Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/2.6.32
diff options
context:
space:
mode:
Diffstat (limited to '2.6.32')
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.2.0-2.6.32.16-201007112149.patch (renamed from 2.6.32/4420_grsecurity-2.2.0-2.6.32.16-201007101507.patch)87
2 files changed, 59 insertions, 30 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 699d6a1..a6f4e4a 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.2.0-2.6.32.16-201007101507.patch
+Patch: 4420_grsecurity-2.2.0-2.6.32.16-201007112149.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.2.0-2.6.32.16-201007101507.patch b/2.6.32/4420_grsecurity-2.2.0-2.6.32.16-201007112149.patch
index c3e929b..e9f38fe 100644
--- a/2.6.32/4420_grsecurity-2.2.0-2.6.32.16-201007101507.patch
+++ b/2.6.32/4420_grsecurity-2.2.0-2.6.32.16-201007112149.patch
@@ -9124,7 +9124,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess_64.h linux-2.6.32.16/arc
#endif /* _ASM_X86_UACCESS_64_H */
diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x86/include/asm/uaccess.h
--- linux-2.6.32.16/arch/x86/include/asm/uaccess.h 2010-07-05 14:14:00.000000000 -0400
-+++ linux-2.6.32.16/arch/x86/include/asm/uaccess.h 2010-07-09 14:50:35.000000000 -0400
++++ linux-2.6.32.16/arch/x86/include/asm/uaccess.h 2010-07-11 21:16:08.000000000 -0400
@@ -8,12 +8,15 @@
#include <linux/thread_info.h>
#include <linux/prefetch.h>
@@ -9189,9 +9189,22 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
/*
* The exception table consists of pairs of addresses: the first is the
-@@ -183,13 +217,21 @@ extern int __get_user_bad(void);
+@@ -179,17 +213,34 @@ extern int __get_user_bad(void);
+ __ret_gu; \
+ })
+
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#define __put_user_x(size, x, ptr, __ret_pu) \
++ ({ \
++ int __dummy; \
++ asm volatile("call __put_user_" #size : "=a" (__ret_pu), "=c" (__dummy) \
++ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx"); \
++ })
++#else
+ #define __put_user_x(size, x, ptr, __ret_pu) \
asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
: "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
++#endif
-
+#ifdef CONFIG_X86_32
@@ -9214,7 +9227,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
".section .fixup,\"ax\"\n" \
"4: movl %3,%0\n" \
" jmp 3b\n" \
-@@ -197,15 +239,18 @@ extern int __get_user_bad(void);
+@@ -197,15 +248,18 @@ extern int __get_user_bad(void);
_ASM_EXTABLE(1b, 4b) \
_ASM_EXTABLE(2b, 4b) \
: "=r" (err) \
@@ -9237,7 +9250,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
#define __put_user_x8(x, ptr, __ret_pu) \
asm volatile("call __put_user_8" : "=a" (__ret_pu) \
-@@ -374,16 +419,18 @@ do { \
+@@ -374,16 +428,18 @@ do { \
} while (0)
#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -9259,7 +9272,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
#define __get_user_size_ex(x, ptr, size) \
do { \
-@@ -407,10 +454,12 @@ do { \
+@@ -407,10 +463,12 @@ do { \
} while (0)
#define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
@@ -9274,7 +9287,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
#define __put_user_nocheck(x, ptr, size) \
({ \
-@@ -424,13 +473,24 @@ do { \
+@@ -424,13 +482,24 @@ do { \
int __gu_err; \
unsigned long __gu_val; \
__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
@@ -9301,7 +9314,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
/*
* Tell gcc we read from memory instead of writing: this is because
-@@ -438,21 +498,26 @@ struct __large_struct { unsigned long bu
+@@ -438,21 +507,26 @@ struct __large_struct { unsigned long bu
* aliasing issues.
*/
#define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -9332,7 +9345,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
/*
* uaccess_try and catch
-@@ -530,7 +595,7 @@ struct __large_struct { unsigned long bu
+@@ -530,7 +604,7 @@ struct __large_struct { unsigned long bu
#define get_user_ex(x, ptr) do { \
unsigned long __gue_val; \
__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
@@ -9341,7 +9354,7 @@ diff -urNp linux-2.6.32.16/arch/x86/include/asm/uaccess.h linux-2.6.32.16/arch/x
} while (0)
#ifdef CONFIG_X86_WP_WORKS_OK
-@@ -567,6 +632,7 @@ extern struct movsl_mask {
+@@ -567,6 +641,7 @@ extern struct movsl_mask {
#define ARCH_HAS_NOCACHE_UACCESS 1
@@ -15814,7 +15827,7 @@ diff -urNp linux-2.6.32.16/arch/x86/lib/mmx_32.c linux-2.6.32.16/arch/x86/lib/mm
to += 64;
diff -urNp linux-2.6.32.16/arch/x86/lib/putuser.S linux-2.6.32.16/arch/x86/lib/putuser.S
--- linux-2.6.32.16/arch/x86/lib/putuser.S 2010-07-05 14:14:00.000000000 -0400
-+++ linux-2.6.32.16/arch/x86/lib/putuser.S 2010-07-09 14:50:35.000000000 -0400
++++ linux-2.6.32.16/arch/x86/lib/putuser.S 2010-07-11 20:00:44.000000000 -0400
@@ -15,7 +15,8 @@
#include <asm/thread_info.h>
#include <asm/errno.h>
@@ -24114,34 +24127,50 @@ diff -urNp linux-2.6.32.16/drivers/char/virtio_console.c linux-2.6.32.16/drivers
/* The hvc device */
diff -urNp linux-2.6.32.16/drivers/char/vt_ioctl.c linux-2.6.32.16/drivers/char/vt_ioctl.c
--- linux-2.6.32.16/drivers/char/vt_ioctl.c 2010-07-05 14:14:00.000000000 -0400
-+++ linux-2.6.32.16/drivers/char/vt_ioctl.c 2010-07-09 14:50:36.000000000 -0400
-@@ -226,6 +226,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __
++++ linux-2.6.32.16/drivers/char/vt_ioctl.c 2010-07-11 12:11:58.000000000 -0400
+@@ -210,9 +210,6 @@ do_kdsk_ioctl(int cmd, struct kbentry __
+ if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
+ return -EFAULT;
+
+- if (!capable(CAP_SYS_TTY_CONFIG))
+- perm = 0;
+-
+ switch (cmd) {
+ case KDGKBENT:
+ key_map = key_maps[s];
+@@ -224,8 +221,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __
+ val = (i ? K_HOLE : K_NOSUCHMAP);
+ return put_user(val, &user_kbe->kb_value);
case KDSKBENT:
++ if (!capable(CAP_SYS_TTY_CONFIG))
++ perm = 0;
++
if (!perm)
return -EPERM;
+
-+#ifdef CONFIG_GRKERNSEC
-+ if (!capable(CAP_SYS_TTY_CONFIG))
-+ return -EPERM;
-+#endif
-+
if (!i && v == K_NOSUCHMAP) {
/* deallocate map */
key_map = key_maps[s];
-@@ -366,6 +372,13 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
- goto reterr;
- }
+@@ -325,9 +326,6 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
+ int i, j, k;
+ int ret;
-+#ifdef CONFIG_GRKERNSEC
-+ if (!capable(CAP_SYS_TTY_CONFIG)) {
-+ ret = -EPERM;
-+ goto reterr;
-+ }
-+#endif
+- if (!capable(CAP_SYS_TTY_CONFIG))
+- perm = 0;
+-
+ kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
+ if (!kbs) {
+ ret = -ENOMEM;
+@@ -361,6 +359,9 @@ do_kdgkb_ioctl(int cmd, struct kbsentry
+ kfree(kbs);
+ return ((p && *p) ? -EOVERFLOW : 0);
+ case KDSKBSENT:
++ if (!capable(CAP_SYS_TTY_CONFIG))
++ perm = 0;
+
- q = func_table[i];
- first_free = funcbufptr + (funcbufsize - funcbufleft);
- for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++)
+ if (!perm) {
+ ret = -EPERM;
+ goto reterr;
diff -urNp linux-2.6.32.16/drivers/cpufreq/cpufreq.c linux-2.6.32.16/drivers/cpufreq/cpufreq.c
--- linux-2.6.32.16/drivers/cpufreq/cpufreq.c 2010-07-05 14:14:00.000000000 -0400
+++ linux-2.6.32.16/drivers/cpufreq/cpufreq.c 2010-07-09 14:50:36.000000000 -0400