aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.2-3.0.3-201108251825.patch (renamed from main/linux-grsec/grsecurity-2.2.2-3.0.3-201108241901.patch)408
2 files changed, 263 insertions, 151 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 985985988d..60813e21fe 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.0.3
_kernver=3.0
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
- grsecurity-2.2.2-3.0.3-201108241901.patch
+ grsecurity-2.2.2-3.0.3-201108251825.patch
0004-arp-flush-arp-cache-on-device-change.patch
@@ -138,7 +138,7 @@ dev() {
md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2
1757786b9a9ffbd48ad9642199ff5bd7 patch-3.0.3.bz2
-9709493d471fc64e342345c1bb5b082b grsecurity-2.2.2-3.0.3-201108241901.patch
+dbf71c02960bdb9e047ed6ccd61e108e grsecurity-2.2.2-3.0.3-201108251825.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
406e62e430cee7ba3bb37be341d9ff3e kernelconfig.x86
6957efc9f017c59b05aa0a2e4167255e kernelconfig.x86_64"
diff --git a/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108241901.patch b/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108251825.patch
index a30bf0fd50..04ec669e61 100644
--- a/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108241901.patch
+++ b/main/linux-grsec/grsecurity-2.2.2-3.0.3-201108251825.patch
@@ -5603,7 +5603,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32_aout.c linux-3.0.3/arch/x86/ia32/ia32_
has_dumped = 1;
diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32entry.S
--- linux-3.0.3/arch/x86/ia32/ia32entry.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/arch/x86/ia32/ia32entry.S 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.3/arch/x86/ia32/ia32entry.S 2011-08-25 17:36:37.000000000 -0400
@@ -13,6 +13,7 @@
#include <asm/thread_info.h>
#include <asm/segment.h>
@@ -5612,7 +5612,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
#include <linux/linkage.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
-@@ -95,6 +96,32 @@ ENTRY(native_irq_enable_sysexit)
+@@ -95,6 +96,29 @@ ENTRY(native_irq_enable_sysexit)
ENDPROC(native_irq_enable_sysexit)
#endif
@@ -5631,9 +5631,6 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
+ call pax_randomize_kstack
+ popq %rax
+#endif
-+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
-+ call pax_erase_kstack
-+#endif
+ .endm
+
+ .macro pax_erase_kstack
@@ -5645,7 +5642,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
/*
* 32bit SYSENTER instruction entry.
*
-@@ -121,7 +148,7 @@ ENTRY(ia32_sysenter_target)
+@@ -121,7 +145,7 @@ ENTRY(ia32_sysenter_target)
CFI_REGISTER rsp,rbp
SWAPGS_UNSAFE_STACK
movq PER_CPU_VAR(kernel_stack), %rsp
@@ -5654,7 +5651,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
/*
* No need to follow this irqs on/off section: the syscall
* disabled irqs, here we enable it straight after entry:
-@@ -134,7 +161,8 @@ ENTRY(ia32_sysenter_target)
+@@ -134,7 +158,8 @@ ENTRY(ia32_sysenter_target)
CFI_REL_OFFSET rsp,0
pushfq_cfi
/*CFI_REL_OFFSET rflags,0*/
@@ -5664,7 +5661,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
CFI_REGISTER rip,r10
pushq_cfi $__USER32_CS
/*CFI_REL_OFFSET cs,0*/
-@@ -146,6 +174,12 @@ ENTRY(ia32_sysenter_target)
+@@ -146,6 +171,12 @@ ENTRY(ia32_sysenter_target)
SAVE_ARGS 0,0,1
/* no need to do an access_ok check here because rbp has been
32bit zero extended */
@@ -5677,15 +5674,16 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
1: movl (%rbp),%ebp
.section __ex_table,"a"
.quad 1b,ia32_badarg
-@@ -168,6 +202,7 @@ sysenter_dispatch:
+@@ -168,6 +199,8 @@ sysenter_dispatch:
testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
jnz sysexit_audit
sysexit_from_sys_call:
+ pax_exit_kernel_user
++ pax_erase_kstack
andl $~TS_COMPAT,TI_status(%r10)
/* clear IF, that popfq doesn't enable interrupts early */
andl $~0x200,EFLAGS-R11(%rsp)
-@@ -194,6 +229,9 @@ sysexit_from_sys_call:
+@@ -194,6 +227,9 @@ sysexit_from_sys_call:
movl %eax,%esi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
call audit_syscall_entry
@@ -5695,7 +5693,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -246,6 +284,9 @@ sysenter_tracesys:
+@@ -246,6 +282,9 @@ sysenter_tracesys:
movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -5705,7 +5703,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -277,19 +318,24 @@ ENDPROC(ia32_sysenter_target)
+@@ -277,19 +316,24 @@ ENDPROC(ia32_sysenter_target)
ENTRY(ia32_cstar_target)
CFI_STARTPROC32 simple
CFI_SIGNAL_FRAME
@@ -5732,7 +5730,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
movl %eax,%eax /* zero extension */
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
-@@ -305,6 +351,12 @@ ENTRY(ia32_cstar_target)
+@@ -305,6 +349,12 @@ ENTRY(ia32_cstar_target)
/* no need to do an access_ok check here because r8 has been
32bit zero extended */
/* hardware stack frame is complete now */
@@ -5745,15 +5743,16 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
1: movl (%r8),%r9d
.section __ex_table,"a"
.quad 1b,ia32_badarg
-@@ -327,6 +379,7 @@ cstar_dispatch:
+@@ -327,6 +377,8 @@ cstar_dispatch:
testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
jnz sysretl_audit
sysretl_from_sys_call:
+ pax_exit_kernel_user
++ pax_erase_kstack
andl $~TS_COMPAT,TI_status(%r10)
RESTORE_ARGS 1,-ARG_SKIP,1,1,1
movl RIP-ARGOFFSET(%rsp),%ecx
-@@ -364,6 +417,9 @@ cstar_tracesys:
+@@ -364,6 +416,9 @@ cstar_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -5763,7 +5762,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
RESTORE_REST
xchgl %ebp,%r9d
-@@ -409,6 +465,7 @@ ENTRY(ia32_syscall)
+@@ -409,6 +464,7 @@ ENTRY(ia32_syscall)
CFI_REL_OFFSET rip,RIP-RIP
PARAVIRT_ADJUST_EXCEPTION_FRAME
SWAPGS
@@ -5771,7 +5770,7 @@ diff -urNp linux-3.0.3/arch/x86/ia32/ia32entry.S linux-3.0.3/arch/x86/ia32/ia32e
/*
* No need to follow this irqs on/off section: the syscall
* disabled irqs and here we enable it straight after entry:
-@@ -441,6 +498,9 @@ ia32_tracesys:
+@@ -441,6 +497,9 @@ ia32_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -11740,7 +11739,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_32.S linux-3.0.3/arch/x86/kernel/en
CFI_ADJUST_CFA_OFFSET -24
diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/entry_64.S
--- linux-3.0.3/arch/x86/kernel/entry_64.S 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/arch/x86/kernel/entry_64.S 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.3/arch/x86/kernel/entry_64.S 2011-08-25 17:38:59.000000000 -0400
@@ -53,6 +53,7 @@
#include <asm/paravirt.h>
#include <asm/ftrace.h>
@@ -11749,7 +11748,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -176,6 +177,259 @@ ENTRY(native_usergs_sysret64)
+@@ -176,6 +177,262 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -11846,9 +11845,6 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
+ call pax_randomize_kstack
+ pop %rax
+#endif
-+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
-+ call pax_erase_kstack
-+#endif
+ .endm
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
@@ -11994,6 +11990,12 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
+2: cld
+ mov %esp, %ecx
+ sub %edi, %ecx
++
++ cmp $THREAD_SIZE_asm, %rcx
++ jb 3f
++ ud2
++3:
++
+ shr $3, %ecx
+ rep stosq
+
@@ -12009,7 +12011,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -318,7 +572,7 @@ ENTRY(save_args)
+@@ -318,7 +575,7 @@ ENTRY(save_args)
leaq -RBP+8(%rsp),%rdi /* arg1 for handler */
movq_cfi rbp, 8 /* push %rbp */
leaq 8(%rsp), %rbp /* mov %rsp, %ebp */
@@ -12018,7 +12020,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
je 1f
SWAPGS
/*
-@@ -409,7 +663,7 @@ ENTRY(ret_from_fork)
+@@ -409,7 +666,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -12027,7 +12029,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
je int_ret_from_sys_call
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -455,7 +709,7 @@ END(ret_from_fork)
+@@ -455,7 +712,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -12036,7 +12038,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -468,12 +722,13 @@ ENTRY(system_call_after_swapgs)
+@@ -468,12 +725,13 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -12051,15 +12053,16 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -502,6 +757,7 @@ sysret_check:
+@@ -502,6 +760,8 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
+ pax_exit_kernel_user
++ pax_erase_kstack
/*
* sysretq will re-enable interrupts:
*/
-@@ -560,6 +816,9 @@ auditsys:
+@@ -560,6 +820,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call audit_syscall_entry
@@ -12069,7 +12072,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -590,6 +849,9 @@ tracesys:
+@@ -590,6 +853,9 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -12079,7 +12082,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
/*
* Reload arg registers from stack in case ptrace changed them.
* We don't reload %rax because syscall_trace_enter() returned
-@@ -611,7 +873,7 @@ tracesys:
+@@ -611,7 +877,7 @@ tracesys:
GLOBAL(int_ret_from_sys_call)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -12088,7 +12091,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
je retint_restore_args
movl $_TIF_ALLWORK_MASK,%edi
/* edi: mask to check */
-@@ -793,6 +1055,16 @@ END(interrupt)
+@@ -793,6 +1059,16 @@ END(interrupt)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
call save_args
PARTIAL_FRAME 0
@@ -12105,7 +12108,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
call \func
.endm
-@@ -825,7 +1097,7 @@ ret_from_intr:
+@@ -825,7 +1101,7 @@ ret_from_intr:
CFI_ADJUST_CFA_OFFSET -8
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -12114,11 +12117,12 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
je retint_kernel
/* Interrupt came from user space */
-@@ -847,12 +1119,14 @@ retint_swapgs: /* return to user-space
+@@ -847,12 +1123,15 @@ retint_swapgs: /* return to user-space
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
+ pax_exit_kernel_user
++ pax_erase_kstack
TRACE_IRQS_IRETQ
SWAPGS
jmp restore_args
@@ -12129,7 +12133,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
/*
* The iretq could re-enable interrupts:
*/
-@@ -1027,6 +1301,16 @@ ENTRY(\sym)
+@@ -1027,6 +1306,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12146,7 +12150,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1044,6 +1328,16 @@ ENTRY(\sym)
+@@ -1044,6 +1333,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12163,7 +12167,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
call \do_sym
-@@ -1052,7 +1346,7 @@ ENTRY(\sym)
+@@ -1052,7 +1351,7 @@ ENTRY(\sym)
END(\sym)
.endm
@@ -12172,7 +12176,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1062,8 +1356,24 @@ ENTRY(\sym)
+@@ -1062,8 +1361,24 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -12197,7 +12201,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
call \do_sym
addq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
-@@ -1080,6 +1390,16 @@ ENTRY(\sym)
+@@ -1080,6 +1395,16 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -12214,7 +12218,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1099,6 +1419,16 @@ ENTRY(\sym)
+@@ -1099,6 +1424,16 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -12231,7 +12235,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
movq %rsp,%rdi /* pt_regs pointer */
movq ORIG_RAX(%rsp),%rsi /* get error code */
movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
-@@ -1361,14 +1691,27 @@ ENTRY(paranoid_exit)
+@@ -1361,14 +1696,27 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -12260,7 +12264,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
TRACE_IRQS_IRETQ 0
RESTORE_ALL 8
jmp irq_return
-@@ -1426,7 +1769,7 @@ ENTRY(error_entry)
+@@ -1426,7 +1774,7 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -12269,7 +12273,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
je error_kernelspace
error_swapgs:
SWAPGS
-@@ -1490,6 +1833,16 @@ ENTRY(nmi)
+@@ -1490,6 +1838,16 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
DEFAULT_FRAME 0
@@ -12286,7 +12290,7 @@ diff -urNp linux-3.0.3/arch/x86/kernel/entry_64.S linux-3.0.3/arch/x86/kernel/en
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1500,11 +1853,25 @@ ENTRY(nmi)
+@@ -1500,11 +1858,25 @@ ENTRY(nmi)
DISABLE_INTERRUPTS(CLBR_NONE)
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
@@ -35002,7 +35006,18 @@ diff -urNp linux-3.0.3/fs/ceph/dir.c linux-3.0.3/fs/ceph/dir.c
struct ceph_mds_reply_info_parsed *rinfo;
diff -urNp linux-3.0.3/fs/cifs/cifs_debug.c linux-3.0.3/fs/cifs/cifs_debug.c
--- linux-3.0.3/fs/cifs/cifs_debug.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/fs/cifs/cifs_debug.c 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.3/fs/cifs/cifs_debug.c 2011-08-25 17:18:05.000000000 -0400
+@@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(str
+
+ if (c == '1' || c == 'y' || c == 'Y' || c == '0') {
+ #ifdef CONFIG_CIFS_STATS2
+- atomic_set(&totBufAllocCount, 0);
+- atomic_set(&totSmBufAllocCount, 0);
++ atomic_set_unchecked(&totBufAllocCount, 0);
++ atomic_set_unchecked(&totSmBufAllocCount, 0);
+ #endif /* CONFIG_CIFS_STATS2 */
+ spin_lock(&cifs_tcp_ses_lock);
+ list_for_each(tmp1, &cifs_tcp_ses_list) {
@@ -279,25 +279,25 @@ static ssize_t cifs_stats_proc_write(str
tcon = list_entry(tmp3,
struct cifs_tcon,
@@ -35048,6 +35063,17 @@ diff -urNp linux-3.0.3/fs/cifs/cifs_debug.c linux-3.0.3/fs/cifs/cifs_debug.c
}
}
}
+@@ -327,8 +327,8 @@ static int cifs_stats_proc_show(struct s
+ smBufAllocCount.counter, cifs_min_small);
+ #ifdef CONFIG_CIFS_STATS2
+ seq_printf(m, "Total Large %d Small %d Allocations\n",
+- atomic_read(&totBufAllocCount),
+- atomic_read(&totSmBufAllocCount));
++ atomic_read_unchecked(&totBufAllocCount),
++ atomic_read_unchecked(&totSmBufAllocCount));
+ #endif /* CONFIG_CIFS_STATS2 */
+
+ seq_printf(m, "Operations (MIDs): %d\n", atomic_read(&midCount));
@@ -357,41 +357,41 @@ static int cifs_stats_proc_show(struct s
if (tcon->need_reconnect)
seq_puts(m, "\tDISCONNECTED ");
@@ -35110,9 +35136,41 @@ diff -urNp linux-3.0.3/fs/cifs/cifs_debug.c linux-3.0.3/fs/cifs/cifs_debug.c
}
}
}
+diff -urNp linux-3.0.3/fs/cifs/cifsfs.c linux-3.0.3/fs/cifs/cifsfs.c
+--- linux-3.0.3/fs/cifs/cifsfs.c 2011-08-23 21:44:40.000000000 -0400
++++ linux-3.0.3/fs/cifs/cifsfs.c 2011-08-25 17:18:05.000000000 -0400
+@@ -994,7 +994,7 @@ cifs_init_request_bufs(void)
+ cifs_req_cachep = kmem_cache_create("cifs_request",
+ CIFSMaxBufSize +
+ MAX_CIFS_HDR_SIZE, 0,
+- SLAB_HWCACHE_ALIGN, NULL);
++ SLAB_HWCACHE_ALIGN | SLAB_USERCOPY, NULL);
+ if (cifs_req_cachep == NULL)
+ return -ENOMEM;
+
+@@ -1021,7 +1021,7 @@ cifs_init_request_bufs(void)
+ efficient to alloc 1 per page off the slab compared to 17K (5page)
+ alloc of large cifs buffers even when page debugging is on */
+ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq",
+- MAX_CIFS_SMALL_BUFFER_SIZE, 0, SLAB_HWCACHE_ALIGN,
++ MAX_CIFS_SMALL_BUFFER_SIZE, 0, SLAB_HWCACHE_ALIGN | SLAB_USERCOPY,
+ NULL);
+ if (cifs_sm_req_cachep == NULL) {
+ mempool_destroy(cifs_req_poolp);
+@@ -1106,8 +1106,8 @@ init_cifs(void)
+ atomic_set(&bufAllocCount, 0);
+ atomic_set(&smBufAllocCount, 0);
+ #ifdef CONFIG_CIFS_STATS2
+- atomic_set(&totBufAllocCount, 0);
+- atomic_set(&totSmBufAllocCount, 0);
++ atomic_set_unchecked(&totBufAllocCount, 0);
++ atomic_set_unchecked(&totSmBufAllocCount, 0);
+ #endif /* CONFIG_CIFS_STATS2 */
+
+ atomic_set(&midCount, 0);
diff -urNp linux-3.0.3/fs/cifs/cifsglob.h linux-3.0.3/fs/cifs/cifsglob.h
--- linux-3.0.3/fs/cifs/cifsglob.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/fs/cifs/cifsglob.h 2011-08-23 21:47:56.000000000 -0400
++++ linux-3.0.3/fs/cifs/cifsglob.h 2011-08-25 17:18:05.000000000 -0400
@@ -381,28 +381,28 @@ struct cifs_tcon {
__u16 Flags; /* optional support bits */
enum statusEnum tidStatus;
@@ -35173,6 +35231,17 @@ diff -urNp linux-3.0.3/fs/cifs/cifsglob.h linux-3.0.3/fs/cifs/cifsglob.h
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
+@@ -911,8 +911,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnect
+ /* Various Debug counters */
+ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
+ #ifdef CONFIG_CIFS_STATS2
+-GLOBAL_EXTERN atomic_t totBufAllocCount; /* total allocated over all time */
+-GLOBAL_EXTERN atomic_t totSmBufAllocCount;
++GLOBAL_EXTERN atomic_unchecked_t totBufAllocCount; /* total allocated over all time */
++GLOBAL_EXTERN atomic_unchecked_t totSmBufAllocCount;
+ #endif
+ GLOBAL_EXTERN atomic_t smBufAllocCount;
+ GLOBAL_EXTERN atomic_t midCount;
diff -urNp linux-3.0.3/fs/cifs/link.c linux-3.0.3/fs/cifs/link.c
--- linux-3.0.3/fs/cifs/link.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.3/fs/cifs/link.c 2011-08-23 21:47:56.000000000 -0400
@@ -35185,6 +35254,27 @@ diff -urNp linux-3.0.3/fs/cifs/link.c linux-3.0.3/fs/cifs/link.c
if (!IS_ERR(p))
kfree(p);
}
+diff -urNp linux-3.0.3/fs/cifs/misc.c linux-3.0.3/fs/cifs/misc.c
+--- linux-3.0.3/fs/cifs/misc.c 2011-07-21 22:17:23.000000000 -0400
++++ linux-3.0.3/fs/cifs/misc.c 2011-08-25 17:18:05.000000000 -0400
+@@ -156,7 +156,7 @@ cifs_buf_get(void)
+ memset(ret_buf, 0, sizeof(struct smb_hdr) + 3);
+ atomic_inc(&bufAllocCount);
+ #ifdef CONFIG_CIFS_STATS2
+- atomic_inc(&totBufAllocCount);
++ atomic_inc_unchecked(&totBufAllocCount);
+ #endif /* CONFIG_CIFS_STATS2 */
+ }
+
+@@ -191,7 +191,7 @@ cifs_small_buf_get(void)
+ /* memset(ret_buf, 0, sizeof(struct smb_hdr) + 27);*/
+ atomic_inc(&smBufAllocCount);
+ #ifdef CONFIG_CIFS_STATS2
+- atomic_inc(&totSmBufAllocCount);
++ atomic_inc_unchecked(&totSmBufAllocCount);
+ #endif /* CONFIG_CIFS_STATS2 */
+
+ }
diff -urNp linux-3.0.3/fs/coda/cache.c linux-3.0.3/fs/coda/cache.c
--- linux-3.0.3/fs/coda/cache.c 2011-07-21 22:17:23.000000000 -0400
+++ linux-3.0.3/fs/coda/cache.c 2011-08-23 21:47:56.000000000 -0400
@@ -35457,7 +35547,7 @@ diff -urNp linux-3.0.3/fs/ecryptfs/miscdev.c linux-3.0.3/fs/ecryptfs/miscdev.c
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
--- linux-3.0.3/fs/exec.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/fs/exec.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.3/fs/exec.c 2011-08-25 17:26:58.000000000 -0400
@@ -55,12 +55,24 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
@@ -35680,7 +35770,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
bprm->unsafe |= LSM_UNSAFE_SHARE;
} else {
res = -EAGAIN;
-@@ -1428,6 +1445,11 @@ static int do_execve_common(const char *
+@@ -1428,11 +1445,35 @@ static int do_execve_common(const char *
struct user_arg_ptr envp,
struct pt_regs *regs)
{
@@ -35692,7 +35782,31 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced;
-@@ -1464,6 +1486,23 @@ static int do_execve_common(const char *
+ bool clear_in_exec;
+ int retval;
++ const struct cred *cred = current_cred();
++
++ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
++
++ /*
++ * We move the actual failure in case of RLIMIT_NPROC excess from
++ * set*uid() to execve() because too many poorly written programs
++ * don't check setuid() return code. Here we additionally recheck
++ * whether NPROC limit is still exceeded.
++ */
++ if ((current->flags & PF_NPROC_EXCEEDED) &&
++ atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) {
++ retval = -EAGAIN;
++ goto out_ret;
++ }
++
++ /* We're below the limit (still or again), so we don't want to make
++ * further execve() calls fail. */
++ current->flags &= ~PF_NPROC_EXCEEDED;
+
+ retval = unshare_files(&displaced);
+ if (retval)
+@@ -1464,6 +1505,16 @@ static int do_execve_common(const char *
bprm->filename = filename;
bprm->interp = filename;
@@ -35701,13 +35815,6 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
+ goto out_file;
+ }
+
-+ gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
-+
-+ if (gr_handle_nproc()) {
-+ retval = -EAGAIN;
-+ goto out_file;
-+ }
-+
+ if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
+ retval = -EACCES;
+ goto out_file;
@@ -35716,7 +35823,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
retval = bprm_mm_init(bprm);
if (retval)
goto out_file;
-@@ -1493,9 +1532,40 @@ static int do_execve_common(const char *
+@@ -1493,9 +1544,40 @@ static int do_execve_common(const char *
if (retval < 0)
goto out;
@@ -35758,7 +35865,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
/* execve succeeded */
current->fs->in_exec = 0;
-@@ -1506,6 +1576,14 @@ static int do_execve_common(const char *
+@@ -1506,6 +1588,14 @@ static int do_execve_common(const char *
put_files_struct(displaced);
return retval;
@@ -35773,7 +35880,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1579,7 +1657,7 @@ static int expand_corename(struct core_n
+@@ -1579,7 +1669,7 @@ static int expand_corename(struct core_n
{
char *old_corename = cn->corename;
@@ -35782,7 +35889,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
if (!cn->corename) {
-@@ -1667,7 +1745,7 @@ static int format_corename(struct core_n
+@@ -1667,7 +1757,7 @@ static int format_corename(struct core_n
int pid_in_pattern = 0;
int err = 0;
@@ -35791,7 +35898,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
cn->corename = kmalloc(cn->size, GFP_KERNEL);
cn->used = 0;
-@@ -1758,6 +1836,219 @@ out:
+@@ -1758,6 +1848,219 @@ out:
return ispipe;
}
@@ -36011,7 +36118,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
static int zap_process(struct task_struct *start, int exit_code)
{
struct task_struct *t;
-@@ -1969,17 +2260,17 @@ static void wait_for_dump_helpers(struct
+@@ -1969,17 +2272,17 @@ static void wait_for_dump_helpers(struct
pipe = file->f_path.dentry->d_inode->i_pipe;
pipe_lock(pipe);
@@ -36034,7 +36141,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
pipe_unlock(pipe);
}
-@@ -2040,7 +2331,7 @@ void do_coredump(long signr, int exit_co
+@@ -2040,7 +2343,7 @@ void do_coredump(long signr, int exit_co
int retval = 0;
int flag = 0;
int ispipe;
@@ -36043,7 +36150,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
struct coredump_params cprm = {
.signr = signr,
.regs = regs,
-@@ -2055,6 +2346,9 @@ void do_coredump(long signr, int exit_co
+@@ -2055,6 +2358,9 @@ void do_coredump(long signr, int exit_co
audit_core_dumps(signr);
@@ -36053,7 +36160,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
goto fail;
-@@ -2095,6 +2389,8 @@ void do_coredump(long signr, int exit_co
+@@ -2095,6 +2401,8 @@ void do_coredump(long signr, int exit_co
goto fail_corename;
}
@@ -36062,7 +36169,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
if (ispipe) {
int dump_count;
char **helper_argv;
-@@ -2122,7 +2418,7 @@ void do_coredump(long signr, int exit_co
+@@ -2122,7 +2430,7 @@ void do_coredump(long signr, int exit_co
}
cprm.limit = RLIM_INFINITY;
@@ -36071,7 +36178,7 @@ diff -urNp linux-3.0.3/fs/exec.c linux-3.0.3/fs/exec.c
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -2192,7 +2488,7 @@ close_fail:
+@@ -2192,7 +2500,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
@@ -47792,8 +47899,8 @@ diff -urNp linux-3.0.3/grsecurity/grsec_disabled.c linux-3.0.3/grsecurity/grsec_
+#endif
diff -urNp linux-3.0.3/grsecurity/grsec_exec.c linux-3.0.3/grsecurity/grsec_exec.c
--- linux-3.0.3/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.3/grsecurity/grsec_exec.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,87 @@
++++ linux-3.0.3/grsecurity/grsec_exec.c 2011-08-25 17:25:59.000000000 -0400
+@@ -0,0 +1,72 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -47812,21 +47919,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_exec.c linux-3.0.3/grsecurity/grsec_exec
+static DEFINE_MUTEX(gr_exec_arg_mutex);
+#endif
+
-+int
-+gr_handle_nproc(void)
-+{
-+#ifdef CONFIG_GRKERNSEC_EXECVE
-+ const struct cred *cred = current_cred();
-+ if (grsec_enable_execve && cred->user &&
-+ (atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) &&
-+ !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
-+ gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG);
-+ return -EAGAIN;
-+ }
-+#endif
-+ return 0;
-+}
-+
+extern const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr);
+
+void
@@ -47938,8 +48030,8 @@ diff -urNp linux-3.0.3/grsecurity/grsec_fork.c linux-3.0.3/grsecurity/grsec_fork
+}
diff -urNp linux-3.0.3/grsecurity/grsec_init.c linux-3.0.3/grsecurity/grsec_init.c
--- linux-3.0.3/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.3/grsecurity/grsec_init.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,273 @@
++++ linux-3.0.3/grsecurity/grsec_init.c 2011-08-25 17:25:12.000000000 -0400
+@@ -0,0 +1,269 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -47954,7 +48046,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_init.c linux-3.0.3/grsecurity/grsec_init
+int grsec_enable_dmesg;
+int grsec_enable_harden_ptrace;
+int grsec_enable_fifo;
-+int grsec_enable_execve;
+int grsec_enable_execlog;
+int grsec_enable_signal;
+int grsec_enable_forkfail;
@@ -48127,9 +48218,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_init.c linux-3.0.3/grsecurity/grsec_init
+#ifdef CONFIG_GRKERNSEC_FIFO
+ grsec_enable_fifo = 1;
+#endif
-+#ifdef CONFIG_GRKERNSEC_EXECVE
-+ grsec_enable_execve = 1;
-+#endif
+#ifdef CONFIG_GRKERNSEC_EXECLOG
+ grsec_enable_execlog = 1;
+#endif
@@ -49195,8 +49283,8 @@ diff -urNp linux-3.0.3/grsecurity/grsec_sock.c linux-3.0.3/grsecurity/grsec_sock
+}
diff -urNp linux-3.0.3/grsecurity/grsec_sysctl.c linux-3.0.3/grsecurity/grsec_sysctl.c
--- linux-3.0.3/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.3/grsecurity/grsec_sysctl.c 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,442 @@
++++ linux-3.0.3/grsecurity/grsec_sysctl.c 2011-08-25 17:26:15.000000000 -0400
+@@ -0,0 +1,433 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/sysctl.h>
@@ -49260,15 +49348,6 @@ diff -urNp linux-3.0.3/grsecurity/grsec_sysctl.c linux-3.0.3/grsecurity/grsec_sy
+ .proc_handler = &proc_dointvec,
+ },
+#endif
-+#ifdef CONFIG_GRKERNSEC_EXECVE
-+ {
-+ .procname = "execve_limiting",
-+ .data = &grsec_enable_execve,
-+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec,
-+ },
-+#endif
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
+ {
+ .procname = "ip_blackhole",
@@ -49769,8 +49848,8 @@ diff -urNp linux-3.0.3/grsecurity/grsum.c linux-3.0.3/grsecurity/grsum.c
+}
diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig
--- linux-3.0.3/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.3/grsecurity/Kconfig 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,1050 @@
++++ linux-3.0.3/grsecurity/Kconfig 2011-08-25 17:25:34.000000000 -0400
+@@ -0,0 +1,1038 @@
+#
+# grecurity configuration
+#
@@ -49797,7 +49876,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig
+ bool "Low"
+ select GRKERNSEC_LINK
+ select GRKERNSEC_FIFO
-+ select GRKERNSEC_EXECVE
+ select GRKERNSEC_RANDNET
+ select GRKERNSEC_DMESG
+ select GRKERNSEC_CHROOT
@@ -49814,7 +49892,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig
+
+ - Linking restrictions
+ - FIFO restrictions
-+ - Enforcing RLIMIT_NPROC on execve
+ - Restricted dmesg
+ - Enforced chdir("/") on chroot
+ - Runtime module disabling
@@ -49830,7 +49907,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig
+ select GRKERNSEC_CHROOT_SYSCTL
+ select GRKERNSEC_LINK
+ select GRKERNSEC_FIFO
-+ select GRKERNSEC_EXECVE
+ select GRKERNSEC_DMESG
+ select GRKERNSEC_RANDNET
+ select GRKERNSEC_FORKFAIL
@@ -49880,7 +49956,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig
+ bool "High"
+ select GRKERNSEC_LINK
+ select GRKERNSEC_FIFO
-+ select GRKERNSEC_EXECVE
+ select GRKERNSEC_DMESG
+ select GRKERNSEC_FORKFAIL
+ select GRKERNSEC_TIME
@@ -50548,14 +50623,6 @@ diff -urNp linux-3.0.3/grsecurity/Kconfig linux-3.0.3/grsecurity/Kconfig
+menu "Executable Protections"
+depends on GRKERNSEC
+
-+config GRKERNSEC_EXECVE
-+ bool "Enforce RLIMIT_NPROC on execs"
-+ help
-+ If you say Y here, users with a resource limit on processes will
-+ have the value checked during execve() calls. The current system
-+ only checks the system limit during fork() calls. If the sysctl option
-+ is enabled, a sysctl option with name "execve_limiting" is created.
-+
+config GRKERNSEC_DMESG
+ bool "Dmesg(8) restriction"
+ help
@@ -52631,8 +52698,8 @@ diff -urNp linux-3.0.3/include/linux/grinternal.h linux-3.0.3/include/linux/grin
+#endif
diff -urNp linux-3.0.3/include/linux/grmsg.h linux-3.0.3/include/linux/grmsg.h
--- linux-3.0.3/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.3/include/linux/grmsg.h 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,108 @@
++++ linux-3.0.3/include/linux/grmsg.h 2011-08-25 17:27:26.000000000 -0400
+@@ -0,0 +1,107 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -52666,7 +52733,6 @@ diff -urNp linux-3.0.3/include/linux/grmsg.h linux-3.0.3/include/linux/grmsg.h
+#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
+#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
+#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
-+#define GR_NPROC_MSG "denied overstep of process limit by "
+#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
+#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
+#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
@@ -52743,8 +52809,8 @@ diff -urNp linux-3.0.3/include/linux/grmsg.h linux-3.0.3/include/linux/grmsg.h
+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
diff -urNp linux-3.0.3/include/linux/grsecurity.h linux-3.0.3/include/linux/grsecurity.h
--- linux-3.0.3/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-3.0.3/include/linux/grsecurity.h 2011-08-23 21:48:14.000000000 -0400
-@@ -0,0 +1,228 @@
++++ linux-3.0.3/include/linux/grsecurity.h 2011-08-25 17:27:36.000000000 -0400
+@@ -0,0 +1,227 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -52822,7 +52888,6 @@ diff -urNp linux-3.0.3/include/linux/grsecurity.h linux-3.0.3/include/linux/grse
+int gr_handle_chroot_unix(const pid_t pid);
+
+int gr_handle_rawio(const struct inode *inode);
-+int gr_handle_nproc(void);
+
+void gr_handle_ioperm(void);
+void gr_handle_iopl(void);
@@ -53970,7 +54035,7 @@ diff -urNp linux-3.0.3/include/linux/rmap.h linux-3.0.3/include/linux/rmap.h
static inline void anon_vma_merge(struct vm_area_struct *vma,
diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h
--- linux-3.0.3/include/linux/sched.h 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/include/linux/sched.h 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.3/include/linux/sched.h 2011-08-25 17:22:27.000000000 -0400
@@ -100,6 +100,7 @@ struct bio_list;
struct fs_struct;
struct perf_event_context;
@@ -54157,7 +54222,15 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -2056,7 +2148,9 @@ void yield(void);
+@@ -1768,6 +1860,7 @@ extern void thread_group_times(struct ta
+ #define PF_DUMPCORE 0x00000200 /* dumped core */
+ #define PF_SIGNALED 0x00000400 /* killed by a signal */
+ #define PF_MEMALLOC 0x00000800 /* Allocating memory */
++#define PF_NPROC_EXCEEDED 0x00001000 /* set_user noticed that RLIMIT_NPROC was exceeded */
+ #define PF_USED_MATH 0x00002000 /* if unset the fpu must be initialized before use */
+ #define PF_FREEZING 0x00004000 /* freeze in progress. do not account to load */
+ #define PF_NOFREEZE 0x00008000 /* this thread should not be frozen */
+@@ -2056,7 +2149,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -54167,7 +54240,7 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2089,6 +2183,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2089,6 +2184,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -54175,7 +54248,7 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2225,7 +2320,7 @@ extern void __cleanup_sighand(struct sig
+@@ -2225,7 +2321,7 @@ extern void __cleanup_sighand(struct sig
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -54184,7 +54257,7 @@ diff -urNp linux-3.0.3/include/linux/sched.h linux-3.0.3/include/linux/sched.h
extern void daemonize(const char *, ...);
extern int allow_signal(int);
-@@ -2393,13 +2488,17 @@ static inline unsigned long *end_of_stac
+@@ -2393,13 +2489,17 @@ static inline unsigned long *end_of_stac
#endif
@@ -56173,7 +56246,7 @@ diff -urNp linux-3.0.3/kernel/configs.c linux-3.0.3/kernel/configs.c
diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c
--- linux-3.0.3/kernel/cred.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/kernel/cred.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.3/kernel/cred.c 2011-08-25 17:23:03.000000000 -0400
@@ -158,6 +158,8 @@ static void put_cred_rcu(struct rcu_head
*/
void __put_cred(struct cred *cred)
@@ -56255,7 +56328,20 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c
/* dumpability changes */
if (old->euid != new->euid ||
old->egid != new->egid ||
-@@ -551,6 +569,8 @@ EXPORT_SYMBOL(commit_creds);
+@@ -508,10 +526,8 @@ int commit_creds(struct cred *new)
+ key_fsgid_changed(task);
+
+ /* do it
+- * - What if a process setreuid()'s and this brings the
+- * new uid over his NPROC rlimit? We can check this now
+- * cheaply with the new uid cache, so if it matters
+- * we should be checking for it. -DaveM
++ * RLIMIT_NPROC limits on user->processes have already been checked
++ * in set_user().
+ */
+ alter_cred_subscribers(new, 2);
+ if (new->user != old->user)
+@@ -551,6 +567,8 @@ EXPORT_SYMBOL(commit_creds);
*/
void abort_creds(struct cred *new)
{
@@ -56264,7 +56350,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c
kdebug("abort_creds(%p{%d,%d})", new,
atomic_read(&new->usage),
read_cred_subscribers(new));
-@@ -574,6 +594,8 @@ const struct cred *override_creds(const
+@@ -574,6 +592,8 @@ const struct cred *override_creds(const
{
const struct cred *old = current->cred;
@@ -56273,7 +56359,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c
kdebug("override_creds(%p{%d,%d})", new,
atomic_read(&new->usage),
read_cred_subscribers(new));
-@@ -603,6 +625,8 @@ void revert_creds(const struct cred *old
+@@ -603,6 +623,8 @@ void revert_creds(const struct cred *old
{
const struct cred *override = current->cred;
@@ -56282,7 +56368,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c
kdebug("revert_creds(%p{%d,%d})", old,
atomic_read(&old->usage),
read_cred_subscribers(old));
-@@ -649,6 +673,8 @@ struct cred *prepare_kernel_cred(struct
+@@ -649,6 +671,8 @@ struct cred *prepare_kernel_cred(struct
const struct cred *old;
struct cred *new;
@@ -56291,7 +56377,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c
new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
if (!new)
return NULL;
-@@ -703,6 +729,8 @@ EXPORT_SYMBOL(prepare_kernel_cred);
+@@ -703,6 +727,8 @@ EXPORT_SYMBOL(prepare_kernel_cred);
*/
int set_security_override(struct cred *new, u32 secid)
{
@@ -56300,7 +56386,7 @@ diff -urNp linux-3.0.3/kernel/cred.c linux-3.0.3/kernel/cred.c
return security_kernel_act_as(new, secid);
}
EXPORT_SYMBOL(set_security_override);
-@@ -722,6 +750,8 @@ int set_security_override_from_ctx(struc
+@@ -722,6 +748,8 @@ int set_security_override_from_ctx(struc
u32 secid;
int ret;
@@ -56594,7 +56680,7 @@ diff -urNp linux-3.0.3/kernel/exit.c linux-3.0.3/kernel/exit.c
if (group_dead)
diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c
--- linux-3.0.3/kernel/fork.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/kernel/fork.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.3/kernel/fork.c 2011-08-25 17:23:36.000000000 -0400
@@ -286,7 +286,7 @@ static struct task_struct *dup_task_stru
*stackend = STACK_END_MAGIC; /* for overflow detection */
@@ -56827,7 +56913,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c
return 0;
}
-@@ -1104,10 +1142,13 @@ static struct task_struct *copy_process(
+@@ -1104,12 +1142,16 @@ static struct task_struct *copy_process(
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
@@ -56842,8 +56928,11 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c
+ !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE))
goto bad_fork_free;
}
++ current->flags &= ~PF_NPROC_EXCEEDED;
-@@ -1250,6 +1291,8 @@ static struct task_struct *copy_process(
+ retval = copy_creds(p, clone_flags);
+ if (retval < 0)
+@@ -1250,6 +1292,8 @@ static struct task_struct *copy_process(
if (clone_flags & CLONE_THREAD)
p->tgid = current->tgid;
@@ -56852,7 +56941,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c
p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
/*
* Clear TID on mm_release()?
-@@ -1414,6 +1457,8 @@ bad_fork_cleanup_count:
+@@ -1414,6 +1458,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -56861,7 +56950,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c
return ERR_PTR(retval);
}
-@@ -1502,6 +1547,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1502,6 +1548,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -56870,7 +56959,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1610,7 +1657,7 @@ static int unshare_fs(unsigned long unsh
+@@ -1610,7 +1658,7 @@ static int unshare_fs(unsigned long unsh
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -56879,7 +56968,7 @@ diff -urNp linux-3.0.3/kernel/fork.c linux-3.0.3/kernel/fork.c
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1697,7 +1744,8 @@ SYSCALL_DEFINE1(unshare, unsigned long,
+@@ -1697,7 +1745,8 @@ SYSCALL_DEFINE1(unshare, unsigned long,
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -59381,7 +59470,7 @@ diff -urNp linux-3.0.3/kernel/softirq.c linux-3.0.3/kernel/softirq.c
diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
--- linux-3.0.3/kernel/sys.c 2011-07-21 22:17:23.000000000 -0400
-+++ linux-3.0.3/kernel/sys.c 2011-08-23 21:48:14.000000000 -0400
++++ linux-3.0.3/kernel/sys.c 2011-08-25 17:24:58.000000000 -0400
@@ -154,6 +154,12 @@ static int set_one_prio(struct task_stru
error = -EACCES;
goto out;
@@ -59416,7 +59505,30 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
if (nsown_capable(CAP_SETGID))
new->gid = new->egid = new->sgid = new->fsgid = gid;
else if (gid == old->gid || gid == old->sgid)
-@@ -646,6 +659,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u
+@@ -591,11 +604,18 @@ static int set_user(struct cred *new)
+ if (!new_user)
+ return -EAGAIN;
+
++ /*
++ * We don't fail in case of NPROC limit excess here because too many
++ * poorly written programs don't check set*uid() return code, assuming
++ * it never fails if called by root. We may still enforce NPROC limit
++ * for programs doing set*uid()+execve() by harmlessly deferring the
++ * failure to the execve() stage.
++ */
+ if (atomic_read(&new_user->processes) >= rlimit(RLIMIT_NPROC) &&
+- new_user != INIT_USER) {
+- free_uid(new_user);
+- return -EAGAIN;
+- }
++ new_user != INIT_USER)
++ current->flags |= PF_NPROC_EXCEEDED;
++ else
++ current->flags &= ~PF_NPROC_EXCEEDED;
+
+ free_uid(new->user);
+ new->user = new_user;
+@@ -646,6 +666,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u
goto error;
}
@@ -59426,7 +59538,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
if (new->uid != old->uid) {
retval = set_user(new);
if (retval < 0)
-@@ -690,6 +706,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
+@@ -690,6 +713,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
old = current_cred();
retval = -EPERM;
@@ -59439,7 +59551,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
if (nsown_capable(CAP_SETUID)) {
new->suid = new->uid = uid;
if (uid != old->uid) {
-@@ -744,6 +766,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid,
+@@ -744,6 +773,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid,
goto error;
}
@@ -59449,7 +59561,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
if (ruid != (uid_t) -1) {
new->uid = ruid;
if (ruid != old->uid) {
-@@ -808,6 +833,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid,
+@@ -808,6 +840,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid,
goto error;
}
@@ -59459,7 +59571,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
if (rgid != (gid_t) -1)
new->gid = rgid;
if (egid != (gid_t) -1)
-@@ -854,6 +882,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -854,6 +889,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
old = current_cred();
old_fsuid = old->fsuid;
@@ -59469,7 +59581,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
if (uid == old->uid || uid == old->euid ||
uid == old->suid || uid == old->fsuid ||
nsown_capable(CAP_SETUID)) {
-@@ -864,6 +895,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -864,6 +902,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
}
}
@@ -59477,7 +59589,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
abort_creds(new);
return old_fsuid;
-@@ -890,12 +922,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
+@@ -890,12 +929,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
if (gid == old->gid || gid == old->egid ||
gid == old->sgid || gid == old->fsgid ||
nsown_capable(CAP_SETGID)) {
@@ -59494,7 +59606,7 @@ diff -urNp linux-3.0.3/kernel/sys.c linux-3.0.3/kernel/sys.c
abort_creds(new);
return old_fsgid;
-@@ -1642,7 +1678,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
+@@ -1642,7 +1685,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
error = get_dumpable(me->mm);
break;
case PR_SET_DUMPABLE: