diff options
-rw-r--r-- | 2.6.32/0000_README | 14 | ||||
-rw-r--r-- | 2.6.32/1058_linux-2.6.32.59.patch | 404 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203181400.patch) | 175 | ||||
-rw-r--r-- | 3.2.12/0000_README (renamed from 3.2.11/0000_README) | 6 | ||||
-rw-r--r-- | 3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch (renamed from 3.2.11/4420_grsecurity-2.9-3.2.11-201203181401.patch) | 316 | ||||
-rw-r--r-- | 3.2.12/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.11/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4435_grsec-mute-warnings.patch (renamed from 3.2.11/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4440_grsec-remove-protected-paths.patch (renamed from 3.2.11/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4445_grsec-pax-without-grsec.patch (renamed from 3.2.11/4445_grsec-pax-without-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.11/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4455_grsec-kconfig-gentoo.patch (renamed from 3.2.11/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4460-grsec-kconfig-proc-user.patch (renamed from 3.2.11/4460-grsec-kconfig-proc-user.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.11/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.2.12/4470_disable-compat_vdso.patch (renamed from 3.2.11/4470_disable-compat_vdso.patch) | 0 |
14 files changed, 562 insertions, 353 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index ff587f9..0a02821 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -22,14 +22,18 @@ Patch: 1056_linux-2.6.32.57.patch From: http://www.kernel.org Desc: Linux 2.6.32.57 -Patch: 4420_grsecurity-2.9-2.6.32.59-201203181400.patch +Patch: 1057_linux-2.6.32.58.patch +From: http://www.kernel.org +Desc: Linux 2.6.32.58 + +Patch: 1058_linux-2.6.32.59.patch +From: http://www.kernel.org +Desc: Linux 2.6.32.59 + +Patch: 4420_grsecurity-2.9-2.6.32.59-201203201932.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity -Patch: 4425_grsec_enable_xtpax.patch -From: Anthony G. Basile <blueness@gentoo.org> -Desc: Unlock PAX_XATTR_PAX_FLAGS option - Patch: 4430_grsec-remove-localversion-grsec.patch From: Kerin Millar <kerframil@gmail.com> Desc: Removes grsecurity's localversion-grsec file diff --git a/2.6.32/1058_linux-2.6.32.59.patch b/2.6.32/1058_linux-2.6.32.59.patch new file mode 100644 index 0000000..9a17e49 --- /dev/null +++ b/2.6.32/1058_linux-2.6.32.59.patch @@ -0,0 +1,404 @@ +diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig +index 1ee596c..20fc9c5 100644 +--- a/arch/ia64/Kconfig ++++ b/arch/ia64/Kconfig +@@ -502,23 +502,6 @@ config ARCH_PROC_KCORE_TEXT + def_bool y + depends on PROC_KCORE + +-config IA32_SUPPORT +- bool "Support for Linux/x86 binaries" +- help +- IA-64 processors can execute IA-32 (X86) instructions. By +- saying Y here, the kernel will include IA-32 system call +- emulation support which makes it possible to transparently +- run IA-32 Linux binaries on an IA-64 Linux system. +- If in doubt, say Y. +- +-config COMPAT +- bool +- depends on IA32_SUPPORT +- default y +- +-config COMPAT_FOR_U64_ALIGNMENT +- def_bool COMPAT +- + config IA64_MCA_RECOVERY + tristate "MCA recovery from errors other than TLB." + +diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig +index 43c0aca..aca7fff 100644 +--- a/arch/s390/Kconfig ++++ b/arch/s390/Kconfig +@@ -188,6 +188,9 @@ config SYSVIPC_COMPAT + depends on COMPAT && SYSVIPC + default y + ++config KEYS_COMPAT ++ def_bool y if COMPAT && KEYS ++ + config AUDIT_ARCH + bool + default y +diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c +index 0b2573a..358e545 100644 +--- a/arch/s390/kernel/setup.c ++++ b/arch/s390/kernel/setup.c +@@ -57,6 +57,7 @@ + #include <asm/ptrace.h> + #include <asm/sections.h> + #include <asm/ebcdic.h> ++#include <asm/compat.h> + #include <asm/kvm_virtio.h> + + long psw_kernel_bits = (PSW_BASE_BITS | PSW_MASK_DAT | PSW_ASC_PRIMARY | +diff --git a/block/bsg.c b/block/bsg.c +index 7154a7a..e3e3241 100644 +--- a/block/bsg.c ++++ b/block/bsg.c +@@ -977,7 +977,8 @@ void bsg_unregister_queue(struct request_queue *q) + + mutex_lock(&bsg_mutex); + idr_remove(&bsg_minor_idr, bcd->minor); +- sysfs_remove_link(&q->kobj, "bsg"); ++ if (q->kobj.sd) ++ sysfs_remove_link(&q->kobj, "bsg"); + device_unregister(bcd->class_dev); + bcd->class_dev = NULL; + kref_put(&bcd->ref, bsg_kref_release_function); +diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c +index a2e8977..605d92e 100644 +--- a/drivers/block/xen-blkfront.c ++++ b/drivers/block/xen-blkfront.c +@@ -942,11 +942,11 @@ static void blkfront_closing(struct xenbus_device *dev) + /* Flush gnttab callback work. Must be done with no locks held. */ + flush_scheduled_work(); + ++ del_gendisk(info->gd); ++ + blk_cleanup_queue(info->rq); + info->rq = NULL; + +- del_gendisk(info->gd); +- + out: + xenbus_frontend_closed(dev); + } +diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c +index ca5ca5a..da33dce 100644 +--- a/drivers/net/usb/usbnet.c ++++ b/drivers/net/usb/usbnet.c +@@ -584,6 +584,7 @@ static int unlink_urbs (struct usbnet *dev, struct sk_buff_head *q) + entry = (struct skb_data *) skb->cb; + urb = entry->urb; + ++ spin_unlock_irqrestore(&q->lock, flags); + // during some PM-driven resume scenarios, + // these (async) unlinks complete immediately + retval = usb_unlink_urb (urb); +@@ -591,6 +592,7 @@ static int unlink_urbs (struct usbnet *dev, struct sk_buff_head *q) + devdbg (dev, "unlink urb err, %d", retval); + else + count++; ++ spin_lock_irqsave(&q->lock, flags); + } + spin_unlock_irqrestore (&q->lock, flags); + return count; +diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c +index 2a9f54a..1f6bb28 100644 +--- a/drivers/watchdog/hpwdt.c ++++ b/drivers/watchdog/hpwdt.c +@@ -220,7 +220,7 @@ static int __devinit cru_detect(unsigned long map_entry, + + cmn_regs.u1.reax = CRU_BIOS_SIGNATURE_VALUE; + +- set_memory_x((unsigned long)bios32_entrypoint, (2 * PAGE_SIZE)); ++ set_memory_x((unsigned long)bios32_map, 2); + asminline_call(&cmn_regs, bios32_entrypoint); + + if (cmn_regs.u1.ral != 0) { +@@ -239,7 +239,8 @@ static int __devinit cru_detect(unsigned long map_entry, + cru_rom_addr = + ioremap(cru_physical_address, cru_length); + if (cru_rom_addr) { +- set_memory_x((unsigned long)cru_rom_addr, cru_length); ++ set_memory_x((unsigned long)cru_rom_addr & PAGE_MASK, ++ (cru_length + PAGE_SIZE - 1) >> PAGE_SHIFT); + retval = 0; + } + } +diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c +index 1ed37ba..a64fde6 100644 +--- a/fs/binfmt_elf.c ++++ b/fs/binfmt_elf.c +@@ -1452,7 +1452,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, + for (i = 1; i < view->n; ++i) { + const struct user_regset *regset = &view->regsets[i]; + do_thread_regset_writeback(t->task, regset); +- if (regset->core_note_type && ++ if (regset->core_note_type && regset->get && + (!regset->active || regset->active(t->task, regset))) { + int ret; + size_t size = regset->n * regset->size; +diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c +index c3d6182..7c863b5 100644 +--- a/fs/cifs/dir.c ++++ b/fs/cifs/dir.c +@@ -691,10 +691,26 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry, + * If either that or op not supported returned, follow + * the normal lookup. + */ +- if ((rc == 0) || (rc == -ENOENT)) ++ switch (rc) { ++ case 0: ++ /* ++ * The server may allow us to open things like ++ * FIFOs, but the client isn't set up to deal ++ * with that. If it's not a regular file, just ++ * close it and proceed as if it were a normal ++ * lookup. ++ */ ++ if (newInode && !S_ISREG(newInode->i_mode)) { ++ CIFSSMBClose(xid, pTcon, fileHandle); ++ break; ++ } ++ case -ENOENT: + posix_open = true; +- else if ((rc == -EINVAL) || (rc != -EOPNOTSUPP)) ++ case -EOPNOTSUPP: ++ break; ++ default: + pTcon->broken_posix_open = true; ++ } + } + if (!posix_open) + rc = cifs_get_inode_info_unix(&newInode, full_path, +diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c +index 7a5f1ac..7e164bb 100644 +--- a/fs/ecryptfs/crypto.c ++++ b/fs/ecryptfs/crypto.c +@@ -1455,6 +1455,25 @@ static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat) + ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; + } + ++void ecryptfs_i_size_init(const char *page_virt, struct inode *inode) ++{ ++ struct ecryptfs_mount_crypt_stat *mount_crypt_stat; ++ struct ecryptfs_crypt_stat *crypt_stat; ++ u64 file_size; ++ ++ crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; ++ mount_crypt_stat = ++ &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat; ++ if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { ++ file_size = i_size_read(ecryptfs_inode_to_lower(inode)); ++ if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) ++ file_size += crypt_stat->num_header_bytes_at_front; ++ } else ++ file_size = get_unaligned_be64(page_virt); ++ i_size_write(inode, (loff_t)file_size); ++ crypt_stat->flags |= ECRYPTFS_I_SIZE_INITIALIZED; ++} ++ + /** + * ecryptfs_read_headers_virt + * @page_virt: The virtual address into which to read the headers +@@ -1485,6 +1504,8 @@ static int ecryptfs_read_headers_virt(char *page_virt, + rc = -EINVAL; + goto out; + } ++ if (!(crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED)) ++ ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode); + offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; + rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset), + &bytes_read); +diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h +index 542f625..9685315 100644 +--- a/fs/ecryptfs/ecryptfs_kernel.h ++++ b/fs/ecryptfs/ecryptfs_kernel.h +@@ -270,6 +270,7 @@ struct ecryptfs_crypt_stat { + #define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00001000 + #define ECRYPTFS_ENCFN_USE_FEK 0x00002000 + #define ECRYPTFS_UNLINK_SIGS 0x00004000 ++#define ECRYPTFS_I_SIZE_INITIALIZED 0x00008000 + u32 flags; + unsigned int file_version; + size_t iv_bytes; +@@ -619,6 +620,7 @@ struct ecryptfs_open_req { + int ecryptfs_interpose(struct dentry *hidden_dentry, + struct dentry *this_dentry, struct super_block *sb, + u32 flags); ++void ecryptfs_i_size_init(const char *page_virt, struct inode *inode); + int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry, + struct dentry *lower_dentry, + struct inode *ecryptfs_dir_inode, +diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c +index 3015389..502b09f 100644 +--- a/fs/ecryptfs/file.c ++++ b/fs/ecryptfs/file.c +@@ -237,7 +237,8 @@ static int ecryptfs_open(struct inode *inode, struct file *file) + goto out_free; + } + rc = 0; +- crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); ++ crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED ++ | ECRYPTFS_ENCRYPTED); + mutex_unlock(&crypt_stat->cs_mutex); + goto out; + } +diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c +index 4434e8f..90a6087 100644 +--- a/fs/ecryptfs/inode.c ++++ b/fs/ecryptfs/inode.c +@@ -256,10 +256,8 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry, + struct dentry *lower_dir_dentry; + struct vfsmount *lower_mnt; + struct inode *lower_inode; +- struct ecryptfs_mount_crypt_stat *mount_crypt_stat; + struct ecryptfs_crypt_stat *crypt_stat; + char *page_virt = NULL; +- u64 file_size; + int rc = 0; + + lower_dir_dentry = lower_dentry->d_parent; +@@ -334,18 +332,7 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry, + } + crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; + } +- mount_crypt_stat = &ecryptfs_superblock_to_private( +- ecryptfs_dentry->d_sb)->mount_crypt_stat; +- if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { +- if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) +- file_size = (crypt_stat->num_header_bytes_at_front +- + i_size_read(lower_dentry->d_inode)); +- else +- file_size = i_size_read(lower_dentry->d_inode); +- } else { +- file_size = get_unaligned_be64(page_virt); +- } +- i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size); ++ ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode); + out_free_kmem: + kmem_cache_free(ecryptfs_header_cache_2, page_virt); + goto out; +@@ -964,7 +951,8 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) + goto out; + } + rc = 0; +- crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); ++ crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED ++ | ECRYPTFS_ENCRYPTED); + } + } + mutex_unlock(&crypt_stat->cs_mutex); +diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h +index b449e73..61e43a6 100644 +--- a/include/linux/backing-dev.h ++++ b/include/linux/backing-dev.h +@@ -105,6 +105,7 @@ void bdi_start_writeback(struct backing_dev_info *bdi, struct super_block *sb, + long nr_pages); + int bdi_writeback_task(struct bdi_writeback *wb); + int bdi_has_dirty_io(struct backing_dev_info *bdi); ++void bdi_arm_supers_timer(void); + + extern spinlock_t bdi_lock; + extern struct list_head bdi_list; +diff --git a/include/linux/regset.h b/include/linux/regset.h +index 8abee65..686f373 100644 +--- a/include/linux/regset.h ++++ b/include/linux/regset.h +@@ -335,8 +335,11 @@ static inline int copy_regset_to_user(struct task_struct *target, + { + const struct user_regset *regset = &view->regsets[setno]; + ++ if (!regset->get) ++ return -EOPNOTSUPP; ++ + if (!access_ok(VERIFY_WRITE, data, size)) +- return -EIO; ++ return -EFAULT; + + return regset->get(target, regset, offset, size, NULL, data); + } +@@ -358,8 +361,11 @@ static inline int copy_regset_from_user(struct task_struct *target, + { + const struct user_regset *regset = &view->regsets[setno]; + ++ if (!regset->set) ++ return -EOPNOTSUPP; ++ + if (!access_ok(VERIFY_READ, data, size)) +- return -EIO; ++ return -EFAULT; + + return regset->set(target, regset, offset, size, NULL, data); + } +diff --git a/mm/backing-dev.c b/mm/backing-dev.c +index 67a33a5..d824401 100644 +--- a/mm/backing-dev.c ++++ b/mm/backing-dev.c +@@ -41,7 +41,6 @@ static struct timer_list sync_supers_timer; + + static int bdi_sync_supers(void *); + static void sync_supers_timer_fn(unsigned long); +-static void arm_supers_timer(void); + + static void bdi_add_default_flusher_task(struct backing_dev_info *bdi); + +@@ -242,7 +241,7 @@ static int __init default_bdi_init(void) + + init_timer(&sync_supers_timer); + setup_timer(&sync_supers_timer, sync_supers_timer_fn, 0); +- arm_supers_timer(); ++ bdi_arm_supers_timer(); + + err = bdi_init(&default_backing_dev_info); + if (!err) +@@ -364,10 +363,13 @@ static int bdi_sync_supers(void *unused) + return 0; + } + +-static void arm_supers_timer(void) ++void bdi_arm_supers_timer(void) + { + unsigned long next; + ++ if (!dirty_writeback_interval) ++ return; ++ + next = msecs_to_jiffies(dirty_writeback_interval * 10) + jiffies; + mod_timer(&sync_supers_timer, round_jiffies_up(next)); + } +@@ -375,7 +377,7 @@ static void arm_supers_timer(void) + static void sync_supers_timer_fn(unsigned long unused) + { + wake_up_process(sync_supers_tsk); +- arm_supers_timer(); ++ bdi_arm_supers_timer(); + } + + static int bdi_forker_task(void *ptr) +@@ -418,7 +420,10 @@ static int bdi_forker_task(void *ptr) + + spin_unlock_bh(&bdi_lock); + wait = msecs_to_jiffies(dirty_writeback_interval * 10); +- schedule_timeout(wait); ++ if (wait) ++ schedule_timeout(wait); ++ else ++ schedule(); + try_to_freeze(); + continue; + } +diff --git a/mm/page-writeback.c b/mm/page-writeback.c +index 2c5d792..52f71ae 100644 +--- a/mm/page-writeback.c ++++ b/mm/page-writeback.c +@@ -694,6 +694,7 @@ int dirty_writeback_centisecs_handler(ctl_table *table, int write, + void __user *buffer, size_t *length, loff_t *ppos) + { + proc_dointvec(table, write, buffer, length, ppos); ++ bdi_arm_supers_timer(); + return 0; + } + diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203181400.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch index 2e58a75..64b036f 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203181400.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch @@ -13536,7 +13536,7 @@ index 61c5874..8a046e9 100644 # include "uaccess_32.h" #else diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 632fb44..2a195ea 100644 +index 632fb44..bb15d3f 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -12,15 +12,15 @@ @@ -13726,10 +13726,10 @@ index 632fb44..2a195ea 100644 - unsigned long n); long __must_check strncpy_from_user(char *dst, const char __user *src, - long count); -+ unsigned long count) __size_overflow(3); ++ unsigned long count); long __must_check __strncpy_from_user(char *dst, - const char __user *src, long count); -+ const char __user *src, unsigned long count) __size_overflow(3); ++ const char __user *src, unsigned long count); /** * strlen_user: - Get the size of a string in user space. @@ -13746,7 +13746,7 @@ index 632fb44..2a195ea 100644 #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index db24b21..d0d2413 100644 +index db24b21..7cd829e 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -9,6 +9,9 @@ @@ -14061,14 +14061,14 @@ index db24b21..d0d2413 100644 __must_check long -strncpy_from_user(char *dst, const char __user *src, long count); -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); ++strncpy_from_user(char *dst, const char __user *src, unsigned long count); __must_check long -__strncpy_from_user(char *dst, const char __user *src, long count); -__must_check long strnlen_user(const char __user *str, long n); -__must_check long __strnlen_user(const char __user *str, long n); -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); -+__must_check long strnlen_user(const char __user *str, unsigned long n) __size_overflow(2); -+__must_check long __strnlen_user(const char __user *str, unsigned long n) __size_overflow(2); ++__strncpy_from_user(char *dst, const char __user *src, unsigned long count); ++__must_check long strnlen_user(const char __user *str, unsigned long n); ++__must_check long __strnlen_user(const char __user *str, unsigned long n); __must_check long strlen_user(const char __user *str); -__must_check unsigned long clear_user(void __user *mem, unsigned long len); -__must_check unsigned long __clear_user(void __user *mem, unsigned long len); @@ -64979,7 +64979,7 @@ index 0133b5a..3710d09 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index a64fde6..66794b9 100644 +index a64fde6..b6699eb 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ @@ -65628,7 +65628,7 @@ index a64fde6..66794b9 100644 +#ifdef CONFIG_PAX_RANDMMAP + if (current->mm->pax_flags & MF_PAX_RANDMMAP) -+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4); ++ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); +#endif + /* Calling set_brk effectively mmaps the pages that we need @@ -74908,10 +74908,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..dc4812b +index 0000000..d785922 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4148 @@ +@@ -0,0 +1,4117 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -76370,40 +76370,28 @@ index 0000000..dc4812b + num_sprole_pws = arg->num_sprole_pws; + acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *)); + -+ if (!acl_special_roles) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!acl_special_roles && num_sprole_pws) ++ return -ENOMEM; + + for (i = 0; i < num_sprole_pws; i++) { + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw)); -+ if (!sptmp) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!sptmp) ++ return -ENOMEM; + if (copy_from_user(sptmp, arg->sprole_pws + i, -+ sizeof (struct sprole_pw))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct sprole_pw))) ++ return -EFAULT; + -+ len = -+ strnlen_user(sptmp->rolename, GR_SPROLE_LEN); ++ len = strnlen_user(sptmp->rolename, GR_SPROLE_LEN); + -+ if (!len || len >= GR_SPROLE_LEN) { -+ err = -EINVAL; -+ goto cleanup; -+ } ++ if (!len || len >= GR_SPROLE_LEN) ++ return -EINVAL; + -+ if ((tmp = (char *) acl_alloc(len)) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if ((tmp = (char *) acl_alloc(len)) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(tmp, sptmp->rolename, len)) ++ return -EFAULT; + -+ if (copy_from_user(tmp, sptmp->rolename, len)) { -+ err = -EFAULT; -+ goto cleanup; -+ } + tmp[len-1] = '\0'; +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG + printk(KERN_ALERT "Copying special role %s\n", tmp); @@ -76417,38 +76405,28 @@ index 0000000..dc4812b + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) { + r_tmp = acl_alloc(sizeof (struct acl_role_label)); + -+ if (!r_tmp) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!r_tmp) ++ return -ENOMEM; + + if (copy_from_user(&r_utmp2, r_utmp + r_num, -+ sizeof (struct acl_role_label *))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct acl_role_label *))) ++ return -EFAULT; + + if (copy_from_user(r_tmp, r_utmp2, -+ sizeof (struct acl_role_label))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct acl_role_label))) ++ return -EFAULT; + + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN); + -+ if (!len || len >= PATH_MAX) { -+ err = -EINVAL; -+ goto cleanup; -+ } ++ if (!len || len >= PATH_MAX) ++ return -EINVAL; ++ ++ if ((tmp = (char *) acl_alloc(len)) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(tmp, r_tmp->rolename, len)) ++ return -EFAULT; + -+ if ((tmp = (char *) acl_alloc(len)) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(tmp, r_tmp->rolename, len)) { -+ err = -EFAULT; -+ goto cleanup; -+ } + tmp[len-1] = '\0'; + r_tmp->rolename = tmp; + @@ -76459,14 +76437,11 @@ index 0000000..dc4812b + kernel_role = r_tmp; + } + -+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) ++ return -EFAULT; + + r_tmp->hash = ghash; + @@ -76477,32 +76452,28 @@ index 0000000..dc4812b + (struct acl_subject_label **) + create_table(&(r_tmp->subj_hash_size), sizeof(void *)); + -+ if (!r_tmp->subj_hash) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!r_tmp->subj_hash) ++ return -ENOMEM; + + err = copy_user_allowedips(r_tmp); + if (err) -+ goto cleanup; ++ return err; + + /* copy domain info */ + if (r_tmp->domain_children != NULL) { + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t)); -+ if (domainlist == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ if (domainlist == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) ++ return -EFAULT; ++ + r_tmp->domain_children = domainlist; + } + + err = copy_user_transitions(r_tmp); + if (err) -+ goto cleanup; ++ return err; + + memset(r_tmp->subj_hash, 0, + r_tmp->subj_hash_size * @@ -76511,7 +76482,7 @@ index 0000000..dc4812b + err = copy_user_subjs(r_tmp->hash->first, r_tmp); + + if (err) -+ goto cleanup; ++ return err; + + /* set nested subject list to null */ + r_tmp->hash->first = NULL; @@ -76519,12 +76490,10 @@ index 0000000..dc4812b + insert_acl_role_label(r_tmp); + } + -+ goto return_err; -+ cleanup: -+ free_variables(); -+ return_err: -+ return err; ++ if (default_role == NULL || kernel_role == NULL) ++ return -EINVAL; + ++ return err; +} + +static int @@ -84521,7 +84490,7 @@ index e2bd73e..fea8ed3 100644 #endif /* _ASM_GENERIC_PGTABLE_H */ diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h -index b218b85..f0ac13a 100644 +index b218b85..62dbfdc 100644 --- a/include/asm-generic/uaccess.h +++ b/include/asm-generic/uaccess.h @@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long); @@ -84566,33 +84535,15 @@ index b218b85..f0ac13a 100644 static inline long copy_to_user(void __user *to, const void *from, unsigned long n) { -@@ -265,6 +272,8 @@ static inline long copy_to_user(void __user *to, - */ - #ifndef __strncpy_from_user - static inline long -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); -+static inline long - __strncpy_from_user(char *dst, const char __user *src, long count) - { - char *tmp; -@@ -276,6 +285,8 @@ __strncpy_from_user(char *dst, const char __user *src, long count) +@@ -276,6 +283,7 @@ __strncpy_from_user(char *dst, const char __user *src, long count) #endif static inline long -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); +static inline long strncpy_from_user(char *dst, const char __user *src, long count) { if (!access_ok(VERIFY_READ, src, 1)) -@@ -289,6 +300,7 @@ strncpy_from_user(char *dst, const char __user *src, long count) - * Return 0 on exception, a value greater than N if too long - */ - #ifndef strnlen_user -+static inline long strnlen_user(const char __user *src, unsigned long n) __size_overflow(2); - static inline long strnlen_user(const char __user *src, long n) - { - if (!access_ok(VERIFY_READ, src, 1)) -@@ -307,6 +319,8 @@ static inline long strlen_user(const char __user *src) +@@ -307,6 +315,8 @@ static inline long strlen_user(const char __user *src) */ #ifndef __clear_user static inline __must_check unsigned long @@ -84601,7 +84552,7 @@ index b218b85..f0ac13a 100644 __clear_user(void __user *to, unsigned long n) { memset((void __force *)to, 0, n); -@@ -315,6 +329,8 @@ __clear_user(void __user *to, unsigned long n) +@@ -315,6 +325,8 @@ __clear_user(void __user *to, unsigned long n) #endif static inline __must_check unsigned long diff --git a/3.2.11/0000_README b/3.2.12/0000_README index e078ec7..106e032 100644 --- a/3.2.11/0000_README +++ b/3.2.12/0000_README @@ -2,14 +2,10 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.2.11-201203181401.patch +Patch: 4420_grsecurity-2.9-3.2.12-201203201932.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity -Patch: 4425_grsec_enable_xtpax.patch -From: Anthony G. Basile <blueness@gentoo.org> -Desc: Unlock PAX_XATTR_PAX_FLAGS option - Patch: 4430_grsec-remove-localversion-grsec.patch From: Kerin Millar <kerframil@gmail.com> Desc: Removes grsecurity's localversion-grsec file diff --git a/3.2.11/4420_grsecurity-2.9-3.2.11-201203181401.patch b/3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch index 4c91dcc..2ecba26 100644 --- a/3.2.11/4420_grsecurity-2.9-3.2.11-201203181401.patch +++ b/3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch @@ -195,7 +195,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 4b76371..b091a81 100644 +index 15e80f1..4fb87db 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4643,18 +4643,9 @@ index f92602e..27060b2 100644 config SPARC64 def_bool 64BIT diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile -index ad1fb5d..b117d90 100644 +index eddcfb3..b117d90 100644 --- a/arch/sparc/Makefile +++ b/arch/sparc/Makefile -@@ -31,7 +31,7 @@ UTS_MACHINE := sparc - - #KBUILD_CFLAGS += -g -pipe -fcall-used-g5 -fcall-used-g7 - KBUILD_CFLAGS += -m32 -pipe -mno-fpu -fcall-used-g5 -fcall-used-g7 --KBUILD_AFLAGS += -m32 -+KBUILD_AFLAGS += -m32 -Wa,-Av8 - - #LDFLAGS_vmlinux = -N -Ttext 0xf0004000 - # Since 2.5.40, the first stage is left not btfix-ed. @@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc/oprofile/ # Export what is needed by arch/sparc/boot/Makefile export VMLINUX_INIT VMLINUX_MAIN @@ -12308,7 +12299,7 @@ index 36361bf..324f262 100644 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 566e803..4414921 100644 +index 566e803..dfa5535 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -11,15 +11,15 @@ @@ -12524,10 +12515,10 @@ index 566e803..4414921 100644 long __must_check strncpy_from_user(char *dst, const char __user *src, - long count); -+ unsigned long count) __size_overflow(3); ++ unsigned long count); long __must_check __strncpy_from_user(char *dst, - const char __user *src, long count); -+ const char __user *src, unsigned long count) __size_overflow(3); ++ const char __user *src, unsigned long count); /** * strlen_user: - Get the size of a string in user space. @@ -12544,7 +12535,7 @@ index 566e803..4414921 100644 #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..2582764 100644 +index 1c66d30..8a44920 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -12909,12 +12900,12 @@ index 1c66d30..2582764 100644 __must_check long -strncpy_from_user(char *dst, const char __user *src, long count); -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); ++strncpy_from_user(char *dst, const char __user *src, unsigned long count); __must_check long -__strncpy_from_user(char *dst, const char __user *src, long count); -__must_check long strnlen_user(const char __user *str, long n); -__must_check long __strnlen_user(const char __user *str, long n); -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); ++__strncpy_from_user(char *dst, const char __user *src, unsigned long count); +__must_check long strnlen_user(const char __user *str, unsigned long n); +__must_check long __strnlen_user(const char __user *str, unsigned long n); __must_check long strlen_user(const char __user *str); @@ -21560,22 +21551,6 @@ index 459b58a..9570bc7 100644 len, isum, NULL, errp); } EXPORT_SYMBOL(csum_partial_copy_to_user); -diff --git a/arch/x86/lib/delay.c b/arch/x86/lib/delay.c -index fc45ba8..e395693 100644 ---- a/arch/x86/lib/delay.c -+++ b/arch/x86/lib/delay.c -@@ -48,9 +48,9 @@ static void delay_loop(unsigned long loops) - } - - /* TSC based delay: */ --static void delay_tsc(unsigned long loops) -+static void delay_tsc(unsigned long __loops) - { -- unsigned long bclock, now; -+ u32 bclock, now, loops = __loops; - int cpu; - - preempt_disable(); diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S index 51f1504..ddac4c1 100644 --- a/arch/x86/lib/getuser.S @@ -33022,7 +32997,7 @@ index a3bd163..8956575 100644 typedef struct _diva_os_xdi_adapter { struct list_head link; diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c -index 2339d73..802ab87 100644 +index 2339d73..802ab87a 100644 --- a/drivers/isdn/i4l/isdn_net.c +++ b/drivers/isdn/i4l/isdn_net.c @@ -1901,7 +1901,7 @@ static int isdn_net_header(struct sk_buff *skb, struct net_device *dev, @@ -35220,7 +35195,7 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index c8f47f1..5da9840 100644 +index 0cf2351..56c4cef 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -698,17 +698,17 @@ struct rtl8169_private { @@ -35273,7 +35248,7 @@ index 41e6b33..8e89b0f 100644 /* To mask all all interrupts.*/ diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index edfa15d..002bfa9 100644 +index 486b404..0d6677d 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) @@ -36146,7 +36121,7 @@ index 76ba8a1..20ca857 100644 /* initialize our int15 lock */ diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index 1cfbf22..be96487 100644 +index 24f049e..051f66e 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ @@ -37924,7 +37899,7 @@ index ed147c4..94fc3c6 100644 /* core tmem accessor functions */ diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 0c1d5c73..88e90a8 100644 +index 03d3528..6bbe82f 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c @@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) @@ -37968,7 +37943,7 @@ index 6845228..df77141 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index e4ddb93..2fc6e0f 100644 +index cdb774b..8753593 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba( @@ -38010,7 +37985,7 @@ index e4ddb93..2fc6e0f 100644 cmd->t_task_list_num) atomic_set(&cmd->t_transport_sent, 1); -@@ -4296,7 +4296,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) +@@ -4297,7 +4297,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || @@ -38019,7 +37994,7 @@ index e4ddb93..2fc6e0f 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); return false; } -@@ -4545,7 +4545,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +@@ -4546,7 +4546,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -38028,7 +38003,7 @@ index e4ddb93..2fc6e0f 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4582,7 +4582,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4583,7 +4583,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) != 0) { @@ -42059,7 +42034,7 @@ index 79e2ca7..5828ad1 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index 67e4b90..86cb1d5 100644 +index b9d64d8..86cb1d5 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -119,7 +119,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -42071,69 +42046,7 @@ index 67e4b90..86cb1d5 100644 return -EINVAL; nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); -@@ -228,12 +228,6 @@ static void __put_ioctx(struct kioctx *ctx) - call_rcu(&ctx->rcu_head, ctx_rcu_free); - } - --static inline void get_ioctx(struct kioctx *kioctx) --{ -- BUG_ON(atomic_read(&kioctx->users) <= 0); -- atomic_inc(&kioctx->users); --} -- - static inline int try_get_ioctx(struct kioctx *kioctx) - { - return atomic_inc_not_zero(&kioctx->users); -@@ -273,7 +267,7 @@ static struct kioctx *ioctx_alloc(unsigned nr_events) - mm = ctx->mm = current->mm; - atomic_inc(&mm->mm_count); - -- atomic_set(&ctx->users, 1); -+ atomic_set(&ctx->users, 2); - spin_lock_init(&ctx->ctx_lock); - spin_lock_init(&ctx->ring_info.ring_lock); - init_waitqueue_head(&ctx->wait); -@@ -609,11 +603,16 @@ static void aio_fput_routine(struct work_struct *data) - fput(req->ki_filp); - - /* Link the iocb into the context's free list */ -+ rcu_read_lock(); - spin_lock_irq(&ctx->ctx_lock); - really_put_req(ctx, req); -+ /* -+ * at that point ctx might've been killed, but actual -+ * freeing is RCU'd -+ */ - spin_unlock_irq(&ctx->ctx_lock); -+ rcu_read_unlock(); - -- put_ioctx(ctx); - spin_lock_irq(&fput_lock); - } - spin_unlock_irq(&fput_lock); -@@ -644,7 +643,6 @@ static int __aio_put_req(struct kioctx *ctx, struct kiocb *req) - * this function will be executed w/out any aio kthread wakeup. - */ - if (unlikely(!fput_atomic(req->ki_filp))) { -- get_ioctx(ctx); - spin_lock(&fput_lock); - list_add(&req->ki_list, &fput_head); - spin_unlock(&fput_lock); -@@ -1338,10 +1336,10 @@ SYSCALL_DEFINE2(io_setup, unsigned, nr_events, aio_context_t __user *, ctxp) - ret = PTR_ERR(ioctx); - if (!IS_ERR(ioctx)) { - ret = put_user(ioctx->user_id, ctxp); -- if (!ret) -+ if (!ret) { -+ put_ioctx(ioctx); - return 0; -- -- get_ioctx(ioctx); /* io_destroy() expects us to hold a ref */ -+ } - io_destroy(ioctx); - } - -@@ -1463,22 +1461,27 @@ static ssize_t aio_fsync(struct kiocb *iocb) +@@ -1461,22 +1461,27 @@ static ssize_t aio_fsync(struct kiocb *iocb) static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) { ssize_t ret; @@ -42306,7 +42219,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 6ff96c6..dbf63ee 100644 +index 6ff96c6..b5fb43a 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42946,7 +42859,7 @@ index 6ff96c6..dbf63ee 100644 +#ifdef CONFIG_PAX_RANDMMAP + if (current->mm->pax_flags & MF_PAX_RANDMMAP) -+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4); ++ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); +#endif + /* Calling set_brk effectively mmaps the pages that we need @@ -43226,7 +43139,7 @@ index b1fe82c..84da0a9 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index b07f1da..9efcb92 100644 +index abe9b48..5df59e8 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -681,7 +681,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, @@ -46930,7 +46843,7 @@ index 637694b..f84a121 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 744e942..a19f203 100644 +index 9680cef..a19f203 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask) @@ -47091,12 +47004,10 @@ index 744e942..a19f203 100644 audit_inode(pathname, dir); goto ok; } -@@ -2139,7 +2206,17 @@ static struct file *do_last(struct nameidata *nd, struct path *path, - /* sayonara */ +@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) -- return ERR_PTR(-ECHILD); -+ return ERR_PTR(error); + return ERR_PTR(error); +#ifdef CONFIG_GRKERNSEC + if (nd->flags & LOOKUP_RCU) { + error = -ECHILD; @@ -47152,15 +47063,6 @@ index 744e942..a19f203 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); -@@ -2238,7 +2336,7 @@ static struct file *do_last(struct nameidata *nd, struct path *path, - /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ - error = complete_walk(nd); - if (error) -- goto exit; -+ return ERR_PTR(error); - error = -EISDIR; - if (S_ISDIR(nd->inode->i_mode)) - goto exit; @@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path *path = nd.path; return dentry; @@ -51054,10 +50956,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..2733872 +index 0000000..19b3cba --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4163 @@ +@@ -0,0 +1,4133 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -51990,6 +51892,7 @@ index 0000000..2733872 + + /* release the reference to the real root dentry and vfsmount */ + path_put(&real_root); ++ memset(&real_root, 0, sizeof(real_root)); + + /* free all object hash tables */ + @@ -52513,40 +52416,28 @@ index 0000000..2733872 + num_sprole_pws = arg->num_sprole_pws; + acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *)); + -+ if (!acl_special_roles) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!acl_special_roles && num_sprole_pws) ++ return -ENOMEM; + + for (i = 0; i < num_sprole_pws; i++) { + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw)); -+ if (!sptmp) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!sptmp) ++ return -ENOMEM; + if (copy_from_user(sptmp, arg->sprole_pws + i, -+ sizeof (struct sprole_pw))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct sprole_pw))) ++ return -EFAULT; + -+ len = -+ strnlen_user(sptmp->rolename, GR_SPROLE_LEN); ++ len = strnlen_user(sptmp->rolename, GR_SPROLE_LEN); + -+ if (!len || len >= GR_SPROLE_LEN) { -+ err = -EINVAL; -+ goto cleanup; -+ } ++ if (!len || len >= GR_SPROLE_LEN) ++ return -EINVAL; + -+ if ((tmp = (char *) acl_alloc(len)) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if ((tmp = (char *) acl_alloc(len)) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(tmp, sptmp->rolename, len)) ++ return -EFAULT; + -+ if (copy_from_user(tmp, sptmp->rolename, len)) { -+ err = -EFAULT; -+ goto cleanup; -+ } + tmp[len-1] = '\0'; +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG + printk(KERN_ALERT "Copying special role %s\n", tmp); @@ -52560,38 +52451,28 @@ index 0000000..2733872 + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) { + r_tmp = acl_alloc(sizeof (struct acl_role_label)); + -+ if (!r_tmp) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!r_tmp) ++ return -ENOMEM; + + if (copy_from_user(&r_utmp2, r_utmp + r_num, -+ sizeof (struct acl_role_label *))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct acl_role_label *))) ++ return -EFAULT; + + if (copy_from_user(r_tmp, r_utmp2, -+ sizeof (struct acl_role_label))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct acl_role_label))) ++ return -EFAULT; + + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN); + -+ if (!len || len >= PATH_MAX) { -+ err = -EINVAL; -+ goto cleanup; -+ } ++ if (!len || len >= PATH_MAX) ++ return -EINVAL; ++ ++ if ((tmp = (char *) acl_alloc(len)) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(tmp, r_tmp->rolename, len)) ++ return -EFAULT; + -+ if ((tmp = (char *) acl_alloc(len)) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(tmp, r_tmp->rolename, len)) { -+ err = -EFAULT; -+ goto cleanup; -+ } + tmp[len-1] = '\0'; + r_tmp->rolename = tmp; + @@ -52602,14 +52483,11 @@ index 0000000..2733872 + kernel_role = r_tmp; + } + -+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) ++ return -EFAULT; + + r_tmp->hash = ghash; + @@ -52620,32 +52498,28 @@ index 0000000..2733872 + (struct acl_subject_label **) + create_table(&(r_tmp->subj_hash_size), sizeof(void *)); + -+ if (!r_tmp->subj_hash) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!r_tmp->subj_hash) ++ return -ENOMEM; + + err = copy_user_allowedips(r_tmp); + if (err) -+ goto cleanup; ++ return err; + + /* copy domain info */ + if (r_tmp->domain_children != NULL) { + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t)); -+ if (domainlist == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ if (domainlist == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) ++ return -EFAULT; ++ + r_tmp->domain_children = domainlist; + } + + err = copy_user_transitions(r_tmp); + if (err) -+ goto cleanup; ++ return err; + + memset(r_tmp->subj_hash, 0, + r_tmp->subj_hash_size * @@ -52654,7 +52528,7 @@ index 0000000..2733872 + err = copy_user_subjs(r_tmp->hash->first, r_tmp); + + if (err) -+ goto cleanup; ++ return err; + + /* set nested subject list to null */ + r_tmp->hash->first = NULL; @@ -52662,12 +52536,10 @@ index 0000000..2733872 + insert_acl_role_label(r_tmp); + } + -+ goto return_err; -+ cleanup: -+ free_variables(); -+ return_err: -+ return err; ++ if (default_role == NULL || kernel_role == NULL) ++ return -EINVAL; + ++ return err; +} + +static int @@ -60376,7 +60248,7 @@ index 76bff2b..c7a14e2 100644 #endif /* _ASM_GENERIC_PGTABLE_H */ diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h -index ac68c99..b495b0a 100644 +index ac68c99..90d3439 100644 --- a/include/asm-generic/uaccess.h +++ b/include/asm-generic/uaccess.h @@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long); @@ -60421,25 +60293,7 @@ index ac68c99..b495b0a 100644 static inline long copy_to_user(void __user *to, const void *from, unsigned long n) { -@@ -265,6 +272,8 @@ static inline long copy_to_user(void __user *to, - */ - #ifndef __strncpy_from_user - static inline long -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); -+static inline long - __strncpy_from_user(char *dst, const char __user *src, long count) - { - char *tmp; -@@ -276,6 +285,8 @@ __strncpy_from_user(char *dst, const char __user *src, long count) - #endif - - static inline long -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); -+static inline long - strncpy_from_user(char *dst, const char __user *src, long count) - { - if (!access_ok(VERIFY_READ, src, 1)) -@@ -309,6 +320,8 @@ static inline long strlen_user(const char __user *src) +@@ -309,6 +316,8 @@ static inline long strlen_user(const char __user *src) */ #ifndef __clear_user static inline __must_check unsigned long @@ -60448,7 +60302,7 @@ index ac68c99..b495b0a 100644 __clear_user(void __user *to, unsigned long n) { memset((void __force *)to, 0, n); -@@ -317,6 +330,8 @@ __clear_user(void __user *to, unsigned long n) +@@ -317,6 +326,8 @@ __clear_user(void __user *to, unsigned long n) #endif static inline __must_check unsigned long @@ -61229,7 +61083,7 @@ index c3da42d..c70e0df 100644 int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index 6d18f35..ab71e2c 100644 +index c6f7f6a..aa0f7d3 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -185,7 +185,7 @@ struct gendisk { @@ -63758,7 +63612,7 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index fe86488..1563c1c 100644 +index 6cf8b53..bcce844 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -642,7 +642,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) @@ -63788,7 +63642,7 @@ index fe86488..1563c1c 100644 } /** -@@ -1523,7 +1523,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1533,7 +1533,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -75147,10 +75001,10 @@ index 17b5b1c..826d872 100644 } } diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c -index a5f4e57..910ee6d 100644 +index 8eb6b15..e3db7ab 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c -@@ -1485,7 +1485,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, +@@ -1488,7 +1488,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, nexthdr = ip6h->nexthdr; offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr); @@ -76586,10 +76440,10 @@ index 5a65eea..bd913a1 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 836c4ea..cbb74dc 100644 +index a5521c5..984a2f4 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2149,7 +2149,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2153,7 +2153,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; diff --git a/3.2.11/4430_grsec-remove-localversion-grsec.patch b/3.2.12/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.11/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.12/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.11/4435_grsec-mute-warnings.patch b/3.2.12/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.2.11/4435_grsec-mute-warnings.patch +++ b/3.2.12/4435_grsec-mute-warnings.patch diff --git a/3.2.11/4440_grsec-remove-protected-paths.patch b/3.2.12/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.2.11/4440_grsec-remove-protected-paths.patch +++ b/3.2.12/4440_grsec-remove-protected-paths.patch diff --git a/3.2.11/4445_grsec-pax-without-grsec.patch b/3.2.12/4445_grsec-pax-without-grsec.patch index 58301c0..58301c0 100644 --- a/3.2.11/4445_grsec-pax-without-grsec.patch +++ b/3.2.12/4445_grsec-pax-without-grsec.patch diff --git a/3.2.11/4450_grsec-kconfig-default-gids.patch b/3.2.12/4450_grsec-kconfig-default-gids.patch index 123f877..123f877 100644 --- a/3.2.11/4450_grsec-kconfig-default-gids.patch +++ b/3.2.12/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.11/4455_grsec-kconfig-gentoo.patch b/3.2.12/4455_grsec-kconfig-gentoo.patch index 587b7d9..587b7d9 100644 --- a/3.2.11/4455_grsec-kconfig-gentoo.patch +++ b/3.2.12/4455_grsec-kconfig-gentoo.patch diff --git a/3.2.11/4460-grsec-kconfig-proc-user.patch b/3.2.12/4460-grsec-kconfig-proc-user.patch index 2261051..2261051 100644 --- a/3.2.11/4460-grsec-kconfig-proc-user.patch +++ b/3.2.12/4460-grsec-kconfig-proc-user.patch diff --git a/3.2.11/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch index af8b7b8..af8b7b8 100644 --- a/3.2.11/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.11/4470_disable-compat_vdso.patch b/3.2.12/4470_disable-compat_vdso.patch index 4742d01..4742d01 100644 --- a/3.2.11/4470_disable-compat_vdso.patch +++ b/3.2.12/4470_disable-compat_vdso.patch |