diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-07-17 16:44:49 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-07-17 16:44:49 -0400 |
commit | 95ba72dcda6599f62152830d2b03b34434f062d0 (patch) | |
tree | cee40de35833b8dede195e4e48663e61122a47a8 /3.2.23 | |
parent | Grsec/PaX: 2.9.1-2.6.32.59-201207150915 - fix stop_machine* compile error (diff) | |
download | hardened-patchset-95ba72dcda6599f62152830d2b03b34434f062d0.tar.gz hardened-patchset-95ba72dcda6599f62152830d2b03b34434f062d0.tar.bz2 hardened-patchset-95ba72dcda6599f62152830d2b03b34434f062d0.zip |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.23,3.4.5}-20120716180720120716
Diffstat (limited to '3.2.23')
-rw-r--r-- | 3.2.23/0000_README | 2 | ||||
-rw-r--r-- | 3.2.23/4420_grsecurity-2.9.1-3.2.23-201207161806.patch (renamed from 3.2.23/4420_grsecurity-2.9.1-3.2.23-201207122159.patch) | 156 | ||||
-rw-r--r-- | 3.2.23/4450_grsec-kconfig-default-gids.patch | 2 |
3 files changed, 140 insertions, 20 deletions
diff --git a/3.2.23/0000_README b/3.2.23/0000_README index 79f060b..9f100ed 100644 --- a/3.2.23/0000_README +++ b/3.2.23/0000_README @@ -10,7 +10,7 @@ Patch: 1022_linux-3.2.23.patch From: http://www.kernel.org Desc: Linux 3.2.23 -Patch: 4420_grsecurity-2.9.1-3.2.23-201207122159.patch +Patch: 4420_grsecurity-2.9.1-3.2.23-201207161806.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207122159.patch b/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207161806.patch index 7052c62..7e92b92 100644 --- a/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207122159.patch +++ b/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207161806.patch @@ -43549,6 +43549,51 @@ index cfb5543..1ae7347 100644 if (!del) { spin_lock(&rc->reloc_root_tree.lock); +diff --git a/fs/buffer.c b/fs/buffer.c +index c807931..4115eca 100644 +--- a/fs/buffer.c ++++ b/fs/buffer.c +@@ -1087,6 +1087,9 @@ grow_buffers(struct block_device *bdev, sector_t block, int size) + static struct buffer_head * + __getblk_slow(struct block_device *bdev, sector_t block, int size) + { ++ int ret; ++ struct buffer_head *bh; ++ + /* Size must be multiple of hard sectorsize */ + if (unlikely(size & (bdev_logical_block_size(bdev)-1) || + (size < 512 || size > PAGE_SIZE))) { +@@ -1099,20 +1102,21 @@ __getblk_slow(struct block_device *bdev, sector_t block, int size) + return NULL; + } + +- for (;;) { +- struct buffer_head * bh; +- int ret; ++retry: ++ bh = __find_get_block(bdev, block, size); ++ if (bh) ++ return bh; + ++ ret = grow_buffers(bdev, block, size); ++ if (ret == 0) { ++ free_more_memory(); ++ goto retry; ++ } else if (ret > 0) { + bh = __find_get_block(bdev, block, size); + if (bh) + return bh; +- +- ret = grow_buffers(bdev, block, size); +- if (ret < 0) +- return NULL; +- if (ret == 0) +- free_more_memory(); + } ++ return NULL; + } + + /* diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 622f469..e8d2d55 100644 --- a/fs/cachefiles/bind.c @@ -47162,9 +47207,18 @@ index 8392cb8..80d6193 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index 0d68f1f..f216b79 100644 +index 0d68f1f..3114738 100644 --- a/fs/locks.c +++ b/fs/locks.c +@@ -1465,7 +1465,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp) + case F_WRLCK: + return generic_add_lease(filp, arg, flp); + default: +- BUG(); ++ return -EINVAL; + } + } + EXPORT_SYMBOL(generic_setlease); @@ -2075,16 +2075,16 @@ void locks_remove_flock(struct file *filp) return; @@ -47929,6 +47983,19 @@ index c587e2d..3641eaa 100644 -const struct inode_operations ntfs_empty_inode_ops = {}; +const struct inode_operations ntfs_empty_inode_ops __read_only; +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c +index 07ee5b4..1c7d45e 100644 +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -1950,7 +1950,7 @@ static int __ocfs2_change_file_space(struct file *file, struct inode *inode, + if (ret < 0) + mlog_errno(ret); + +- if (file->f_flags & O_SYNC) ++ if (file && (file->f_flags & O_SYNC)) + handle->h_sync = 1; + + ocfs2_commit_trans(osb, handle); diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c index 210c352..a174f83 100644 --- a/fs/ocfs2/localalloc.c @@ -62988,7 +63055,7 @@ index 1d1b1e1..2a13c78 100644 #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \ diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 188cb2f..d78409b 100644 +index 188cb2f..d401c76 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -369,7 +369,7 @@ struct zone { @@ -63000,6 +63067,15 @@ index 188cb2f..d78409b 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on +@@ -652,7 +652,7 @@ typedef struct pglist_data { + range, including holes */ + int node_id; + wait_queue_head_t kswapd_wait; +- struct task_struct *kswapd; ++ struct task_struct *kswapd; /* Protected by lock_memory_hotplug() */ + int kswapd_max_order; + enum zone_type classzone_idx; + } pg_data_t; diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h index 468819c..17b9db3 100644 --- a/include/linux/mod_devicetable.h @@ -66679,10 +66755,30 @@ index 5a8a66e..ded4680 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 79ee71f..2101311 100644 +index 79ee71f..5662f54 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -282,7 +282,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -270,19 +270,24 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) + } + + err = arch_dup_task_struct(tsk, orig); +- if (err) +- goto out; + ++ /* ++ * We defer looking at err, because we will need this setup ++ * for the clean up path to work correctly. ++ */ + tsk->stack = ti; +- + setup_thread_stack(tsk, orig); ++ ++ if (err) ++ goto out; ++ + clear_user_return_notifier(tsk); + clear_tsk_need_resched(tsk); + stackend = end_of_stack(tsk); *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -66691,7 +66787,7 @@ index 79ee71f..2101311 100644 #endif /* -@@ -306,13 +306,78 @@ out: +@@ -306,13 +311,78 @@ out: } #ifdef CONFIG_MMU @@ -66772,7 +66868,7 @@ index 79ee71f..2101311 100644 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -324,8 +389,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -324,8 +394,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -66783,7 +66879,7 @@ index 79ee71f..2101311 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -341,8 +406,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -341,8 +411,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -66792,7 +66888,7 @@ index 79ee71f..2101311 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -350,54 +413,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -350,54 +418,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } @@ -66851,7 +66947,7 @@ index 79ee71f..2101311 100644 /* * Link in the new vma and copy the page table entries. -@@ -420,6 +440,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -420,6 +445,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -66883,7 +66979,7 @@ index 79ee71f..2101311 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -428,14 +473,6 @@ out: +@@ -428,14 +478,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -66898,7 +66994,7 @@ index 79ee71f..2101311 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -647,6 +684,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) +@@ -647,6 +689,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) } EXPORT_SYMBOL_GPL(get_task_mm); @@ -66925,7 +67021,7 @@ index 79ee71f..2101311 100644 /* Please note the differences between mmput and mm_release. * mmput is called whenever we stop holding onto a mm_struct, * error success whatever. -@@ -832,13 +889,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -832,13 +894,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -66941,7 +67037,7 @@ index 79ee71f..2101311 100644 return 0; } -@@ -1102,6 +1160,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1102,6 +1165,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -66951,7 +67047,7 @@ index 79ee71f..2101311 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1318,6 +1379,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1318,6 +1384,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, /* Need tasklist lock for parent etc handling! */ write_lock_irq(&tasklist_lock); @@ -66961,7 +67057,7 @@ index 79ee71f..2101311 100644 /* CLONE_PARENT re-uses the old parent */ if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) { p->real_parent = current->real_parent; -@@ -1425,6 +1489,8 @@ bad_fork_cleanup_count: +@@ -1425,6 +1494,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -66970,7 +67066,7 @@ index 79ee71f..2101311 100644 return ERR_PTR(retval); } -@@ -1525,6 +1591,8 @@ long do_fork(unsigned long clone_flags, +@@ -1525,6 +1596,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -66979,7 +67075,7 @@ index 79ee71f..2101311 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1634,7 +1702,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1634,7 +1707,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -66988,7 +67084,7 @@ index 79ee71f..2101311 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1723,7 +1791,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1723,7 +1796,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -75232,6 +75328,30 @@ index eeba3bb..820e22e 100644 if (!vas || !vms) goto err_free; +diff --git a/mm/vmscan.c b/mm/vmscan.c +index fbe2d2c..72cf498 100644 +--- a/mm/vmscan.c ++++ b/mm/vmscan.c +@@ -3090,14 +3090,17 @@ int kswapd_run(int nid) + } + + /* +- * Called by memory hotplug when all memory in a node is offlined. ++ * Called by memory hotplug when all memory in a node is offlined. Caller must ++ * hold lock_memory_hotplug(). + */ + void kswapd_stop(int nid) + { + struct task_struct *kswapd = NODE_DATA(nid)->kswapd; + +- if (kswapd) ++ if (kswapd) { + kthread_stop(kswapd); ++ NODE_DATA(nid)->kswapd = NULL; ++ } + } + + static int __init kswapd_init(void) diff --git a/mm/vmstat.c b/mm/vmstat.c index 8fd603b..cf0d930 100644 --- a/mm/vmstat.c diff --git a/3.2.23/4450_grsec-kconfig-default-gids.patch b/3.2.23/4450_grsec-kconfig-default-gids.patch index 545e82e..0ab1250 100644 --- a/3.2.23/4450_grsec-kconfig-default-gids.patch +++ b/3.2.23/4450_grsec-kconfig-default-gids.patch @@ -12,7 +12,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-12-12 16:54:30.000000000 -0500 +++ b/grsecurity/Kconfig 2011-12-12 16:55:09.000000000 -0500 -@@ -443,7 +443,7 @@ +@@ -249,7 +249,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP |