packages: kernel/kernel-grsec_full.patch, kernel/kernel-small_fixes.patch, ...
arekm
arekm at pld-linux.org
Wed Oct 20 21:07:42 CEST 2010
Author: arekm Date: Wed Oct 20 19:07:42 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- update grsec to grsecurity-2.2.0-2.6.35.7-201010191911.patch (includes fix from small fixes)
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.46 -> 1.47) , kernel-small_fixes.patch (1.10 -> 1.11) , kernel.spec (1.835 -> 1.836)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.46 packages/kernel/kernel-grsec_full.patch:1.47
--- packages/kernel/kernel-grsec_full.patch:1.46 Fri Oct 15 23:50:31 2010
+++ packages/kernel/kernel-grsec_full.patch Wed Oct 20 21:07:36 2010
@@ -26015,6 +26015,65 @@
return -EFAULT;
return i;
}
+diff -urNp linux-2.6.35.7/drivers/media/video/v4l2-compat-ioctl32.c linux-2.6.35.7/drivers/media/video/v4l2-compat-ioctl32.c
+--- linux-2.6.35.7/drivers/media/video/v4l2-compat-ioctl32.c 2010-08-26 19:47:12.000000000 -0400
++++ linux-2.6.35.7/drivers/media/video/v4l2-compat-ioctl32.c 2010-10-19 18:15:40.000000000 -0400
+@@ -193,17 +193,24 @@ static int put_video_window32(struct vid
+ struct video_code32 {
+ char loadwhat[16]; /* name or tag of file being passed */
+ compat_int_t datasize;
+- unsigned char *data;
++ compat_uptr_t data;
+ };
+
+-static int get_microcode32(struct video_code *kp, struct video_code32 __user *up)
++static struct video_code __user *get_microcode32(struct video_code32 *kp)
+ {
+- if (!access_ok(VERIFY_READ, up, sizeof(struct video_code32)) ||
+- copy_from_user(kp->loadwhat, up->loadwhat, sizeof(up->loadwhat)) ||
+- get_user(kp->datasize, &up->datasize) ||
+- copy_from_user(kp->data, up->data, up->datasize))
+- return -EFAULT;
+- return 0;
++ struct video_code __user *up;
++
++ up = compat_alloc_user_space(sizeof(*up));
++
++ /*
++ * NOTE! We don't actually care if these fail. If the
++ * user address is invalid, the native ioctl will do
++ * the error handling for us
++ */
++ (void) copy_to_user(up->loadwhat, kp->loadwhat, sizeof(up->loadwhat));
++ (void) put_user(kp->datasize, &up->datasize);
++ (void) put_user(compat_ptr(kp->data), &up->data);
++ return up;
+ }
+
+ #define VIDIOCGTUNER32 _IOWR('v', 4, struct video_tuner32)
+@@ -744,7 +751,7 @@ static long do_video_ioctl(struct file *
+ struct video_tuner vt;
+ struct video_buffer vb;
+ struct video_window vw;
+- struct video_code vc;
++ struct video_code32 vc;
+ struct video_audio va;
+ #endif
+ struct v4l2_format v2f;
+@@ -823,8 +830,11 @@ static long do_video_ioctl(struct file *
+ break;
+
+ case VIDIOCSMICROCODE:
+- err = get_microcode32(&karg.vc, up);
+- compatible_arg = 0;
++ /* Copy the 32-bit "video_code32" to kernel space */
++ if (copy_from_user(&karg.vc, up, sizeof(karg.vc)))
++ return -EFAULT;
++ /* Convert the 32-bit version to a 64-bit version in user space */
++ up = get_microcode32(&karg.vc);
+ break;
+
+ case VIDIOCSFREQ:
diff -urNp linux-2.6.35.7/drivers/message/fusion/mptbase.c linux-2.6.35.7/drivers/message/fusion/mptbase.c
--- linux-2.6.35.7/drivers/message/fusion/mptbase.c 2010-08-26 19:47:12.000000000 -0400
+++ linux-2.6.35.7/drivers/message/fusion/mptbase.c 2010-09-17 20:12:37.000000000 -0400
@@ -40942,8 +41001,8 @@
+}
diff -urNp linux-2.6.35.7/grsecurity/grsec_init.c linux-2.6.35.7/grsecurity/grsec_init.c
--- linux-2.6.35.7/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/grsecurity/grsec_init.c 2010-09-17 20:12:37.000000000 -0400
-@@ -0,0 +1,266 @@
++++ linux-2.6.35.7/grsecurity/grsec_init.c 2010-10-18 21:01:30.000000000 -0400
+@@ -0,0 +1,270 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -41001,6 +41060,7 @@
+int grsec_socket_server_gid;
+int grsec_resource_logging;
+int grsec_disable_privio;
++int grsec_enable_log_rwxmaps;
+int grsec_lock;
+
+DEFINE_SPINLOCK(grsec_alert_lock);
@@ -41098,6 +41158,9 @@
+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
+ grsec_enable_audit_textrel = 1;
+#endif
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ grsec_enable_log_rwxmaps = 1;
++#endif
+#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
+ grsec_enable_group = 1;
+ grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
@@ -41259,8 +41322,8 @@
+}
diff -urNp linux-2.6.35.7/grsecurity/grsec_log.c linux-2.6.35.7/grsecurity/grsec_log.c
--- linux-2.6.35.7/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/grsecurity/grsec_log.c 2010-09-28 19:11:11.000000000 -0400
-@@ -0,0 +1,306 @@
++++ linux-2.6.35.7/grsecurity/grsec_log.c 2010-10-18 21:01:30.000000000 -0400
+@@ -0,0 +1,310 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -41535,6 +41598,10 @@
+ ulong1 = va_arg(ap, unsigned long);
+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1);
+ break;
++ case GR_RWXMAP:
++ file = va_arg(ap, struct file *);
++ gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>");
++ break;
+ case GR_PSACCT:
+ {
+ unsigned int wday, cday;
@@ -41722,6 +41789,46 @@
+#endif
+ return 0;
+}
+diff -urNp linux-2.6.35.7/grsecurity/grsec_pax.c linux-2.6.35.7/grsecurity/grsec_pax.c
+--- linux-2.6.35.7/grsecurity/grsec_pax.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.35.7/grsecurity/grsec_pax.c 2010-10-18 21:01:30.000000000 -0400
+@@ -0,0 +1,36 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/file.h>
++#include <linux/grinternal.h>
++#include <linux/grsecurity.h>
++
++void
++gr_log_textrel(struct vm_area_struct * vma)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
++ if (grsec_enable_audit_textrel)
++ gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
++#endif
++ return;
++}
++
++void
++gr_log_rwxmmap(struct file *file)
++{
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ if (grsec_enable_log_rwxmaps)
++ gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMMAP_MSG, file);
++#endif
++ return;
++}
++
++void
++gr_log_rwxmprotect(struct file *file)
++{
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ if (grsec_enable_log_rwxmaps)
++ gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, file);
++#endif
++ return;
++}
diff -urNp linux-2.6.35.7/grsecurity/grsec_ptrace.c linux-2.6.35.7/grsecurity/grsec_ptrace.c
--- linux-2.6.35.7/grsecurity/grsec_ptrace.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.35.7/grsecurity/grsec_ptrace.c 2010-09-17 20:12:37.000000000 -0400
@@ -42086,8 +42193,8 @@
+}
diff -urNp linux-2.6.35.7/grsecurity/grsec_sysctl.c linux-2.6.35.7/grsecurity/grsec_sysctl.c
--- linux-2.6.35.7/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/grsecurity/grsec_sysctl.c 2010-09-17 20:18:57.000000000 -0400
-@@ -0,0 +1,424 @@
++++ linux-2.6.35.7/grsecurity/grsec_sysctl.c 2010-10-18 21:02:33.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/sysctl.h>
@@ -42176,6 +42283,15 @@
+ .proc_handler = &proc_dointvec,
+ },
+#endif
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ {
++ .procname = "rwxmap_logging",
++ .data = &grsec_enable_log_rwxmaps,
++ .maxlen = sizeof(int),
++ .mode = 0600,
++ .proc_handler = &proc_dointvec,
++ },
++#endif
+#ifdef CONFIG_GRKERNSEC_SIGNAL
+ {
+ .procname = "signal_logging",
@@ -42512,26 +42628,6 @@
+ { }
+};
+#endif
-diff -urNp linux-2.6.35.7/grsecurity/grsec_textrel.c linux-2.6.35.7/grsecurity/grsec_textrel.c
---- linux-2.6.35.7/grsecurity/grsec_textrel.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/grsecurity/grsec_textrel.c 2010-09-17 20:12:37.000000000 -0400
-@@ -0,0 +1,16 @@
-+#include <linux/kernel.h>
-+#include <linux/sched.h>
-+#include <linux/mm.h>
-+#include <linux/file.h>
-+#include <linux/grinternal.h>
-+#include <linux/grsecurity.h>
-+
-+void
-+gr_log_textrel(struct vm_area_struct * vma)
-+{
-+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
-+ if (grsec_enable_audit_textrel)
-+ gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
-+#endif
-+ return;
-+}
diff -urNp linux-2.6.35.7/grsecurity/grsec_time.c linux-2.6.35.7/grsecurity/grsec_time.c
--- linux-2.6.35.7/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.35.7/grsecurity/grsec_time.c 2010-09-17 20:12:37.000000000 -0400
@@ -42659,8 +42755,8 @@
+}
diff -urNp linux-2.6.35.7/grsecurity/Kconfig linux-2.6.35.7/grsecurity/Kconfig
--- linux-2.6.35.7/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/grsecurity/Kconfig 2010-09-17 20:12:37.000000000 -0400
-@@ -0,0 +1,986 @@
++++ linux-2.6.35.7/grsecurity/Kconfig 2010-10-18 21:01:30.000000000 -0400
+@@ -0,0 +1,995 @@
+#
+# grecurity configuration
+#
@@ -43360,6 +43456,15 @@
+ process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
+ the RBAC system), and thus does not create privacy concerns.
+
++config GRKERNSEC_RWXMAP_LOG
++ bool 'Denied RWX mmap/mprotect logging'
++ depends on PAX_MPROTECT && !PAX_EMUPLT && !PAX_EMUSIGRT
++ help
++ If you say Y here, calls to mmap() and mprotect() with explicit
++ usage of PROT_WRITE and PROT_EXEC together will be logged when
++ denied by the PAX_MPROTECT feature. If the sysctl option is
++ enabled, a sysctl option with name "rwxmap_logging" is created.
++
+config GRKERNSEC_AUDIT_TEXTREL
+ bool 'ELF text relocations logging (READ HELP)'
+ depends on PAX_MPROTECT
@@ -43649,7 +43754,7 @@
+endmenu
diff -urNp linux-2.6.35.7/grsecurity/Makefile linux-2.6.35.7/grsecurity/Makefile
--- linux-2.6.35.7/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/grsecurity/Makefile 2010-09-17 20:12:37.000000000 -0400
++++ linux-2.6.35.7/grsecurity/Makefile 2010-10-18 21:01:30.000000000 -0400
@@ -0,0 +1,29 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
@@ -43661,7 +43766,7 @@
+
+obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
+ grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
-+ grsec_time.o grsec_tpe.o grsec_link.o grsec_textrel.o grsec_ptrace.o
++ grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o
+
+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
@@ -45301,8 +45406,8 @@
+#endif
diff -urNp linux-2.6.35.7/include/linux/grinternal.h linux-2.6.35.7/include/linux/grinternal.h
--- linux-2.6.35.7/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/include/linux/grinternal.h 2010-09-28 19:04:00.000000000 -0400
-@@ -0,0 +1,211 @@
++++ linux-2.6.35.7/include/linux/grinternal.h 2010-10-18 21:05:08.000000000 -0400
+@@ -0,0 +1,214 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
+
@@ -45377,6 +45482,7 @@
+extern int grsec_audit_gid;
+extern int grsec_enable_group;
+extern int grsec_enable_audit_textrel;
++extern int grsec_enable_log_rwxmaps;
+extern int grsec_enable_mount;
+extern int grsec_enable_chdir;
+extern int grsec_resource_logging;
@@ -45473,7 +45579,8 @@
+ GR_SIG2,
+ GR_CRASH1,
+ GR_CRASH2,
-+ GR_PSACCT
++ GR_PSACCT,
++ GR_RWXMAP
+};
+
+#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
@@ -45508,6 +45615,7 @@
+#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
+#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
+#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
++#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
+
+void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
+
@@ -45516,8 +45624,8 @@
+#endif
diff -urNp linux-2.6.35.7/include/linux/grmsg.h linux-2.6.35.7/include/linux/grmsg.h
--- linux-2.6.35.7/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/include/linux/grmsg.h 2010-09-23 20:39:33.000000000 -0400
-@@ -0,0 +1,108 @@
++++ linux-2.6.35.7/include/linux/grmsg.h 2010-10-18 21:01:30.000000000 -0400
+@@ -0,0 +1,110 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -45622,14 +45730,16 @@
+#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
+#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
++#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
++#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
+#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
+#define GR_NONROOT_MODLOAD_MSG "denied kernel module auto-load of %.64s by "
+#define GR_VM86_MSG "denied use of vm86 by "
+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
diff -urNp linux-2.6.35.7/include/linux/grsecurity.h linux-2.6.35.7/include/linux/grsecurity.h
--- linux-2.6.35.7/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.35.7/include/linux/grsecurity.h 2010-09-17 20:12:37.000000000 -0400
-@@ -0,0 +1,203 @@
++++ linux-2.6.35.7/include/linux/grsecurity.h 2010-10-18 21:01:30.000000000 -0400
+@@ -0,0 +1,205 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -45708,6 +45818,8 @@
+void gr_log_unmount(const char *devname, const int retval);
+void gr_log_mount(const char *from, const char *to, const int retval);
+void gr_log_textrel(struct vm_area_struct *vma);
++void gr_log_rwxmmap(struct file *file);
++void gr_log_rwxmprotect(struct file *file);
+
+int gr_handle_follow_link(const struct inode *parent,
+ const struct inode *inode,
@@ -51854,7 +51966,7 @@
ret = do_mlockall(flags);
diff -urNp linux-2.6.35.7/mm/mmap.c linux-2.6.35.7/mm/mmap.c
--- linux-2.6.35.7/mm/mmap.c 2010-09-26 17:32:11.000000000 -0400
-+++ linux-2.6.35.7/mm/mmap.c 2010-09-27 21:47:18.000000000 -0400
++++ linux-2.6.35.7/mm/mmap.c 2010-10-18 21:01:30.000000000 -0400
@@ -44,6 +44,16 @@
#define arch_rebalance_pgtables(addr, len) (addr)
#endif
@@ -52077,13 +52189,14 @@
if (addr & ~PAGE_MASK)
return addr;
-@@ -1003,6 +1080,28 @@ unsigned long do_mmap_pgoff(struct file
+@@ -1003,6 +1080,31 @@ unsigned long do_mmap_pgoff(struct file
vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
+#ifdef CONFIG_PAX_MPROTECT
+ if (mm->pax_flags & MF_PAX_MPROTECT) {
-+ if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC))
++ if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) {
++ gr_log_rwxmmap(file);
+
+#ifdef CONFIG_PAX_EMUPLT
+ vm_flags &= ~VM_EXEC;
@@ -52091,6 +52204,8 @@
+ return -EPERM;
+#endif
+
++ }
++
+ if (!(vm_flags & VM_EXEC))
+ vm_flags &= ~VM_MAYEXEC;
+ else
@@ -52106,7 +52221,7 @@
if (flags & MAP_LOCKED)
if (!can_do_mlock())
return -EPERM;
-@@ -1014,6 +1113,7 @@ unsigned long do_mmap_pgoff(struct file
+@@ -1014,6 +1116,7 @@ unsigned long do_mmap_pgoff(struct file
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
@@ -52114,7 +52229,7 @@
if (locked > lock_limit && !capable(CAP_IPC_LOCK))
return -EAGAIN;
}
-@@ -1084,6 +1184,9 @@ unsigned long do_mmap_pgoff(struct file
+@@ -1084,6 +1187,9 @@ unsigned long do_mmap_pgoff(struct file
if (error)
return error;
@@ -52124,7 +52239,7 @@
return mmap_region(file, addr, len, flags, vm_flags, pgoff);
}
EXPORT_SYMBOL(do_mmap_pgoff);
-@@ -1160,10 +1263,10 @@ SYSCALL_DEFINE1(old_mmap, struct mmap_ar
+@@ -1160,10 +1266,10 @@ SYSCALL_DEFINE1(old_mmap, struct mmap_ar
*/
int vma_wants_writenotify(struct vm_area_struct *vma)
{
@@ -52137,7 +52252,7 @@
return 0;
/* The backer wishes to know when pages are first written to? */
-@@ -1212,14 +1315,24 @@ unsigned long mmap_region(struct file *f
+@@ -1212,14 +1318,24 @@ unsigned long mmap_region(struct file *f
unsigned long charged = 0;
struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
@@ -52164,7 +52279,7 @@
}
/* Check against address space limit. */
-@@ -1268,6 +1381,16 @@ munmap_back:
+@@ -1268,6 +1384,16 @@ munmap_back:
goto unacct_error;
}
@@ -52181,7 +52296,7 @@
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1291,6 +1414,19 @@ munmap_back:
+@@ -1291,6 +1417,19 @@ munmap_back:
error = file->f_op->mmap(file, vma);
if (error)
goto unmap_and_free_vma;
@@ -52201,7 +52316,7 @@
if (vm_flags & VM_EXECUTABLE)
added_exe_file_vma(mm);
-@@ -1326,6 +1462,11 @@ munmap_back:
+@@ -1326,6 +1465,11 @@ munmap_back:
vma_link(mm, vma, prev, rb_link, rb_parent);
file = vma->vm_file;
@@ -52213,7 +52328,7 @@
/* Once vma denies write, undo our temporary denial count */
if (correct_wcount)
atomic_inc(&inode->i_writecount);
-@@ -1334,6 +1475,7 @@ out:
+@@ -1334,6 +1478,7 @@ out:
mm->total_vm += len >> PAGE_SHIFT;
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
@@ -52221,7 +52336,7 @@
if (vm_flags & VM_LOCKED) {
if (!mlock_vma_pages_range(vma, addr, addr + len))
mm->locked_vm += (len >> PAGE_SHIFT);
-@@ -1351,6 +1493,12 @@ unmap_and_free_vma:
+@@ -1351,6 +1496,12 @@ unmap_and_free_vma:
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
charged = 0;
free_vma:
@@ -52234,7 +52349,7 @@
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1358,6 +1506,33 @@ unacct_error:
+@@ -1358,6 +1509,33 @@ unacct_error:
return error;
}
@@ -52268,7 +52383,7 @@
/* Get an address range which is currently unmapped.
* For shmat() with addr=0.
*
-@@ -1384,18 +1559,23 @@ arch_get_unmapped_area(struct file *filp
+@@ -1384,18 +1562,23 @@ arch_get_unmapped_area(struct file *filp
if (flags & MAP_FIXED)
return addr;
@@ -52299,7 +52414,7 @@
}
full_search:
-@@ -1406,34 +1586,40 @@ full_search:
+@@ -1406,34 +1589,40 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
@@ -52351,7 +52466,7 @@
mm->free_area_cache = addr;
mm->cached_hole_size = ~0UL;
}
-@@ -1451,7 +1637,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1451,7 +1640,7 @@ arch_get_unmapped_area_topdown(struct fi
{
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
@@ -52360,7 +52475,7 @@
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1460,13 +1646,18 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1460,13 +1649,18 @@ arch_get_unmapped_area_topdown(struct fi
if (flags & MAP_FIXED)
return addr;
@@ -52383,7 +52498,7 @@
}
/* check if free_area_cache is useful for us */
-@@ -1481,7 +1672,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1481,7 +1675,7 @@ arch_get_unmapped_area_topdown(struct fi
/* make sure it can fit in the remaining address space */
if (addr > len) {
vma = find_vma(mm, addr-len);
@@ -52392,7 +52507,7 @@
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr-len);
}
-@@ -1498,7 +1689,7 @@ arch_get_unmapped_area_topdown(struct fi
+@@ -1498,7 +1692,7 @@ arch_get_unmapped_area_topdown(struct fi
* return with success:
*/
vma = find_vma(mm, addr);
@@ -52401,7 +52516,7 @@
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr);
-@@ -1517,13 +1708,21 @@ bottomup:
+@@ -1517,13 +1711,21 @@ bottomup:
* can happen with large stack limits and large mmap()
* allocations.
*/
@@ -52425,7 +52540,7 @@
mm->cached_hole_size = ~0UL;
return addr;
-@@ -1532,6 +1731,12 @@ bottomup:
+@@ -1532,6 +1734,12 @@ bottomup:
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
@@ -52438,7 +52553,7 @@
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1539,8 +1744,10 @@ void arch_unmap_area_topdown(struct mm_s
+@@ -1539,8 +1747,10 @@ void arch_unmap_area_topdown(struct mm_s
mm->free_area_cache = addr;
/* dont allow allocations above current base */
@@ -52450,7 +52565,7 @@
}
unsigned long
-@@ -1648,6 +1855,34 @@ out:
+@@ -1648,6 +1858,34 @@ out:
return prev ? prev->vm_next : vma;
}
@@ -52485,7 +52600,7 @@
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -1664,6 +1899,7 @@ static int acct_stack_growth(struct vm_a
+@@ -1664,6 +1902,7 @@ static int acct_stack_growth(struct vm_a
return -ENOMEM;
/* Stack limit test */
@@ -52493,7 +52608,7 @@
if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -1674,6 +1910,7 @@ static int acct_stack_growth(struct vm_a
+@@ -1674,6 +1913,7 @@ static int acct_stack_growth(struct vm_a
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
@@ -52501,7 +52616,7 @@
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -1704,37 +1941,47 @@ static int acct_stack_growth(struct vm_a
+@@ -1704,37 +1944,47 @@ static int acct_stack_growth(struct vm_a
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
@@ -52559,7 +52674,7 @@
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -1744,6 +1991,8 @@ int expand_upwards(struct vm_area_struct
+@@ -1744,6 +1994,8 @@ int expand_upwards(struct vm_area_struct
if (!error)
vma->vm_end = address;
}
@@ -52568,7 +52683,7 @@
anon_vma_unlock(vma);
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.46&r2=1.47&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.10&r2=1.11&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.835&r2=1.836&f=u
More information about the pld-cvs-commit
mailing list