packages (GRSECURITY_RAW): kernel/kernel-grsec_full.patch http://grsecurity...
arekm
arekm at pld-linux.org
Fri Sep 16 15:22:40 CEST 2011
Author: arekm Date: Fri Sep 16 13:22:40 2011 GMT
Module: packages Tag: GRSECURITY_RAW
---- Log message:
http://grsecurity.net/~spender/grsecurity-2.2.2-3.0.4-201109150655.patch
---- Files affected:
packages/kernel:
kernel-grsec_full.patch (1.3.2.72 -> 1.3.2.73)
---- Diffs:
================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.3.2.72 packages/kernel/kernel-grsec_full.patch:1.3.2.73
--- packages/kernel/kernel-grsec_full.patch:1.3.2.72 Sun Sep 4 19:16:48 2011
+++ packages/kernel/kernel-grsec_full.patch Fri Sep 16 15:22:18 2011
@@ -3055,7 +3055,7 @@
instruction set this cpu supports. This can NOT be done in userspace
on Sparc. */
diff -urNp linux-3.0.4/arch/sparc/include/asm/elf_64.h linux-3.0.4/arch/sparc/include/asm/elf_64.h
---- linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/sparc/include/asm/elf_64.h 2011-08-23 21:47:55.000000000 -0400
@@ -180,6 +180,13 @@ typedef struct {
#define ELF_ET_DYN_BASE 0x0000010000000000UL
@@ -3794,7 +3794,7 @@
}
EXPORT_SYMBOL(die_if_kernel);
diff -urNp linux-3.0.4/arch/sparc/kernel/unaligned_64.c linux-3.0.4/arch/sparc/kernel/unaligned_64.c
---- linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/sparc/kernel/unaligned_64.c 2011-08-23 21:48:14.000000000 -0400
@@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs
static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
@@ -4065,7 +4065,7 @@
/* Atomic bit operations. */
diff -urNp linux-3.0.4/arch/sparc/lib/Makefile linux-3.0.4/arch/sparc/lib/Makefile
---- linux-3.0.4/arch/sparc/lib/Makefile 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/sparc/lib/Makefile 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/sparc/lib/Makefile 2011-08-23 21:47:55.000000000 -0400
@@ -2,7 +2,7 @@
#
@@ -10706,7 +10706,7 @@
if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
diff -urNp linux-3.0.4/arch/x86/kernel/cpu/intel.c linux-3.0.4/arch/x86/kernel/cpu/intel.c
---- linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/kernel/cpu/intel.c 2011-08-29 23:30:14.000000000 -0400
@@ -172,7 +172,7 @@ static void __cpuinit trap_init_f00f_bug
* Update the IDT descriptor and reload the IDT so that
@@ -10850,7 +10850,7 @@
return 0;
}
diff -urNp linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c
---- linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/kernel/cpu/mtrr/main.c 2011-08-29 23:26:21.000000000 -0400
@@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex);
u64 size_or_mask, size_and_mask;
@@ -20538,7 +20538,7 @@
sizeof(struct work_struct)));
if (!image)
diff -urNp linux-3.0.4/arch/x86/oprofile/backtrace.c linux-3.0.4/arch/x86/oprofile/backtrace.c
---- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/x86/oprofile/backtrace.c 2011-08-23 21:47:55.000000000 -0400
@@ -148,7 +148,7 @@ x86_backtrace(struct pt_regs * const reg
{
@@ -21313,7 +21313,7 @@
-}
-__setup("vdso=", vdso_setup);
diff -urNp linux-3.0.4/arch/x86/xen/enlighten.c linux-3.0.4/arch/x86/xen/enlighten.c
---- linux-3.0.4/arch/x86/xen/enlighten.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/enlighten.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/enlighten.c 2011-08-29 23:26:21.000000000 -0400
@@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -21388,7 +21388,7 @@
#ifdef CONFIG_ACPI_NUMA
diff -urNp linux-3.0.4/arch/x86/xen/mmu.c linux-3.0.4/arch/x86/xen/mmu.c
---- linux-3.0.4/arch/x86/xen/mmu.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/mmu.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/mmu.c 2011-08-29 23:26:21.000000000 -0400
@@ -1683,6 +1683,8 @@ pgd_t * __init xen_setup_kernel_pagetabl
convert_pfn_mfn(init_level4_pgt);
@@ -21427,7 +21427,7 @@
.alloc_pud = xen_alloc_pmd_init,
.release_pud = xen_release_pmd_init,
diff -urNp linux-3.0.4/arch/x86/xen/smp.c linux-3.0.4/arch/x86/xen/smp.c
---- linux-3.0.4/arch/x86/xen/smp.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/smp.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/smp.c 2011-08-29 23:26:21.000000000 -0400
@@ -193,11 +193,6 @@ static void __init xen_smp_prepare_boot_
{
@@ -21519,7 +21519,7 @@
mov %rsi,xen_start_info
mov $init_thread_union+THREAD_SIZE,%rsp
diff -urNp linux-3.0.4/arch/x86/xen/xen-ops.h linux-3.0.4/arch/x86/xen/xen-ops.h
---- linux-3.0.4/arch/x86/xen/xen-ops.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/arch/x86/xen/xen-ops.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/arch/x86/xen/xen-ops.h 2011-08-23 21:47:55.000000000 -0400
@@ -10,8 +10,6 @@
extern const char xen_hypervisor_callback[];
@@ -23175,7 +23175,7 @@
}
diff -urNp linux-3.0.4/drivers/block/cciss.h linux-3.0.4/drivers/block/cciss.h
---- linux-3.0.4/drivers/block/cciss.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/block/cciss.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/block/cciss.h 2011-08-23 21:47:55.000000000 -0400
@@ -100,7 +100,7 @@ struct ctlr_info
/* information about each logical volume */
@@ -23880,7 +23880,7 @@
*ppos = i;
diff -urNp linux-3.0.4/drivers/char/random.c linux-3.0.4/drivers/char/random.c
---- linux-3.0.4/drivers/char/random.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/char/random.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/char/random.c 2011-08-23 21:48:14.000000000 -0400
@@ -261,8 +261,13 @@
/*
@@ -24172,7 +24172,7 @@
card->driver->update_phy_reg(card, 4,
PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
diff -urNp linux-3.0.4/drivers/firewire/core-cdev.c linux-3.0.4/drivers/firewire/core-cdev.c
---- linux-3.0.4/drivers/firewire/core-cdev.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/firewire/core-cdev.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/firewire/core-cdev.c 2011-08-23 21:47:55.000000000 -0400
@@ -1313,8 +1313,7 @@ static int init_iso_resource(struct clie
int ret;
@@ -24515,7 +24515,7 @@
if (IS_GEN6(dev)) {
seq_printf(m, "Graphics Interrupt mask (%s): %08x\n",
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c
---- linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/i915/i915_dma.c 2011-08-23 21:47:55.000000000 -0400
@@ -1169,7 +1169,7 @@ static bool i915_switcheroo_can_switch(s
bool can_switch;
@@ -24578,7 +24578,7 @@
/* The actual obj->write_domain will be updated with
* pending_write_domain after we emit the accumulated flush for all
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c
---- linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/i915/i915_irq.c 2011-08-23 21:47:55.000000000 -0400
@@ -473,7 +473,7 @@ static irqreturn_t ivybridge_irq_handler
u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir;
@@ -24626,7 +24626,7 @@
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
INIT_WORK(&dev_priv->error_work, i915_error_work_func);
diff -urNp linux-3.0.4/drivers/gpu/drm/i915/intel_display.c linux-3.0.4/drivers/gpu/drm/i915/intel_display.c
---- linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/i915/intel_display.c 2011-08-23 21:47:55.000000000 -0400
@@ -1961,7 +1961,7 @@ intel_pipe_set_base(struct drm_crtc *crt
@@ -24974,7 +24974,7 @@
return false;
diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c
---- linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/radeon/radeon_device.c 2011-08-23 21:47:55.000000000 -0400
@@ -678,7 +678,7 @@ static bool radeon_switcheroo_can_switch
bool can_switch;
@@ -24986,7 +24986,7 @@
return can_switch;
}
diff -urNp linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c
---- linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/gpu/drm/radeon/radeon_display.c 2011-08-23 21:48:14.000000000 -0400
@@ -946,6 +946,8 @@ void radeon_compute_pll_legacy(struct ra
uint32_t post_div;
@@ -26766,7 +26766,7 @@
// Every interrupt can come to us here
// But we must truly tell each apart.
diff -urNp linux-3.0.4/drivers/md/dm.c linux-3.0.4/drivers/md/dm.c
---- linux-3.0.4/drivers/md/dm.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/md/dm.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/md/dm.c 2011-08-23 21:47:55.000000000 -0400
@@ -164,9 +164,9 @@ struct mapped_device {
/*
@@ -28836,7 +28836,7 @@
if (err) {
if (err == -EACCES)
diff -urNp linux-3.0.4/drivers/net/niu.c linux-3.0.4/drivers/net/niu.c
---- linux-3.0.4/drivers/net/niu.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/niu.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/niu.c 2011-08-23 21:48:14.000000000 -0400
@@ -9056,6 +9056,8 @@ static void __devinit niu_try_msix(struc
int i, num_irqs, err;
@@ -29494,7 +29494,7 @@
err = 0;
break;
diff -urNp linux-3.0.4/drivers/net/r8169.c linux-3.0.4/drivers/net/r8169.c
---- linux-3.0.4/drivers/net/r8169.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/r8169.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/r8169.c 2011-08-23 21:47:55.000000000 -0400
@@ -645,12 +645,12 @@ struct rtl8169_private {
struct mdio_ops {
@@ -29838,7 +29838,7 @@
i2400m, ack, ack_size);
BUG_ON(_ack == i2400m->bm_ack_buf);
diff -urNp linux-3.0.4/drivers/net/wireless/airo.c linux-3.0.4/drivers/net/wireless/airo.c
---- linux-3.0.4/drivers/net/wireless/airo.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/wireless/airo.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/wireless/airo.c 2011-08-23 21:48:14.000000000 -0400
@@ -3003,6 +3003,8 @@ static void airo_process_scan_results (s
BSSListElement * loop_net;
@@ -30063,7 +30063,7 @@
"Mgmt endpoint", skb_queue_len(&priv->tx.mgmt_ep_queue));
diff -urNp linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h
---- linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/net/wireless/ath/ath9k/hw.h 2011-08-23 21:47:55.000000000 -0400
@@ -585,7 +585,7 @@ struct ath_hw_private_ops {
@@ -31061,7 +31061,7 @@
}
diff -urNp linux-3.0.4/drivers/scsi/hpsa.h linux-3.0.4/drivers/scsi/hpsa.h
---- linux-3.0.4/drivers/scsi/hpsa.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/scsi/hpsa.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/scsi/hpsa.h 2011-08-23 21:47:55.000000000 -0400
@@ -73,7 +73,7 @@ struct ctlr_info {
unsigned int msix_vector;
@@ -31438,7 +31438,7 @@
if (!or)
return -ENOMEM;
diff -urNp linux-3.0.4/drivers/scsi/pmcraid.c linux-3.0.4/drivers/scsi/pmcraid.c
---- linux-3.0.4/drivers/scsi/pmcraid.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/scsi/pmcraid.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/scsi/pmcraid.c 2011-08-23 21:47:56.000000000 -0400
@@ -201,8 +201,8 @@ static int pmcraid_slave_alloc(struct sc
res->scsi_dev = scsi_dev;
@@ -31640,7 +31640,7 @@
return errsts;
memset(arr, 0, sizeof(arr));
diff -urNp linux-3.0.4/drivers/scsi/scsi_lib.c linux-3.0.4/drivers/scsi/scsi_lib.c
---- linux-3.0.4/drivers/scsi/scsi_lib.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/scsi/scsi_lib.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/scsi/scsi_lib.c 2011-08-23 21:47:56.000000000 -0400
@@ -1412,7 +1412,7 @@ static void scsi_kill_request(struct req
shost = sdev->host;
@@ -31832,7 +31832,7 @@
static u8 *buf;
diff -urNp linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c
---- linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/ath6kl/os/linux/ar6000_drv.c 2011-08-23 21:48:14.000000000 -0400
@@ -362,7 +362,7 @@ static struct ar_cookie s_ar_cookie_mem[
(((ar)->arTargetType == TARGET_TYPE_AR6003) ? AR6003_HOST_INTEREST_ITEM_ADDRESS(item) : 0))
@@ -31963,7 +31963,7 @@
u32 noxmtbuf; /* # Tx packets discarded */
diff -urNp linux-3.0.4/drivers/staging/hv/channel.c linux-3.0.4/drivers/staging/hv/channel.c
---- linux-3.0.4/drivers/staging/hv/channel.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/hv/channel.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/hv/channel.c 2011-08-23 21:47:56.000000000 -0400
@@ -433,8 +433,8 @@ int vmbus_establish_gpadl(struct vmbus_c
int ret = 0;
@@ -32017,7 +32017,7 @@
/*
* Represents channel interrupts. Each bit position represents a
diff -urNp linux-3.0.4/drivers/staging/hv/rndis_filter.c linux-3.0.4/drivers/staging/hv/rndis_filter.c
---- linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/hv/rndis_filter.c 2011-08-23 21:47:56.000000000 -0400
@@ -43,7 +43,7 @@ struct rndis_device {
@@ -32251,7 +32251,7 @@
/*
* NOTE:
diff -urNp linux-3.0.4/drivers/staging/usbip/vhci_hcd.c linux-3.0.4/drivers/staging/usbip/vhci_hcd.c
---- linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/staging/usbip/vhci_hcd.c 2011-08-23 21:47:56.000000000 -0400
@@ -511,7 +511,7 @@ static void vhci_tx_urb(struct urb *urb)
return;
@@ -32828,7 +32828,7 @@
ipwireless_disassociate_network_ttys(network,
ttyj->channel_idx);
diff -urNp linux-3.0.4/drivers/tty/n_gsm.c linux-3.0.4/drivers/tty/n_gsm.c
---- linux-3.0.4/drivers/tty/n_gsm.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/drivers/tty/n_gsm.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/drivers/tty/n_gsm.c 2011-08-23 21:47:56.000000000 -0400
@@ -1589,7 +1589,7 @@ static struct gsm_dlci *gsm_dlci_alloc(s
return NULL;
@@ -36623,7 +36623,7 @@
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
diff -urNp linux-3.0.4/fs/befs/linuxvfs.c linux-3.0.4/fs/befs/linuxvfs.c
---- linux-3.0.4/fs/befs/linuxvfs.c 2011-08-29 23:26:13.000000000 -0400
+--- linux-3.0.4/fs/befs/linuxvfs.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/fs/befs/linuxvfs.c 2011-08-29 23:26:27.000000000 -0400
@@ -503,7 +503,7 @@ static void befs_put_link(struct dentry
{
@@ -37856,7 +37856,7 @@
}
}
diff -urNp linux-3.0.4/fs/cifs/cifsfs.c linux-3.0.4/fs/cifs/cifsfs.c
---- linux-3.0.4/fs/cifs/cifsfs.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/cifs/cifsfs.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/cifs/cifsfs.c 2011-08-25 17:18:05.000000000 -0400
@@ -994,7 +994,7 @@ cifs_init_request_bufs(void)
cifs_req_cachep = kmem_cache_create("cifs_request",
@@ -38223,7 +38223,7 @@
dcache_init();
inode_init();
diff -urNp linux-3.0.4/fs/ecryptfs/inode.c linux-3.0.4/fs/ecryptfs/inode.c
---- linux-3.0.4/fs/ecryptfs/inode.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/ecryptfs/inode.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/ecryptfs/inode.c 2011-08-23 21:47:56.000000000 -0400
@@ -704,7 +704,7 @@ static int ecryptfs_readlink_lower(struc
old_fs = get_fs();
@@ -38945,7 +38945,7 @@
if (free_blocks >= (nblocks + dirty_blocks))
return 1;
diff -urNp linux-3.0.4/fs/ext4/ext4.h linux-3.0.4/fs/ext4/ext4.h
---- linux-3.0.4/fs/ext4/ext4.h 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/ext4/ext4.h 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/ext4/ext4.h 2011-08-23 21:47:56.000000000 -0400
@@ -1177,19 +1177,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
@@ -38978,7 +38978,7 @@
/* locality groups */
diff -urNp linux-3.0.4/fs/ext4/mballoc.c linux-3.0.4/fs/ext4/mballoc.c
---- linux-3.0.4/fs/ext4/mballoc.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/ext4/mballoc.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/ext4/mballoc.c 2011-08-23 21:48:14.000000000 -0400
@@ -1793,7 +1793,7 @@ void ext4_mb_simple_scan_group(struct ex
BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
@@ -40686,7 +40686,7 @@
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
diff -urNp linux-3.0.4/fs/fuse/dev.c linux-3.0.4/fs/fuse/dev.c
---- linux-3.0.4/fs/fuse/dev.c 2011-08-29 23:26:14.000000000 -0400
+--- linux-3.0.4/fs/fuse/dev.c 2011-09-02 18:11:26.000000000 -0400
+++ linux-3.0.4/fs/fuse/dev.c 2011-08-29 23:26:27.000000000 -0400
@@ -1238,7 +1238,7 @@ static ssize_t fuse_dev_splice_read(stru
ret = 0;
@@ -41664,7 +41664,7 @@
void nfs_fattr_init(struct nfs_fattr *fattr)
diff -urNp linux-3.0.4/fs/nfsd/nfs4state.c linux-3.0.4/fs/nfsd/nfs4state.c
---- linux-3.0.4/fs/nfsd/nfs4state.c 2011-08-23 21:44:40.000000000 -0400
+--- linux-3.0.4/fs/nfsd/nfs4state.c 2011-09-02 18:11:21.000000000 -0400
+++ linux-3.0.4/fs/nfsd/nfs4state.c 2011-08-23 21:48:14.000000000 -0400
@@ -3794,6 +3794,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struc
unsigned int strhashval;
@@ -41927,7 +41927,7 @@
}
diff -urNp linux-3.0.4/fs/open.c linux-3.0.4/fs/open.c
--- linux-3.0.4/fs/open.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/fs/open.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.4/fs/open.c 2011-09-14 09:16:46.000000000 -0400
@@ -112,6 +112,10 @@ static long do_sys_truncate(const char _
error = locks_verify_truncate(inode, NULL, length);
if (!error)
@@ -41972,18 +41972,13 @@
if (!error)
set_fs_pwd(current->fs, &file->f_path);
out_putf:
-@@ -438,7 +454,18 @@ SYSCALL_DEFINE1(chroot, const char __use
+@@ -438,7 +454,13 @@ SYSCALL_DEFINE1(chroot, const char __use
if (error)
goto dput_and_out;
+ if (gr_handle_chroot_chroot(path.dentry, path.mnt))
+ goto dput_and_out;
+
-+ if (gr_handle_chroot_caps(&path)) {
-+ error = -ENOMEM;
-+ goto dput_and_out;
-+ }
-+
set_fs_root(current->fs, &path);
+
+ gr_handle_chroot_chdir(&path);
@@ -41991,7 +41986,7 @@
error = 0;
dput_and_out:
path_put(&path);
-@@ -466,12 +493,25 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
+@@ -466,12 +488,25 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
err = mnt_want_write_file(file);
if (err)
goto out_putf;
@@ -42017,7 +42012,7 @@
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
err = notify_change(dentry, &newattrs);
-@@ -499,12 +539,25 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
+@@ -499,12 +534,25 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
error = mnt_want_write(path.mnt);
if (error)
goto dput_and_out;
@@ -42043,7 +42038,7 @@
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
error = notify_change(path.dentry, &newattrs);
-@@ -528,6 +581,9 @@ static int chown_common(struct path *pat
+@@ -528,6 +576,9 @@ static int chown_common(struct path *pat
int error;
struct iattr newattrs;
@@ -42053,7 +42048,7 @@
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-@@ -998,7 +1054,10 @@ long do_sys_open(int dfd, const char __u
+@@ -998,7 +1049,10 @@ long do_sys_open(int dfd, const char __u
if (!IS_ERR(tmp)) {
fd = get_unused_fd_flags(flags);
if (fd >= 0) {
@@ -42338,8 +42333,8 @@
+}
+#endif
diff -urNp linux-3.0.4/fs/proc/base.c linux-3.0.4/fs/proc/base.c
---- linux-3.0.4/fs/proc/base.c 2011-08-23 21:44:40.000000000 -0400
-+++ linux-3.0.4/fs/proc/base.c 2011-08-23 21:48:14.000000000 -0400
+--- linux-3.0.4/fs/proc/base.c 2011-09-02 18:11:21.000000000 -0400
++++ linux-3.0.4/fs/proc/base.c 2011-09-13 14:50:28.000000000 -0400
@@ -107,6 +107,22 @@ struct pid_entry {
union proc_op op;
};
@@ -42405,7 +42400,7 @@
+ if (PAX_RAND_FLAGS(mm) &&
+ (!(task->ptrace & PT_PTRACED) || (task->parent != current))) {
+ mmput(mm);
-+ return res;
++ return 0;
+ }
+#endif
+
@@ -48198,8 +48193,8 @@
+
diff -urNp linux-3.0.4/grsecurity/gracl_cap.c linux-3.0.4/grsecurity/gracl_cap.c
--- linux-3.0.4/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/gracl_cap.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,139 @@
++++ linux-3.0.4/grsecurity/gracl_cap.c 2011-09-14 09:21:24.000000000 -0400
+@@ -0,0 +1,101 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -48207,49 +48202,11 @@
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
+
-+static const char *captab_log[] = {
-+ "CAP_CHOWN",
-+ "CAP_DAC_OVERRIDE",
-+ "CAP_DAC_READ_SEARCH",
-+ "CAP_FOWNER",
-+ "CAP_FSETID",
-+ "CAP_KILL",
-+ "CAP_SETGID",
-+ "CAP_SETUID",
-+ "CAP_SETPCAP",
-+ "CAP_LINUX_IMMUTABLE",
-+ "CAP_NET_BIND_SERVICE",
-+ "CAP_NET_BROADCAST",
-+ "CAP_NET_ADMIN",
-+ "CAP_NET_RAW",
-+ "CAP_IPC_LOCK",
-+ "CAP_IPC_OWNER",
-+ "CAP_SYS_MODULE",
-+ "CAP_SYS_RAWIO",
-+ "CAP_SYS_CHROOT",
-+ "CAP_SYS_PTRACE",
-+ "CAP_SYS_PACCT",
-+ "CAP_SYS_ADMIN",
-+ "CAP_SYS_BOOT",
-+ "CAP_SYS_NICE",
-+ "CAP_SYS_RESOURCE",
-+ "CAP_SYS_TIME",
-+ "CAP_SYS_TTY_CONFIG",
-+ "CAP_MKNOD",
-+ "CAP_LEASE",
-+ "CAP_AUDIT_WRITE",
-+ "CAP_AUDIT_CONTROL",
-+ "CAP_SETFCAP",
-+ "CAP_MAC_OVERRIDE",
-+ "CAP_MAC_ADMIN",
-+ "CAP_SYSLOG"
-+};
-+
-+EXPORT_SYMBOL(gr_is_capable);
-+EXPORT_SYMBOL(gr_is_capable_nolog);
++extern const char *captab_log[];
++extern int captab_log_entries;
+
+int
-+gr_is_capable(const int cap)
++gr_acl_is_capable(const int cap)
+{
+ struct task_struct *task = current;
+ const struct cred *cred = current_cred();
@@ -48301,13 +48258,13 @@
+ return 1;
+ }
+
-+ if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
++ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
+ return 0;
+}
+
+int
-+gr_is_capable_nolog(const int cap)
++gr_acl_is_capable_nolog(const int cap)
+{
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
@@ -49814,8 +49771,8 @@
+}
diff -urNp linux-3.0.4/grsecurity/grsec_chroot.c linux-3.0.4/grsecurity/grsec_chroot.c
--- linux-3.0.4/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_chroot.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,349 @@
++++ linux-3.0.4/grsecurity/grsec_chroot.c 2011-09-15 06:47:48.000000000 -0400
+@@ -0,0 +1,351 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -50096,33 +50053,39 @@
+ return 0;
+}
+
++extern const char *captab_log[];
++extern int captab_log_entries;
++
+int
-+gr_handle_chroot_caps(struct path *path)
++gr_chroot_is_capable(const int cap)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
-+ (init_task.fs->root.dentry != path->dentry) &&
-+ (current->nsproxy->mnt_ns->root->mnt_root != path->dentry)) {
-+
++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
-+ const struct cred *old = current_cred();
-+ struct cred *new = prepare_creds();
-+ if (new == NULL)
-+ return 1;
-+
-+ new->cap_permitted = cap_drop(old->cap_permitted,
-+ chroot_caps);
-+ new->cap_inheritable = cap_drop(old->cap_inheritable,
-+ chroot_caps);
-+ new->cap_effective = cap_drop(old->cap_effective,
-+ chroot_caps);
-+
-+ commit_creds(new);
++ if (cap_raised(chroot_caps, cap)) {
++ const struct cred *creds = current_cred();
++ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entries) {
++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[cap]);
++ }
++ return 0;
++ }
++ }
++#endif
++ return 1;
++}
+
-+ return 0;
++int
++gr_chroot_is_capable_nolog(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
++ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
++ if (cap_raised(chroot_caps, cap)) {
++ return 0;
++ }
+ }
+#endif
-+ return 0;
++ return 1;
+}
+
+int
@@ -50161,10 +50124,6 @@
+#endif
+ return 0;
+}
-+
-+#ifdef CONFIG_SECURITY
-+EXPORT_SYMBOL(gr_handle_chroot_caps);
-+#endif
diff -urNp linux-3.0.4/grsecurity/grsec_disabled.c linux-3.0.4/grsecurity/grsec_disabled.c
--- linux-3.0.4/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500
+++ linux-3.0.4/grsecurity/grsec_disabled.c 2011-08-23 21:48:14.000000000 -0400
@@ -50618,8 +50577,8 @@
+#endif
diff -urNp linux-3.0.4/grsecurity/grsec_exec.c linux-3.0.4/grsecurity/grsec_exec.c
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.3.2.72&r2=1.3.2.73&f=u
More information about the pld-cvs-commit
mailing list