6 files changed, 130 insertions, 58 deletions

diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 0a02821..078f367 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -30,7 +30,7 @@ Patch:	1058_linux-2.6.32.59.patch
 From:	http://www.kernel.org
 Desc:	Linux 2.6.32.59
 
-Patch:	4420_grsecurity-2.9-2.6.32.59-201203201932.patch
+Patch:	4420_grsecurity-2.9-2.6.32.59-201203212033.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203212033.patch
index 64b036f..0b63ac0 100644
--- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203201932.patch
+++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203212033.patch
@@ -22651,7 +22651,7 @@ index e6d925f..8cdd779 100644
  	.disabled_by_bios = vmx_disabled_by_bios,
  	.hardware_setup = hardware_setup,
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index df1cefb..ff86cc2 100644
+index df1cefb..31447ca 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
 @@ -82,7 +82,7 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu);
@@ -22728,23 +22728,19 @@ index df1cefb..ff86cc2 100644
  		return -EINVAL;
  	if (irqchip_in_kernel(vcpu->kvm))
  		return -ENXIO;
-@@ -2764,7 +2774,14 @@ int emulator_write_emulated(unsigned long addr,
- }
- EXPORT_SYMBOL_GPL(emulator_write_emulated);
- 
--static int emulator_cmpxchg_emulated(unsigned long addr,
-+static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
-+				     unsigned long addr,
-+				     const void *old,
-+				     const void *new,
-+				     unsigned int bytes,
-+				     struct kvm_vcpu *vcpu) __size_overflow(5);
-+static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
-+				     unsigned long addr,
+@@ -2768,6 +2778,11 @@ static int emulator_cmpxchg_emulated(unsigned long addr,
  				     const void *old,
  				     const void *new,
  				     unsigned int bytes,
-@@ -3260,10 +3277,10 @@ static struct notifier_block kvmclock_cpufreq_notifier_block = {
++				     struct kvm_vcpu *vcpu) __size_overflow(5);
++static int emulator_cmpxchg_emulated(unsigned long addr,
++				     const void *old,
++				     const void *new,
++				     unsigned int bytes,
+ 				     struct kvm_vcpu *vcpu)
+ {
+ 	printk_once(KERN_WARNING "kvm: emulating exchange as write\n");
+@@ -3260,10 +3275,10 @@ static struct notifier_block kvmclock_cpufreq_notifier_block = {
          .notifier_call  = kvmclock_cpufreq_notifier
  };
  
@@ -74908,10 +74904,10 @@ index 0000000..1b9afa9
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..d785922
+index 0000000..d881a39
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4117 @@
+@@ -0,0 +1,4156 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -75566,22 +75562,60 @@ index 0000000..d785922
 +	unsigned int index =
 +	    rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
 +	struct acl_role_label **curr;
-+	struct acl_role_label *tmp;
++	struct acl_role_label *tmp, *tmp2;
 +
 +	curr = &acl_role_set.r_hash[index];
 +
-+	/* if role was already inserted due to domains and already has
-+	   a role in the same bucket as it attached, then we need to
-+	   combine these two buckets
-+	*/
-+	if (role->next) {
-+		tmp = role->next;
-+		while (tmp->next)
++	/* simple case, slot is empty, just set it to our role */
++	if (*curr == NULL) {
++		*curr = role;
++	} else {
++		/* example:
++		   1 -> 2 -> 3 (adding 2 -> 3 to here)
++		   2 -> 3
++		*/
++		/* first check to see if we can already be reached via this slot */
++		tmp = *curr;
++		while (tmp && tmp != role)
 +			tmp = tmp->next;
-+		tmp->next = *curr;
-+	} else
-+		role->next = *curr;
-+	*curr = role;
++		if (tmp == role) {
++			/* we don't need to add ourselves to this slot's chain */
++			return;
++		}
++		/* we need to add ourselves to this chain, two cases */
++		if (role->next == NULL) {
++			/* simple case, append the current chain to our role */
++			role->next = *curr;
++			*curr = role;
++		} else {
++			/* 1 -> 2 -> 3 -> 4
++			   2 -> 3 -> 4
++			   3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here)
++			*/			   
++			/* trickier case: walk our role's chain until we find
++			   the role for the start of the current slot's chain */
++			tmp = role;
++			tmp2 = *curr;
++			while (tmp->next && tmp->next != tmp2)
++				tmp = tmp->next;
++			if (tmp->next == tmp2) {
++				/* from example above, we found 3, so just
++				   replace this slot's chain with ours */
++				*curr = role;
++			} else {
++				/* we didn't find a subset of our role's chain
++				   in the current slot's chain, so append their
++				   chain to ours, and set us as the first role in
++				   the slot's chain
++
++				   we could fold this case with the case above,
++				   but making it explicit for clarity
++				*/
++				tmp->next = tmp2;
++				*curr = role;
++			}
++		}
++	}
 +
 +	return;
 +}
@@ -75910,6 +75944,7 @@ index 0000000..d785922
 +	memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
 +
 +	default_role = NULL;
++	kernel_role = NULL;
 +	role_list = NULL;
 +
 +	return;
@@ -84490,7 +84525,7 @@ index e2bd73e..fea8ed3 100644
  
  #endif /* _ASM_GENERIC_PGTABLE_H */
 diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
-index b218b85..62dbfdc 100644
+index b218b85..043ee5b 100644
 --- a/include/asm-generic/uaccess.h
 +++ b/include/asm-generic/uaccess.h
 @@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long);
@@ -84535,15 +84570,7 @@ index b218b85..62dbfdc 100644
  static inline long copy_to_user(void __user *to,
  		const void *from, unsigned long n)
  {
-@@ -276,6 +283,7 @@ __strncpy_from_user(char *dst, const char __user *src, long count)
- #endif
- 
- static inline long
-+static inline long
- strncpy_from_user(char *dst, const char __user *src, long count)
- {
- 	if (!access_ok(VERIFY_READ, src, 1))
-@@ -307,6 +315,8 @@ static inline long strlen_user(const char __user *src)
+@@ -307,6 +314,8 @@ static inline long strlen_user(const char __user *src)
   */
  #ifndef __clear_user
  static inline __must_check unsigned long
@@ -84552,7 +84579,7 @@ index b218b85..62dbfdc 100644
  __clear_user(void __user *to, unsigned long n)
  {
  	memset((void __force *)to, 0, n);
-@@ -315,6 +325,8 @@ __clear_user(void __user *to, unsigned long n)
+@@ -315,6 +324,8 @@ __clear_user(void __user *to, unsigned long n)
  #endif
  
  static inline __must_check unsigned long
diff --git a/2.6.32/4455_grsec-kconfig-gentoo.patch b/2.6.32/4455_grsec-kconfig-gentoo.patch
index b7e7322..495638e 100644
--- a/2.6.32/4455_grsec-kconfig-gentoo.patch
+++ b/2.6.32/4455_grsec-kconfig-gentoo.patch
@@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_LOW
  	bool "Low"
-@@ -192,6 +192,259 @@
+@@ -192,6 +192,262 @@
  	  - Restricted sysfs/debugfs
  	  - Active kernel exploit response
  
@@ -67,6 +67,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_AUDIT_MOUNT
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
++	select GRKERNSEC_PTRACE_READEXEC
 +	select GRKERNSEC_SETXID
 +	select GRKERNSEC_VM86 if (X86_32)
 +	select GRKERNSEC_IO
@@ -152,6 +153,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_AUDIT_MOUNT
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
++       select GRKERNSEC_PTRACE_READEXEC
 +	select GRKERNSEC_SETXID
 +	select GRKERNSEC_VM86 if (X86_32)
 +	select GRKERNSEC_PROC_IPADDR
@@ -236,6 +238,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_AUDIT_MOUNT
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
++       select GRKERNSEC_PTRACE_READEXEC
 +	select GRKERNSEC_SETXID
 +	select GRKERNSEC_VM86 if (X86_32)
 +	select GRKERNSEC_PROC_IPADDR
diff --git a/3.2.12/0000_README b/3.2.12/0000_README
index 106e032..4e91c4e 100644
--- a/3.2.12/0000_README
+++ b/3.2.12/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.9-3.2.12-201203201932.patch
+Patch:	4420_grsecurity-2.9-3.2.12-201203212033.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch b/3.2.12/4420_grsecurity-2.9-3.2.12-201203212033.patch
index 2ecba26..adc602d 100644
--- a/3.2.12/4420_grsecurity-2.9-3.2.12-201203201932.patch
+++ b/3.2.12/4420_grsecurity-2.9-3.2.12-201203212033.patch
@@ -50956,10 +50956,10 @@ index 0000000..1b9afa9
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..19b3cba
+index 0000000..2d9c682
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4133 @@
+@@ -0,0 +1,4172 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -51619,22 +51619,60 @@ index 0000000..19b3cba
 +	unsigned int index =
 +	    rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
 +	struct acl_role_label **curr;
-+	struct acl_role_label *tmp;
++	struct acl_role_label *tmp, *tmp2;
 +
 +	curr = &acl_role_set.r_hash[index];
 +
-+	/* if role was already inserted due to domains and already has
-+	   a role in the same bucket as it attached, then we need to
-+	   combine these two buckets
-+	*/
-+	if (role->next) {
-+		tmp = role->next;
-+		while (tmp->next)
++	/* simple case, slot is empty, just set it to our role */
++	if (*curr == NULL) {
++		*curr = role;
++	} else {
++		/* example:
++		   1 -> 2 -> 3 (adding 2 -> 3 to here)
++		   2 -> 3
++		*/
++		/* first check to see if we can already be reached via this slot */
++		tmp = *curr;
++		while (tmp && tmp != role)
 +			tmp = tmp->next;
-+		tmp->next = *curr;
-+	} else
-+		role->next = *curr;
-+	*curr = role;
++		if (tmp == role) {
++			/* we don't need to add ourselves to this slot's chain */
++			return;
++		}
++		/* we need to add ourselves to this chain, two cases */
++		if (role->next == NULL) {
++			/* simple case, append the current chain to our role */
++			role->next = *curr;
++			*curr = role;
++		} else {
++			/* 1 -> 2 -> 3 -> 4
++			   2 -> 3 -> 4
++			   3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here)
++			*/			   
++			/* trickier case: walk our role's chain until we find
++			   the role for the start of the current slot's chain */
++			tmp = role;
++			tmp2 = *curr;
++			while (tmp->next && tmp->next != tmp2)
++				tmp = tmp->next;
++			if (tmp->next == tmp2) {
++				/* from example above, we found 3, so just
++				   replace this slot's chain with ours */
++				*curr = role;
++			} else {
++				/* we didn't find a subset of our role's chain
++				   in the current slot's chain, so append their
++				   chain to ours, and set us as the first role in
++				   the slot's chain
++
++				   we could fold this case with the case above,
++				   but making it explicit for clarity
++				*/
++				tmp->next = tmp2;
++				*curr = role;
++			}
++		}
++	}
 +
 +	return;
 +}
@@ -51956,6 +51994,7 @@ index 0000000..19b3cba
 +	memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
 +
 +	default_role = NULL;
++	kernel_role = NULL;
 +	role_list = NULL;
 +
 +	return;
diff --git a/3.2.12/4455_grsec-kconfig-gentoo.patch b/3.2.12/4455_grsec-kconfig-gentoo.patch
index 587b7d9..ef59341 100644
--- a/3.2.12/4455_grsec-kconfig-gentoo.patch
+++ b/3.2.12/4455_grsec-kconfig-gentoo.patch
@@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_LOW
  	bool "Low"
-@@ -192,6 +192,259 @@
+@@ -192,6 +192,262 @@
  	  - Restricted sysfs/debugfs
  	  - Active kernel exploit response
  
@@ -67,6 +67,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_AUDIT_MOUNT
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
++	select GRKERNSEC_PTRACE_READEXEC
 +	select GRKERNSEC_SETXID
 +	select GRKERNSEC_VM86 if (X86_32)
 +	select GRKERNSEC_IO
@@ -152,6 +153,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_AUDIT_MOUNT
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
++       select GRKERNSEC_PTRACE_READEXEC
 +	select GRKERNSEC_SETXID
 +	select GRKERNSEC_VM86 if (X86_32)
 +	select GRKERNSEC_PROC_IPADDR
@@ -236,6 +238,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 +	select GRKERNSEC_AUDIT_MOUNT
 +	select GRKERNSEC_MODHARDEN if (MODULES)
 +	select GRKERNSEC_HARDEN_PTRACE
++       select GRKERNSEC_PTRACE_READEXEC
 +	select GRKERNSEC_SETXID
 +	select GRKERNSEC_VM86 if (X86_32)
 +	select GRKERNSEC_PROC_IPADDR