.h>
- #include <linux/vs_limit.h>
- #include <linux/vs_context.h>
- #include <linux/vs_network.h>
-@@ -118,6 +123,7 @@ static void __exit_signal(struct task_st
+ 
+ #include <asm/uaccess.h>
+ #include <asm/unistd.h>
+@@ -118,6 +123,7 @@
  
  	__unhash_process(tsk);
  
@@ -1015,7 +1018,7 @@
  	tsk->signal = NULL;
  	tsk->sighand = NULL;
  	spin_unlock(&sighand->siglock);
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/linux-2.6-grsec-minimal.patch?r1=1.1.2.20&r2=1.1.2.20.4.1&f=u

More information about the pld-cvs-commit mailing list