packages (LINUX_2_6_32): kernel/kernel-grsec_full.patch - http://grsecurity...

hawk hawk at pld-linux.org
Fri Feb 10 11:10:29 CET 2012


Author: hawk                         Date: Fri Feb 10 10:10:29 2012 GMT
Module: packages                      Tag: LINUX_2_6_32
---- Log message:
- http://grsecurity.net/~spender/grsecurity-2.2.2-2.6.32.56-201202071726.patch

---- Files affected:
packages/kernel:
   kernel-grsec_full.patch (1.29.2.6 -> 1.29.2.7) 

---- Diffs:

================================================================
Index: packages/kernel/kernel-grsec_full.patch
diff -u packages/kernel/kernel-grsec_full.patch:1.29.2.6 packages/kernel/kernel-grsec_full.patch:1.29.2.7
--- packages/kernel/kernel-grsec_full.patch:1.29.2.6	Thu Jan 19 11:23:54 2012
+++ packages/kernel/kernel-grsec_full.patch	Fri Feb 10 11:10:11 2012
@@ -185,7 +185,7 @@
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index e480d8c..c7b2c86 100644
+index 81ad738..cbdaeb0 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -7848,7 +7848,7 @@
  
  	if (err)
 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index 4edd8eb..a558697 100644
+index 4edd8eb..29124b4 100644
 --- a/arch/x86/ia32/ia32entry.S
 +++ b/arch/x86/ia32/ia32entry.S
 @@ -13,7 +13,9 @@
@@ -7907,12 +7907,13 @@
   	movl	%ebp,%ebp		/* zero extension */
  	pushq	$__USER32_DS
  	CFI_ADJUST_CFA_OFFSET 8
-@@ -135,28 +157,41 @@ ENTRY(ia32_sysenter_target)
+@@ -135,28 +157,42 @@ ENTRY(ia32_sysenter_target)
  	pushfq
  	CFI_ADJUST_CFA_OFFSET 8
  	/*CFI_REL_OFFSET rflags,0*/
 -	movl	8*3-THREAD_SIZE+TI_sysenter_return(%rsp), %r10d
 -	CFI_REGISTER rip,r10
++	orl	$X86_EFLAGS_IF,(%rsp)
 +	GET_THREAD_INFO(%r11)
 +	movl	TI_sysenter_return(%r11), %r11d
 +	CFI_REGISTER rip,r11
@@ -7955,7 +7956,7 @@
  	CFI_REMEMBER_STATE
  	jnz  sysenter_tracesys
  	cmpq	$(IA32_NR_syscalls-1),%rax
-@@ -166,13 +201,15 @@ sysenter_do_call:
+@@ -166,13 +202,15 @@ sysenter_do_call:
  sysenter_dispatch:
  	call	*ia32_sys_call_table(,%rax,8)
  	movq	%rax,RAX-ARGOFFSET(%rsp)
@@ -7974,7 +7975,7 @@
  	/* clear IF, that popfq doesn't enable interrupts early */
  	andl  $~0x200,EFLAGS-R11(%rsp) 
  	movl	RIP-R11(%rsp),%edx		/* User %eip */
-@@ -200,6 +237,9 @@ sysexit_from_sys_call:
+@@ -200,6 +238,9 @@ sysexit_from_sys_call:
  	movl %eax,%esi			/* 2nd arg: syscall number */
  	movl $AUDIT_ARCH_I386,%edi	/* 1st arg: audit arch */
  	call audit_syscall_entry
@@ -7984,7 +7985,7 @@
  	movl RAX-ARGOFFSET(%rsp),%eax	/* reload syscall number */
  	cmpq $(IA32_NR_syscalls-1),%rax
  	ja ia32_badsys
-@@ -211,7 +251,7 @@ sysexit_from_sys_call:
+@@ -211,7 +252,7 @@ sysexit_from_sys_call:
  	.endm
  
  	.macro auditsys_exit exit
@@ -7993,7 +7994,7 @@
  	jnz ia32_ret_from_sys_call
  	TRACE_IRQS_ON
  	sti
-@@ -221,12 +261,12 @@ sysexit_from_sys_call:
+@@ -221,12 +262,12 @@ sysexit_from_sys_call:
  	movzbl %al,%edi		/* zero-extend that into %edi */
  	inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
  	call audit_syscall_exit
@@ -8008,7 +8009,7 @@
  	jz \exit
  	CLEAR_RREGS -ARGOFFSET
  	jmp int_with_check
-@@ -244,7 +284,7 @@ sysexit_audit:
+@@ -244,7 +285,7 @@ sysexit_audit:
  
  sysenter_tracesys:
  #ifdef CONFIG_AUDITSYSCALL
@@ -8017,7 +8018,7 @@
  	jz	sysenter_auditsys
  #endif
  	SAVE_REST
-@@ -252,6 +292,9 @@ sysenter_tracesys:
+@@ -252,6 +293,9 @@ sysenter_tracesys:
  	movq	$-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
  	movq	%rsp,%rdi        /* &pt_regs -> arg1 */
  	call	syscall_trace_enter
@@ -8027,7 +8028,7 @@
  	LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
  	RESTORE_REST
  	cmpq	$(IA32_NR_syscalls-1),%rax
-@@ -283,19 +326,20 @@ ENDPROC(ia32_sysenter_target)
+@@ -283,19 +327,20 @@ ENDPROC(ia32_sysenter_target)
  ENTRY(ia32_cstar_target)
  	CFI_STARTPROC32	simple
  	CFI_SIGNAL_FRAME
@@ -8050,7 +8051,7 @@
  	movl 	%eax,%eax	/* zero extension */
  	movq	%rax,ORIG_RAX-ARGOFFSET(%rsp)
  	movq	%rcx,RIP-ARGOFFSET(%rsp)
-@@ -311,13 +355,19 @@ ENTRY(ia32_cstar_target)
+@@ -311,13 +356,19 @@ ENTRY(ia32_cstar_target)
  	/* no need to do an access_ok check here because r8 has been
  	   32bit zero extended */ 
  	/* hardware stack frame is complete now */	
@@ -8073,7 +8074,7 @@
  	CFI_REMEMBER_STATE
  	jnz   cstar_tracesys
  	cmpq $IA32_NR_syscalls-1,%rax
-@@ -327,13 +377,15 @@ cstar_do_call:
+@@ -327,13 +378,15 @@ cstar_do_call:
  cstar_dispatch:
  	call *ia32_sys_call_table(,%rax,8)
  	movq %rax,RAX-ARGOFFSET(%rsp)
@@ -8092,7 +8093,7 @@
  	RESTORE_ARGS 1,-ARG_SKIP,1,1,1
  	movl RIP-ARGOFFSET(%rsp),%ecx
  	CFI_REGISTER rip,rcx
-@@ -361,7 +413,7 @@ sysretl_audit:
+@@ -361,7 +414,7 @@ sysretl_audit:
  
  cstar_tracesys:
  #ifdef CONFIG_AUDITSYSCALL
@@ -8101,7 +8102,7 @@
  	jz cstar_auditsys
  #endif
  	xchgl %r9d,%ebp
-@@ -370,6 +422,9 @@ cstar_tracesys:
+@@ -370,6 +423,9 @@ cstar_tracesys:
  	movq $-ENOSYS,RAX(%rsp)	/* ptrace can change this for a bad syscall */
  	movq %rsp,%rdi        /* &pt_regs -> arg1 */
  	call syscall_trace_enter
@@ -8111,7 +8112,7 @@
  	LOAD_ARGS32 ARGOFFSET, 1  /* reload args from stack in case ptrace changed it */
  	RESTORE_REST
  	xchgl %ebp,%r9d
-@@ -415,11 +470,6 @@ ENTRY(ia32_syscall)
+@@ -415,11 +471,6 @@ ENTRY(ia32_syscall)
  	CFI_REL_OFFSET	rip,RIP-RIP
  	PARAVIRT_ADJUST_EXCEPTION_FRAME
  	SWAPGS
@@ -8123,7 +8124,7 @@
  	movl %eax,%eax
  	pushq %rax
  	CFI_ADJUST_CFA_OFFSET 8
-@@ -427,9 +477,15 @@ ENTRY(ia32_syscall)
+@@ -427,9 +478,15 @@ ENTRY(ia32_syscall)
  	/* note the registers are not zero extended to the sf.
  	   this could be a problem. */
  	SAVE_ARGS 0,0,1
@@ -8142,7 +8143,7 @@
  	jnz ia32_tracesys
  	cmpq $(IA32_NR_syscalls-1),%rax
  	ja ia32_badsys
-@@ -448,6 +504,9 @@ ia32_tracesys:
+@@ -448,6 +505,9 @@ ia32_tracesys:
  	movq $-ENOSYS,RAX(%rsp)	/* ptrace can change this for a bad syscall */
  	movq %rsp,%rdi        /* &pt_regs -> arg1 */
  	call syscall_trace_enter
@@ -8152,7 +8153,7 @@
  	LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
  	RESTORE_REST
  	cmpq $(IA32_NR_syscalls-1),%rax
-@@ -462,6 +521,7 @@ ia32_badsys:
+@@ -462,6 +522,7 @@ ia32_badsys:
  
  quiet_ni_syscall:
  	movq $-ENOSYS,%rax
@@ -13948,10 +13949,18 @@
  	.store			= store,
  };
 diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
-index 5c0e653..1e82c7c 100644
+index 5c0e653..0882b0a 100644
 --- a/arch/x86/kernel/cpu/mcheck/p5.c
 +++ b/arch/x86/kernel/cpu/mcheck/p5.c
-@@ -50,7 +50,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
+@@ -12,6 +12,7 @@
+ #include <asm/system.h>
+ #include <asm/mce.h>
+ #include <asm/msr.h>
++#include <asm/pgtable.h>
+ 
+ /* By default disabled */
+ int mce_p5_enabled __read_mostly;
+@@ -50,7 +51,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
  	if (!cpu_has(c, X86_FEATURE_MCE))
  		return;
  
@@ -13962,10 +13971,18 @@
  	wmb();
  
 diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
-index 54060f5..e6ba93d 100644
+index 54060f5..c1a7577 100644
 --- a/arch/x86/kernel/cpu/mcheck/winchip.c
 +++ b/arch/x86/kernel/cpu/mcheck/winchip.c
-@@ -24,7 +24,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c)
+@@ -11,6 +11,7 @@
+ #include <asm/system.h>
+ #include <asm/mce.h>
+ #include <asm/msr.h>
++#include <asm/pgtable.h>
+ 
+ /* Machine check handler for WinChip C6: */
+ static void winchip_machine_check(struct pt_regs *regs, long error_code)
+@@ -24,7 +25,9 @@ void winchip_mcheck_init(struct cpuinfo_x86 *c)
  {
  	u32 lo, hi;
  
@@ -14296,9 +14313,9 @@
 @@ -180,7 +180,7 @@ void dump_stack(void)
  #endif
  
- 	printk("Pid: %d, comm: %.20s xid: #%u %s %s %.*s\n",
--		current->pid, current->comm, current->xid, print_tainted(),
-+		task_pid_nr(current), current->comm, current->xid, print_tainted(),
+ 	printk("Pid: %d, comm: %.20s %s %s %.*s\n",
+-		current->pid, current->comm, print_tainted(),
++		task_pid_nr(current), current->comm, print_tainted(),
  		init_utsname()->release,
  		(int)strcspn(init_utsname()->version, " "),
  		init_utsname()->version);
@@ -18795,9 +18812,9 @@
 @@ -170,7 +170,7 @@ void __show_regs(struct pt_regs *regs, int all)
  	if (!board)
  		board = "";
- 	printk(KERN_INFO "Pid: %d, comm: %.20s xid: #%u %s %s %.*s %s\n",
--		current->pid, current->comm, current->xid, print_tainted(),
-+		task_pid_nr(current), current->comm, current->xid, print_tainted(),
+ 	printk(KERN_INFO "Pid: %d, comm: %.20s %s %s %.*s %s\n",
+-		current->pid, current->comm, print_tainted(),
++		task_pid_nr(current), current->comm, print_tainted(),
  		init_utsname()->release,
  		(int)strcspn(init_utsname()->version, " "),
  		init_utsname()->version, board);
@@ -25342,7 +25359,7 @@
  
  	return (void *)vaddr;
 diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index 2feb9bd..3646202 100644
+index 2feb9bd..ab91e7b 100644
 --- a/arch/x86/mm/ioremap.c
 +++ b/arch/x86/mm/ioremap.c
 @@ -41,8 +41,8 @@ int page_is_ram(unsigned long pagenr)
@@ -25372,7 +25389,17 @@
  			return NULL;
  		WARN_ON_ONCE(is_ram);
  	}
-@@ -407,7 +404,7 @@ static int __init early_ioremap_debug_setup(char *str)
+@@ -378,6 +375,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+ 
+ 	/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
+ 	if (page_is_ram(start >> PAGE_SHIFT))
++#ifdef CONFIG_HIGHMEM
++	if ((start >> PAGE_SHIFT) < max_low_pfn)
++#endif
+ 		return __va(phys);
+ 
+ 	addr = (void __force *)ioremap_default(start, PAGE_SIZE);
+@@ -407,7 +407,7 @@ static int __init early_ioremap_debug_setup(char *str)
  early_param("early_ioremap_debug", early_ioremap_debug_setup);
  
  static __initdata int after_paging_init;
@@ -25381,7 +25408,7 @@
  
  static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
  {
-@@ -439,8 +436,7 @@ void __init early_ioremap_init(void)
+@@ -439,8 +439,7 @@ void __init early_ioremap_init(void)
  		slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
  
  	pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
@@ -25408,7 +25435,7 @@
  
  	pte = kmemcheck_pte_lookup(address);
 diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
-index c8191de..2975082 100644
+index c9e57af..07a321b 100644
 --- a/arch/x86/mm/mmap.c
 +++ b/arch/x86/mm/mmap.c
 @@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size(void)
@@ -27299,10 +27326,10 @@
  	.store	= elv_attr_store,
  };
 diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
-index 1d5a780..0e2fb8c 100644
+index 2be0a97..bded3fd 100644
 --- a/block/scsi_ioctl.c
 +++ b/block/scsi_ioctl.c
-@@ -220,8 +220,20 @@ EXPORT_SYMBOL(blk_verify_command);
+@@ -221,8 +221,20 @@ EXPORT_SYMBOL(blk_verify_command);
  static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
  			     struct sg_io_hdr *hdr, fmode_t mode)
  {
@@ -27324,7 +27351,7 @@
  	if (blk_verify_command(rq->cmd, mode & FMODE_WRITE))
  		return -EPERM;
  
-@@ -430,6 +442,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
+@@ -431,6 +443,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
  	int err;
  	unsigned int in_len, out_len, bytes, opcode, cmdlen;
  	char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
@@ -27333,7 +27360,7 @@
  
  	if (!sic)
  		return -EINVAL;
-@@ -463,9 +477,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
+@@ -464,9 +478,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
  	 */
  	err = -EFAULT;
  	rq->cmd_len = cmdlen;
@@ -30383,7 +30410,7 @@
  		DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) +
  			sizeof(DAC960_SCSI_Inquiry_T) +
 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
-index ca9c548..ca6899c 100644
+index 68b90d9..7e2e3f3 100644
 --- a/drivers/block/cciss.c
 +++ b/drivers/block/cciss.c
 @@ -1011,6 +1011,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
@@ -31709,9 +31736,18 @@
  	acpi_os_unmap_memory(virt, len);
  	return 0;
 diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
-index 123cedf..137edef 100644
+index 123cedf..6664cb4 100644
 --- a/drivers/char/tty_io.c
 +++ b/drivers/char/tty_io.c
+@@ -146,7 +146,7 @@ static int tty_open(struct inode *, struct file *);
+ static int tty_release(struct inode *, struct file *);
+ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
+ #ifdef CONFIG_COMPAT
+-static long tty_compat_ioctl(struct file *file, unsigned int cmd,
++long tty_compat_ioctl(struct file *file, unsigned int cmd,
+ 				unsigned long arg);
+ #else
+ #define tty_compat_ioctl NULL
 @@ -1774,6 +1774,7 @@ got_driver:
  
  		if (IS_ERR(tty)) {
@@ -32625,7 +32661,7 @@
  
  	DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
 diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
-index ba14553..182d0bb 100644
+index 519161e..98c840c 100644
 --- a/drivers/gpu/drm/drm_fops.c
 +++ b/drivers/gpu/drm/drm_fops.c
 @@ -66,7 +66,7 @@ static int drm_setup(struct drm_device * dev)
@@ -32665,9 +32701,9 @@
 -		  dev->open_count);
 +		  local_read(&dev->open_count));
  
- 	/* if the master has gone away we can't do anything with the lock */
- 	if (file_priv->minor->master)
-@@ -524,9 +524,9 @@ int drm_release(struct inode *inode, struct file *filp)
+ 	/* Release any auth tokens that might point to this file_priv,
+ 	   (do that under the drm_global_mutex) */
+@@ -529,9 +529,9 @@ int drm_release(struct inode *inode, struct file *filp)
  	 * End inline drm_release
  	 */
  
@@ -32680,7 +32716,7 @@
  			DRM_ERROR("Device busy: %d\n",
  				  atomic_read(&dev->ioctl_count));
 diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
-index 8bf3770..7942280 100644
+index 8bf3770..79422805 100644
 --- a/drivers/gpu/drm/drm_gem.c
 +++ b/drivers/gpu/drm/drm_gem.c
 @@ -83,11 +83,11 @@ drm_gem_init(struct drm_device *dev)
@@ -33850,7 +33886,7 @@
  		vga_put(pdev, io_state);
  
 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index f3f1415..e561d90 100644
+index 11f8069..4783396 100644
 --- a/drivers/hid/hid-core.c
 +++ b/drivers/hid/hid-core.c
 @@ -1752,7 +1752,7 @@ static bool hid_ignore(struct hid_device *hdev)
@@ -33938,7 +33974,7 @@
  	int			ycalib;    /* calibrated null value for y */
  	int			zcalib;    /* calibrated null value for z */
 diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c
-index 2040507..706ec1e 100644
+index 740785e..5a5c6c6 100644
 --- a/drivers/hwmon/sht15.c
 +++ b/drivers/hwmon/sht15.c
 @@ -112,7 +112,7 @@ struct sht15_data {
@@ -34798,6 +34834,30 @@
  	.show = cm_show_counter
  };
  
+diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
+index 8fd3a6f..61d8075 100644
+--- a/drivers/infiniband/core/cma.c
++++ b/drivers/infiniband/core/cma.c
+@@ -2267,6 +2267,9 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv,
+ 
+ 	req.private_data_len = sizeof(struct cma_hdr) +
+ 			       conn_param->private_data_len;
++	if (req.private_data_len < conn_param->private_data_len)
++		return -EINVAL;
++
+ 	req.private_data = kzalloc(req.private_data_len, GFP_ATOMIC);
+ 	if (!req.private_data)
+ 		return -ENOMEM;
+@@ -2314,6 +2317,9 @@ static int cma_connect_ib(struct rdma_id_private *id_priv,
+ 	memset(&req, 0, sizeof req);
+ 	offset = cma_user_data_offset(id_priv->id.ps);
+ 	req.private_data_len = offset + conn_param->private_data_len;
++	if (req.private_data_len < conn_param->private_data_len)
++		return -EINVAL;
++
+ 	private_data = kzalloc(req.private_data_len, GFP_ATOMIC);
+ 	if (!private_data)
+ 		return -ENOMEM;
 diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c
 index 4507043..14ad522 100644
 --- a/drivers/infiniband/core/fmr_pool.c
@@ -41467,10 +41527,10 @@
  	sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
  	if (!sg_proc_sgp)
 diff --git a/drivers/scsi/sym53c8xx_2/sym_glue.c b/drivers/scsi/sym53c8xx_2/sym_glue.c
-index 45374d6..61ee484 100644
+index c19ca5e..3eb5959 100644
 --- a/drivers/scsi/sym53c8xx_2/sym_glue.c
 +++ b/drivers/scsi/sym53c8xx_2/sym_glue.c
-@@ -1754,6 +1754,8 @@ static int __devinit sym2_probe(struct pci_dev *pdev,
+@@ -1758,6 +1758,8 @@ static int __devinit sym2_probe(struct pci_dev *pdev,
  	int do_iounmap = 0;
  	int do_disable_device = 1;
  
@@ -42446,19 +42506,6 @@
  
  	if (!left--) {
  		if (instance->disconnected)
-diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c
-index 3e564bf..949b448 100644
---- a/drivers/usb/class/cdc-wdm.c
-+++ b/drivers/usb/class/cdc-wdm.c
-@@ -314,7 +314,7 @@ static ssize_t wdm_write
- 	if (r < 0)
- 		goto outnp;
- 
--	if (!file->f_flags && O_NONBLOCK)
-+	if (!(file->f_flags & O_NONBLOCK))
- 		r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
- 								&desc->flags));
- 	else
 diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
 index 24e6205..fe5a5d4 100644
 --- a/drivers/usb/core/hcd.c
@@ -46241,9 +46288,9 @@
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
 @@ -31,6 +31,7 @@
+ #include <linux/random.h>
  #include <linux/elf.h>
  #include <linux/utsname.h>
- #include <linux/vs_memory.h>
 +#include <linux/xattr.h>
  #include <asm/uaccess.h>
  #include <asm/param.h>
@@ -47858,7 +47905,7 @@
          return hit;
  }
 diff --git a/fs/compat.c b/fs/compat.c
-index d1e2411..27064e4 100644
+index d1e2411..b1eda5d 100644
 --- a/fs/compat.c
 +++ b/fs/compat.c
 @@ -133,8 +133,8 @@ asmlinkage long compat_sys_utimes(char __user *filename, struct compat_timeval _
@@ -48015,7 +48062,18 @@
  
  	retval = unshare_files(&displaced);
  	if (retval)
-@@ -1499,6 +1541,15 @@ int compat_do_execve(char * filename,
+@@ -1493,12 +1535,26 @@ int compat_do_execve(char * filename,
+ 	if (IS_ERR(file))
+ 		goto out_unmark;
+ 
++	if (gr_ptrace_readexec(file, bprm->unsafe)) {
++		retval = -EPERM;
++		goto out_file;
++	}
++
+ 	sched_exec();
+ 
+ 	bprm->file = file;
  	bprm->filename = filename;
  	bprm->interp = filename;
  
@@ -48031,7 +48089,7 @@
  	retval = bprm_mm_init(bprm);
  	if (retval)
  		goto out_file;
-@@ -1528,9 +1579,40 @@ int compat_do_execve(char * filename,
+@@ -1528,9 +1584,40 @@ int compat_do_execve(char * filename,
  	if (retval < 0)
  		goto out;
  
@@ -48058,7 +48116,7 @@
 +#endif
 +
 +	retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
-+				   bprm->unsafe & LSM_UNSAFE_SHARE);
++				   bprm->unsafe);
 +	if (retval < 0)
 +		goto out_fail;
 +
@@ -48073,7 +48131,7 @@
  
  	/* execve succeeded */
  	current->fs->in_exec = 0;
-@@ -1541,6 +1623,14 @@ int compat_do_execve(char * filename,
+@@ -1541,6 +1628,14 @@ int compat_do_execve(char * filename,
  		put_files_struct(displaced);
  	return retval;
  
@@ -48088,7 +48146,7 @@
  out:
  	if (bprm->mm) {
  		acct_arg_size(bprm, 0);
-@@ -1711,6 +1801,8 @@ int compat_core_sys_select(int n, compat_ulong_t __user *inp,
+@@ -1711,6 +1806,8 @@ int compat_core_sys_select(int n, compat_ulong_t __user *inp,
  	struct fdtable *fdt;
  	long stack_fds[SELECT_STACK_ALLOC/sizeof(long)];
  
@@ -48097,7 +48155,7 @@
  	if (n < 0)
  		goto out_nofds;
  
-@@ -2151,7 +2243,7 @@ asmlinkage long compat_sys_nfsservctl(int cmd,
+@@ -2151,7 +2248,7 @@ asmlinkage long compat_sys_nfsservctl(int cmd,
  	oldfs = get_fs();
  	set_fs(KERNEL_DS);
  	/* The __user pointer casts are valid because of the set_fs() */
@@ -48204,6 +48262,22 @@
  
  	dcache_init();
  	inode_init();
+diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
+index 39c6ee8..dcee0f1 100644
+--- a/fs/debugfs/inode.c
++++ b/fs/debugfs/inode.c
+@@ -269,7 +269,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
+ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
+ {
+ 	return debugfs_create_file(name, 
++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
++				   S_IFDIR | S_IRWXU,
++#else
+ 				   S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO,
++#endif
+ 				   parent, NULL, NULL);
+ }
+ EXPORT_SYMBOL_GPL(debugfs_create_dir);
 diff --git a/fs/dlm/lockspace.c b/fs/dlm/lockspace.c
 index c010ecf..a8d8c59 100644
 --- a/fs/dlm/lockspace.c
@@ -48217,6 +48291,78 @@
  	.show  = dlm_attr_show,
  	.store = dlm_attr_store,
  };
+diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
+index 7a5f1ac..205b034 100644
+--- a/fs/ecryptfs/crypto.c
++++ b/fs/ecryptfs/crypto.c
+@@ -418,17 +418,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
+ 				rc);
+ 		goto out;
+ 	}
+-	if (unlikely(ecryptfs_verbosity > 0)) {
+-		ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
+-				"with iv:\n");
+-		ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
+-		ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
+-				"encryption:\n");
+-		ecryptfs_dump_hex((char *)
+-				  (page_address(page)
+-				   + (extent_offset * crypt_stat->extent_size)),
+-				  8);
+-	}
+ 	rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
+ 					  page, (extent_offset
+ 						 * crypt_stat->extent_size),
+@@ -441,14 +430,6 @@ static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
+ 		goto out;
+ 	}
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-grsec_full.patch?r1=1.29.2.6&r2=1.29.2.7&f=u



More information about the pld-cvs-commit mailing list