diff options
| author |   Anthony G. Basile <basile@opensource.dyc.edu> | 2010-11-13 21:32:00 -0500 |
|---|---|---|
| committer | Anthony G. Basile <basile@opensource.dyc.edu> | 2010-11-13 21:32:00 -0500 |
| commit | 62bbb20fea3c7ec554fb34cff3d559c79ae7331e (patch) | |
| tree | 135ae7fb10219ddc5c6282e582b1409b4e9f2488 /2.6.32 | |
| parent | Dropping support for 2.6.35 (diff) | |
| download | hardened-patchset-62bbb20fea3c7ec554fb34cff3d559c79ae7331e.tar.gz hardened-patchset-62bbb20fea3c7ec554fb34cff3d559c79ae7331e.tar.bz2 hardened-patchset-62bbb20fea3c7ec554fb34cff3d559c79ae7331e.zip | |
Update Grsec/PaX20101113
2.2.0-2.6.32.25-201011131640 against 2.6.32.25
2.2.0-2.6.36-201011131640 against 2.6.36
Diffstat (limited to '2.6.32')
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch (renamed from 2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011062054.patch) | 791 | ||||
| -rw-r--r-- | 2.6.32/4430_grsec-kconfig-default-gids.patch | 14 | ||||
| -rw-r--r-- | 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 |
4 files changed, 712 insertions, 97 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 0c43256..745f6ce 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.0-2.6.32.25-201011062054.patch +Patch: 4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011062054.patch b/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch index e30b363..817174f 100644 --- a/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011062054.patch +++ b/2.6.32/4420_grsecurity-2.2.0-2.6.32.25-201011131640.patch @@ -2409,7 +2409,40 @@ diff -urNp linux-2.6.32.25/arch/powerpc/kernel/pci-common.c linux-2.6.32.25/arch } diff -urNp linux-2.6.32.25/arch/powerpc/kernel/process.c linux-2.6.32.25/arch/powerpc/kernel/process.c --- linux-2.6.32.25/arch/powerpc/kernel/process.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/arch/powerpc/kernel/process.c 2010-10-23 19:59:19.000000000 -0400 ++++ linux-2.6.32.25/arch/powerpc/kernel/process.c 2010-11-13 16:15:27.000000000 -0500 +@@ -539,8 +539,8 @@ void show_regs(struct pt_regs * regs) + * Lookup NIP late so we have the best change of getting the + * above info out without failing + */ +- printk("NIP ["REG"] %pS\n", regs->nip, (void *)regs->nip); +- printk("LR ["REG"] %pS\n", regs->link, (void *)regs->link); ++ printk("NIP ["REG"] %pA\n", regs->nip, (void *)regs->nip); ++ printk("LR ["REG"] %pA\n", regs->link, (void *)regs->link); + #endif + show_stack(current, (unsigned long *) regs->gpr[1]); + if (!user_mode(regs)) +@@ -1034,10 +1034,10 @@ void show_stack(struct task_struct *tsk, + newsp = stack[0]; + ip = stack[STACK_FRAME_LR_SAVE]; + if (!firstframe || ip != lr) { +- printk("["REG"] ["REG"] %pS", sp, ip, (void *)ip); ++ printk("["REG"] ["REG"] %pA", sp, ip, (void *)ip); + #ifdef CONFIG_FUNCTION_GRAPH_TRACER + if ((ip == rth || ip == mrth) && curr_frame >= 0) { +- printk(" (%pS)", ++ printk(" (%pA)", + (void *)current->ret_stack[curr_frame].ret); + curr_frame--; + } +@@ -1057,7 +1057,7 @@ void show_stack(struct task_struct *tsk, + struct pt_regs *regs = (struct pt_regs *) + (sp + STACK_FRAME_OVERHEAD); + lr = regs->link; +- printk("--- Exception: %lx at %pS\n LR = %pS\n", ++ printk("--- Exception: %lx at %pA\n LR = %pA\n", + regs->trap, (void *)regs->nip, (void *)lr); + firstframe = 1; + } @@ -1141,51 +1141,3 @@ unsigned long arch_align_stack(unsigned sp -= get_random_int() & ~PAGE_MASK; return sp & ~0xf; @@ -3774,6 +3807,82 @@ diff -urNp linux-2.6.32.25/arch/sparc/kernel/pci_sun4v.c linux-2.6.32.25/arch/sp .alloc_coherent = dma_4v_alloc_coherent, .free_coherent = dma_4v_free_coherent, .map_page = dma_4v_map_page, +diff -urNp linux-2.6.32.25/arch/sparc/kernel/process_32.c linux-2.6.32.25/arch/sparc/kernel/process_32.c +--- linux-2.6.32.25/arch/sparc/kernel/process_32.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/arch/sparc/kernel/process_32.c 2010-11-13 16:13:46.000000000 -0500 +@@ -196,7 +196,7 @@ void __show_backtrace(unsigned long fp) + rw->ins[4], rw->ins[5], + rw->ins[6], + rw->ins[7]); +- printk("%pS\n", (void *) rw->ins[7]); ++ printk("%pA\n", (void *) rw->ins[7]); + rw = (struct reg_window32 *) rw->ins[6]; + } + spin_unlock_irqrestore(&sparc_backtrace_lock, flags); +@@ -263,14 +263,14 @@ void show_regs(struct pt_regs *r) + + printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n", + r->psr, r->pc, r->npc, r->y, print_tainted()); +- printk("PC: <%pS>\n", (void *) r->pc); ++ printk("PC: <%pA>\n", (void *) r->pc); + printk("%%G: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n", + r->u_regs[0], r->u_regs[1], r->u_regs[2], r->u_regs[3], + r->u_regs[4], r->u_regs[5], r->u_regs[6], r->u_regs[7]); + printk("%%O: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n", + r->u_regs[8], r->u_regs[9], r->u_regs[10], r->u_regs[11], + r->u_regs[12], r->u_regs[13], r->u_regs[14], r->u_regs[15]); +- printk("RPC: <%pS>\n", (void *) r->u_regs[15]); ++ printk("RPC: <%pA>\n", (void *) r->u_regs[15]); + + printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n", + rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3], +@@ -305,7 +305,7 @@ void show_stack(struct task_struct *tsk, + rw = (struct reg_window32 *) fp; + pc = rw->ins[7]; + printk("[%08lx : ", pc); +- printk("%pS ] ", (void *) pc); ++ printk("%pA ] ", (void *) pc); + fp = rw->ins[6]; + } while (++count < 16); + printk("\n"); +diff -urNp linux-2.6.32.25/arch/sparc/kernel/process_64.c linux-2.6.32.25/arch/sparc/kernel/process_64.c +--- linux-2.6.32.25/arch/sparc/kernel/process_64.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/arch/sparc/kernel/process_64.c 2010-11-13 16:14:11.000000000 -0500 +@@ -180,14 +180,14 @@ static void show_regwindow(struct pt_reg + printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n", + rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]); + if (regs->tstate & TSTATE_PRIV) +- printk("I7: <%pS>\n", (void *) rwk->ins[7]); ++ printk("I7: <%pA>\n", (void *) rwk->ins[7]); + } + + void show_regs(struct pt_regs *regs) + { + printk("TSTATE: %016lx TPC: %016lx TNPC: %016lx Y: %08x %s\n", regs->tstate, + regs->tpc, regs->tnpc, regs->y, print_tainted()); +- printk("TPC: <%pS>\n", (void *) regs->tpc); ++ printk("TPC: <%pA>\n", (void *) regs->tpc); + printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n", + regs->u_regs[0], regs->u_regs[1], regs->u_regs[2], + regs->u_regs[3]); +@@ -200,7 +200,7 @@ void show_regs(struct pt_regs *regs) + printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n", + regs->u_regs[12], regs->u_regs[13], regs->u_regs[14], + regs->u_regs[15]); +- printk("RPC: <%pS>\n", (void *) regs->u_regs[15]); ++ printk("RPC: <%pA>\n", (void *) regs->u_regs[15]); + show_regwindow(regs); + } + +@@ -284,7 +284,7 @@ void arch_trigger_all_cpu_backtrace(void + ((tp && tp->task) ? tp->task->pid : -1)); + + if (gp->tstate & TSTATE_PRIV) { +- printk(" TPC[%pS] O7[%pS] I7[%pS] RPC[%pS]\n", ++ printk(" TPC[%pA] O7[%pA] I7[%pA] RPC[%pA]\n", + (void *) gp->tpc, + (void *) gp->o7, + (void *) gp->i7, diff -urNp linux-2.6.32.25/arch/sparc/kernel/sys_sparc_32.c linux-2.6.32.25/arch/sparc/kernel/sys_sparc_32.c --- linux-2.6.32.25/arch/sparc/kernel/sys_sparc_32.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/arch/sparc/kernel/sys_sparc_32.c 2010-10-23 19:59:19.000000000 -0400 @@ -3918,9 +4027,30 @@ diff -urNp linux-2.6.32.25/arch/sparc/kernel/sys_sparc_64.c linux-2.6.32.25/arch mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff -urNp linux-2.6.32.25/arch/sparc/kernel/traps_32.c linux-2.6.32.25/arch/sparc/kernel/traps_32.c +--- linux-2.6.32.25/arch/sparc/kernel/traps_32.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/arch/sparc/kernel/traps_32.c 2010-11-13 16:13:23.000000000 -0500 +@@ -76,7 +76,7 @@ void die_if_kernel(char *str, struct pt_ + count++ < 30 && + (((unsigned long) rw) >= PAGE_OFFSET) && + !(((unsigned long) rw) & 0x7)) { +- printk("Caller[%08lx]: %pS\n", rw->ins[7], ++ printk("Caller[%08lx]: %pA\n", rw->ins[7], + (void *) rw->ins[7]); + rw = (struct reg_window32 *)rw->ins[6]; + } diff -urNp linux-2.6.32.25/arch/sparc/kernel/traps_64.c linux-2.6.32.25/arch/sparc/kernel/traps_64.c --- linux-2.6.32.25/arch/sparc/kernel/traps_64.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/arch/sparc/kernel/traps_64.c 2010-10-23 19:59:19.000000000 -0400 ++++ linux-2.6.32.25/arch/sparc/kernel/traps_64.c 2010-11-13 16:13:03.000000000 -0500 +@@ -73,7 +73,7 @@ static void dump_tl1_traplog(struct tl1_ + i + 1, + p->trapstack[i].tstate, p->trapstack[i].tpc, + p->trapstack[i].tnpc, p->trapstack[i].tt); +- printk("TRAPLOG: TPC<%pS>\n", (void *) p->trapstack[i].tpc); ++ printk("TRAPLOG: TPC<%pA>\n", (void *) p->trapstack[i].tpc); + } + } + @@ -93,6 +93,12 @@ void bad_trap(struct pt_regs *regs, long lvl -= 0x100; @@ -3952,6 +4082,87 @@ diff -urNp linux-2.6.32.25/arch/sparc/kernel/traps_64.c linux-2.6.32.25/arch/spa dump_tl1_traplog((struct tl1_traplog *)(regs + 1)); sprintf (buffer, "Bad trap %lx at tl>0", lvl); +@@ -1139,7 +1150,7 @@ static void cheetah_log_errors(struct pt + regs->tpc, regs->tnpc, regs->u_regs[UREG_I7], regs->tstate); + printk("%s" "ERROR(%d): ", + (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id()); +- printk("TPC<%pS>\n", (void *) regs->tpc); ++ printk("TPC<%pA>\n", (void *) regs->tpc); + printk("%s" "ERROR(%d): M_SYND(%lx), E_SYND(%lx)%s%s\n", + (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id(), + (afsr & CHAFSR_M_SYNDROME) >> CHAFSR_M_SYNDROME_SHIFT, +@@ -1746,7 +1757,7 @@ void cheetah_plus_parity_error(int type, + smp_processor_id(), + (type & 0x1) ? 'I' : 'D', + regs->tpc); +- printk(KERN_EMERG "TPC<%pS>\n", (void *) regs->tpc); ++ printk(KERN_EMERG "TPC<%pA>\n", (void *) regs->tpc); + panic("Irrecoverable Cheetah+ parity error."); + } + +@@ -1754,7 +1765,7 @@ void cheetah_plus_parity_error(int type, + smp_processor_id(), + (type & 0x1) ? 'I' : 'D', + regs->tpc); +- printk(KERN_WARNING "TPC<%pS>\n", (void *) regs->tpc); ++ printk(KERN_WARNING "TPC<%pA>\n", (void *) regs->tpc); + } + + struct sun4v_error_entry { +@@ -1961,9 +1972,9 @@ void sun4v_itlb_error_report(struct pt_r + + printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n", + regs->tpc, tl); +- printk(KERN_EMERG "SUN4V-ITLB: TPC<%pS>\n", (void *) regs->tpc); ++ printk(KERN_EMERG "SUN4V-ITLB: TPC<%pA>\n", (void *) regs->tpc); + printk(KERN_EMERG "SUN4V-ITLB: O7[%lx]\n", regs->u_regs[UREG_I7]); +- printk(KERN_EMERG "SUN4V-ITLB: O7<%pS>\n", ++ printk(KERN_EMERG "SUN4V-ITLB: O7<%pA>\n", + (void *) regs->u_regs[UREG_I7]); + printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] " + "pte[%lx] error[%lx]\n", +@@ -1985,9 +1996,9 @@ void sun4v_dtlb_error_report(struct pt_r + + printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n", + regs->tpc, tl); +- printk(KERN_EMERG "SUN4V-DTLB: TPC<%pS>\n", (void *) regs->tpc); ++ printk(KERN_EMERG "SUN4V-DTLB: TPC<%pA>\n", (void *) regs->tpc); + printk(KERN_EMERG "SUN4V-DTLB: O7[%lx]\n", regs->u_regs[UREG_I7]); +- printk(KERN_EMERG "SUN4V-DTLB: O7<%pS>\n", ++ printk(KERN_EMERG "SUN4V-DTLB: O7<%pA>\n", + (void *) regs->u_regs[UREG_I7]); + printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] " + "pte[%lx] error[%lx]\n", +@@ -2191,7 +2202,7 @@ void show_stack(struct task_struct *tsk, + fp = (unsigned long)sf->fp + STACK_BIAS; + } + +- printk(" [%016lx] %pS\n", pc, (void *) pc); ++ printk(" [%016lx] %pA\n", pc, (void *) pc); + } while (++count < 16); + } + +@@ -2260,7 +2271,7 @@ void die_if_kernel(char *str, struct pt_ + while (rw && + count++ < 30&& + is_kernel_stack(current, rw)) { +- printk("Caller[%016lx]: %pS\n", rw->ins[7], ++ printk("Caller[%016lx]: %pA\n", rw->ins[7], + (void *) rw->ins[7]); + + rw = kernel_stack_up(rw); +diff -urNp linux-2.6.32.25/arch/sparc/kernel/unaligned_64.c linux-2.6.32.25/arch/sparc/kernel/unaligned_64.c +--- linux-2.6.32.25/arch/sparc/kernel/unaligned_64.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/arch/sparc/kernel/unaligned_64.c 2010-11-13 16:14:30.000000000 -0500 +@@ -288,7 +288,7 @@ static void log_unaligned(struct pt_regs + if (count < 5) { + last_time = jiffies; + count++; +- printk("Kernel unaligned access at TPC[%lx] %pS\n", ++ printk("Kernel unaligned access at TPC[%lx] %pA\n", + regs->tpc, (void *) regs->tpc); + } + } diff -urNp linux-2.6.32.25/arch/sparc/lib/atomic_64.S linux-2.6.32.25/arch/sparc/lib/atomic_64.S --- linux-2.6.32.25/arch/sparc/lib/atomic_64.S 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/arch/sparc/lib/atomic_64.S 2010-10-23 19:59:19.000000000 -0400 @@ -4631,7 +4842,7 @@ diff -urNp linux-2.6.32.25/arch/sparc/mm/fault_32.c linux-2.6.32.25/arch/sparc/m goto bad_area; diff -urNp linux-2.6.32.25/arch/sparc/mm/fault_64.c linux-2.6.32.25/arch/sparc/mm/fault_64.c --- linux-2.6.32.25/arch/sparc/mm/fault_64.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/arch/sparc/mm/fault_64.c 2010-10-23 19:59:19.000000000 -0400 ++++ linux-2.6.32.25/arch/sparc/mm/fault_64.c 2010-11-13 16:14:49.000000000 -0500 @@ -20,6 +20,9 @@ #include <linux/kprobes.h> #include <linux/kdebug.h> @@ -4642,6 +4853,15 @@ diff -urNp linux-2.6.32.25/arch/sparc/mm/fault_64.c linux-2.6.32.25/arch/sparc/m #include <asm/page.h> #include <asm/pgtable.h> +@@ -78,7 +81,7 @@ static void bad_kernel_pc(struct pt_regs + printk(KERN_CRIT "OOPS: Bogus kernel PC [%016lx] in fault handler\n", + regs->tpc); + printk(KERN_CRIT "OOPS: RPC [%016lx]\n", regs->u_regs[15]); +- printk("OOPS: RPC <%pS>\n", (void *) regs->u_regs[15]); ++ printk("OOPS: RPC <%pA>\n", (void *) regs->u_regs[15]); + printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr); + dump_stack(); + unhandled_fault(regs->tpc, current, regs); @@ -249,6 +252,456 @@ static void noinline bogus_32bit_fault_a show_regs(regs); } @@ -8037,6 +8257,18 @@ diff -urNp linux-2.6.32.25/arch/x86/include/asm/page_32_types.h linux-2.6.32.25/ #ifdef CONFIG_4KSTACKS #define THREAD_ORDER 0 #else +diff -urNp linux-2.6.32.25/arch/x86/include/asm/page_64_types.h linux-2.6.32.25/arch/x86/include/asm/page_64_types.h +--- linux-2.6.32.25/arch/x86/include/asm/page_64_types.h 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/arch/x86/include/asm/page_64_types.h 2010-11-11 18:18:52.000000000 -0500 +@@ -56,7 +56,7 @@ void copy_page(void *to, void *from); + + /* duplicated to the one in bootmem.h */ + extern unsigned long max_pfn; +-extern unsigned long phys_base; ++extern const unsigned long phys_base; + + extern unsigned long __phys_addr(unsigned long); + #define __phys_reloc_hide(x) (x) diff -urNp linux-2.6.32.25/arch/x86/include/asm/paravirt.h linux-2.6.32.25/arch/x86/include/asm/paravirt.h --- linux-2.6.32.25/arch/x86/include/asm/paravirt.h 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/arch/x86/include/asm/paravirt.h 2010-10-23 19:59:19.000000000 -0400 @@ -10316,7 +10548,7 @@ diff -urNp linux-2.6.32.25/arch/x86/kernel/asm-offsets_64.c linux-2.6.32.25/arch DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx)); diff -urNp linux-2.6.32.25/arch/x86/kernel/cpu/common.c linux-2.6.32.25/arch/x86/kernel/cpu/common.c --- linux-2.6.32.25/arch/x86/kernel/cpu/common.c 2010-10-31 16:44:11.000000000 -0400 -+++ linux-2.6.32.25/arch/x86/kernel/cpu/common.c 2010-10-31 16:44:24.000000000 -0400 ++++ linux-2.6.32.25/arch/x86/kernel/cpu/common.c 2010-11-11 18:18:52.000000000 -0500 @@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitcon static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu; @@ -10416,7 +10648,15 @@ diff -urNp linux-2.6.32.25/arch/x86/kernel/cpu/common.c linux-2.6.32.25/arch/x86 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1199,7 +1149,7 @@ void __cpuinit cpu_init(void) +@@ -1136,7 +1086,6 @@ void __cpuinit cpu_init(void) + wrmsrl(MSR_KERNEL_GS_BASE, 0); + barrier(); + +- check_efer(); + if (cpu != 0) + enable_x2apic(); + +@@ -1199,7 +1148,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -10828,7 +11068,16 @@ diff -urNp linux-2.6.32.25/arch/x86/kernel/dumpstack_32.c linux-2.6.32.25/arch/x if (probe_kernel_address((unsigned short *)ip, ud2)) diff -urNp linux-2.6.32.25/arch/x86/kernel/dumpstack.c linux-2.6.32.25/arch/x86/kernel/dumpstack.c --- linux-2.6.32.25/arch/x86/kernel/dumpstack.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/arch/x86/kernel/dumpstack.c 2010-10-23 19:59:19.000000000 -0400 ++++ linux-2.6.32.25/arch/x86/kernel/dumpstack.c 2010-11-13 16:11:22.000000000 -0500 +@@ -28,7 +28,7 @@ static int die_counter; + + void printk_address(unsigned long address, int reliable) + { +- printk(" [<%p>] %s%pS\n", (void *) address, ++ printk(" [<%p>] %s%pA\n", (void *) address, + reliable ? "" : "? ", (void *) address); + } + @@ -180,7 +180,7 @@ void dump_stack(void) #endif @@ -13343,7 +13592,7 @@ diff -urNp linux-2.6.32.25/arch/x86/kernel/pci-swiotlb.c linux-2.6.32.25/arch/x8 .free_coherent = swiotlb_free_coherent, diff -urNp linux-2.6.32.25/arch/x86/kernel/process_32.c linux-2.6.32.25/arch/x86/kernel/process_32.c --- linux-2.6.32.25/arch/x86/kernel/process_32.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/arch/x86/kernel/process_32.c 2010-10-23 19:59:19.000000000 -0400 ++++ linux-2.6.32.25/arch/x86/kernel/process_32.c 2010-11-13 16:20:05.000000000 -0500 @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __as unsigned long thread_saved_pc(struct task_struct *tsk) { @@ -17598,7 +17847,7 @@ diff -urNp linux-2.6.32.25/arch/x86/mm/extable.c linux-2.6.32.25/arch/x86/mm/ext pnp_bios_is_utter_crap = 1; diff -urNp linux-2.6.32.25/arch/x86/mm/fault.c linux-2.6.32.25/arch/x86/mm/fault.c --- linux-2.6.32.25/arch/x86/mm/fault.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/arch/x86/mm/fault.c 2010-10-23 19:59:24.000000000 -0400 ++++ linux-2.6.32.25/arch/x86/mm/fault.c 2010-11-13 16:11:35.000000000 -0500 @@ -11,10 +11,19 @@ #include <linux/kprobes.h> /* __kprobes, ... */ #include <linux/mmiotrace.h> /* kmmio_handler, ... */ @@ -17993,7 +18242,7 @@ diff -urNp linux-2.6.32.25/arch/x86/mm/fault.c linux-2.6.32.25/arch/x86/mm/fault + } + if (address < PAX_USER_SHADOW_BASE) { + printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); -+ printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); ++ printk(KERN_ERR "PAX: faulting IP: %pA\n", (void *)regs->ip); + show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); + } else + address -= PAX_USER_SHADOW_BASE; @@ -18869,7 +19118,7 @@ diff -urNp linux-2.6.32.25/arch/x86/mm/init_64.c linux-2.6.32.25/arch/x86/mm/ini return "[vsyscall]"; diff -urNp linux-2.6.32.25/arch/x86/mm/init.c linux-2.6.32.25/arch/x86/mm/init.c --- linux-2.6.32.25/arch/x86/mm/init.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/arch/x86/mm/init.c 2010-10-23 19:59:19.000000000 -0400 ++++ linux-2.6.32.25/arch/x86/mm/init.c 2010-11-11 18:18:52.000000000 -0500 @@ -69,11 +69,7 @@ static void __init find_early_table_spac * cause a hotspot and fill up ZONE_DMA. The page tables * need roughly 0.5KB per GB. @@ -18907,7 +19156,7 @@ diff -urNp linux-2.6.32.25/arch/x86/mm/init.c linux-2.6.32.25/arch/x86/mm/init.c return 1; if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; -@@ -379,6 +381,88 @@ void free_init_pages(char *what, unsigne +@@ -379,6 +381,86 @@ void free_init_pages(char *what, unsigne void free_initmem(void) { @@ -18985,8 +19234,6 @@ diff -urNp linux-2.6.32.25/arch/x86/mm/init.c linux-2.6.32.25/arch/x86/mm/init.c + continue; + if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata))) + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW)); -+ else -+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask))); + } +#endif + @@ -20652,7 +20899,7 @@ diff -urNp linux-2.6.32.25/block/blk-iopoll.c linux-2.6.32.25/block/blk-iopoll.c int rearm = 0, budget = blk_iopoll_budget; diff -urNp linux-2.6.32.25/block/blk-map.c linux-2.6.32.25/block/blk-map.c --- linux-2.6.32.25/block/blk-map.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/block/blk-map.c 2010-10-23 19:59:19.000000000 -0400 ++++ linux-2.6.32.25/block/blk-map.c 2010-11-11 18:23:36.000000000 -0500 @@ -54,7 +54,7 @@ static int __blk_rq_map_user(struct requ * direct dma. else, set up kernel bounce buffers */ @@ -20662,7 +20909,16 @@ diff -urNp linux-2.6.32.25/block/blk-map.c linux-2.6.32.25/block/blk-map.c bio = bio_map_user(q, NULL, uaddr, len, reading, gfp_mask); else bio = bio_copy_user(q, map_data, uaddr, len, reading, gfp_mask); -@@ -297,7 +297,7 @@ int blk_rq_map_kern(struct request_queue +@@ -205,6 +205,8 @@ int blk_rq_map_user_iov(struct request_q + unaligned = 1; + break; + } ++ if (!iov[i].iov_len) ++ return -EINVAL; + } + + if (unaligned || (q->dma_pad_mask & len) || map_data) +@@ -297,7 +299,7 @@ int blk_rq_map_kern(struct request_queue if (!len || !kbuf) return -EINVAL; @@ -20707,6 +20963,67 @@ diff -urNp linux-2.6.32.25/block/elevator.c linux-2.6.32.25/block/elevator.c .show = elv_attr_show, .store = elv_attr_store, }; +diff -urNp linux-2.6.32.25/block/scsi_ioctl.c linux-2.6.32.25/block/scsi_ioctl.c +--- linux-2.6.32.25/block/scsi_ioctl.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/block/scsi_ioctl.c 2010-11-11 18:32:50.000000000 -0500 +@@ -319,33 +319,47 @@ static int sg_io(struct request_queue *q + if (hdr->iovec_count) { + const int size = sizeof(struct sg_iovec) * hdr->iovec_count; + size_t iov_data_len; +- struct sg_iovec *iov; ++ struct sg_iovec *sg_iov; ++ struct iovec *iov; ++ int i; + +- iov = kmalloc(size, GFP_KERNEL); +- if (!iov) { ++ sg_iov = kmalloc(size, GFP_KERNEL); ++ if (!sg_iov) { + ret = -ENOMEM; + goto out; + } + +- if (copy_from_user(iov, hdr->dxferp, size)) { +- kfree(iov); ++ if (copy_from_user(sg_iov, hdr->dxferp, size)) { ++ kfree(sg_iov); + ret = -EFAULT; + goto out; + } + ++ /* ++ * Sum up the vecs, making sure they don't overflow ++ */ ++ iov = (struct iovec *) sg_iov; ++ iov_data_len = 0; ++ for (i = 0; i < hdr->iovec_count; i++) { ++ if (iov_data_len + iov[i].iov_len < iov_data_len) { ++ kfree(sg_iov); ++ ret = -EINVAL; ++ goto out; ++ } ++ iov_data_len += iov[i].iov_len; ++ } ++ + /* SG_IO howto says that the shorter of the two wins */ +- iov_data_len = iov_length((struct iovec *)iov, +- hdr->iovec_count); + if (hdr->dxfer_len < iov_data_len) { +- hdr->iovec_count = iov_shorten((struct iovec *)iov, ++ hdr->iovec_count = iov_shorten(iov, + hdr->iovec_count, + hdr->dxfer_len); + iov_data_len = hdr->dxfer_len; + } + +- ret = blk_rq_map_user_iov(q, rq, NULL, iov, hdr->iovec_count, ++ ret = blk_rq_map_user_iov(q, rq, NULL, sg_iov, hdr->iovec_count, + iov_data_len, GFP_KERNEL); +- kfree(iov); ++ kfree(sg_iov); + } else if (hdr->dxfer_len) + ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len, + GFP_KERNEL); diff -urNp linux-2.6.32.25/crypto/lrw.c linux-2.6.32.25/crypto/lrw.c --- linux-2.6.32.25/crypto/lrw.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/crypto/lrw.c 2010-10-23 19:59:19.000000000 -0400 @@ -31216,7 +31533,7 @@ diff -urNp linux-2.6.32.25/fs/binfmt_misc.c linux-2.6.32.25/fs/binfmt_misc.c if (!err) diff -urNp linux-2.6.32.25/fs/bio.c linux-2.6.32.25/fs/bio.c --- linux-2.6.32.25/fs/bio.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/fs/bio.c 2010-10-23 19:59:20.000000000 -0400 ++++ linux-2.6.32.25/fs/bio.c 2010-11-11 18:30:46.000000000 -0500 @@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_cr i = 0; @@ -31226,7 +31543,66 @@ diff -urNp linux-2.6.32.25/fs/bio.c linux-2.6.32.25/fs/bio.c if (!bslab->slab && entry == -1) entry = i; -@@ -1217,7 +1217,7 @@ static void bio_copy_kern_endio(struct b +@@ -371,6 +371,9 @@ struct bio *bio_kmalloc(gfp_t gfp_mask, + { + struct bio *bio; + ++ if (nr_iovecs > UIO_MAXIOV) ++ return NULL; ++ + bio = kmalloc(sizeof(struct bio) + nr_iovecs * sizeof(struct bio_vec), + gfp_mask); + if (unlikely(!bio)) +@@ -701,8 +704,12 @@ static void bio_free_map_data(struct bio + static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count, + gfp_t gfp_mask) + { +- struct bio_map_data *bmd = kmalloc(sizeof(*bmd), gfp_mask); ++ struct bio_map_data *bmd; + ++ if (iov_count > UIO_MAXIOV) ++ return NULL; ++ ++ bmd = kmalloc(sizeof(*bmd), gfp_mask); + if (!bmd) + return NULL; + +@@ -831,6 +838,12 @@ struct bio *bio_copy_user_iov(struct req + end = (uaddr + iov[i].iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT; + start = uaddr >> PAGE_SHIFT; + ++ /* ++ * Overflow, abort ++ */ ++ if (end < start) ++ return ERR_PTR(-EINVAL); ++ + nr_pages += end - start; + len += iov[i].iov_len; + } +@@ -958,6 +971,12 @@ static struct bio *__bio_map_user_iov(st + unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; + unsigned long start = uaddr >> PAGE_SHIFT; + ++ /* ++ * Overflow, abort ++ */ ++ if (end < start) ++ return ERR_PTR(-EINVAL); ++ + nr_pages += end - start; + /* + * buffer must be aligned to at least hardsector size for now +@@ -985,7 +1004,7 @@ static struct bio *__bio_map_user_iov(st + unsigned long start = uaddr >> PAGE_SHIFT; + const int local_nr_pages = end - start; + const int page_limit = cur_page + local_nr_pages; +- ++ + ret = get_user_pages_fast(uaddr, local_nr_pages, + write_to_vm, &pages[cur_page]); + if (ret < local_nr_pages) { +@@ -1217,7 +1236,7 @@ static void bio_copy_kern_endio(struct b const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; int i; @@ -35715,7 +36091,7 @@ diff -urNp linux-2.6.32.25/fs/utimes.c linux-2.6.32.25/fs/utimes.c mutex_unlock(&inode->i_mutex); diff -urNp linux-2.6.32.25/fs/xfs/linux-2.6/xfs_ioctl.c linux-2.6.32.25/fs/xfs/linux-2.6/xfs_ioctl.c --- linux-2.6.32.25/fs/xfs/linux-2.6/xfs_ioctl.c 2010-09-26 17:26:05.000000000 -0400 -+++ linux-2.6.32.25/fs/xfs/linux-2.6/xfs_ioctl.c 2010-10-23 19:59:20.000000000 -0400 ++++ linux-2.6.32.25/fs/xfs/linux-2.6/xfs_ioctl.c 2010-11-13 15:38:01.000000000 -0500 @@ -134,7 +134,7 @@ xfs_find_handle( } @@ -35725,6 +36101,15 @@ diff -urNp linux-2.6.32.25/fs/xfs/linux-2.6/xfs_ioctl.c linux-2.6.32.25/fs/xfs/l copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32))) goto out_put; +@@ -423,7 +423,7 @@ xfs_attrlist_by_handle( + if (IS_ERR(dentry)) + return PTR_ERR(dentry); + +- kbuf = kmalloc(al_hreq.buflen, GFP_KERNEL); ++ kbuf = kzalloc(al_hreq.buflen, GFP_KERNEL); + if (!kbuf) + goto out_dput; + diff -urNp linux-2.6.32.25/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.32.25/fs/xfs/linux-2.6/xfs_iops.c --- linux-2.6.32.25/fs/xfs/linux-2.6/xfs_iops.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/fs/xfs/linux-2.6/xfs_iops.c 2010-10-23 19:59:20.000000000 -0400 @@ -44160,8 +44545,8 @@ diff -urNp linux-2.6.32.25/grsecurity/grsum.c linux-2.6.32.25/grsecurity/grsum.c +} diff -urNp linux-2.6.32.25/grsecurity/Kconfig linux-2.6.32.25/grsecurity/Kconfig --- linux-2.6.32.25/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.25/grsecurity/Kconfig 2010-10-23 19:59:20.000000000 -0400 -@@ -0,0 +1,995 @@ ++++ linux-2.6.32.25/grsecurity/Kconfig 2010-11-13 15:07:17.000000000 -0500 +@@ -0,0 +1,999 @@ +# +# grecurity configuration +# @@ -44482,7 +44867,8 @@ diff -urNp linux-2.6.32.25/grsecurity/Kconfig linux-2.6.32.25/grsecurity/Kconfig + Note that this option is only effective provided the following + conditions are met: + 1) The kernel using grsecurity is not precompiled by some distribution -+ 2) You are using the RBAC system and hiding other files such as your ++ 2) You have also enabled GRKERNSEC_DMESG ++ 3) You are using the RBAC system and hiding other files such as your + kernel image and System.map. Alternatively, enabling this option + causes the permissions on /boot, /lib/modules, and the kernel + source directory to change at compile time to prevent @@ -44902,6 +45288,9 @@ diff -urNp linux-2.6.32.25/grsecurity/Kconfig linux-2.6.32.25/grsecurity/Kconfig + help + If you say Y here, non-root users will not be able to use dmesg(8) + to view up to the last 4kb of messages in the kernel's log buffer. ++ The kernel's log buffer often contains kernel addresses and other ++ identifying information useful to an attacker in fingerprinting a ++ system for a targeted exploit. + If the sysctl option is enabled, a sysctl option with name "dmesg" is + created. + @@ -47565,23 +47954,28 @@ diff -urNp linux-2.6.32.25/include/linux/jbd.h linux-2.6.32.25/include/linux/jbd static inline void *jbd_alloc(size_t size, gfp_t flags) diff -urNp linux-2.6.32.25/include/linux/kallsyms.h linux-2.6.32.25/include/linux/kallsyms.h --- linux-2.6.32.25/include/linux/kallsyms.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/include/linux/kallsyms.h 2010-10-23 19:59:20.000000000 -0400 ++++ linux-2.6.32.25/include/linux/kallsyms.h 2010-11-13 16:38:15.000000000 -0500 @@ -15,7 +15,8 @@ struct module; -#ifdef CONFIG_KALLSYMS -+#ifndef __INCLUDED_BY_HIDESYM ++#if !defined(__INCLUDED_BY_HIDESYM) && defined(CONFIG_KALLSYMS) +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) /* Lookup the address for a symbol. Returns 0 if not found. */ unsigned long kallsyms_lookup_name(const char *name); -@@ -92,6 +93,9 @@ static inline int lookup_symbol_attrs(un +@@ -92,6 +93,14 @@ static inline int lookup_symbol_attrs(un /* Stupid that this does nothing, but I didn't create this mess. */ #define __print_symbol(fmt, addr) #endif /*CONFIG_KALLSYMS*/ -+#else /* when included by kallsyms.c, with HIDESYM enabled */ ++#else /* when included by kallsyms.c or vsnprintf.c, with HIDESYM enabled */ +extern void __print_symbol(const char *fmt, unsigned long address); ++extern int sprint_symbol(char *buffer, unsigned long address); ++const char *kallsyms_lookup(unsigned long addr, ++ unsigned long *symbolsize, ++ unsigned long *offset, ++ char **modname, char *namebuf); +#endif /* This macro allows us to keep printk typechecking */ @@ -51101,14 +51495,23 @@ diff -urNp linux-2.6.32.25/kernel/module.c linux-2.6.32.25/kernel/module.c return mod; diff -urNp linux-2.6.32.25/kernel/panic.c linux-2.6.32.25/kernel/panic.c --- linux-2.6.32.25/kernel/panic.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/kernel/panic.c 2010-10-23 19:59:20.000000000 -0400 ++++ linux-2.6.32.25/kernel/panic.c 2010-11-13 16:16:59.000000000 -0500 +@@ -352,7 +352,7 @@ static void warn_slowpath_common(const c + const char *board; + + printk(KERN_WARNING "------------[ cut here ]------------\n"); +- printk(KERN_WARNING "WARNING: at %s:%d %pS()\n", file, line, caller); ++ printk(KERN_WARNING "WARNING: at %s:%d %pA()\n", file, line, caller); + board = dmi_get_system_info(DMI_PRODUCT_NAME); + if (board) + printk(KERN_WARNING "Hardware name: %s\n", board); @@ -392,7 +392,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { - panic("stack-protector: Kernel stack is corrupted in: %p\n", + dump_stack(); -+ panic("stack-protector: Kernel stack is corrupted in: %pS\n", ++ panic("stack-protector: Kernel stack is corrupted in: %pA\n", __builtin_return_address(0)); } EXPORT_SYMBOL(__stack_chk_fail); @@ -51171,7 +51574,7 @@ diff -urNp linux-2.6.32.25/kernel/pid.c linux-2.6.32.25/kernel/pid.c struct task_struct *find_task_by_vpid(pid_t vnr) diff -urNp linux-2.6.32.25/kernel/posix-cpu-timers.c linux-2.6.32.25/kernel/posix-cpu-timers.c --- linux-2.6.32.25/kernel/posix-cpu-timers.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/kernel/posix-cpu-timers.c 2010-10-23 19:59:20.000000000 -0400 ++++ linux-2.6.32.25/kernel/posix-cpu-timers.c 2010-11-13 16:25:35.000000000 -0500 @@ -6,6 +6,7 @@ #include <linux/posix-timers.h> #include <linux/errno.h> @@ -51180,22 +51583,6 @@ diff -urNp linux-2.6.32.25/kernel/posix-cpu-timers.c linux-2.6.32.25/kernel/posi #include <asm/uaccess.h> #include <linux/kernel_stat.h> #include <trace/events/timer.h> -@@ -1035,6 +1036,7 @@ static void check_thread_timers(struct t - unsigned long hard = sig->rlim[RLIMIT_RTTIME].rlim_max; - unsigned long *soft = &sig->rlim[RLIMIT_RTTIME].rlim_cur; - -+ gr_learn_resource(tsk, RLIMIT_RTTIME, tsk->rt.timeout * (USEC_PER_SEC/HZ), 1); - if (hard != RLIM_INFINITY && - tsk->rt.timeout > DIV_ROUND_UP(hard, USEC_PER_SEC/HZ)) { - /* -@@ -1198,6 +1200,7 @@ static void check_process_timers(struct - if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { - unsigned long psecs = cputime_to_secs(ptime); - cputime_t x; -+ gr_learn_resource(tsk, RLIMIT_CPU, psecs, 0); - if (psecs >= sig->rlim[RLIMIT_CPU].rlim_max) { - /* - * At the hard limit, we just die. diff -urNp linux-2.6.32.25/kernel/power/hibernate.c linux-2.6.32.25/kernel/power/hibernate.c --- linux-2.6.32.25/kernel/power/hibernate.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/kernel/power/hibernate.c 2010-10-23 19:59:20.000000000 -0400 @@ -52422,8 +52809,18 @@ diff -urNp linux-2.6.32.25/lib/random32.c linux-2.6.32.25/lib/random32.c /** diff -urNp linux-2.6.32.25/lib/vsprintf.c linux-2.6.32.25/lib/vsprintf.c --- linux-2.6.32.25/lib/vsprintf.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/lib/vsprintf.c 2010-10-23 19:59:20.000000000 -0400 -@@ -551,7 +551,7 @@ static char *string(char *buf, char *end ++++ linux-2.6.32.25/lib/vsprintf.c 2010-11-13 16:10:54.000000000 -0500 +@@ -16,6 +16,9 @@ + * - scnprintf and vscnprintf + */ + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++#define __INCLUDED_BY_HIDESYM 1 ++#endif + #include <stdarg.h> + #include <linux/module.h> + #include <linux/types.h> +@@ -551,7 +554,7 @@ static char *string(char *buf, char *end int len, i; if ((unsigned long)s < PAGE_SIZE) @@ -52432,7 +52829,25 @@ diff -urNp linux-2.6.32.25/lib/vsprintf.c linux-2.6.32.25/lib/vsprintf.c len = strnlen(s, spec.precision); -@@ -822,7 +822,7 @@ static char *pointer(const char *fmt, ch +@@ -581,7 +584,7 @@ static char *symbol_string(char *buf, ch + unsigned long value = (unsigned long) ptr; + #ifdef CONFIG_KALLSYMS + char sym[KSYM_SYMBOL_LEN]; +- if (ext != 'f' && ext != 's') ++ if (ext != 'f' && ext != 's' && ext != 'a') + sprint_symbol(sym, value); + else + kallsyms_lookup(value, NULL, NULL, NULL, sym); +@@ -801,6 +804,8 @@ static char *ip4_addr_string(char *buf, + * - 'f' For simple symbolic function names without offset + * - 'S' For symbolic direct pointers with offset + * - 's' For symbolic direct pointers without offset ++ * - 'A' For symbolic direct pointers with offset approved for use with GRKERNSEC_HIDESYM ++ * - 'a' For symbolic direct pointers without offset approved for use with GRKERNSEC_HIDESYM + * - 'R' For a struct resource pointer, it prints the range of + * addresses (not the name nor the flags) + * - 'M' For a 6-byte MAC address, it prints the address in the +@@ -822,7 +827,7 @@ static char *pointer(const char *fmt, ch struct printf_spec spec) { if (!ptr) @@ -52441,7 +52856,22 @@ diff -urNp linux-2.6.32.25/lib/vsprintf.c linux-2.6.32.25/lib/vsprintf.c switch (*fmt) { case 'F': -@@ -1445,7 +1445,7 @@ do { \ +@@ -831,6 +836,14 @@ static char *pointer(const char *fmt, ch + case 's': + /* Fallthrough */ + case 'S': ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ break; ++#else ++ return symbol_string(buf, end, ptr, spec, *fmt); ++#endif ++ case 'a': ++ /* Fallthrough */ ++ case 'A': + return symbol_string(buf, end, ptr, spec, *fmt); + case 'R': + return resource_string(buf, end, ptr, spec); +@@ -1445,7 +1458,7 @@ do { \ size_t len; if ((unsigned long)save_str > (unsigned long)-PAGE_SIZE || (unsigned long)save_str < PAGE_SIZE) @@ -52644,6 +53074,18 @@ diff -urNp linux-2.6.32.25/mm/Kconfig linux-2.6.32.25/mm/Kconfig help This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages +diff -urNp linux-2.6.32.25/mm/kmemleak.c linux-2.6.32.25/mm/kmemleak.c +--- linux-2.6.32.25/mm/kmemleak.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/mm/kmemleak.c 2010-11-13 16:17:48.000000000 -0500 +@@ -358,7 +358,7 @@ static void print_unreferenced(struct se + + for (i = 0; i < object->trace_len; i++) { + void *ptr = (void *)object->trace[i]; +- seq_printf(seq, " [<%p>] %pS\n", ptr, ptr); ++ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr); + } + } + diff -urNp linux-2.6.32.25/mm/maccess.c linux-2.6.32.25/mm/maccess.c --- linux-2.6.32.25/mm/maccess.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/mm/maccess.c 2010-10-23 19:59:20.000000000 -0400 @@ -53514,7 +53956,7 @@ diff -urNp linux-2.6.32.25/mm/mlock.c linux-2.6.32.25/mm/mlock.c ret = do_mlockall(flags); diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c --- linux-2.6.32.25/mm/mmap.c 2010-09-26 17:26:05.000000000 -0400 -+++ linux-2.6.32.25/mm/mmap.c 2010-11-06 18:27:12.000000000 -0400 ++++ linux-2.6.32.25/mm/mmap.c 2010-11-11 18:18:52.000000000 -0500 @@ -45,6 +45,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -54156,7 +54598,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1600,37 +1833,47 @@ static int acct_stack_growth(struct vm_a +@@ -1600,37 +1833,48 @@ static int acct_stack_growth(struct vm_a * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -54165,8 +54607,8 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c +#endif int expand_upwards(struct vm_area_struct *vma, unsigned long address) { -- int error; -+ int error, locknext; + int error; ++ bool locknext; if (!(vma->vm_flags & VM_GROWSUP)) return -EFAULT; @@ -54214,7 +54656,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c unsigned long size, grow; size = address - vma->vm_start; -@@ -1640,6 +1883,8 @@ int expand_upwards(struct vm_area_struct +@@ -1640,6 +1884,8 @@ int expand_upwards(struct vm_area_struct if (!error) vma->vm_end = address; } @@ -54223,17 +54665,16 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c anon_vma_unlock(vma); return error; } -@@ -1651,7 +1896,8 @@ int expand_upwards(struct vm_area_struct - static int expand_downwards(struct vm_area_struct *vma, +@@ -1652,6 +1898,8 @@ static int expand_downwards(struct vm_ar unsigned long address) { -- int error; -+ int error, lockprev = 0; + int error; ++ bool lockprev = false; + struct vm_area_struct *prev; /* * We must make sure the anon_vma is allocated -@@ -1665,6 +1911,15 @@ static int expand_downwards(struct vm_ar +@@ -1665,6 +1913,15 @@ static int expand_downwards(struct vm_ar if (error) return error; @@ -54249,7 +54690,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c anon_vma_lock(vma); /* -@@ -1674,9 +1929,17 @@ static int expand_downwards(struct vm_ar +@@ -1674,9 +1931,17 @@ static int expand_downwards(struct vm_ar */ /* Somebody else might have raced and expanded it already */ @@ -54268,7 +54709,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1684,9 +1947,20 @@ static int expand_downwards(struct vm_ar +@@ -1684,9 +1949,20 @@ static int expand_downwards(struct vm_ar if (!error) { vma->vm_start = address; vma->vm_pgoff -= grow; @@ -54289,7 +54730,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c return error; } -@@ -1762,6 +2036,13 @@ static void remove_vma_list(struct mm_st +@@ -1762,6 +2038,13 @@ static void remove_vma_list(struct mm_st do { long nrpages = vma_pages(vma); @@ -54303,7 +54744,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c mm->total_vm -= nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); vma = remove_vma(vma); -@@ -1807,6 +2088,16 @@ detach_vmas_to_be_unmapped(struct mm_str +@@ -1807,6 +2090,16 @@ detach_vmas_to_be_unmapped(struct mm_str insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -54320,7 +54761,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1834,10 +2125,25 @@ int split_vma(struct mm_struct * mm, str +@@ -1834,10 +2127,25 @@ int split_vma(struct mm_struct * mm, str struct mempolicy *pol; struct vm_area_struct *new; @@ -54346,7 +54787,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -1845,6 +2151,16 @@ int split_vma(struct mm_struct * mm, str +@@ -1845,6 +2153,16 @@ int split_vma(struct mm_struct * mm, str if (!new) return -ENOMEM; @@ -54363,7 +54804,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1855,8 +2171,29 @@ int split_vma(struct mm_struct * mm, str +@@ -1855,8 +2173,29 @@ int split_vma(struct mm_struct * mm, str new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -54393,7 +54834,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c kmem_cache_free(vm_area_cachep, new); return PTR_ERR(pol); } -@@ -1877,6 +2214,28 @@ int split_vma(struct mm_struct * mm, str +@@ -1877,6 +2216,28 @@ int split_vma(struct mm_struct * mm, str else vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -54422,13 +54863,13 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c return 0; } -@@ -1885,11 +2244,30 @@ int split_vma(struct mm_struct * mm, str +@@ -1885,11 +2246,30 @@ int split_vma(struct mm_struct * mm, str * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ +#ifdef CONFIG_PAX_SEGMEXEC -+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) -+{ + int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) + { + int ret = __do_munmap(mm, start, len); + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC)) + return ret; @@ -54438,9 +54879,9 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c + +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#else - int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) ++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#endif - { ++{ unsigned long end; struct vm_area_struct *vma, *prev, *last; @@ -54453,7 +54894,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -1953,6 +2331,8 @@ int do_munmap(struct mm_struct *mm, unsi +@@ -1953,6 +2333,8 @@ int do_munmap(struct mm_struct *mm, unsi /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -54462,7 +54903,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c return 0; } -@@ -1965,22 +2345,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a +@@ -1965,22 +2347,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a profile_munmap(addr); @@ -54491,7 +54932,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -1994,6 +2370,7 @@ unsigned long do_brk(unsigned long addr, +@@ -1994,6 +2372,7 @@ unsigned long do_brk(unsigned long addr, struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -54499,7 +54940,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c len = PAGE_ALIGN(len); if (!len) -@@ -2005,16 +2382,30 @@ unsigned long do_brk(unsigned long addr, +@@ -2005,16 +2384,30 @@ unsigned long do_brk(unsigned long addr, flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -54531,7 +54972,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c locked += mm->locked_vm; lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; lock_limit >>= PAGE_SHIFT; -@@ -2031,22 +2422,22 @@ unsigned long do_brk(unsigned long addr, +@@ -2031,22 +2424,22 @@ unsigned long do_brk(unsigned long addr, /* * Clear old maps. this also does some error checking for us */ @@ -54558,7 +54999,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2060,7 +2451,7 @@ unsigned long do_brk(unsigned long addr, +@@ -2060,7 +2453,7 @@ unsigned long do_brk(unsigned long addr, */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -54567,7 +55008,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c return -ENOMEM; } -@@ -2072,11 +2463,12 @@ unsigned long do_brk(unsigned long addr, +@@ -2072,11 +2465,12 @@ unsigned long do_brk(unsigned long addr, vma->vm_page_prot = vm_get_page_prot(flags); vma_link(mm, vma, prev, rb_link, rb_parent); out: @@ -54582,7 +55023,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c return addr; } -@@ -2123,8 +2515,10 @@ void exit_mmap(struct mm_struct *mm) +@@ -2123,8 +2517,10 @@ void exit_mmap(struct mm_struct *mm) * Walk the list again, actually closing and freeing it, * with preemption enabled, without holding any MM locks. */ @@ -54594,7 +55035,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); } -@@ -2138,6 +2532,10 @@ int insert_vm_struct(struct mm_struct * +@@ -2138,6 +2534,10 @@ int insert_vm_struct(struct mm_struct * struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; @@ -54605,7 +55046,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2160,7 +2558,22 @@ int insert_vm_struct(struct mm_struct * +@@ -2160,7 +2560,22 @@ int insert_vm_struct(struct mm_struct * if ((vma->vm_flags & VM_ACCOUNT) && security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -54628,7 +55069,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c return 0; } -@@ -2178,6 +2591,8 @@ struct vm_area_struct *copy_vma(struct v +@@ -2178,6 +2593,8 @@ struct vm_area_struct *copy_vma(struct v struct rb_node **rb_link, *rb_parent; struct mempolicy *pol; @@ -54637,7 +55078,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2221,6 +2636,35 @@ struct vm_area_struct *copy_vma(struct v +@@ -2221,6 +2638,35 @@ struct vm_area_struct *copy_vma(struct v return new_vma; } @@ -54673,7 +55114,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2231,7 +2675,7 @@ int may_expand_vm(struct mm_struct *mm, +@@ -2231,7 +2677,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long lim; lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; @@ -54682,7 +55123,7 @@ diff -urNp linux-2.6.32.25/mm/mmap.c linux-2.6.32.25/mm/mmap.c if (cur + npages > lim) return 0; return 1; -@@ -2300,6 +2744,17 @@ int install_special_mapping(struct mm_st +@@ -2300,6 +2746,17 @@ int install_special_mapping(struct mm_st vma->vm_start = addr; vma->vm_end = addr + len; @@ -55596,7 +56037,16 @@ diff -urNp linux-2.6.32.25/mm/slob.c linux-2.6.32.25/mm/slob.c trace_kmem_cache_free(_RET_IP_, b); diff -urNp linux-2.6.32.25/mm/slub.c linux-2.6.32.25/mm/slub.c --- linux-2.6.32.25/mm/slub.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/mm/slub.c 2010-10-23 19:59:20.000000000 -0400 ++++ linux-2.6.32.25/mm/slub.c 2010-11-13 16:17:36.000000000 -0500 +@@ -410,7 +410,7 @@ static void print_track(const char *s, s + if (!t->addr) + return; + +- printk(KERN_ERR "INFO: %s in %pS age=%lu cpu=%u pid=%d\n", ++ printk(KERN_ERR "INFO: %s in %pA age=%lu cpu=%u pid=%d\n", + s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); + } + @@ -1893,6 +1893,8 @@ void kmem_cache_free(struct kmem_cache * page = virt_to_head_page(x); @@ -56334,6 +56784,69 @@ diff -urNp linux-2.6.32.25/net/decnet/sysctl_net_decnet.c linux-2.6.32.25/net/de return -EFAULT; *lenp = len; +diff -urNp linux-2.6.32.25/net/ipv4/inet_diag.c linux-2.6.32.25/net/ipv4/inet_diag.c +--- linux-2.6.32.25/net/ipv4/inet_diag.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/net/ipv4/inet_diag.c 2010-11-13 14:53:02.000000000 -0500 +@@ -113,8 +113,13 @@ static int inet_csk_diag_fill(struct soc + r->idiag_retrans = 0; + + r->id.idiag_if = sk->sk_bound_dev_if; ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ r->id.idiag_cookie[0] = 0; ++ r->id.idiag_cookie[1] = 0; ++#else + r->id.idiag_cookie[0] = (u32)(unsigned long)sk; + r->id.idiag_cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1); ++#endif + + r->id.idiag_sport = inet->sport; + r->id.idiag_dport = inet->dport; +@@ -200,8 +205,15 @@ static int inet_twsk_diag_fill(struct in + r->idiag_family = tw->tw_family; + r->idiag_retrans = 0; + r->id.idiag_if = tw->tw_bound_dev_if; ++ ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ r->id.idiag_cookie[0] = 0; ++ r->id.idiag_cookie[1] = 0; ++#else + r->id.idiag_cookie[0] = (u32)(unsigned long)tw; + r->id.idiag_cookie[1] = (u32)(((unsigned long)tw >> 31) >> 1); ++#endif ++ + r->id.idiag_sport = tw->tw_sport; + r->id.idiag_dport = tw->tw_dport; + r->id.idiag_src[0] = tw->tw_rcv_saddr; +@@ -284,12 +296,14 @@ static int inet_diag_get_exact(struct sk + if (sk == NULL) + goto unlock; + ++#ifndef CONFIG_GRKERNSEC_HIDESYM + err = -ESTALE; + if ((req->id.idiag_cookie[0] != INET_DIAG_NOCOOKIE || + req->id.idiag_cookie[1] != INET_DIAG_NOCOOKIE) && + ((u32)(unsigned long)sk != req->id.idiag_cookie[0] || + (u32)((((unsigned long)sk) >> 31) >> 1) != req->id.idiag_cookie[1])) + goto out; ++#endif + + err = -ENOMEM; + rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) + +@@ -577,8 +591,14 @@ static int inet_diag_fill_req(struct sk_ + r->idiag_retrans = req->retrans; + + r->id.idiag_if = sk->sk_bound_dev_if; ++ ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ r->id.idiag_cookie[0] = 0; ++ r->id.idiag_cookie[1] = 0; ++#else + r->id.idiag_cookie[0] = (u32)(unsigned long)req; + r->id.idiag_cookie[1] = (u32)(((unsigned long)req >> 31) >> 1); ++#endif + + tmo = req->expires - jiffies; + if (tmo < 0) diff -urNp linux-2.6.32.25/net/ipv4/inet_hashtables.c linux-2.6.32.25/net/ipv4/inet_hashtables.c --- linux-2.6.32.25/net/ipv4/inet_hashtables.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/net/ipv4/inet_hashtables.c 2010-10-23 19:59:20.000000000 -0400 @@ -56419,6 +56932,18 @@ diff -urNp linux-2.6.32.25/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.32.2 if (*octets == NULL) { if (net_ratelimit()) printk("OOM in bsalg (%d)\n", __LINE__); +diff -urNp linux-2.6.32.25/net/ipv4/tcp.c linux-2.6.32.25/net/ipv4/tcp.c +--- linux-2.6.32.25/net/ipv4/tcp.c 2010-10-31 16:44:11.000000000 -0400 ++++ linux-2.6.32.25/net/ipv4/tcp.c 2010-11-13 15:40:16.000000000 -0500 +@@ -2117,7 +2117,7 @@ static int do_tcp_setsockopt(struct sock + /* Values greater than interface MTU won't take effect. However + * at the point when this call is done we typically don't yet + * know which interface is going to be used */ +- if (val < 8 || val > MAX_TCP_WINDOW) { ++ if (val < 64 || val > MAX_TCP_WINDOW) { + err = -EINVAL; + break; + } diff -urNp linux-2.6.32.25/net/ipv4/tcp_ipv4.c linux-2.6.32.25/net/ipv4/tcp_ipv4.c --- linux-2.6.32.25/net/ipv4/tcp_ipv4.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/net/ipv4/tcp_ipv4.c 2010-10-23 19:59:20.000000000 -0400 @@ -57328,6 +57853,23 @@ diff -urNp linux-2.6.32.25/net/phonet/af_phonet.c linux-2.6.32.25/net/phonet/af_ return -EINVAL; err = proto_register(pp->prot, 1); +diff -urNp linux-2.6.32.25/net/phonet/socket.c linux-2.6.32.25/net/phonet/socket.c +--- linux-2.6.32.25/net/phonet/socket.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/net/phonet/socket.c 2010-11-13 15:41:49.000000000 -0500 +@@ -482,7 +482,12 @@ static int pn_sock_seq_show(struct seq_f + sk->sk_state, + sk_wmem_alloc_get(sk), sk_rmem_alloc_get(sk), + sock_i_uid(sk), sock_i_ino(sk), +- atomic_read(&sk->sk_refcnt), sk, ++ atomic_read(&sk->sk_refcnt), ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ NULL, ++#else ++ sk, ++#endif + atomic_read(&sk->sk_drops), &len); + } + seq_printf(seq, "%*s\n", 127 - len, ""); diff -urNp linux-2.6.32.25/net/rds/Kconfig linux-2.6.32.25/net/rds/Kconfig --- linux-2.6.32.25/net/rds/Kconfig 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/net/rds/Kconfig 2010-10-31 16:59:12.000000000 -0400 @@ -57366,6 +57908,37 @@ diff -urNp linux-2.6.32.25/net/sctp/auth.c linux-2.6.32.25/net/sctp/auth.c break; } +diff -urNp linux-2.6.32.25/net/sctp/proc.c linux-2.6.32.25/net/sctp/proc.c +--- linux-2.6.32.25/net/sctp/proc.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.25/net/sctp/proc.c 2010-11-13 15:43:28.000000000 -0500 +@@ -213,7 +213,12 @@ static int sctp_eps_seq_show(struct seq_ + sctp_for_each_hentry(epb, node, &head->chain) { + ep = sctp_ep(epb); + sk = epb->sk; +- seq_printf(seq, "%8p %8p %-3d %-3d %-4d %-5d %5d %5lu ", ep, sk, ++ seq_printf(seq, "%8p %8p %-3d %-3d %-4d %-5d %5d %5lu ", ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ NULL, NULL, ++#else ++ ep, sk, ++#endif + sctp_sk(sk)->type, sk->sk_state, hash, + epb->bind_addr.port, + sock_i_uid(sk), sock_i_ino(sk)); +@@ -320,7 +325,12 @@ static int sctp_assocs_seq_show(struct s + seq_printf(seq, + "%8p %8p %-3d %-3d %-2d %-4d " + "%4d %8d %8d %7d %5lu %-5d %5d ", +- assoc, sk, sctp_sk(sk)->type, sk->sk_state, ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ NULL, NULL, ++#else ++ assoc, sk, ++#endif ++ sctp_sk(sk)->type, sk->sk_state, + assoc->state, hash, + assoc->assoc_id, + assoc->sndbuf_used, diff -urNp linux-2.6.32.25/net/sctp/socket.c linux-2.6.32.25/net/sctp/socket.c --- linux-2.6.32.25/net/sctp/socket.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/net/sctp/socket.c 2010-10-23 19:59:20.000000000 -0400 @@ -57743,9 +58316,40 @@ diff -urNp linux-2.6.32.25/net/wireless/wext.c linux-2.6.32.25/net/wireless/wext iwp->length += essid_compat; diff -urNp linux-2.6.32.25/net/x25/x25_facilities.c linux-2.6.32.25/net/x25/x25_facilities.c --- linux-2.6.32.25/net/x25/x25_facilities.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.25/net/x25/x25_facilities.c 2010-11-06 18:09:00.000000000 -0400 -@@ -126,15 +126,15 @@ int x25_parse_facilities(struct sk_buff ++++ linux-2.6.32.25/net/x25/x25_facilities.c 2010-11-11 18:49:23.000000000 -0500 +@@ -53,6 +53,8 @@ int x25_parse_facilities(struct sk_buff + while (len > 0) { + switch (*p & X25_FAC_CLASS_MASK) { + case X25_FAC_CLASS_A: ++ if (len < 2) ++ return 0; + switch (*p) { + case X25_FAC_REVERSE: + if((p[1] & 0x81) == 0x81) { +@@ -96,6 +98,8 @@ int x25_parse_facilities(struct sk_buff + len -= 2; + break; + case X25_FAC_CLASS_B: ++ if (len < 3) ++ return 0; + switch (*p) { + case X25_FAC_PACKET_SIZE: + facilities->pacsize_in = p[1]; +@@ -117,6 +121,8 @@ int x25_parse_facilities(struct sk_buff + len -= 3; + break; + case X25_FAC_CLASS_C: ++ if (len < 4) ++ return 0; + printk(KERN_DEBUG "X.25: unknown facility %02X, " + "values %02X, %02X, %02X\n", + p[0], p[1], p[2], p[3]); +@@ -124,26 +130,27 @@ int x25_parse_facilities(struct sk_buff + len -= 4; + break; case X25_FAC_CLASS_D: ++ if (len < p[1] + 2) ++ return 0; switch (*p) { case X25_FAC_CALLING_AE: - if (p[1] > X25_MAX_DTE_FACIL_LEN) @@ -57764,6 +58368,17 @@ diff -urNp linux-2.6.32.25/net/x25/x25_facilities.c linux-2.6.32.25/net/x25/x25_ dte_facs->called_len = p[2]; memcpy(dte_facs->called_ae, &p[3], p[1] - 1); *vc_fac_mask |= X25_MASK_CALLED_AE; + break; + default: + printk(KERN_DEBUG "X.25: unknown facility %02X," +- "length %d, values %02X, %02X, " +- "%02X, %02X\n", +- p[0], p[1], p[2], p[3], p[4], p[5]); ++ "length %d, values %02X, %02X\n", ++ p[0], p[1], p[2], p[3]); + break; + } + len -= p[1] + 2; diff -urNp linux-2.6.32.25/net/x25/x25_in.c linux-2.6.32.25/net/x25/x25_in.c --- linux-2.6.32.25/net/x25/x25_in.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.25/net/x25/x25_in.c 2010-11-06 18:14:04.000000000 -0400 diff --git a/2.6.32/4430_grsec-kconfig-default-gids.patch b/2.6.32/4430_grsec-kconfig-default-gids.patch index 0fa6de2..a0980b8 100644 --- a/2.6.32/4430_grsec-kconfig-default-gids.patch +++ b/2.6.32/4430_grsec-kconfig-default-gids.patch @@ -11,7 +11,7 @@ from shooting themselves in the foot. --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -402,7 +402,7 @@ +@@ -403,7 +403,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -20,7 +20,7 @@ from shooting themselves in the foot. config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -611,7 +611,7 @@ +@@ -612,7 +612,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -29,7 +29,7 @@ from shooting themselves in the foot. config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -794,7 +794,7 @@ +@@ -798,7 +798,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -38,7 +38,7 @@ from shooting themselves in the foot. help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -803,7 +803,7 @@ +@@ -807,7 +807,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -47,7 +47,7 @@ from shooting themselves in the foot. help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -874,7 +874,7 @@ +@@ -878,7 +878,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -56,7 +56,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -895,7 +895,7 @@ +@@ -899,7 +899,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -65,7 +65,7 @@ from shooting themselves in the foot. help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -913,7 +913,7 @@ +@@ -917,7 +917,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch index 0641ca2..da4e8b9 100644 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch @@ -21,7 +21,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> --- a/grsecurity/Kconfig +++ b/grsecurity/Kconfig -@@ -1380,6 +1380,27 @@ +@@ -1384,6 +1384,27 @@ menu "Logging Options" depends on GRKERNSEC |