summaryrefslogtreecommitdiff
path: root/2.6.32
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2013-07-11 19:42:04 -0400
committerAnthony G. Basile <blueness@gentoo.org>2013-07-11 19:42:04 -0400
commitdf4440f92d0f8572c9c728e125ccf97ee6169e80 (patch)
treea12e1438caeb3514cbc8e54e811cce5bd2908ce8 /2.6.32
parentGrsec/PaX: 2.9.1-{2.6.32.61,3.2.47,3.9.9}-201307050017 (diff)
downloadhardened-patchset-df4440f92d0f8572c9c728e125ccf97ee6169e80.tar.gz
hardened-patchset-df4440f92d0f8572c9c728e125ccf97ee6169e80.tar.bz2
hardened-patchset-df4440f92d0f8572c9c728e125ccf97ee6169e80.zip
Grsec/PaX: 2.9.1-{2.6.32.61,3.2.48.3.10.0}-20130709222420130709
Diffstat (limited to '2.6.32')
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201307092216.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201307050015.patch)46
2 files changed, 41 insertions, 7 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 51f219a..0d60549 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.61
-Patch: 4420_grsecurity-2.9.1-2.6.32.61-201307050015.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.61-201307092216.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201307050015.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201307092216.patch
index 9f43159..55e1dcb 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201307050015.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201307092216.patch
@@ -104751,10 +104751,38 @@ index 53dae4b..9ba3743 100644
EXPORT_SYMBOL_GPL(kgdb_breakpoint);
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index 8ecc509..8eaf7f6 100644
+index 8ecc509..98fcf05 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
-@@ -112,9 +112,8 @@ out:
+@@ -59,7 +59,7 @@ static void free_modprobe_argv(char **argv, char **envp)
+ kfree(argv);
+ }
+
+-static int call_modprobe(char *module_name, int wait)
++static int call_modprobe(char *module_name, char *module_param, int wait)
+ {
+ static char *envp[] = { "HOME=/",
+ "TERM=linux",
+@@ -67,7 +67,7 @@ static int call_modprobe(char *module_name, int wait)
+ NULL };
+ struct subprocess_info *info;
+
+- char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
++ char **argv = kmalloc(sizeof(char *[6]), GFP_KERNEL);
+ if (!argv)
+ goto out;
+
+@@ -79,7 +79,8 @@ static int call_modprobe(char *module_name, int wait)
+ argv[1] = "-q";
+ argv[2] = "--";
+ argv[3] = module_name; /* check free_modprobe_argv() */
+- argv[4] = NULL;
++ argv[4] = module_param;
++ argv[5] = NULL;
+
+ info = call_usermodehelper_setup(argv[0], argv, envp, GFP_ATOMIC);
+ if (!info)
+@@ -112,9 +113,8 @@ out:
* If module auto-loading support is disabled then this function
* becomes a no-operation.
*/
@@ -104765,7 +104793,7 @@ index 8ecc509..8eaf7f6 100644
char module_name[MODULE_NAME_LEN];
unsigned int max_modprobes;
int ret;
-@@ -126,12 +125,24 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -126,12 +126,24 @@ int __request_module(bool wait, const char *fmt, ...)
if (ret)
return ret;
@@ -104793,7 +104821,13 @@ index 8ecc509..8eaf7f6 100644
/* If modprobe needs a service that is in a module, we get a recursive
* loop. Limit the number of running kmod threads to max_threads/2 or
* MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
-@@ -165,6 +176,48 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -160,11 +172,53 @@ int __request_module(bool wait, const char *fmt, ...)
+
+ trace_module_request(module_name, wait, _RET_IP_);
+
+- ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
++ ret = call_modprobe(module_name, module_param, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
+
atomic_dec(&kmod_concurrent);
return ret;
}
@@ -104842,7 +104876,7 @@ index 8ecc509..8eaf7f6 100644
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
-@@ -283,7 +336,7 @@ static int wait_for_helper(void *data)
+@@ -283,7 +337,7 @@ static int wait_for_helper(void *data)
*
* Thus the __user pointer cast is valid here.
*/
@@ -104851,7 +104885,7 @@ index 8ecc509..8eaf7f6 100644
/*
* If ret is 0, either ____call_usermodehelper failed and the
-@@ -561,6 +614,11 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info,
+@@ -561,6 +615,11 @@ int call_usermodehelper_exec(struct subprocess_info *sub_info,
validate_creds(sub_info->cred);
helper_lock();