Update Grsec/PaX

2.2.1-2.6.32.27-201101042016 2.2.1-2.6.36.2-201101042016
author: Anthony G. Basile <basile@opensource.dyc.edu> 2011-01-05 10:42:12 -0500
committer: Anthony G. Basile <basile@opensource.dyc.edu> 2011-01-05 10:42:12 -0500
commit: 664fef0e3af31d1285b7bf643998a5a058c14690 (patch)
tree: b2b855b236b688ea51b85b7d82f1099d84be7fd0 /2.6.32
parent: Added script to reverse apply patchset (diff)
download: hardened-patchset-664fef0e3af31d1285b7bf643998a5a058c14690.tar.gz
hardened-patchset-664fef0e3af31d1285b7bf643998a5a058c14690.tar.bz2
hardened-patchset-664fef0e3af31d1285b7bf643998a5a058c14690.zip
3 files changed, 196 insertions, 43 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 94d2552..cbcdc47 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.1-2.6.32.27-201101021130.patch
+Patch:	4420_grsecurity-2.2.1-2.6.32.27-201101042016.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201101021130.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201101042016.patch
index 5fd9bcc..822b927 100644
--- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201101021130.patch
+++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.27-201101042016.patch
@@ -8204,20 +8204,6 @@ diff -urNp linux-2.6.32.27/arch/x86/include/asm/module.h linux-2.6.32.27/arch/x8
  #endif
  
  #endif /* _ASM_X86_MODULE_H */
-diff -urNp linux-2.6.32.27/arch/x86/include/asm/page_32_types.h linux-2.6.32.27/arch/x86/include/asm/page_32_types.h
---- linux-2.6.32.27/arch/x86/include/asm/page_32_types.h	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.27/arch/x86/include/asm/page_32_types.h	2010-12-31 14:46:53.000000000 -0500
-@@ -15,6 +15,10 @@
-  */
- #define __PAGE_OFFSET		_AC(CONFIG_PAGE_OFFSET, UL)
- 
-+#ifdef CONFIG_PAX_PAGEEXEC
-+#define CONFIG_ARCH_TRACK_EXEC_LIMIT 1
-+#endif
-+
- #ifdef CONFIG_4KSTACKS
- #define THREAD_ORDER	0
- #else
 diff -urNp linux-2.6.32.27/arch/x86/include/asm/page_64_types.h linux-2.6.32.27/arch/x86/include/asm/page_64_types.h
 --- linux-2.6.32.27/arch/x86/include/asm/page_64_types.h	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.27/arch/x86/include/asm/page_64_types.h	2010-12-31 14:46:53.000000000 -0500
@@ -11310,7 +11296,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/efi_stub_32.S linux-2.6.32.27/arch/x8
  efi_rt_function_ptr:
 diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/kernel/entry_32.S
 --- linux-2.6.32.27/arch/x86/kernel/entry_32.S	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.27/arch/x86/kernel/entry_32.S	2010-12-31 14:47:01.000000000 -0500
++++ linux-2.6.32.27/arch/x86/kernel/entry_32.S	2011-01-04 17:42:43.000000000 -0500
 @@ -185,13 +185,81 @@
  	/*CFI_REL_OFFSET gs, PT_GS*/
  .endm
@@ -11578,7 +11564,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/k
  	GET_THREAD_INFO(%ebp)
  	movl $-EFAULT,PT_EAX(%esp)
  	jmp resume_userspace
-@@ -726,6 +845,31 @@ PTREGSCALL(rt_sigreturn)
+@@ -726,6 +845,33 @@ PTREGSCALL(rt_sigreturn)
  PTREGSCALL(vm86)
  PTREGSCALL(vm86old)
  
@@ -11597,9 +11583,11 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/k
 +	pop %ecx
 +	pop %edi
 +	movl $X86_EFLAGS_IF,PT_EFLAGS(%esp)
-+	push %esp
++	mov %eax,PT_EBX(%esp)
++	mov %edx,PT_ECX(%esp)
++	mov %ecx,PT_EDX(%esp)
++	mov %esp,%eax
 +	call sys_execve
-+	add $4,%esp
 +	GET_THREAD_INFO(%ebp)
 +	test %eax,%eax
 +	jz syscall_exit
@@ -11610,7 +11598,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/k
  .macro FIXUP_ESPFIX_STACK
  /*
   * Switch back for ESPFIX stack to the normal zerobased stack
-@@ -735,7 +879,13 @@ PTREGSCALL(vm86old)
+@@ -735,7 +881,13 @@ PTREGSCALL(vm86old)
   * normal stack and adjusts ESP with the matching offset.
   */
  	/* fixup the stack */
@@ -11625,7 +11613,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/k
  	mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */
  	mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */
  	shl $16, %eax
-@@ -1198,7 +1348,6 @@ return_to_handler:
+@@ -1198,7 +1350,6 @@ return_to_handler:
  	ret
  #endif
  
@@ -11633,7 +11621,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/k
  #include "syscall_table_32.S"
  
  syscall_table_size=(.-sys_call_table)
-@@ -1255,9 +1404,12 @@ error_code:
+@@ -1255,9 +1406,12 @@ error_code:
  	movl $-1, PT_ORIG_EAX(%esp)	# no syscall to restart
  	REG_TO_PTGS %ecx
  	SET_KERNEL_GS %ecx
@@ -11647,7 +11635,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/k
  	TRACE_IRQS_OFF
  	movl %esp,%eax			# pt_regs pointer
  	call *%edi
-@@ -1351,6 +1503,9 @@ nmi_stack_correct:
+@@ -1351,6 +1505,9 @@ nmi_stack_correct:
  	xorl %edx,%edx		# zero error code
  	movl %esp,%eax		# pt_regs pointer
  	call do_nmi
@@ -11657,7 +11645,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kernel/entry_32.S linux-2.6.32.27/arch/x86/k
  	jmp restore_all_notrace
  	CFI_ENDPROC
  
-@@ -1391,6 +1546,9 @@ nmi_espfix_stack:
+@@ -1391,6 +1548,9 @@ nmi_espfix_stack:
  	FIXUP_ESPFIX_STACK		# %eax == %esp
  	xorl %edx,%edx			# zero error code
  	call do_nmi
@@ -15846,7 +15834,7 @@ diff -urNp linux-2.6.32.27/arch/x86/kvm/x86.c linux-2.6.32.27/arch/x86/kvm/x86.c
  		printk(KERN_ERR "kvm: already loaded the other module\n");
 diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/lib/checksum_32.S
 --- linux-2.6.32.27/arch/x86/lib/checksum_32.S	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.27/arch/x86/lib/checksum_32.S	2010-12-31 14:47:01.000000000 -0500
++++ linux-2.6.32.27/arch/x86/lib/checksum_32.S	2011-01-04 20:16:11.000000000 -0500
 @@ -28,7 +28,8 @@
  #include <linux/linkage.h>
  #include <asm/dwarf2.h>
@@ -15857,7 +15845,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  /*
   * computes a partial checksum, e.g. for TCP/UDP fragments
   */
-@@ -304,9 +305,22 @@ unsigned int csum_partial_copy_generic (
+@@ -304,9 +305,28 @@ unsigned int csum_partial_copy_generic (
  
  #define ARGBASE 16		
  #define FP		12
@@ -15866,23 +15854,29 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
 +
 +ENTRY(csum_partial_copy_generic_to_user)
  	CFI_STARTPROC
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	pushl %gs
 +	CFI_ADJUST_CFA_OFFSET 4
 +	popl %es
 +	CFI_ADJUST_CFA_OFFSET -4
 +	jmp csum_partial_copy_generic
++#endif
 +
 +ENTRY(csum_partial_copy_generic_from_user)
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	pushl %gs
 +	CFI_ADJUST_CFA_OFFSET 4
 +	popl %ds
 +	CFI_ADJUST_CFA_OFFSET -4
++#endif
 +
 +ENTRY(csum_partial_copy_generic)
  	subl  $4,%esp	
  	CFI_ADJUST_CFA_OFFSET 4
  	pushl %edi
-@@ -331,7 +345,7 @@ ENTRY(csum_partial_copy_generic)
+@@ -331,7 +351,7 @@ ENTRY(csum_partial_copy_generic)
  	jmp 4f
  SRC(1:	movw (%esi), %bx	)
  	addl $2, %esi
@@ -15891,7 +15885,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  	addl $2, %edi
  	addw %bx, %ax	
  	adcl $0, %eax
-@@ -343,30 +357,30 @@ DST(	movw %bx, (%edi)	)
+@@ -343,30 +363,30 @@ DST(	movw %bx, (%edi)	)
  SRC(1:	movl (%esi), %ebx	)
  SRC(	movl 4(%esi), %edx	)
  	adcl %ebx, %eax
@@ -15930,7 +15924,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  
  	lea 32(%esi), %esi
  	lea 32(%edi), %edi
-@@ -380,7 +394,7 @@ DST(	movl %edx, 28(%edi)	)
+@@ -380,7 +400,7 @@ DST(	movl %edx, 28(%edi)	)
  	shrl $2, %edx			# This clears CF
  SRC(3:	movl (%esi), %ebx	)
  	adcl %ebx, %eax
@@ -15939,7 +15933,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  	lea 4(%esi), %esi
  	lea 4(%edi), %edi
  	dec %edx
-@@ -392,12 +406,12 @@ DST(	movl %ebx, (%edi)	)
+@@ -392,12 +412,12 @@ DST(	movl %ebx, (%edi)	)
  	jb 5f
  SRC(	movw (%esi), %cx	)
  	leal 2(%esi), %esi
@@ -15954,7 +15948,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  6:	addl %ecx, %eax
  	adcl $0, %eax
  7:
-@@ -408,7 +422,7 @@ DST(	movb %cl, (%edi)	)
+@@ -408,7 +428,7 @@ DST(	movb %cl, (%edi)	)
  
  6001:
  	movl ARGBASE+20(%esp), %ebx	# src_err_ptr
@@ -15963,7 +15957,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  
  	# zero the complete destination - computing the rest
  	# is too much work 
-@@ -421,11 +435,19 @@ DST(	movb %cl, (%edi)	)
+@@ -421,11 +441,19 @@ DST(	movb %cl, (%edi)	)
  
  6002:
  	movl ARGBASE+24(%esp), %ebx	# dst_err_ptr
@@ -15984,7 +15978,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  	popl %ebx
  	CFI_ADJUST_CFA_OFFSET -4
  	CFI_RESTORE ebx
-@@ -439,26 +461,41 @@ DST(	movb %cl, (%edi)	)
+@@ -439,26 +467,47 @@ DST(	movb %cl, (%edi)	)
  	CFI_ADJUST_CFA_OFFSET -4
  	ret	
  	CFI_ENDPROC
@@ -16015,23 +16009,29 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
 +
 +ENTRY(csum_partial_copy_generic_to_user)
  	CFI_STARTPROC
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	pushl %gs
 +	CFI_ADJUST_CFA_OFFSET 4
 +	popl %es
 +	CFI_ADJUST_CFA_OFFSET -4
 +	jmp csum_partial_copy_generic
++#endif
 +
 +ENTRY(csum_partial_copy_generic_from_user)
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	pushl %gs
 +	CFI_ADJUST_CFA_OFFSET 4
 +	popl %ds
 +	CFI_ADJUST_CFA_OFFSET -4
++#endif
 +
 +ENTRY(csum_partial_copy_generic)
  	pushl %ebx
  	CFI_ADJUST_CFA_OFFSET 4
  	CFI_REL_OFFSET ebx, 0
-@@ -482,7 +519,7 @@ ENTRY(csum_partial_copy_generic)
+@@ -482,7 +531,7 @@ ENTRY(csum_partial_copy_generic)
  	subl %ebx, %edi  
  	lea  -1(%esi),%edx
  	andl $-32,%edx
@@ -16040,7 +16040,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  	testl %esi, %esi 
  	jmp *%ebx
  1:	addl $64,%esi
-@@ -503,19 +540,19 @@ ENTRY(csum_partial_copy_generic)
+@@ -503,19 +552,19 @@ ENTRY(csum_partial_copy_generic)
  	jb 5f
  SRC(	movw (%esi), %dx         )
  	leal 2(%esi), %esi
@@ -16063,7 +16063,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  	# zero the complete destination (computing the rest is too much work)
  	movl ARGBASE+8(%esp),%edi	# dst
  	movl ARGBASE+12(%esp),%ecx	# len
-@@ -523,10 +560,18 @@ DST(	movb %dl, (%edi)         )
+@@ -523,10 +572,18 @@ DST(	movb %dl, (%edi)         )
  	rep; stosb
  	jmp 7b
  6002:	movl ARGBASE+24(%esp), %ebx	# dst_err_ptr
@@ -16083,7 +16083,7 @@ diff -urNp linux-2.6.32.27/arch/x86/lib/checksum_32.S linux-2.6.32.27/arch/x86/l
  	popl %esi
  	CFI_ADJUST_CFA_OFFSET -4
  	CFI_RESTORE esi
-@@ -538,7 +583,7 @@ DST(	movb %dl, (%edi)         )
+@@ -538,7 +595,7 @@ DST(	movb %dl, (%edi)         )
  	CFI_RESTORE ebx
  	ret
  	CFI_ENDPROC
@@ -32681,6 +32681,155 @@ diff -urNp linux-2.6.32.27/fs/ext4/balloc.c linux-2.6.32.27/fs/ext4/balloc.c
  		if (free_blocks >= (nblocks + dirty_blocks))
  			return 1;
  	}
+diff -urNp linux-2.6.32.27/fs/ext4/ext4.h linux-2.6.32.27/fs/ext4/ext4.h
+--- linux-2.6.32.27/fs/ext4/ext4.h	2010-08-29 21:08:20.000000000 -0400
++++ linux-2.6.32.27/fs/ext4/ext4.h	2011-01-04 17:42:43.000000000 -0500
+@@ -1078,19 +1078,19 @@ struct ext4_sb_info {
+ 
+ 	/* stats for buddy allocator */
+ 	spinlock_t s_mb_pa_lock;
+-	atomic_t s_bal_reqs;	/* number of reqs with len > 1 */
+-	atomic_t s_bal_success;	/* we found long enough chunks */
+-	atomic_t s_bal_allocated;	/* in blocks */
+-	atomic_t s_bal_ex_scanned;	/* total extents scanned */
+-	atomic_t s_bal_goals;	/* goal hits */
+-	atomic_t s_bal_breaks;	/* too long searches */
+-	atomic_t s_bal_2orders;	/* 2^order hits */
++	atomic_unchecked_t s_bal_reqs;	/* number of reqs with len > 1 */
++	atomic_unchecked_t s_bal_success;	/* we found long enough chunks */
++	atomic_unchecked_t s_bal_allocated;	/* in blocks */
++	atomic_unchecked_t s_bal_ex_scanned;	/* total extents scanned */
++	atomic_unchecked_t s_bal_goals;	/* goal hits */
++	atomic_unchecked_t s_bal_breaks;	/* too long searches */
++	atomic_unchecked_t s_bal_2orders;	/* 2^order hits */
+ 	spinlock_t s_bal_lock;
+ 	unsigned long s_mb_buddies_generated;
+ 	unsigned long long s_mb_generation_time;
+-	atomic_t s_mb_lost_chunks;
+-	atomic_t s_mb_preallocated;
+-	atomic_t s_mb_discarded;
++	atomic_unchecked_t s_mb_lost_chunks;
++	atomic_unchecked_t s_mb_preallocated;
++	atomic_unchecked_t s_mb_discarded;
+ 	atomic_t s_lock_busy;
+ 
+ 	/* locality groups */
+diff -urNp linux-2.6.32.27/fs/ext4/mballoc.c linux-2.6.32.27/fs/ext4/mballoc.c
+--- linux-2.6.32.27/fs/ext4/mballoc.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.27/fs/ext4/mballoc.c	2011-01-04 17:42:43.000000000 -0500
+@@ -1753,7 +1753,7 @@ void ext4_mb_simple_scan_group(struct ex
+ 		BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
+ 
+ 		if (EXT4_SB(sb)->s_mb_stats)
+-			atomic_inc(&EXT4_SB(sb)->s_bal_2orders);
++			atomic_inc_unchecked(&EXT4_SB(sb)->s_bal_2orders);
+ 
+ 		break;
+ 	}
+@@ -2129,7 +2129,7 @@ repeat:
+ 			ac->ac_status = AC_STATUS_CONTINUE;
+ 			ac->ac_flags |= EXT4_MB_HINT_FIRST;
+ 			cr = 3;
+-			atomic_inc(&sbi->s_mb_lost_chunks);
++			atomic_inc_unchecked(&sbi->s_mb_lost_chunks);
+ 			goto repeat;
+ 		}
+ 	}
+@@ -2532,25 +2532,25 @@ int ext4_mb_release(struct super_block *
+ 	if (sbi->s_mb_stats) {
+ 		printk(KERN_INFO
+ 		       "EXT4-fs: mballoc: %u blocks %u reqs (%u success)\n",
+-				atomic_read(&sbi->s_bal_allocated),
+-				atomic_read(&sbi->s_bal_reqs),
+-				atomic_read(&sbi->s_bal_success));
++				atomic_read_unchecked(&sbi->s_bal_allocated),
++				atomic_read_unchecked(&sbi->s_bal_reqs),
++				atomic_read_unchecked(&sbi->s_bal_success));
+ 		printk(KERN_INFO
+ 		      "EXT4-fs: mballoc: %u extents scanned, %u goal hits, "
+ 				"%u 2^N hits, %u breaks, %u lost\n",
+-				atomic_read(&sbi->s_bal_ex_scanned),
+-				atomic_read(&sbi->s_bal_goals),
+-				atomic_read(&sbi->s_bal_2orders),
+-				atomic_read(&sbi->s_bal_breaks),
+-				atomic_read(&sbi->s_mb_lost_chunks));
++				atomic_read_unchecked(&sbi->s_bal_ex_scanned),
++				atomic_read_unchecked(&sbi->s_bal_goals),
++				atomic_read_unchecked(&sbi->s_bal_2orders),
++				atomic_read_unchecked(&sbi->s_bal_breaks),
++				atomic_read_unchecked(&sbi->s_mb_lost_chunks));
+ 		printk(KERN_INFO
+ 		       "EXT4-fs: mballoc: %lu generated and it took %Lu\n",
+ 				sbi->s_mb_buddies_generated++,
+ 				sbi->s_mb_generation_time);
+ 		printk(KERN_INFO
+ 		       "EXT4-fs: mballoc: %u preallocated, %u discarded\n",
+-				atomic_read(&sbi->s_mb_preallocated),
+-				atomic_read(&sbi->s_mb_discarded));
++				atomic_read_unchecked(&sbi->s_mb_preallocated),
++				atomic_read_unchecked(&sbi->s_mb_discarded));
+ 	}
+ 
+ 	free_percpu(sbi->s_locality_groups);
+@@ -3032,16 +3032,16 @@ static void ext4_mb_collect_stats(struct
+ 	struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
+ 
+ 	if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
+-		atomic_inc(&sbi->s_bal_reqs);
+-		atomic_add(ac->ac_b_ex.fe_len, &sbi->s_bal_allocated);
++		atomic_inc_unchecked(&sbi->s_bal_reqs);
++		atomic_add_unchecked(ac->ac_b_ex.fe_len, &sbi->s_bal_allocated);
+ 		if (ac->ac_o_ex.fe_len >= ac->ac_g_ex.fe_len)
+-			atomic_inc(&sbi->s_bal_success);
+-		atomic_add(ac->ac_found, &sbi->s_bal_ex_scanned);
++			atomic_inc_unchecked(&sbi->s_bal_success);
++		atomic_add_unchecked(ac->ac_found, &sbi->s_bal_ex_scanned);
+ 		if (ac->ac_g_ex.fe_start == ac->ac_b_ex.fe_start &&
+ 				ac->ac_g_ex.fe_group == ac->ac_b_ex.fe_group)
+-			atomic_inc(&sbi->s_bal_goals);
++			atomic_inc_unchecked(&sbi->s_bal_goals);
+ 		if (ac->ac_found > sbi->s_mb_max_to_scan)
+-			atomic_inc(&sbi->s_bal_breaks);
++			atomic_inc_unchecked(&sbi->s_bal_breaks);
+ 	}
+ 
+ 	if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
+@@ -3441,7 +3441,7 @@ ext4_mb_new_inode_pa(struct ext4_allocat
+ 	trace_ext4_mb_new_inode_pa(ac, pa);
+ 
+ 	ext4_mb_use_inode_pa(ac, pa);
+-	atomic_add(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
++	atomic_add_unchecked(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
+ 
+ 	ei = EXT4_I(ac->ac_inode);
+ 	grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
+@@ -3501,7 +3501,7 @@ ext4_mb_new_group_pa(struct ext4_allocat
+ 	trace_ext4_mb_new_group_pa(ac, pa);
+ 
+ 	ext4_mb_use_group_pa(ac, pa);
+-	atomic_add(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
++	atomic_add_unchecked(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated);
+ 
+ 	grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
+ 	lg = ac->ac_lg;
+@@ -3605,7 +3605,7 @@ ext4_mb_release_inode_pa(struct ext4_bud
+ 		 * from the bitmap and continue.
+ 		 */
+ 	}
+-	atomic_add(free, &sbi->s_mb_discarded);
++	atomic_add_unchecked(free, &sbi->s_mb_discarded);
+ 
+ 	return err;
+ }
+@@ -3624,7 +3624,7 @@ ext4_mb_release_group_pa(struct ext4_bud
+ 	ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
+ 	BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
+ 	mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
+-	atomic_add(pa->pa_len, &EXT4_SB(sb)->s_mb_discarded);
++	atomic_add_unchecked(pa->pa_len, &EXT4_SB(sb)->s_mb_discarded);
+ 
+ 	if (ac) {
+ 		ac->ac_sb = sb;
 diff -urNp linux-2.6.32.27/fs/ext4/namei.c linux-2.6.32.27/fs/ext4/namei.c
 --- linux-2.6.32.27/fs/ext4/namei.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.27/fs/ext4/namei.c	2010-12-31 14:46:53.000000000 -0500
@@ -50051,7 +50200,7 @@ diff -urNp linux-2.6.32.27/include/video/uvesafb.h linux-2.6.32.27/include/video
  	u8 *vbe_state_orig;		/*
 diff -urNp linux-2.6.32.27/init/do_mounts.c linux-2.6.32.27/init/do_mounts.c
 --- linux-2.6.32.27/init/do_mounts.c	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.27/init/do_mounts.c	2010-12-31 14:46:53.000000000 -0500
++++ linux-2.6.32.27/init/do_mounts.c	2011-01-04 17:42:43.000000000 -0500
 @@ -216,11 +216,11 @@ static void __init get_fs_names(char *pa
  
  static int __init do_mount_root(char *name, char *fs, int flags, void *data)
@@ -50062,7 +50211,7 @@ diff -urNp linux-2.6.32.27/init/do_mounts.c linux-2.6.32.27/init/do_mounts.c
  		return err;
  
 -	sys_chdir("/root");
-+	sys_chdir((__force char __user *)"/root");
++	sys_chdir((__force const char __user *)"/root");
  	ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
  	printk("VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
  	       current->fs->pwd.mnt->mnt_sb->s_type->name,
@@ -59562,8 +59711,8 @@ diff -urNp linux-2.6.32.27/security/integrity/ima/ima_queue.c linux-2.6.32.27/se
  	return 0;
 diff -urNp linux-2.6.32.27/security/Kconfig linux-2.6.32.27/security/Kconfig
 --- linux-2.6.32.27/security/Kconfig	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.27/security/Kconfig	2010-12-31 14:46:53.000000000 -0500
-@@ -4,6 +4,505 @@
++++ linux-2.6.32.27/security/Kconfig	2011-01-04 17:43:17.000000000 -0500
+@@ -4,6 +4,509 @@
  
  menu "Security options"
  
@@ -59571,6 +59720,9 @@ diff -urNp linux-2.6.32.27/security/Kconfig linux-2.6.32.27/security/Kconfig
 +
 +menu "PaX"
 +
++	config ARCH_TRACK_EXEC_LIMIT
++	bool
++
 +	config PAX_PER_CPU_PGD
 +	bool
 +
@@ -59706,6 +59858,7 @@ diff -urNp linux-2.6.32.27/security/Kconfig linux-2.6.32.27/security/Kconfig
 +	depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
 +	select S390_SWITCH_AMODE if S390
 +	select S390_EXEC_PROTECT if S390
++	select ARCH_TRACK_EXEC_LIMIT if X86_32
 +	help
 +	  This implementation is based on the paging feature of the CPU.
 +	  On i386 without hardware non-executable bit support there is a
@@ -60069,7 +60222,7 @@ diff -urNp linux-2.6.32.27/security/Kconfig linux-2.6.32.27/security/Kconfig
  config KEYS
  	bool "Enable access key retention support"
  	help
-@@ -146,7 +645,7 @@ config INTEL_TXT
+@@ -146,7 +649,7 @@ config INTEL_TXT
  config LSM_MMAP_MIN_ADDR
  	int "Low address space for LSM to protect from user allocation"
  	depends on SECURITY && SECURITY_SELINUX
diff --git a/2.6.32/4425_grsec-pax-without-grsec.patch b/2.6.32/4425_grsec-pax-without-grsec.patch
index 7c55b40..28e375c 100644
--- a/2.6.32/4425_grsec-pax-without-grsec.patch
+++ b/2.6.32/4425_grsec-pax-without-grsec.patch
@@ -81,7 +81,7 @@ The original version of this patch contained no credits/description.
  	do_group_exit(SIGKILL);
 --- a/security/Kconfig
 +++ b/security/Kconfig
-@@ -23,7 +23,7 @@
+@@ -26,7 +26,7 @@
  	
  config PAX
  	bool "Enable various PaX features"
author	Anthony G. Basile <basile@opensource.dyc.edu>	2011-01-05 10:42:12 -0500
committer	Anthony G. Basile <basile@opensource.dyc.edu>	2011-01-05 10:42:12 -0500
commit	664fef0e3af31d1285b7bf643998a5a058c14690 (patch)
tree	b2b855b236b688ea51b85b7d82f1099d84be7fd0 /2.6.32
parent	Added script to reverse apply patchset (diff)
download	hardened-patchset-664fef0e3af31d1285b7bf643998a5a058c14690.tar.gz hardened-patchset-664fef0e3af31d1285b7bf643998a5a058c14690.tar.bz2 hardened-patchset-664fef0e3af31d1285b7bf643998a5a058c14690.zip