SOURCES (LINUX_2_6): linux-2.6-grsec_full.patch - updated
arekm
arekm at pld-linux.org
Sun Mar 29 20:49:53 CEST 2009
Author: arekm Date: Sun Mar 29 18:49:53 2009 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- updated
---- Files affected:
SOURCES:
linux-2.6-grsec_full.patch (1.1.2.58 -> 1.1.2.59)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-grsec_full.patch
diff -u SOURCES/linux-2.6-grsec_full.patch:1.1.2.58 SOURCES/linux-2.6-grsec_full.patch:1.1.2.59
--- SOURCES/linux-2.6-grsec_full.patch:1.1.2.58 Sun Mar 29 20:25:15 2009
+++ SOURCES/linux-2.6-grsec_full.patch Sun Mar 29 20:49:46 2009
@@ -19387,7 +19387,7 @@
diff -urNp linux-2.6.29/fs/proc/base.c linux-2.6.29/fs/proc/base.c
--- linux-2.6.29/fs/proc/base.c 2009-03-23 19:12:14.000000000 -0400
+++ linux-2.6.29/fs/proc/base.c 2009-03-28 14:26:20.000000000 -0400
-@@ -223,6 +223,9 @@ static int check_mem_permission(struct t
+@@ -225,6 +225,9 @@
if (task == current)
return 0;
@@ -19397,7 +19397,7 @@
/*
* If current is actively ptrace'ing, and would also be
* permitted to freshly attach with ptrace now, permit it.
-@@ -300,12 +303,26 @@ out:
+@@ -302,12 +305,26 @@
return res;
}
@@ -19424,7 +19424,7 @@
do {
nwords += 2;
} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
-@@ -531,7 +548,7 @@ static int proc_pid_limits(struct task_s
+@@ -533,7 +550,7 @@
return count;
}
@@ -19433,7 +19433,7 @@
static int proc_pid_syscall(struct task_struct *task, char *buffer)
{
long nr;
-@@ -1455,7 +1472,11 @@ static struct inode *proc_pid_make_inode
+@@ -1457,7 +1474,11 @@
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
@@ -19444,8 +19444,8 @@
+#endif
rcu_read_unlock();
}
- security_task_to_inode(task, inode);
-@@ -1473,6 +1494,9 @@ static int pid_getattr(struct vfsmount *
+ /* procfs is xid tagged */
+@@ -1477,6 +1498,9 @@
struct inode *inode = dentry->d_inode;
struct task_struct *task;
const struct cred *cred;
@@ -19455,7 +19455,7 @@
generic_fillattr(inode, stat);
-@@ -1480,12 +1504,34 @@ static int pid_getattr(struct vfsmount *
+@@ -1484,12 +1508,34 @@
stat->uid = 0;
stat->gid = 0;
task = pid_task(proc_pid(inode), PIDTYPE_PID);
@@ -19491,7 +19491,7 @@
}
}
rcu_read_unlock();
-@@ -1517,11 +1563,20 @@ static int pid_revalidate(struct dentry
+@@ -1521,11 +1567,20 @@
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -19512,7 +19512,7 @@
rcu_read_unlock();
} else {
inode->i_uid = 0;
-@@ -1894,12 +1949,22 @@ static const struct file_operations proc
+@@ -1898,12 +1953,22 @@
static int proc_fd_permission(struct inode *inode, int mask)
{
int rv;
@@ -19537,9 +19537,9 @@
return rv;
}
-@@ -2008,6 +2073,9 @@ static struct dentry *proc_pident_lookup
- if (!task)
- goto out_no_task;
+@@ -2019,6 +2084,9 @@
+ !memcmp(dentry->d_name.name, "ninfo", 5)))
+ goto out;
+ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
+ goto out;
@@ -19547,7 +19547,7 @@
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2052,6 +2120,9 @@ static int proc_pident_readdir(struct fi
+@@ -2063,6 +2131,9 @@
if (!task)
goto out_no_task;
@@ -19557,7 +19557,7 @@
ret = 0;
i = filp->f_pos;
switch (i) {
-@@ -2412,6 +2483,9 @@ static struct dentry *proc_base_lookup(s
+@@ -2423,6 +2494,9 @@
if (p > last)
goto out;
@@ -19567,7 +19567,7 @@
error = proc_base_instantiate(dir, dentry, task, p);
out:
-@@ -2498,7 +2572,7 @@ static const struct pid_entry tgid_base_
+@@ -2512,7 +2586,7 @@
#ifdef CONFIG_SCHED_DEBUG
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
@@ -19576,17 +19576,7 @@
INF("syscall", S_IRUSR, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2556,6 +2630,9 @@ static const struct pid_entry tgid_base_
- #ifdef CONFIG_TASK_IO_ACCOUNTING
- INF("io", S_IRUGO, proc_tgid_io_accounting),
- #endif
-+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
-+ INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
-+#endif
- };
-
- static int proc_tgid_base_readdir(struct file * filp,
-@@ -2776,7 +2776,14 @@
+@@ -2702,7 +2776,14 @@
if (!inode)
goto out;
@@ -19601,7 +19591,7 @@
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2817,8 +2824,11 @@
+@@ -2743,8 +2824,11 @@
rcu_read_unlock();
if (!task)
goto out;
@@ -19613,7 +19603,7 @@
put_task_struct(task);
out:
return result;
-@@ -2883,6 +2893,10 @@
+@@ -2809,6 +2893,10 @@
{
unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
struct task_struct *reaper = get_proc_task_real(filp->f_path.dentry->d_inode);
@@ -19624,7 +19614,7 @@
struct tgid_iter iter;
struct pid_namespace *ns;
-@@ -2901,6 +2915,20 @@
+@@ -2827,6 +2915,20 @@
for (iter = next_tgid(ns, iter);
iter.task;
iter.tgid += 1, iter = next_tgid(ns, iter)) {
@@ -19645,13 +19635,16 @@
filp->f_pos = iter.tgid + TGID_OFFSET;
if (!vx_proc_task_visible(iter.task))
continue;
-@@ -2910,6 +2984,9 @@
+@@ -2910,6 +3012,12 @@
#ifdef CONFIG_TASK_IO_ACCOUNTING
INF("io", S_IRUGO, proc_tid_io_accounting),
#endif
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
+ INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
+#endif
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++ INF("ipaddr", S_IRUSR, proc_pid_ipaddr),
++#endif
};
static int proc_tid_base_readdir(struct file * filp,
@@ -34316,7 +34309,7 @@
static void unmap_region(struct mm_struct *mm,
struct vm_area_struct *vma, struct vm_area_struct *prev,
unsigned long start, unsigned long end);
-@@ -68,16 +78,25 @@ static void unmap_region(struct mm_struc
+@@ -68,16 +78,25 @@
* x: (no) no x: (no) yes x: (no) yes x: (yes) yes
*
*/
@@ -34344,7 +34337,7 @@
}
EXPORT_SYMBOL(vm_get_page_prot);
-@@ -233,6 +252,7 @@ static struct vm_area_struct *remove_vma
+@@ -233,6 +252,7 @@
struct vm_area_struct *next = vma->vm_next;
might_sleep();
@@ -34352,7 +34345,7 @@
if (vma->vm_ops && vma->vm_ops->close)
vma->vm_ops->close(vma);
if (vma->vm_file) {
-@@ -269,6 +289,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
+@@ -269,6 +289,7 @@
* not page aligned -Ram Gupta
*/
rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
@@ -34360,7 +34353,7 @@
if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
(mm->end_data - mm->start_data) > rlim)
goto out;
-@@ -698,6 +719,12 @@ static int
+@@ -698,6 +719,12 @@
can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
{
@@ -34373,7 +34366,7 @@
if (is_mergeable_vma(vma, file, vm_flags) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
if (vma->vm_pgoff == vm_pgoff)
-@@ -717,6 +744,12 @@ static int
+@@ -717,6 +744,12 @@
can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
{
@@ -34386,7 +34379,7 @@
if (is_mergeable_vma(vma, file, vm_flags) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
pgoff_t vm_pglen;
-@@ -759,12 +792,19 @@ can_vma_merge_after(struct vm_area_struc
+@@ -759,12 +792,19 @@
struct vm_area_struct *vma_merge(struct mm_struct *mm,
struct vm_area_struct *prev, unsigned long addr,
unsigned long end, unsigned long vm_flags,
@@ -34407,7 +34400,7 @@
/*
* We later require that vma->vm_flags == vm_flags,
* so this tests vma->vm_flags & VM_SPECIAL, too.
-@@ -780,6 +820,15 @@ struct vm_area_struct *vma_merge(struct
+@@ -780,6 +820,15 @@
if (next && next->vm_end == end) /* cases 6, 7, 8 */
next = next->vm_next;
@@ -34423,7 +34416,7 @@
/*
* Can it merge with the predecessor?
*/
-@@ -799,9 +848,24 @@ struct vm_area_struct *vma_merge(struct
+@@ -799,9 +848,24 @@
/* cases 1, 6 */
vma_adjust(prev, prev->vm_start,
next->vm_end, prev->vm_pgoff, NULL);
@@ -34449,7 +34442,7 @@
return prev;
}
-@@ -812,12 +876,27 @@ struct vm_area_struct *vma_merge(struct
+@@ -812,12 +876,27 @@
mpol_equal(policy, vma_policy(next)) &&
can_vma_merge_before(next, vm_flags,
anon_vma, file, pgoff+pglen)) {
@@ -34479,7 +34472,7 @@
return area;
}
-@@ -892,14 +971,11 @@ none:
+@@ -892,14 +971,11 @@
void vm_stat_account(struct mm_struct *mm, unsigned long flags,
struct file *file, long pages)
{
@@ -34495,7 +34488,7 @@
mm->stack_vm += pages;
if (flags & (VM_RESERVED|VM_IO))
mm->reserved_vm += pages;
-@@ -926,7 +1002,7 @@ unsigned long do_mmap_pgoff(struct file
+@@ -926,7 +1002,7 @@
* (the exception is when the underlying filesystem is noexec
* mounted, in which case we dont add PROT_EXEC.)
*/
@@ -34504,7 +34497,7 @@
if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
prot |= PROT_EXEC;
-@@ -936,15 +1012,15 @@ unsigned long do_mmap_pgoff(struct file
+@@ -936,15 +1012,15 @@
if (!(flags & MAP_FIXED))
addr = round_hint_to_min(addr);
@@ -34524,7 +34517,7 @@
/* offset overflow? */
if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
return -EOVERFLOW;
-@@ -956,7 +1032,7 @@ unsigned long do_mmap_pgoff(struct file
+@@ -956,7 +1032,7 @@
/* Obtain the address to map to. we verify (or select) it and ensure
* that it represents a valid section of the address space.
*/
@@ -34533,7 +34526,7 @@
if (addr & ~PAGE_MASK)
return addr;
-@@ -967,6 +1043,26 @@ unsigned long do_mmap_pgoff(struct file
+@@ -967,6 +1043,26 @@
vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
@@ -34560,7 +34553,7 @@
if (flags & MAP_LOCKED) {
if (!can_do_mlock())
return -EPERM;
-@@ -980,6 +1076,7 @@ unsigned long do_mmap_pgoff(struct file
+@@ -980,6 +1076,7 @@
locked += mm->locked_vm;
lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
lock_limit >>= PAGE_SHIFT;
@@ -34568,7 +34561,7 @@
if (locked > lock_limit && !capable(CAP_IPC_LOCK))
return -EAGAIN;
}
-@@ -1050,6 +1147,9 @@ unsigned long do_mmap_pgoff(struct file
+@@ -1050,6 +1147,9 @@
if (error)
return error;
@@ -34578,7 +34571,7 @@
return mmap_region(file, addr, len, flags, vm_flags, pgoff);
}
EXPORT_SYMBOL(do_mmap_pgoff);
-@@ -1062,10 +1162,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
+@@ -1062,10 +1162,10 @@
*/
int vma_wants_writenotify(struct vm_area_struct *vma)
{
@@ -34591,7 +34584,7 @@
return 0;
/* The backer wishes to know when pages are first written to? */
-@@ -1114,14 +1214,24 @@ unsigned long mmap_region(struct file *f
+@@ -1114,14 +1214,24 @@
unsigned long charged = 0;
struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
@@ -34618,7 +34611,7 @@
}
/* Check against address space limit. */
-@@ -1170,6 +1280,16 @@ munmap_back:
+@@ -1170,6 +1280,16 @@
goto unacct_error;
}
@@ -34635,7 +34628,7 @@
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1192,6 +1312,19 @@ munmap_back:
+@@ -1192,6 +1312,19 @@
error = file->f_op->mmap(file, vma);
if (error)
goto unmap_and_free_vma;
@@ -34655,7 +34648,28 @@
if (vm_flags & VM_EXECUTABLE)
added_exe_file_vma(mm);
} else if (vm_flags & VM_SHARED) {
-@@ -1243,6 +1382,12 @@ unmap_and_free_vma:
+@@ -1215,6 +1348,12 @@
+ vma_link(mm, vma, prev, rb_link, rb_parent);
+ file = vma->vm_file;
+
++#ifdef CONFIG_PAX_SEGMEXEC
++ if (vma_m)
++ pax_mirror_vma(vma_m, vma);
++#endif
++
++
+ /* Once vma denies write, undo our temporary denial count */
+ if (correct_wcount)
+ atomic_inc(&inode->i_writecount);
+@@ -1222,6 +1361,7 @@
+ // mm->total_vm += len >> PAGE_SHIFT;
+ vx_vmpages_add(mm, len >> PAGE_SHIFT);
+ vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
++ track_exec_limit(mm, addr, addr + len, vm_flags);
+ if (vm_flags & VM_LOCKED) {
+ /*
+ * makes pages present; downgrades, drops, reacquires mmap_sem
+@@ -1245,6 +1385,12 @@
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
charged = 0;
free_vma:
@@ -34668,7 +34682,7 @@
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1276,6 +1421,10 @@ arch_get_unmapped_area(struct file *filp
+@@ -1278,6 +1424,10 @@
if (flags & MAP_FIXED)
return addr;
@@ -34679,7 +34693,7 @@
if (addr) {
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
-@@ -1284,10 +1433,10 @@ arch_get_unmapped_area(struct file *filp
+@@ -1286,10 +1436,10 @@
return addr;
}
if (len > mm->cached_hole_size) {
@@ -34693,7 +34707,7 @@
}
full_search:
-@@ -1298,9 +1447,8 @@ full_search:
+@@ -1300,9 +1450,8 @@
* Start a new search - just in case we missed
* some holes.
*/
@@ -34705,7 +34719,7 @@
mm->cached_hole_size = 0;
goto full_search;
}
-@@ -1322,10 +1470,16 @@ full_search:
+@@ -1324,10 +1473,16 @@
void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
{
@@ -34723,7 +34737,7 @@
mm->free_area_cache = addr;
mm->cached_hole_size = ~0UL;
}
-@@ -1343,7 +1497,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1345,7 +1500,7 @@
{
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
@@ -34732,28 +34746,7 @@
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1348,6 +1348,12 @@
- vma_link(mm, vma, prev, rb_link, rb_parent);
- file = vma->vm_file;
-
-+#ifdef CONFIG_PAX_SEGMEXEC
-+ if (vma_m)
-+ pax_mirror_vma(vma_m, vma);
-+#endif
-+
-+
- /* Once vma denies write, undo our temporary denial count */
- if (correct_wcount)
- atomic_inc(&inode->i_writecount);
-@@ -1355,6 +1361,7 @@
- // mm->total_vm += len >> PAGE_SHIFT;
- vx_vmpages_add(mm, len >> PAGE_SHIFT);
- vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
-+ track_exec_limit(mm, addr, addr + len, vm_flags);
- if (vm_flags & VM_LOCKED) {
- /*
- * makes pages present; downgrades, drops, reacquires mmap_sem
-@@ -1352,6 +1506,10 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1354,6 +1509,10 @@
if (flags & MAP_FIXED)
return addr;
@@ -34764,7 +34757,7 @@
/* requesting a specific address */
if (addr) {
addr = PAGE_ALIGN(addr);
-@@ -1409,13 +1567,21 @@ bottomup:
+@@ -1411,13 +1570,21 @@
* can happen with large stack limits and large mmap()
* allocations.
*/
@@ -34788,7 +34781,7 @@
mm->cached_hole_size = ~0UL;
return addr;
-@@ -1424,6 +1590,12 @@ bottomup:
+@@ -1426,6 +1593,12 @@
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
@@ -34801,7 +34794,7 @@
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1431,8 +1603,10 @@ void arch_unmap_area_topdown(struct mm_s
+@@ -1433,8 +1606,10 @@
mm->free_area_cache = addr;
/* dont allow allocations above current base */
@@ -34813,7 +34806,7 @@
}
unsigned long
-@@ -1532,6 +1706,27 @@ out:
+@@ -1534,6 +1709,27 @@
return prev ? prev->vm_next : vma;
}
@@ -34841,7 +34834,7 @@
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -1548,6 +1743,7 @@ static int acct_stack_growth(struct vm_a
+@@ -1550,6 +1746,7 @@
return -ENOMEM;
/* Stack limit test */
@@ -34849,7 +34842,7 @@
if (size > rlim[RLIMIT_STACK].rlim_cur)
return -ENOMEM;
-@@ -1557,6 +1753,7 @@ static int acct_stack_growth(struct vm_a
+@@ -1559,6 +1756,7 @@
unsigned long limit;
locked = mm->locked_vm + grow;
limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
@@ -34857,7 +34850,7 @@
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -1571,7 +1768,7 @@ static int acct_stack_growth(struct vm_a
+@@ -1573,7 +1771,7 @@
* Overcommit.. This must be the final test, as it will
* update security statistics.
*/
@@ -34866,7 +34859,7 @@
return -ENOMEM;
/* Ok, everything looks good - let it rip */
-@@ -1592,35 +1789,40 @@ static
+@@ -1594,35 +1792,40 @@
#endif
int expand_upwards(struct vm_area_struct *vma, unsigned long address)
{
@@ -34917,7 +34910,7 @@
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -1630,6 +1832,8 @@ int expand_upwards(struct vm_area_struct
+@@ -1632,6 +1835,8 @@
if (!error)
vma->vm_end = address;
}
@@ -34926,7 +34919,7 @@
anon_vma_unlock(vma);
return error;
}
-@@ -1641,7 +1845,8 @@ int expand_upwards(struct vm_area_struct
+@@ -1643,7 +1848,8 @@
static int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
{
@@ -34936,7 +34929,7 @@
/*
* We must make sure the anon_vma is allocated
-@@ -1655,6 +1860,15 @@ static int expand_downwards(struct vm_ar
+@@ -1657,6 +1863,15 @@
if (error)
return error;
@@ -34952,7 +34945,7 @@
anon_vma_lock(vma);
/*
-@@ -1664,9 +1878,15 @@ static int expand_downwards(struct vm_ar
+@@ -1666,9 +1881,15 @@
*/
/* Somebody else might have raced and expanded it already */
@@ -34969,7 +34962,7 @@
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -1674,9 +1894,20 @@ static int expand_downwards(struct vm_ar
+@@ -1676,9 +1897,20 @@
if (!error) {
vma->vm_start = address;
vma->vm_pgoff -= grow;
@@ -34990,7 +34983,7 @@
return error;
}
-@@ -1752,6 +1983,13 @@ static void remove_vma_list(struct mm_st
+@@ -1754,6 +1986,13 @@
do {
long nrpages = vma_pages(vma);
@@ -35001,10 +34994,10 @@
+ }
+#endif
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/linux-2.6-grsec_full.patch?r1=1.1.2.58&r2=1.1.2.59&f=u
More information about the pld-cvs-commit
mailing list