diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2011-08-26 10:02:58 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2011-08-26 10:02:58 +0000 |
commit | efcd7ef99b94fa79dd054e99cba9175eaa557fb1 (patch) | |
tree | d7ed0a4268e1af2e1c6518167593d11f6a95b22b /main/linux-grsec | |
parent | d7cd11cbe56f55cf7adfb73f3041b7a87c7dab4d (diff) | |
download | aports-efcd7ef99b94fa79dd054e99cba9175eaa557fb1.tar.bz2 aports-efcd7ef99b94fa79dd054e99cba9175eaa557fb1.tar.xz |
main/linux-grsec: upgrade to grsecurity-2.2.2-3.0.3-201108251825
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.2-3.0.3-201108251825.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.3-201108241901.patch) | 408 |
2 files changed, 263 insertions, 151 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 985985988d..60813e21fe 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.0.3 _kernver=3.0 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 - grsecurity-2.2.2-3.0.3-201108241901.patch + grsecurity-2.2.2-3.0.3-201108251825.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -138,7 +138,7 @@ dev() { md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2 1757786b9a9ffbd48ad9642199ff5bd7 patch-3.0.3.bz2 -9709493d471fc64e342345c1bb5b082b grsecurity-2.2.2-3.0.3-201108241901.patch +dbf71c02960bdb9e047ed6ccd61e108e grsecurity-2.2.2-3.0.3-201108251825.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 406e62e430cee7ba3bb37be341d9ff3e kernelconfig.x86 6957efc9f017c59b05aa0a2e4167255e kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108241901.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108251825.patch index a30bf0fd50..04ec669e61 100644 --- a/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108241901.patch +++ b/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108251825.patch @@ -5603,7 +5603,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32_aout.c linux-3.0.3/arch/x86/ia32/ia32_ has_dumped = 1; diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32entry.S --- linux-3.0.3/arch/x86/ia32/ia32entry.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/arch/x86/ia32/ia32entry.S 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.3/arch/x86/ia32/ia32entry.S 2011-08-25 17:36:37.000000000 -0400 @@ -13,6 +13,7 @@ #include <asm/thread_info.h> #include <asm/segment.h> @@ -5612,7 +5612,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e #include <linux/linkage.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ -@@ -95,6 +96,32 @@ ENTRY(native_irq_enable_sysexit) +@@ -95,6 +96,29 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif @@ -5631,9 +5631,6 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e + call pax_randomize_kstack + popq %rax +#endif -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ call pax_erase_kstack -+#endif + .endm + + .macro pax_erase_kstack @@ -5645,7 +5642,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e /* * 32bit SYSENTER instruction entry. * -@@ -121,7 +148,7 @@ ENTRY(ia32_sysenter_target) +@@ -121,7 +145,7 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -5654,7 +5651,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e /* * No need to follow this irqs on/off section: the syscall * disabled irqs, here we enable it straight after entry: -@@ -134,7 +161,8 @@ ENTRY(ia32_sysenter_target) +@@ -134,7 +158,8 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ @@ -5664,7 +5661,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e CFI_REGISTER rip,r10 pushq_cfi $__USER32_CS /*CFI_REL_OFFSET cs,0*/ -@@ -146,6 +174,12 @@ ENTRY(ia32_sysenter_target) +@@ -146,6 +171,12 @@ ENTRY(ia32_sysenter_target) SAVE_ARGS 0,0,1 /* no need to do an access_ok check here because rbp has been 32bit zero extended */ @@ -5677,15 +5674,16 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e 1: movl (%rbp),%ebp .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -168,6 +202,7 @@ sysenter_dispatch: +@@ -168,6 +199,8 @@ sysenter_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysexit_audit sysexit_from_sys_call: + pax_exit_kernel_user ++ pax_erase_kstack andl $~TS_COMPAT,TI_status(%r10) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) -@@ -194,6 +229,9 @@ sysexit_from_sys_call: +@@ -194,6 +227,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ call audit_syscall_entry @@ -5695,7 +5693,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -246,6 +284,9 @@ sysenter_tracesys: +@@ -246,6 +282,9 @@ sysenter_tracesys: movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -5705,7 +5703,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -277,19 +318,24 @@ ENDPROC(ia32_sysenter_target) +@@ -277,19 +316,24 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -5732,7 +5730,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -305,6 +351,12 @@ ENTRY(ia32_cstar_target) +@@ -305,6 +349,12 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -5745,15 +5743,16 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e 1: movl (%r8),%r9d .section __ex_table,"a" .quad 1b,ia32_badarg -@@ -327,6 +379,7 @@ cstar_dispatch: +@@ -327,6 +377,8 @@ cstar_dispatch: testl $_TIF_ALLWORK_MASK,TI_flags(%r10) jnz sysretl_audit sysretl_from_sys_call: + pax_exit_kernel_user ++ pax_erase_kstack andl $~TS_COMPAT,TI_status(%r10) RESTORE_ARGS 1,-ARG_SKIP,1,1,1 movl RIP-ARGOFFSET(%rsp),%ecx -@@ -364,6 +417,9 @@ cstar_tracesys: +@@ -364,6 +416,9 @@ cstar_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -5763,7 +5762,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ RESTORE_REST xchgl %ebp,%r9d -@@ -409,6 +465,7 @@ ENTRY(ia32_syscall) +@@ -409,6 +464,7 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -5771,7 +5770,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e /* * No need to follow this irqs on/off section: the syscall * disabled irqs and here we enable it straight after entry: -@@ -441,6 +498,9 @@ ia32_tracesys: +@@ -441,6 +497,9 @@ ia32_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -11740,7 +11739,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_32.S linux-3.0.3/arch/x86/kernel/en CFI_ADJUST_CFA_OFFSET -24 diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/entry_64.S --- linux-3.0.3/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/arch/x86/kernel/entry_64.S 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.3/arch/x86/kernel/entry_64.S 2011-08-25 17:38:59.000000000 -0400 @@ -53,6 +53,7 @@ #include <asm/paravirt.h> #include <asm/ftrace.h> @@ -11749,7 +11748,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -176,6 +177,259 @@ ENTRY(native_usergs_sysret64) +@@ -176,6 +177,262 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -11846,9 +11845,6 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en + call pax_randomize_kstack + pop %rax +#endif -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+ call pax_erase_kstack -+#endif + .endm + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -11994,6 +11990,12 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en +2: cld + mov %esp, %ecx + sub %edi, %ecx ++ ++ cmp $THREAD_SIZE_asm, %rcx ++ jb 3f ++ ud2 ++3: ++ + shr $3, %ecx + rep stosq + @@ -12009,7 +12011,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -318,7 +572,7 @@ ENTRY(save_args) +@@ -318,7 +575,7 @@ ENTRY(save_args) leaq -RBP+8(%rsp),%rdi /* arg1 for handler */ movq_cfi rbp, 8 /* push %rbp */ leaq 8(%rsp), %rbp /* mov %rsp, %ebp */ @@ -12018,7 +12020,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en je 1f SWAPGS /* -@@ -409,7 +663,7 @@ ENTRY(ret_from_fork) +@@ -409,7 +666,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -12027,7 +12029,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en je int_ret_from_sys_call testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -455,7 +709,7 @@ END(ret_from_fork) +@@ -455,7 +712,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -12036,7 +12038,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -468,12 +722,13 @@ ENTRY(system_call_after_swapgs) +@@ -468,12 +725,13 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -12051,15 +12053,16 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -502,6 +757,7 @@ sysret_check: +@@ -502,6 +760,8 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE + pax_exit_kernel_user ++ pax_erase_kstack /* * sysretq will re-enable interrupts: */ -@@ -560,6 +816,9 @@ auditsys: +@@ -560,6 +820,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call audit_syscall_entry @@ -12069,7 +12072,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -590,6 +849,9 @@ tracesys: +@@ -590,6 +853,9 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -12079,7 +12082,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en /* * Reload arg registers from stack in case ptrace changed them. * We don't reload %rax because syscall_trace_enter() returned -@@ -611,7 +873,7 @@ tracesys: +@@ -611,7 +877,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -12088,7 +12091,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -793,6 +1055,16 @@ END(interrupt) +@@ -793,6 +1059,16 @@ END(interrupt) CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP call save_args PARTIAL_FRAME 0 @@ -12105,7 +12108,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en call \func .endm -@@ -825,7 +1097,7 @@ ret_from_intr: +@@ -825,7 +1101,7 @@ ret_from_intr: CFI_ADJUST_CFA_OFFSET -8 exit_intr: GET_THREAD_INFO(%rcx) @@ -12114,11 +12117,12 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en je retint_kernel /* Interrupt came from user space */ -@@ -847,12 +1119,14 @@ retint_swapgs: /* return to user-space +@@ -847,12 +1123,15 @@ retint_swapgs: /* return to user-space * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) + pax_exit_kernel_user ++ pax_erase_kstack TRACE_IRQS_IRETQ SWAPGS jmp restore_args @@ -12129,7 +12133,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en /* * The iretq could re-enable interrupts: */ -@@ -1027,6 +1301,16 @@ ENTRY(\sym) +@@ -1027,6 +1306,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12146,7 +12150,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1044,6 +1328,16 @@ ENTRY(\sym) +@@ -1044,6 +1333,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12163,7 +12167,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ call \do_sym -@@ -1052,7 +1346,7 @@ ENTRY(\sym) +@@ -1052,7 +1351,7 @@ ENTRY(\sym) END(\sym) .endm @@ -12172,7 +12176,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1062,8 +1356,24 @@ ENTRY(\sym) +@@ -1062,8 +1361,24 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -12197,7 +12201,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) call \do_sym addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist) -@@ -1080,6 +1390,16 @@ ENTRY(\sym) +@@ -1080,6 +1395,16 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -12214,7 +12218,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1099,6 +1419,16 @@ ENTRY(\sym) +@@ -1099,6 +1424,16 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -12231,7 +12235,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en movq %rsp,%rdi /* pt_regs pointer */ movq ORIG_RAX(%rsp),%rsi /* get error code */ movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */ -@@ -1361,14 +1691,27 @@ ENTRY(paranoid_exit) +@@ -1361,14 +1696,27 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -12260,7 +12264,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en TRACE_IRQS_IRETQ 0 RESTORE_ALL 8 jmp irq_return -@@ -1426,7 +1769,7 @@ ENTRY(error_entry) +@@ -1426,7 +1774,7 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -12269,7 +12273,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en je error_kernelspace error_swapgs: SWAPGS -@@ -1490,6 +1833,16 @@ ENTRY(nmi) +@@ -1490,6 +1838,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -12286,7 +12290,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1500,11 +1853,25 @@ ENTRY(nmi) +@@ -1500,11 +1858,25 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -35002,7 +35006,18 @@ diff -urNp linux-3.0.3/fs/ceph/dir.c linux-3.0.3/fs/ceph/dir.c struct ceph_mds_reply_info_parsed *rinfo; diff -urNp linux-3.0.3/fs/cifs/cifs_debug.c linux-3.0.3/fs/cifs/cifs_debug.c --- linux-3.0.3/fs/cifs/cifs_debug.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/fs/cifs/cifs_debug.c 2011-08-23 21:47:56.000000000 -0400 ++++ linux-3.0.3/fs/cifs/cifs_debug.c 2011-08-25 17:18:05.000000000 -0400 +@@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(str + + if (c == '1' || c == 'y' || c == 'Y' || c == '0') { + #ifdef CONFIG_CIFS_STATS2 +- atomic_set(&totBufAllocCount, 0); +- atomic_set(&totSmBufAllocCount, 0); ++ atomic_set_unchecked(&totBufAllocCount, 0); ++ atomic_set_unchecked(&totSmBufAllocCount, 0); + #endif /* CONFIG_CIFS_STATS2 */ + spin_lock(&cifs_tcp_ses_lock); + list_for_each(tmp1, &cifs_tcp_ses_list) { @@ -279,25 +279,25 @@ static ssize_t cifs_stats_proc_write(str tcon = list_entry(tmp3, struct cifs_tcon, @@ -35048,6 +35063,17 @@ diff -urNp linux-3.0.3/fs/cifs/cifs_debug.c linux-3.0.3/fs/cifs/cifs_debug.c } } } +@@ -327,8 +327,8 @@ static int cifs_stats_proc_show(struct s + smBufAllocCount.counter, cifs_min_small); + #ifdef CONFIG_CIFS_STATS2 + seq_printf(m, "Total Large %d Small %d Allocations\n", +- atomic_read(&totBufAllocCount), +- atomic_read(&totSmBufAllocCount)); ++ atomic_read_unchecked(&totBufAllocCount), ++ atomic_read_unchecked(&totSmBufAllocCount)); + #endif /* CONFIG_CIFS_STATS2 */ + + seq_printf(m, "Operations (MIDs): %d\n", atomic_read(&midCount)); @@ -357,41 +357,41 @@ static int cifs_stats_proc_show(struct s if (tcon->need_reconnect) seq_puts(m, "\tDISCONNECTED "); @@ -35110,9 +35136,41 @@ diff -urNp linux-3.0.3/fs/cifs/cifs_debug.c linux-3.0.3/fs/cifs/cifs_debug.c } } } +diff -urNp linux-3.0.3/fs/cifs/cifsfs.c linux-3.0.3/fs/cifs/cifsfs.c +--- linux-3.0.3/fs/cifs/cifsfs.c 2011-08-23 21:44:40.000000000 -0400 ++++ linux-3.0.3/fs/cifs/cifsfs.c 2011-08-25 17:18:05.000000000 -0400 +@@ -994,7 +994,7 @@ cifs_init_request_bufs(void) + cifs_req_cachep = kmem_cache_create("cifs_request", + CIFSMaxBufSize + + MAX_CIFS_HDR_SIZE, 0, +- SLAB_HWCACHE_ALIGN, NULL); ++ SLAB_HWCACHE_ALIGN | SLAB_USERCOPY, NULL); + if (cifs_req_cachep == NULL) + return -ENOMEM; + +@@ -1021,7 +1021,7 @@ cifs_init_request_bufs(void) + efficient to alloc 1 per page off the slab compared to 17K (5page) + alloc of large cifs buffers even when page debugging is on */ + cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", +- MAX_CIFS_SMALL_BUFFER_SIZE, 0, SLAB_HWCACHE_ALIGN, ++ MAX_CIFS_SMALL_BUFFER_SIZE, 0, SLAB_HWCACHE_ALIGN | SLAB_USERCOPY, + NULL); + if (cifs_sm_req_cachep == NULL) { + mempool_destroy(cifs_req_poolp); +@@ -1106,8 +1106,8 @@ init_cifs(void) + atomic_set(&bufAllocCount, 0); + atomic_set(&smBufAllocCount, 0); + #ifdef CONFIG_CIFS_STATS2 +- atomic_set(&totBufAllocCount, 0); +- atomic_set(&totSmBufAllocCount, 0); ++ atomic_set_unchecked(&totBufAllocCount, 0); ++ atomic_set_unchecked(&totSmBufAllocCount, 0); + #endif /* CONFIG_CIFS_STATS2 */ + + atomic_set(&midCount, 0); diff -urNp linux-3.0.3/fs/cifs/cifsglob.h linux-3.0.3/fs/cifs/cifsglob.h --- linux-3.0.3/fs/cifs/cifsglob.h 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/fs/cifs/cifsglob.h 2011-08-23 21:47:56.000000000 -0400 ++++ linux-3.0.3/fs/cifs/cifsglob.h 2011-08-25 17:18:05.000000000 -0400 @@ -381,28 +381,28 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; @@ -35173,6 +35231,17 @@ diff -urNp linux-3.0.3/fs/cifs/cifsglob.h linux-3.0.3/fs/cifs/cifsglob.h static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) +@@ -911,8 +911,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnect + /* Various Debug counters */ + GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ + #ifdef CONFIG_CIFS_STATS2 +-GLOBAL_EXTERN atomic_t totBufAllocCount; /* total allocated over all time */ +-GLOBAL_EXTERN atomic_t totSmBufAllocCount; ++GLOBAL_EXTERN atomic_unchecked_t totBufAllocCount; /* total allocated over all time */ ++GLOBAL_EXTERN atomic_unchecked_t totSmBufAllocCount; + #endif + GLOBAL_EXTERN atomic_t smBufAllocCount; + GLOBAL_EXTERN atomic_t midCount; diff -urNp linux-3.0.3/fs/cifs/link.c linux-3.0.3/fs/cifs/link.c --- linux-3.0.3/fs/cifs/link.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.3/fs/cifs/link.c 2011-08-23 21:47:56.000000000 -0400 @@ -35185,6 +35254,27 @@ diff -urNp linux-3.0.3/fs/cifs/link.c linux-3.0.3/fs/cifs/link.c if (!IS_ERR(p)) kfree(p); } +diff -urNp linux-3.0.3/fs/cifs/misc.c linux-3.0.3/fs/cifs/misc.c +--- linux-3.0.3/fs/cifs/misc.c 2011-07-21 22:17:23.000000000 -0400 ++++ linux-3.0.3/fs/cifs/misc.c 2011-08-25 17:18:05.000000000 -0400 +@@ -156,7 +156,7 @@ cifs_buf_get(void) + memset(ret_buf, 0, sizeof(struct smb_hdr) + 3); + atomic_inc(&bufAllocCount); + #ifdef CONFIG_CIFS_STATS2 +- atomic_inc(&totBufAllocCount); ++ atomic_inc_unchecked(&totBufAllocCount); + #endif /* CONFIG_CIFS_STATS2 */ + } + +@@ -191,7 +191,7 @@ cifs_small_buf_get(void) + /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/ + atomic_inc(&smBufAllocCount); + #ifdef CONFIG_CIFS_STATS2 +- atomic_inc(&totSmBufAllocCount); ++ atomic_inc_unchecked(&totSmBufAllocCount); + #endif /* CONFIG_CIFS_STATS2 */ + + } diff -urNp linux-3.0.3/fs/coda/cache.c linux-3.0.3/fs/coda/cache.c --- linux-3.0.3/fs/coda/cache.c 2011-07-21 22:17:23.000000000 -0400 +++ linux-3.0.3/fs/coda/cache.c 2011-08-23 21:47:56.000000000 -0400 @@ -35457,7 +35547,7 @@ diff -urNp linux-3.0.3/fs/ecryptfs/miscdev.c linux-3.0.3/fs/ecryptfs/miscdev.c if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c --- linux-3.0.3/fs/exec.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/fs/exec.c 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.3/fs/exec.c 2011-08-25 17:26:58.000000000 -0400 @@ -55,12 +55,24 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> @@ -35680,7 +35770,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1428,6 +1445,11 @@ static int do_execve_common(const char * +@@ -1428,11 +1445,35 @@ static int do_execve_common(const char * struct user_arg_ptr envp, struct pt_regs *regs) { @@ -35692,7 +35782,31 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1464,6 +1486,23 @@ static int do_execve_common(const char * + bool clear_in_exec; + int retval; ++ const struct cred *cred = current_cred(); ++ ++ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1); ++ ++ /* ++ * We move the actual failure in case of RLIMIT_NPROC excess from ++ * set*uid() to execve() because too many poorly written programs ++ * don't check setuid() return code. Here we additionally recheck ++ * whether NPROC limit is still exceeded. ++ */ ++ if ((current->flags & PF_NPROC_EXCEEDED) && ++ atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) { ++ retval = -EAGAIN; ++ goto out_ret; ++ } ++ ++ /* We're below the limit (still or again), so we don't want to make ++ * further execve() calls fail. */ ++ current->flags &= ~PF_NPROC_EXCEEDED; + + retval = unshare_files(&displaced); + if (retval) +@@ -1464,6 +1505,16 @@ static int do_execve_common(const char * bprm->filename = filename; bprm->interp = filename; @@ -35701,13 +35815,6 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c + goto out_file; + } + -+ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->cred->user->processes), 1); -+ -+ if (gr_handle_nproc()) { -+ retval = -EAGAIN; -+ goto out_file; -+ } -+ + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) { + retval = -EACCES; + goto out_file; @@ -35716,7 +35823,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1493,9 +1532,40 @@ static int do_execve_common(const char * +@@ -1493,9 +1544,40 @@ static int do_execve_common(const char * if (retval < 0) goto out; @@ -35758,7 +35865,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c /* execve succeeded */ current->fs->in_exec = 0; -@@ -1506,6 +1576,14 @@ static int do_execve_common(const char * +@@ -1506,6 +1588,14 @@ static int do_execve_common(const char * put_files_struct(displaced); return retval; @@ -35773,7 +35880,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1579,7 +1657,7 @@ static int expand_corename(struct core_n +@@ -1579,7 +1669,7 @@ static int expand_corename(struct core_n { char *old_corename = cn->corename; @@ -35782,7 +35889,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1667,7 +1745,7 @@ static int format_corename(struct core_n +@@ -1667,7 +1757,7 @@ static int format_corename(struct core_n int pid_in_pattern = 0; int err = 0; @@ -35791,7 +35898,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1758,6 +1836,219 @@ out: +@@ -1758,6 +1848,219 @@ out: return ispipe; } @@ -36011,7 +36118,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -1969,17 +2260,17 @@ static void wait_for_dump_helpers(struct +@@ -1969,17 +2272,17 @@ static void wait_for_dump_helpers(struct pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -36034,7 +36141,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c pipe_unlock(pipe); } -@@ -2040,7 +2331,7 @@ void do_coredump(long signr, int exit_co +@@ -2040,7 +2343,7 @@ void do_coredump(long signr, int exit_co int retval = 0; int flag = 0; int ispipe; @@ -36043,7 +36150,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2055,6 +2346,9 @@ void do_coredump(long signr, int exit_co +@@ -2055,6 +2358,9 @@ void do_coredump(long signr, int exit_co audit_core_dumps(signr); @@ -36053,7 +36160,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2095,6 +2389,8 @@ void do_coredump(long signr, int exit_co +@@ -2095,6 +2401,8 @@ void do_coredump(long signr, int exit_co goto fail_corename; } @@ -36062,7 +36169,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c if (ispipe) { int dump_count; char **helper_argv; -@@ -2122,7 +2418,7 @@ void do_coredump(long signr, int exit_co +@@ -2122,7 +2430,7 @@ void do_coredump(long signr, int exit_co } cprm.limit = RLIM_INFINITY; @@ -36071,7 +36178,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2192,7 +2488,7 @@ close_fail: +@@ -2192,7 +2500,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -47792,8 +47899,8 @@ diff -urNp linux-3.0.3/grsecurity/grsec_disabled.c linux-3.0.3/grsecurity/grsec_ +#endif diff -urNp linux-3.0.3/grsecurity/grsec_exec.c linux-3.0.3/grsecurity/grsec_exec.c --- linux-3.0.3/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.3/grsecurity/grsec_exec.c 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,87 @@ ++++ linux-3.0.3/grsecurity/grsec_exec.c 2011-08-25 17:25:59.000000000 -0400 +@@ -0,0 +1,72 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/file.h> @@ -47812,21 +47919,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_exec.c linux-3.0.3/grsecurity/grsec_exec +static DEFINE_MUTEX(gr_exec_arg_mutex); +#endif + -+int -+gr_handle_nproc(void) -+{ -+#ifdef CONFIG_GRKERNSEC_EXECVE -+ const struct cred *cred = current_cred(); -+ if (grsec_enable_execve && cred->user && -+ (atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) && -+ !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { -+ gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG); -+ return -EAGAIN; -+ } -+#endif -+ return 0; -+} -+ +extern const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr); + +void @@ -47938,8 +48030,8 @@ diff -urNp linux-3.0.3/grsecurity/grsec_fork.c linux-3.0.3/grsecurity/grsec_fork +} diff -urNp linux-3.0.3/grsecurity/grsec_init.c linux-3.0.3/grsecurity/grsec_init.c --- linux-3.0.3/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.3/grsecurity/grsec_init.c 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,273 @@ ++++ linux-3.0.3/grsecurity/grsec_init.c 2011-08-25 17:25:12.000000000 -0400 +@@ -0,0 +1,269 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/mm.h> @@ -47954,7 +48046,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_init.c linux-3.0.3/grsecurity/grsec_init +int grsec_enable_dmesg; +int grsec_enable_harden_ptrace; +int grsec_enable_fifo; -+int grsec_enable_execve; +int grsec_enable_execlog; +int grsec_enable_signal; +int grsec_enable_forkfail; @@ -48127,9 +48218,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_init.c linux-3.0.3/grsecurity/grsec_init +#ifdef CONFIG_GRKERNSEC_FIFO + grsec_enable_fifo = 1; +#endif -+#ifdef CONFIG_GRKERNSEC_EXECVE -+ grsec_enable_execve = 1; -+#endif +#ifdef CONFIG_GRKERNSEC_EXECLOG + grsec_enable_execlog = 1; +#endif @@ -49195,8 +49283,8 @@ diff -urNp linux-3.0.3/grsecurity/grsec_sock.c linux-3.0.3/grsecurity/grsec_sock +} diff -urNp linux-3.0.3/grsecurity/grsec_sysctl.c linux-3.0.3/grsecurity/grsec_sysctl.c --- linux-3.0.3/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.3/grsecurity/grsec_sysctl.c 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,442 @@ ++++ linux-3.0.3/grsecurity/grsec_sysctl.c 2011-08-25 17:26:15.000000000 -0400 +@@ -0,0 +1,433 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/sysctl.h> @@ -49260,15 +49348,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_sysctl.c linux-3.0.3/grsecurity/grsec_sy + .proc_handler = &proc_dointvec, + }, +#endif -+#ifdef CONFIG_GRKERNSEC_EXECVE -+ { -+ .procname = "execve_limiting", -+ .data = &grsec_enable_execve, -+ .maxlen = sizeof(int), -+ .mode = 0600, -+ .proc_handler = &proc_dointvec, -+ }, -+#endif +#ifdef CONFIG_GRKERNSEC_BLACKHOLE + { + .procname = "ip_blackhole", @@ -49769,8 +49848,8 @@ diff -urNp linux-3.0.3/grsecurity/grsum.c linux-3.0.3/grsecurity/grsum.c +} diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig --- linux-3.0.3/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.3/grsecurity/Kconfig 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,1050 @@ ++++ linux-3.0.3/grsecurity/Kconfig 2011-08-25 17:25:34.000000000 -0400 +@@ -0,0 +1,1038 @@ +# +# grecurity configuration +# @@ -49797,7 +49876,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig + bool "Low" + select GRKERNSEC_LINK + select GRKERNSEC_FIFO -+ select GRKERNSEC_EXECVE + select GRKERNSEC_RANDNET + select GRKERNSEC_DMESG + select GRKERNSEC_CHROOT @@ -49814,7 +49892,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig + + - Linking restrictions + - FIFO restrictions -+ - Enforcing RLIMIT_NPROC on execve + - Restricted dmesg + - Enforced chdir("/") on chroot + - Runtime module disabling @@ -49830,7 +49907,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig + select GRKERNSEC_CHROOT_SYSCTL + select GRKERNSEC_LINK + select GRKERNSEC_FIFO -+ select GRKERNSEC_EXECVE + select GRKERNSEC_DMESG + select GRKERNSEC_RANDNET + select GRKERNSEC_FORKFAIL @@ -49880,7 +49956,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig + bool "High" + select GRKERNSEC_LINK + select GRKERNSEC_FIFO -+ select GRKERNSEC_EXECVE + select GRKERNSEC_DMESG + select GRKERNSEC_FORKFAIL + select GRKERNSEC_TIME @@ -50548,14 +50623,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig +menu "Executable Protections" +depends on GRKERNSEC + -+config GRKERNSEC_EXECVE -+ bool "Enforce RLIMIT_NPROC on execs" -+ help -+ If you say Y here, users with a resource limit on processes will -+ have the value checked during execve() calls. The current system -+ only checks the system limit during fork() calls. If the sysctl option -+ is enabled, a sysctl option with name "execve_limiting" is created. -+ +config GRKERNSEC_DMESG + bool "Dmesg(8) restriction" + help @@ -52631,8 +52698,8 @@ diff -urNp linux-3.0.3/include/linux/grinternal.h linux-3.0.3/include/linux/grin +#endif diff -urNp linux-3.0.3/include/linux/grmsg.h linux-3.0.3/include/linux/grmsg.h --- linux-3.0.3/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.3/include/linux/grmsg.h 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,108 @@ ++++ linux-3.0.3/include/linux/grmsg.h 2011-08-25 17:27:26.000000000 -0400 +@@ -0,0 +1,107 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " @@ -52666,7 +52733,6 @@ diff -urNp linux-3.0.3/include/linux/grmsg.h linux-3.0.3/include/linux/grmsg.h +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by " +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " -+#define GR_NPROC_MSG "denied overstep of process limit by " +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by " +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds" @@ -52743,8 +52809,8 @@ diff -urNp linux-3.0.3/include/linux/grmsg.h linux-3.0.3/include/linux/grmsg.h +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by " diff -urNp linux-3.0.3/include/linux/grsecurity.h linux-3.0.3/include/linux/grsecurity.h --- linux-3.0.3/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux-3.0.3/include/linux/grsecurity.h 2011-08-23 21:48:14.000000000 -0400 -@@ -0,0 +1,228 @@ ++++ linux-3.0.3/include/linux/grsecurity.h 2011-08-25 17:27:36.000000000 -0400 +@@ -0,0 +1,227 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -52822,7 +52888,6 @@ diff -urNp linux-3.0.3/include/linux/grsecurity.h linux-3.0.3/include/linux/grse +int gr_handle_chroot_unix(const pid_t pid); + +int gr_handle_rawio(const struct inode *inode); -+int gr_handle_nproc(void); + +void gr_handle_ioperm(void); +void gr_handle_iopl(void); @@ -53970,7 +54035,7 @@ diff -urNp linux-3.0.3/include/linux/rmap.h linux-3.0.3/include/linux/rmap.h static inline void anon_vma_merge(struct vm_area_struct *vma, diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h --- linux-3.0.3/include/linux/sched.h 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/include/linux/sched.h 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.3/include/linux/sched.h 2011-08-25 17:22:27.000000000 -0400 @@ -100,6 +100,7 @@ struct bio_list; struct fs_struct; struct perf_event_context; @@ -54157,7 +54222,15 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2056,7 +2148,9 @@ void yield(void); +@@ -1768,6 +1860,7 @@ extern void thread_group_times(struct ta + #define PF_DUMPCORE 0x00000200 /* dumped core */ + #define PF_SIGNALED 0x00000400 /* killed by a signal */ + #define PF_MEMALLOC 0x00000800 /* Allocating memory */ ++#define PF_NPROC_EXCEEDED 0x00001000 /* set_user noticed that RLIMIT_NPROC was exceeded */ + #define PF_USED_MATH 0x00002000 /* if unset the fpu must be initialized before use */ + #define PF_FREEZING 0x00004000 /* freeze in progress. do not account to load */ + #define PF_NOFREEZE 0x00008000 /* this thread should not be frozen */ +@@ -2056,7 +2149,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -54167,7 +54240,7 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2089,6 +2183,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2089,6 +2184,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -54175,7 +54248,7 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2225,7 +2320,7 @@ extern void __cleanup_sighand(struct sig +@@ -2225,7 +2321,7 @@ extern void __cleanup_sighand(struct sig extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -54184,7 +54257,7 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2393,13 +2488,17 @@ static inline unsigned long *end_of_stac +@@ -2393,13 +2489,17 @@ static inline unsigned long *end_of_stac #endif @@ -56173,7 +56246,7 @@ diff -urNp linux-3.0.3/kernel/configs.c linux-3.0.3/kernel/configs.c diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c --- linux-3.0.3/kernel/cred.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/kernel/cred.c 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.3/kernel/cred.c 2011-08-25 17:23:03.000000000 -0400 @@ -158,6 +158,8 @@ static void put_cred_rcu(struct rcu_head */ void __put_cred(struct cred *cred) @@ -56255,7 +56328,20 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c /* dumpability changes */ if (old->euid != new->euid || old->egid != new->egid || -@@ -551,6 +569,8 @@ EXPORT_SYMBOL(commit_creds); +@@ -508,10 +526,8 @@ int commit_creds(struct cred *new) + key_fsgid_changed(task); + + /* do it +- * - What if a process setreuid()'s and this brings the +- * new uid over his NPROC rlimit? We can check this now +- * cheaply with the new uid cache, so if it matters +- * we should be checking for it. -DaveM ++ * RLIMIT_NPROC limits on user->processes have already been checked ++ * in set_user(). + */ + alter_cred_subscribers(new, 2); + if (new->user != old->user) +@@ -551,6 +567,8 @@ EXPORT_SYMBOL(commit_creds); */ void abort_creds(struct cred *new) { @@ -56264,7 +56350,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c kdebug("abort_creds(%p{%d,%d})", new, atomic_read(&new->usage), read_cred_subscribers(new)); -@@ -574,6 +594,8 @@ const struct cred *override_creds(const +@@ -574,6 +592,8 @@ const struct cred *override_creds(const { const struct cred *old = current->cred; @@ -56273,7 +56359,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c kdebug("override_creds(%p{%d,%d})", new, atomic_read(&new->usage), read_cred_subscribers(new)); -@@ -603,6 +625,8 @@ void revert_creds(const struct cred *old +@@ -603,6 +623,8 @@ void revert_creds(const struct cred *old { const struct cred *override = current->cred; @@ -56282,7 +56368,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c kdebug("revert_creds(%p{%d,%d})", old, atomic_read(&old->usage), read_cred_subscribers(old)); -@@ -649,6 +673,8 @@ struct cred *prepare_kernel_cred(struct +@@ -649,6 +671,8 @@ struct cred *prepare_kernel_cred(struct const struct cred *old; struct cred *new; @@ -56291,7 +56377,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c new = kmem_cache_alloc(cred_jar, GFP_KERNEL); if (!new) return NULL; -@@ -703,6 +729,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); +@@ -703,6 +727,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); */ int set_security_override(struct cred *new, u32 secid) { @@ -56300,7 +56386,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c return security_kernel_act_as(new, secid); } EXPORT_SYMBOL(set_security_override); -@@ -722,6 +750,8 @@ int set_security_override_from_ctx(struc +@@ -722,6 +748,8 @@ int set_security_override_from_ctx(struc u32 secid; int ret; @@ -56594,7 +56680,7 @@ diff -urNp linux-3.0.3/kernel/exit.c linux-3.0.3/kernel/exit.c if (group_dead) diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c --- linux-3.0.3/kernel/fork.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/kernel/fork.c 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.3/kernel/fork.c 2011-08-25 17:23:36.000000000 -0400 @@ -286,7 +286,7 @@ static struct task_struct *dup_task_stru *stackend = STACK_END_MAGIC; /* for overflow detection */ @@ -56827,7 +56913,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c return 0; } -@@ -1104,10 +1142,13 @@ static struct task_struct *copy_process( +@@ -1104,12 +1142,16 @@ static struct task_struct *copy_process( DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -56842,8 +56928,11 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) goto bad_fork_free; } ++ current->flags &= ~PF_NPROC_EXCEEDED; -@@ -1250,6 +1291,8 @@ static struct task_struct *copy_process( + retval = copy_creds(p, clone_flags); + if (retval < 0) +@@ -1250,6 +1292,8 @@ static struct task_struct *copy_process( if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -56852,7 +56941,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1414,6 +1457,8 @@ bad_fork_cleanup_count: +@@ -1414,6 +1458,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -56861,7 +56950,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c return ERR_PTR(retval); } -@@ -1502,6 +1547,8 @@ long do_fork(unsigned long clone_flags, +@@ -1502,6 +1548,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -56870,7 +56959,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1610,7 +1657,7 @@ static int unshare_fs(unsigned long unsh +@@ -1610,7 +1658,7 @@ static int unshare_fs(unsigned long unsh return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -56879,7 +56968,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c return 0; *new_fsp = copy_fs_struct(fs); -@@ -1697,7 +1744,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, +@@ -1697,7 +1745,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -59381,7 +59470,7 @@ diff -urNp linux-3.0.3/kernel/softirq.c linux-3.0.3/kernel/softirq.c diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c --- linux-3.0.3/kernel/sys.c 2011-07-21 22:17:23.000000000 -0400 -+++ linux-3.0.3/kernel/sys.c 2011-08-23 21:48:14.000000000 -0400 ++++ linux-3.0.3/kernel/sys.c 2011-08-25 17:24:58.000000000 -0400 @@ -154,6 +154,12 @@ static int set_one_prio(struct task_stru error = -EACCES; goto out; @@ -59416,7 +59505,30 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c if (nsown_capable(CAP_SETGID)) new->gid = new->egid = new->sgid = new->fsgid = gid; else if (gid == old->gid || gid == old->sgid) -@@ -646,6 +659,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u +@@ -591,11 +604,18 @@ static int set_user(struct cred *new) + if (!new_user) + return -EAGAIN; + ++ /* ++ * We don't fail in case of NPROC limit excess here because too many ++ * poorly written programs don't check set*uid() return code, assuming ++ * it never fails if called by root. We may still enforce NPROC limit ++ * for programs doing set*uid()+execve() by harmlessly deferring the ++ * failure to the execve() stage. ++ */ + if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) && +- new_user != INIT_USER) { +- free_uid(new_user); +- return -EAGAIN; +- } ++ new_user != INIT_USER) ++ current->flags |= PF_NPROC_EXCEEDED; ++ else ++ current->flags &= ~PF_NPROC_EXCEEDED; + + free_uid(new->user); + new->user = new_user; +@@ -646,6 +666,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u goto error; } @@ -59426,7 +59538,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c if (new->uid != old->uid) { retval = set_user(new); if (retval < 0) -@@ -690,6 +706,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) +@@ -690,6 +713,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) old = current_cred(); retval = -EPERM; @@ -59439,7 +59551,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c if (nsown_capable(CAP_SETUID)) { new->suid = new->uid = uid; if (uid != old->uid) { -@@ -744,6 +766,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, +@@ -744,6 +773,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, goto error; } @@ -59449,7 +59561,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c if (ruid != (uid_t) -1) { new->uid = ruid; if (ruid != old->uid) { -@@ -808,6 +833,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, +@@ -808,6 +840,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, goto error; } @@ -59459,7 +59571,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c if (rgid != (gid_t) -1) new->gid = rgid; if (egid != (gid_t) -1) -@@ -854,6 +882,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -854,6 +889,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) old = current_cred(); old_fsuid = old->fsuid; @@ -59469,7 +59581,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c if (uid == old->uid || uid == old->euid || uid == old->suid || uid == old->fsuid || nsown_capable(CAP_SETUID)) { -@@ -864,6 +895,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -864,6 +902,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) } } @@ -59477,7 +59589,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c abort_creds(new); return old_fsuid; -@@ -890,12 +922,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) +@@ -890,12 +929,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) if (gid == old->gid || gid == old->egid || gid == old->sgid || gid == old->fsgid || nsown_capable(CAP_SETGID)) { @@ -59494,7 +59606,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c abort_creds(new); return old_fsgid; -@@ -1642,7 +1678,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi +@@ -1642,7 +1685,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi error = get_dumpable(me->mm); break; case PR_SET_DUMPABLE: |