Grsec/PaX: 2.9.1-{2.6.32.60,3.2.43,3.8.8}-20130418192320130418

author: Anthony G. Basile <blueness@gentoo.org> 2013-04-20 11:59:49 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2013-04-20 11:59:49 -0400
commit: af45df34cdc5e5f2e70d383b7bf99bbb56b24773 (patch)
tree: 89f12d1c913aec0f9448b1f594b96d0bb8a5d9a8 /2.6.32
parent: Grsec/PaX: 2.9.1-{2.6.32.60,3.2.43,3.8.7}-201304122027 (diff)
download: hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.tar.gz
hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.tar.bz2
hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.zip
2 files changed, 97 insertions, 15 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 6b3d14c..d04e223 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch:	1059_linux-2.6.32.60.patch
 From:	http://www.kernel.org
 Desc:	Linux 2.6.32.59
 
-Patch:	4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch
+Patch:	4420_grsecurity-2.9.1-2.6.32.60-201304181846.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304181846.patch
index 5b9006d..3224566 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304122025.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304181846.patch
@@ -80929,6 +80929,19 @@ index f4300ff7..6ec38b2 100644
  	if (filp->f_pos >= inode->i_size)
  		return 0;
  
+diff --git a/fs/hfsplus/extents.c b/fs/hfsplus/extents.c
+index 0022eec..b3d234e 100644
+--- a/fs/hfsplus/extents.c
++++ b/fs/hfsplus/extents.c
+@@ -447,7 +447,7 @@ void hfsplus_file_truncate(struct inode *inode)
+ 		struct address_space *mapping = inode->i_mapping;
+ 		struct page *page;
+ 		void *fsdata;
+-		u32 size = inode->i_size;
++		loff_t size = inode->i_size;
+ 		int res;
+ 
+ 		res = pagecache_write_begin(NULL, mapping, size, 0,
 diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c
 index 1bcf597..905a251 100644
 --- a/fs/hfsplus/inode.c
@@ -99111,6 +99124,43 @@ index 58ae8e0..8ce9617 100644
  						struct kobject *parent_kobj);
  
  static inline struct kset *to_kset(struct kobject *kobj)
+diff --git a/include/linux/kref.h b/include/linux/kref.h
+index b0cb0eb..26fd888 100644
+--- a/include/linux/kref.h
++++ b/include/linux/kref.h
+@@ -16,6 +16,7 @@
+ #define _KREF_H_
+ 
+ #include <linux/types.h>
++#include <asm/atomic.h>
+ 
+ struct kref {
+ 	atomic_t refcount;
+@@ -26,4 +27,24 @@ void kref_init(struct kref *kref);
+ void kref_get(struct kref *kref);
+ int kref_put(struct kref *kref, void (*release) (struct kref *kref));
+ 
++/**
++ * kref_get_unless_zero - Increment refcount for object unless it is zero.
++ * @kref: object.
++ *
++ * Return non-zero if the increment succeeded. Otherwise return 0.
++ *
++ * This function is intended to simplify locking around refcounting for
++ * objects that can be looked up from a lookup structure, and which are
++ * removed from that lookup structure in the object destructor.
++ * Operations on such objects require at least a read lock around
++ * lookup + kref_get, and a write lock around kref_put + remove from lookup
++ * structure. Furthermore, RCU implementations become extremely tricky.
++ * With a lookup followed by a kref_get_unless_zero *with return value check*
++ * locking in the kref_put path can be deferred to the actual removal from
++ * the lookup structure and RCU lookups become trivial.
++ */
++static inline int __must_check kref_get_unless_zero(struct kref *kref)
++{
++	return atomic_add_unless(&kref->refcount, 1, 0);
++}
+ #endif /* _KREF_H_ */
 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
 index 8bfed57..07be660 100644
 --- a/include/linux/kvm_host.h
@@ -107428,7 +107478,7 @@ index 0591df8..dcf3f9f 100644
  	if (cpu != group_first_cpu(sd->groups))
  		return;
 diff --git a/kernel/signal.c b/kernel/signal.c
-index 2494827..3087914 100644
+index 2494827..873d447 100644
 --- a/kernel/signal.c
 +++ b/kernel/signal.c
 @@ -41,12 +41,12 @@
@@ -107620,6 +107670,15 @@ index 2494827..3087914 100644
  	if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
  		error = check_kill_permission(sig, info, p);
  		/*
+@@ -2300,7 +2336,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
+ 
+ static int do_tkill(pid_t tgid, pid_t pid, int sig)
+ {
+-	struct siginfo info;
++	struct siginfo info = {};
+ 
+ 	info.si_signo = sig;
+ 	info.si_errno = 0;
 diff --git a/kernel/smp.c b/kernel/smp.c
 index aa9cff3..631a0de 100644
 --- a/kernel/smp.c
@@ -107715,7 +107774,7 @@ index 04a0252..4ee2bbb 100644
  	struct tasklet_struct *list;
  
 diff --git a/kernel/sys.c b/kernel/sys.c
-index e9512b1..dec4030 100644
+index e9512b1..b436660 100644
 --- a/kernel/sys.c
 +++ b/kernel/sys.c
 @@ -133,6 +133,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -107857,16 +107916,16 @@ index e9512b1..dec4030 100644
  	if (rgid != (gid_t) -1)
  		new->gid = rgid;
  	if (egid != (gid_t) -1)
-@@ -849,6 +884,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
- 	if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
- 		goto error;
- 
-+	if (gr_check_user_change(-1, -1, uid))
-+		goto error;
-+
- 	if (uid == old->uid  || uid == old->euid  ||
+@@ -853,6 +888,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
  	    uid == old->suid || uid == old->fsuid ||
  	    capable(CAP_SETUID)) {
+ 		if (uid != old_fsuid) {
++			if (gr_check_user_change(-1, -1, uid))
++				goto error;
++
+ 			new->fsuid = uid;
+ 			if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
+ 				goto change_okay;
 @@ -889,6 +927,9 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
  	if (gid == old->gid  || gid == old->egid  ||
  	    gid == old->sgid || gid == old->fsgid ||
@@ -109259,10 +109318,24 @@ index bd2bea9..6b3c95e 100644
  		return false;
  
 diff --git a/lib/kobject.c b/lib/kobject.c
-index b512b74..8115eb1 100644
+index b512b74..ba78866 100644
 --- a/lib/kobject.c
 +++ b/lib/kobject.c
-@@ -700,7 +700,7 @@ static ssize_t kobj_attr_store(struct kobject *kobj, struct attribute *attr,
+@@ -531,6 +531,13 @@ struct kobject *kobject_get(struct kobject *kobj)
+ 	return kobj;
+ }
+ 
++static struct kobject *kobject_get_unless_zero(struct kobject *kobj)
++{
++	if (!kref_get_unless_zero(&kobj->kref))
++		kobj = NULL;
++	return kobj;
++}
++
+ /*
+  * kobject_cleanup - free kobject resources.
+  * @kobj: object to cleanup
+@@ -700,7 +707,7 @@ static ssize_t kobj_attr_store(struct kobject *kobj, struct attribute *attr,
  	return ret;
  }
  
@@ -109271,7 +109344,16 @@ index b512b74..8115eb1 100644
  	.show	= kobj_attr_show,
  	.store	= kobj_attr_store,
  };
-@@ -789,7 +789,7 @@ static struct kobj_type kset_ktype = {
+@@ -752,7 +759,7 @@ struct kobject *kset_find_obj(struct kset *kset, const char *name)
+ 	spin_lock(&kset->list_lock);
+ 	list_for_each_entry(k, &kset->list, entry) {
+ 		if (kobject_name(k) && !strcmp(kobject_name(k), name)) {
+-			ret = kobject_get(k);
++			ret = kobject_get_unless_zero(k);
+ 			break;
+ 		}
+ 	}
+@@ -789,7 +796,7 @@ static struct kobj_type kset_ktype = {
   * If the kset was not able to be created, NULL will be returned.
   */
  static struct kset *kset_create(const char *name,
@@ -109280,7 +109362,7 @@ index b512b74..8115eb1 100644
  				struct kobject *parent_kobj)
  {
  	struct kset *kset;
-@@ -832,7 +832,7 @@ static struct kset *kset_create(const char *name,
+@@ -832,7 +839,7 @@ static struct kset *kset_create(const char *name,
   * If the kset was not able to be created, NULL will be returned.
   */
  struct kset *kset_create_and_add(const char *name,
author	Anthony G. Basile <blueness@gentoo.org>	2013-04-20 11:59:49 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2013-04-20 11:59:49 -0400
commit	af45df34cdc5e5f2e70d383b7bf99bbb56b24773 (patch)
tree	89f12d1c913aec0f9448b1f594b96d0bb8a5d9a8 /2.6.32
parent	Grsec/PaX: 2.9.1-{2.6.32.60,3.2.43,3.8.7}-201304122027 (diff)
download	hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.tar.gz hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.tar.bz2 hardened-patchset-af45df34cdc5e5f2e70d383b7bf99bbb56b24773.zip