Grsec/PaX: 2.2.2-2.6.32.46-201109261052 + 2.2.2-3.0.4-201109261052.patch20110926

4 files changed, 98 insertions, 30 deletions

diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index e3aa423..4cb87d7 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
+Patch:	4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
index 0d9b6ae..bab9029 100644
--- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109240842.patch
+++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.46-201109261052.patch
@@ -56495,8 +56495,8 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_link.c linux-2.6.32.46/grsecurity/gr
 +}
 diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grsec_log.c
 --- linux-2.6.32.46/grsecurity/grsec_log.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.32.46/grsecurity/grsec_log.c	2011-09-14 23:16:01.000000000 -0400
-@@ -0,0 +1,313 @@
++++ linux-2.6.32.46/grsecurity/grsec_log.c	2011-09-26 10:44:49.000000000 -0400
+@@ -0,0 +1,315 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/file.h>
@@ -56549,6 +56549,7 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs
 +	char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
 +	char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
 +	char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
 +	unsigned long curr_secs = get_seconds();
 +
 +	if (audit == GR_DO_AUDIT)
@@ -56557,18 +56558,19 @@ diff -urNp linux-2.6.32.46/grsecurity/grsec_log.c linux-2.6.32.46/grsecurity/grs
 +	if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
 +		grsec_alert_wtime = curr_secs;
 +		grsec_alert_fyet = 0;
-+	} else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
-+		if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
-+			grsec_alert_fyet++;
-+		} else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
-+			grsec_alert_wtime = curr_secs;
-+			grsec_alert_fyet++;
-+			printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
-+			return FLOODING;
-+		}
-+	} else return FLOODING;
++	} else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
++		    && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
++		grsec_alert_fyet++;
++	} else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++		grsec_alert_wtime = curr_secs;
++		grsec_alert_fyet++;
++		printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++		return FLOODING;
++	}
++	else return FLOODING;
 +
 +set_fmt:
++#endif
 +	memset(buf, 0, PAGE_SIZE);
 +	if (current->signal->curr_ip && gr_acl_is_enabled()) {
 +		sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
@@ -73053,7 +73055,7 @@ diff -urNp linux-2.6.32.46/mm/slob.c linux-2.6.32.46/mm/slob.c
  
 diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
 --- linux-2.6.32.46/mm/slub.c	2011-03-27 14:31:47.000000000 -0400
-+++ linux-2.6.32.46/mm/slub.c	2011-09-24 08:36:34.000000000 -0400
++++ linux-2.6.32.46/mm/slub.c	2011-09-25 22:23:01.000000000 -0400
 @@ -201,7 +201,7 @@ struct track {
  
  enum track_item { TRACK_ALLOC, TRACK_FREE };
@@ -73258,7 +73260,39 @@ diff -urNp linux-2.6.32.46/mm/slub.c linux-2.6.32.46/mm/slub.c
  	.filter = uevent_filter,
  };
  
-@@ -4785,7 +4824,13 @@ static const struct file_operations proc
+@@ -4564,6 +4603,7 @@ static char *create_unique_id(struct kme
+ 	return name;
+ }
+ 
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *s)
+ {
+ 	int err;
+@@ -4619,6 +4659,7 @@ static void sysfs_slab_remove(struct kme
+ 	kobject_del(&s->kobj);
+ 	kobject_put(&s->kobj);
+ }
++#endif
+ 
+ /*
+  * Need to buffer aliases during bootup until sysfs becomes
+@@ -4632,6 +4673,7 @@ struct saved_alias {
+ 
+ static struct saved_alias *alias_list;
+ 
++#if defined(CONFIG_SLUB_DEBUG) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+ {
+ 	struct saved_alias *al;
+@@ -4654,6 +4696,7 @@ static int sysfs_slab_alias(struct kmem_
+ 	alias_list = al;
+ 	return 0;
+ }
++#endif
+ 
+ static int __init slab_sysfs_init(void)
+ {
+@@ -4785,7 +4828,13 @@ static const struct file_operations proc
  
  static int __init slab_proc_init(void)
  {
diff --git a/3.0.4/0000_README b/3.0.4/0000_README
index 6cdadcb..5afed8c 100644
--- a/3.0.4/0000_README
+++ b/3.0.4/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.2-3.0.4-201109240842.patch
+Patch:	4420_grsecurity-2.2.2-3.0.4-201109261052.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
index 5e86d2b..cce98cf 100644
--- a/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109240842.patch
+++ b/3.0.4/4420_grsecurity-2.2.2-3.0.4-201109261052.patch
@@ -51655,8 +51655,8 @@ diff -urNp linux-3.0.4/grsecurity/grsec_link.c linux-3.0.4/grsecurity/grsec_link
 +}
 diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
 --- linux-3.0.4/grsecurity/grsec_log.c	1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.4/grsecurity/grsec_log.c	2011-09-14 23:17:55.000000000 -0400
-@@ -0,0 +1,313 @@
++++ linux-3.0.4/grsecurity/grsec_log.c	2011-09-26 10:46:21.000000000 -0400
+@@ -0,0 +1,315 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/file.h>
@@ -51709,6 +51709,7 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
 +	char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
 +	char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
 +	char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++#if (CONFIG_GRKERNSEC_FLOODTIME > 0 && CONFIG_GRKERNSEC_FLOODBURST > 0)
 +	unsigned long curr_secs = get_seconds();
 +
 +	if (audit == GR_DO_AUDIT)
@@ -51717,18 +51718,19 @@ diff -urNp linux-3.0.4/grsecurity/grsec_log.c linux-3.0.4/grsecurity/grsec_log.c
 +	if (!grsec_alert_wtime || time_after(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
 +		grsec_alert_wtime = curr_secs;
 +		grsec_alert_fyet = 0;
-+	} else if (time_before(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)) {
-+		if (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST) {
-+			grsec_alert_fyet++;
-+		} else if (grsec_alert_fyet && grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
-+			grsec_alert_wtime = curr_secs;
-+			grsec_alert_fyet++;
-+			printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
-+			return FLOODING;
-+		}
-+	} else return FLOODING;
++	} else if (time_before_eq(curr_secs, grsec_alert_wtime + CONFIG_GRKERNSEC_FLOODTIME)
++		    && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
++		grsec_alert_fyet++;
++	} else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++		grsec_alert_wtime = curr_secs;
++		grsec_alert_fyet++;
++		printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++		return FLOODING;
++	}
++	else return FLOODING;
 +
 +set_fmt:
++#endif
 +	memset(buf, 0, PAGE_SIZE);
 +	if (current->signal->curr_ip && gr_acl_is_enabled()) {
 +		sprintf(fmt, "%s%s", loglevel, "grsec: From %pI4: (%.64s:%c:%.950s) ");
@@ -67506,7 +67508,7 @@ diff -urNp linux-3.0.4/mm/slob.c linux-3.0.4/mm/slob.c
  
 diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
 --- linux-3.0.4/mm/slub.c	2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.4/mm/slub.c	2011-09-24 08:37:26.000000000 -0400
++++ linux-3.0.4/mm/slub.c	2011-09-25 22:15:40.000000000 -0400
 @@ -200,7 +200,7 @@ struct track {
  
  enum track_item { TRACK_ALLOC, TRACK_FREE };
@@ -67699,7 +67701,39 @@ diff -urNp linux-3.0.4/mm/slub.c linux-3.0.4/mm/slub.c
  }
  SLAB_ATTR_RO(aliases);
  
-@@ -4894,7 +4935,13 @@ static const struct file_operations proc
+@@ -4662,6 +4703,7 @@ static char *create_unique_id(struct kme
+ 	return name;
+ }
+ 
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_add(struct kmem_cache *s)
+ {
+ 	int err;
+@@ -4724,6 +4766,7 @@ static void sysfs_slab_remove(struct kme
+ 	kobject_del(&s->kobj);
+ 	kobject_put(&s->kobj);
+ }
++#endif
+ 
+ /*
+  * Need to buffer aliases during bootup until sysfs becomes
+@@ -4737,6 +4780,7 @@ struct saved_alias {
+ 
+ static struct saved_alias *alias_list;
+ 
++#if defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+ {
+ 	struct saved_alias *al;
+@@ -4759,6 +4803,7 @@ static int sysfs_slab_alias(struct kmem_
+ 	alias_list = al;
+ 	return 0;
+ }
++#endif
+ 
+ static int __init slab_sysfs_init(void)
+ {
+@@ -4894,7 +4939,13 @@ static const struct file_operations proc
  
  static int __init slab_proc_init(void)
  {