diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-04-20 11:59:49 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-04-20 11:59:49 -0400 |
commit | af45df34cdc5e5f2e70d383b7bf99bbb56b24773 (patch) | |
tree | 89f12d1c913aec0f9448b1f594b96d0bb8a5d9a8 /2.6.32 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.43,3.8.7}-201304122027 (diff) | |
download | hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.tar.gz hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.tar.bz2 hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.zip |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.43,3.8.8}-20130418192320130418
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304181846.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch) | 110 |
2 files changed, 97 insertions, 15 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 6b3d14c..d04e223 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304181846.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304181846.patch index 5b9006d..3224566 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304181846.patch @@ -80929,6 +80929,19 @@ index f4300ff7..6ec38b2 100644 if (filp->f_pos >= inode->i_size) return 0; +diff --git a/fs/hfsplus/extents.c b/fs/hfsplus/extents.c +index 0022eec..b3d234e 100644 +--- a/fs/hfsplus/extents.c ++++ b/fs/hfsplus/extents.c +@@ -447,7 +447,7 @@ void hfsplus_file_truncate(struct inode *inode) + struct address_space *mapping = inode->i_mapping; + struct page *page; + void *fsdata; +- u32 size = inode->i_size; ++ loff_t size = inode->i_size; + int res; + + res = pagecache_write_begin(NULL, mapping, size, 0, diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c index 1bcf597..905a251 100644 --- a/fs/hfsplus/inode.c @@ -99111,6 +99124,43 @@ index 58ae8e0..8ce9617 100644 struct kobject *parent_kobj); static inline struct kset *to_kset(struct kobject *kobj) +diff --git a/include/linux/kref.h b/include/linux/kref.h +index b0cb0eb..26fd888 100644 +--- a/include/linux/kref.h ++++ b/include/linux/kref.h +@@ -16,6 +16,7 @@ + #define _KREF_H_ + + #include <linux/types.h> ++#include <asm/atomic.h> + + struct kref { + atomic_t refcount; +@@ -26,4 +27,24 @@ void kref_init(struct kref *kref); + void kref_get(struct kref *kref); + int kref_put(struct kref *kref, void (*release) (struct kref *kref)); + ++/** ++ * kref_get_unless_zero - Increment refcount for object unless it is zero. ++ * @kref: object. ++ * ++ * Return non-zero if the increment succeeded. Otherwise return 0. ++ * ++ * This function is intended to simplify locking around refcounting for ++ * objects that can be looked up from a lookup structure, and which are ++ * removed from that lookup structure in the object destructor. ++ * Operations on such objects require at least a read lock around ++ * lookup + kref_get, and a write lock around kref_put + remove from lookup ++ * structure. Furthermore, RCU implementations become extremely tricky. ++ * With a lookup followed by a kref_get_unless_zero *with return value check* ++ * locking in the kref_put path can be deferred to the actual removal from ++ * the lookup structure and RCU lookups become trivial. ++ */ ++static inline int __must_check kref_get_unless_zero(struct kref *kref) ++{ ++ return atomic_add_unless(&kref->refcount, 1, 0); ++} + #endif /* _KREF_H_ */ diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 8bfed57..07be660 100644 --- a/include/linux/kvm_host.h @@ -107428,7 +107478,7 @@ index 0591df8..dcf3f9f 100644 if (cpu != group_first_cpu(sd->groups)) return; diff --git a/kernel/signal.c b/kernel/signal.c -index 2494827..3087914 100644 +index 2494827..873d447 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -41,12 +41,12 @@ @@ -107620,6 +107670,15 @@ index 2494827..3087914 100644 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); /* +@@ -2300,7 +2336,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) + + static int do_tkill(pid_t tgid, pid_t pid, int sig) + { +- struct siginfo info; ++ struct siginfo info = {}; + + info.si_signo = sig; + info.si_errno = 0; diff --git a/kernel/smp.c b/kernel/smp.c index aa9cff3..631a0de 100644 --- a/kernel/smp.c @@ -107715,7 +107774,7 @@ index 04a0252..4ee2bbb 100644 struct tasklet_struct *list; diff --git a/kernel/sys.c b/kernel/sys.c -index e9512b1..dec4030 100644 +index e9512b1..b436660 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -133,6 +133,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -107857,16 +107916,16 @@ index e9512b1..dec4030 100644 if (rgid != (gid_t) -1) new->gid = rgid; if (egid != (gid_t) -1) -@@ -849,6 +884,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) - if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0) - goto error; - -+ if (gr_check_user_change(-1, -1, uid)) -+ goto error; -+ - if (uid == old->uid || uid == old->euid || +@@ -853,6 +888,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) uid == old->suid || uid == old->fsuid || capable(CAP_SETUID)) { + if (uid != old_fsuid) { ++ if (gr_check_user_change(-1, -1, uid)) ++ goto error; ++ + new->fsuid = uid; + if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0) + goto change_okay; @@ -889,6 +927,9 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) if (gid == old->gid || gid == old->egid || gid == old->sgid || gid == old->fsgid || @@ -109259,10 +109318,24 @@ index bd2bea9..6b3c95e 100644 return false; diff --git a/lib/kobject.c b/lib/kobject.c -index b512b74..8115eb1 100644 +index b512b74..ba78866 100644 --- a/lib/kobject.c +++ b/lib/kobject.c -@@ -700,7 +700,7 @@ static ssize_t kobj_attr_store(struct kobject *kobj, struct attribute *attr, +@@ -531,6 +531,13 @@ struct kobject *kobject_get(struct kobject *kobj) + return kobj; + } + ++static struct kobject *kobject_get_unless_zero(struct kobject *kobj) ++{ ++ if (!kref_get_unless_zero(&kobj->kref)) ++ kobj = NULL; ++ return kobj; ++} ++ + /* + * kobject_cleanup - free kobject resources. + * @kobj: object to cleanup +@@ -700,7 +707,7 @@ static ssize_t kobj_attr_store(struct kobject *kobj, struct attribute *attr, return ret; } @@ -109271,7 +109344,16 @@ index b512b74..8115eb1 100644 .show = kobj_attr_show, .store = kobj_attr_store, }; -@@ -789,7 +789,7 @@ static struct kobj_type kset_ktype = { +@@ -752,7 +759,7 @@ struct kobject *kset_find_obj(struct kset *kset, const char *name) + spin_lock(&kset->list_lock); + list_for_each_entry(k, &kset->list, entry) { + if (kobject_name(k) && !strcmp(kobject_name(k), name)) { +- ret = kobject_get(k); ++ ret = kobject_get_unless_zero(k); + break; + } + } +@@ -789,7 +796,7 @@ static struct kobj_type kset_ktype = { * If the kset was not able to be created, NULL will be returned. */ static struct kset *kset_create(const char *name, @@ -109280,7 +109362,7 @@ index b512b74..8115eb1 100644 struct kobject *parent_kobj) { struct kset *kset; -@@ -832,7 +832,7 @@ static struct kset *kset_create(const char *name, +@@ -832,7 +839,7 @@ static struct kset *kset_create(const char *name, * If the kset was not able to be created, NULL will be returned. */ struct kset *kset_create_and_add(const char *name, |