Update Grsec/PaX20101222

2.2.1-2.6.32.27-201012182005 against 2.6.32.27 2.2.1-2.6.36.2-201012221906 against 2.6.36.2
author: Anthony G. Basile <basile@opensource.dyc.edu> 2010-12-26 12:21:35 -0500
committer: Anthony G. Basile <basile@opensource.dyc.edu> 2010-12-26 12:21:35 -0500
commit: 304837b85ae78c17ada1324d7a604d1f749fb4a7 (patch)
tree: 46b0b9f0f37ba774a838f8e1267786b1072155ed /2.6.32
parent: Upstream fix to GR_SOCK_NOINET_MSG typo (diff)
download: hardened-patchset-304837b85ae78c17ada1324d7a604d1f749fb4a7.tar.gz
hardened-patchset-304837b85ae78c17ada1324d7a604d1f749fb4a7.tar.bz2
hardened-patchset-304837b85ae78c17ada1324d7a604d1f749fb4a7.zip
2 files changed, 68 insertions, 24 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index f6aab63..7f6cbfc 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.1-2.6.32.27-201012130740.patch
+Patch:	4420_grsecurity-2.2.1-2.6.32.27-201012182005.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201012130740.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201012182005.patch
index a68d035..5f5475b 100644
--- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201012130740.patch
+++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201012182005.patch
@@ -24276,6 +24276,18 @@ diff -urNp linux-2.6.32.27/drivers/base/sys.c linux-2.6.32.27/drivers/base/sys.c
  	.show	= sysdev_class_show,
  	.store	= sysdev_class_store,
  };
+diff -urNp linux-2.6.32.27/drivers/block/cciss.c linux-2.6.32.27/drivers/block/cciss.c
+--- linux-2.6.32.27/drivers/block/cciss.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.27/drivers/block/cciss.c	2010-12-18 20:01:28.000000000 -0500
+@@ -1011,6 +1011,8 @@ static int cciss_ioctl32_passthru(struct
+ 	int err;
+ 	u32 cp;
+ 
++	memset(&arg64, 0, sizeof(arg64));
++
+ 	err = 0;
+ 	err |=
+ 	    copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
 diff -urNp linux-2.6.32.27/drivers/block/pktcdvd.c linux-2.6.32.27/drivers/block/pktcdvd.c
 --- linux-2.6.32.27/drivers/block/pktcdvd.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.27/drivers/block/pktcdvd.c	2010-12-09 18:12:30.000000000 -0500
@@ -36643,8 +36655,8 @@ diff -urNp linux-2.6.32.27/grsecurity/gracl_alloc.c linux-2.6.32.27/grsecurity/g
 +}
 diff -urNp linux-2.6.32.27/grsecurity/gracl.c linux-2.6.32.27/grsecurity/gracl.c
 --- linux-2.6.32.27/grsecurity/gracl.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.27/grsecurity/gracl.c	2010-12-12 17:03:16.000000000 -0500
-@@ -0,0 +1,3971 @@
++++ linux-2.6.32.27/grsecurity/gracl.c	2010-12-18 19:42:51.000000000 -0500
+@@ -0,0 +1,3973 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -38411,9 +38423,11 @@ diff -urNp linux-2.6.32.27/grsecurity/gracl.c linux-2.6.32.27/grsecurity/gracl.c
 +
 +	/* if we aren't checking a subdirectory of the original path yet, don't do glob checking
 +	   as we don't want a /* rule to match instead of the / object
++	   don't do this for create lookups that call this function though, since they're looking up
++	   on the parent and thus need globbing checks on all paths
 +	*/
-+	if (orig_dentry == curr_dentry)
-+		newglob = 0;
++	if (orig_dentry == curr_dentry && newglob != GR_CREATE_GLOB)
++		newglob = GR_NO_GLOB;
 +
 +	return __full_lookup(orig_dentry, orig_mnt,
 +			     curr_dentry->d_inode->i_ino, 
@@ -38478,7 +38492,7 @@ diff -urNp linux-2.6.32.27/grsecurity/gracl.c linux-2.6.32.27/grsecurity/gracl.c
 +	      const struct acl_subject_label *subj)
 +{
 +	char *path = NULL;
-+	return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
++	return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_REG_GLOB);
 +}
 +
 +static __inline__ struct acl_object_label *
@@ -38486,14 +38500,14 @@ diff -urNp linux-2.6.32.27/grsecurity/gracl.c linux-2.6.32.27/grsecurity/gracl.c
 +	      const struct acl_subject_label *subj)
 +{
 +	char *path = NULL;
-+	return __chk_obj_label(l_dentry, l_mnt, subj, path, 0);
++	return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_NO_GLOB);
 +}
 +
 +static __inline__ struct acl_object_label *
 +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
 +		     const struct acl_subject_label *subj, char *path)
 +{
-+	return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
++	return __chk_obj_label(l_dentry, l_mnt, subj, path, GR_CREATE_GLOB);
 +}
 +
 +static struct acl_subject_label *
@@ -44151,7 +44165,7 @@ diff -urNp linux-2.6.32.27/grsecurity/grsec_sig.c linux-2.6.32.27/grsecurity/grs
 +
 diff -urNp linux-2.6.32.27/grsecurity/grsec_sock.c linux-2.6.32.27/grsecurity/grsec_sock.c
 --- linux-2.6.32.27/grsecurity/grsec_sock.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.27/grsecurity/grsec_sock.c	2010-12-12 17:14:55.000000000 -0500
++++ linux-2.6.32.27/grsecurity/grsec_sock.c	2010-12-14 23:53:23.000000000 -0500
 @@ -0,0 +1,275 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
@@ -47440,8 +47454,8 @@ diff -urNp linux-2.6.32.27/include/linux/genhd.h linux-2.6.32.27/include/linux/g
  	struct blk_integrity *integrity;
 diff -urNp linux-2.6.32.27/include/linux/gracl.h linux-2.6.32.27/include/linux/gracl.h
 --- linux-2.6.32.27/include/linux/gracl.h	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.27/include/linux/gracl.h	2010-12-09 18:12:29.000000000 -0500
-@@ -0,0 +1,311 @@
++++ linux-2.6.32.27/include/linux/gracl.h	2010-12-18 19:40:30.000000000 -0500
+@@ -0,0 +1,317 @@
 +#ifndef GR_ACL_H
 +#define GR_ACL_H
 +
@@ -47480,6 +47494,12 @@ diff -urNp linux-2.6.32.27/include/linux/gracl.h linux-2.6.32.27/include/linux/g
 +	GR_SPROLE_LEN = 64,
 +};
 +
++enum {
++	GR_NO_GLOB = 0,
++	GR_REG_GLOB,
++	GR_CREATE_GLOB
++};
++
 +#define GR_NLIMITS 32
 +
 +/* Begin Data Structures */
@@ -54890,7 +54910,7 @@ diff -urNp linux-2.6.32.27/mm/mlock.c linux-2.6.32.27/mm/mlock.c
  		ret = do_mlockall(flags);
 diff -urNp linux-2.6.32.27/mm/mmap.c linux-2.6.32.27/mm/mmap.c
 --- linux-2.6.32.27/mm/mmap.c	2010-09-26 17:26:05.000000000 -0400
-+++ linux-2.6.32.27/mm/mmap.c	2010-12-09 18:12:54.000000000 -0500
++++ linux-2.6.32.27/mm/mmap.c	2010-12-15 18:01:42.000000000 -0500
 @@ -45,6 +45,16 @@
  #define arch_rebalance_pgtables(addr, len)		(addr)
  #endif
@@ -55802,8 +55822,8 @@ diff -urNp linux-2.6.32.27/mm/mmap.c linux-2.6.32.27/mm/mmap.c
   * Jeremy Fitzhardinge <jeremy@goop.org>
   */
 +#ifdef CONFIG_PAX_SEGMEXEC
-+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
-+{
+ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+ {
 +	int ret = __do_munmap(mm, start, len);
 +	if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
 +		return ret;
@@ -55813,9 +55833,9 @@ diff -urNp linux-2.6.32.27/mm/mmap.c linux-2.6.32.27/mm/mmap.c
 +
 +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
 +#else
- int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
 +#endif
- {
++{
  	unsigned long end;
  	struct vm_area_struct *vma, *prev, *last;
  
@@ -56057,7 +56077,15 @@ diff -urNp linux-2.6.32.27/mm/mmap.c linux-2.6.32.27/mm/mmap.c
  	if (cur + npages > lim)
  		return 0;
  	return 1;
-@@ -2300,12 +2746,28 @@ int install_special_mapping(struct mm_st
+@@ -2290,6 +2736,7 @@ int install_special_mapping(struct mm_st
+ 			    unsigned long addr, unsigned long len,
+ 			    unsigned long vm_flags, struct page **pages)
+ {
++	int ret;
+ 	struct vm_area_struct *vma;
+ 
+ 	vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
+@@ -2300,22 +2747,40 @@ int install_special_mapping(struct mm_st
  	vma->vm_start = addr;
  	vma->vm_end = addr + len;
  
@@ -56078,14 +56106,30 @@ diff -urNp linux-2.6.32.27/mm/mmap.c linux-2.6.32.27/mm/mmap.c
  	vma->vm_ops = &special_mapping_vmops;
  	vma->vm_private_data = pages;
  
-+	if (security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1)) {
-+		kmem_cache_free(vm_area_cachep, vma);
-+		return -EPERM;
-+	}
+-	if (unlikely(insert_vm_struct(mm, vma))) {
+-		kmem_cache_free(vm_area_cachep, vma);
+-		return -ENOMEM;
+-	}
++	ret = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1);
++	if (ret)
++		goto out;
 +
- 	if (unlikely(insert_vm_struct(mm, vma))) {
- 		kmem_cache_free(vm_area_cachep, vma);
- 		return -ENOMEM;
++	ret = insert_vm_struct(mm, vma);
++	if (ret)
++		goto out;
+ 
+ 	mm->total_vm += len >> PAGE_SHIFT;
+ 
+ 	perf_event_mmap(vma);
+ 
+ 	return 0;
++
++out:
++	kmem_cache_free(vm_area_cachep, vma);
++	return ret;
+ }
+ 
+ static DEFINE_MUTEX(mm_all_locks_mutex);
 diff -urNp linux-2.6.32.27/mm/mprotect.c linux-2.6.32.27/mm/mprotect.c
 --- linux-2.6.32.27/mm/mprotect.c	2010-12-09 18:13:03.000000000 -0500
 +++ linux-2.6.32.27/mm/mprotect.c	2010-12-09 18:43:07.000000000 -0500
author	Anthony G. Basile <basile@opensource.dyc.edu>	2010-12-26 12:21:35 -0500
committer	Anthony G. Basile <basile@opensource.dyc.edu>	2010-12-26 12:21:35 -0500
commit	304837b85ae78c17ada1324d7a604d1f749fb4a7 (patch)
tree	46b0b9f0f37ba774a838f8e1267786b1072155ed /2.6.32
parent	Upstream fix to GR_SOCK_NOINET_MSG typo (diff)
download	hardened-patchset-304837b85ae78c17ada1324d7a604d1f749fb4a7.tar.gz hardened-patchset-304837b85ae78c17ada1324d7a604d1f749fb4a7.tar.bz2 hardened-patchset-304837b85ae78c17ada1324d7a604d1f749fb4a7.zip