summaryrefslogtreecommitdiff
path: root/2.6.32
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2013-11-09 10:13:39 -0500
committerAnthony G. Basile <blueness@gentoo.org>2013-11-09 10:13:39 -0500
commitd0f5a1fd5156db1a80a90399125b39498f4b6660 (patch)
treef2f8bc0e19dc15c88d58866397dd6614f17ea28a /2.6.32
parentGrsec/PaX: 2.9.1-{3.2.52,3.11.6}-201311021635 (diff)
downloadhardened-patchset-d0f5a1fd5156db1a80a90399125b39498f4b6660.tar.gz
hardened-patchset-d0f5a1fd5156db1a80a90399125b39498f4b6660.tar.bz2
hardened-patchset-d0f5a1fd5156db1a80a90399125b39498f4b6660.zip
Grsec/PaX: 2.9.1-{2.6.32.61,3.2.52,3.11.7}-20131107163420131107
Diffstat (limited to '2.6.32')
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch)98
-rw-r--r--2.6.32/4450_grsec-kconfig-default-gids.patch8
-rw-r--r--2.6.32/4475_emutramp_default_on.patch2
4 files changed, 64 insertions, 46 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 2e904e0..b5c69e3 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.61
-Patch: 4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch
index 4220829..acf589b 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch
@@ -110329,7 +110329,7 @@ index 9ecd6e8..12c94c1 100644
if (atomic_dec_and_test(&kref->refcount)) {
diff --git a/lib/list_debug.c b/lib/list_debug.c
-index 1a39f4e..bdc3153 100644
+index 1a39f4e..f5349ec 100644
--- a/lib/list_debug.c
+++ b/lib/list_debug.c
@@ -8,7 +8,9 @@
@@ -110342,68 +110342,85 @@ index 1a39f4e..bdc3153 100644
/*
* Insert a new entry between two known consecutive entries.
*
-@@ -16,18 +18,31 @@
+@@ -16,18 +18,39 @@
* the prev/next entries already!
*/
--void __list_add(struct list_head *new,
-- struct list_head *prev,
-- struct list_head *next)
+static bool __list_add_debug(struct list_head *new,
+ struct list_head *prev,
+ struct list_head *next)
- {
-- WARN(next->prev != prev,
-+ if (WARN(next->prev != prev,
- "list_add corruption. next->prev should be "
- "prev (%p), but was %p. (next=%p).\n",
-- prev, next->prev, next);
-- WARN(prev->next != next,
-+ prev, next->prev, next) ||
-+ WARN(prev->next != next,
- "list_add corruption. prev->next should be "
- "next (%p), but was %p. (prev=%p).\n",
-- next, prev->next, prev);
-+ next, prev->next, prev) ||
-+ WARN(new == prev || new == next,
-+ "list_add double add: new=%p, prev=%p, next=%p.\n",
-+ new, prev, next))
++{
++ if (unlikely(next->prev != prev)) {
++ printk(KERN_ERR "list_add corruption. next->prev should be "
++ "prev (%p), but was %p. (next=%p).\n",
++ prev, next->prev, next);
++ BUG();
++ return false;
++ }
++ if (unlikely(prev->next != next)) {
++ printk(KERN_ERR "list_add corruption. prev->next should be "
++ "next (%p), but was %p. (prev=%p).\n",
++ next, prev->next, prev);
++ BUG();
++ return false;
++ }
++ if (unlikely(new == prev || new == next)) {
++ printk(KERN_ERR "list_add double add: new=%p, prev=%p, next=%p.\n",
++ new, prev, next);
++ BUG();
+ return false;
++ }
+ return true;
+}
+
-+void __list_add(struct list_head *new,
+ void __list_add(struct list_head *new,
+- struct list_head *prev,
+- struct list_head *next)
+ struct list_head *prev,
+ struct list_head *next)
-+{
+ {
+- WARN(next->prev != prev,
+- "list_add corruption. next->prev should be "
+- "prev (%p), but was %p. (next=%p).\n",
+- prev, next->prev, next);
+- WARN(prev->next != next,
+- "list_add corruption. prev->next should be "
+- "next (%p), but was %p. (prev=%p).\n",
+- next, prev->next, prev);
+ if (!__list_add_debug(new, prev, next))
+ return;
next->prev = new;
new->next = next;
new->prev = prev;
-@@ -41,16 +56,61 @@ EXPORT_SYMBOL(__list_add);
+@@ -41,16 +64,66 @@ EXPORT_SYMBOL(__list_add);
* Note: list_empty on entry does not return true after this, the entry is
* in an undefined state.
*/
--void list_del(struct list_head *entry)
+static bool list_del_debug(struct list_head *entry)
++{
++ if (unlikely(entry->prev->next != entry)) {
++ printk(KERN_ERR "list_del corruption. prev->next should be %p, "
++ "but was %p\n", entry, entry->prev->next);
++ BUG();
++ return false;
++ }
++ if (unlikely(entry->next->prev != entry)) {
++ printk(KERN_ERR "list_del corruption. next->prev should be %p, "
++ "but was %p\n", entry, entry->next->prev);
++ BUG();
++ return false;
++ }
++ return true;
++}
++
+ void list_del(struct list_head *entry)
{
- WARN(entry->prev->next != entry,
-+ if (WARN(entry->prev->next != entry,
- "list_del corruption. prev->next should be %p, "
+- "list_del corruption. prev->next should be %p, "
- "but was %p\n", entry, entry->prev->next);
- WARN(entry->next->prev != entry,
-+ "but was %p\n", entry, entry->prev->next) ||
-+ WARN(entry->next->prev != entry,
- "list_del corruption. next->prev should be %p, "
+- "list_del corruption. next->prev should be %p, "
- "but was %p\n", entry, entry->next->prev);
-+ "but was %p\n", entry, entry->next->prev))
-+ return false;
-+ return true;
-+}
-+
-+void list_del(struct list_head *entry)
-+{
+ if (!list_del_debug(entry))
+ return;
__list_del(entry->prev, entry->next);
@@ -120586,10 +120603,10 @@ index d52f7a0..b66cdd9 100755
rm -f tags
xtags ctags
diff --git a/security/Kconfig b/security/Kconfig
-index fb363cd..a869a1d 100644
+index fb363cd..1d2c23f 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,896 @@
+@@ -4,6 +4,897 @@
menu "Security options"
@@ -120623,6 +120640,7 @@ index fb363cd..a869a1d 100644
+ select CRYPTO_SHA256
+ select PROC_FS
+ select STOP_MACHINE
++ select DEBUG_LIST
+ help
+ If you say Y here, you will be able to configure many features
+ that will enhance the security of your system. It is highly
@@ -121486,7 +121504,7 @@ index fb363cd..a869a1d 100644
config KEYS
bool "Enable access key retention support"
help
-@@ -146,7 +1036,7 @@ config INTEL_TXT
+@@ -146,7 +1037,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch
index 3dfdc8f..2de7db1 100644
--- a/2.6.32/4450_grsec-kconfig-default-gids.patch
+++ b/2.6.32/4450_grsec-kconfig-default-gids.patch
@@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
diff -Nuar a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig 2012-10-13 09:51:35.000000000 -0400
+++ b/security/Kconfig 2012-10-13 09:52:59.000000000 -0400
-@@ -191,7 +191,7 @@
+@@ -192,7 +192,7 @@
config GRKERNSEC_PROC_GID
int "GID exempted from /proc restrictions"
@@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group will be exempted from
grsecurity's /proc restrictions, allowing users of the specified
-@@ -202,7 +202,7 @@
+@@ -203,7 +203,7 @@
config GRKERNSEC_TPE_UNTRUSTED_GID
int "GID for TPE-untrusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group untrusted users should
be added to. These users will be placed under grsecurity's Trusted Path
-@@ -214,7 +214,7 @@
+@@ -215,7 +215,7 @@
config GRKERNSEC_TPE_TRUSTED_GID
int "GID for TPE-trusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -223,7 +223,7 @@
+@@ -224,7 +224,7 @@
config GRKERNSEC_SYMLINKOWN_GID
int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
depends on GRKERNSEC_CONFIG_SERVER
diff --git a/2.6.32/4475_emutramp_default_on.patch b/2.6.32/4475_emutramp_default_on.patch
index 2d7124b..c7647c0 100644
--- a/2.6.32/4475_emutramp_default_on.patch
+++ b/2.6.32/4475_emutramp_default_on.patch
@@ -10,7 +10,7 @@ See bug:
diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
--- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400
+++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400
-@@ -424,7 +424,7 @@
+@@ -425,7 +425,7 @@
config PAX_EMUTRAMP
bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)