SOURCES (LINUX_2_6): grsecurity-2.1.9-2.6.17.7.patch - finished up...

hawk hawk at pld-linux.org
Tue Aug 8 10:52:15 CEST 2006


Author: hawk                         Date: Tue Aug  8 08:52:15 2006 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- finished updating for vserver patched kernel, now it applies and I hope
  it also works (didn't tested yet)

---- Files affected:
SOURCES:
   grsecurity-2.1.9-2.6.17.7.patch (1.1.2.2 -> 1.1.2.3) 

---- Diffs:

================================================================
Index: SOURCES/grsecurity-2.1.9-2.6.17.7.patch
diff -u SOURCES/grsecurity-2.1.9-2.6.17.7.patch:1.1.2.2 SOURCES/grsecurity-2.1.9-2.6.17.7.patch:1.1.2.3
--- SOURCES/grsecurity-2.1.9-2.6.17.7.patch:1.1.2.2	Mon Aug  7 22:02:38 2006
+++ SOURCES/grsecurity-2.1.9-2.6.17.7.patch	Tue Aug  8 10:52:10 2006
@@ -8558,7 +8558,7 @@
  	down_write(&mm->mmap_sem);
  	{
  		mpnt->vm_mm = mm;
-@@ -430,13 +473,50 @@ int setup_arg_pages(struct linux_binprm 
+@@ -430,14 +473,51 @@ int setup_arg_pages(struct linux_binprm 
  		else
  			mpnt->vm_flags = VM_STACK_FLAGS;
  		mpnt->vm_flags |= mm->def_flags;
@@ -8581,7 +8581,8 @@
 +
  			return ret;
  		}
- 		mm->stack_vm = mm->total_vm = vma_pages(mpnt);
+ 		vx_vmpages_sub(mm, mm->total_vm - vma_pages(mpnt));
+ 		mm->stack_vm = mm->total_vm;
 +
 +#ifdef CONFIG_PAX_SEGMEXEC
 +		if (mpnt_m) {
@@ -9043,21 +9044,22 @@
  		dput(dentry);
  	}
  	mutex_unlock(&nd.dentry->d_inode->i_mutex);
-@@ -1908,9 +1985,19 @@ asmlinkage long sys_mkdirat(int dfd, con
+@@ -1908,10 +1985,19 @@ asmlinkage long sys_mkdirat(int dfd, con
  		dentry = lookup_create(&nd, 1);
  		error = PTR_ERR(dentry);
  		if (!IS_ERR(dentry)) {
 +			error = 0;
  			if (!IS_POSIXACL(nd.dentry->d_inode))
  				mode &= ~current->fs->umask;
--			error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+-			error = vfs_mkdir(nd.dentry->d_inode, dentry,
+-				mode, &nd);
 +
 +			if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt))
 +				error = -EACCES;
 +
 +			if (!error)
-+				error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
-+
++				error = vfs_mkdir(nd.dentry->d_inode, dentry,
++					mode, &nd);
 +			if (!error)
 +				gr_handle_create(dentry, nd.mnt);
 +
@@ -9077,7 +9079,7 @@
  	dentry = lookup_hash(&nd);
  	error = PTR_ERR(dentry);
  	if (!IS_ERR(dentry)) {
--		error = vfs_rmdir(nd.dentry->d_inode, dentry);
+-		error = vfs_rmdir(nd.dentry->d_inode, dentry, &nd);
 +		error = 0;
 +		if (dentry->d_inode) {
 +			if (dentry->d_inode->i_nlink <= 1) {
@@ -9090,7 +9092,7 @@
 +		}
 +
 +		if (!error)
-+			error = vfs_rmdir(nd.dentry->d_inode, dentry);
++			error = vfs_rmdir(nd.dentry->d_inode, dentry, &nd);
 +		if (!error && (saved_dev || saved_ino))
 +			gr_handle_delete(saved_ino, saved_dev);
  		dput(dentry);
@@ -9125,37 +9127,39 @@
 +				error = -EACCES;
 +
  			atomic_inc(&inode->i_count);
--		error = vfs_unlink(nd.dentry->d_inode, dentry);
+-		error = vfs_unlink(nd.dentry->d_inode, dentry, &nd);
 +		}
 +		if (!error)
-+			error = vfs_unlink(nd.dentry->d_inode, dentry);
++			error = vfs_unlink(nd.dentry->d_inode, dentry, &nd);
 +		if (!error && (saved_ino || saved_dev))
 +			gr_handle_delete(saved_ino, saved_dev);
  	exit2:
  		dput(dentry);
  	}
-@@ -2176,7 +2294,15 @@ asmlinkage long sys_symlinkat(const char
+@@ -2176,8 +2294,15 @@ asmlinkage long sys_symlinkat(const char
  		dentry = lookup_create(&nd, 0);
  		error = PTR_ERR(dentry);
  		if (!IS_ERR(dentry)) {
--			error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
+-			error = vfs_symlink(nd.dentry->d_inode, dentry,
+-				from, S_IALLUGO, &nd);
 +			error = 0;
 +			if (!gr_acl_handle_symlink(dentry, nd.dentry, nd.mnt, from))
 +				error = -EACCES;
 +
 +			if (!error)
-+				error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
-+
++				error = vfs_symlink(nd.dentry->d_inode, dentry,
++					from, S_IALLUGO, &nd);
 +			if (!error)
 +				gr_handle_create(dentry, nd.mnt);
  			dput(dentry);
  		}
  		mutex_unlock(&nd.dentry->d_inode->i_mutex);
-@@ -2268,7 +2394,20 @@ asmlinkage long sys_linkat(int olddfd, c
+@@ -2268,8 +2394,20 @@ asmlinkage long sys_linkat(int olddfd, c
  	new_dentry = lookup_create(&nd, 0);
  	error = PTR_ERR(new_dentry);
  	if (!IS_ERR(new_dentry)) {
--		error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
+-		error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
+-			new_dentry, &nd);
 +		error = 0;
 +		if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt,
 +				       old_nd.dentry->d_inode,
@@ -9165,8 +9169,8 @@
 +					old_nd.dentry, old_nd.mnt, to))
 +			error = -EACCES;
 +		if (!error)
-+			error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
-+
++			error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry,
++				&nd);
 +		if (!error)
 +			gr_handle_create(new_dentry, nd.mnt);
 +
@@ -19154,10 +19158,9 @@
 --- linux-2.6.17.7/include/asm-i386/elf.h	2006-07-24 23:36:01.000000000 -0400
 +++ linux-2.6.17.7/include/asm-i386/elf.h	2006-08-01 20:29:47.000000000 -0400
 @@ -71,6 +71,17 @@ typedef struct user_fxsr_struct elf_fpxr
-    that it will "exec", and that there is sufficient room for the brk.  */
  
  #define ELF_ET_DYN_BASE         ((TASK_UNMAPPED_BASE) * 2)
-+
+ 
 +#ifdef CONFIG_PAX_ASLR
 +#define PAX_ELF_ET_DYN_BASE(tsk)	0x10000000UL
 +
@@ -19168,9 +19171,10 @@
 +#define PAX_DELTA_STACK_LSB(tsk)	PAGE_SHIFT
 +#define PAX_DELTA_STACK_LEN(tsk)	((tsk)->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
 +#endif
- 
++
  /* regs is struct pt_regs, pr_reg is elf_gregset_t (which is
     now struct_user_regs, they are different) */
+ 
 @@ -131,7 +146,14 @@ extern int dump_task_extended_fpu (struc
  
  #define VSYSCALL_BASE	(__fix_to_virt(FIX_VSYSCALL))
@@ -22039,9 +22043,9 @@
 --- linux-2.6.17.7/include/linux/sysctl.h	2006-07-24 23:36:01.000000000 -0400
 +++ linux-2.6.17.7/include/linux/sysctl.h	2006-08-01 20:29:48.000000000 -0400
 @@ -148,8 +148,21 @@ enum
- 	KERN_SPIN_RETRY=70,	/* int: number of spinlock retries */
  	KERN_ACPI_VIDEO_FLAGS=71, /* int: flags for setting up video after ACPI sleep */
  	KERN_IA64_UNALIGNED=72, /* int: ia64 unaligned userland trap enable */
+ 	KERN_FBSPLASH=73,	/* string: path to fbsplash helper */
 +#ifdef CONFIG_GRKERNSEC
 +	KERN_GRSECURITY=98,	/* grsecurity */
 +#endif
@@ -23793,9 +23797,9 @@
 --- linux-2.6.17.7/mm/mlock.c	2006-07-24 23:36:01.000000000 -0400
 +++ linux-2.6.17.7/mm/mlock.c	2006-08-01 20:29:48.000000000 -0400
 @@ -10,14 +10,85 @@
- #include <linux/mm.h>
  #include <linux/mempolicy.h>
  #include <linux/syscalls.h>
+ #include <linux/vs_memory.h>
 +#include <linux/grsecurity.h>
  
 +static int __mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev,
@@ -23917,7 +23921,7 @@
 -			ret = make_pages_present(start, end);
 -	}
 -
--	vma->vm_mm->locked_vm -= pages;
+-	vx_vmlocked_sub(vma->vm_mm, pages);
  out:
  	if (ret == -ENOMEM)
  		ret = -EAGAIN;
@@ -23946,7 +23950,7 @@
 +	gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1);
  	if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
  		error = do_mlock(start, len, 1);
- 	up_write(&current->mm->mmap_sem);
+ out:
 @@ -173,6 +234,16 @@ static int do_mlockall(int flags)
  	for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
  		unsigned int newflags;
@@ -23965,9 +23969,9 @@
  		if (!(flags & MCL_CURRENT))
  			newflags &= ~VM_LOCKED;
 @@ -202,6 +273,7 @@ asmlinkage long sys_mlockall(int flags)
- 	lock_limit >>= PAGE_SHIFT;
- 
  	ret = -ENOMEM;
+ 	if (!vx_vmlocked_avail(current->mm, current->mm->total_vm))
+		goto out;
 +	gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
  	if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
  	    capable(CAP_IPC_LOCK))
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/grsecurity-2.1.9-2.6.17.7.patch?r1=1.1.2.2&r2=1.1.2.3&f=u



More information about the pld-cvs-commit mailing list