main/grsecurity: upgrade to grsecurity-2.2.2-3.0.7-201110180733

2 files changed, 43 insertions, 46 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index ef4faefea5..dd4096534f 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
 	ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
-	grsecurity-2.2.2-3.0.7-201110172337.patch
+	grsecurity-2.2.2-3.0.7-201110180733.patch
 	grsec-timblogiw-noconst.patch
 	
 	0004-arp-flush-arp-cache-on-device-change.patch
@@ -139,7 +139,7 @@ dev() {
 
 md5sums="398e95866794def22b12dfbc15ce89c0  linux-3.0.tar.bz2
 451412dc3b25c60fed80ddd5c49cb855  patch-3.0.7.bz2
-69b5cb7d7fa679346a6752d8759fa945  grsecurity-2.2.2-3.0.7-201110172337.patch
+b00632cd15f00e799660ed72a64f15ed  grsecurity-2.2.2-3.0.7-201110180733.patch
 c41cf0ee9794f393423c6b2093072260  grsec-timblogiw-noconst.patch
 776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
 bcb5aaabe38627ec887406774d8aeb42  kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110172337.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110180733.patch
index 0fc7b864ec..d5f08b1e53 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110172337.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.0.7-201110180733.patch
@@ -43686,8 +43686,8 @@ diff -urNp linux-3.0.7/fs/logfs/super.c linux-3.0.7/fs/logfs/super.c
  	if (err)
 diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 --- linux-3.0.7/fs/namei.c	2011-10-16 21:54:54.000000000 -0400
-+++ linux-3.0.7/fs/namei.c	2011-10-16 21:55:28.000000000 -0400
-@@ -237,21 +237,31 @@ int generic_permission(struct inode *ino
++++ linux-3.0.7/fs/namei.c	2011-10-18 06:55:15.000000000 -0400
+@@ -237,21 +237,23 @@ int generic_permission(struct inode *ino
  		return ret;
  
  	/*
@@ -43700,10 +43700,6 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 -		if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
 +	mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
 +	if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) {
-+#ifdef CONFIG_GRKERNSEC
-+		if (flags & IPERM_FLAG_RCU)
-+			return -ECHILD;
-+#endif
 +		if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
  			return 0;
 +	}
@@ -43718,17 +43714,13 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 -	if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
 -		if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
 +	if (!(mask & MAY_EXEC) || execute_ok(inode)) {
-+#ifdef CONFIG_GRKERNSEC
-+		if (flags & IPERM_FLAG_RCU)
-+			return -ECHILD;
-+#endif
 +		if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
  			return 0;
 +	}
  
  	return -EACCES;
  }
-@@ -547,6 +557,9 @@ static int complete_walk(struct nameidat
+@@ -547,6 +549,9 @@ static int complete_walk(struct nameidat
  		br_read_unlock(vfsmount_lock);
  	}
  
@@ -43738,7 +43730,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	if (likely(!(nd->flags & LOOKUP_JUMPED)))
  		return 0;
  
-@@ -593,9 +606,16 @@ static inline int exec_permission(struct
+@@ -593,9 +598,12 @@ static inline int exec_permission(struct
  	if (ret == -ECHILD)
  		return ret;
  
@@ -43747,17 +43739,13 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
 +	if (ns_capable_nolog(ns, CAP_DAC_OVERRIDE))
  		goto ok;
 +	else {
-+#ifdef CONFIG_GRKERNSEC
-+		if (flags & IPERM_FLAG_RCU)
-+			return -ECHILD;
-+#endif
 +		if (ns_capable(ns, CAP_DAC_READ_SEARCH) || ns_capable(ns, CAP_DAC_OVERRIDE))
 +			goto ok;
 +	}
  
  	return ret;
  ok:
-@@ -703,11 +723,26 @@ follow_link(struct path *link, struct na
+@@ -703,11 +711,26 @@ follow_link(struct path *link, struct na
  		return error;
  	}
  
@@ -43785,7 +43773,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  		error = 0;
  		if (s)
  			error = __vfs_follow_link(nd, s);
-@@ -1625,6 +1660,9 @@ static int do_path_lookup(int dfd, const
+@@ -1625,6 +1648,9 @@ static int do_path_lookup(int dfd, const
  		retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
  
  	if (likely(!retval)) {
@@ -43795,7 +43783,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  		if (unlikely(!audit_dummy_context())) {
  			if (nd->path.dentry && nd->inode)
  				audit_inode(name, nd->path.dentry);
-@@ -1935,6 +1973,30 @@ int vfs_create(struct inode *dir, struct
+@@ -1935,6 +1961,30 @@ int vfs_create(struct inode *dir, struct
  	return error;
  }
  
@@ -43826,7 +43814,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  static int may_open(struct path *path, int acc_mode, int flag)
  {
  	struct dentry *dentry = path->dentry;
-@@ -1987,7 +2049,27 @@ static int may_open(struct path *path, i
+@@ -1987,7 +2037,27 @@ static int may_open(struct path *path, i
  	/*
  	 * Ensure there are no outstanding leases on the file.
  	 */
@@ -43855,7 +43843,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  }
  
  static int handle_truncate(struct file *filp)
-@@ -2013,30 +2095,6 @@ static int handle_truncate(struct file *
+@@ -2013,30 +2083,6 @@ static int handle_truncate(struct file *
  }
  
  /*
@@ -43886,7 +43874,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
   * Handle the last step of open()
   */
  static struct file *do_last(struct nameidata *nd, struct path *path,
-@@ -2045,6 +2103,7 @@ static struct file *do_last(struct namei
+@@ -2045,6 +2091,7 @@ static struct file *do_last(struct namei
  	struct dentry *dir = nd->path.dentry;
  	struct dentry *dentry;
  	int open_flag = op->open_flag;
@@ -43894,7 +43882,16 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	int will_truncate = open_flag & O_TRUNC;
  	int want_write = 0;
  	int acc_mode = op->acc_mode;
-@@ -2132,6 +2191,12 @@ static struct file *do_last(struct namei
+@@ -2095,7 +2142,7 @@ static struct file *do_last(struct namei
+ 		/* sayonara */
+ 		error = complete_walk(nd);
+ 		if (error)
+-			return ERR_PTR(-ECHILD);
++			return ERR_PTR(error);
+ 
+ 		error = -ENOTDIR;
+ 		if (nd->flags & LOOKUP_DIRECTORY) {
+@@ -2132,6 +2179,12 @@ static struct file *do_last(struct namei
  	/* Negative dentry, just create the file */
  	if (!dentry->d_inode) {
  		int mode = op->mode;
@@ -43907,7 +43904,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  		if (!IS_POSIXACL(dir->d_inode))
  			mode &= ~current_umask();
  		/*
-@@ -2155,6 +2220,8 @@ static struct file *do_last(struct namei
+@@ -2155,6 +2208,8 @@ static struct file *do_last(struct namei
  		error = vfs_create(dir->d_inode, dentry, mode, nd);
  		if (error)
  			goto exit_mutex_unlock;
@@ -43916,7 +43913,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  		mutex_unlock(&dir->d_inode->i_mutex);
  		dput(nd->path.dentry);
  		nd->path.dentry = dentry;
-@@ -2164,6 +2231,14 @@ static struct file *do_last(struct namei
+@@ -2164,6 +2219,14 @@ static struct file *do_last(struct namei
  	/*
  	 * It already exists.
  	 */
@@ -43931,7 +43928,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	mutex_unlock(&dir->d_inode->i_mutex);
  	audit_inode(pathname, path->dentry);
  
-@@ -2450,6 +2525,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2450,6 +2513,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
  	error = may_mknod(mode);
  	if (error)
  		goto out_dput;
@@ -43949,7 +43946,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	error = mnt_want_write(nd.path.mnt);
  	if (error)
  		goto out_dput;
-@@ -2470,6 +2556,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+@@ -2470,6 +2544,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
  	}
  out_drop_write:
  	mnt_drop_write(nd.path.mnt);
@@ -43959,7 +43956,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  out_dput:
  	dput(dentry);
  out_unlock:
-@@ -2522,6 +2611,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2522,6 +2599,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
  	if (IS_ERR(dentry))
  		goto out_unlock;
  
@@ -43971,7 +43968,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	if (!IS_POSIXACL(nd.path.dentry->d_inode))
  		mode &= ~current_umask();
  	error = mnt_want_write(nd.path.mnt);
-@@ -2533,6 +2627,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+@@ -2533,6 +2615,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
  	error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
  out_drop_write:
  	mnt_drop_write(nd.path.mnt);
@@ -43982,7 +43979,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  out_dput:
  	dput(dentry);
  out_unlock:
-@@ -2615,6 +2713,8 @@ static long do_rmdir(int dfd, const char
+@@ -2615,6 +2701,8 @@ static long do_rmdir(int dfd, const char
  	char * name;
  	struct dentry *dentry;
  	struct nameidata nd;
@@ -43991,7 +43988,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  
  	error = user_path_parent(dfd, pathname, &nd, &name);
  	if (error)
-@@ -2643,6 +2743,17 @@ static long do_rmdir(int dfd, const char
+@@ -2643,6 +2731,17 @@ static long do_rmdir(int dfd, const char
  		error = -ENOENT;
  		goto exit3;
  	}
@@ -44009,7 +44006,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	error = mnt_want_write(nd.path.mnt);
  	if (error)
  		goto exit3;
-@@ -2650,6 +2761,8 @@ static long do_rmdir(int dfd, const char
+@@ -2650,6 +2749,8 @@ static long do_rmdir(int dfd, const char
  	if (error)
  		goto exit4;
  	error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -44018,7 +44015,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  exit4:
  	mnt_drop_write(nd.path.mnt);
  exit3:
-@@ -2712,6 +2825,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2712,6 +2813,8 @@ static long do_unlinkat(int dfd, const c
  	struct dentry *dentry;
  	struct nameidata nd;
  	struct inode *inode = NULL;
@@ -44027,7 +44024,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  
  	error = user_path_parent(dfd, pathname, &nd, &name);
  	if (error)
-@@ -2734,6 +2849,16 @@ static long do_unlinkat(int dfd, const c
+@@ -2734,6 +2837,16 @@ static long do_unlinkat(int dfd, const c
  		if (!inode)
  			goto slashes;
  		ihold(inode);
@@ -44044,7 +44041,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  		error = mnt_want_write(nd.path.mnt);
  		if (error)
  			goto exit2;
-@@ -2741,6 +2866,8 @@ static long do_unlinkat(int dfd, const c
+@@ -2741,6 +2854,8 @@ static long do_unlinkat(int dfd, const c
  		if (error)
  			goto exit3;
  		error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -44053,7 +44050,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  exit3:
  		mnt_drop_write(nd.path.mnt);
  	exit2:
-@@ -2818,6 +2945,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2818,6 +2933,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
  	if (IS_ERR(dentry))
  		goto out_unlock;
  
@@ -44065,7 +44062,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	error = mnt_want_write(nd.path.mnt);
  	if (error)
  		goto out_dput;
-@@ -2825,6 +2957,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
+@@ -2825,6 +2945,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
  	if (error)
  		goto out_drop_write;
  	error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
@@ -44074,7 +44071,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  out_drop_write:
  	mnt_drop_write(nd.path.mnt);
  out_dput:
-@@ -2933,6 +3067,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2933,6 +3055,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
  	error = PTR_ERR(new_dentry);
  	if (IS_ERR(new_dentry))
  		goto out_unlock;
@@ -44095,7 +44092,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	error = mnt_want_write(nd.path.mnt);
  	if (error)
  		goto out_dput;
-@@ -2940,6 +3088,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+@@ -2940,6 +3076,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
  	if (error)
  		goto out_drop_write;
  	error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
@@ -44104,7 +44101,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  out_drop_write:
  	mnt_drop_write(nd.path.mnt);
  out_dput:
-@@ -3117,6 +3267,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3117,6 +3255,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
  	char *to;
  	int error;
  
@@ -44113,7 +44110,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	error = user_path_parent(olddfd, oldname, &oldnd, &from);
  	if (error)
  		goto exit;
-@@ -3173,6 +3325,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3173,6 +3313,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
  	if (new_dentry == trap)
  		goto exit5;
  
@@ -44126,7 +44123,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	error = mnt_want_write(oldnd.path.mnt);
  	if (error)
  		goto exit5;
-@@ -3182,6 +3340,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+@@ -3182,6 +3328,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
  		goto exit6;
  	error = vfs_rename(old_dir->d_inode, old_dentry,
  				   new_dir->d_inode, new_dentry);
@@ -44136,7 +44133,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  exit6:
  	mnt_drop_write(oldnd.path.mnt);
  exit5:
-@@ -3207,6 +3368,8 @@ SYSCALL_DEFINE2(rename, const char __use
+@@ -3207,6 +3356,8 @@ SYSCALL_DEFINE2(rename, const char __use
  
  int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
  {
@@ -44145,7 +44142,7 @@ diff -urNp linux-3.0.7/fs/namei.c linux-3.0.7/fs/namei.c
  	int len;
  
  	len = PTR_ERR(link);
-@@ -3216,7 +3379,14 @@ int vfs_readlink(struct dentry *dentry, 
+@@ -3216,7 +3367,14 @@ int vfs_readlink(struct dentry *dentry, 
  	len = strlen(link);
  	if (len > (unsigned) buflen)
  		len = buflen;