Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <basile@opensource.dyc.edu>2011-01-15 09:39:13 -0500
committerAnthony G. Basile <basile@opensource.dyc.edu>2011-01-15 09:40:11 -0500
commit4329c4dd684ed732967779a87c4efa90b2b87d39 (patch)
tree1eda9041658089db8e9f8011ae04c71b8b491ea9
parentUpdate Grsec/PaX (diff)
downloadhardened-patchset-4329c4dd684ed732967779a87c4efa90b2b87d39.tar.gz
hardened-patchset-4329c4dd684ed732967779a87c4efa90b2b87d39.tar.bz2
hardened-patchset-4329c4dd684ed732967779a87c4efa90b2b87d39.zip
Update Grsec/PaX20110113
2.2.1-2.6.32.28-201101131705 2.2.1-2.6.36.3-201101131705
Diffstat
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101131705.patch (renamed from 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101120010.patch)13
-rw-r--r--2.6.36/0000_README2
-rw-r--r--2.6.36/4420_grsecurity-2.2.1-2.6.36.3-201101131705.patch (renamed from 2.6.36/4420_grsecurity-2.2.1-2.6.36.3-201101120010.patch)84
4 files changed, 87 insertions, 14 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 18950d4..2b55d09 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.1-2.6.32.28-201101120010.patch
+Patch: 4420_grsecurity-2.2.1-2.6.32.28-201101131705.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101120010.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101131705.patch
index 4ddfa14..784ca5b 100644
--- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101120010.patch
+++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101131705.patch
@@ -36492,8 +36492,8 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl_alloc.c linux-2.6.32.28/grsecurity/g
+}
diff -urNp linux-2.6.32.28/grsecurity/gracl.c linux-2.6.32.28/grsecurity/gracl.c
--- linux-2.6.32.28/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.28/grsecurity/gracl.c 2011-01-11 22:40:41.000000000 -0500
-@@ -0,0 +1,3983 @@
++++ linux-2.6.32.28/grsecurity/gracl.c 2011-01-13 16:57:58.000000000 -0500
+@@ -0,0 +1,3986 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -36644,6 +36644,8 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl.c linux-2.6.32.28/grsecurity/gracl.c
+ return !memcmp(a, b, lena);
+}
+
++/* this must be called with vfsmount_lock and dcache_lock held */
++
+static char * __our_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
+ struct dentry *root, struct vfsmount *rootmnt,
+ char *buffer, int buflen)
@@ -36655,8 +36657,6 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl.c linux-2.6.32.28/grsecurity/gracl.c
+ *--end = '\0';
+ buflen--;
+
-+ spin_lock(&vfsmount_lock);
-+
+ if (buflen < 1)
+ goto Elong;
+ /* Get '/' right */
@@ -36690,7 +36690,6 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl.c linux-2.6.32.28/grsecurity/gracl.c
+ }
+
+out:
-+ spin_unlock(&vfsmount_lock);
+ return retval;
+
+global_root:
@@ -36750,7 +36749,9 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl.c linux-2.6.32.28/grsecurity/gracl.c
+ read_unlock(&reaper->fs->lock);
+
+ spin_lock(&dcache_lock);
++ spin_lock(&vfsmount_lock);
+ res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen);
++ spin_unlock(&vfsmount_lock);
+ spin_unlock(&dcache_lock);
+
+ dput(root);
@@ -36763,8 +36764,10 @@ diff -urNp linux-2.6.32.28/grsecurity/gracl.c linux-2.6.32.28/grsecurity/gracl.c
+{
+ char *ret;
+ spin_lock(&dcache_lock);
++ spin_lock(&vfsmount_lock);
+ ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
+ PAGE_SIZE);
++ spin_unlock(&vfsmount_lock);
+ spin_unlock(&dcache_lock);
+ return ret;
+}
diff --git a/2.6.36/0000_README b/2.6.36/0000_README
index ab84404..2e68652 100644
--- a/2.6.36/0000_README
+++ b/2.6.36/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.1-2.6.36.3-201101120010.patch
+Patch: 4420_grsecurity-2.2.1-2.6.36.3-201101131705.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.36/4420_grsecurity-2.2.1-2.6.36.3-201101120010.patch b/2.6.36/4420_grsecurity-2.2.1-2.6.36.3-201101131705.patch
index 8259591..ecd20a1 100644
--- a/2.6.36/4420_grsecurity-2.2.1-2.6.36.3-201101120010.patch
+++ b/2.6.36/4420_grsecurity-2.2.1-2.6.36.3-201101131705.patch
@@ -35178,8 +35178,8 @@ diff -urNp linux-2.6.36.3/grsecurity/gracl_alloc.c linux-2.6.36.3/grsecurity/gra
+}
diff -urNp linux-2.6.36.3/grsecurity/gracl.c linux-2.6.36.3/grsecurity/gracl.c
--- linux-2.6.36.3/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.36.3/grsecurity/gracl.c 2011-01-11 22:55:00.000000000 -0500
-@@ -0,0 +1,3921 @@
++++ linux-2.6.36.3/grsecurity/gracl.c 2011-01-13 17:05:45.000000000 -0500
+@@ -0,0 +1,3991 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -35332,16 +35332,82 @@ diff -urNp linux-2.6.36.3/grsecurity/gracl.c linux-2.6.36.3/grsecurity/gracl.c
+ return !memcmp(a, b, lena);
+}
+
++static int prepend(char **buffer, int *buflen, const char *str, int namelen)
++{
++ *buflen -= namelen;
++ if (*buflen < 0)
++ return -ENAMETOOLONG;
++ *buffer -= namelen;
++ memcpy(*buffer, str, namelen);
++ return 0;
++}
++
++static int prepend_name(char **buffer, int *buflen, struct qstr *name)
++{
++ return prepend(buffer, buflen, name->name, name->len);
++}
++
++static int prepend_path(const struct path *path, struct path *root,
++ char **buffer, int *buflen)
++{
++ struct dentry *dentry = path->dentry;
++ struct vfsmount *vfsmnt = path->mnt;
++ bool slash = false;
++ int error = 0;
++
++ while (dentry != root->dentry || vfsmnt != root->mnt) {
++ struct dentry * parent;
++
++ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
++ /* Global root? */
++ if (vfsmnt->mnt_parent == vfsmnt) {
++ goto out;
++ }
++ dentry = vfsmnt->mnt_mountpoint;
++ vfsmnt = vfsmnt->mnt_parent;
++ continue;
++ }
++ parent = dentry->d_parent;
++ prefetch(parent);
++ error = prepend_name(buffer, buflen, &dentry->d_name);
++ if (!error)
++ error = prepend(buffer, buflen, "/", 1);
++ if (error)
++ break;
++
++ slash = true;
++ dentry = parent;
++ }
++
++out:
++ if (!error && !slash)
++ error = prepend(buffer, buflen, "/", 1);
++
++ return error;
++}
++
++/* this must be called with vfsmount_lock and dcache_lock held */
++
++static char *__our_d_path(const struct path *path, struct path *root,
++ char *buf, int buflen)
++{
++ char *res = buf + buflen;
++ int error;
++
++ prepend(&res, &buflen, "\0", 1);
++ error = prepend_path(path, root, &res, &buflen);
++ if (error)
++ return ERR_PTR(error);
++
++ return res;
++}
++
+static char *
+gen_full_path(struct path *path, struct path *root, char *buf, int buflen)
+{
+ char *retval;
-+ struct path old_root = *root;
-+
-+ /* __d_path modifies root, so have it modify our dummy copy
-+ */
+
-+ retval = __d_path(path, &old_root, buf, buflen);
++ retval = __our_d_path(path, root, buf, buflen);
+ if (unlikely(IS_ERR(retval)))
+ retval = strcpy(buf, "<path too long>");
+ else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
@@ -35383,7 +35449,9 @@ diff -urNp linux-2.6.36.3/grsecurity/gracl.c linux-2.6.36.3/grsecurity/gracl.c
+ get_fs_root(reaper->fs, &root);
+
+ spin_lock(&dcache_lock);
++ br_read_lock(vfsmount_lock);
+ res = gen_full_path(&path, &root, buf, buflen);
++ br_read_unlock(vfsmount_lock);
+ spin_unlock(&dcache_lock);
+
+ path_put(&root);
@@ -35395,8 +35463,10 @@ diff -urNp linux-2.6.36.3/grsecurity/gracl.c linux-2.6.36.3/grsecurity/gracl.c
+{
+ char *ret;
+ spin_lock(&dcache_lock);
++ br_read_lock(vfsmount_lock);
+ ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
+ PAGE_SIZE);
++ br_read_unlock(vfsmount_lock);
+ spin_unlock(&dcache_lock);
+ return ret;
+}