diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-07-12 17:25:09 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-07-12 17:25:09 -0400 |
commit | a912671d9622a0865bbdd57917de86388db3ffef (patch) | |
tree | 2c2af46d78e2fb42a322e5c6b4f5858b322dc275 /2.6.32 | |
parent | Update Grsec/PaX (diff) | |
download | hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.tar.gz hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.tar.bz2 hardened-patchset-a912671d9622a0865bbdd57917de86388db3ffef.zip |
Update Grsec/PaX20110709
2.2.2-2.6.32.42-201107090923
2.2.2-2.6.39.3-201107090923
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107090923.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch) | 443 |
2 files changed, 360 insertions, 85 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 73ac723..eb47dd6 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.42-201107090923.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107090923.patch index 568fb06..cb632f3 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107011911.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.42-201107090923.patch @@ -381,6 +381,20 @@ diff -urNp linux-2.6.32.42/arch/arm/include/asm/uaccess.h linux-2.6.32.42/arch/a if (access_ok(VERIFY_WRITE, to, n)) n = __copy_to_user(to, from, n); return n; +diff -urNp linux-2.6.32.42/arch/arm/kernel/armksyms.c linux-2.6.32.42/arch/arm/kernel/armksyms.c +--- linux-2.6.32.42/arch/arm/kernel/armksyms.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.42/arch/arm/kernel/armksyms.c 2011-07-06 19:51:50.000000000 -0400 +@@ -118,8 +118,8 @@ EXPORT_SYMBOL(__strncpy_from_user); + #ifdef CONFIG_MMU + EXPORT_SYMBOL(copy_page); + +-EXPORT_SYMBOL(__copy_from_user); +-EXPORT_SYMBOL(__copy_to_user); ++EXPORT_SYMBOL(___copy_from_user); ++EXPORT_SYMBOL(___copy_to_user); + EXPORT_SYMBOL(__clear_user); + + EXPORT_SYMBOL(__get_user_1); diff -urNp linux-2.6.32.42/arch/arm/kernel/kgdb.c linux-2.6.32.42/arch/arm/kernel/kgdb.c --- linux-2.6.32.42/arch/arm/kernel/kgdb.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.42/arch/arm/kernel/kgdb.c 2011-04-17 15:56:45.000000000 -0400 @@ -3803,13 +3817,13 @@ diff -urNp linux-2.6.32.42/arch/sparc/include/asm/atomic_64.h linux-2.6.32.42/ar #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff -urNp linux-2.6.32.42/arch/sparc/include/asm/cache.h linux-2.6.32.42/arch/sparc/include/asm/cache.h --- linux-2.6.32.42/arch/sparc/include/asm/cache.h 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/arch/sparc/include/asm/cache.h 2011-05-17 19:26:34.000000000 -0400 ++++ linux-2.6.32.42/arch/sparc/include/asm/cache.h 2011-07-06 19:53:33.000000000 -0400 @@ -8,7 +8,7 @@ #define _SPARC_CACHE_H #define L1_CACHE_SHIFT 5 -#define L1_CACHE_BYTES 32 -+#define L1_CACHE_BYTES 32U ++#define L1_CACHE_BYTES 32UL #define L1_CACHE_ALIGN(x) ((((x)+(L1_CACHE_BYTES-1))&~(L1_CACHE_BYTES-1))) #ifdef CONFIG_SPARC32 @@ -8093,13 +8107,13 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/cacheflush.h linux-2.6.32.42/arc break; diff -urNp linux-2.6.32.42/arch/x86/include/asm/cache.h linux-2.6.32.42/arch/x86/include/asm/cache.h --- linux-2.6.32.42/arch/x86/include/asm/cache.h 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/arch/x86/include/asm/cache.h 2011-05-04 17:56:20.000000000 -0400 ++++ linux-2.6.32.42/arch/x86/include/asm/cache.h 2011-07-06 19:53:33.000000000 -0400 @@ -5,9 +5,10 @@ /* L1 cache line size */ #define L1_CACHE_SHIFT (CONFIG_X86_L1_CACHE_SHIFT) -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) -+#define L1_CACHE_BYTES (_AC(1,U) << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) #define __read_mostly __attribute__((__section__(".data.read_mostly"))) +#define __read_only __attribute__((__section__(".data.read_only"))) @@ -10215,7 +10229,16 @@ diff -urNp linux-2.6.32.42/arch/x86/include/asm/spinlock.h linux-2.6.32.42/arch/ diff -urNp linux-2.6.32.42/arch/x86/include/asm/stackprotector.h linux-2.6.32.42/arch/x86/include/asm/stackprotector.h --- linux-2.6.32.42/arch/x86/include/asm/stackprotector.h 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/arch/x86/include/asm/stackprotector.h 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.42/arch/x86/include/asm/stackprotector.h 2011-07-06 19:53:33.000000000 -0400 +@@ -48,7 +48,7 @@ + * head_32 for boot CPU and setup_per_cpu_areas() for others. + */ + #define GDT_STACK_CANARY_INIT \ +- [GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x18), ++ [GDT_ENTRY_STACK_CANARY] = GDT_ENTRY_INIT(0x4090, 0, 0x17), + + /* + * Initialize the stackprotector canary value. @@ -113,7 +113,7 @@ static inline void setup_stack_canary_se static inline void load_stack_canary_segment(void) @@ -13992,7 +14015,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head32.c linux-2.6.32.42/arch/x86/ker /* Reserve INITRD */ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/kernel/head_32.S --- linux-2.6.32.42/arch/x86/kernel/head_32.S 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/arch/x86/kernel/head_32.S 2011-07-01 19:09:03.000000000 -0400 ++++ linux-2.6.32.42/arch/x86/kernel/head_32.S 2011-07-06 19:53:33.000000000 -0400 @@ -19,10 +19,17 @@ #include <asm/setup.h> #include <asm/processor-flags.h> @@ -14506,7 +14529,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/head_32.S linux-2.6.32.42/arch/x86/ke + + .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */ + .quad 0x0040930000000000 /* 0xd8 - PERCPU */ -+ .quad 0x0040910000000018 /* 0xe0 - STACK_CANARY */ ++ .quad 0x0040910000000017 /* 0xe0 - STACK_CANARY */ + .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */ + .quad 0x0000000000000000 /* 0xf0 - PCIBIOS_DS */ + .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */ @@ -14892,7 +14915,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/ioport.c linux-2.6.32.42/arch/x86/ker } diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/kernel/irq_32.c --- linux-2.6.32.42/arch/x86/kernel/irq_32.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/arch/x86/kernel/irq_32.c 2011-04-23 13:26:46.000000000 -0400 ++++ linux-2.6.32.42/arch/x86/kernel/irq_32.c 2011-07-06 19:53:33.000000000 -0400 @@ -35,7 +35,7 @@ static int check_stack_overflow(void) __asm__ __volatile__("andl %%esp,%0" : "=r" (sp) : "0" (THREAD_SIZE - 1)); @@ -14927,7 +14950,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker irqctx = __get_cpu_var(hardirq_ctx); /* -@@ -90,21 +89,17 @@ execute_on_irq_stack(int overflow, struc +@@ -90,21 +89,16 @@ execute_on_irq_stack(int overflow, struc * handler) we can't do that and just have to keep using the * current stack (which is the irq stack already after all) */ @@ -14941,7 +14964,6 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker - irqctx->tinfo.previous_esp = current_stack_pointer; + isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8); + irqctx->previous_esp = current_stack_pointer; -+ add_preempt_count(HARDIRQ_OFFSET); - /* - * Copy the softirq bits in preempt_count so that the @@ -14956,7 +14978,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker if (unlikely(overflow)) call_on_stack(print_stack_overflow, isp); -@@ -116,6 +111,12 @@ execute_on_irq_stack(int overflow, struc +@@ -116,6 +110,11 @@ execute_on_irq_stack(int overflow, struc : "0" (irq), "1" (desc), "2" (isp), "D" (desc->handle_irq) : "memory", "cc", "ecx"); @@ -14965,11 +14987,10 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker + __set_fs(current_thread_info()->addr_limit); +#endif + -+ sub_preempt_count(HARDIRQ_OFFSET); return 1; } -@@ -124,28 +125,11 @@ execute_on_irq_stack(int overflow, struc +@@ -124,28 +123,11 @@ execute_on_irq_stack(int overflow, struc */ void __cpuinit irq_ctx_init(int cpu) { @@ -15000,7 +15021,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -159,7 +143,6 @@ void irq_ctx_exit(int cpu) +@@ -159,7 +141,6 @@ void irq_ctx_exit(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -15008,7 +15029,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/irq_32.c linux-2.6.32.42/arch/x86/ker union irq_ctx *irqctx; u32 *isp; -@@ -169,15 +152,22 @@ asmlinkage void do_softirq(void) +@@ -169,15 +150,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); if (local_softirq_pending()) { @@ -17109,7 +17130,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/trampoline_64.S linux-2.6.32.42/arch/ .quad 0x00cf9b000000ffff # __KERNEL32_CS diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kernel/traps.c --- linux-2.6.32.42/arch/x86/kernel/traps.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/arch/x86/kernel/traps.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.42/arch/x86/kernel/traps.c 2011-07-06 19:53:33.000000000 -0400 @@ -69,12 +69,6 @@ asmlinkage int system_call(void); /* Do we ignore FPU interrupts ? */ @@ -17232,7 +17253,25 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern die("general protection fault", regs, error_code); } -@@ -558,7 +587,7 @@ dotraplinkage void __kprobes do_debug(st +@@ -435,6 +464,17 @@ static notrace __kprobes void default_do + dotraplinkage notrace __kprobes void + do_nmi(struct pt_regs *regs, long error_code) + { ++ ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++ if (!user_mode(regs)) { ++ unsigned long cs = regs->cs & 0xFFFF; ++ unsigned long ip = ktva_ktla(regs->ip); ++ ++ if ((cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) && ip <= (unsigned long)_etext) ++ regs->ip = ip; ++ } ++#endif ++ + nmi_enter(); + + inc_irq_stat(__nmi_count); +@@ -558,7 +598,7 @@ dotraplinkage void __kprobes do_debug(st } #ifdef CONFIG_X86_32 @@ -17241,7 +17280,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern goto debug_vm86; #endif -@@ -570,7 +599,7 @@ dotraplinkage void __kprobes do_debug(st +@@ -570,7 +610,7 @@ dotraplinkage void __kprobes do_debug(st * kernel space (but re-enable TF when returning to user mode). */ if (condition & DR_STEP) { @@ -17250,7 +17289,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern goto clear_TF_reenable; } -@@ -757,7 +786,7 @@ do_simd_coprocessor_error(struct pt_regs +@@ -757,7 +797,7 @@ do_simd_coprocessor_error(struct pt_regs * Handle strange cache flush from user space exception * in all other cases. This is undocumented behaviour. */ @@ -17259,7 +17298,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern handle_vm86_fault((struct kernel_vm86_regs *)regs, error_code); return; } -@@ -798,7 +827,7 @@ asmlinkage void __attribute__((weak)) sm +@@ -798,7 +838,7 @@ asmlinkage void __attribute__((weak)) sm void __math_state_restore(void) { struct thread_info *thread = current_thread_info(); @@ -17268,7 +17307,7 @@ diff -urNp linux-2.6.32.42/arch/x86/kernel/traps.c linux-2.6.32.42/arch/x86/kern /* * Paranoid restore. send a SIGSEGV if we fail to restore the state. -@@ -825,8 +854,7 @@ void __math_state_restore(void) +@@ -825,8 +865,7 @@ void __math_state_restore(void) */ asmlinkage void math_state_restore(void) { @@ -21961,7 +22000,16 @@ diff -urNp linux-2.6.32.42/arch/x86/mm/mmap.c linux-2.6.32.42/arch/x86/mm/mmap.c } diff -urNp linux-2.6.32.42/arch/x86/mm/mmio-mod.c linux-2.6.32.42/arch/x86/mm/mmio-mod.c --- linux-2.6.32.42/arch/x86/mm/mmio-mod.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/arch/x86/mm/mmio-mod.c 2011-05-04 17:56:28.000000000 -0400 ++++ linux-2.6.32.42/arch/x86/mm/mmio-mod.c 2011-07-06 19:53:33.000000000 -0400 +@@ -193,7 +193,7 @@ static void pre(struct kmmio_probe *p, s + break; + default: + { +- unsigned char *ip = (unsigned char *)instptr; ++ unsigned char *ip = (unsigned char *)ktla_ktva(instptr); + my_trace->opcode = MMIO_UNKNOWN_OP; + my_trace->width = 0; + my_trace->value = (*ip) << 16 | *(ip + 1) << 8 | @@ -233,7 +233,7 @@ static void post(struct kmmio_probe *p, static void ioremap_trace_core(resource_size_t offset, unsigned long size, void __iomem *addr) @@ -22132,6 +22180,54 @@ diff -urNp linux-2.6.32.42/arch/x86/mm/pat.c linux-2.6.32.42/arch/x86/mm/pat.c cattr_name(want_flags), (unsigned long long)paddr, (unsigned long long)(paddr + size), +diff -urNp linux-2.6.32.42/arch/x86/mm/pf_in.c linux-2.6.32.42/arch/x86/mm/pf_in.c +--- linux-2.6.32.42/arch/x86/mm/pf_in.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.42/arch/x86/mm/pf_in.c 2011-07-06 19:53:33.000000000 -0400 +@@ -148,7 +148,7 @@ enum reason_type get_ins_type(unsigned l + int i; + enum reason_type rv = OTHERS; + +- p = (unsigned char *)ins_addr; ++ p = (unsigned char *)ktla_ktva(ins_addr); + p += skip_prefix(p, &prf); + p += get_opcode(p, &opcode); + +@@ -168,7 +168,7 @@ static unsigned int get_ins_reg_width(un + struct prefix_bits prf; + int i; + +- p = (unsigned char *)ins_addr; ++ p = (unsigned char *)ktla_ktva(ins_addr); + p += skip_prefix(p, &prf); + p += get_opcode(p, &opcode); + +@@ -191,7 +191,7 @@ unsigned int get_ins_mem_width(unsigned + struct prefix_bits prf; + int i; + +- p = (unsigned char *)ins_addr; ++ p = (unsigned char *)ktla_ktva(ins_addr); + p += skip_prefix(p, &prf); + p += get_opcode(p, &opcode); + +@@ -417,7 +417,7 @@ unsigned long get_ins_reg_val(unsigned l + int i; + unsigned long rv; + +- p = (unsigned char *)ins_addr; ++ p = (unsigned char *)ktla_ktva(ins_addr); + p += skip_prefix(p, &prf); + p += get_opcode(p, &opcode); + for (i = 0; i < ARRAY_SIZE(reg_rop); i++) +@@ -472,7 +472,7 @@ unsigned long get_ins_imm_val(unsigned l + int i; + unsigned long rv; + +- p = (unsigned char *)ins_addr; ++ p = (unsigned char *)ktla_ktva(ins_addr); + p += skip_prefix(p, &prf); + p += get_opcode(p, &opcode); + for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff -urNp linux-2.6.32.42/arch/x86/mm/pgtable_32.c linux-2.6.32.42/arch/x86/mm/pgtable_32.c --- linux-2.6.32.42/arch/x86/mm/pgtable_32.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.42/arch/x86/mm/pgtable_32.c 2011-04-17 15:56:46.000000000 -0400 @@ -23619,6 +23715,27 @@ diff -urNp linux-2.6.32.42/block/scsi_ioctl.c linux-2.6.32.42/block/scsi_ioctl.c if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff -urNp linux-2.6.32.42/crypto/gf128mul.c linux-2.6.32.42/crypto/gf128mul.c +--- linux-2.6.32.42/crypto/gf128mul.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.42/crypto/gf128mul.c 2011-07-06 19:53:33.000000000 -0400 +@@ -182,7 +182,7 @@ void gf128mul_lle(be128 *r, const be128 + for (i = 0; i < 7; ++i) + gf128mul_x_lle(&p[i + 1], &p[i]); + +- memset(r, 0, sizeof(r)); ++ memset(r, 0, sizeof(*r)); + for (i = 0;;) { + u8 ch = ((u8 *)b)[15 - i]; + +@@ -220,7 +220,7 @@ void gf128mul_bbe(be128 *r, const be128 + for (i = 0; i < 7; ++i) + gf128mul_x_bbe(&p[i + 1], &p[i]); + +- memset(r, 0, sizeof(r)); ++ memset(r, 0, sizeof(*r)); + for (i = 0;;) { + u8 ch = ((u8 *)b)[i]; + diff -urNp linux-2.6.32.42/crypto/serpent.c linux-2.6.32.42/crypto/serpent.c --- linux-2.6.32.42/crypto/serpent.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.42/crypto/serpent.c 2011-05-16 21:46:57.000000000 -0400 @@ -38227,7 +38344,7 @@ diff -urNp linux-2.6.32.42/fs/ecryptfs/inode.c linux-2.6.32.42/fs/ecryptfs/inode goto out_free; diff -urNp linux-2.6.32.42/fs/exec.c linux-2.6.32.42/fs/exec.c --- linux-2.6.32.42/fs/exec.c 2011-06-25 12:55:34.000000000 -0400 -+++ linux-2.6.32.42/fs/exec.c 2011-06-25 12:56:37.000000000 -0400 ++++ linux-2.6.32.42/fs/exec.c 2011-07-06 19:53:33.000000000 -0400 @@ -56,12 +56,24 @@ #include <linux/fsnotify.h> #include <linux/fs_struct.h> @@ -38710,7 +38827,7 @@ diff -urNp linux-2.6.32.42/fs/exec.c linux-2.6.32.42/fs/exec.c +} + + -+void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) ++NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) +{ + if (current->signal->curr_ip) + printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", @@ -41067,8 +41184,57 @@ diff -urNp linux-2.6.32.42/fs/lockd/svc.c linux-2.6.32.42/fs/lockd/svc.c static DEFINE_MUTEX(nlmsvc_mutex); diff -urNp linux-2.6.32.42/fs/locks.c linux-2.6.32.42/fs/locks.c --- linux-2.6.32.42/fs/locks.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/fs/locks.c 2011-04-17 15:56:46.000000000 -0400 -@@ -2007,16 +2007,16 @@ void locks_remove_flock(struct file *fil ++++ linux-2.6.32.42/fs/locks.c 2011-07-06 19:47:11.000000000 -0400 +@@ -145,10 +145,28 @@ static LIST_HEAD(blocked_list); + + static struct kmem_cache *filelock_cache __read_mostly; + ++static void locks_init_lock_always(struct file_lock *fl) ++{ ++ fl->fl_next = NULL; ++ fl->fl_fasync = NULL; ++ fl->fl_owner = NULL; ++ fl->fl_pid = 0; ++ fl->fl_nspid = NULL; ++ fl->fl_file = NULL; ++ fl->fl_flags = 0; ++ fl->fl_type = 0; ++ fl->fl_start = fl->fl_end = 0; ++} ++ + /* Allocate an empty lock structure. */ + static struct file_lock *locks_alloc_lock(void) + { +- return kmem_cache_alloc(filelock_cache, GFP_KERNEL); ++ struct file_lock *fl = kmem_cache_alloc(filelock_cache, GFP_KERNEL); ++ ++ if (fl) ++ locks_init_lock_always(fl); ++ ++ return fl; + } + + void locks_release_private(struct file_lock *fl) +@@ -183,17 +201,9 @@ void locks_init_lock(struct file_lock *f + INIT_LIST_HEAD(&fl->fl_link); + INIT_LIST_HEAD(&fl->fl_block); + init_waitqueue_head(&fl->fl_wait); +- fl->fl_next = NULL; +- fl->fl_fasync = NULL; +- fl->fl_owner = NULL; +- fl->fl_pid = 0; +- fl->fl_nspid = NULL; +- fl->fl_file = NULL; +- fl->fl_flags = 0; +- fl->fl_type = 0; +- fl->fl_start = fl->fl_end = 0; + fl->fl_ops = NULL; + fl->fl_lmops = NULL; ++ locks_init_lock_always(fl); + } + + EXPORT_SYMBOL(locks_init_lock); +@@ -2007,16 +2017,16 @@ void locks_remove_flock(struct file *fil return; if (filp->f_op && filp->f_op->flock) { @@ -41666,7 +41832,16 @@ diff -urNp linux-2.6.32.42/fs/ncpfs/inode.c linux-2.6.32.42/fs/ncpfs/inode.c if (!server) diff -urNp linux-2.6.32.42/fs/nfs/inode.c linux-2.6.32.42/fs/nfs/inode.c --- linux-2.6.32.42/fs/nfs/inode.c 2011-05-10 22:12:01.000000000 -0400 -+++ linux-2.6.32.42/fs/nfs/inode.c 2011-05-10 22:12:33.000000000 -0400 ++++ linux-2.6.32.42/fs/nfs/inode.c 2011-07-06 19:53:33.000000000 -0400 +@@ -156,7 +156,7 @@ static void nfs_zap_caches_locked(struct + nfsi->attrtimeo = NFS_MINATTRTIMEO(inode); + nfsi->attrtimeo_timestamp = jiffies; + +- memset(NFS_COOKIEVERF(inode), 0, sizeof(NFS_COOKIEVERF(inode))); ++ memset(NFS_COOKIEVERF(inode), 0, sizeof(NFS_I(inode)->cookieverf)); + if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) + nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE; + else @@ -973,16 +973,16 @@ static int nfs_size_need_update(const st return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -52973,7 +53148,7 @@ diff -urNp linux-2.6.32.42/grsecurity/grsum.c linux-2.6.32.42/grsecurity/grsum.c +} diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig --- linux-2.6.32.42/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.42/grsecurity/Kconfig 2011-06-29 20:55:13.000000000 -0400 ++++ linux-2.6.32.42/grsecurity/Kconfig 2011-07-06 19:57:57.000000000 -0400 @@ -0,0 +1,1047 @@ +# +# grecurity configuration @@ -53053,7 +53228,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig + select PAX_ASLR + select PAX_RANDMMAP + select PAX_REFCOUNT if (X86 || SPARC64) -+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB)) ++ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB)) + + help + If you say Y here, several features in addition to those included @@ -53138,7 +53313,7 @@ diff -urNp linux-2.6.32.42/grsecurity/Kconfig linux-2.6.32.42/grsecurity/Kconfig + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) + select PAX_ELFRELOCS if (PAX_ETEXECRELOCS || (IA64 || PPC || X86)) + select PAX_REFCOUNT if (X86 || SPARC64) -+ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB)) ++ select PAX_USERCOPY if ((X86 || SPARC || PPC || ARM) && (SLAB || SLUB || SLOB)) + help + If you say Y here, many of the features of grsecurity will be + enabled, which will protect you against many kinds of attacks @@ -54362,15 +54537,15 @@ diff -urNp linux-2.6.32.42/include/asm-generic/atomic-long.h linux-2.6.32.42/inc #endif /* _ASM_GENERIC_ATOMIC_LONG_H */ diff -urNp linux-2.6.32.42/include/asm-generic/cache.h linux-2.6.32.42/include/asm-generic/cache.h --- linux-2.6.32.42/include/asm-generic/cache.h 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/include/asm-generic/cache.h 2011-05-04 17:56:28.000000000 -0400 ++++ linux-2.6.32.42/include/asm-generic/cache.h 2011-07-06 19:53:33.000000000 -0400 @@ -6,7 +6,7 @@ * cache lines need to provide their own cache.h. */ -#define L1_CACHE_SHIFT 5 -#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) -+#define L1_CACHE_SHIFT 5U -+#define L1_CACHE_BYTES (1U << L1_CACHE_SHIFT) ++#define L1_CACHE_SHIFT 5UL ++#define L1_CACHE_BYTES (1UL << L1_CACHE_SHIFT) #endif /* __ASM_GENERIC_CACHE_H */ diff -urNp linux-2.6.32.42/include/asm-generic/dma-mapping-common.h linux-2.6.32.42/include/asm-generic/dma-mapping-common.h @@ -57374,7 +57549,7 @@ diff -urNp linux-2.6.32.42/include/linux/reiserfs_fs_sb.h linux-2.6.32.42/includ on-disk FS format */ diff -urNp linux-2.6.32.42/include/linux/sched.h linux-2.6.32.42/include/linux/sched.h --- linux-2.6.32.42/include/linux/sched.h 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/include/linux/sched.h 2011-06-04 20:42:54.000000000 -0400 ++++ linux-2.6.32.42/include/linux/sched.h 2011-07-06 19:53:33.000000000 -0400 @@ -101,6 +101,7 @@ struct bio; struct fs_struct; struct bts_context; @@ -57565,10 +57740,10 @@ diff -urNp linux-2.6.32.42/include/linux/sched.h linux-2.6.32.42/include/linux/s +extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm); +#endif + -+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); -+void pax_report_insns(void *pc, void *sp); -+void pax_report_refcount_overflow(struct pt_regs *regs); -+void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type); ++extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); ++extern void pax_report_insns(void *pc, void *sp); ++extern void pax_report_refcount_overflow(struct pt_regs *regs); ++extern NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) ATTRIB_NORET; + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK +extern void pax_track_stack(void); @@ -57658,7 +57833,7 @@ diff -urNp linux-2.6.32.42/include/linux/shm.h linux-2.6.32.42/include/linux/shm /* shm_mode upper byte flags */ diff -urNp linux-2.6.32.42/include/linux/skbuff.h linux-2.6.32.42/include/linux/skbuff.h --- linux-2.6.32.42/include/linux/skbuff.h 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/include/linux/skbuff.h 2011-05-04 17:56:20.000000000 -0400 ++++ linux-2.6.32.42/include/linux/skbuff.h 2011-07-06 19:53:33.000000000 -0400 @@ -544,7 +544,7 @@ static inline union skb_shared_tx *skb_t */ static inline int skb_queue_empty(const struct sk_buff_head *list) @@ -57691,7 +57866,7 @@ diff -urNp linux-2.6.32.42/include/linux/skbuff.h linux-2.6.32.42/include/linux/ */ #ifndef NET_SKB_PAD -#define NET_SKB_PAD 32 -+#define NET_SKB_PAD (_AC(32,U)) ++#define NET_SKB_PAD (_AC(32,UL)) #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); @@ -63600,7 +63775,7 @@ diff -urNp linux-2.6.32.42/localversion-grsec linux-2.6.32.42/localversion-grsec +-grsec diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile --- linux-2.6.32.42/Makefile 2011-06-25 12:55:34.000000000 -0400 -+++ linux-2.6.32.42/Makefile 2011-06-25 12:56:37.000000000 -0400 ++++ linux-2.6.32.42/Makefile 2011-07-09 09:13:08.000000000 -0400 @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" HOSTCC = gcc @@ -63626,6 +63801,17 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile KBUILD_AFLAGS := -D__ASSEMBLY__ # Read KERNELRELEASE from include/config/kernel.release (if it exists) +@@ -376,8 +379,8 @@ export RCS_TAR_IGNORE := --exclude SCCS + # Rules shared between *config targets and build targets + + # Basic helpers built in scripts/ +-PHONY += scripts_basic +-scripts_basic: ++PHONY += scripts_basic pax-plugin ++scripts_basic: pax-plugin + $(Q)$(MAKE) $(build)=scripts/basic + + # To avoid any implicit rule to kick in, define an empty command. @@ -403,7 +406,7 @@ endif # of make so .config is not included in this case either (for *config). @@ -63635,22 +63821,10 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -644,7 +647,7 @@ export mod_strip_cmd +@@ -528,6 +531,18 @@ endif + include $(srctree)/arch/$(SRCARCH)/Makefile - ifeq ($(KBUILD_EXTMOD),) --core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ -+core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/ - - vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ - $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -949,7 +952,19 @@ include/config/kernel.release: include/c - # version.h and scripts_basic is processed / created. - - # Listed in dependency order --PHONY += prepare archprepare prepare0 prepare1 prepare2 prepare3 -+PHONY += prepare archprepare prepare0 prepare1 prepare2 prepare3 pax-plugin -+ +ifeq ($(CONFIG_PAX_MEMORY_STACKLEAK),y) +KBUILD_CFLAGS += $(call cc-ifversion, -ge, 0405, -fplugin=$(objtree)/tools/gcc/pax_plugin.so -fplugin-arg-pax_plugin-track-lowest-sp=100) +endif @@ -63662,9 +63836,19 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile + $(Q)echo "warning, your gcc does not support plugins, PAX_MEMORY_STACKLEAK will be less secure" +endif +endif ++ + ifneq ($(CONFIG_FRAME_WARN),0) + KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN}) + endif +@@ -644,7 +659,7 @@ export mod_strip_cmd + + + ifeq ($(KBUILD_EXTMOD),) +-core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ ++core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/ - # prepare3 is used to check if we are building in a separate output directory, - # and if so do: + vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ + $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ @@ -970,7 +985,7 @@ ifneq ($(KBUILD_SRC),) endif @@ -63691,6 +63875,15 @@ diff -urNp linux-2.6.32.42/Makefile linux-2.6.32.42/Makefile @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ +@@ -1421,7 +1437,7 @@ clean: $(clean-dirs) + $(call cmd,rmdirs) + $(call cmd,rmfiles) + @find $(KBUILD_EXTMOD) $(RCS_FIND_IGNORE) \ +- \( -name '*.[oas]' -o -name '*.ko' -o -name '.*.cmd' \ ++ \( -name '*.[oas]' -o -name '*.[ks]o' -o -name '.*.cmd' \ + -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \ + -o -name '*.gcno' \) -type f -print | xargs rm -f + @@ -1445,7 +1461,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -63866,6 +64059,17 @@ diff -urNp linux-2.6.32.42/mm/hugetlb.c linux-2.6.32.42/mm/hugetlb.c ptep = huge_pte_alloc(mm, address, huge_page_size(h)); if (!ptep) return VM_FAULT_OOM; +diff -urNp linux-2.6.32.42/mm/internal.h linux-2.6.32.42/mm/internal.h +--- linux-2.6.32.42/mm/internal.h 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.42/mm/internal.h 2011-07-09 09:13:08.000000000 -0400 +@@ -49,6 +49,7 @@ extern void putback_lru_page(struct page + * in mm/page_alloc.c + */ + extern void __free_pages_bootmem(struct page *page, unsigned int order); ++extern void free_compound_page(struct page *page); + extern void prep_compound_page(struct page *page, unsigned long order); + + diff -urNp linux-2.6.32.42/mm/Kconfig linux-2.6.32.42/mm/Kconfig --- linux-2.6.32.42/mm/Kconfig 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.42/mm/Kconfig 2011-04-17 15:56:46.000000000 -0400 @@ -66372,7 +66576,16 @@ diff -urNp linux-2.6.32.42/mm/nommu.c linux-2.6.32.42/mm/nommu.c */ diff -urNp linux-2.6.32.42/mm/page_alloc.c linux-2.6.32.42/mm/page_alloc.c --- linux-2.6.32.42/mm/page_alloc.c 2011-06-25 12:55:35.000000000 -0400 -+++ linux-2.6.32.42/mm/page_alloc.c 2011-06-25 12:56:37.000000000 -0400 ++++ linux-2.6.32.42/mm/page_alloc.c 2011-07-09 09:13:08.000000000 -0400 +@@ -289,7 +289,7 @@ out: + * This usage means that zero-order pages may not be compound. + */ + +-static void free_compound_page(struct page *page) ++void free_compound_page(struct page *page) + { + __free_pages_ok(page, compound_order(page)); + } @@ -587,6 +587,10 @@ static void __free_pages_ok(struct page int bad = 0; int wasMlocked = __TestClearPageMlocked(page); @@ -66687,7 +66900,7 @@ diff -urNp linux-2.6.32.42/mm/slab.c linux-2.6.32.42/mm/slab.c * @objp: Pointer to the object diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c --- linux-2.6.32.42/mm/slob.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/mm/slob.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.42/mm/slob.c 2011-07-06 19:53:33.000000000 -0400 @@ -29,7 +29,7 @@ * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls * alloc_pages() directly, allocating compound pages so the page order @@ -66806,7 +67019,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c ret = (void *)m + align; trace_kmalloc_node(_RET_IP_, ret, -@@ -501,9 +506,9 @@ void *__kmalloc_node(size_t size, gfp_t +@@ -501,16 +506,25 @@ void *__kmalloc_node(size_t size, gfp_t ret = slob_new_pages(gfp | __GFP_COMP, get_order(size), node); if (ret) { @@ -66819,21 +67032,24 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c } trace_kmalloc_node(_RET_IP_, ret, -@@ -513,6 +518,13 @@ void *__kmalloc_node(size_t size, gfp_t - kmemleak_alloc(ret, size, 1, gfp); - return ret; - } + size, PAGE_SIZE << order, gfp, node); + } + +- kmemleak_alloc(ret, size, 1, gfp); ++ return ret; ++} + +void *__kmalloc_node(size_t size, gfp_t gfp, int node) +{ + int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); ++ void *ret = __kmalloc_node_align(size, gfp, node, align); + -+ return __kmalloc_node_align(size, gfp, node, align); -+} ++ if (!ZERO_OR_NULL_PTR(ret)) ++ kmemleak_alloc(ret, size, 1, gfp); + return ret; + } EXPORT_SYMBOL(__kmalloc_node); - - void kfree(const void *block) -@@ -528,13 +540,81 @@ void kfree(const void *block) +@@ -528,13 +542,88 @@ void kfree(const void *block) sp = slob_page(block); if (is_slob_page(sp)) { int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); @@ -66858,6 +67074,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c + struct slob_page *sp; + const slob_t *free; + const void *base; ++ unsigned long flags; + + if (!n) + return; @@ -66883,6 +67100,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c + } + + /* some tricky double walking to find the chunk */ ++ spin_lock_irqsave(&slob_lock, flags); + base = (void *)((unsigned long)ptr & PAGE_MASK); + free = sp->free; + @@ -66897,17 +67115,22 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c + int offset; + + if (ptr < base + align) -+ goto report; ++ break; + + offset = ptr - base - align; -+ if (offset < m) { -+ if (n <= m - offset) -+ return; -+ goto report; ++ if (offset >= m) { ++ base += size; ++ continue; + } -+ base += size; ++ ++ if (n > m - offset) ++ break; ++ ++ spin_unlock_irqrestore(&slob_lock, flags); ++ return; + } + ++ spin_unlock_irqrestore(&slob_lock, flags); +report: + pax_report_usercopy(ptr, n, to, NULL); +#endif @@ -66918,7 +67141,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ size_t ksize(const void *block) { -@@ -547,10 +627,10 @@ size_t ksize(const void *block) +@@ -547,10 +636,10 @@ size_t ksize(const void *block) sp = slob_page(block); if (is_slob_page(sp)) { int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); @@ -66932,7 +67155,21 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c } EXPORT_SYMBOL(ksize); -@@ -605,17 +685,25 @@ void *kmem_cache_alloc_node(struct kmem_ +@@ -566,8 +655,13 @@ struct kmem_cache *kmem_cache_create(con + { + struct kmem_cache *c; + ++#ifdef CONFIG_PAX_USERCOPY ++ c = __kmalloc_node_align(sizeof(struct kmem_cache), ++ GFP_KERNEL, -1, ARCH_KMALLOC_MINALIGN); ++#else + c = slob_alloc(sizeof(struct kmem_cache), + GFP_KERNEL, ARCH_KMALLOC_MINALIGN, -1); ++#endif + + if (c) { + c->name = name; +@@ -605,17 +699,25 @@ void *kmem_cache_alloc_node(struct kmem_ { void *b; @@ -66958,7 +67195,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c if (c->ctor) c->ctor(b); -@@ -627,10 +715,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); +@@ -627,10 +729,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); static void __kmem_cache_free(void *b, int size) { @@ -66977,7 +67214,7 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c } static void kmem_rcu_free(struct rcu_head *head) -@@ -643,15 +737,24 @@ static void kmem_rcu_free(struct rcu_hea +@@ -643,18 +751,32 @@ static void kmem_rcu_free(struct rcu_hea void kmem_cache_free(struct kmem_cache *c, void *b) { @@ -67004,7 +67241,15 @@ diff -urNp linux-2.6.32.42/mm/slob.c linux-2.6.32.42/mm/slob.c + __kmem_cache_free(b, size); } ++#ifdef CONFIG_PAX_USERCOPY ++ trace_kfree(_RET_IP_, b); ++#else trace_kmem_cache_free(_RET_IP_, b); ++#endif ++ + } + EXPORT_SYMBOL(kmem_cache_free); + diff -urNp linux-2.6.32.42/mm/slub.c linux-2.6.32.42/mm/slub.c --- linux-2.6.32.42/mm/slub.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.42/mm/slub.c 2011-04-17 15:56:46.000000000 -0400 @@ -67218,6 +67463,26 @@ diff -urNp linux-2.6.32.42/mm/slub.c linux-2.6.32.42/mm/slub.c return 0; } module_init(slab_proc_init); +diff -urNp linux-2.6.32.42/mm/swap.c linux-2.6.32.42/mm/swap.c +--- linux-2.6.32.42/mm/swap.c 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.42/mm/swap.c 2011-07-09 09:15:19.000000000 -0400 +@@ -30,6 +30,7 @@ + #include <linux/notifier.h> + #include <linux/backing-dev.h> + #include <linux/memcontrol.h> ++#include <linux/hugetlb.h> + + #include "internal.h" + +@@ -65,6 +66,8 @@ static void put_compound_page(struct pag + compound_page_dtor *dtor; + + dtor = get_compound_page_dtor(page); ++ if (!PageHuge(page)) ++ BUG_ON(dtor != free_compound_page); + (*dtor)(page); + } + } diff -urNp linux-2.6.32.42/mm/util.c linux-2.6.32.42/mm/util.c --- linux-2.6.32.42/mm/util.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.42/mm/util.c 2011-04-17 15:56:46.000000000 -0400 @@ -70887,7 +71152,7 @@ diff -urNp linux-2.6.32.42/scripts/mod/file2alias.c linux-2.6.32.42/scripts/mod/ diff -urNp linux-2.6.32.42/scripts/mod/modpost.c linux-2.6.32.42/scripts/mod/modpost.c --- linux-2.6.32.42/scripts/mod/modpost.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/scripts/mod/modpost.c 2011-04-17 15:56:46.000000000 -0400 ++++ linux-2.6.32.42/scripts/mod/modpost.c 2011-07-06 19:53:33.000000000 -0400 @@ -835,6 +835,7 @@ enum mismatch { INIT_TO_EXIT, EXIT_TO_INIT, @@ -70937,6 +71202,15 @@ diff -urNp linux-2.6.32.42/scripts/mod/modpost.c linux-2.6.32.42/scripts/mod/mod case NO_MISMATCH: /* To get warnings on missing members */ break; +@@ -1495,7 +1510,7 @@ static void section_rel(const char *modn + static void check_sec_ref(struct module *mod, const char *modname, + struct elf_info *elf) + { +- int i; ++ unsigned int i; + Elf_Shdr *sechdrs = elf->sechdrs; + + /* Walk through all sections */ @@ -1651,7 +1666,7 @@ void __attribute__((format(printf, 2, 3) va_end(ap); } @@ -71149,7 +71423,7 @@ diff -urNp linux-2.6.32.42/security/integrity/ima/ima_queue.c linux-2.6.32.42/se return 0; diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig --- linux-2.6.32.42/security/Kconfig 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.42/security/Kconfig 2011-06-29 20:55:36.000000000 -0400 ++++ linux-2.6.32.42/security/Kconfig 2011-07-06 19:58:11.000000000 -0400 @@ -4,6 +4,555 @@ menu "Security options" @@ -71672,7 +71946,7 @@ diff -urNp linux-2.6.32.42/security/Kconfig linux-2.6.32.42/security/Kconfig +config PAX_USERCOPY + bool "Harden heap object copies between kernel and userland" + depends on X86 || PPC || SPARC || ARM -+ depends on GRKERNSEC && (SLAB || SLUB) ++ depends on GRKERNSEC && (SLAB || SLUB || SLOB) + help + By saying Y here the kernel will enforce the size of heap objects + when they are copied in either direction between the kernel and @@ -72431,8 +72705,8 @@ diff -urNp linux-2.6.32.42/tools/gcc/Makefile linux-2.6.32.42/tools/gcc/Makefile +pax_plugin-objs := pax_plugin.o diff -urNp linux-2.6.32.42/tools/gcc/pax_plugin.c linux-2.6.32.42/tools/gcc/pax_plugin.c --- linux-2.6.32.42/tools/gcc/pax_plugin.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.42/tools/gcc/pax_plugin.c 2011-06-04 20:52:13.000000000 -0400 -@@ -0,0 +1,242 @@ ++++ linux-2.6.32.42/tools/gcc/pax_plugin.c 2011-07-06 19:53:33.000000000 -0400 +@@ -0,0 +1,243 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -72450,6 +72724,7 @@ diff -urNp linux-2.6.32.42/tools/gcc/pax_plugin.c linux-2.6.32.42/tools/gcc/pax_ + * - initialize all local variables + * + * BUGS: ++ * - cloned functions are instrumented twice + */ +#include "gcc-plugin.h" +#include "plugin-version.h" |