]>
Commit | Line | Data |
---|---|---|
c3e8c1b5 | 1 | diff -urNp linux-2.6.19.1/arch/alpha/kernel/module.c linux-2.6.19.1/arch/alpha/kernel/module.c |
2 | --- linux-2.6.19.1/arch/alpha/kernel/module.c 2006-11-29 16:57:37.000000000 -0500 | |
3 | +++ linux-2.6.19.1/arch/alpha/kernel/module.c 2006-12-03 15:15:43.000000000 -0500 | |
4 | @@ -177,7 +177,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, | |
5 | ||
6 | /* The small sections were sorted to the end of the segment. | |
7 | The following should definitely cover them. */ | |
8 | - gp = (u64)me->module_core + me->core_size - 0x8000; | |
9 | + gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000; | |
10 | got = sechdrs[me->arch.gotsecindex].sh_addr; | |
11 | ||
12 | for (i = 0; i < n; i++) { | |
13 | diff -urNp linux-2.6.19.1/arch/alpha/kernel/osf_sys.c linux-2.6.19.1/arch/alpha/kernel/osf_sys.c | |
14 | --- linux-2.6.19.1/arch/alpha/kernel/osf_sys.c 2006-11-29 16:57:37.000000000 -0500 | |
15 | +++ linux-2.6.19.1/arch/alpha/kernel/osf_sys.c 2006-12-03 15:15:43.000000000 -0500 | |
16 | @@ -1277,6 +1277,10 @@ arch_get_unmapped_area(struct file *filp | |
17 | merely specific addresses, but regions of memory -- perhaps | |
18 | this feature should be incorporated into all ports? */ | |
19 | ||
20 | +#ifdef CONFIG_PAX_RANDMMAP | |
21 | + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp) | |
22 | +#endif | |
23 | + | |
24 | if (addr) { | |
25 | addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); | |
26 | if (addr != (unsigned long) -ENOMEM) | |
27 | @@ -1284,8 +1288,8 @@ arch_get_unmapped_area(struct file *filp | |
28 | } | |
29 | ||
30 | /* Next, try allocating at TASK_UNMAPPED_BASE. */ | |
31 | - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE), | |
32 | - len, limit); | |
33 | + addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit); | |
34 | + | |
35 | if (addr != (unsigned long) -ENOMEM) | |
36 | return addr; | |
37 | ||
38 | diff -urNp linux-2.6.19.1/arch/alpha/kernel/ptrace.c linux-2.6.19.1/arch/alpha/kernel/ptrace.c | |
39 | --- linux-2.6.19.1/arch/alpha/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
40 | +++ linux-2.6.19.1/arch/alpha/kernel/ptrace.c 2006-12-03 15:15:43.000000000 -0500 | |
41 | @@ -15,6 +15,7 @@ | |
c3e8c1b5 | 42 | #include <linux/security.h> |
43 | #include <linux/signal.h> | |
b6fa5d20 | 44 | #include <linux/vs_base.h> |
c3e8c1b5 | 45 | +#include <linux/grsecurity.h> |
46 | ||
47 | #include <asm/uaccess.h> | |
48 | #include <asm/pgtable.h> | |
49 | @@ -283,6 +284,9 @@ do_sys_ptrace(long request, long pid, lo | |
50 | goto out_notsk; | |
51 | } | |
52 | ||
53 | + if (gr_handle_ptrace(child, request)) | |
54 | + goto out; | |
55 | + | |
56 | if (request == PTRACE_ATTACH) { | |
57 | ret = ptrace_attach(child); | |
58 | goto out; | |
59 | diff -urNp linux-2.6.19.1/arch/alpha/mm/fault.c linux-2.6.19.1/arch/alpha/mm/fault.c | |
60 | --- linux-2.6.19.1/arch/alpha/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
61 | +++ linux-2.6.19.1/arch/alpha/mm/fault.c 2006-12-03 15:15:43.000000000 -0500 | |
62 | @@ -24,6 +24,7 @@ | |
63 | #include <linux/smp_lock.h> | |
64 | #include <linux/interrupt.h> | |
65 | #include <linux/module.h> | |
66 | +#include <linux/binfmts.h> | |
67 | ||
68 | #include <asm/system.h> | |
69 | #include <asm/uaccess.h> | |
70 | @@ -55,6 +56,124 @@ __load_new_mm_context(struct mm_struct * | |
71 | __reload_thread(pcb); | |
72 | } | |
73 | ||
74 | +#ifdef CONFIG_PAX_PAGEEXEC | |
75 | +/* | |
76 | + * PaX: decide what to do with offenders (regs->pc = fault address) | |
77 | + * | |
78 | + * returns 1 when task should be killed | |
79 | + * 2 when patched PLT trampoline was detected | |
80 | + * 3 when unpatched PLT trampoline was detected | |
81 | + */ | |
82 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
83 | +{ | |
84 | + | |
85 | +#ifdef CONFIG_PAX_EMUPLT | |
86 | + int err; | |
87 | + | |
88 | + do { /* PaX: patched PLT emulation #1 */ | |
89 | + unsigned int ldah, ldq, jmp; | |
90 | + | |
91 | + err = get_user(ldah, (unsigned int *)regs->pc); | |
92 | + err |= get_user(ldq, (unsigned int *)(regs->pc+4)); | |
93 | + err |= get_user(jmp, (unsigned int *)(regs->pc+8)); | |
94 | + | |
95 | + if (err) | |
96 | + break; | |
97 | + | |
98 | + if ((ldah & 0xFFFF0000U) == 0x277B0000U && | |
99 | + (ldq & 0xFFFF0000U) == 0xA77B0000U && | |
100 | + jmp == 0x6BFB0000U) | |
101 | + { | |
102 | + unsigned long r27, addr; | |
103 | + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16; | |
104 | + unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL; | |
105 | + | |
106 | + addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL); | |
107 | + err = get_user(r27, (unsigned long*)addr); | |
108 | + if (err) | |
109 | + break; | |
110 | + | |
111 | + regs->r27 = r27; | |
112 | + regs->pc = r27; | |
113 | + return 2; | |
114 | + } | |
115 | + } while (0); | |
116 | + | |
117 | + do { /* PaX: patched PLT emulation #2 */ | |
118 | + unsigned int ldah, lda, br; | |
119 | + | |
120 | + err = get_user(ldah, (unsigned int *)regs->pc); | |
121 | + err |= get_user(lda, (unsigned int *)(regs->pc+4)); | |
122 | + err |= get_user(br, (unsigned int *)(regs->pc+8)); | |
123 | + | |
124 | + if (err) | |
125 | + break; | |
126 | + | |
127 | + if ((ldah & 0xFFFF0000U) == 0x277B0000U && | |
128 | + (lda & 0xFFFF0000U) == 0xA77B0000U && | |
129 | + (br & 0xFFE00000U) == 0xC3E00000U) | |
130 | + { | |
131 | + unsigned long addr = br | 0xFFFFFFFFFFE00000UL; | |
132 | + unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16; | |
133 | + unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL; | |
134 | + | |
135 | + regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL); | |
136 | + regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2); | |
137 | + return 2; | |
138 | + } | |
139 | + } while (0); | |
140 | + | |
141 | + do { /* PaX: unpatched PLT emulation */ | |
142 | + unsigned int br; | |
143 | + | |
144 | + err = get_user(br, (unsigned int *)regs->pc); | |
145 | + | |
146 | + if (!err && (br & 0xFFE00000U) == 0xC3800000U) { | |
147 | + unsigned int br2, ldq, nop, jmp; | |
148 | + unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver; | |
149 | + | |
150 | + addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2); | |
151 | + err = get_user(br2, (unsigned int *)addr); | |
152 | + err |= get_user(ldq, (unsigned int *)(addr+4)); | |
153 | + err |= get_user(nop, (unsigned int *)(addr+8)); | |
154 | + err |= get_user(jmp, (unsigned int *)(addr+12)); | |
155 | + err |= get_user(resolver, (unsigned long *)(addr+16)); | |
156 | + | |
157 | + if (err) | |
158 | + break; | |
159 | + | |
160 | + if (br2 == 0xC3600000U && | |
161 | + ldq == 0xA77B000CU && | |
162 | + nop == 0x47FF041FU && | |
163 | + jmp == 0x6B7B0000U) | |
164 | + { | |
165 | + regs->r28 = regs->pc+4; | |
166 | + regs->r27 = addr+16; | |
167 | + regs->pc = resolver; | |
168 | + return 3; | |
169 | + } | |
170 | + } | |
171 | + } while (0); | |
172 | +#endif | |
173 | + | |
174 | + return 1; | |
175 | +} | |
176 | + | |
177 | +void pax_report_insns(void *pc, void *sp) | |
178 | +{ | |
179 | + unsigned long i; | |
180 | + | |
181 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
182 | + for (i = 0; i < 5; i++) { | |
183 | + unsigned int c; | |
184 | + if (get_user(c, (unsigned int*)pc+i)) | |
185 | + printk("???????? "); | |
186 | + else | |
187 | + printk("%08x ", c); | |
188 | + } | |
189 | + printk("\n"); | |
190 | +} | |
191 | +#endif | |
192 | ||
193 | /* | |
194 | * This routine handles page faults. It determines the address, | |
195 | @@ -132,8 +251,29 @@ do_page_fault(unsigned long address, uns | |
196 | good_area: | |
197 | si_code = SEGV_ACCERR; | |
198 | if (cause < 0) { | |
199 | - if (!(vma->vm_flags & VM_EXEC)) | |
200 | + if (!(vma->vm_flags & VM_EXEC)) { | |
201 | + | |
202 | +#ifdef CONFIG_PAX_PAGEEXEC | |
203 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc) | |
204 | + goto bad_area; | |
205 | + | |
206 | + up_read(&mm->mmap_sem); | |
207 | + switch(pax_handle_fetch_fault(regs)) { | |
208 | + | |
209 | +#ifdef CONFIG_PAX_EMUPLT | |
210 | + case 2: | |
211 | + case 3: | |
212 | + return; | |
213 | +#endif | |
214 | + | |
215 | + } | |
216 | + pax_report_fault(regs, (void*)regs->pc, (void*)rdusp()); | |
217 | + do_exit(SIGKILL); | |
218 | +#else | |
219 | goto bad_area; | |
220 | +#endif | |
221 | + | |
222 | + } | |
223 | } else if (!cause) { | |
224 | /* Allow reads even for write-only mappings */ | |
225 | if (!(vma->vm_flags & (VM_READ | VM_WRITE))) | |
226 | diff -urNp linux-2.6.19.1/arch/arm/mm/mmap.c linux-2.6.19.1/arch/arm/mm/mmap.c | |
227 | --- linux-2.6.19.1/arch/arm/mm/mmap.c 2006-11-29 16:57:37.000000000 -0500 | |
228 | +++ linux-2.6.19.1/arch/arm/mm/mmap.c 2006-12-03 15:15:44.000000000 -0500 | |
229 | @@ -61,6 +61,10 @@ arch_get_unmapped_area(struct file *filp | |
230 | if (len > TASK_SIZE) | |
231 | return -ENOMEM; | |
232 | ||
233 | +#ifdef CONFIG_PAX_RANDMMAP | |
234 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp) | |
235 | +#endif | |
236 | + | |
237 | if (addr) { | |
238 | if (do_align) | |
239 | addr = COLOUR_ALIGN(addr, pgoff); | |
240 | @@ -75,7 +79,7 @@ arch_get_unmapped_area(struct file *filp | |
241 | if (len > mm->cached_hole_size) { | |
242 | start_addr = addr = mm->free_area_cache; | |
243 | } else { | |
244 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
245 | + start_addr = addr = mm->mmap_base; | |
246 | mm->cached_hole_size = 0; | |
247 | } | |
248 | ||
249 | @@ -92,8 +96,8 @@ full_search: | |
250 | * Start a new search - just in case we missed | |
251 | * some holes. | |
252 | */ | |
253 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
254 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
255 | + if (start_addr != mm->mmap_base) { | |
256 | + start_addr = addr = mm->mmap_base; | |
257 | mm->cached_hole_size = 0; | |
258 | goto full_search; | |
259 | } | |
260 | diff -urNp linux-2.6.19.1/arch/i386/boot/compressed/head.S linux-2.6.19.1/arch/i386/boot/compressed/head.S | |
261 | --- linux-2.6.19.1/arch/i386/boot/compressed/head.S 2006-11-29 16:57:37.000000000 -0500 | |
262 | +++ linux-2.6.19.1/arch/i386/boot/compressed/head.S 2006-12-03 15:15:45.000000000 -0500 | |
263 | @@ -39,11 +39,13 @@ startup_32: | |
264 | movl %eax,%gs | |
265 | ||
266 | lss stack_start,%esp | |
267 | + movl 0x000000,%ecx | |
268 | xorl %eax,%eax | |
269 | 1: incl %eax # check that A20 really IS enabled | |
270 | movl %eax,0x000000 # loop forever if it isn't | |
271 | cmpl %eax,0x100000 | |
272 | je 1b | |
273 | + movl %ecx,0x000000 | |
274 | ||
275 | /* | |
276 | * Initialize eflags. Some BIOS's leave bits like NT set. This would | |
277 | diff -urNp linux-2.6.19.1/arch/i386/Kconfig linux-2.6.19.1/arch/i386/Kconfig | |
278 | --- linux-2.6.19.1/arch/i386/Kconfig 2006-11-29 16:57:37.000000000 -0500 | |
279 | +++ linux-2.6.19.1/arch/i386/Kconfig 2006-12-03 15:15:45.000000000 -0500 | |
280 | @@ -803,7 +803,7 @@ config HOTPLUG_CPU | |
281 | ||
282 | config COMPAT_VDSO | |
283 | bool "Compat VDSO support" | |
284 | - default y | |
285 | + default n | |
286 | depends on !PARAVIRT | |
287 | help | |
288 | Map the VDSO to the predictable old-style address too. | |
289 | @@ -999,7 +999,7 @@ config PCI | |
290 | choice | |
291 | prompt "PCI access mode" | |
292 | depends on PCI && !X86_VISWS | |
293 | - default PCI_GOANY | |
294 | + default PCI_GODIRECT | |
295 | ---help--- | |
296 | On PCI systems, the BIOS can be used to detect the PCI devices and | |
297 | determine their configuration. However, some old PCI motherboards | |
298 | @@ -1031,7 +1031,7 @@ endchoice | |
299 | ||
300 | config PCI_BIOS | |
301 | bool | |
302 | - depends on !X86_VISWS && PCI && (PCI_GOBIOS || PCI_GOANY) | |
303 | + depends on !X86_VISWS && PCI && PCI_GOBIOS | |
304 | default y | |
305 | ||
306 | config PCI_DIRECT | |
307 | diff -urNp linux-2.6.19.1/arch/i386/Kconfig.cpu linux-2.6.19.1/arch/i386/Kconfig.cpu | |
308 | --- linux-2.6.19.1/arch/i386/Kconfig.cpu 2006-11-29 16:57:37.000000000 -0500 | |
309 | +++ linux-2.6.19.1/arch/i386/Kconfig.cpu 2006-12-03 15:15:45.000000000 -0500 | |
310 | @@ -252,7 +252,7 @@ config X86_PPRO_FENCE | |
311 | ||
312 | config X86_F00F_BUG | |
313 | bool | |
314 | - depends on M586MMX || M586TSC || M586 || M486 || M386 | |
315 | + depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC | |
316 | default y | |
317 | ||
318 | config X86_WP_WORKS_OK | |
319 | @@ -282,7 +282,7 @@ config X86_CMPXCHG64 | |
320 | ||
321 | config X86_ALIGNMENT_16 | |
322 | bool | |
323 | - depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1 | |
324 | + depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1 | |
325 | default y | |
326 | ||
327 | config X86_GOOD_APIC | |
328 | diff -urNp linux-2.6.19.1/arch/i386/Kconfig.debug linux-2.6.19.1/arch/i386/Kconfig.debug | |
329 | --- linux-2.6.19.1/arch/i386/Kconfig.debug 2006-11-29 16:57:37.000000000 -0500 | |
330 | +++ linux-2.6.19.1/arch/i386/Kconfig.debug 2006-12-03 15:15:45.000000000 -0500 | |
331 | @@ -48,7 +48,7 @@ config DEBUG_PAGEALLOC | |
332 | ||
333 | config DEBUG_RODATA | |
334 | bool "Write protect kernel read-only data structures" | |
335 | - depends on DEBUG_KERNEL | |
336 | + depends on DEBUG_KERNEL && !PAX_KERNEXEC | |
337 | help | |
338 | Mark the kernel read-only data as write-protected in the pagetables, | |
339 | in order to catch accidental (and incorrect) writes to such const | |
340 | diff -urNp linux-2.6.19.1/arch/i386/kernel/alternative.c linux-2.6.19.1/arch/i386/kernel/alternative.c | |
341 | --- linux-2.6.19.1/arch/i386/kernel/alternative.c 2006-11-29 16:57:37.000000000 -0500 | |
342 | +++ linux-2.6.19.1/arch/i386/kernel/alternative.c 2006-12-03 15:15:45.000000000 -0500 | |
343 | @@ -3,6 +3,7 @@ | |
344 | #include <linux/list.h> | |
345 | #include <asm/alternative.h> | |
346 | #include <asm/sections.h> | |
347 | +#include <asm/desc.h> | |
348 | ||
349 | static int no_replacement = 0; | |
350 | static int smp_alt_once = 0; | |
351 | @@ -142,6 +143,12 @@ void apply_alternatives(struct alt_instr | |
352 | u8 *instr; | |
353 | int diff, i, k; | |
354 | ||
355 | +#ifdef CONFIG_PAX_KERNEXEC | |
356 | + unsigned long cr0; | |
357 | + | |
358 | + pax_open_kernel(cr0); | |
359 | +#endif | |
360 | + | |
361 | DPRINTK("%s: alt table %p -> %p\n", __FUNCTION__, start, end); | |
362 | for (a = start; a < end; a++) { | |
363 | BUG_ON(a->replacementlen > a->instrlen); | |
364 | @@ -156,16 +163,21 @@ void apply_alternatives(struct alt_instr | |
365 | __FUNCTION__, a->instr, instr); | |
366 | } | |
367 | #endif | |
368 | - memcpy(instr, a->replacement, a->replacementlen); | |
369 | + memcpy(instr + __KERNEL_TEXT_OFFSET, a->replacement, a->replacementlen); | |
370 | diff = a->instrlen - a->replacementlen; | |
371 | /* Pad the rest with nops */ | |
372 | for (i = a->replacementlen; diff > 0; diff -= k, i += k) { | |
373 | k = diff; | |
374 | if (k > ASM_NOP_MAX) | |
375 | k = ASM_NOP_MAX; | |
376 | - memcpy(a->instr + i, noptable[k], k); | |
377 | + memcpy(a->instr + i + __KERNEL_TEXT_OFFSET, noptable[k], k); | |
378 | } | |
379 | } | |
380 | + | |
381 | +#ifdef CONFIG_PAX_KERNEXEC | |
382 | + pax_close_kernel(cr0); | |
383 | +#endif | |
384 | + | |
385 | } | |
386 | ||
387 | #ifdef CONFIG_SMP | |
388 | @@ -174,50 +186,96 @@ static void alternatives_smp_save(struct | |
389 | { | |
390 | struct alt_instr *a; | |
391 | ||
392 | +#ifdef CONFIG_PAX_KERNEXEC | |
393 | + unsigned long cr0; | |
394 | + | |
395 | + pax_open_kernel(cr0); | |
396 | +#endif | |
397 | + | |
398 | DPRINTK("%s: alt table %p-%p\n", __FUNCTION__, start, end); | |
399 | for (a = start; a < end; a++) { | |
400 | memcpy(a->replacement + a->replacementlen, | |
401 | - a->instr, | |
402 | + a->instr + __KERNEL_TEXT_OFFSET, | |
403 | a->instrlen); | |
404 | } | |
405 | + | |
406 | +#ifdef CONFIG_PAX_KERNEXEC | |
407 | + pax_close_kernel(cr0); | |
408 | +#endif | |
409 | + | |
410 | } | |
411 | ||
412 | static void alternatives_smp_apply(struct alt_instr *start, struct alt_instr *end) | |
413 | { | |
414 | struct alt_instr *a; | |
415 | ||
416 | +#ifdef CONFIG_PAX_KERNEXEC | |
417 | + unsigned long cr0; | |
418 | + | |
419 | + pax_open_kernel(cr0); | |
420 | +#endif | |
421 | + | |
422 | for (a = start; a < end; a++) { | |
423 | - memcpy(a->instr, | |
424 | + memcpy(a->instr + __KERNEL_TEXT_OFFSET, | |
425 | a->replacement + a->replacementlen, | |
426 | a->instrlen); | |
427 | } | |
428 | + | |
429 | +#ifdef CONFIG_PAX_KERNEXEC | |
430 | + pax_close_kernel(cr0); | |
431 | +#endif | |
432 | + | |
433 | } | |
434 | ||
435 | static void alternatives_smp_lock(u8 **start, u8 **end, u8 *text, u8 *text_end) | |
436 | { | |
437 | - u8 **ptr; | |
438 | + u8 *ptr; | |
439 | + | |
440 | +#ifdef CONFIG_PAX_KERNEXEC | |
441 | + unsigned long cr0; | |
442 | ||
443 | - for (ptr = start; ptr < end; ptr++) { | |
444 | - if (*ptr < text) | |
445 | + pax_open_kernel(cr0); | |
446 | +#endif | |
447 | + | |
448 | + for (; start < end; start++) { | |
449 | + ptr = *start + __KERNEL_TEXT_OFFSET; | |
450 | + if (ptr < text) | |
451 | continue; | |
452 | - if (*ptr > text_end) | |
453 | + if (ptr > text_end) | |
454 | continue; | |
455 | - **ptr = 0xf0; /* lock prefix */ | |
456 | + *ptr = 0xf0; /* lock prefix */ | |
457 | }; | |
458 | + | |
459 | +#ifdef CONFIG_PAX_KERNEXEC | |
460 | + pax_close_kernel(cr0); | |
461 | +#endif | |
462 | + | |
463 | } | |
464 | ||
465 | static void alternatives_smp_unlock(u8 **start, u8 **end, u8 *text, u8 *text_end) | |
466 | { | |
467 | unsigned char **noptable = find_nop_table(); | |
468 | - u8 **ptr; | |
469 | + u8 *ptr; | |
470 | + | |
471 | +#ifdef CONFIG_PAX_KERNEXEC | |
472 | + unsigned long cr0; | |
473 | + | |
474 | + pax_open_kernel(cr0); | |
475 | +#endif | |
476 | ||
477 | - for (ptr = start; ptr < end; ptr++) { | |
478 | - if (*ptr < text) | |
479 | + for (; start < end; start++) { | |
480 | + ptr = *start + __KERNEL_TEXT_OFFSET; | |
481 | + if (ptr < text) | |
482 | continue; | |
483 | - if (*ptr > text_end) | |
484 | + if (ptr > text_end) | |
485 | continue; | |
486 | - **ptr = noptable[1][0]; | |
487 | + *ptr = noptable[1][0]; | |
488 | }; | |
489 | + | |
490 | +#ifdef CONFIG_PAX_KERNEXEC | |
491 | + pax_close_kernel(cr0); | |
492 | +#endif | |
493 | + | |
494 | } | |
495 | ||
496 | struct smp_alt_module { | |
497 | diff -urNp linux-2.6.19.1/arch/i386/kernel/apic.c linux-2.6.19.1/arch/i386/kernel/apic.c | |
498 | --- linux-2.6.19.1/arch/i386/kernel/apic.c 2006-11-29 16:57:37.000000000 -0500 | |
499 | +++ linux-2.6.19.1/arch/i386/kernel/apic.c 2006-12-03 15:15:45.000000000 -0500 | |
500 | @@ -1197,7 +1197,7 @@ inline void smp_local_timer_interrupt(vo | |
501 | { | |
502 | profile_tick(CPU_PROFILING); | |
503 | #ifdef CONFIG_SMP | |
504 | - update_process_times(user_mode_vm(get_irq_regs())); | |
505 | + update_process_times(user_mode(get_irq_regs())); | |
506 | #endif | |
507 | ||
508 | /* | |
509 | diff -urNp linux-2.6.19.1/arch/i386/kernel/apm.c linux-2.6.19.1/arch/i386/kernel/apm.c | |
510 | --- linux-2.6.19.1/arch/i386/kernel/apm.c 2006-11-29 16:57:37.000000000 -0500 | |
511 | +++ linux-2.6.19.1/arch/i386/kernel/apm.c 2006-12-03 15:15:45.000000000 -0500 | |
512 | @@ -235,7 +235,7 @@ | |
513 | #include "io_ports.h" | |
514 | ||
515 | extern unsigned long get_cmos_time(void); | |
516 | -extern void machine_real_restart(unsigned char *, int); | |
517 | +extern void machine_real_restart(const unsigned char *, unsigned int); | |
518 | ||
519 | #if defined(CONFIG_APM_DISPLAY_BLANK) && defined(CONFIG_VT) | |
520 | extern int (*console_blank_hook)(int); | |
521 | @@ -608,9 +608,18 @@ static u8 apm_bios_call(u32 func, u32 eb | |
522 | struct desc_struct save_desc_40; | |
523 | struct desc_struct *gdt; | |
524 | ||
525 | +#ifdef CONFIG_PAX_KERNEXEC | |
526 | + unsigned long cr0; | |
527 | +#endif | |
528 | + | |
529 | cpus = apm_save_cpus(); | |
530 | ||
531 | cpu = get_cpu(); | |
532 | + | |
533 | +#ifdef CONFIG_PAX_KERNEXEC | |
534 | + pax_open_kernel(cr0); | |
535 | +#endif | |
536 | + | |
537 | gdt = get_cpu_gdt_table(cpu); | |
538 | save_desc_40 = gdt[0x40 / 8]; | |
539 | gdt[0x40 / 8] = bad_bios_desc; | |
540 | @@ -621,6 +630,11 @@ static u8 apm_bios_call(u32 func, u32 eb | |
541 | APM_DO_RESTORE_SEGS; | |
542 | apm_irq_restore(flags); | |
543 | gdt[0x40 / 8] = save_desc_40; | |
544 | + | |
545 | +#ifdef CONFIG_PAX_KERNEXEC | |
546 | + pax_close_kernel(cr0); | |
547 | +#endif | |
548 | + | |
549 | put_cpu(); | |
550 | apm_restore_cpus(cpus); | |
551 | ||
552 | @@ -651,9 +665,18 @@ static u8 apm_bios_call_simple(u32 func, | |
553 | struct desc_struct save_desc_40; | |
554 | struct desc_struct *gdt; | |
555 | ||
556 | +#ifdef CONFIG_PAX_KERNEXEC | |
557 | + unsigned long cr0; | |
558 | +#endif | |
559 | + | |
560 | cpus = apm_save_cpus(); | |
561 | ||
562 | cpu = get_cpu(); | |
563 | + | |
564 | +#ifdef CONFIG_PAX_KERNEXEC | |
565 | + pax_open_kernel(cr0); | |
566 | +#endif | |
567 | + | |
568 | gdt = get_cpu_gdt_table(cpu); | |
569 | save_desc_40 = gdt[0x40 / 8]; | |
570 | gdt[0x40 / 8] = bad_bios_desc; | |
571 | @@ -664,6 +687,11 @@ static u8 apm_bios_call_simple(u32 func, | |
572 | APM_DO_RESTORE_SEGS; | |
573 | apm_irq_restore(flags); | |
574 | gdt[0x40 / 8] = save_desc_40; | |
575 | + | |
576 | +#ifdef CONFIG_PAX_KERNEXEC | |
577 | + pax_close_kernel(cr0); | |
578 | +#endif | |
579 | + | |
580 | put_cpu(); | |
581 | apm_restore_cpus(cpus); | |
582 | return error; | |
583 | @@ -927,7 +955,7 @@ recalc: | |
584 | ||
585 | static void apm_power_off(void) | |
586 | { | |
587 | - unsigned char po_bios_call[] = { | |
588 | + const unsigned char po_bios_call[] = { | |
589 | 0xb8, 0x00, 0x10, /* movw $0x1000,ax */ | |
590 | 0x8e, 0xd0, /* movw ax,ss */ | |
591 | 0xbc, 0x00, 0xf0, /* movw $0xf000,sp */ | |
592 | diff -urNp linux-2.6.19.1/arch/i386/kernel/asm-offsets.c linux-2.6.19.1/arch/i386/kernel/asm-offsets.c | |
593 | --- linux-2.6.19.1/arch/i386/kernel/asm-offsets.c 2006-11-29 16:57:37.000000000 -0500 | |
594 | +++ linux-2.6.19.1/arch/i386/kernel/asm-offsets.c 2006-12-03 15:15:45.000000000 -0500 | |
595 | @@ -71,6 +71,7 @@ void foo(void) | |
596 | sizeof(struct tss_struct)); | |
597 | ||
598 | DEFINE(PAGE_SIZE_asm, PAGE_SIZE); | |
599 | + DEFINE(PTRS_PER_PTE_asm, PTRS_PER_PTE); | |
600 | DEFINE(VDSO_PRELINK, VDSO_PRELINK); | |
601 | ||
602 | OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx); | |
603 | diff -urNp linux-2.6.19.1/arch/i386/kernel/cpu/common.c linux-2.6.19.1/arch/i386/kernel/cpu/common.c | |
604 | --- linux-2.6.19.1/arch/i386/kernel/cpu/common.c 2006-11-29 16:57:37.000000000 -0500 | |
605 | +++ linux-2.6.19.1/arch/i386/kernel/cpu/common.c 2006-12-03 15:15:45.000000000 -0500 | |
606 | @@ -4,7 +4,6 @@ | |
607 | #include <linux/smp.h> | |
608 | #include <linux/module.h> | |
609 | #include <linux/percpu.h> | |
610 | -#include <linux/bootmem.h> | |
611 | #include <asm/semaphore.h> | |
612 | #include <asm/processor.h> | |
613 | #include <asm/i387.h> | |
614 | @@ -21,16 +20,18 @@ | |
615 | ||
616 | #include "cpu.h" | |
617 | ||
618 | -DEFINE_PER_CPU(struct Xgt_desc_struct, cpu_gdt_descr); | |
619 | -EXPORT_PER_CPU_SYMBOL(cpu_gdt_descr); | |
620 | - | |
621 | DEFINE_PER_CPU(unsigned char, cpu_16bit_stack[CPU_16BIT_STACK_SIZE]); | |
622 | EXPORT_PER_CPU_SYMBOL(cpu_16bit_stack); | |
623 | ||
624 | static int cachesize_override __cpuinitdata = -1; | |
625 | static int disable_x86_fxsr __cpuinitdata; | |
626 | static int disable_x86_serial_nr __cpuinitdata = 1; | |
627 | + | |
628 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) | |
629 | +static int disable_x86_sep __cpuinitdata = 1; | |
630 | +#else | |
631 | static int disable_x86_sep __cpuinitdata; | |
632 | +#endif | |
633 | ||
634 | struct cpu_dev * cpu_devs[X86_VENDOR_NUM] = {}; | |
635 | ||
636 | @@ -600,11 +601,10 @@ void __init early_cpu_init(void) | |
637 | void __cpuinit cpu_init(void) | |
638 | { | |
639 | int cpu = smp_processor_id(); | |
640 | - struct tss_struct * t = &per_cpu(init_tss, cpu); | |
641 | + struct tss_struct * t = init_tss + cpu; | |
642 | struct thread_struct *thread = ¤t->thread; | |
643 | - struct desc_struct *gdt; | |
644 | + struct desc_struct *gdt = get_cpu_gdt_table(cpu); | |
645 | __u32 stk16_off = (__u32)&per_cpu(cpu_16bit_stack, cpu); | |
646 | - struct Xgt_desc_struct *cpu_gdt_descr = &per_cpu(cpu_gdt_descr, cpu); | |
647 | ||
648 | if (cpu_test_and_set(cpu, cpu_initialized)) { | |
649 | printk(KERN_WARNING "CPU#%d already initialized!\n", cpu); | |
650 | @@ -621,36 +621,12 @@ void __cpuinit cpu_init(void) | |
651 | set_in_cr4(X86_CR4_TSD); | |
652 | } | |
653 | ||
654 | - /* The CPU hotplug case */ | |
655 | - if (cpu_gdt_descr->address) { | |
656 | - gdt = (struct desc_struct *)cpu_gdt_descr->address; | |
657 | - memset(gdt, 0, PAGE_SIZE); | |
658 | - goto old_gdt; | |
659 | - } | |
660 | - /* | |
661 | - * This is a horrible hack to allocate the GDT. The problem | |
662 | - * is that cpu_init() is called really early for the boot CPU | |
663 | - * (and hence needs bootmem) but much later for the secondary | |
664 | - * CPUs, when bootmem will have gone away | |
665 | - */ | |
666 | - if (NODE_DATA(0)->bdata->node_bootmem_map) { | |
667 | - gdt = (struct desc_struct *)alloc_bootmem_pages(PAGE_SIZE); | |
668 | - /* alloc_bootmem_pages panics on failure, so no check */ | |
669 | - memset(gdt, 0, PAGE_SIZE); | |
670 | - } else { | |
671 | - gdt = (struct desc_struct *)get_zeroed_page(GFP_KERNEL); | |
672 | - if (unlikely(!gdt)) { | |
673 | - printk(KERN_CRIT "CPU%d failed to allocate GDT\n", cpu); | |
674 | - for (;;) | |
675 | - local_irq_enable(); | |
676 | - } | |
677 | - } | |
678 | -old_gdt: | |
679 | /* | |
680 | * Initialize the per-CPU GDT with the boot GDT, | |
681 | * and set up the GDT descriptor: | |
682 | */ | |
683 | - memcpy(gdt, cpu_gdt_table, GDT_SIZE); | |
684 | + if (cpu) | |
685 | + memcpy(gdt, cpu_gdt_table, GDT_SIZE); | |
686 | ||
687 | /* Set up GDT entry for 16bit stack */ | |
688 | *(__u64 *)(&gdt[GDT_ENTRY_ESPFIX_SS]) |= | |
689 | @@ -658,10 +634,10 @@ old_gdt: | |
690 | ((((__u64)stk16_off) << 32) & 0xff00000000000000ULL) | | |
691 | (CPU_16BIT_STACK_SIZE - 1); | |
692 | ||
693 | - cpu_gdt_descr->size = GDT_SIZE - 1; | |
694 | - cpu_gdt_descr->address = (unsigned long)gdt; | |
695 | + cpu_gdt_descr[cpu].size = GDT_SIZE - 1; | |
696 | + cpu_gdt_descr[cpu].address = (unsigned long)gdt; | |
697 | ||
698 | - load_gdt(cpu_gdt_descr); | |
699 | + load_gdt(&cpu_gdt_descr[cpu]); | |
700 | load_idt(&idt_descr); | |
701 | ||
702 | /* | |
703 | diff -urNp linux-2.6.19.1/arch/i386/kernel/crash.c linux-2.6.19.1/arch/i386/kernel/crash.c | |
704 | --- linux-2.6.19.1/arch/i386/kernel/crash.c 2006-11-29 16:57:37.000000000 -0500 | |
705 | +++ linux-2.6.19.1/arch/i386/kernel/crash.c 2006-12-03 15:15:45.000000000 -0500 | |
706 | @@ -117,7 +117,7 @@ static int crash_nmi_callback(struct not | |
707 | return NOTIFY_STOP; | |
708 | local_irq_disable(); | |
709 | ||
710 | - if (!user_mode_vm(regs)) { | |
711 | + if (!user_mode(regs)) { | |
712 | crash_fixup_ss_esp(&fixed_regs, regs); | |
713 | regs = &fixed_regs; | |
714 | } | |
715 | diff -urNp linux-2.6.19.1/arch/i386/kernel/doublefault.c linux-2.6.19.1/arch/i386/kernel/doublefault.c | |
716 | --- linux-2.6.19.1/arch/i386/kernel/doublefault.c 2006-11-29 16:57:37.000000000 -0500 | |
717 | +++ linux-2.6.19.1/arch/i386/kernel/doublefault.c 2006-12-03 15:15:45.000000000 -0500 | |
718 | @@ -11,7 +11,7 @@ | |
719 | ||
720 | #define DOUBLEFAULT_STACKSIZE (1024) | |
721 | static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE]; | |
722 | -#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE) | |
723 | +#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2) | |
724 | ||
725 | #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + 0x1000000) | |
726 | ||
727 | @@ -57,10 +57,10 @@ struct tss_struct doublefault_tss __cach | |
728 | .eip = (unsigned long) doublefault_fn, | |
729 | .eflags = X86_EFLAGS_SF | 0x2, /* 0x2 bit is always set */ | |
730 | .esp = STACK_START, | |
731 | - .es = __USER_DS, | |
732 | + .es = __KERNEL_DS, | |
733 | .cs = __KERNEL_CS, | |
734 | .ss = __KERNEL_DS, | |
735 | - .ds = __USER_DS, | |
736 | + .ds = __KERNEL_DS, | |
737 | ||
738 | .__cr3 = __pa(swapper_pg_dir) | |
739 | }; | |
740 | diff -urNp linux-2.6.19.1/arch/i386/kernel/efi.c linux-2.6.19.1/arch/i386/kernel/efi.c | |
741 | --- linux-2.6.19.1/arch/i386/kernel/efi.c 2006-11-29 16:57:37.000000000 -0500 | |
742 | +++ linux-2.6.19.1/arch/i386/kernel/efi.c 2006-12-03 15:15:45.000000000 -0500 | |
743 | @@ -63,82 +63,43 @@ extern void * boot_ioremap(unsigned long | |
744 | ||
745 | static unsigned long efi_rt_eflags; | |
746 | static DEFINE_SPINLOCK(efi_rt_lock); | |
747 | -static pgd_t efi_bak_pg_dir_pointer[2]; | |
748 | +static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS] __attribute__ ((aligned (4096))); | |
749 | ||
750 | static void efi_call_phys_prelog(void) __acquires(efi_rt_lock) | |
751 | { | |
752 | - unsigned long cr4; | |
753 | - unsigned long temp; | |
754 | - struct Xgt_desc_struct *cpu_gdt_descr; | |
755 | - | |
756 | spin_lock(&efi_rt_lock); | |
757 | local_irq_save(efi_rt_eflags); | |
758 | ||
759 | - cpu_gdt_descr = &per_cpu(cpu_gdt_descr, 0); | |
760 | - | |
761 | - /* | |
762 | - * If I don't have PSE, I should just duplicate two entries in page | |
763 | - * directory. If I have PSE, I just need to duplicate one entry in | |
764 | - * page directory. | |
765 | - */ | |
766 | - cr4 = read_cr4(); | |
767 | - | |
768 | - if (cr4 & X86_CR4_PSE) { | |
769 | - efi_bak_pg_dir_pointer[0].pgd = | |
770 | - swapper_pg_dir[pgd_index(0)].pgd; | |
771 | - swapper_pg_dir[0].pgd = | |
772 | - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd; | |
773 | - } else { | |
774 | - efi_bak_pg_dir_pointer[0].pgd = | |
775 | - swapper_pg_dir[pgd_index(0)].pgd; | |
776 | - efi_bak_pg_dir_pointer[1].pgd = | |
777 | - swapper_pg_dir[pgd_index(0x400000)].pgd; | |
778 | - swapper_pg_dir[pgd_index(0)].pgd = | |
779 | - swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd; | |
780 | - temp = PAGE_OFFSET + 0x400000; | |
781 | - swapper_pg_dir[pgd_index(0x400000)].pgd = | |
782 | - swapper_pg_dir[pgd_index(temp)].pgd; | |
783 | - } | |
784 | + clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS); | |
785 | + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + USER_PGD_PTRS, | |
786 | + USER_PGD_PTRS >= KERNEL_PGD_PTRS ? KERNEL_PGD_PTRS : USER_PGD_PTRS); | |
787 | ||
788 | /* | |
789 | * After the lock is released, the original page table is restored. | |
790 | */ | |
791 | - local_flush_tlb(); | |
792 | + __flush_tlb_all(); | |
793 | ||
794 | - cpu_gdt_descr->address = __pa(cpu_gdt_descr->address); | |
795 | - load_gdt(cpu_gdt_descr); | |
796 | + cpu_gdt_descr[0].address = __pa(cpu_gdt_descr[0].address); | |
797 | + load_gdt((struct Xgt_desc_struct *) __pa(&cpu_gdt_descr[0])); | |
798 | } | |
799 | ||
800 | static void efi_call_phys_epilog(void) __releases(efi_rt_lock) | |
801 | { | |
802 | - unsigned long cr4; | |
803 | - struct Xgt_desc_struct *cpu_gdt_descr = &per_cpu(cpu_gdt_descr, 0); | |
804 | - | |
805 | - cpu_gdt_descr->address = (unsigned long)__va(cpu_gdt_descr->address); | |
806 | - load_gdt(cpu_gdt_descr); | |
807 | + cpu_gdt_descr[0].address = (unsigned long) __va(cpu_gdt_descr[0].address); | |
808 | + load_gdt(&cpu_gdt_descr[0]); | |
809 | ||
810 | - cr4 = read_cr4(); | |
811 | - | |
812 | - if (cr4 & X86_CR4_PSE) { | |
813 | - swapper_pg_dir[pgd_index(0)].pgd = | |
814 | - efi_bak_pg_dir_pointer[0].pgd; | |
815 | - } else { | |
816 | - swapper_pg_dir[pgd_index(0)].pgd = | |
817 | - efi_bak_pg_dir_pointer[0].pgd; | |
818 | - swapper_pg_dir[pgd_index(0x400000)].pgd = | |
819 | - efi_bak_pg_dir_pointer[1].pgd; | |
820 | - } | |
821 | + clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS); | |
822 | ||
823 | /* | |
824 | * After the lock is released, the original page table is restored. | |
825 | */ | |
826 | - local_flush_tlb(); | |
827 | + __flush_tlb_all(); | |
828 | ||
829 | local_irq_restore(efi_rt_eflags); | |
830 | spin_unlock(&efi_rt_lock); | |
831 | } | |
832 | ||
833 | -static efi_status_t | |
834 | +static efi_status_t __init | |
835 | phys_efi_set_virtual_address_map(unsigned long memory_map_size, | |
836 | unsigned long descriptor_size, | |
837 | u32 descriptor_version, | |
838 | @@ -154,7 +115,7 @@ phys_efi_set_virtual_address_map(unsigne | |
839 | return status; | |
840 | } | |
841 | ||
842 | -static efi_status_t | |
843 | +static efi_status_t __init | |
844 | phys_efi_get_time(efi_time_t *tm, efi_time_cap_t *tc) | |
845 | { | |
846 | efi_status_t status; | |
847 | diff -urNp linux-2.6.19.1/arch/i386/kernel/efi_stub.S linux-2.6.19.1/arch/i386/kernel/efi_stub.S | |
848 | --- linux-2.6.19.1/arch/i386/kernel/efi_stub.S 2006-11-29 16:57:37.000000000 -0500 | |
849 | +++ linux-2.6.19.1/arch/i386/kernel/efi_stub.S 2006-12-03 15:15:45.000000000 -0500 | |
850 | @@ -6,6 +6,7 @@ | |
851 | */ | |
852 | ||
853 | #include <linux/linkage.h> | |
854 | +#include <linux/init.h> | |
855 | #include <asm/page.h> | |
856 | ||
857 | /* | |
858 | @@ -20,7 +21,7 @@ | |
859 | * service functions will comply with gcc calling convention, too. | |
860 | */ | |
861 | ||
862 | -.text | |
863 | +__INIT | |
864 | ENTRY(efi_call_phys) | |
865 | /* | |
866 | * 0. The function can only be called in Linux kernel. So CS has been | |
867 | @@ -36,9 +37,7 @@ ENTRY(efi_call_phys) | |
868 | * The mapping of lower virtual memory has been created in prelog and | |
869 | * epilog. | |
870 | */ | |
871 | - movl $1f, %edx | |
872 | - subl $__PAGE_OFFSET, %edx | |
873 | - jmp *%edx | |
874 | + jmp 1f-__PAGE_OFFSET | |
875 | 1: | |
876 | ||
877 | /* | |
878 | @@ -47,14 +46,8 @@ ENTRY(efi_call_phys) | |
879 | * parameter 2, ..., param n. To make things easy, we save the return | |
880 | * address of efi_call_phys in a global variable. | |
881 | */ | |
882 | - popl %edx | |
883 | - movl %edx, saved_return_addr | |
884 | - /* get the function pointer into ECX*/ | |
885 | - popl %ecx | |
886 | - movl %ecx, efi_rt_function_ptr | |
887 | - movl $2f, %edx | |
888 | - subl $__PAGE_OFFSET, %edx | |
889 | - pushl %edx | |
890 | + popl (saved_return_addr) | |
891 | + popl (efi_rt_function_ptr) | |
892 | ||
893 | /* | |
894 | * 3. Clear PG bit in %CR0. | |
895 | @@ -73,9 +66,8 @@ ENTRY(efi_call_phys) | |
896 | /* | |
897 | * 5. Call the physical function. | |
898 | */ | |
899 | - jmp *%ecx | |
900 | + call *(efi_rt_function_ptr-__PAGE_OFFSET) | |
901 | ||
902 | -2: | |
903 | /* | |
904 | * 6. After EFI runtime service returns, control will return to | |
905 | * following instruction. We'd better readjust stack pointer first. | |
906 | @@ -85,37 +77,29 @@ ENTRY(efi_call_phys) | |
907 | /* | |
908 | * 7. Restore PG bit | |
909 | */ | |
910 | - movl %cr0, %edx | |
911 | - orl $0x80000000, %edx | |
912 | - movl %edx, %cr0 | |
913 | - jmp 1f | |
914 | -1: | |
915 | /* | |
916 | * 8. Now restore the virtual mode from flat mode by | |
917 | * adding EIP with PAGE_OFFSET. | |
918 | */ | |
919 | - movl $1f, %edx | |
920 | - jmp *%edx | |
921 | + movl %cr0, %edx | |
922 | + orl $0x80000000, %edx | |
923 | + movl %edx, %cr0 | |
924 | + jmp 1f+__PAGE_OFFSET | |
925 | 1: | |
926 | ||
927 | /* | |
928 | * 9. Balance the stack. And because EAX contain the return value, | |
929 | * we'd better not clobber it. | |
930 | */ | |
931 | - leal efi_rt_function_ptr, %edx | |
932 | - movl (%edx), %ecx | |
933 | - pushl %ecx | |
934 | + pushl (efi_rt_function_ptr) | |
935 | ||
936 | /* | |
937 | - * 10. Push the saved return address onto the stack and return. | |
938 | + * 10. Return to the saved return address. | |
939 | */ | |
940 | - leal saved_return_addr, %edx | |
941 | - movl (%edx), %ecx | |
942 | - pushl %ecx | |
943 | - ret | |
944 | + jmpl *(saved_return_addr) | |
945 | .previous | |
946 | ||
947 | -.data | |
948 | +__INITDATA | |
949 | saved_return_addr: | |
950 | .long 0 | |
951 | efi_rt_function_ptr: | |
952 | diff -urNp linux-2.6.19.1/arch/i386/kernel/entry.S linux-2.6.19.1/arch/i386/kernel/entry.S | |
953 | --- linux-2.6.19.1/arch/i386/kernel/entry.S 2006-11-29 16:57:37.000000000 -0500 | |
954 | +++ linux-2.6.19.1/arch/i386/kernel/entry.S 2006-12-10 21:43:36.000000000 -0500 | |
955 | @@ -82,6 +82,8 @@ VM_MASK = 0x00020000 | |
956 | #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit | |
957 | #define INTERRUPT_RETURN iret | |
958 | #define GET_CR0_INTO_EAX movl %cr0, %eax | |
959 | +#define GET_CR0_INTO_EDX movl %cr0, %edx | |
960 | +#define SET_CR0_FROM_EDX movl %edx, %cr0 | |
961 | ||
962 | #ifdef CONFIG_PREEMPT | |
963 | #define preempt_stop DISABLE_INTERRUPTS; TRACE_IRQS_OFF | |
964 | @@ -105,7 +107,7 @@ VM_MASK = 0x00020000 | |
965 | #define resume_userspace_sig resume_userspace | |
966 | #endif | |
967 | ||
968 | -#define SAVE_ALL \ | |
969 | +#define __SAVE_ALL(_DS) \ | |
970 | cld; \ | |
971 | pushl %es; \ | |
972 | CFI_ADJUST_CFA_OFFSET 4;\ | |
973 | @@ -134,10 +136,24 @@ VM_MASK = 0x00020000 | |
974 | pushl %ebx; \ | |
975 | CFI_ADJUST_CFA_OFFSET 4;\ | |
976 | CFI_REL_OFFSET ebx, 0;\ | |
977 | - movl $(__USER_DS), %edx; \ | |
978 | + movl $(_DS), %edx; \ | |
979 | movl %edx, %ds; \ | |
980 | movl %edx, %es; | |
981 | ||
982 | +#ifdef CONFIG_PAX_KERNEXEC | |
983 | +#define SAVE_ALL \ | |
984 | + __SAVE_ALL(__KERNEL_DS) \ | |
985 | + GET_CR0_INTO_EDX; \ | |
986 | + movl %edx, %esi; \ | |
987 | + orl $0x10000, %edx; \ | |
988 | + xorl %edx, %esi; \ | |
989 | + SET_CR0_FROM_EDX | |
990 | +#elif defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) | |
991 | +#define SAVE_ALL __SAVE_ALL(__KERNEL_DS) | |
992 | +#else | |
993 | +#define SAVE_ALL __SAVE_ALL(__USER_DS) | |
994 | +#endif | |
995 | + | |
996 | #define RESTORE_INT_REGS \ | |
997 | popl %ebx; \ | |
998 | CFI_ADJUST_CFA_OFFSET -4;\ | |
999 | @@ -245,7 +261,18 @@ check_userspace: | |
1000 | movb CS(%esp), %al | |
1001 | andl $(VM_MASK | SEGMENT_RPL_MASK), %eax | |
1002 | cmpl $USER_RPL, %eax | |
1003 | + | |
1004 | +#ifdef CONFIG_PAX_KERNEXEC | |
1005 | + jae resume_userspace | |
1006 | + | |
1007 | + GET_CR0_INTO_EDX | |
1008 | + xorl %esi, %edx | |
1009 | + SET_CR0_FROM_EDX | |
1010 | + jmp resume_kernel | |
1011 | +#else | |
1012 | jb resume_kernel # not returning to v8086 or userspace | |
1013 | +#endif | |
1014 | + | |
1015 | ENTRY(resume_userspace) | |
1016 | DISABLE_INTERRUPTS # make sure we don't miss an interrupt | |
1017 | # setting need_resched or sigpending | |
1018 | @@ -301,10 +328,9 @@ sysenter_past_esp: | |
1019 | /*CFI_REL_OFFSET cs, 0*/ | |
1020 | /* | |
1021 | * Push current_thread_info()->sysenter_return to the stack. | |
1022 | - * A tiny bit of offset fixup is necessary - 4*4 means the 4 words | |
1023 | - * pushed above; +8 corresponds to copy_thread's esp0 setting. | |
1024 | */ | |
1025 | - pushl (TI_sysenter_return-THREAD_SIZE+8+4*4)(%esp) | |
1026 | + GET_THREAD_INFO(%ebp) | |
1027 | + pushl TI_sysenter_return(%ebp) | |
1028 | CFI_ADJUST_CFA_OFFSET 4 | |
1029 | CFI_REL_OFFSET eip, 0 | |
1030 | ||
1031 | @@ -312,9 +338,20 @@ sysenter_past_esp: | |
1032 | * Load the potential sixth argument from user stack. | |
1033 | * Careful about security. | |
1034 | */ | |
1035 | + movl 12(%esp),%ebp | |
1036 | + | |
1037 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
1038 | + pushl $(__USER_DS) | |
1039 | + CFI_ADJUST_CFA_OFFSET 4 | |
1040 | + pop %ds | |
1041 | + CFI_ADJUST_CFA_OFFSET -4 | |
1042 | +1: movl %ds:(%ebp),%ebp | |
1043 | +#else | |
1044 | cmpl $__PAGE_OFFSET-3,%ebp | |
1045 | jae syscall_fault | |
1046 | 1: movl (%ebp),%ebp | |
1047 | +#endif | |
1048 | + | |
1049 | .section __ex_table,"a" | |
1050 | .align 4 | |
1051 | .long 1b,syscall_fault | |
1052 | @@ -337,14 +374,36 @@ sysenter_past_esp: | |
1053 | movl TI_flags(%ebp), %ecx | |
1054 | testw $_TIF_ALLWORK_MASK, %cx | |
1055 | jne syscall_exit_work | |
1056 | + | |
1057 | +#ifdef CONFIG_PAX_RANDKSTACK | |
1058 | + pushl %eax | |
1059 | + CFI_ADJUST_CFA_OFFSET 4 | |
1060 | + call pax_randomize_kstack | |
1061 | + popl %eax | |
1062 | + CFI_ADJUST_CFA_OFFSET -4 | |
1063 | +#endif | |
1064 | + | |
1065 | /* if something modifies registers it must also disable sysexit */ | |
1066 | movl EIP(%esp), %edx | |
1067 | movl OLDESP(%esp), %ecx | |
1068 | xorl %ebp,%ebp | |
1069 | TRACE_IRQS_ON | |
1070 | +1: mov DS(%esp), %ds | |
1071 | +2: mov ES(%esp), %es | |
1072 | ENABLE_INTERRUPTS_SYSEXIT | |
1073 | CFI_ENDPROC | |
1074 | ||
1075 | +.section .fixup,"ax" | |
1076 | +3: movl $0,DS(%esp) | |
1077 | + jmp 1b | |
1078 | +4: movl $0,ES(%esp) | |
1079 | + jmp 2b | |
1080 | +.previous | |
1081 | +.section __ex_table,"a" | |
1082 | + .align 4 | |
1083 | + .long 1b,3b | |
1084 | + .long 2b,4b | |
1085 | +.previous | |
1086 | ||
1087 | # system call handler stub | |
1088 | ENTRY(system_call) | |
1089 | @@ -375,6 +434,10 @@ syscall_exit: | |
1090 | testw $_TIF_ALLWORK_MASK, %cx # current->work | |
1091 | jne syscall_exit_work | |
1092 | ||
1093 | +#ifdef CONFIG_PAX_RANDKSTACK | |
1094 | + call pax_randomize_kstack | |
1095 | +#endif | |
1096 | + | |
1097 | restore_all: | |
1098 | movl EFLAGS(%esp), %eax # mix EFLAGS, SS and CS | |
1099 | # Warning: OLDSS(%esp) contains the wrong/random values if we | |
1100 | @@ -553,7 +616,7 @@ syscall_badsys: | |
1101 | * Build the entry stubs and pointer table with | |
1102 | * some assembler magic. | |
1103 | */ | |
1104 | -.data | |
1105 | +.section .rodata,"a",@progbits | |
1106 | ENTRY(interrupt) | |
1107 | .text | |
1108 | ||
1109 | @@ -568,7 +631,7 @@ ENTRY(irq_entries_start) | |
1110 | 1: pushl $~(vector) | |
1111 | CFI_ADJUST_CFA_OFFSET 4 | |
1112 | jmp common_interrupt | |
1113 | -.data | |
1114 | +.section .rodata,"a",@progbits | |
1115 | .long 1b | |
1116 | .text | |
1117 | vector=vector+1 | |
1118 | @@ -642,12 +705,21 @@ error_code: | |
1119 | popl %ecx | |
1120 | CFI_ADJUST_CFA_OFFSET -4 | |
1121 | /*CFI_REGISTER es, ecx*/ | |
1122 | + | |
1123 | +#ifdef CONFIG_PAX_KERNEXEC | |
1124 | + GET_CR0_INTO_EDX | |
1125 | + movl %edx, %esi | |
1126 | + orl $0x10000, %edx | |
1127 | + xorl %edx, %esi | |
1128 | + SET_CR0_FROM_EDX | |
1129 | +#endif | |
1130 | + | |
1131 | movl ES(%esp), %edi # get the function address | |
1132 | movl ORIG_EAX(%esp), %edx # get the error code | |
1133 | movl %eax, ORIG_EAX(%esp) | |
1134 | movl %ecx, ES(%esp) | |
1135 | /*CFI_REL_OFFSET es, ES*/ | |
1136 | - movl $(__USER_DS), %ecx | |
1137 | + movl $(__KERNEL_DS), %ecx | |
1138 | movl %ecx, %ds | |
1139 | movl %ecx, %es | |
1140 | movl %esp,%eax # pt_regs pointer | |
1141 | @@ -778,6 +850,13 @@ nmi_stack_correct: | |
1142 | xorl %edx,%edx # zero error code | |
1143 | movl %esp,%eax # pt_regs pointer | |
1144 | call do_nmi | |
1145 | + | |
1146 | +#ifdef CONFIG_PAX_KERNEXEC | |
1147 | + GET_CR0_INTO_EDX | |
1148 | + xorl %esi, %edx | |
1149 | + SET_CR0_FROM_EDX | |
1150 | +#endif | |
1151 | + | |
1152 | jmp restore_nocheck_notrace | |
1153 | CFI_ENDPROC | |
1154 | ||
1155 | @@ -820,6 +899,13 @@ nmi_16bit_stack: | |
1156 | CFI_ADJUST_CFA_OFFSET -20 # the frame has now moved | |
1157 | xorl %edx,%edx # zero error code | |
1158 | call do_nmi | |
1159 | + | |
1160 | +#ifdef CONFIG_PAX_KERNEXEC | |
1161 | + GET_CR0_INTO_EDX | |
1162 | + xorl %esi, %edx | |
1163 | + SET_CR0_FROM_EDX | |
1164 | +#endif | |
1165 | + | |
1166 | RESTORE_REGS | |
1167 | lss 12+4(%esp), %esp # back to 16bit stack | |
1168 | 1: INTERRUPT_RETURN | |
1169 | @@ -957,8 +1043,8 @@ ENTRY(arch_unwind_init_running) | |
1170 | movl %edi, EDI(%edx) | |
1171 | movl %ebp, EBP(%edx) | |
1172 | movl %ebx, EAX(%edx) | |
1173 | - movl $__USER_DS, DS(%edx) | |
1174 | - movl $__USER_DS, ES(%edx) | |
1175 | + movl $__KERNEL_DS, DS(%edx) | |
1176 | + movl $__KERNEL_DS, ES(%edx) | |
1177 | movl %ebx, ORIG_EAX(%edx) | |
1178 | movl %ecx, EIP(%edx) | |
1179 | movl 12(%esp), %ecx | |
1180 | @@ -987,7 +1073,6 @@ ENTRY(kernel_thread_helper) | |
1181 | CFI_ENDPROC | |
1182 | ENDPROC(kernel_thread_helper) | |
1183 | ||
1184 | -.section .rodata,"a" | |
1185 | #include "syscall_table.S" | |
1186 | ||
1187 | syscall_table_size=(.-sys_call_table) | |
1188 | diff -urNp linux-2.6.19.1/arch/i386/kernel/head.S linux-2.6.19.1/arch/i386/kernel/head.S | |
1189 | --- linux-2.6.19.1/arch/i386/kernel/head.S 2006-11-29 16:57:37.000000000 -0500 | |
1190 | +++ linux-2.6.19.1/arch/i386/kernel/head.S 2006-12-03 15:15:45.000000000 -0500 | |
1191 | @@ -45,6 +45,16 @@ | |
1192 | */ | |
1193 | #define INIT_MAP_BEYOND_END (128*1024) | |
1194 | ||
1195 | +#ifdef CONFIG_PAX_KERNEXEC | |
1196 | +/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */ | |
1197 | +.fill 4096,1,0xcc | |
1198 | +#endif | |
1199 | + | |
1200 | +/* | |
1201 | + * Real beginning of normal "text" segment | |
1202 | + */ | |
1203 | +ENTRY(stext) | |
1204 | +ENTRY(_stext) | |
1205 | ||
1206 | /* | |
1207 | * 32-bit kernel entrypoint; only used by the boot CPU. On entry, | |
1208 | @@ -66,6 +76,36 @@ ENTRY(startup_32) | |
1209 | movl %eax,%fs | |
1210 | movl %eax,%gs | |
1211 | ||
1212 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
1213 | + /* check for VMware */ | |
1214 | + movl $0x564d5868,%eax | |
1215 | + xorl %ebx,%ebx | |
1216 | + movl $0xa,%ecx | |
1217 | + movl $0x5658,%edx | |
1218 | + in (%dx),%eax | |
1219 | + cmpl $0x564d5868,%ebx | |
1220 | + jz 1f | |
1221 | + | |
1222 | + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),%eax | |
1223 | + movl %eax,(cpu_gdt_table - __PAGE_OFFSET + GDT_ENTRY_KERNEL_DS * 8 + 4) | |
1224 | + movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c0f300),%eax | |
1225 | + movl %eax,(cpu_gdt_table - __PAGE_OFFSET + GDT_ENTRY_DEFAULT_USER_DS * 8 + 4) | |
1226 | +1: | |
1227 | +#endif | |
1228 | + | |
1229 | +#ifdef CONFIG_PAX_KERNEXEC | |
1230 | + movl $ __KERNEL_TEXT_OFFSET,%eax | |
1231 | + movw %ax,(cpu_gdt_table - __PAGE_OFFSET + __KERNEL_CS + 2) | |
1232 | + rorl $16,%eax | |
1233 | + movb %al,(cpu_gdt_table - __PAGE_OFFSET + __KERNEL_CS + 4) | |
1234 | + movb %ah,(cpu_gdt_table - __PAGE_OFFSET + __KERNEL_CS + 7) | |
1235 | + | |
1236 | + movb %al,(boot_gdt_table - __PAGE_OFFSET + __BOOT_CS + 4) | |
1237 | + movb %ah,(boot_gdt_table - __PAGE_OFFSET + __BOOT_CS + 7) | |
1238 | + rorl $16,%eax | |
1239 | + movw %ax,(boot_gdt_table - __PAGE_OFFSET + __BOOT_CS + 2) | |
1240 | +#endif | |
1241 | + | |
1242 | /* | |
1243 | * Clear BSS first so that there are no surprises... | |
1244 | * No need to cld as DF is already clear from cld above... | |
1245 | @@ -113,24 +153,42 @@ ENTRY(startup_32) | |
1246 | * Warning: don't use %esi or the stack in this code. However, %esp | |
1247 | * can be used as a GPR if you really need it... | |
1248 | */ | |
1249 | -page_pde_offset = (__PAGE_OFFSET >> 20); | |
1250 | - | |
1251 | +#ifdef CONFIG_X86_PAE | |
1252 | +page_pde_offset = ((__PAGE_OFFSET >> 21) * (4096 / PTRS_PER_PTE_asm)); | |
1253 | +#else | |
1254 | +page_pde_offset = ((__PAGE_OFFSET >> 22) * (4096 / PTRS_PER_PTE_asm)); | |
1255 | +#endif | |
1256 | movl $(pg0 - __PAGE_OFFSET), %edi | |
1257 | +#ifdef CONFIG_X86_PAE | |
1258 | + movl $(swapper_pm_dir - __PAGE_OFFSET), %edx | |
1259 | +#else | |
1260 | movl $(swapper_pg_dir - __PAGE_OFFSET), %edx | |
1261 | - movl $0x007, %eax /* 0x007 = PRESENT+RW+USER */ | |
1262 | +#endif | |
1263 | + movl $0x063, %eax /* 0x063 = DIRTY+ACCESSED+PRESENT+RW */ | |
1264 | 10: | |
1265 | - leal 0x007(%edi),%ecx /* Create PDE entry */ | |
1266 | + leal 0x063(%edi),%ecx /* Create PDE entry */ | |
1267 | movl %ecx,(%edx) /* Store identity PDE entry */ | |
1268 | movl %ecx,page_pde_offset(%edx) /* Store kernel PDE entry */ | |
1269 | +#ifdef CONFIG_X86_PAE | |
1270 | + movl $0,4(%edx) | |
1271 | + movl $0,page_pde_offset+4(%edx) | |
1272 | + addl $8,%edx | |
1273 | + movl $512, %ecx | |
1274 | +#else | |
1275 | addl $4,%edx | |
1276 | movl $1024, %ecx | |
1277 | +#endif | |
1278 | 11: | |
1279 | stosl | |
1280 | +#ifdef CONFIG_X86_PAE | |
1281 | + movl $0,(%edi) | |
1282 | + addl $4,%edi | |
1283 | +#endif | |
1284 | addl $0x1000,%eax | |
1285 | loop 11b | |
1286 | /* End condition: we must map up to and including INIT_MAP_BEYOND_END */ | |
1287 | - /* bytes beyond the end of our own page tables; the +0x007 is the attribute bits */ | |
1288 | - leal (INIT_MAP_BEYOND_END+0x007)(%edi),%ebp | |
1289 | + /* bytes beyond the end of our own page tables; the +0x063 is the attribute bits */ | |
1290 | + leal (INIT_MAP_BEYOND_END+0x063)(%edi),%ebp | |
1291 | cmpl %ebp,%eax | |
1292 | jb 10b | |
1293 | movl %edi,(init_pg_tables_end - __PAGE_OFFSET) | |
1294 | @@ -153,6 +211,11 @@ ENTRY(startup_32_smp) | |
1295 | movl %eax,%fs | |
1296 | movl %eax,%gs | |
1297 | ||
1298 | + /* This is a secondary processor (AP) */ | |
1299 | + xorl %ebx,%ebx | |
1300 | + incl %ebx | |
1301 | +#endif /* CONFIG_SMP */ | |
1302 | + | |
1303 | /* | |
1304 | * New page tables may be in 4Mbyte page mode and may | |
1305 | * be using the global pages. | |
1306 | @@ -168,26 +231,27 @@ ENTRY(startup_32_smp) | |
1307 | * not yet offset PAGE_OFFSET.. | |
1308 | */ | |
1309 | #define cr4_bits mmu_cr4_features-__PAGE_OFFSET | |
1310 | +3: | |
1311 | movl cr4_bits,%edx | |
1312 | andl %edx,%edx | |
1313 | - jz 6f | |
1314 | + jz 5f | |
1315 | movl %cr4,%eax # Turn on paging options (PSE,PAE,..) | |
1316 | orl %edx,%eax | |
1317 | movl %eax,%cr4 | |
1318 | ||
1319 | - btl $5, %eax # check if PAE is enabled | |
1320 | - jnc 6f | |
1321 | +#ifdef CONFIG_X86_PAE | |
1322 | + movl %ebx,%edi | |
1323 | ||
1324 | /* Check if extended functions are implemented */ | |
1325 | movl $0x80000000, %eax | |
1326 | cpuid | |
1327 | cmpl $0x80000000, %eax | |
1328 | - jbe 6f | |
1329 | + jbe 4f | |
1330 | mov $0x80000001, %eax | |
1331 | cpuid | |
1332 | /* Execute Disable bit supported? */ | |
1333 | btl $20, %edx | |
1334 | - jnc 6f | |
1335 | + jnc 4f | |
1336 | ||
1337 | /* Setup EFER (Extended Feature Enable Register) */ | |
1338 | movl $0xc0000080, %ecx | |
1339 | @@ -196,14 +260,12 @@ ENTRY(startup_32_smp) | |
1340 | btsl $11, %eax | |
1341 | /* Make changes effective */ | |
1342 | wrmsr | |
1343 | + btsl $63,__supported_pte_mask-__PAGE_OFFSET | |
1344 | ||
1345 | -6: | |
1346 | - /* This is a secondary processor (AP) */ | |
1347 | - xorl %ebx,%ebx | |
1348 | - incl %ebx | |
1349 | - | |
1350 | -3: | |
1351 | -#endif /* CONFIG_SMP */ | |
1352 | +4: | |
1353 | + movl %edi,%ebx | |
1354 | +#endif | |
1355 | +5: | |
1356 | ||
1357 | /* | |
1358 | * Enable paging | |
1359 | @@ -228,9 +290,7 @@ ENTRY(startup_32_smp) | |
1360 | ||
1361 | #ifdef CONFIG_SMP | |
1362 | andl %ebx,%ebx | |
1363 | - jz 1f /* Initial CPU cleans BSS */ | |
1364 | - jmp checkCPUtype | |
1365 | -1: | |
1366 | + jnz checkCPUtype /* Initial CPU cleans BSS */ | |
1367 | #endif /* CONFIG_SMP */ | |
1368 | ||
1369 | /* | |
1370 | @@ -307,8 +367,6 @@ is386: movl $2,%ecx # set MP | |
1371 | ljmp $(__KERNEL_CS),$1f | |
1372 | 1: movl $(__KERNEL_DS),%eax # reload all the segment registers | |
1373 | movl %eax,%ss # after changing gdt. | |
1374 | - | |
1375 | - movl $(__USER_DS),%eax # DS/ES contains default USER segment | |
1376 | movl %eax,%ds | |
1377 | movl %eax,%es | |
1378 | ||
1379 | @@ -433,8 +491,8 @@ hlt_loop: | |
1380 | /* This is the default interrupt "handler" :-) */ | |
1381 | ALIGN | |
1382 | ignore_int: | |
1383 | - cld | |
1384 | #ifdef CONFIG_PRINTK | |
1385 | + cld | |
1386 | pushl %eax | |
1387 | pushl %ecx | |
1388 | pushl %edx | |
1389 | @@ -465,32 +523,50 @@ ignore_int: | |
1390 | #endif | |
1391 | iret | |
1392 | ||
1393 | -/* | |
1394 | - * Real beginning of normal "text" segment | |
1395 | - */ | |
1396 | -ENTRY(stext) | |
1397 | -ENTRY(_stext) | |
1398 | - | |
1399 | -/* | |
1400 | - * BSS section | |
1401 | - */ | |
1402 | -.section ".bss.page_aligned","w" | |
1403 | +.section .swapper_pg_dir,"a",@progbits | |
1404 | ENTRY(swapper_pg_dir) | |
1405 | +#ifdef CONFIG_X86_PAE | |
1406 | + .long swapper_pm_dir-__PAGE_OFFSET+1 | |
1407 | + .long 0 | |
1408 | + .long swapper_pm_dir+512*8-__PAGE_OFFSET+1 | |
1409 | + .long 0 | |
1410 | + .long swapper_pm_dir+512*16-__PAGE_OFFSET+1 | |
1411 | + .long 0 | |
1412 | + .long swapper_pm_dir+512*24-__PAGE_OFFSET+1 | |
1413 | + .long 0 | |
1414 | +#else | |
1415 | .fill 1024,4,0 | |
1416 | +#endif | |
1417 | + | |
1418 | +#ifdef CONFIG_X86_PAE | |
1419 | +.section .swapper_pm_dir,"a",@progbits | |
1420 | +ENTRY(swapper_pm_dir) | |
1421 | + .fill 512,8,0 | |
1422 | + .fill 512,8,0 | |
1423 | + .fill 512,8,0 | |
1424 | + .fill 512,8,0 | |
1425 | +#endif | |
1426 | + | |
1427 | +.section .empty_zero_page,"a",@progbits | |
1428 | ENTRY(empty_zero_page) | |
1429 | .fill 4096,1,0 | |
1430 | ||
1431 | /* | |
1432 | - * This starts the data section. | |
1433 | - */ | |
1434 | -.data | |
1435 | + * The IDT has to be page-aligned to simplify the Pentium | |
1436 | + * F0 0F bug workaround.. We have a special link segment | |
1437 | + * for this. | |
1438 | + */ | |
1439 | +.section .idt,"a",@progbits | |
1440 | +ENTRY(idt_table) | |
1441 | + .fill 256,8,0 | |
1442 | + | |
1443 | +.section .rodata,"a",@progbits | |
1444 | +ready: .byte 0 | |
1445 | ||
1446 | ENTRY(stack_start) | |
1447 | - .long init_thread_union+THREAD_SIZE | |
1448 | + .long init_thread_union+THREAD_SIZE-8 | |
1449 | .long __BOOT_DS | |
1450 | ||
1451 | -ready: .byte 0 | |
1452 | - | |
1453 | early_recursion_flag: | |
1454 | .long 0 | |
1455 | ||
1456 | @@ -525,10 +601,12 @@ idt_descr: | |
1457 | ||
1458 | # boot GDT descriptor (later on used by CPU#0): | |
1459 | .word 0 # 32 bit align gdt_desc.address | |
1460 | -cpu_gdt_descr: | |
1461 | +ENTRY(cpu_gdt_descr) | |
1462 | .word GDT_ENTRIES*8-1 | |
1463 | .long cpu_gdt_table | |
1464 | ||
1465 | + .fill NR_CPUS*8-6,1,0 # space for the other GDT descriptors | |
1466 | + | |
1467 | /* | |
1468 | * The boot_gdt_table must mirror the equivalent in setup.S and is | |
1469 | * used only for booting. | |
1470 | @@ -536,13 +614,13 @@ cpu_gdt_descr: | |
1471 | .align L1_CACHE_BYTES | |
1472 | ENTRY(boot_gdt_table) | |
1473 | .fill GDT_ENTRY_BOOT_CS,8,0 | |
1474 | - .quad 0x00cf9a000000ffff /* kernel 4GB code at 0x00000000 */ | |
1475 | - .quad 0x00cf92000000ffff /* kernel 4GB data at 0x00000000 */ | |
1476 | + .quad 0x00cf9b000000ffff /* kernel 4GB code at 0x00000000 */ | |
1477 | + .quad 0x00cf93000000ffff /* kernel 4GB data at 0x00000000 */ | |
1478 | ||
1479 | /* | |
1480 | * The Global Descriptor Table contains 28 quadwords, per-CPU. | |
1481 | */ | |
1482 | - .align L1_CACHE_BYTES | |
1483 | + .align PAGE_SIZE_asm | |
1484 | ENTRY(cpu_gdt_table) | |
1485 | .quad 0x0000000000000000 /* NULL descriptor */ | |
1486 | .quad 0x0000000000000000 /* 0x0b reserved */ | |
1487 | @@ -557,10 +635,10 @@ ENTRY(cpu_gdt_table) | |
1488 | .quad 0x0000000000000000 /* 0x53 reserved */ | |
1489 | .quad 0x0000000000000000 /* 0x5b reserved */ | |
1490 | ||
1491 | - .quad 0x00cf9a000000ffff /* 0x60 kernel 4GB code at 0x00000000 */ | |
1492 | - .quad 0x00cf92000000ffff /* 0x68 kernel 4GB data at 0x00000000 */ | |
1493 | - .quad 0x00cffa000000ffff /* 0x73 user 4GB code at 0x00000000 */ | |
1494 | - .quad 0x00cff2000000ffff /* 0x7b user 4GB data at 0x00000000 */ | |
1495 | + .quad 0x00cf9b000000ffff /* 0x60 kernel 4GB code at 0x00000000 */ | |
1496 | + .quad 0x00cf93000000ffff /* 0x68 kernel 4GB data at 0x00000000 */ | |
1497 | + .quad 0x00cffb000000ffff /* 0x73 user 4GB code at 0x00000000 */ | |
1498 | + .quad 0x00cff3000000ffff /* 0x7b user 4GB data at 0x00000000 */ | |
1499 | ||
1500 | .quad 0x0000000000000000 /* 0x80 TSS descriptor */ | |
1501 | .quad 0x0000000000000000 /* 0x88 LDT descriptor */ | |
1502 | @@ -570,24 +648,30 @@ ENTRY(cpu_gdt_table) | |
1503 | * They code segments and data segments have fixed 64k limits, | |
1504 | * the transfer segment sizes are set at run time. | |
1505 | */ | |
1506 | - .quad 0x00409a000000ffff /* 0x90 32-bit code */ | |
1507 | - .quad 0x00009a000000ffff /* 0x98 16-bit code */ | |
1508 | - .quad 0x000092000000ffff /* 0xa0 16-bit data */ | |
1509 | - .quad 0x0000920000000000 /* 0xa8 16-bit data */ | |
1510 | - .quad 0x0000920000000000 /* 0xb0 16-bit data */ | |
1511 | + .quad 0x00409b000000ffff /* 0x90 32-bit code */ | |
1512 | + .quad 0x00009b000000ffff /* 0x98 16-bit code */ | |
1513 | + .quad 0x000093000000ffff /* 0xa0 16-bit data */ | |
1514 | + .quad 0x0000930000000000 /* 0xa8 16-bit data */ | |
1515 | + .quad 0x0000930000000000 /* 0xb0 16-bit data */ | |
1516 | ||
1517 | /* | |
1518 | * The APM segments have byte granularity and their bases | |
1519 | * are set at run time. All have 64k limits. | |
1520 | */ | |
1521 | - .quad 0x00409a000000ffff /* 0xb8 APM CS code */ | |
1522 | - .quad 0x00009a000000ffff /* 0xc0 APM CS 16 code (16 bit) */ | |
1523 | - .quad 0x004092000000ffff /* 0xc8 APM DS data */ | |
1524 | + .quad 0x00409b000000ffff /* 0xb8 APM CS code */ | |
1525 | + .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */ | |
1526 | + .quad 0x004093000000ffff /* 0xc8 APM DS data */ | |
1527 | ||
1528 | - .quad 0x0000920000000000 /* 0xd0 - ESPFIX 16-bit SS */ | |
1529 | + .quad 0x0000930000000000 /* 0xd0 - ESPFIX 16-bit SS */ | |
1530 | .quad 0x0000000000000000 /* 0xd8 - unused */ | |
1531 | .quad 0x0000000000000000 /* 0xe0 - unused */ | |
1532 | .quad 0x0000000000000000 /* 0xe8 - unused */ | |
1533 | .quad 0x0000000000000000 /* 0xf0 - unused */ | |
1534 | .quad 0x0000000000000000 /* 0xf8 - GDT entry 31: double-fault TSS */ | |
1535 | ||
1536 | + /* Be sure this is zeroed to avoid false validations in Xen */ | |
1537 | + .fill PAGE_SIZE_asm / 8 - GDT_ENTRIES,8,0 | |
1538 | + | |
1539 | +#ifdef CONFIG_SMP | |
1540 | + .fill (NR_CPUS-1) * (PAGE_SIZE_asm / 8),8,0 /* other CPU's GDT */ | |
1541 | +#endif | |
1542 | diff -urNp linux-2.6.19.1/arch/i386/kernel/i386_ksyms.c linux-2.6.19.1/arch/i386/kernel/i386_ksyms.c | |
1543 | --- linux-2.6.19.1/arch/i386/kernel/i386_ksyms.c 2006-11-29 16:57:37.000000000 -0500 | |
1544 | +++ linux-2.6.19.1/arch/i386/kernel/i386_ksyms.c 2006-12-03 15:15:45.000000000 -0500 | |
1545 | @@ -2,12 +2,16 @@ | |
1546 | #include <asm/checksum.h> | |
1547 | #include <asm/desc.h> | |
1548 | ||
1549 | +EXPORT_SYMBOL_GPL(cpu_gdt_table); | |
1550 | + | |
1551 | EXPORT_SYMBOL(__down_failed); | |
1552 | EXPORT_SYMBOL(__down_failed_interruptible); | |
1553 | EXPORT_SYMBOL(__down_failed_trylock); | |
1554 | EXPORT_SYMBOL(__up_wakeup); | |
1555 | /* Networking helper routines. */ | |
1556 | EXPORT_SYMBOL(csum_partial_copy_generic); | |
1557 | +EXPORT_SYMBOL(csum_partial_copy_generic_to_user); | |
1558 | +EXPORT_SYMBOL(csum_partial_copy_generic_from_user); | |
1559 | ||
1560 | EXPORT_SYMBOL(__get_user_1); | |
1561 | EXPORT_SYMBOL(__get_user_2); | |
1562 | diff -urNp linux-2.6.19.1/arch/i386/kernel/init_task.c linux-2.6.19.1/arch/i386/kernel/init_task.c | |
1563 | --- linux-2.6.19.1/arch/i386/kernel/init_task.c 2006-11-29 16:57:37.000000000 -0500 | |
1564 | +++ linux-2.6.19.1/arch/i386/kernel/init_task.c 2006-12-03 15:15:45.000000000 -0500 | |
1565 | @@ -42,5 +42,5 @@ EXPORT_SYMBOL(init_task); | |
1566 | * per-CPU TSS segments. Threads are completely 'soft' on Linux, | |
1567 | * no more per-task TSS's. | |
1568 | */ | |
1569 | -DEFINE_PER_CPU(struct tss_struct, init_tss) ____cacheline_internodealigned_in_smp = INIT_TSS; | |
1570 | +struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS }; | |
1571 | ||
1572 | diff -urNp linux-2.6.19.1/arch/i386/kernel/io_apic.c linux-2.6.19.1/arch/i386/kernel/io_apic.c | |
1573 | --- linux-2.6.19.1/arch/i386/kernel/io_apic.c 2006-11-29 16:57:37.000000000 -0500 | |
1574 | +++ linux-2.6.19.1/arch/i386/kernel/io_apic.c 2006-12-03 15:15:45.000000000 -0500 | |
1575 | @@ -350,8 +350,8 @@ static void set_ioapic_affinity_irq(unsi | |
1576 | # define TDprintk(x...) do { printk("<%ld:%s:%d>: ", jiffies, __FILE__, __LINE__); printk(x); } while (0) | |
1577 | # define Dprintk(x...) do { TDprintk(x); } while (0) | |
1578 | # else | |
1579 | -# define TDprintk(x...) | |
1580 | -# define Dprintk(x...) | |
1581 | +# define TDprintk(x...) do {} while (0) | |
1582 | +# define Dprintk(x...) do {} while (0) | |
1583 | # endif | |
1584 | ||
1585 | #define IRQBALANCE_CHECK_ARCH -999 | |
1586 | diff -urNp linux-2.6.19.1/arch/i386/kernel/ioport.c linux-2.6.19.1/arch/i386/kernel/ioport.c | |
1587 | --- linux-2.6.19.1/arch/i386/kernel/ioport.c 2006-11-29 16:57:37.000000000 -0500 | |
1588 | +++ linux-2.6.19.1/arch/i386/kernel/ioport.c 2006-12-03 15:15:45.000000000 -0500 | |
1589 | @@ -16,6 +16,7 @@ | |
1590 | #include <linux/stddef.h> | |
1591 | #include <linux/slab.h> | |
1592 | #include <linux/thread_info.h> | |
1593 | +#include <linux/grsecurity.h> | |
1594 | ||
1595 | /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */ | |
1596 | static void set_bitmap(unsigned long *bitmap, unsigned int base, unsigned int extent, int new_value) | |
1597 | @@ -64,9 +65,16 @@ asmlinkage long sys_ioperm(unsigned long | |
1598 | ||
1599 | if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) | |
1600 | return -EINVAL; | |
1601 | +#ifdef CONFIG_GRKERNSEC_IO | |
1602 | + if (turn_on) { | |
1603 | + gr_handle_ioperm(); | |
1604 | +#else | |
1605 | if (turn_on && !capable(CAP_SYS_RAWIO)) | |
1606 | +#endif | |
1607 | return -EPERM; | |
1608 | - | |
1609 | +#ifdef CONFIG_GRKERNSEC_IO | |
1610 | + } | |
1611 | +#endif | |
1612 | /* | |
1613 | * If it's the first ioperm() call in this thread's lifetime, set the | |
1614 | * IO bitmap up. ioperm() is much less timing critical than clone(), | |
1615 | @@ -89,7 +97,7 @@ asmlinkage long sys_ioperm(unsigned long | |
1616 | * because the ->io_bitmap_max value must match the bitmap | |
1617 | * contents: | |
1618 | */ | |
1619 | - tss = &per_cpu(init_tss, get_cpu()); | |
1620 | + tss = init_tss + get_cpu(); | |
1621 | ||
1622 | set_bitmap(t->io_bitmap_ptr, from, num, !turn_on); | |
1623 | ||
1624 | @@ -143,8 +151,13 @@ asmlinkage long sys_iopl(unsigned long u | |
1625 | return -EINVAL; | |
1626 | /* Trying to gain more privileges? */ | |
1627 | if (level > old) { | |
1628 | +#ifdef CONFIG_GRKERNSEC_IO | |
1629 | + gr_handle_iopl(); | |
1630 | + return -EPERM; | |
1631 | +#else | |
1632 | if (!capable(CAP_SYS_RAWIO)) | |
1633 | return -EPERM; | |
1634 | +#endif | |
1635 | } | |
1636 | t->iopl = level << 12; | |
1637 | regs->eflags = (regs->eflags & ~X86_EFLAGS_IOPL) | t->iopl; | |
1638 | diff -urNp linux-2.6.19.1/arch/i386/kernel/irq.c linux-2.6.19.1/arch/i386/kernel/irq.c | |
1639 | --- linux-2.6.19.1/arch/i386/kernel/irq.c 2006-11-29 16:57:37.000000000 -0500 | |
1640 | +++ linux-2.6.19.1/arch/i386/kernel/irq.c 2006-12-03 15:15:45.000000000 -0500 | |
1641 | @@ -100,7 +100,7 @@ fastcall unsigned int do_IRQ(struct pt_r | |
1642 | int arg1, arg2, ebx; | |
1643 | ||
1644 | /* build the stack frame on the IRQ stack */ | |
1645 | - isp = (u32*) ((char*)irqctx + sizeof(*irqctx)); | |
1646 | + isp = (u32*) ((char*)irqctx + sizeof(*irqctx)) - 2; | |
1647 | irqctx->tinfo.task = curctx->tinfo.task; | |
1648 | irqctx->tinfo.previous_esp = current_stack_pointer; | |
1649 | ||
1650 | @@ -137,10 +137,10 @@ fastcall unsigned int do_IRQ(struct pt_r | |
1651 | * gcc's 3.0 and earlier don't handle that correctly. | |
1652 | */ | |
1653 | static char softirq_stack[NR_CPUS * THREAD_SIZE] | |
1654 | - __attribute__((__aligned__(THREAD_SIZE))); | |
1655 | + __attribute__((__aligned__(THREAD_SIZE), __section__(".bss.page_aligned"))); | |
1656 | ||
1657 | static char hardirq_stack[NR_CPUS * THREAD_SIZE] | |
1658 | - __attribute__((__aligned__(THREAD_SIZE))); | |
1659 | + __attribute__((__aligned__(THREAD_SIZE), __section__(".bss.page_aligned"))); | |
1660 | ||
1661 | /* | |
1662 | * allocate per-cpu stacks for hardirq and for softirq processing | |
1663 | @@ -200,7 +200,7 @@ asmlinkage void do_softirq(void) | |
1664 | irqctx->tinfo.previous_esp = current_stack_pointer; | |
1665 | ||
1666 | /* build the stack frame on the softirq stack */ | |
1667 | - isp = (u32*) ((char*)irqctx + sizeof(*irqctx)); | |
1668 | + isp = (u32*) ((char*)irqctx + sizeof(*irqctx)) - 2; | |
1669 | ||
1670 | asm volatile( | |
1671 | " xchgl %%ebx,%%esp \n" | |
1672 | diff -urNp linux-2.6.19.1/arch/i386/kernel/kprobes.c linux-2.6.19.1/arch/i386/kernel/kprobes.c | |
1673 | --- linux-2.6.19.1/arch/i386/kernel/kprobes.c 2006-11-29 16:57:37.000000000 -0500 | |
1674 | +++ linux-2.6.19.1/arch/i386/kernel/kprobes.c 2006-12-03 15:15:45.000000000 -0500 | |
1675 | @@ -661,7 +661,7 @@ int __kprobes kprobe_exceptions_notify(s | |
1676 | struct die_args *args = (struct die_args *)data; | |
1677 | int ret = NOTIFY_DONE; | |
1678 | ||
1679 | - if (args->regs && user_mode_vm(args->regs)) | |
1680 | + if (args->regs && user_mode(args->regs)) | |
1681 | return ret; | |
1682 | ||
1683 | switch (val) { | |
1684 | diff -urNp linux-2.6.19.1/arch/i386/kernel/ldt.c linux-2.6.19.1/arch/i386/kernel/ldt.c | |
1685 | --- linux-2.6.19.1/arch/i386/kernel/ldt.c 2006-11-29 16:57:37.000000000 -0500 | |
1686 | +++ linux-2.6.19.1/arch/i386/kernel/ldt.c 2006-12-03 15:15:45.000000000 -0500 | |
1687 | @@ -20,6 +20,9 @@ | |
1688 | #include <asm/desc.h> | |
1689 | #include <asm/mmu_context.h> | |
1690 | ||
1691 | +const struct desc_struct default_ldt[] = { { 0, 0 }, { 0, 0 }, { 0, 0 }, | |
1692 | + { 0, 0 }, { 0, 0 } }; | |
1693 | + | |
1694 | #ifdef CONFIG_SMP /* avoids "defined but not used" warnig */ | |
1695 | static void flush_ldt(void *null) | |
1696 | { | |
1697 | @@ -103,6 +106,22 @@ int init_new_context(struct task_struct | |
1698 | retval = copy_ldt(&mm->context, &old_mm->context); | |
1699 | up(&old_mm->context.sem); | |
1700 | } | |
1701 | + | |
1702 | + if (tsk == current) { | |
1703 | + mm->context.vdso = ~0UL; | |
1704 | + | |
1705 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
1706 | + mm->context.user_cs_base = 0UL; | |
1707 | + mm->context.user_cs_limit = ~0UL; | |
1708 | + | |
1709 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) | |
1710 | + cpus_clear(mm->context.cpu_user_cs_mask); | |
1711 | +#endif | |
1712 | + | |
1713 | +#endif | |
1714 | + | |
1715 | + } | |
1716 | + | |
1717 | return retval; | |
1718 | } | |
1719 | ||
1720 | @@ -160,11 +179,11 @@ static int read_default_ldt(void __user | |
1721 | { | |
1722 | int err; | |
1723 | unsigned long size; | |
1724 | - void *address; | |
1725 | + const void *address; | |
1726 | ||
1727 | err = 0; | |
1728 | address = &default_ldt[0]; | |
1729 | - size = 5*sizeof(struct desc_struct); | |
1730 | + size = sizeof default_ldt; | |
1731 | if (size > bytecount) | |
1732 | size = bytecount; | |
1733 | ||
1734 | @@ -215,6 +234,13 @@ static int write_ldt(void __user * ptr, | |
1735 | } | |
1736 | } | |
1737 | ||
1738 | +#ifdef CONFIG_PAX_SEGMEXEC | |
1739 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) { | |
1740 | + error = -EINVAL; | |
1741 | + goto out_unlock; | |
1742 | + } | |
1743 | +#endif | |
1744 | + | |
1745 | entry_1 = LDT_entry_a(&ldt_info); | |
1746 | entry_2 = LDT_entry_b(&ldt_info); | |
1747 | if (oldmode) | |
1748 | diff -urNp linux-2.6.19.1/arch/i386/kernel/module.c linux-2.6.19.1/arch/i386/kernel/module.c | |
1749 | --- linux-2.6.19.1/arch/i386/kernel/module.c 2006-11-29 16:57:37.000000000 -0500 | |
1750 | +++ linux-2.6.19.1/arch/i386/kernel/module.c 2006-12-03 15:15:45.000000000 -0500 | |
1751 | @@ -21,6 +21,7 @@ | |
1752 | #include <linux/fs.h> | |
1753 | #include <linux/string.h> | |
1754 | #include <linux/kernel.h> | |
1755 | +#include <asm/desc.h> | |
1756 | ||
1757 | #if 0 | |
1758 | #define DEBUGP printk | |
1759 | @@ -32,9 +33,30 @@ void *module_alloc(unsigned long size) | |
1760 | { | |
1761 | if (size == 0) | |
1762 | return NULL; | |
1763 | + | |
1764 | +#ifdef CONFIG_PAX_KERNEXEC | |
1765 | + return vmalloc(size); | |
1766 | +#else | |
1767 | return vmalloc_exec(size); | |
1768 | +#endif | |
1769 | + | |
1770 | } | |
1771 | ||
1772 | +#ifdef CONFIG_PAX_KERNEXEC | |
1773 | +void *module_alloc_exec(unsigned long size) | |
1774 | +{ | |
1775 | + struct vm_struct *area; | |
1776 | + | |
1777 | + if (size == 0) | |
1778 | + return NULL; | |
1779 | + | |
1780 | + area = __get_vm_area(size, 0, (unsigned long)&MODULES_VADDR, (unsigned long)&MODULES_END); | |
1781 | + if (area) | |
1782 | + return area->addr; | |
1783 | + | |
1784 | + return NULL; | |
1785 | +} | |
1786 | +#endif | |
1787 | ||
1788 | /* Free memory returned from module_alloc */ | |
1789 | void module_free(struct module *mod, void *module_region) | |
1790 | @@ -44,6 +66,45 @@ void module_free(struct module *mod, voi | |
1791 | table entries. */ | |
1792 | } | |
1793 | ||
1794 | +#ifdef CONFIG_PAX_KERNEXEC | |
1795 | +void module_free_exec(struct module *mod, void *module_region) | |
1796 | +{ | |
1797 | + struct vm_struct **p, *tmp; | |
1798 | + | |
1799 | + if (!module_region) | |
1800 | + return; | |
1801 | + | |
1802 | + if ((PAGE_SIZE-1) & (unsigned long)module_region) { | |
1803 | + printk(KERN_ERR "Trying to module_free_exec() bad address (%p)\n", module_region); | |
1804 | + WARN_ON(1); | |
1805 | + return; | |
1806 | + } | |
1807 | + | |
1808 | + write_lock(&vmlist_lock); | |
1809 | + for (p = &vmlist ; (tmp = *p) != NULL ;p = &tmp->next) | |
1810 | + if (tmp->addr == module_region) | |
1811 | + break; | |
1812 | + | |
1813 | + if (tmp) { | |
1814 | + unsigned long cr0; | |
1815 | + | |
1816 | + pax_open_kernel(cr0); | |
1817 | + memset(tmp->addr, 0xCC, tmp->size); | |
1818 | + pax_close_kernel(cr0); | |
1819 | + | |
1820 | + *p = tmp->next; | |
1821 | + kfree(tmp); | |
1822 | + } | |
1823 | + write_unlock(&vmlist_lock); | |
1824 | + | |
1825 | + if (!tmp) { | |
1826 | + printk(KERN_ERR "Trying to module_free_exec() nonexistent vm area (%p)\n", | |
1827 | + module_region); | |
1828 | + WARN_ON(1); | |
1829 | + } | |
1830 | +} | |
1831 | +#endif | |
1832 | + | |
1833 | /* We don't need anything special. */ | |
1834 | int module_frob_arch_sections(Elf_Ehdr *hdr, | |
1835 | Elf_Shdr *sechdrs, | |
1836 | @@ -62,14 +123,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, | |
1837 | unsigned int i; | |
1838 | Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr; | |
1839 | Elf32_Sym *sym; | |
1840 | - uint32_t *location; | |
1841 | + uint32_t *plocation, location; | |
1842 | ||
1843 | DEBUGP("Applying relocate section %u to %u\n", relsec, | |
1844 | sechdrs[relsec].sh_info); | |
1845 | for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) { | |
1846 | /* This is where to make the change */ | |
1847 | - location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr | |
1848 | - + rel[i].r_offset; | |
1849 | + plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset; | |
1850 | + location = (uint32_t)plocation; | |
1851 | + if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR) | |
1852 | + plocation = (void *)plocation + __KERNEL_TEXT_OFFSET; | |
1853 | /* This is the symbol it is referring to. Note that all | |
1854 | undefined symbols have been resolved. */ | |
1855 | sym = (Elf32_Sym *)sechdrs[symindex].sh_addr | |
1856 | @@ -78,11 +141,11 @@ int apply_relocate(Elf32_Shdr *sechdrs, | |
1857 | switch (ELF32_R_TYPE(rel[i].r_info)) { | |
1858 | case R_386_32: | |
1859 | /* We add the value into the location given */ | |
1860 | - *location += sym->st_value; | |
1861 | + *plocation += sym->st_value; | |
1862 | break; | |
1863 | case R_386_PC32: | |
1864 | /* Add the value, subtract its postition */ | |
1865 | - *location += sym->st_value - (uint32_t)location; | |
1866 | + *plocation += sym->st_value - location; | |
1867 | break; | |
1868 | default: | |
1869 | printk(KERN_ERR "module %s: Unknown relocation: %u\n", | |
1870 | diff -urNp linux-2.6.19.1/arch/i386/kernel/process.c linux-2.6.19.1/arch/i386/kernel/process.c | |
1871 | --- linux-2.6.19.1/arch/i386/kernel/process.c 2006-11-29 16:57:37.000000000 -0500 | |
1872 | +++ linux-2.6.19.1/arch/i386/kernel/process.c 2006-12-03 15:15:45.000000000 -0500 | |
1873 | @@ -69,7 +69,7 @@ EXPORT_SYMBOL(boot_option_idle_override) | |
1874 | */ | |
1875 | unsigned long thread_saved_pc(struct task_struct *tsk) | |
1876 | { | |
1877 | - return ((unsigned long *)tsk->thread.esp)[3]; | |
1878 | + return tsk->thread.eip; | |
1879 | } | |
1880 | ||
1881 | /* | |
1882 | @@ -304,7 +304,7 @@ void show_regs(struct pt_regs * regs) | |
1883 | printk("EIP: %04x:[<%08lx>] CPU: %d\n",0xffff & regs->xcs,regs->eip, smp_processor_id()); | |
1884 | print_symbol("EIP is at %s\n", regs->eip); | |
1885 | ||
1886 | - if (user_mode_vm(regs)) | |
1887 | + if (user_mode(regs)) | |
1888 | printk(" ESP: %04x:%08lx",0xffff & regs->xss,regs->esp); | |
1889 | printk(" EFLAGS: %08lx %s (%s %.*s)\n", | |
1890 | regs->eflags, print_tainted(), init_utsname()->release, | |
1891 | @@ -344,8 +344,8 @@ int kernel_thread(int (*fn)(void *), voi | |
1892 | regs.ebx = (unsigned long) fn; | |
1893 | regs.edx = (unsigned long) arg; | |
1894 | ||
1895 | - regs.xds = __USER_DS; | |
1896 | - regs.xes = __USER_DS; | |
1897 | + regs.xds = __KERNEL_DS; | |
1898 | + regs.xes = __KERNEL_DS; | |
1899 | regs.orig_eax = -1; | |
1900 | regs.eip = (unsigned long) kernel_thread_helper; | |
1901 | regs.xcs = __KERNEL_CS | get_kernel_rpl(); | |
1902 | @@ -366,7 +366,7 @@ void exit_thread(void) | |
1903 | struct task_struct *tsk = current; | |
1904 | struct thread_struct *t = &tsk->thread; | |
1905 | int cpu = get_cpu(); | |
1906 | - struct tss_struct *tss = &per_cpu(init_tss, cpu); | |
1907 | + struct tss_struct *tss = init_tss + cpu; | |
1908 | ||
1909 | kfree(t->io_bitmap_ptr); | |
1910 | t->io_bitmap_ptr = NULL; | |
1911 | @@ -387,6 +387,9 @@ void flush_thread(void) | |
1912 | { | |
1913 | struct task_struct *tsk = current; | |
1914 | ||
1915 | + __asm__("mov %0,%%fs\n" | |
1916 | + "mov %0,%%gs\n" | |
1917 | + : : "r" (0) : "memory"); | |
1918 | memset(tsk->thread.debugreg, 0, sizeof(unsigned long)*8); | |
1919 | memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); | |
1920 | clear_tsk_thread_flag(tsk, TIF_DEBUG); | |
1921 | @@ -420,7 +423,7 @@ int copy_thread(int nr, unsigned long cl | |
1922 | struct task_struct *tsk; | |
1923 | int err; | |
1924 | ||
1925 | - childregs = task_pt_regs(p); | |
1926 | + childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8; | |
1927 | *childregs = *regs; | |
1928 | childregs->eax = 0; | |
1929 | childregs->esp = esp; | |
1930 | @@ -463,6 +466,11 @@ int copy_thread(int nr, unsigned long cl | |
1931 | if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) | |
1932 | goto out; | |
1933 | ||
1934 | +#ifdef CONFIG_PAX_SEGMEXEC | |
1935 | + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE)) | |
1936 | + goto out; | |
1937 | +#endif | |
1938 | + | |
1939 | desc = p->thread.tls_array + idx - GDT_ENTRY_TLS_MIN; | |
1940 | desc->a = LDT_entry_a(&info); | |
1941 | desc->b = LDT_entry_b(&info); | |
1942 | @@ -642,7 +650,11 @@ struct task_struct fastcall * __switch_t | |
1943 | struct thread_struct *prev = &prev_p->thread, | |
1944 | *next = &next_p->thread; | |
1945 | int cpu = smp_processor_id(); | |
1946 | - struct tss_struct *tss = &per_cpu(init_tss, cpu); | |
1947 | + struct tss_struct *tss = init_tss + cpu; | |
1948 | + | |
1949 | +#ifdef CONFIG_PAX_KERNEXEC | |
1950 | + unsigned long cr0; | |
1951 | +#endif | |
1952 | ||
1953 | /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ | |
1954 | ||
1955 | @@ -665,11 +677,24 @@ struct task_struct fastcall * __switch_t | |
1956 | savesegment(fs, prev->fs); | |
1957 | savesegment(gs, prev->gs); | |
1958 | ||
1959 | +#ifdef CONFIG_PAX_KERNEXEC | |
1960 | + pax_open_kernel(cr0); | |
1961 | +#endif | |
1962 | + | |
1963 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
1964 | + if (!segment_eq(prev_p->thread_info->addr_limit, next_p->thread_info->addr_limit)) | |
1965 | + __set_fs(next_p->thread_info->addr_limit, cpu); | |
1966 | +#endif | |
1967 | + | |
1968 | /* | |
1969 | * Load the per-thread Thread-Local Storage descriptor. | |
1970 | */ | |
1971 | load_TLS(next, cpu); | |
1972 | ||
1973 | +#ifdef CONFIG_PAX_KERNEXEC | |
1974 | + pax_close_kernel(cr0); | |
1975 | +#endif | |
1976 | + | |
1977 | /* | |
1978 | * Restore %fs and %gs if needed. | |
1979 | * | |
1980 | @@ -814,8 +839,18 @@ asmlinkage int sys_set_thread_area(struc | |
1981 | struct desc_struct *desc; | |
1982 | int cpu, idx; | |
1983 | ||
1984 | +#ifdef CONFIG_PAX_KERNEXEC | |
1985 | + unsigned long cr0; | |
1986 | +#endif | |
1987 | + | |
1988 | if (copy_from_user(&info, u_info, sizeof(info))) | |
1989 | return -EFAULT; | |
1990 | + | |
1991 | +#ifdef CONFIG_PAX_SEGMEXEC | |
1992 | + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE)) | |
1993 | + return -EINVAL; | |
1994 | +#endif | |
1995 | + | |
1996 | idx = info.entry_number; | |
1997 | ||
1998 | /* | |
1999 | @@ -847,8 +882,17 @@ asmlinkage int sys_set_thread_area(struc | |
2000 | desc->a = LDT_entry_a(&info); | |
2001 | desc->b = LDT_entry_b(&info); | |
2002 | } | |
2003 | + | |
2004 | +#ifdef CONFIG_PAX_KERNEXEC | |
2005 | + pax_open_kernel(cr0); | |
2006 | +#endif | |
2007 | + | |
2008 | load_TLS(t, cpu); | |
2009 | ||
2010 | +#ifdef CONFIG_PAX_KERNEXEC | |
2011 | + pax_close_kernel(cr0); | |
2012 | +#endif | |
2013 | + | |
2014 | put_cpu(); | |
2015 | ||
2016 | return 0; | |
2017 | @@ -904,9 +948,27 @@ asmlinkage int sys_get_thread_area(struc | |
2018 | return 0; | |
2019 | } | |
2020 | ||
2021 | -unsigned long arch_align_stack(unsigned long sp) | |
2022 | +#ifdef CONFIG_PAX_RANDKSTACK | |
2023 | +asmlinkage void pax_randomize_kstack(void) | |
2024 | { | |
2025 | - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) | |
2026 | - sp -= get_random_int() % 8192; | |
2027 | - return sp & ~0xf; | |
2028 | + struct tss_struct *tss = init_tss + smp_processor_id(); | |
2029 | + unsigned long time; | |
2030 | + | |
2031 | + if (!randomize_va_space) | |
2032 | + return; | |
2033 | + | |
2034 | + rdtscl(time); | |
2035 | + | |
2036 | + /* P4 seems to return a 0 LSB, ignore it */ | |
2037 | +#ifdef CONFIG_MPENTIUM4 | |
2038 | + time &= 0x1EUL; | |
2039 | + time <<= 2; | |
2040 | +#else | |
2041 | + time &= 0xFUL; | |
2042 | + time <<= 3; | |
2043 | +#endif | |
2044 | + | |
2045 | + tss->esp0 ^= time; | |
2046 | + current->thread.esp0 = tss->esp0; | |
2047 | } | |
2048 | +#endif | |
2049 | diff -urNp linux-2.6.19.1/arch/i386/kernel/ptrace.c linux-2.6.19.1/arch/i386/kernel/ptrace.c | |
2050 | --- linux-2.6.19.1/arch/i386/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
2051 | +++ linux-2.6.19.1/arch/i386/kernel/ptrace.c 2006-12-03 15:15:45.000000000 -0500 | |
2052 | @@ -17,6 +17,7 @@ | |
2053 | #include <linux/audit.h> | |
2054 | #include <linux/seccomp.h> | |
2055 | #include <linux/signal.h> | |
2056 | +#include <linux/grsecurity.h> | |
2057 | ||
2058 | #include <asm/uaccess.h> | |
2059 | #include <asm/pgtable.h> | |
2060 | @@ -169,15 +170,15 @@ static unsigned long convert_eip_to_line | |
2061 | * and APM bios ones we just ignore here. | |
2062 | */ | |
2063 | if (seg & LDT_SEGMENT) { | |
2064 | - u32 *desc; | |
2065 | + struct desc_struct *desc; | |
2066 | unsigned long base; | |
2067 | ||
2068 | down(&child->mm->context.sem); | |
2069 | - desc = child->mm->context.ldt + (seg & ~7); | |
2070 | - base = (desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000); | |
2071 | + desc = &child->mm->context.ldt[seg >> 3]; | |
2072 | + base = (desc->a >> 16) | ((desc->b & 0xff) << 16) | (desc->b & 0xff000000); | |
2073 | ||
2074 | /* 16-bit code segment? */ | |
2075 | - if (!((desc[1] >> 22) & 1)) | |
2076 | + if (!((desc->b >> 22) & 1)) | |
2077 | addr &= 0xffff; | |
2078 | addr += base; | |
2079 | up(&child->mm->context.sem); | |
2080 | @@ -342,6 +343,11 @@ ptrace_set_thread_area(struct task_struc | |
2081 | if (copy_from_user(&info, user_desc, sizeof(info))) | |
2082 | return -EFAULT; | |
2083 | ||
2084 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2085 | + if ((child->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE)) | |
2086 | + return -EINVAL; | |
2087 | +#endif | |
2088 | + | |
2089 | if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) | |
2090 | return -EINVAL; | |
2091 | ||
2092 | @@ -432,6 +438,17 @@ long arch_ptrace(struct task_struct *chi | |
2093 | if(addr == (long) &dummy->u_debugreg[5]) break; | |
2094 | if(addr < (long) &dummy->u_debugreg[4] && | |
2095 | ((unsigned long) data) >= TASK_SIZE-3) break; | |
2096 | + | |
2097 | +#ifdef CONFIG_GRKERNSEC | |
2098 | + if(addr >= (long) &dummy->u_debugreg[0] && | |
2099 | + addr <= (long) &dummy->u_debugreg[3]){ | |
2100 | + long reg = (addr - (long) &dummy->u_debugreg[0]) >> 2; | |
2101 | + long type = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 4*reg)) & 3; | |
2102 | + long align = (child->thread.debugreg[7] >> (DR_CONTROL_SHIFT + 2 + 4*reg)) & 3; | |
2103 | + if((type & 1) && (data & align)) | |
2104 | + break; | |
2105 | + } | |
2106 | +#endif | |
2107 | ||
2108 | /* Sanity-check data. Take one half-byte at once with | |
2109 | * check = (val >> (16 + 4*i)) & 0xf. It contains the | |
2110 | @@ -648,7 +665,7 @@ void send_sigtrap(struct task_struct *ts | |
2111 | info.si_code = TRAP_BRKPT; | |
2112 | ||
2113 | /* User-mode eip? */ | |
2114 | - info.si_addr = user_mode_vm(regs) ? (void __user *) regs->eip : NULL; | |
2115 | + info.si_addr = user_mode(regs) ? (void __user *) regs->eip : NULL; | |
2116 | ||
2117 | /* Send us the fakey SIGTRAP */ | |
2118 | force_sig_info(SIGTRAP, &info, tsk); | |
2119 | diff -urNp linux-2.6.19.1/arch/i386/kernel/reboot.c linux-2.6.19.1/arch/i386/kernel/reboot.c | |
2120 | --- linux-2.6.19.1/arch/i386/kernel/reboot.c 2006-11-29 16:57:37.000000000 -0500 | |
2121 | +++ linux-2.6.19.1/arch/i386/kernel/reboot.c 2006-12-03 15:15:45.000000000 -0500 | |
2122 | @@ -24,7 +24,7 @@ | |
2123 | void (*pm_power_off)(void); | |
2124 | EXPORT_SYMBOL(pm_power_off); | |
2125 | ||
2126 | -static int reboot_mode; | |
2127 | +static unsigned short reboot_mode; | |
2128 | static int reboot_thru_bios; | |
2129 | ||
2130 | #ifdef CONFIG_SMP | |
2131 | @@ -137,15 +137,15 @@ core_initcall(reboot_init); | |
2132 | doesn't work with at least one type of 486 motherboard. It is easy | |
2133 | to stop this code working; hence the copious comments. */ | |
2134 | ||
2135 | -static unsigned long long | |
2136 | +static const unsigned long long | |
2137 | real_mode_gdt_entries [3] = | |
2138 | { | |
2139 | 0x0000000000000000ULL, /* Null descriptor */ | |
2140 | - 0x00009a000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */ | |
2141 | - 0x000092000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */ | |
2142 | + 0x00009b000000ffffULL, /* 16-bit real-mode 64k code at 0x00000000 */ | |
2143 | + 0x000093000100ffffULL /* 16-bit real-mode 64k data at 0x00000100 */ | |
2144 | }; | |
2145 | ||
2146 | -static struct Xgt_desc_struct | |
2147 | +static const struct Xgt_desc_struct | |
2148 | real_mode_gdt = { sizeof (real_mode_gdt_entries) - 1, (long)real_mode_gdt_entries }, | |
2149 | real_mode_idt = { 0x3ff, 0 }, | |
2150 | no_idt = { 0, 0 }; | |
2151 | @@ -170,7 +170,7 @@ no_idt = { 0, 0 }; | |
2152 | More could be done here to set up the registers as if a CPU reset had | |
2153 | occurred; hopefully real BIOSs don't assume much. */ | |
2154 | ||
2155 | -static unsigned char real_mode_switch [] = | |
2156 | +static const unsigned char real_mode_switch [] = | |
2157 | { | |
2158 | 0x66, 0x0f, 0x20, 0xc0, /* movl %cr0,%eax */ | |
2159 | 0x66, 0x83, 0xe0, 0x11, /* andl $0x00000011,%eax */ | |
2160 | @@ -184,7 +184,7 @@ static unsigned char real_mode_switch [] | |
2161 | 0x24, 0x10, /* f: andb $0x10,al */ | |
2162 | 0x66, 0x0f, 0x22, 0xc0 /* movl %eax,%cr0 */ | |
2163 | }; | |
2164 | -static unsigned char jump_to_bios [] = | |
2165 | +static const unsigned char jump_to_bios [] = | |
2166 | { | |
2167 | 0xea, 0x00, 0x00, 0xff, 0xff /* ljmp $0xffff,$0x0000 */ | |
2168 | }; | |
2169 | @@ -194,10 +194,14 @@ static unsigned char jump_to_bios [] = | |
2170 | * specified by the code and length parameters. | |
2171 | * We assume that length will aways be less that 100! | |
2172 | */ | |
2173 | -void machine_real_restart(unsigned char *code, int length) | |
2174 | +void machine_real_restart(const unsigned char *code, unsigned int length) | |
2175 | { | |
2176 | unsigned long flags; | |
2177 | ||
2178 | +#ifdef CONFIG_PAX_KERNEXEC | |
2179 | + unsigned long cr0; | |
2180 | +#endif | |
2181 | + | |
2182 | local_irq_disable(); | |
2183 | ||
2184 | /* Write zero to CMOS register number 0x0f, which the BIOS POST | |
2185 | @@ -218,8 +222,16 @@ void machine_real_restart(unsigned char | |
2186 | from the kernel segment. This assumes the kernel segment starts at | |
2187 | virtual address PAGE_OFFSET. */ | |
2188 | ||
2189 | - memcpy (swapper_pg_dir, swapper_pg_dir + USER_PGD_PTRS, | |
2190 | - sizeof (swapper_pg_dir [0]) * KERNEL_PGD_PTRS); | |
2191 | +#ifdef CONFIG_PAX_KERNEXEC | |
2192 | + pax_open_kernel(cr0); | |
2193 | +#endif | |
2194 | + | |
2195 | + clone_pgd_range(swapper_pg_dir, swapper_pg_dir + USER_PGD_PTRS, | |
2196 | + USER_PGD_PTRS >= KERNEL_PGD_PTRS ? KERNEL_PGD_PTRS : USER_PGD_PTRS); | |
2197 | + | |
2198 | +#ifdef CONFIG_PAX_KERNEXEC | |
2199 | + pax_close_kernel(cr0); | |
2200 | +#endif | |
2201 | ||
2202 | /* | |
2203 | * Use `swapper_pg_dir' as our page directory. | |
2204 | @@ -232,7 +244,7 @@ void machine_real_restart(unsigned char | |
2205 | REBOOT.COM programs, and the previous reset routine did this | |
2206 | too. */ | |
2207 | ||
2208 | - *((unsigned short *)0x472) = reboot_mode; | |
2209 | + __put_user(reboot_mode, (unsigned short __user *)0x472); | |
2210 | ||
2211 | /* For the switch to real mode, copy some code to low memory. It has | |
2212 | to be in the first 64k because it is running in 16-bit mode, and it | |
2213 | @@ -240,9 +252,9 @@ void machine_real_restart(unsigned char | |
2214 | off paging. Copy it near the end of the first page, out of the way | |
2215 | of BIOS variables. */ | |
2216 | ||
2217 | - memcpy ((void *) (0x1000 - sizeof (real_mode_switch) - 100), | |
2218 | + flags = __copy_to_user ((void __user *) (0x1000 - sizeof (real_mode_switch) - 100), | |
2219 | real_mode_switch, sizeof (real_mode_switch)); | |
2220 | - memcpy ((void *) (0x1000 - 100), code, length); | |
2221 | + flags = __copy_to_user ((void __user *) (0x1000 - 100), code, length); | |
2222 | ||
2223 | /* Set up the IDT for real mode. */ | |
2224 | ||
2225 | @@ -324,7 +336,7 @@ void machine_emergency_restart(void) | |
2226 | __asm__ __volatile__("int3"); | |
2227 | } | |
2228 | /* rebooting needs to touch the page at absolute addr 0 */ | |
2229 | - *((unsigned short *)__va(0x472)) = reboot_mode; | |
2230 | + __put_user(reboot_mode, (unsigned short __user *)0x472); | |
2231 | for (;;) { | |
2232 | mach_reboot_fixups(); /* for board specific fixups */ | |
2233 | mach_reboot(); | |
2234 | diff -urNp linux-2.6.19.1/arch/i386/kernel/setup.c linux-2.6.19.1/arch/i386/kernel/setup.c | |
2235 | --- linux-2.6.19.1/arch/i386/kernel/setup.c 2006-11-29 16:57:37.000000000 -0500 | |
2236 | +++ linux-2.6.19.1/arch/i386/kernel/setup.c 2006-12-03 15:15:45.000000000 -0500 | |
2237 | @@ -88,7 +88,11 @@ struct cpuinfo_x86 new_cpu_data __initda | |
2238 | struct cpuinfo_x86 boot_cpu_data __read_mostly = { 0, 0, 0, 0, -1, 1, 0, 0, -1 }; | |
2239 | EXPORT_SYMBOL(boot_cpu_data); | |
2240 | ||
2241 | +#ifdef CONFIG_X86_PAE | |
2242 | +unsigned long mmu_cr4_features = X86_CR4_PAE; | |
2243 | +#else | |
2244 | unsigned long mmu_cr4_features; | |
2245 | +#endif | |
2246 | ||
2247 | /* for MCA, but anyone else can use it if they want */ | |
2248 | unsigned int machine_id; | |
2249 | @@ -1388,14 +1392,14 @@ void __init setup_arch(char **cmdline_p) | |
2250 | ||
2251 | if (!MOUNT_ROOT_RDONLY) | |
2252 | root_mountflags &= ~MS_RDONLY; | |
2253 | - init_mm.start_code = (unsigned long) _text; | |
2254 | - init_mm.end_code = (unsigned long) _etext; | |
2255 | + init_mm.start_code = (unsigned long) _text + __KERNEL_TEXT_OFFSET; | |
2256 | + init_mm.end_code = (unsigned long) _etext + __KERNEL_TEXT_OFFSET; | |
2257 | init_mm.end_data = (unsigned long) _edata; | |
2258 | init_mm.brk = init_pg_tables_end + PAGE_OFFSET; | |
2259 | ||
2260 | - code_resource.start = virt_to_phys(_text); | |
2261 | - code_resource.end = virt_to_phys(_etext)-1; | |
2262 | - data_resource.start = virt_to_phys(_etext); | |
2263 | + code_resource.start = virt_to_phys(_text + __KERNEL_TEXT_OFFSET); | |
2264 | + code_resource.end = virt_to_phys(_etext + __KERNEL_TEXT_OFFSET)-1; | |
2265 | + data_resource.start = virt_to_phys(_data); | |
2266 | data_resource.end = virt_to_phys(_edata)-1; | |
2267 | ||
2268 | parse_early_param(); | |
2269 | diff -urNp linux-2.6.19.1/arch/i386/kernel/signal.c linux-2.6.19.1/arch/i386/kernel/signal.c | |
2270 | --- linux-2.6.19.1/arch/i386/kernel/signal.c 2006-11-29 16:57:37.000000000 -0500 | |
2271 | +++ linux-2.6.19.1/arch/i386/kernel/signal.c 2006-12-03 15:15:45.000000000 -0500 | |
2272 | @@ -351,7 +351,7 @@ static int setup_frame(int sig, struct k | |
2273 | goto give_sigsegv; | |
2274 | } | |
2275 | ||
2276 | - restorer = (void *)VDSO_SYM(&__kernel_sigreturn); | |
2277 | + restorer = (void __user *)VDSO_SYM(&__kernel_sigreturn); | |
2278 | if (ka->sa.sa_flags & SA_RESTORER) | |
2279 | restorer = ka->sa.sa_restorer; | |
2280 | ||
2281 | @@ -447,7 +447,8 @@ static int setup_rt_frame(int sig, struc | |
2282 | goto give_sigsegv; | |
2283 | ||
2284 | /* Set up to return from userspace. */ | |
2285 | - restorer = (void *)VDSO_SYM(&__kernel_rt_sigreturn); | |
2286 | + | |
2287 | + restorer = (void __user *)VDSO_SYM(&__kernel_rt_sigreturn); | |
2288 | if (ka->sa.sa_flags & SA_RESTORER) | |
2289 | restorer = ka->sa.sa_restorer; | |
2290 | err |= __put_user(restorer, &frame->pretcode); | |
2291 | @@ -580,7 +581,7 @@ static void fastcall do_signal(struct pt | |
2292 | * before reaching here, so testing against kernel | |
2293 | * CS suffices. | |
2294 | */ | |
2295 | - if (!user_mode(regs)) | |
2296 | + if (!user_mode_novm(regs)) | |
2297 | return; | |
2298 | ||
2299 | if (test_thread_flag(TIF_RESTORE_SIGMASK)) | |
2300 | diff -urNp linux-2.6.19.1/arch/i386/kernel/smpboot.c linux-2.6.19.1/arch/i386/kernel/smpboot.c | |
2301 | --- linux-2.6.19.1/arch/i386/kernel/smpboot.c 2006-11-29 16:57:37.000000000 -0500 | |
2302 | +++ linux-2.6.19.1/arch/i386/kernel/smpboot.c 2006-12-03 15:15:45.000000000 -0500 | |
2303 | @@ -1066,7 +1066,6 @@ static int __cpuinit __smp_prepare_cpu(i | |
2304 | struct warm_boot_cpu_info info; | |
2305 | struct work_struct task; | |
2306 | int apicid, ret; | |
2307 | - struct Xgt_desc_struct *cpu_gdt_descr = &per_cpu(cpu_gdt_descr, cpu); | |
2308 | ||
2309 | apicid = x86_cpu_to_apicid[cpu]; | |
2310 | if (apicid == BAD_APICID) { | |
2311 | @@ -1078,13 +1077,7 @@ static int __cpuinit __smp_prepare_cpu(i | |
2312 | * the CPU isn't initialized at boot time, allocate gdt table here. | |
2313 | * cpu_init will initialize it | |
2314 | */ | |
2315 | - if (!cpu_gdt_descr->address) { | |
2316 | - cpu_gdt_descr->address = get_zeroed_page(GFP_KERNEL); | |
2317 | - if (!cpu_gdt_descr->address) | |
2318 | - printk(KERN_CRIT "CPU%d failed to allocate GDT\n", cpu); | |
2319 | - ret = -ENOMEM; | |
2320 | - goto exit; | |
2321 | - } | |
2322 | + cpu_gdt_descr[cpu].address = get_cpu_gdt_table(cpu); | |
2323 | ||
2324 | info.complete = &done; | |
2325 | info.apicid = apicid; | |
2326 | @@ -1095,7 +1088,7 @@ static int __cpuinit __smp_prepare_cpu(i | |
2327 | ||
2328 | /* init low mem mapping */ | |
2329 | clone_pgd_range(swapper_pg_dir, swapper_pg_dir + USER_PGD_PTRS, | |
2330 | - KERNEL_PGD_PTRS); | |
2331 | + USER_PGD_PTRS >= KERNEL_PGD_PTRS ? KERNEL_PGD_PTRS : USER_PGD_PTRS); | |
2332 | flush_tlb_all(); | |
2333 | schedule_work(&task); | |
2334 | wait_for_completion(&done); | |
2335 | diff -urNp linux-2.6.19.1/arch/i386/kernel/syscall_table.S linux-2.6.19.1/arch/i386/kernel/syscall_table.S | |
2336 | --- linux-2.6.19.1/arch/i386/kernel/syscall_table.S 2006-11-29 16:57:37.000000000 -0500 | |
2337 | +++ linux-2.6.19.1/arch/i386/kernel/syscall_table.S 2006-12-03 15:15:45.000000000 -0500 | |
2338 | @@ -1,3 +1,4 @@ | |
2339 | +.section .rodata,"a",@progbits | |
2340 | ENTRY(sys_call_table) | |
2341 | .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */ | |
2342 | .long sys_exit | |
2343 | diff -urNp linux-2.6.19.1/arch/i386/kernel/sysenter.c linux-2.6.19.1/arch/i386/kernel/sysenter.c | |
2344 | --- linux-2.6.19.1/arch/i386/kernel/sysenter.c 2006-11-29 16:57:37.000000000 -0500 | |
2345 | +++ linux-2.6.19.1/arch/i386/kernel/sysenter.c 2006-12-03 15:15:45.000000000 -0500 | |
2346 | @@ -45,7 +45,7 @@ extern asmlinkage void sysenter_entry(vo | |
2347 | void enable_sep_cpu(void) | |
2348 | { | |
2349 | int cpu = get_cpu(); | |
2350 | - struct tss_struct *tss = &per_cpu(init_tss, cpu); | |
2351 | + struct tss_struct *tss = init_tss + cpu; | |
2352 | ||
2353 | if (!boot_cpu_has(X86_FEATURE_SEP)) { | |
2354 | put_cpu(); | |
2355 | @@ -125,16 +125,36 @@ int arch_setup_additional_pages(struct l | |
2356 | unsigned long addr; | |
2357 | int ret; | |
2358 | ||
2359 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2360 | + struct vm_area_struct *vma_m = NULL; | |
2361 | +#endif | |
2362 | + | |
2363 | + vma = kmem_cache_zalloc(vm_area_cachep, SLAB_KERNEL); | |
2364 | + if (!vma) | |
2365 | + return -ENOMEM; | |
2366 | + | |
2367 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2368 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) { | |
2369 | + vma_m = kmem_cache_zalloc(vm_area_cachep, SLAB_KERNEL); | |
2370 | + if (!vma_m) { | |
2371 | + kmem_cache_free(vm_area_cachep, vma); | |
2372 | + return -ENOMEM; | |
2373 | + } | |
2374 | + } | |
2375 | +#endif | |
2376 | + | |
2377 | down_write(&mm->mmap_sem); | |
2378 | - addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); | |
2379 | + addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, MAP_EXECUTABLE); | |
2380 | if (IS_ERR_VALUE(addr)) { | |
2381 | ret = addr; | |
2382 | - goto up_fail; | |
2383 | - } | |
2384 | ||
2385 | - vma = kmem_cache_zalloc(vm_area_cachep, SLAB_KERNEL); | |
2386 | - if (!vma) { | |
2387 | - ret = -ENOMEM; | |
2388 | + kmem_cache_free(vm_area_cachep, vma); | |
2389 | + | |
2390 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2391 | + if (vma_m) | |
2392 | + kmem_cache_free(vm_area_cachep, vma_m); | |
2393 | +#endif | |
2394 | + | |
2395 | goto up_fail; | |
2396 | } | |
2397 | ||
2398 | @@ -142,18 +162,49 @@ int arch_setup_additional_pages(struct l | |
2399 | vma->vm_end = addr + PAGE_SIZE; | |
2400 | /* MAYWRITE to allow gdb to COW and set breakpoints */ | |
2401 | vma->vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYEXEC|VM_MAYWRITE; | |
2402 | + | |
2403 | +#ifdef CONFIG_PAX_MPROTECT | |
2404 | + if (mm->pax_flags & MF_PAX_MPROTECT) | |
2405 | + vma->vm_flags &= ~VM_MAYWRITE; | |
2406 | +#endif | |
2407 | + | |
2408 | vma->vm_flags |= mm->def_flags; | |
2409 | - vma->vm_page_prot = protection_map[vma->vm_flags & 7]; | |
2410 | + vma->vm_page_prot = protection_map[vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
2411 | vma->vm_ops = &syscall_vm_ops; | |
2412 | vma->vm_mm = mm; | |
2413 | ||
2414 | ret = insert_vm_struct(mm, vma); | |
2415 | if (unlikely(ret)) { | |
2416 | kmem_cache_free(vm_area_cachep, vma); | |
2417 | + | |
2418 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2419 | + if (vma_m) | |
2420 | + kmem_cache_free(vm_area_cachep, vma_m); | |
2421 | +#endif | |
2422 | + | |
2423 | goto up_fail; | |
2424 | } | |
2425 | ||
2426 | - current->mm->context.vdso = (void *)addr; | |
2427 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2428 | + if (vma_m) { | |
2429 | + *vma_m = *vma; | |
2430 | + vma_m->vm_start += SEGMEXEC_TASK_SIZE; | |
2431 | + vma_m->vm_end += SEGMEXEC_TASK_SIZE; | |
2432 | + ret = insert_vm_struct(mm, vma_m); | |
2433 | + if (unlikely(ret)) { | |
2434 | + kmem_cache_free(vm_area_cachep, vma_m); | |
2435 | + goto up_fail; | |
2436 | + } | |
2437 | + vma_m->vm_flags |= VM_MIRROR; | |
2438 | + vma->vm_flags |= VM_MIRROR; | |
2439 | + vma_m->vm_mirror = vma->vm_start - vma_m->vm_start; | |
2440 | + vma->vm_mirror = vma_m->vm_start - vma->vm_start; | |
2441 | + vma_m->vm_pgoff = vma->vm_pgoff; | |
2442 | + mm->total_vm++; | |
2443 | + } | |
2444 | +#endif | |
2445 | + | |
2446 | + current->mm->context.vdso = addr; | |
2447 | current_thread_info()->sysenter_return = | |
2448 | (void *)VDSO_SYM(&SYSENTER_RETURN); | |
2449 | mm->total_vm++; | |
2450 | @@ -164,8 +215,17 @@ up_fail: | |
2451 | ||
2452 | const char *arch_vma_name(struct vm_area_struct *vma) | |
2453 | { | |
2454 | - if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso) | |
2455 | + if (vma->vm_start == vma->vm_mm->context.vdso) | |
2456 | return "[vdso]"; | |
2457 | + | |
2458 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2459 | + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_MIRROR)) | |
2460 | + return NULL; | |
2461 | + | |
2462 | + if (vma->vm_start + vma->vm_mirror == vma->vm_mm->context.vdso) | |
2463 | + return "[vdso]"; | |
2464 | +#endif | |
2465 | + | |
2466 | return NULL; | |
2467 | } | |
2468 | ||
2469 | diff -urNp linux-2.6.19.1/arch/i386/kernel/sys_i386.c linux-2.6.19.1/arch/i386/kernel/sys_i386.c | |
2470 | --- linux-2.6.19.1/arch/i386/kernel/sys_i386.c 2006-11-29 16:57:37.000000000 -0500 | |
2471 | +++ linux-2.6.19.1/arch/i386/kernel/sys_i386.c 2006-12-03 15:15:45.000000000 -0500 | |
2472 | @@ -100,6 +100,191 @@ out: | |
2473 | return err; | |
2474 | } | |
2475 | ||
2476 | +unsigned long | |
2477 | +arch_get_unmapped_area(struct file *filp, unsigned long addr, | |
2478 | + unsigned long len, unsigned long pgoff, unsigned long flags) | |
2479 | +{ | |
2480 | + struct mm_struct *mm = current->mm; | |
2481 | + struct vm_area_struct *vma; | |
2482 | + unsigned long start_addr, task_size = TASK_SIZE; | |
2483 | + | |
2484 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2485 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
2486 | + task_size = SEGMEXEC_TASK_SIZE; | |
2487 | +#endif | |
2488 | + | |
2489 | + if (len > task_size) | |
2490 | + return -ENOMEM; | |
2491 | + | |
2492 | +#ifdef CONFIG_PAX_RANDMMAP | |
2493 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp) | |
2494 | +#endif | |
2495 | + | |
2496 | + if (addr) { | |
2497 | + addr = PAGE_ALIGN(addr); | |
2498 | + vma = find_vma(mm, addr); | |
2499 | + if (task_size - len >= addr && | |
2500 | + (!vma || addr + len <= vma->vm_start)) | |
2501 | + return addr; | |
2502 | + } | |
2503 | + if (len > mm->cached_hole_size) { | |
2504 | + start_addr = addr = mm->free_area_cache; | |
2505 | + } else { | |
2506 | + start_addr = addr = mm->mmap_base; | |
2507 | + mm->cached_hole_size = 0; | |
2508 | + } | |
2509 | + | |
2510 | +#ifdef CONFIG_PAX_PAGEEXEC | |
2511 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) { | |
2512 | + start_addr = 0x00110000UL; | |
2513 | + | |
2514 | +#ifdef CONFIG_PAX_RANDMMAP | |
2515 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2516 | + start_addr += mm->delta_mmap & 0x03FFF000UL; | |
2517 | +#endif | |
2518 | + | |
2519 | + if (mm->start_brk <= start_addr && start_addr < mm->mmap_base) | |
2520 | + start_addr = addr = mm->mmap_base; | |
2521 | + else | |
2522 | + addr = start_addr; | |
2523 | + } | |
2524 | +#endif | |
2525 | + | |
2526 | +full_search: | |
2527 | + for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { | |
2528 | + /* At this point: (!vma || addr < vma->vm_end). */ | |
2529 | + if (task_size - len < addr) { | |
2530 | + /* | |
2531 | + * Start a new search - just in case we missed | |
2532 | + * some holes. | |
2533 | + */ | |
2534 | + if (start_addr != mm->mmap_base) { | |
2535 | + start_addr = addr = mm->mmap_base; | |
2536 | + mm->cached_hole_size = 0; | |
2537 | + goto full_search; | |
2538 | + } | |
2539 | + return -ENOMEM; | |
2540 | + } | |
2541 | + if (!vma || addr + len <= vma->vm_start) { | |
2542 | + /* | |
2543 | + * Remember the place where we stopped the search: | |
2544 | + */ | |
2545 | + mm->free_area_cache = addr + len; | |
2546 | + return addr; | |
2547 | + } | |
2548 | + if (addr + mm->cached_hole_size < vma->vm_start) | |
2549 | + mm->cached_hole_size = vma->vm_start - addr; | |
2550 | + addr = vma->vm_end; | |
2551 | + if (mm->start_brk <= addr && addr < mm->mmap_base) { | |
2552 | + start_addr = addr = mm->mmap_base; | |
2553 | + goto full_search; | |
2554 | + } | |
2555 | + } | |
2556 | +} | |
2557 | + | |
2558 | +unsigned long | |
2559 | +arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | |
2560 | + const unsigned long len, const unsigned long pgoff, | |
2561 | + const unsigned long flags) | |
2562 | +{ | |
2563 | + struct vm_area_struct *vma; | |
2564 | + struct mm_struct *mm = current->mm; | |
2565 | + unsigned long base = mm->mmap_base, addr = addr0, task_size = TASK_SIZE; | |
2566 | + | |
2567 | +#ifdef CONFIG_PAX_SEGMEXEC | |
2568 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
2569 | + task_size = SEGMEXEC_TASK_SIZE; | |
2570 | +#endif | |
2571 | + | |
2572 | + /* requested length too big for entire address space */ | |
2573 | + if (len > task_size) | |
2574 | + return -ENOMEM; | |
2575 | + | |
2576 | +#ifdef CONFIG_PAX_PAGEEXEC | |
2577 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE)) | |
2578 | + goto bottomup; | |
2579 | +#endif | |
2580 | + | |
2581 | +#ifdef CONFIG_PAX_RANDMMAP | |
2582 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp) | |
2583 | +#endif | |
2584 | + | |
2585 | + /* requesting a specific address */ | |
2586 | + if (addr) { | |
2587 | + addr = PAGE_ALIGN(addr); | |
2588 | + vma = find_vma(mm, addr); | |
2589 | + if (task_size - len >= addr && | |
2590 | + (!vma || addr + len <= vma->vm_start)) | |
2591 | + return addr; | |
2592 | + } | |
2593 | + | |
2594 | + /* check if free_area_cache is useful for us */ | |
2595 | + if (len <= mm->cached_hole_size) { | |
2596 | + mm->cached_hole_size = 0; | |
2597 | + mm->free_area_cache = mm->mmap_base; | |
2598 | + } | |
2599 | + | |
2600 | + /* either no address requested or can't fit in requested address hole */ | |
2601 | + addr = mm->free_area_cache; | |
2602 | + | |
2603 | + /* make sure it can fit in the remaining address space */ | |
2604 | + if (addr > len) { | |
2605 | + vma = find_vma(mm, addr-len); | |
2606 | + if (!vma || addr <= vma->vm_start) | |
2607 | + /* remember the address as a hint for next time */ | |
2608 | + return (mm->free_area_cache = addr-len); | |
2609 | + } | |
2610 | + | |
2611 | + if (mm->mmap_base < len) | |
2612 | + goto bottomup; | |
2613 | + | |
2614 | + addr = mm->mmap_base-len; | |
2615 | + | |
2616 | + do { | |
2617 | + /* | |
2618 | + * Lookup failure means no vma is above this address, | |
2619 | + * else if new region fits below vma->vm_start, | |
2620 | + * return with success: | |
2621 | + */ | |
2622 | + vma = find_vma(mm, addr); | |
2623 | + if (!vma || addr+len <= vma->vm_start) | |
2624 | + /* remember the address as a hint for next time */ | |
2625 | + return (mm->free_area_cache = addr); | |
2626 | + | |
2627 | + /* remember the largest hole we saw so far */ | |
2628 | + if (addr + mm->cached_hole_size < vma->vm_start) | |
2629 | + mm->cached_hole_size = vma->vm_start - addr; | |
2630 | + | |
2631 | + /* try just below the current vma->vm_start */ | |
2632 | + addr = vma->vm_start-len; | |
2633 | + } while (len < vma->vm_start); | |
2634 | + | |
2635 | +bottomup: | |
2636 | + /* | |
2637 | + * A failed mmap() very likely causes application failure, | |
2638 | + * so fall back to the bottom-up function here. This scenario | |
2639 | + * can happen with large stack limits and large mmap() | |
2640 | + * allocations. | |
2641 | + */ | |
2642 | + mm->mmap_base = TASK_UNMAPPED_BASE; | |
2643 | + | |
2644 | +#ifdef CONFIG_PAX_RANDMMAP | |
2645 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
2646 | + mm->mmap_base += mm->delta_mmap; | |
2647 | +#endif | |
2648 | + | |
2649 | + mm->free_area_cache = mm->mmap_base; | |
2650 | + mm->cached_hole_size = ~0UL; | |
2651 | + addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | |
2652 | + /* | |
2653 | + * Restore the topdown base: | |
2654 | + */ | |
2655 | + mm->mmap_base = base; | |
2656 | + mm->free_area_cache = base; | |
2657 | + mm->cached_hole_size = ~0UL; | |
2658 | + | |
2659 | + return addr; | |
2660 | +} | |
2661 | ||
2662 | struct sel_arg_struct { | |
2663 | unsigned long n; | |
2664 | diff -urNp linux-2.6.19.1/arch/i386/kernel/time.c linux-2.6.19.1/arch/i386/kernel/time.c | |
2665 | --- linux-2.6.19.1/arch/i386/kernel/time.c 2006-11-29 16:57:37.000000000 -0500 | |
2666 | +++ linux-2.6.19.1/arch/i386/kernel/time.c 2006-12-10 21:43:36.000000000 -0500 | |
2667 | @@ -133,7 +133,7 @@ unsigned long profile_pc(struct pt_regs | |
2668 | unsigned long pc = instruction_pointer(regs); | |
2669 | ||
2670 | #ifdef CONFIG_SMP | |
2671 | - if (!user_mode_vm(regs) && in_lock_functions(pc)) { | |
2672 | + if (!user_mode(regs) && in_lock_functions(pc)) { | |
2673 | #ifdef CONFIG_FRAME_POINTER | |
2674 | return *(unsigned long *)(regs->ebp + 4); | |
2675 | #else | |
2676 | @@ -345,7 +345,7 @@ static struct sys_device device_timer = | |
2677 | .cls = &timer_sysclass, | |
2678 | }; | |
2679 | ||
2680 | -static int time_init_device(void) | |
2681 | +static int __init time_init_device(void) | |
2682 | { | |
2683 | int error = sysdev_class_register(&timer_sysclass); | |
2684 | if (!error) | |
2685 | diff -urNp linux-2.6.19.1/arch/i386/kernel/traps.c linux-2.6.19.1/arch/i386/kernel/traps.c | |
2686 | --- linux-2.6.19.1/arch/i386/kernel/traps.c 2006-11-29 16:57:37.000000000 -0500 | |
2687 | +++ linux-2.6.19.1/arch/i386/kernel/traps.c 2006-12-03 15:15:45.000000000 -0500 | |
2688 | @@ -29,6 +29,7 @@ | |
2689 | #include <linux/kexec.h> | |
2690 | #include <linux/unwind.h> | |
2691 | #include <linux/uaccess.h> | |
2692 | +#include <linux/binfmts.h> | |
2693 | ||
2694 | #ifdef CONFIG_EISA | |
2695 | #include <linux/ioport.h> | |
2696 | @@ -61,18 +62,10 @@ int panic_on_unrecovered_nmi; | |
2697 | ||
2698 | asmlinkage int system_call(void); | |
2699 | ||
2700 | -struct desc_struct default_ldt[] = { { 0, 0 }, { 0, 0 }, { 0, 0 }, | |
2701 | - { 0, 0 }, { 0, 0 } }; | |
2702 | - | |
2703 | /* Do we ignore FPU interrupts ? */ | |
2704 | char ignore_fpu_irq = 0; | |
2705 | ||
2706 | -/* | |
2707 | - * The IDT has to be page-aligned to simplify the Pentium | |
2708 | - * F0 0F bug workaround.. We have a special link segment | |
2709 | - * for this. | |
2710 | - */ | |
2711 | -struct desc_struct idt_table[256] __attribute__((__section__(".data.idt"))) = { {0, 0}, }; | |
2712 | +extern struct desc_struct idt_table[256]; | |
2713 | ||
2714 | asmlinkage void divide_error(void); | |
2715 | asmlinkage void debug(void); | |
2716 | @@ -146,7 +139,7 @@ static inline unsigned long print_contex | |
2717 | #else | |
2718 | while (valid_stack_ptr(tinfo, stack)) { | |
2719 | addr = *stack++; | |
2720 | - if (__kernel_text_address(addr)) | |
2721 | + if (__kernel_text_address(addr + __KERNEL_TEXT_OFFSET)) | |
2722 | ops->address(data, addr); | |
2723 | } | |
2724 | #endif | |
2725 | @@ -351,7 +344,7 @@ void show_registers(struct pt_regs *regs | |
2726 | ||
2727 | esp = (unsigned long) (®s->esp); | |
2728 | savesegment(ss, ss); | |
2729 | - if (user_mode_vm(regs)) { | |
2730 | + if (user_mode(regs)) { | |
2731 | in_kernel = 0; | |
2732 | esp = regs->esp; | |
2733 | ss = regs->xss & 0xffff; | |
2734 | @@ -382,13 +375,15 @@ void show_registers(struct pt_regs *regs | |
2735 | u8 __user *eip; | |
2736 | int code_bytes = 64; | |
2737 | unsigned char c; | |
2738 | + mm_segment_t old_fs = get_fs(); | |
2739 | ||
2740 | printk("\n" KERN_EMERG "Stack: "); | |
2741 | show_stack_log_lvl(NULL, regs, (unsigned long *)esp, KERN_EMERG); | |
2742 | ||
2743 | printk(KERN_EMERG "Code: "); | |
2744 | ||
2745 | - eip = (u8 __user *)regs->eip - 43; | |
2746 | + set_fs(KERNEL_DS); | |
2747 | + eip = (u8 __user *)regs->eip - 43 + __KERNEL_TEXT_OFFSET; | |
2748 | if (eip < (u8 __user *)PAGE_OFFSET || __get_user(c, eip)) { | |
2749 | /* try starting at EIP */ | |
2750 | eip = (u8 __user *)regs->eip; | |
2751 | @@ -399,26 +394,29 @@ void show_registers(struct pt_regs *regs | |
2752 | printk(" Bad EIP value."); | |
2753 | break; | |
2754 | } | |
2755 | - if (eip == (u8 __user *)regs->eip) | |
2756 | + if (eip == (u8 __user *)regs->eip + __KERNEL_TEXT_OFFSET) | |
2757 | printk("<%02x> ", c); | |
2758 | else | |
2759 | printk("%02x ", c); | |
2760 | } | |
2761 | + set_fs(old_fs); | |
2762 | } | |
2763 | printk("\n"); | |
2764 | } | |
2765 | ||
2766 | static void handle_BUG(struct pt_regs *regs) | |
2767 | { | |
2768 | - unsigned long eip = regs->eip; | |
2769 | + unsigned long eip = regs->eip + __KERNEL_TEXT_OFFSET; | |
2770 | unsigned short ud2; | |
2771 | + mm_segment_t old_fs = get_fs(); | |
2772 | ||
2773 | + set_fs(KERNEL_DS); | |
2774 | if (eip < PAGE_OFFSET) | |
2775 | - return; | |
2776 | + goto out; | |
2777 | if (probe_kernel_address((unsigned short __user *)eip, ud2)) | |
2778 | - return; | |
2779 | + goto out; | |
2780 | if (ud2 != 0x0b0f) | |
2781 | - return; | |
2782 | + goto out; | |
2783 | ||
2784 | printk(KERN_EMERG "------------[ cut here ]------------\n"); | |
2785 | ||
2786 | @@ -428,18 +426,21 @@ static void handle_BUG(struct pt_regs *r | |
2787 | char *file; | |
2788 | char c; | |
2789 | ||
2790 | - if (probe_kernel_address((unsigned short __user *)(eip + 2), | |
2791 | - line)) | |
2792 | + if (probe_kernel_address((unsigned short __user *)(eip + 7), line)) | |
2793 | break; | |
2794 | - if (__get_user(file, (char * __user *)(eip + 4)) || | |
2795 | - (unsigned long)file < PAGE_OFFSET || __get_user(c, file)) | |
2796 | + if (probe_kernel_address((char * __user *)(eip + 3), file) || | |
2797 | + file < _text + __KERNEL_TEXT_OFFSET) | |
2798 | + break; | |
2799 | + if (probe_kernel_address(file, c)) | |
2800 | file = "<bad filename>"; | |
2801 | - | |
2802 | printk(KERN_EMERG "kernel BUG at %s:%d!\n", file, line); | |
2803 | - return; | |
2804 | + goto out; | |
2805 | } while (0); | |
2806 | #endif | |
2807 | printk(KERN_EMERG "Kernel BUG at [verbose debug info unavailable]\n"); | |
2808 | + | |
2809 | +out: | |
2810 | + set_fs(old_fs); | |
2811 | } | |
2812 | ||
2813 | /* This is gone through when something in the kernel | |
2814 | @@ -538,7 +539,7 @@ void die(const char * str, struct pt_reg | |
2815 | ||
2816 | static inline void die_if_kernel(const char * str, struct pt_regs * regs, long err) | |
2817 | { | |
2818 | - if (!user_mode_vm(regs)) | |
2819 | + if (!user_mode(regs)) | |
2820 | die(str, regs, err); | |
2821 | } | |
2822 | ||
2823 | @@ -556,7 +557,7 @@ static void __kprobes do_trap(int trapnr | |
2824 | goto trap_signal; | |
2825 | } | |
2826 | ||
2827 | - if (!user_mode(regs)) | |
2828 | + if (!user_mode_novm(regs)) | |
2829 | goto kernel_trap; | |
2830 | ||
2831 | trap_signal: { | |
2832 | @@ -644,7 +645,7 @@ fastcall void __kprobes do_general_prote | |
2833 | long error_code) | |
2834 | { | |
2835 | int cpu = get_cpu(); | |
2836 | - struct tss_struct *tss = &per_cpu(init_tss, cpu); | |
2837 | + struct tss_struct *tss = &init_tss[cpu]; | |
2838 | struct thread_struct *thread = ¤t->thread; | |
2839 | ||
2840 | /* | |
2841 | @@ -680,9 +681,25 @@ fastcall void __kprobes do_general_prote | |
2842 | if (regs->eflags & VM_MASK) | |
2843 | goto gp_in_vm86; | |
2844 | ||
2845 | - if (!user_mode(regs)) | |
2846 | + if (!user_mode_novm(regs)) | |
2847 | goto gp_in_kernel; | |
2848 | ||
2849 | +#ifdef CONFIG_PAX_PAGEEXEC | |
2850 | + if (current->mm && (current->mm->pax_flags & MF_PAX_PAGEEXEC)) { | |
2851 | + struct mm_struct *mm = current->mm; | |
2852 | + unsigned long limit; | |
2853 | + | |
2854 | + down_write(&mm->mmap_sem); | |
2855 | + limit = mm->context.user_cs_limit; | |
2856 | + if (limit < TASK_SIZE) { | |
2857 | + track_exec_limit(mm, limit, TASK_SIZE, PROT_EXEC); | |
2858 | + up_write(&mm->mmap_sem); | |
2859 | + return; | |
2860 | + } | |
2861 | + up_write(&mm->mmap_sem); | |
2862 | + } | |
2863 | +#endif | |
2864 | + | |
2865 | current->thread.error_code = error_code; | |
2866 | current->thread.trap_no = 13; | |
2867 | force_sig(SIGSEGV, current); | |
2868 | @@ -698,6 +715,13 @@ gp_in_kernel: | |
2869 | if (notify_die(DIE_GPF, "general protection fault", regs, | |
2870 | error_code, 13, SIGSEGV) == NOTIFY_STOP) | |
2871 | return; | |
2872 | + | |
2873 | +#ifdef CONFIG_PAX_KERNEXEC | |
2874 | + if ((regs->xcs & 0xFFFF) == __KERNEL_CS) | |
2875 | + die("PAX: suspicious general protection fault", regs, error_code); | |
2876 | + else | |
2877 | +#endif | |
2878 | + | |
2879 | die("general protection fault", regs, error_code); | |
2880 | } | |
2881 | } | |
2882 | @@ -781,7 +805,7 @@ void __kprobes die_nmi(struct pt_regs *r | |
2883 | /* If we are in kernel we are probably nested up pretty bad | |
2884 | * and might aswell get out now while we still can. | |
2885 | */ | |
2886 | - if (!user_mode_vm(regs)) { | |
2887 | + if (!user_mode(regs)) { | |
2888 | current->thread.trap_no = 2; | |
2889 | crash_kexec(regs); | |
2890 | } | |
2891 | @@ -913,7 +937,7 @@ fastcall void __kprobes do_debug(struct | |
2892 | * check for kernel mode by just checking the CPL | |
2893 | * of CS. | |
2894 | */ | |
2895 | - if (!user_mode(regs)) | |
2896 | + if (!user_mode_novm(regs)) | |
2897 | goto clear_TF_reenable; | |
2898 | } | |
2899 | ||
2900 | @@ -1189,7 +1213,19 @@ void __init trap_init_f00f_bug(void) | |
2901 | */ | |
2902 | void set_intr_gate(unsigned int n, void *addr) | |
2903 | { | |
2904 | + | |
2905 | +#ifdef CONFIG_PAX_KERNEXEC | |
2906 | + unsigned long cr0; | |
2907 | + | |
2908 | + pax_open_kernel(cr0); | |
2909 | +#endif | |
2910 | + | |
2911 | _set_gate(n, DESCTYPE_INT, addr, __KERNEL_CS); | |
2912 | + | |
2913 | +#ifdef CONFIG_PAX_KERNEXEC | |
2914 | + pax_close_kernel(cr0); | |
2915 | +#endif | |
2916 | + | |
2917 | } | |
2918 | ||
2919 | /* | |
2920 | diff -urNp linux-2.6.19.1/arch/i386/kernel/vm86.c linux-2.6.19.1/arch/i386/kernel/vm86.c | |
2921 | --- linux-2.6.19.1/arch/i386/kernel/vm86.c 2006-11-29 16:57:37.000000000 -0500 | |
2922 | +++ linux-2.6.19.1/arch/i386/kernel/vm86.c 2006-12-03 15:15:45.000000000 -0500 | |
2923 | @@ -122,7 +122,7 @@ struct pt_regs * fastcall save_v86_state | |
2924 | do_exit(SIGSEGV); | |
2925 | } | |
2926 | ||
2927 | - tss = &per_cpu(init_tss, get_cpu()); | |
2928 | + tss = init_tss + get_cpu(); | |
2929 | current->thread.esp0 = current->thread.saved_esp0; | |
2930 | current->thread.sysenter_cs = __KERNEL_CS; | |
2931 | load_esp0(tss, ¤t->thread); | |
2932 | @@ -296,7 +296,7 @@ static void do_sys_vm86(struct kernel_vm | |
2933 | savesegment(fs, tsk->thread.saved_fs); | |
2934 | savesegment(gs, tsk->thread.saved_gs); | |
2935 | ||
2936 | - tss = &per_cpu(init_tss, get_cpu()); | |
2937 | + tss = init_tss + get_cpu(); | |
2938 | tsk->thread.esp0 = (unsigned long) &info->VM86_TSS_ESP0; | |
2939 | if (cpu_has_sep) | |
2940 | tsk->thread.sysenter_cs = 0; | |
2941 | diff -urNp linux-2.6.19.1/arch/i386/kernel/vmlinux.lds.S linux-2.6.19.1/arch/i386/kernel/vmlinux.lds.S | |
2942 | --- linux-2.6.19.1/arch/i386/kernel/vmlinux.lds.S 2006-11-29 16:57:37.000000000 -0500 | |
2943 | +++ linux-2.6.19.1/arch/i386/kernel/vmlinux.lds.S 2006-12-03 15:15:45.000000000 -0500 | |
2944 | @@ -8,6 +8,13 @@ | |
2945 | #include <asm/thread_info.h> | |
2946 | #include <asm/page.h> | |
2947 | #include <asm/cache.h> | |
2948 | +#include <asm/segment.h> | |
2949 | + | |
2950 | +#ifdef CONFIG_X86_PAE | |
2951 | +#define PMD_SHIFT 21 | |
2952 | +#else | |
2953 | +#define PMD_SHIFT 22 | |
2954 | +#endif | |
2955 | ||
2956 | OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386") | |
2957 | OUTPUT_ARCH(i386) | |
2958 | @@ -16,31 +23,133 @@ jiffies = jiffies_64; | |
2959 | ||
2960 | PHDRS { | |
2961 | text PT_LOAD FLAGS(5); /* R_E */ | |
2962 | - data PT_LOAD FLAGS(7); /* RWE */ | |
2963 | + data PT_LOAD FLAGS(6); /* RW_ */ | |
2964 | note PT_NOTE FLAGS(4); /* R__ */ | |
2965 | } | |
2966 | SECTIONS | |
2967 | { | |
2968 | . = __KERNEL_START; | |
2969 | - phys_startup_32 = startup_32 - LOAD_OFFSET; | |
2970 | + phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET; | |
2971 | + | |
2972 | + .text.startup : AT(ADDR(.text.startup) - LOAD_OFFSET) { | |
2973 | + BYTE(0xEA) /* jmp far */ | |
2974 | + LONG(phys_startup_32) | |
2975 | + SHORT(__BOOT_CS) | |
2976 | + } :text = 0x9090 | |
2977 | + | |
2978 | + /* might get freed after init */ | |
2979 | + . = ALIGN(4096); | |
2980 | + __smp_alt_begin = .; | |
2981 | + __smp_alt_instructions = .; | |
2982 | + .smp_altinstructions : AT(ADDR(.smp_altinstructions) - LOAD_OFFSET) { | |
2983 | + *(.smp_altinstructions) | |
2984 | + } | |
2985 | + __smp_alt_instructions_end = .; | |
2986 | + . = ALIGN(4); | |
2987 | + __smp_locks = .; | |
2988 | + .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) { | |
2989 | + *(.smp_locks) | |
2990 | + } | |
2991 | + __smp_locks_end = .; | |
2992 | + .smp_altinstr_replacement : AT(ADDR(.smp_altinstr_replacement) - LOAD_OFFSET) { | |
2993 | + *(.smp_altinstr_replacement) | |
2994 | + } | |
2995 | + . = ALIGN(4096); | |
2996 | + __smp_alt_end = .; | |
2997 | + | |
2998 | + /* will be freed after init */ | |
2999 | + . = ALIGN(4096); /* Init code and data */ | |
3000 | + __init_begin = .; | |
3001 | + .init.data : AT(ADDR(.init.data) - LOAD_OFFSET) { *(.init.data) } | |
3002 | + . = ALIGN(16); | |
3003 | + __setup_start = .; | |
3004 | + .init.setup : AT(ADDR(.init.setup) - LOAD_OFFSET) { *(.init.setup) } | |
3005 | + __setup_end = .; | |
3006 | + __initcall_start = .; | |
3007 | + .initcall.init : AT(ADDR(.initcall.init) - LOAD_OFFSET) { | |
3008 | + INITCALLS | |
3009 | + } | |
3010 | + __initcall_end = .; | |
3011 | + __con_initcall_start = .; | |
3012 | + .con_initcall.init : AT(ADDR(.con_initcall.init) - LOAD_OFFSET) { | |
3013 | + *(.con_initcall.init) | |
3014 | + } | |
3015 | + __con_initcall_end = .; | |
3016 | + SECURITY_INIT | |
3017 | + . = ALIGN(4); | |
3018 | + __alt_instructions = .; | |
3019 | + .altinstructions : AT(ADDR(.altinstructions) - LOAD_OFFSET) { | |
3020 | + *(.altinstructions) | |
3021 | + } | |
3022 | + __alt_instructions_end = .; | |
3023 | + .altinstr_replacement : AT(ADDR(.altinstr_replacement) - LOAD_OFFSET) { | |
3024 | + *(.altinstr_replacement) | |
3025 | + } | |
3026 | + | |
3027 | + .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) { *(.exit.data) } | |
3028 | + . = ALIGN(4096); | |
3029 | + __initramfs_start = .; | |
3030 | + .init.ramfs : AT(ADDR(.init.ramfs) - LOAD_OFFSET) { *(.init.ramfs) } | |
3031 | + __initramfs_end = .; | |
3032 | + . = ALIGN(L1_CACHE_BYTES); | |
3033 | + __per_cpu_start = .; | |
3034 | + .data.percpu : AT(ADDR(.data.percpu) - LOAD_OFFSET) { *(.data.percpu) } | |
3035 | + __per_cpu_end = .; | |
3036 | + | |
3037 | /* read-only */ | |
3038 | + | |
3039 | + . = ALIGN(4096); | |
3040 | + .init.text (. - __KERNEL_TEXT_OFFSET) : AT(ADDR(.init.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { | |
3041 | + _sinittext = .; | |
3042 | + *(.init.text) | |
3043 | + _einittext = .; | |
3044 | + } | |
3045 | + | |
3046 | + /* .exit.text is discard at runtime, not link time, to deal with references | |
3047 | + from .altinstructions and .eh_frame */ | |
3048 | + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { *(.exit.text) } | |
3049 | + | |
3050 | +#ifdef CONFIG_PAX_KERNEXEC | |
3051 | + .text.align : AT(ADDR(.text.align) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { | |
3052 | + . = ALIGN(__KERNEL_TEXT_OFFSET - LOAD_OFFSET) - 1; | |
3053 | + BYTE(0) | |
3054 | + } | |
3055 | +#else | |
3056 | + . = ALIGN(4096); | |
3057 | +#endif | |
3058 | + | |
3059 | + __init_end = . + __KERNEL_TEXT_OFFSET; | |
3060 | + /* freed after init ends here */ | |
3061 | + | |
3062 | _text = .; /* Text and read-only data */ | |
3063 | - .text : AT(ADDR(.text) - LOAD_OFFSET) { | |
3064 | + .text : AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { | |
3065 | *(.text) | |
3066 | SCHED_TEXT | |
3067 | LOCK_TEXT | |
3068 | KPROBES_TEXT | |
3069 | *(.fixup) | |
3070 | *(.gnu.warning) | |
3071 | - } :text = 0x9090 | |
3072 | + } | |
3073 | ||
3074 | _etext = .; /* End of text section */ | |
3075 | - | |
3076 | + . += __KERNEL_TEXT_OFFSET; | |
3077 | . = ALIGN(16); /* Exception table */ | |
3078 | __start___ex_table = .; | |
3079 | __ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) { *(__ex_table) } | |
3080 | __stop___ex_table = .; | |
3081 | ||
3082 | + . = ALIGN(4096); | |
3083 | + .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) { | |
3084 | + *(.empty_zero_page) | |
3085 | + | |
3086 | +#ifdef CONFIG_X86_PAE | |
3087 | + *(.swapper_pm_dir) | |
3088 | +#endif | |
3089 | + | |
3090 | + *(.swapper_pg_dir) | |
3091 | + *(.idt) | |
3092 | + } | |
3093 | + | |
3094 | RODATA | |
3095 | ||
3096 | . = ALIGN(4); | |
3097 | @@ -50,9 +159,25 @@ SECTIONS | |
3098 | } | |
3099 | __tracedata_end = .; | |
3100 | ||
3101 | +#ifdef CONFIG_PAX_KERNEXEC | |
3102 | + . = ALIGN(4096); | |
3103 | + MODULES_VADDR = .; | |
3104 | + | |
3105 | + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) { | |
3106 | + . += (4 * 1024 * 1024); | |
3107 | + . = ALIGN(1 << PMD_SHIFT) - 1; | |
3108 | + BYTE(0) | |
3109 | + } | |
3110 | + | |
3111 | + MODULES_END = .; | |
3112 | +#else | |
3113 | + . = ALIGN(32); | |
3114 | +#endif | |
3115 | + | |
3116 | /* writeable */ | |
3117 | . = ALIGN(4096); | |
3118 | .data : AT(ADDR(.data) - LOAD_OFFSET) { /* Data */ | |
3119 | + _data = .; | |
3120 | *(.data) | |
3121 | CONSTRUCTORS | |
3122 | } :data | |
3123 | @@ -63,11 +188,6 @@ SECTIONS | |
3124 | . = ALIGN(4096); | |
3125 | __nosave_end = .; | |
3126 | ||
3127 | - . = ALIGN(4096); | |
3128 | - .data.page_aligned : AT(ADDR(.data.page_aligned) - LOAD_OFFSET) { | |
3129 | - *(.data.idt) | |
3130 | - } | |
3131 | - | |
3132 | . = ALIGN(32); | |
3133 | .data.cacheline_aligned : AT(ADDR(.data.cacheline_aligned) - LOAD_OFFSET) { | |
3134 | *(.data.cacheline_aligned) | |
3135 | @@ -76,7 +196,6 @@ SECTIONS | |
3136 | /* rarely changed data like cpu maps */ | |
3137 | . = ALIGN(32); | |
3138 | .data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) { *(.data.read_mostly) } | |
3139 | - _edata = .; /* End of data section */ | |
3140 | ||
3141 | #ifdef CONFIG_STACK_UNWIND | |
3142 | . = ALIGN(4); | |
3143 | @@ -92,75 +211,9 @@ SECTIONS | |
3144 | *(.data.init_task) | |
3145 | } | |
3146 | ||
3147 | - /* might get freed after init */ | |
3148 | - . = ALIGN(4096); | |
3149 | - __smp_alt_begin = .; | |
3150 | - __smp_alt_instructions = .; | |
3151 | - .smp_altinstructions : AT(ADDR(.smp_altinstructions) - LOAD_OFFSET) { | |
3152 | - *(.smp_altinstructions) | |
3153 | - } | |
3154 | - __smp_alt_instructions_end = .; | |
3155 | - . = ALIGN(4); | |
3156 | - __smp_locks = .; | |
3157 | - .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) { | |
3158 | - *(.smp_locks) | |
3159 | - } | |
3160 | - __smp_locks_end = .; | |
3161 | - .smp_altinstr_replacement : AT(ADDR(.smp_altinstr_replacement) - LOAD_OFFSET) { | |
3162 | - *(.smp_altinstr_replacement) | |
3163 | - } | |
3164 | - . = ALIGN(4096); | |
3165 | - __smp_alt_end = .; | |
3166 | + _edata = .; /* End of data section */ | |
3167 | ||
3168 | - /* will be freed after init */ | |
3169 | - . = ALIGN(4096); /* Init code and data */ | |
3170 | - __init_begin = .; | |
3171 | - .init.text : AT(ADDR(.init.text) - LOAD_OFFSET) { | |
3172 | - _sinittext = .; | |
3173 | - *(.init.text) | |
3174 | - _einittext = .; | |
3175 | - } | |
3176 | - .init.data : AT(ADDR(.init.data) - LOAD_OFFSET) { *(.init.data) } | |
3177 | - . = ALIGN(16); | |
3178 | - __setup_start = .; | |
3179 | - .init.setup : AT(ADDR(.init.setup) - LOAD_OFFSET) { *(.init.setup) } | |
3180 | - __setup_end = .; | |
3181 | - __initcall_start = .; | |
3182 | - .initcall.init : AT(ADDR(.initcall.init) - LOAD_OFFSET) { | |
3183 | - INITCALLS | |
3184 | - } | |
3185 | - __initcall_end = .; | |
3186 | - __con_initcall_start = .; | |
3187 | - .con_initcall.init : AT(ADDR(.con_initcall.init) - LOAD_OFFSET) { | |
3188 | - *(.con_initcall.init) | |
3189 | - } | |
3190 | - __con_initcall_end = .; | |
3191 | - SECURITY_INIT | |
3192 | - . = ALIGN(4); | |
3193 | - __alt_instructions = .; | |
3194 | - .altinstructions : AT(ADDR(.altinstructions) - LOAD_OFFSET) { | |
3195 | - *(.altinstructions) | |
3196 | - } | |
3197 | - __alt_instructions_end = .; | |
3198 | - .altinstr_replacement : AT(ADDR(.altinstr_replacement) - LOAD_OFFSET) { | |
3199 | - *(.altinstr_replacement) | |
3200 | - } | |
3201 | - /* .exit.text is discard at runtime, not link time, to deal with references | |
3202 | - from .altinstructions and .eh_frame */ | |
3203 | - .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) { *(.exit.text) } | |
3204 | - .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) { *(.exit.data) } | |
3205 | - . = ALIGN(4096); | |
3206 | - __initramfs_start = .; | |
3207 | - .init.ramfs : AT(ADDR(.init.ramfs) - LOAD_OFFSET) { *(.init.ramfs) } | |
3208 | - __initramfs_end = .; | |
3209 | - . = ALIGN(L1_CACHE_BYTES); | |
3210 | - __per_cpu_start = .; | |
3211 | - .data.percpu : AT(ADDR(.data.percpu) - LOAD_OFFSET) { *(.data.percpu) } | |
3212 | - __per_cpu_end = .; | |
3213 | . = ALIGN(4096); | |
3214 | - __init_end = .; | |
3215 | - /* freed after init ends here */ | |
3216 | - | |
3217 | __bss_start = .; /* BSS */ | |
3218 | .bss.page_aligned : AT(ADDR(.bss.page_aligned) - LOAD_OFFSET) { | |
3219 | *(.bss.page_aligned) | |
3220 | diff -urNp linux-2.6.19.1/arch/i386/lib/checksum.S linux-2.6.19.1/arch/i386/lib/checksum.S | |
3221 | --- linux-2.6.19.1/arch/i386/lib/checksum.S 2006-11-29 16:57:37.000000000 -0500 | |
3222 | +++ linux-2.6.19.1/arch/i386/lib/checksum.S 2006-12-03 15:15:45.000000000 -0500 | |
3223 | @@ -26,7 +26,8 @@ | |
3224 | */ | |
3225 | ||
3226 | #include <asm/errno.h> | |
3227 | - | |
3228 | +#include <asm/segment.h> | |
3229 | + | |
3230 | /* | |
3231 | * computes a partial checksum, e.g. for TCP/UDP fragments | |
3232 | */ | |
3233 | @@ -280,12 +281,23 @@ unsigned int csum_partial_copy_generic ( | |
3234 | ||
3235 | .align 4 | |
3236 | .globl csum_partial_copy_generic | |
3237 | - | |
3238 | +.globl csum_partial_copy_generic_to_user | |
3239 | +.globl csum_partial_copy_generic_from_user | |
3240 | + | |
3241 | #ifndef CONFIG_X86_USE_PPRO_CHECKSUM | |
3242 | ||
3243 | #define ARGBASE 16 | |
3244 | #define FP 12 | |
3245 | - | |
3246 | + | |
3247 | +csum_partial_copy_generic_to_user: | |
3248 | + pushl $(__USER_DS) | |
3249 | + popl %es | |
3250 | + jmp csum_partial_copy_generic | |
3251 | + | |
3252 | +csum_partial_copy_generic_from_user: | |
3253 | + pushl $(__USER_DS) | |
3254 | + popl %ds | |
3255 | + | |
3256 | csum_partial_copy_generic: | |
3257 | subl $4,%esp | |
3258 | pushl %edi | |
3259 | @@ -304,7 +316,7 @@ csum_partial_copy_generic: | |
3260 | jmp 4f | |
3261 | SRC(1: movw (%esi), %bx ) | |
3262 | addl $2, %esi | |
3263 | -DST( movw %bx, (%edi) ) | |
3264 | +DST( movw %bx, %es:(%edi) ) | |
3265 | addl $2, %edi | |
3266 | addw %bx, %ax | |
3267 | adcl $0, %eax | |
3268 | @@ -316,30 +328,30 @@ DST( movw %bx, (%edi) ) | |
3269 | SRC(1: movl (%esi), %ebx ) | |
3270 | SRC( movl 4(%esi), %edx ) | |
3271 | adcl %ebx, %eax | |
3272 | -DST( movl %ebx, (%edi) ) | |
3273 | +DST( movl %ebx, %es:(%edi) ) | |
3274 | adcl %edx, %eax | |
3275 | -DST( movl %edx, 4(%edi) ) | |
3276 | +DST( movl %edx, %es:4(%edi) ) | |
3277 | ||
3278 | SRC( movl 8(%esi), %ebx ) | |
3279 | SRC( movl 12(%esi), %edx ) | |
3280 | adcl %ebx, %eax | |
3281 | -DST( movl %ebx, 8(%edi) ) | |
3282 | +DST( movl %ebx, %es:8(%edi) ) | |
3283 | adcl %edx, %eax | |
3284 | -DST( movl %edx, 12(%edi) ) | |
3285 | +DST( movl %edx, %es:12(%edi) ) | |
3286 | ||
3287 | SRC( movl 16(%esi), %ebx ) | |
3288 | SRC( movl 20(%esi), %edx ) | |
3289 | adcl %ebx, %eax | |
3290 | -DST( movl %ebx, 16(%edi) ) | |
3291 | +DST( movl %ebx, %es:16(%edi) ) | |
3292 | adcl %edx, %eax | |
3293 | -DST( movl %edx, 20(%edi) ) | |
3294 | +DST( movl %edx, %es:20(%edi) ) | |
3295 | ||
3296 | SRC( movl 24(%esi), %ebx ) | |
3297 | SRC( movl 28(%esi), %edx ) | |
3298 | adcl %ebx, %eax | |
3299 | -DST( movl %ebx, 24(%edi) ) | |
3300 | +DST( movl %ebx, %es:24(%edi) ) | |
3301 | adcl %edx, %eax | |
3302 | -DST( movl %edx, 28(%edi) ) | |
3303 | +DST( movl %edx, %es:28(%edi) ) | |
3304 | ||
3305 | lea 32(%esi), %esi | |
3306 | lea 32(%edi), %edi | |
3307 | @@ -353,7 +365,7 @@ DST( movl %edx, 28(%edi) ) | |
3308 | shrl $2, %edx # This clears CF | |
3309 | SRC(3: movl (%esi), %ebx ) | |
3310 | adcl %ebx, %eax | |
3311 | -DST( movl %ebx, (%edi) ) | |
3312 | +DST( movl %ebx, %es:(%edi) ) | |
3313 | lea 4(%esi), %esi | |
3314 | lea 4(%edi), %edi | |
3315 | dec %edx | |
3316 | @@ -365,12 +377,12 @@ DST( movl %ebx, (%edi) ) | |
3317 | jb 5f | |
3318 | SRC( movw (%esi), %cx ) | |
3319 | leal 2(%esi), %esi | |
3320 | -DST( movw %cx, (%edi) ) | |
3321 | +DST( movw %cx, %es:(%edi) ) | |
3322 | leal 2(%edi), %edi | |
3323 | je 6f | |
3324 | shll $16,%ecx | |
3325 | SRC(5: movb (%esi), %cl ) | |
3326 | -DST( movb %cl, (%edi) ) | |
3327 | +DST( movb %cl, %es:(%edi) ) | |
3328 | 6: addl %ecx, %eax | |
3329 | adcl $0, %eax | |
3330 | 7: | |
3331 | @@ -381,7 +393,7 @@ DST( movb %cl, (%edi) ) | |
3332 | ||
3333 | 6001: | |
3334 | movl ARGBASE+20(%esp), %ebx # src_err_ptr | |
3335 | - movl $-EFAULT, (%ebx) | |
3336 | + movl $-EFAULT, %ss:(%ebx) | |
3337 | ||
3338 | # zero the complete destination - computing the rest | |
3339 | # is too much work | |
3340 | @@ -394,11 +406,15 @@ DST( movb %cl, (%edi) ) | |
3341 | ||
3342 | 6002: | |
3343 | movl ARGBASE+24(%esp), %ebx # dst_err_ptr | |
3344 | - movl $-EFAULT,(%ebx) | |
3345 | + movl $-EFAULT,%ss:(%ebx) | |
3346 | jmp 5000b | |
3347 | ||
3348 | .previous | |
3349 | ||
3350 | + pushl %ss | |
3351 | + popl %ds | |
3352 | + pushl %ss | |
3353 | + popl %es | |
3354 | popl %ebx | |
3355 | popl %esi | |
3356 | popl %edi | |
3357 | @@ -410,17 +426,28 @@ DST( movb %cl, (%edi) ) | |
3358 | /* Version for PentiumII/PPro */ | |
3359 | ||
3360 | #define ROUND1(x) \ | |
3361 | + nop; nop; nop; \ | |
3362 | SRC(movl x(%esi), %ebx ) ; \ | |
3363 | addl %ebx, %eax ; \ | |
3364 | - DST(movl %ebx, x(%edi) ) ; | |
3365 | + DST(movl %ebx, %es:x(%edi)); | |
3366 | ||
3367 | #define ROUND(x) \ | |
3368 | + nop; nop; nop; \ | |
3369 | SRC(movl x(%esi), %ebx ) ; \ | |
3370 | adcl %ebx, %eax ; \ | |
3371 | - DST(movl %ebx, x(%edi) ) ; | |
3372 | + DST(movl %ebx, %es:x(%edi)); | |
3373 | ||
3374 | #define ARGBASE 12 | |
3375 | - | |
3376 | + | |
3377 | +csum_partial_copy_generic_to_user: | |
3378 | + pushl $(__USER_DS) | |
3379 | + popl %es | |
3380 | + jmp csum_partial_copy_generic | |
3381 | + | |
3382 | +csum_partial_copy_generic_from_user: | |
3383 | + pushl $(__USER_DS) | |
3384 | + popl %ds | |
3385 | + | |
3386 | csum_partial_copy_generic: | |
3387 | pushl %ebx | |
3388 | pushl %edi | |
3389 | @@ -439,7 +466,7 @@ csum_partial_copy_generic: | |
3390 | subl %ebx, %edi | |
3391 | lea -1(%esi),%edx | |
3392 | andl $-32,%edx | |
3393 | - lea 3f(%ebx,%ebx), %ebx | |
3394 | + lea 3f(%ebx,%ebx,2), %ebx | |
3395 | testl %esi, %esi | |
3396 | jmp *%ebx | |
3397 | 1: addl $64,%esi | |
3398 | @@ -460,19 +487,19 @@ csum_partial_copy_generic: | |
3399 | jb 5f | |
3400 | SRC( movw (%esi), %dx ) | |
3401 | leal 2(%esi), %esi | |
3402 | -DST( movw %dx, (%edi) ) | |
3403 | +DST( movw %dx, %es:(%edi) ) | |
3404 | leal 2(%edi), %edi | |
3405 | je 6f | |
3406 | shll $16,%edx | |
3407 | 5: | |
3408 | SRC( movb (%esi), %dl ) | |
3409 | -DST( movb %dl, (%edi) ) | |
3410 | +DST( movb %dl, %es:(%edi) ) | |
3411 | 6: addl %edx, %eax | |
3412 | adcl $0, %eax | |
3413 | 7: | |
3414 | .section .fixup, "ax" | |
3415 | 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr | |
3416 | - movl $-EFAULT, (%ebx) | |
3417 | + movl $-EFAULT, %ss:(%ebx) | |
3418 | # zero the complete destination (computing the rest is too much work) | |
3419 | movl ARGBASE+8(%esp),%edi # dst | |
3420 | movl ARGBASE+12(%esp),%ecx # len | |
3421 | @@ -480,10 +507,14 @@ DST( movb %dl, (%edi) ) | |
3422 | rep; stosb | |
3423 | jmp 7b | |
3424 | 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr | |
3425 | - movl $-EFAULT, (%ebx) | |
3426 | + movl $-EFAULT, %ss:(%ebx) | |
3427 | jmp 7b | |
3428 | .previous | |
3429 | ||
3430 | + pushl %ss | |
3431 | + popl %ds | |
3432 | + pushl %ss | |
3433 | + popl %es | |
3434 | popl %esi | |
3435 | popl %edi | |
3436 | popl %ebx | |
3437 | diff -urNp linux-2.6.19.1/arch/i386/lib/getuser.S linux-2.6.19.1/arch/i386/lib/getuser.S | |
3438 | --- linux-2.6.19.1/arch/i386/lib/getuser.S 2006-11-29 16:57:37.000000000 -0500 | |
3439 | +++ linux-2.6.19.1/arch/i386/lib/getuser.S 2006-12-03 15:15:45.000000000 -0500 | |
3440 | @@ -9,6 +9,7 @@ | |
3441 | * return value. | |
3442 | */ | |
3443 | #include <asm/thread_info.h> | |
3444 | +#include <asm/segment.h> | |
3445 | ||
3446 | ||
3447 | /* | |
3448 | @@ -30,8 +31,12 @@ __get_user_1: | |
3449 | GET_THREAD_INFO(%edx) | |
3450 | cmpl TI_addr_limit(%edx),%eax | |
3451 | jae bad_get_user | |
3452 | + pushl $(__USER_DS) | |
3453 | + popl %ds | |
3454 | 1: movzbl (%eax),%edx | |
3455 | xorl %eax,%eax | |
3456 | + pushl %ss | |
3457 | + pop %ds | |
3458 | ret | |
3459 | ||
3460 | .align 4 | |
3461 | @@ -42,7 +47,11 @@ __get_user_2: | |
3462 | GET_THREAD_INFO(%edx) | |
3463 | cmpl TI_addr_limit(%edx),%eax | |
3464 | jae bad_get_user | |
3465 | + pushl $(__USER_DS) | |
3466 | + popl %ds | |
3467 | 2: movzwl -1(%eax),%edx | |
3468 | + pushl %ss | |
3469 | + pop %ds | |
3470 | xorl %eax,%eax | |
3471 | ret | |
3472 | ||
3473 | @@ -54,11 +63,17 @@ __get_user_4: | |
3474 | GET_THREAD_INFO(%edx) | |
3475 | cmpl TI_addr_limit(%edx),%eax | |
3476 | jae bad_get_user | |
3477 | + pushl $(__USER_DS) | |
3478 | + popl %ds | |
3479 | 3: movl -3(%eax),%edx | |
3480 | + pushl %ss | |
3481 | + pop %ds | |
3482 | xorl %eax,%eax | |
3483 | ret | |
3484 | ||
3485 | bad_get_user: | |
3486 | + pushl %ss | |
3487 | + pop %ds | |
3488 | xorl %edx,%edx | |
3489 | movl $-14,%eax | |
3490 | ret | |
3491 | diff -urNp linux-2.6.19.1/arch/i386/lib/mmx.c linux-2.6.19.1/arch/i386/lib/mmx.c | |
3492 | --- linux-2.6.19.1/arch/i386/lib/mmx.c 2006-11-29 16:57:37.000000000 -0500 | |
3493 | +++ linux-2.6.19.1/arch/i386/lib/mmx.c 2006-12-03 15:15:45.000000000 -0500 | |
3494 | @@ -47,14 +47,30 @@ void *_mmx_memcpy(void *to, const void * | |
3495 | " prefetch 256(%0)\n" | |
3496 | "2: \n" | |
3497 | ".section .fixup, \"ax\"\n" | |
3498 | - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
3499 | + "3: \n" | |
3500 | + | |
3501 | +#ifdef CONFIG_PAX_KERNEXEC | |
3502 | + " cli\n" | |
3503 | + " movl %%cr0, %%eax\n" | |
3504 | + " andl $0xFFFEFFFF, %%eax\n" | |
3505 | + " movl %%eax, %%cr0\n" | |
3506 | +#endif | |
3507 | + | |
3508 | + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
3509 | + | |
3510 | +#ifdef CONFIG_PAX_KERNEXEC | |
3511 | + " orl $0x00010000, %%eax\n" | |
3512 | + " movl %%eax, %%cr0\n" | |
3513 | + " sti\n" | |
3514 | +#endif | |
3515 | + | |
3516 | " jmp 2b\n" | |
3517 | ".previous\n" | |
3518 | ".section __ex_table,\"a\"\n" | |
3519 | " .align 4\n" | |
3520 | " .long 1b, 3b\n" | |
3521 | ".previous" | |
3522 | - : : "r" (from) ); | |
3523 | + : : "r" (from) : "ax"); | |
3524 | ||
3525 | ||
3526 | for(; i>5; i--) | |
3527 | @@ -78,14 +94,30 @@ void *_mmx_memcpy(void *to, const void * | |
3528 | " movq %%mm2, 48(%1)\n" | |
3529 | " movq %%mm3, 56(%1)\n" | |
3530 | ".section .fixup, \"ax\"\n" | |
3531 | - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
3532 | + "3:\n" | |
3533 | + | |
3534 | +#ifdef CONFIG_PAX_KERNEXEC | |
3535 | + " cli\n" | |
3536 | + " movl %%cr0, %%eax\n" | |
3537 | + " andl $0xFFFEFFFF, %%eax\n" | |
3538 | + " movl %%eax, %%cr0\n" | |
3539 | +#endif | |
3540 | + | |
3541 | + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
3542 | + | |
3543 | +#ifdef CONFIG_PAX_KERNEXEC | |
3544 | + " orl $0x00010000, %%eax\n" | |
3545 | + " movl %%eax, %%cr0\n" | |
3546 | + " sti\n" | |
3547 | +#endif | |
3548 | + | |
3549 | " jmp 2b\n" | |
3550 | ".previous\n" | |
3551 | ".section __ex_table,\"a\"\n" | |
3552 | " .align 4\n" | |
3553 | " .long 1b, 3b\n" | |
3554 | ".previous" | |
3555 | - : : "r" (from), "r" (to) : "memory"); | |
3556 | + : : "r" (from), "r" (to) : "memory", "ax"); | |
3557 | from+=64; | |
3558 | to+=64; | |
3559 | } | |
3560 | @@ -178,14 +210,30 @@ static void fast_copy_page(void *to, voi | |
3561 | " prefetch 256(%0)\n" | |
3562 | "2: \n" | |
3563 | ".section .fixup, \"ax\"\n" | |
3564 | - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
3565 | + "3: \n" | |
3566 | + | |
3567 | +#ifdef CONFIG_PAX_KERNEXEC | |
3568 | + " cli\n" | |
3569 | + " movl %%cr0, %%eax\n" | |
3570 | + " andl $0xFFFEFFFF, %%eax\n" | |
3571 | + " movl %%eax, %%cr0\n" | |
3572 | +#endif | |
3573 | + | |
3574 | + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
3575 | + | |
3576 | +#ifdef CONFIG_PAX_KERNEXEC | |
3577 | + " orl $0x00010000, %%eax\n" | |
3578 | + " movl %%eax, %%cr0\n" | |
3579 | + " sti\n" | |
3580 | +#endif | |
3581 | + | |
3582 | " jmp 2b\n" | |
3583 | ".previous\n" | |
3584 | ".section __ex_table,\"a\"\n" | |
3585 | " .align 4\n" | |
3586 | " .long 1b, 3b\n" | |
3587 | ".previous" | |
3588 | - : : "r" (from) ); | |
3589 | + : : "r" (from) : "ax"); | |
3590 | ||
3591 | for(i=0; i<(4096-320)/64; i++) | |
3592 | { | |
3593 | @@ -208,14 +256,30 @@ static void fast_copy_page(void *to, voi | |
3594 | " movq 56(%0), %%mm7\n" | |
3595 | " movntq %%mm7, 56(%1)\n" | |
3596 | ".section .fixup, \"ax\"\n" | |
3597 | - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
3598 | + "3:\n" | |
3599 | + | |
3600 | +#ifdef CONFIG_PAX_KERNEXEC | |
3601 | + " cli\n" | |
3602 | + " movl %%cr0, %%eax\n" | |
3603 | + " andl $0xFFFEFFFF, %%eax\n" | |
3604 | + " movl %%eax, %%cr0\n" | |
3605 | +#endif | |
3606 | + | |
3607 | + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
3608 | + | |
3609 | +#ifdef CONFIG_PAX_KERNEXEC | |
3610 | + " orl $0x00010000, %%eax\n" | |
3611 | + " movl %%eax, %%cr0\n" | |
3612 | + " sti\n" | |
3613 | +#endif | |
3614 | + | |
3615 | " jmp 2b\n" | |
3616 | ".previous\n" | |
3617 | ".section __ex_table,\"a\"\n" | |
3618 | " .align 4\n" | |
3619 | " .long 1b, 3b\n" | |
3620 | ".previous" | |
3621 | - : : "r" (from), "r" (to) : "memory"); | |
3622 | + : : "r" (from), "r" (to) : "memory", "ax"); | |
3623 | from+=64; | |
3624 | to+=64; | |
3625 | } | |
3626 | @@ -308,14 +372,30 @@ static void fast_copy_page(void *to, voi | |
3627 | " prefetch 256(%0)\n" | |
3628 | "2: \n" | |
3629 | ".section .fixup, \"ax\"\n" | |
3630 | - "3: movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
3631 | + "3: \n" | |
3632 | + | |
3633 | +#ifdef CONFIG_PAX_KERNEXEC | |
3634 | + " cli\n" | |
3635 | + " movl %%cr0, %%eax\n" | |
3636 | + " andl $0xFFFEFFFF, %%eax\n" | |
3637 | + " movl %%eax, %%cr0\n" | |
3638 | +#endif | |
3639 | + | |
3640 | + " movw $0x1AEB, 1b\n" /* jmp on 26 bytes */ | |
3641 | + | |
3642 | +#ifdef CONFIG_PAX_KERNEXEC | |
3643 | + " orl $0x00010000, %%eax\n" | |
3644 | + " movl %%eax, %%cr0\n" | |
3645 | + " sti\n" | |
3646 | +#endif | |
3647 | + | |
3648 | " jmp 2b\n" | |
3649 | ".previous\n" | |
3650 | ".section __ex_table,\"a\"\n" | |
3651 | " .align 4\n" | |
3652 | " .long 1b, 3b\n" | |
3653 | ".previous" | |
3654 | - : : "r" (from) ); | |
3655 | + : : "r" (from) : "ax"); | |
3656 | ||
3657 | for(i=0; i<4096/64; i++) | |
3658 | { | |
3659 | @@ -338,14 +418,30 @@ static void fast_copy_page(void *to, voi | |
3660 | " movq %%mm2, 48(%1)\n" | |
3661 | " movq %%mm3, 56(%1)\n" | |
3662 | ".section .fixup, \"ax\"\n" | |
3663 | - "3: movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
3664 | + "3:\n" | |
3665 | + | |
3666 | +#ifdef CONFIG_PAX_KERNEXEC | |
3667 | + " cli\n" | |
3668 | + " movl %%cr0, %%eax\n" | |
3669 | + " andl $0xFFFEFFFF, %%eax\n" | |
3670 | + " movl %%eax, %%cr0\n" | |
3671 | +#endif | |
3672 | + | |
3673 | + " movw $0x05EB, 1b\n" /* jmp on 5 bytes */ | |
3674 | + | |
3675 | +#ifdef CONFIG_PAX_KERNEXEC | |
3676 | + " orl $0x00010000, %%eax\n" | |
3677 | + " movl %%eax, %%cr0\n" | |
3678 | + " sti\n" | |
3679 | +#endif | |
3680 | + | |
3681 | " jmp 2b\n" | |
3682 | ".previous\n" | |
3683 | ".section __ex_table,\"a\"\n" | |
3684 | " .align 4\n" | |
3685 | " .long 1b, 3b\n" | |
3686 | ".previous" | |
3687 | - : : "r" (from), "r" (to) : "memory"); | |
3688 | + : : "r" (from), "r" (to) : "memory", "ax"); | |
3689 | from+=64; | |
3690 | to+=64; | |
3691 | } | |
3692 | diff -urNp linux-2.6.19.1/arch/i386/lib/putuser.S linux-2.6.19.1/arch/i386/lib/putuser.S | |
3693 | --- linux-2.6.19.1/arch/i386/lib/putuser.S 2006-11-29 16:57:37.000000000 -0500 | |
3694 | +++ linux-2.6.19.1/arch/i386/lib/putuser.S 2006-12-03 15:15:45.000000000 -0500 | |
3695 | @@ -9,6 +9,7 @@ | |
3696 | * return value. | |
3697 | */ | |
3698 | #include <asm/thread_info.h> | |
3699 | +#include <asm/segment.h> | |
3700 | ||
3701 | ||
3702 | /* | |
3703 | @@ -33,7 +34,11 @@ __put_user_1: | |
3704 | ENTER | |
3705 | cmpl TI_addr_limit(%ebx),%ecx | |
3706 | jae bad_put_user | |
3707 | + pushl $(__USER_DS) | |
3708 | + popl %ds | |
3709 | 1: movb %al,(%ecx) | |
3710 | + pushl %ss | |
3711 | + popl %ds | |
3712 | xorl %eax,%eax | |
3713 | EXIT | |
3714 | ||
3715 | @@ -45,7 +50,11 @@ __put_user_2: | |
3716 | subl $1,%ebx | |
3717 | cmpl %ebx,%ecx | |
3718 | jae bad_put_user | |
3719 | + pushl $(__USER_DS) | |
3720 | + popl %ds | |
3721 | 2: movw %ax,(%ecx) | |
3722 | + pushl %ss | |
3723 | + popl %ds | |
3724 | xorl %eax,%eax | |
3725 | EXIT | |
3726 | ||
3727 | @@ -57,7 +66,11 @@ __put_user_4: | |
3728 | subl $3,%ebx | |
3729 | cmpl %ebx,%ecx | |
3730 | jae bad_put_user | |
3731 | + pushl $(__USER_DS) | |
3732 | + popl %ds | |
3733 | 3: movl %eax,(%ecx) | |
3734 | + pushl %ss | |
3735 | + popl %ds | |
3736 | xorl %eax,%eax | |
3737 | EXIT | |
3738 | ||
3739 | @@ -69,12 +82,18 @@ __put_user_8: | |
3740 | subl $7,%ebx | |
3741 | cmpl %ebx,%ecx | |
3742 | jae bad_put_user | |
3743 | + pushl $(__USER_DS) | |
3744 | + popl %ds | |
3745 | 4: movl %eax,(%ecx) | |
3746 | 5: movl %edx,4(%ecx) | |
3747 | + pushl %ss | |
3748 | + popl %ds | |
3749 | xorl %eax,%eax | |
3750 | EXIT | |
3751 | ||
3752 | bad_put_user: | |
3753 | + pushl %ss | |
3754 | + popl %ds | |
3755 | movl $-14,%eax | |
3756 | EXIT | |
3757 | ||
3758 | diff -urNp linux-2.6.19.1/arch/i386/lib/usercopy.c linux-2.6.19.1/arch/i386/lib/usercopy.c | |
3759 | --- linux-2.6.19.1/arch/i386/lib/usercopy.c 2006-11-29 16:57:37.000000000 -0500 | |
3760 | +++ linux-2.6.19.1/arch/i386/lib/usercopy.c 2006-12-03 15:15:45.000000000 -0500 | |
3761 | @@ -28,34 +28,41 @@ static inline int __movsl_is_ok(unsigned | |
3762 | * Copy a null terminated string from userspace. | |
3763 | */ | |
3764 | ||
3765 | -#define __do_strncpy_from_user(dst,src,count,res) \ | |
3766 | -do { \ | |
3767 | - int __d0, __d1, __d2; \ | |
3768 | - might_sleep(); \ | |
3769 | - __asm__ __volatile__( \ | |
3770 | - " testl %1,%1\n" \ | |
3771 | - " jz 2f\n" \ | |
3772 | - "0: lodsb\n" \ | |
3773 | - " stosb\n" \ | |
3774 | - " testb %%al,%%al\n" \ | |
3775 | - " jz 1f\n" \ | |
3776 | - " decl %1\n" \ | |
3777 | - " jnz 0b\n" \ | |
3778 | - "1: subl %1,%0\n" \ | |
3779 | - "2:\n" \ | |
3780 | - ".section .fixup,\"ax\"\n" \ | |
3781 | - "3: movl %5,%0\n" \ | |
3782 | - " jmp 2b\n" \ | |
3783 | - ".previous\n" \ | |
3784 | - ".section __ex_table,\"a\"\n" \ | |
3785 | - " .align 4\n" \ | |
3786 | - " .long 0b,3b\n" \ | |
3787 | - ".previous" \ | |
3788 | - : "=d"(res), "=c"(count), "=&a" (__d0), "=&S" (__d1), \ | |
3789 | - "=&D" (__d2) \ | |
3790 | - : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \ | |
3791 | - : "memory"); \ | |
3792 | -} while (0) | |
3793 | +static long __do_strncpy_from_user(char *dst, const char __user *src, long count) | |
3794 | +{ | |
3795 | + int __d0, __d1, __d2; | |
3796 | + long res = -EFAULT; | |
3797 | + | |
3798 | + might_sleep(); | |
3799 | + __asm__ __volatile__( | |
3800 | + " movw %w10,%%ds\n" | |
3801 | + " testl %1,%1\n" | |
3802 | + " jz 2f\n" | |
3803 | + "0: lodsb\n" | |
3804 | + " stosb\n" | |
3805 | + " testb %%al,%%al\n" | |
3806 | + " jz 1f\n" | |
3807 | + " decl %1\n" | |
3808 | + " jnz 0b\n" | |
3809 | + "1: subl %1,%0\n" | |
3810 | + "2:\n" | |
3811 | + " pushl %%ss\n" | |
3812 | + " popl %%ds\n" | |
3813 | + ".section .fixup,\"ax\"\n" | |
3814 | + "3: movl %5,%0\n" | |
3815 | + " jmp 2b\n" | |
3816 | + ".previous\n" | |
3817 | + ".section __ex_table,\"a\"\n" | |
3818 | + " .align 4\n" | |
3819 | + " .long 0b,3b\n" | |
3820 | + ".previous" | |
3821 | + : "=d"(res), "=c"(count), "=&a" (__d0), "=&S" (__d1), | |
3822 | + "=&D" (__d2) | |
3823 | + : "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst), | |
3824 | + "r"(__USER_DS) | |
3825 | + : "memory"); | |
3826 | + return res; | |
3827 | +} | |
3828 | ||
3829 | /** | |
3830 | * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking. | |
3831 | @@ -80,9 +87,7 @@ do { \ | |
3832 | long | |
3833 | __strncpy_from_user(char *dst, const char __user *src, long count) | |
3834 | { | |
3835 | - long res; | |
3836 | - __do_strncpy_from_user(dst, src, count, res); | |
3837 | - return res; | |
3838 | + return __do_strncpy_from_user(dst, src, count); | |
3839 | } | |
3840 | EXPORT_SYMBOL(__strncpy_from_user); | |
3841 | ||
3842 | @@ -109,7 +114,7 @@ strncpy_from_user(char *dst, const char | |
3843 | { | |
3844 | long res = -EFAULT; | |
3845 | if (access_ok(VERIFY_READ, src, 1)) | |
3846 | - __do_strncpy_from_user(dst, src, count, res); | |
3847 | + res = __do_strncpy_from_user(dst, src, count); | |
3848 | return res; | |
3849 | } | |
3850 | EXPORT_SYMBOL(strncpy_from_user); | |
3851 | @@ -118,27 +123,33 @@ EXPORT_SYMBOL(strncpy_from_user); | |
3852 | * Zero Userspace | |
3853 | */ | |
3854 | ||
3855 | -#define __do_clear_user(addr,size) \ | |
3856 | -do { \ | |
3857 | - int __d0; \ | |
3858 | - might_sleep(); \ | |
3859 | - __asm__ __volatile__( \ | |
3860 | - "0: rep; stosl\n" \ | |
3861 | - " movl %2,%0\n" \ | |
3862 | - "1: rep; stosb\n" \ | |
3863 | - "2:\n" \ | |
3864 | - ".section .fixup,\"ax\"\n" \ | |
3865 | - "3: lea 0(%2,%0,4),%0\n" \ | |
3866 | - " jmp 2b\n" \ | |
3867 | - ".previous\n" \ | |
3868 | - ".section __ex_table,\"a\"\n" \ | |
3869 | - " .align 4\n" \ | |
3870 | - " .long 0b,3b\n" \ | |
3871 | - " .long 1b,2b\n" \ | |
3872 | - ".previous" \ | |
3873 | - : "=&c"(size), "=&D" (__d0) \ | |
3874 | - : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0)); \ | |
3875 | -} while (0) | |
3876 | +static unsigned long __do_clear_user(void __user *addr, unsigned long size) | |
3877 | +{ | |
3878 | + int __d0; | |
3879 | + | |
3880 | + might_sleep(); | |
3881 | + __asm__ __volatile__( | |
3882 | + " movw %w6,%%es\n" | |
3883 | + "0: rep; stosl\n" | |
3884 | + " movl %2,%0\n" | |
3885 | + "1: rep; stosb\n" | |
3886 | + "2:\n" | |
3887 | + " pushl %%ss\n" | |
3888 | + " popl %%es\n" | |
3889 | + ".section .fixup,\"ax\"\n" | |
3890 | + "3: lea 0(%2,%0,4),%0\n" | |
3891 | + " jmp 2b\n" | |
3892 | + ".previous\n" | |
3893 | + ".section __ex_table,\"a\"\n" | |
3894 | + " .align 4\n" | |
3895 | + " .long 0b,3b\n" | |
3896 | + " .long 1b,2b\n" | |
3897 | + ".previous" | |
3898 | + : "=&c"(size), "=&D" (__d0) | |
3899 | + : "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0), | |
3900 | + "r"(__USER_DS)); | |
3901 | + return size; | |
3902 | +} | |
3903 | ||
3904 | /** | |
3905 | * clear_user: - Zero a block of memory in user space. | |
3906 | @@ -155,7 +166,7 @@ clear_user(void __user *to, unsigned lon | |
3907 | { | |
3908 | might_sleep(); | |
3909 | if (access_ok(VERIFY_WRITE, to, n)) | |
3910 | - __do_clear_user(to, n); | |
3911 | + n = __do_clear_user(to, n); | |
3912 | return n; | |
3913 | } | |
3914 | EXPORT_SYMBOL(clear_user); | |
3915 | @@ -174,8 +185,7 @@ EXPORT_SYMBOL(clear_user); | |
3916 | unsigned long | |
3917 | __clear_user(void __user *to, unsigned long n) | |
3918 | { | |
3919 | - __do_clear_user(to, n); | |
3920 | - return n; | |
3921 | + return __do_clear_user(to, n); | |
3922 | } | |
3923 | EXPORT_SYMBOL(__clear_user); | |
3924 | ||
3925 | @@ -198,14 +208,17 @@ long strnlen_user(const char __user *s, | |
3926 | might_sleep(); | |
3927 | ||
3928 | __asm__ __volatile__( | |
3929 | + " movw %w8,%%es\n" | |
3930 | " testl %0, %0\n" | |
3931 | " jz 3f\n" | |
3932 | - " andl %0,%%ecx\n" | |
3933 | + " movl %0,%%ecx\n" | |
3934 | "0: repne; scasb\n" | |
3935 | " setne %%al\n" | |
3936 | " subl %%ecx,%0\n" | |
3937 | " addl %0,%%eax\n" | |
3938 | "1:\n" | |
3939 | + " pushl %%ss\n" | |
3940 | + " popl %%es\n" | |
3941 | ".section .fixup,\"ax\"\n" | |
3942 | "2: xorl %%eax,%%eax\n" | |
3943 | " jmp 1b\n" | |
3944 | @@ -217,7 +230,7 @@ long strnlen_user(const char __user *s, | |
3945 | " .long 0b,2b\n" | |
3946 | ".previous" | |
3947 | :"=r" (n), "=D" (s), "=a" (res), "=c" (tmp) | |
3948 | - :"0" (n), "1" (s), "2" (0), "3" (mask) | |
3949 | + :"0" (n), "1" (s), "2" (0), "3" (mask), "r" (__USER_DS) | |
3950 | :"cc"); | |
3951 | return res & mask; | |
3952 | } | |
3953 | @@ -225,10 +238,121 @@ EXPORT_SYMBOL(strnlen_user); | |
3954 | ||
3955 | #ifdef CONFIG_X86_INTEL_USERCOPY | |
3956 | static unsigned long | |
3957 | -__copy_user_intel(void __user *to, const void *from, unsigned long size) | |
3958 | +__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size) | |
3959 | +{ | |
3960 | + int d0, d1; | |
3961 | + __asm__ __volatile__( | |
3962 | + " movw %w6, %%es\n" | |
3963 | + " .align 2,0x90\n" | |
3964 | + "1: movl 32(%4), %%eax\n" | |
3965 | + " cmpl $67, %0\n" | |
3966 | + " jbe 3f\n" | |
3967 | + "2: movl 64(%4), %%eax\n" | |
3968 | + " .align 2,0x90\n" | |
3969 | + "3: movl 0(%4), %%eax\n" | |
3970 | + "4: movl 4(%4), %%edx\n" | |
3971 | + "5: movl %%eax, %%es:0(%3)\n" | |
3972 | + "6: movl %%edx, %%es:4(%3)\n" | |
3973 | + "7: movl 8(%4), %%eax\n" | |
3974 | + "8: movl 12(%4),%%edx\n" | |
3975 | + "9: movl %%eax, %%es:8(%3)\n" | |
3976 | + "10: movl %%edx, %%es:12(%3)\n" | |
3977 | + "11: movl 16(%4), %%eax\n" | |
3978 | + "12: movl 20(%4), %%edx\n" | |
3979 | + "13: movl %%eax, %%es:16(%3)\n" | |
3980 | + "14: movl %%edx, %%es:20(%3)\n" | |
3981 | + "15: movl 24(%4), %%eax\n" | |
3982 | + "16: movl 28(%4), %%edx\n" | |
3983 | + "17: movl %%eax, %%es:24(%3)\n" | |
3984 | + "18: movl %%edx, %%es:28(%3)\n" | |
3985 | + "19: movl 32(%4), %%eax\n" | |
3986 | + "20: movl 36(%4), %%edx\n" | |
3987 | + "21: movl %%eax, %%es:32(%3)\n" | |
3988 | + "22: movl %%edx, %%es:36(%3)\n" | |
3989 | + "23: movl 40(%4), %%eax\n" | |
3990 | + "24: movl 44(%4), %%edx\n" | |
3991 | + "25: movl %%eax, %%es:40(%3)\n" | |
3992 | + "26: movl %%edx, %%es:44(%3)\n" | |
3993 | + "27: movl 48(%4), %%eax\n" | |
3994 | + "28: movl 52(%4), %%edx\n" | |
3995 | + "29: movl %%eax, %%es:48(%3)\n" | |
3996 | + "30: movl %%edx, %%es:52(%3)\n" | |
3997 | + "31: movl 56(%4), %%eax\n" | |
3998 | + "32: movl 60(%4), %%edx\n" | |
3999 | + "33: movl %%eax, %%es:56(%3)\n" | |
4000 | + "34: movl %%edx, %%es:60(%3)\n" | |
4001 | + " addl $-64, %0\n" | |
4002 | + " addl $64, %4\n" | |
4003 | + " addl $64, %3\n" | |
4004 | + " cmpl $63, %0\n" | |
4005 | + " ja 1b\n" | |
4006 | + "35: movl %0, %%eax\n" | |
4007 | + " shrl $2, %0\n" | |
4008 | + " andl $3, %%eax\n" | |
4009 | + " cld\n" | |
4010 | + "99: rep; movsl\n" | |
4011 | + "36: movl %%eax, %0\n" | |
4012 | + "37: rep; movsb\n" | |
4013 | + "100:\n" | |
4014 | + " pushl %%ss\n" | |
4015 | + " popl %%es\n" | |
4016 | + ".section .fixup,\"ax\"\n" | |
4017 | + "101: lea 0(%%eax,%0,4),%0\n" | |
4018 | + " jmp 100b\n" | |
4019 | + ".previous\n" | |
4020 | + ".section __ex_table,\"a\"\n" | |
4021 | + " .align 4\n" | |
4022 | + " .long 1b,100b\n" | |
4023 | + " .long 2b,100b\n" | |
4024 | + " .long 3b,100b\n" | |
4025 | + " .long 4b,100b\n" | |
4026 | + " .long 5b,100b\n" | |
4027 | + " .long 6b,100b\n" | |
4028 | + " .long 7b,100b\n" | |
4029 | + " .long 8b,100b\n" | |
4030 | + " .long 9b,100b\n" | |
4031 | + " .long 10b,100b\n" | |
4032 | + " .long 11b,100b\n" | |
4033 | + " .long 12b,100b\n" | |
4034 | + " .long 13b,100b\n" | |
4035 | + " .long 14b,100b\n" | |
4036 | + " .long 15b,100b\n" | |
4037 | + " .long 16b,100b\n" | |
4038 | + " .long 17b,100b\n" | |
4039 | + " .long 18b,100b\n" | |
4040 | + " .long 19b,100b\n" | |
4041 | + " .long 20b,100b\n" | |
4042 | + " .long 21b,100b\n" | |
4043 | + " .long 22b,100b\n" | |
4044 | + " .long 23b,100b\n" | |
4045 | + " .long 24b,100b\n" | |
4046 | + " .long 25b,100b\n" | |
4047 | + " .long 26b,100b\n" | |
4048 | + " .long 27b,100b\n" | |
4049 | + " .long 28b,100b\n" | |
4050 | + " .long 29b,100b\n" | |
4051 | + " .long 30b,100b\n" | |
4052 | + " .long 31b,100b\n" | |
4053 | + " .long 32b,100b\n" | |
4054 | + " .long 33b,100b\n" | |
4055 | + " .long 34b,100b\n" | |
4056 | + " .long 35b,100b\n" | |
4057 | + " .long 36b,100b\n" | |
4058 | + " .long 37b,100b\n" | |
4059 | + " .long 99b,101b\n" | |
4060 | + ".previous" | |
4061 | + : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
4062 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
4063 | + : "eax", "edx", "memory"); | |
4064 | + return size; | |
4065 | +} | |
4066 | + | |
4067 | +static unsigned long | |
4068 | +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size) | |
4069 | { | |
4070 | int d0, d1; | |
4071 | __asm__ __volatile__( | |
4072 | + " movw %w6, %%ds\n" | |
4073 | " .align 2,0x90\n" | |
4074 | "1: movl 32(%4), %%eax\n" | |
4075 | " cmpl $67, %0\n" | |
4076 | @@ -237,36 +361,36 @@ __copy_user_intel(void __user *to, const | |
4077 | " .align 2,0x90\n" | |
4078 | "3: movl 0(%4), %%eax\n" | |
4079 | "4: movl 4(%4), %%edx\n" | |
4080 | - "5: movl %%eax, 0(%3)\n" | |
4081 | - "6: movl %%edx, 4(%3)\n" | |
4082 | + "5: movl %%eax, %%es:0(%3)\n" | |
4083 | + "6: movl %%edx, %%es:4(%3)\n" | |
4084 | "7: movl 8(%4), %%eax\n" | |
4085 | "8: movl 12(%4),%%edx\n" | |
4086 | - "9: movl %%eax, 8(%3)\n" | |
4087 | - "10: movl %%edx, 12(%3)\n" | |
4088 | + "9: movl %%eax, %%es:8(%3)\n" | |
4089 | + "10: movl %%edx, %%es:12(%3)\n" | |
4090 | "11: movl 16(%4), %%eax\n" | |
4091 | "12: movl 20(%4), %%edx\n" | |
4092 | - "13: movl %%eax, 16(%3)\n" | |
4093 | - "14: movl %%edx, 20(%3)\n" | |
4094 | + "13: movl %%eax, %%es:16(%3)\n" | |
4095 | + "14: movl %%edx, %%es:20(%3)\n" | |
4096 | "15: movl 24(%4), %%eax\n" | |
4097 | "16: movl 28(%4), %%edx\n" | |
4098 | - "17: movl %%eax, 24(%3)\n" | |
4099 | - "18: movl %%edx, 28(%3)\n" | |
4100 | + "17: movl %%eax, %%es:24(%3)\n" | |
4101 | + "18: movl %%edx, %%es:28(%3)\n" | |
4102 | "19: movl 32(%4), %%eax\n" | |
4103 | "20: movl 36(%4), %%edx\n" | |
4104 | - "21: movl %%eax, 32(%3)\n" | |
4105 | - "22: movl %%edx, 36(%3)\n" | |
4106 | + "21: movl %%eax, %%es:32(%3)\n" | |
4107 | + "22: movl %%edx, %%es:36(%3)\n" | |
4108 | "23: movl 40(%4), %%eax\n" | |
4109 | "24: movl 44(%4), %%edx\n" | |
4110 | - "25: movl %%eax, 40(%3)\n" | |
4111 | - "26: movl %%edx, 44(%3)\n" | |
4112 | + "25: movl %%eax, %%es:40(%3)\n" | |
4113 | + "26: movl %%edx, %%es:44(%3)\n" | |
4114 | "27: movl 48(%4), %%eax\n" | |
4115 | "28: movl 52(%4), %%edx\n" | |
4116 | - "29: movl %%eax, 48(%3)\n" | |
4117 | - "30: movl %%edx, 52(%3)\n" | |
4118 | + "29: movl %%eax, %%es:48(%3)\n" | |
4119 | + "30: movl %%edx, %%es:52(%3)\n" | |
4120 | "31: movl 56(%4), %%eax\n" | |
4121 | "32: movl 60(%4), %%edx\n" | |
4122 | - "33: movl %%eax, 56(%3)\n" | |
4123 | - "34: movl %%edx, 60(%3)\n" | |
4124 | + "33: movl %%eax, %%es:56(%3)\n" | |
4125 | + "34: movl %%edx, %%es:60(%3)\n" | |
4126 | " addl $-64, %0\n" | |
4127 | " addl $64, %4\n" | |
4128 | " addl $64, %3\n" | |
4129 | @@ -280,6 +404,8 @@ __copy_user_intel(void __user *to, const | |
4130 | "36: movl %%eax, %0\n" | |
4131 | "37: rep; movsb\n" | |
4132 | "100:\n" | |
4133 | + " pushl %%ss\n" | |
4134 | + " popl %%ds\n" | |
4135 | ".section .fixup,\"ax\"\n" | |
4136 | "101: lea 0(%%eax,%0,4),%0\n" | |
4137 | " jmp 100b\n" | |
4138 | @@ -326,7 +452,7 @@ __copy_user_intel(void __user *to, const | |
4139 | " .long 99b,101b\n" | |
4140 | ".previous" | |
4141 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
4142 | - : "1"(to), "2"(from), "0"(size) | |
4143 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
4144 | : "eax", "edx", "memory"); | |
4145 | return size; | |
4146 | } | |
4147 | @@ -336,6 +462,7 @@ __copy_user_zeroing_intel(void *to, cons | |
4148 | { | |
4149 | int d0, d1; | |
4150 | __asm__ __volatile__( | |
4151 | + " movw %w6, %%ds\n" | |
4152 | " .align 2,0x90\n" | |
4153 | "0: movl 32(%4), %%eax\n" | |
4154 | " cmpl $67, %0\n" | |
4155 | @@ -344,36 +471,36 @@ __copy_user_zeroing_intel(void *to, cons | |
4156 | " .align 2,0x90\n" | |
4157 | "2: movl 0(%4), %%eax\n" | |
4158 | "21: movl 4(%4), %%edx\n" | |
4159 | - " movl %%eax, 0(%3)\n" | |
4160 | - " movl %%edx, 4(%3)\n" | |
4161 | + " movl %%eax, %%es:0(%3)\n" | |
4162 | + " movl %%edx, %%es:4(%3)\n" | |
4163 | "3: movl 8(%4), %%eax\n" | |
4164 | "31: movl 12(%4),%%edx\n" | |
4165 | - " movl %%eax, 8(%3)\n" | |
4166 | - " movl %%edx, 12(%3)\n" | |
4167 | + " movl %%eax, %%es:8(%3)\n" | |
4168 | + " movl %%edx, %%es:12(%3)\n" | |
4169 | "4: movl 16(%4), %%eax\n" | |
4170 | "41: movl 20(%4), %%edx\n" | |
4171 | - " movl %%eax, 16(%3)\n" | |
4172 | - " movl %%edx, 20(%3)\n" | |
4173 | + " movl %%eax, %%es:16(%3)\n" | |
4174 | + " movl %%edx, %%es:20(%3)\n" | |
4175 | "10: movl 24(%4), %%eax\n" | |
4176 | "51: movl 28(%4), %%edx\n" | |
4177 | - " movl %%eax, 24(%3)\n" | |
4178 | - " movl %%edx, 28(%3)\n" | |
4179 | + " movl %%eax, %%es:24(%3)\n" | |
4180 | + " movl %%edx, %%es:28(%3)\n" | |
4181 | "11: movl 32(%4), %%eax\n" | |
4182 | "61: movl 36(%4), %%edx\n" | |
4183 | - " movl %%eax, 32(%3)\n" | |
4184 | - " movl %%edx, 36(%3)\n" | |
4185 | + " movl %%eax, %%es:32(%3)\n" | |
4186 | + " movl %%edx, %%es:36(%3)\n" | |
4187 | "12: movl 40(%4), %%eax\n" | |
4188 | "71: movl 44(%4), %%edx\n" | |
4189 | - " movl %%eax, 40(%3)\n" | |
4190 | - " movl %%edx, 44(%3)\n" | |
4191 | + " movl %%eax, %%es:40(%3)\n" | |
4192 | + " movl %%edx, %%es:44(%3)\n" | |
4193 | "13: movl 48(%4), %%eax\n" | |
4194 | "81: movl 52(%4), %%edx\n" | |
4195 | - " movl %%eax, 48(%3)\n" | |
4196 | - " movl %%edx, 52(%3)\n" | |
4197 | + " movl %%eax, %%es:48(%3)\n" | |
4198 | + " movl %%edx, %%es:52(%3)\n" | |
4199 | "14: movl 56(%4), %%eax\n" | |
4200 | "91: movl 60(%4), %%edx\n" | |
4201 | - " movl %%eax, 56(%3)\n" | |
4202 | - " movl %%edx, 60(%3)\n" | |
4203 | + " movl %%eax, %%es:56(%3)\n" | |
4204 | + " movl %%edx, %%es:60(%3)\n" | |
4205 | " addl $-64, %0\n" | |
4206 | " addl $64, %4\n" | |
4207 | " addl $64, %3\n" | |
4208 | @@ -387,6 +514,8 @@ __copy_user_zeroing_intel(void *to, cons | |
4209 | " movl %%eax,%0\n" | |
4210 | "7: rep; movsb\n" | |
4211 | "8:\n" | |
4212 | + " pushl %%ss\n" | |
4213 | + " popl %%ds\n" | |
4214 | ".section .fixup,\"ax\"\n" | |
4215 | "9: lea 0(%%eax,%0,4),%0\n" | |
4216 | "16: pushl %0\n" | |
4217 | @@ -421,7 +550,7 @@ __copy_user_zeroing_intel(void *to, cons | |
4218 | " .long 7b,16b\n" | |
4219 | ".previous" | |
4220 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
4221 | - : "1"(to), "2"(from), "0"(size) | |
4222 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
4223 | : "eax", "edx", "memory"); | |
4224 | return size; | |
4225 | } | |
4226 | @@ -437,6 +566,7 @@ static unsigned long __copy_user_zeroing | |
4227 | int d0, d1; | |
4228 | ||
4229 | __asm__ __volatile__( | |
4230 | + " movw %w6, %%ds\n" | |
4231 | " .align 2,0x90\n" | |
4232 | "0: movl 32(%4), %%eax\n" | |
4233 | " cmpl $67, %0\n" | |
4234 | @@ -445,36 +575,36 @@ static unsigned long __copy_user_zeroing | |
4235 | " .align 2,0x90\n" | |
4236 | "2: movl 0(%4), %%eax\n" | |
4237 | "21: movl 4(%4), %%edx\n" | |
4238 | - " movnti %%eax, 0(%3)\n" | |
4239 | - " movnti %%edx, 4(%3)\n" | |
4240 | + " movnti %%eax, %%es:0(%3)\n" | |
4241 | + " movnti %%edx, %%es:4(%3)\n" | |
4242 | "3: movl 8(%4), %%eax\n" | |
4243 | "31: movl 12(%4),%%edx\n" | |
4244 | - " movnti %%eax, 8(%3)\n" | |
4245 | - " movnti %%edx, 12(%3)\n" | |
4246 | + " movnti %%eax, %%es:8(%3)\n" | |
4247 | + " movnti %%edx, %%es:12(%3)\n" | |
4248 | "4: movl 16(%4), %%eax\n" | |
4249 | "41: movl 20(%4), %%edx\n" | |
4250 | - " movnti %%eax, 16(%3)\n" | |
4251 | - " movnti %%edx, 20(%3)\n" | |
4252 | + " movnti %%eax, %%es:16(%3)\n" | |
4253 | + " movnti %%edx, %%es:20(%3)\n" | |
4254 | "10: movl 24(%4), %%eax\n" | |
4255 | "51: movl 28(%4), %%edx\n" | |
4256 | - " movnti %%eax, 24(%3)\n" | |
4257 | - " movnti %%edx, 28(%3)\n" | |
4258 | + " movnti %%eax, %%es:24(%3)\n" | |
4259 | + " movnti %%edx, %%es:28(%3)\n" | |
4260 | "11: movl 32(%4), %%eax\n" | |
4261 | "61: movl 36(%4), %%edx\n" | |
4262 | - " movnti %%eax, 32(%3)\n" | |
4263 | - " movnti %%edx, 36(%3)\n" | |
4264 | + " movnti %%eax, %%es:32(%3)\n" | |
4265 | + " movnti %%edx, %%es:36(%3)\n" | |
4266 | "12: movl 40(%4), %%eax\n" | |
4267 | "71: movl 44(%4), %%edx\n" | |
4268 | - " movnti %%eax, 40(%3)\n" | |
4269 | - " movnti %%edx, 44(%3)\n" | |
4270 | + " movnti %%eax, %%es:40(%3)\n" | |
4271 | + " movnti %%edx, %%es:44(%3)\n" | |
4272 | "13: movl 48(%4), %%eax\n" | |
4273 | "81: movl 52(%4), %%edx\n" | |
4274 | - " movnti %%eax, 48(%3)\n" | |
4275 | - " movnti %%edx, 52(%3)\n" | |
4276 | + " movnti %%eax, %%es:48(%3)\n" | |
4277 | + " movnti %%edx, %%es:52(%3)\n" | |
4278 | "14: movl 56(%4), %%eax\n" | |
4279 | "91: movl 60(%4), %%edx\n" | |
4280 | - " movnti %%eax, 56(%3)\n" | |
4281 | - " movnti %%edx, 60(%3)\n" | |
4282 | + " movnti %%eax, %%es:56(%3)\n" | |
4283 | + " movnti %%edx, %%es:60(%3)\n" | |
4284 | " addl $-64, %0\n" | |
4285 | " addl $64, %4\n" | |
4286 | " addl $64, %3\n" | |
4287 | @@ -489,6 +619,8 @@ static unsigned long __copy_user_zeroing | |
4288 | " movl %%eax,%0\n" | |
4289 | "7: rep; movsb\n" | |
4290 | "8:\n" | |
4291 | + " pushl %%ss\n" | |
4292 | + " popl %%ds\n" | |
4293 | ".section .fixup,\"ax\"\n" | |
4294 | "9: lea 0(%%eax,%0,4),%0\n" | |
4295 | "16: pushl %0\n" | |
4296 | @@ -523,7 +655,7 @@ static unsigned long __copy_user_zeroing | |
4297 | " .long 7b,16b\n" | |
4298 | ".previous" | |
4299 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
4300 | - : "1"(to), "2"(from), "0"(size) | |
4301 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
4302 | : "eax", "edx", "memory"); | |
4303 | return size; | |
4304 | } | |
4305 | @@ -534,6 +666,7 @@ static unsigned long __copy_user_intel_n | |
4306 | int d0, d1; | |
4307 | ||
4308 | __asm__ __volatile__( | |
4309 | + " movw %w6, %%ds\n" | |
4310 | " .align 2,0x90\n" | |
4311 | "0: movl 32(%4), %%eax\n" | |
4312 | " cmpl $67, %0\n" | |
4313 | @@ -542,36 +675,36 @@ static unsigned long __copy_user_intel_n | |
4314 | " .align 2,0x90\n" | |
4315 | "2: movl 0(%4), %%eax\n" | |
4316 | "21: movl 4(%4), %%edx\n" | |
4317 | - " movnti %%eax, 0(%3)\n" | |
4318 | - " movnti %%edx, 4(%3)\n" | |
4319 | + " movnti %%eax, %%es:0(%3)\n" | |
4320 | + " movnti %%edx, %%es:4(%3)\n" | |
4321 | "3: movl 8(%4), %%eax\n" | |
4322 | "31: movl 12(%4),%%edx\n" | |
4323 | - " movnti %%eax, 8(%3)\n" | |
4324 | - " movnti %%edx, 12(%3)\n" | |
4325 | + " movnti %%eax, %%es:8(%3)\n" | |
4326 | + " movnti %%edx, %%es:12(%3)\n" | |
4327 | "4: movl 16(%4), %%eax\n" | |
4328 | "41: movl 20(%4), %%edx\n" | |
4329 | - " movnti %%eax, 16(%3)\n" | |
4330 | - " movnti %%edx, 20(%3)\n" | |
4331 | + " movnti %%eax, %%es:16(%3)\n" | |
4332 | + " movnti %%edx, %%es:20(%3)\n" | |
4333 | "10: movl 24(%4), %%eax\n" | |
4334 | "51: movl 28(%4), %%edx\n" | |
4335 | - " movnti %%eax, 24(%3)\n" | |
4336 | - " movnti %%edx, 28(%3)\n" | |
4337 | + " movnti %%eax, %%es:24(%3)\n" | |
4338 | + " movnti %%edx, %%es:28(%3)\n" | |
4339 | "11: movl 32(%4), %%eax\n" | |
4340 | "61: movl 36(%4), %%edx\n" | |
4341 | - " movnti %%eax, 32(%3)\n" | |
4342 | - " movnti %%edx, 36(%3)\n" | |
4343 | + " movnti %%eax, %%es:32(%3)\n" | |
4344 | + " movnti %%edx, %%es:36(%3)\n" | |
4345 | "12: movl 40(%4), %%eax\n" | |
4346 | "71: movl 44(%4), %%edx\n" | |
4347 | - " movnti %%eax, 40(%3)\n" | |
4348 | - " movnti %%edx, 44(%3)\n" | |
4349 | + " movnti %%eax, %%es:40(%3)\n" | |
4350 | + " movnti %%edx, %%es:44(%3)\n" | |
4351 | "13: movl 48(%4), %%eax\n" | |
4352 | "81: movl 52(%4), %%edx\n" | |
4353 | - " movnti %%eax, 48(%3)\n" | |
4354 | - " movnti %%edx, 52(%3)\n" | |
4355 | + " movnti %%eax, %%es:48(%3)\n" | |
4356 | + " movnti %%edx, %%es:52(%3)\n" | |
4357 | "14: movl 56(%4), %%eax\n" | |
4358 | "91: movl 60(%4), %%edx\n" | |
4359 | - " movnti %%eax, 56(%3)\n" | |
4360 | - " movnti %%edx, 60(%3)\n" | |
4361 | + " movnti %%eax, %%es:56(%3)\n" | |
4362 | + " movnti %%edx, %%es:60(%3)\n" | |
4363 | " addl $-64, %0\n" | |
4364 | " addl $64, %4\n" | |
4365 | " addl $64, %3\n" | |
4366 | @@ -586,6 +719,8 @@ static unsigned long __copy_user_intel_n | |
4367 | " movl %%eax,%0\n" | |
4368 | "7: rep; movsb\n" | |
4369 | "8:\n" | |
4370 | + " pushl %%ss\n" | |
4371 | + " popl %%ds\n" | |
4372 | ".section .fixup,\"ax\"\n" | |
4373 | "9: lea 0(%%eax,%0,4),%0\n" | |
4374 | "16: jmp 8b\n" | |
4375 | @@ -614,7 +749,7 @@ static unsigned long __copy_user_intel_n | |
4376 | " .long 7b,16b\n" | |
4377 | ".previous" | |
4378 | : "=&c"(size), "=&D" (d0), "=&S" (d1) | |
4379 | - : "1"(to), "2"(from), "0"(size) | |
4380 | + : "1"(to), "2"(from), "0"(size), "r"(__USER_DS) | |
4381 | : "eax", "edx", "memory"); | |
4382 | return size; | |
4383 | } | |
4384 | @@ -627,90 +762,146 @@ static unsigned long __copy_user_intel_n | |
4385 | */ | |
4386 | unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, | |
4387 | unsigned long size); | |
4388 | -unsigned long __copy_user_intel(void __user *to, const void *from, | |
4389 | +unsigned long __generic_copy_to_user_intel(void __user *to, const void *from, | |
4390 | + unsigned long size); | |
4391 | +unsigned long __generic_copy_from_user_intel(void *to, const void __user *from, | |
4392 | unsigned long size); | |
4393 | unsigned long __copy_user_zeroing_intel_nocache(void *to, | |
4394 | const void __user *from, unsigned long size); | |
4395 | #endif /* CONFIG_X86_INTEL_USERCOPY */ | |
4396 | ||
4397 | /* Generic arbitrary sized copy. */ | |
4398 | -#define __copy_user(to,from,size) \ | |
4399 | -do { \ | |
4400 | - int __d0, __d1, __d2; \ | |
4401 | - __asm__ __volatile__( \ | |
4402 | - " cmp $7,%0\n" \ | |
4403 | - " jbe 1f\n" \ | |
4404 | - " movl %1,%0\n" \ | |
4405 | - " negl %0\n" \ | |
4406 | - " andl $7,%0\n" \ | |
4407 | - " subl %0,%3\n" \ | |
4408 | - "4: rep; movsb\n" \ | |
4409 | - " movl %3,%0\n" \ | |
4410 | - " shrl $2,%0\n" \ | |
4411 | - " andl $3,%3\n" \ | |
4412 | - " .align 2,0x90\n" \ | |
4413 | - "0: rep; movsl\n" \ | |
4414 | - " movl %3,%0\n" \ | |
4415 | - "1: rep; movsb\n" \ | |
4416 | - "2:\n" \ | |
4417 | - ".section .fixup,\"ax\"\n" \ | |
4418 | - "5: addl %3,%0\n" \ | |
4419 | - " jmp 2b\n" \ | |
4420 | - "3: lea 0(%3,%0,4),%0\n" \ | |
4421 | - " jmp 2b\n" \ | |
4422 | - ".previous\n" \ | |
4423 | - ".section __ex_table,\"a\"\n" \ | |
4424 | - " .align 4\n" \ | |
4425 | - " .long 4b,5b\n" \ | |
4426 | - " .long 0b,3b\n" \ | |
4427 | - " .long 1b,2b\n" \ | |
4428 | - ".previous" \ | |
4429 | - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \ | |
4430 | - : "3"(size), "0"(size), "1"(to), "2"(from) \ | |
4431 | - : "memory"); \ | |
4432 | -} while (0) | |
4433 | - | |
4434 | -#define __copy_user_zeroing(to,from,size) \ | |
4435 | -do { \ | |
4436 | - int __d0, __d1, __d2; \ | |
4437 | - __asm__ __volatile__( \ | |
4438 | - " cmp $7,%0\n" \ | |
4439 | - " jbe 1f\n" \ | |
4440 | - " movl %1,%0\n" \ | |
4441 | - " negl %0\n" \ | |
4442 | - " andl $7,%0\n" \ | |
4443 | - " subl %0,%3\n" \ | |
4444 | - "4: rep; movsb\n" \ | |
4445 | - " movl %3,%0\n" \ | |
4446 | - " shrl $2,%0\n" \ | |
4447 | - " andl $3,%3\n" \ | |
4448 | - " .align 2,0x90\n" \ | |
4449 | - "0: rep; movsl\n" \ | |
4450 | - " movl %3,%0\n" \ | |
4451 | - "1: rep; movsb\n" \ | |
4452 | - "2:\n" \ | |
4453 | - ".section .fixup,\"ax\"\n" \ | |
4454 | - "5: addl %3,%0\n" \ | |
4455 | - " jmp 6f\n" \ | |
4456 | - "3: lea 0(%3,%0,4),%0\n" \ | |
4457 | - "6: pushl %0\n" \ | |
4458 | - " pushl %%eax\n" \ | |
4459 | - " xorl %%eax,%%eax\n" \ | |
4460 | - " rep; stosb\n" \ | |
4461 | - " popl %%eax\n" \ | |
4462 | - " popl %0\n" \ | |
4463 | - " jmp 2b\n" \ | |
4464 | - ".previous\n" \ | |
4465 | - ".section __ex_table,\"a\"\n" \ | |
4466 | - " .align 4\n" \ | |
4467 | - " .long 4b,5b\n" \ | |
4468 | - " .long 0b,3b\n" \ | |
4469 | - " .long 1b,6b\n" \ | |
4470 | - ".previous" \ | |
4471 | - : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) \ | |
4472 | - : "3"(size), "0"(size), "1"(to), "2"(from) \ | |
4473 | - : "memory"); \ | |
4474 | -} while (0) | |
4475 | +static unsigned long | |
4476 | +__generic_copy_to_user(void __user *to, const void *from, unsigned long size) | |
4477 | +{ | |
4478 | + int __d0, __d1, __d2; | |
4479 | + | |
4480 | + __asm__ __volatile__( | |
4481 | + " movw %w8,%%es\n" | |
4482 | + " cmp $7,%0\n" | |
4483 | + " jbe 1f\n" | |
4484 | + " movl %1,%0\n" | |
4485 | + " negl %0\n" | |
4486 | + " andl $7,%0\n" | |
4487 | + " subl %0,%3\n" | |
4488 | + "4: rep; movsb\n" | |
4489 | + " movl %3,%0\n" | |
4490 | + " shrl $2,%0\n" | |
4491 | + " andl $3,%3\n" | |
4492 | + " .align 2,0x90\n" | |
4493 | + "0: rep; movsl\n" | |
4494 | + " movl %3,%0\n" | |
4495 | + "1: rep; movsb\n" | |
4496 | + "2:\n" | |
4497 | + " pushl %%ss\n" | |
4498 | + " popl %%es\n" | |
4499 | + ".section .fixup,\"ax\"\n" | |
4500 | + "5: addl %3,%0\n" | |
4501 | + " jmp 2b\n" | |
4502 | + "3: lea 0(%3,%0,4),%0\n" | |
4503 | + " jmp 2b\n" | |
4504 | + ".previous\n" | |
4505 | + ".section __ex_table,\"a\"\n" | |
4506 | + " .align 4\n" | |
4507 | + " .long 4b,5b\n" | |
4508 | + " .long 0b,3b\n" | |
4509 | + " .long 1b,2b\n" | |
4510 | + ".previous" | |
4511 | + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) | |
4512 | + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS) | |
4513 | + : "memory"); | |
4514 | + return size; | |
4515 | +} | |
4516 | + | |
4517 | +static unsigned long | |
4518 | +__generic_copy_from_user(void *to, const void __user *from, unsigned long size) | |
4519 | +{ | |
4520 | + int __d0, __d1, __d2; | |
4521 | + | |
4522 | + __asm__ __volatile__( | |
4523 | + " movw %w8,%%ds\n" | |
4524 | + " cmp $7,%0\n" | |
4525 | + " jbe 1f\n" | |
4526 | + " movl %1,%0\n" | |
4527 | + " negl %0\n" | |
4528 | + " andl $7,%0\n" | |
4529 | + " subl %0,%3\n" | |
4530 | + "4: rep; movsb\n" | |
4531 | + " movl %3,%0\n" | |
4532 | + " shrl $2,%0\n" | |
4533 | + " andl $3,%3\n" | |
4534 | + " .align 2,0x90\n" | |
4535 | + "0: rep; movsl\n" | |
4536 | + " movl %3,%0\n" | |
4537 | + "1: rep; movsb\n" | |
4538 | + "2:\n" | |
4539 | + " pushl %%ss\n" | |
4540 | + " popl %%ds\n" | |
4541 | + ".section .fixup,\"ax\"\n" | |
4542 | + "5: addl %3,%0\n" | |
4543 | + " jmp 2b\n" | |
4544 | + "3: lea 0(%3,%0,4),%0\n" | |
4545 | + " jmp 2b\n" | |
4546 | + ".previous\n" | |
4547 | + ".section __ex_table,\"a\"\n" | |
4548 | + " .align 4\n" | |
4549 | + " .long 4b,5b\n" | |
4550 | + " .long 0b,3b\n" | |
4551 | + " .long 1b,2b\n" | |
4552 | + ".previous" | |
4553 | + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) | |
4554 | + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS) | |
4555 | + : "memory"); | |
4556 | + return size; | |
4557 | +} | |
4558 | + | |
4559 | +static unsigned long | |
4560 | +__copy_user_zeroing(void *to, const void __user *from, unsigned long size) | |
4561 | +{ | |
4562 | + int __d0, __d1, __d2; | |
4563 | + | |
4564 | + __asm__ __volatile__( | |
4565 | + " movw %w8,%%ds\n" | |
4566 | + " cmp $7,%0\n" | |
4567 | + " jbe 1f\n" | |
4568 | + " movl %1,%0\n" | |
4569 | + " negl %0\n" | |
4570 | + " andl $7,%0\n" | |
4571 | + " subl %0,%3\n" | |
4572 | + "4: rep; movsb\n" | |
4573 | + " movl %3,%0\n" | |
4574 | + " shrl $2,%0\n" | |
4575 | + " andl $3,%3\n" | |
4576 | + " .align 2,0x90\n" | |
4577 | + "0: rep; movsl\n" | |
4578 | + " movl %3,%0\n" | |
4579 | + "1: rep; movsb\n" | |
4580 | + "2:\n" | |
4581 | + " pushl %%ss\n" | |
4582 | + " popl %%ds\n" | |
4583 | + ".section .fixup,\"ax\"\n" | |
4584 | + "5: addl %3,%0\n" | |
4585 | + " jmp 6f\n" | |
4586 | + "3: lea 0(%3,%0,4),%0\n" | |
4587 | + "6: pushl %0\n" | |
4588 | + " pushl %%eax\n" | |
4589 | + " xorl %%eax,%%eax\n" | |
4590 | + " rep; stosb\n" | |
4591 | + " popl %%eax\n" | |
4592 | + " popl %0\n" | |
4593 | + " jmp 2b\n" | |
4594 | + ".previous\n" | |
4595 | + ".section __ex_table,\"a\"\n" | |
4596 | + " .align 4\n" | |
4597 | + " .long 4b,5b\n" | |
4598 | + " .long 0b,3b\n" | |
4599 | + " .long 1b,6b\n" | |
4600 | + ".previous" | |
4601 | + : "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2) | |
4602 | + : "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS) | |
4603 | + : "memory"); | |
4604 | + return size; | |
4605 | +} | |
4606 | ||
4607 | unsigned long __copy_to_user_ll(void __user *to, const void *from, | |
4608 | unsigned long n) | |
4609 | @@ -766,9 +957,9 @@ survive: | |
4610 | } | |
4611 | #endif | |
4612 | if (movsl_is_ok(to, from, n)) | |
4613 | - __copy_user(to, from, n); | |
4614 | + n = __generic_copy_to_user(to, from, n); | |
4615 | else | |
4616 | - n = __copy_user_intel(to, from, n); | |
4617 | + n = __generic_copy_to_user_intel(to, from, n); | |
4618 | return n; | |
4619 | } | |
4620 | EXPORT_SYMBOL(__copy_to_user_ll); | |
4621 | @@ -778,7 +969,7 @@ unsigned long __copy_from_user_ll(void * | |
4622 | { | |
4623 | BUG_ON((long)n < 0); | |
4624 | if (movsl_is_ok(to, from, n)) | |
4625 | - __copy_user_zeroing(to, from, n); | |
4626 | + n = __copy_user_zeroing(to, from, n); | |
4627 | else | |
4628 | n = __copy_user_zeroing_intel(to, from, n); | |
4629 | return n; | |
4630 | @@ -790,10 +981,9 @@ unsigned long __copy_from_user_ll_nozero | |
4631 | { | |
4632 | BUG_ON((long)n < 0); | |
4633 | if (movsl_is_ok(to, from, n)) | |
4634 | - __copy_user(to, from, n); | |
4635 | + n = __generic_copy_from_user(to, from, n); | |
4636 | else | |
4637 | - n = __copy_user_intel((void __user *)to, | |
4638 | - (const void *)from, n); | |
4639 | + n = __generic_copy_from_user_intel(to, from, n); | |
4640 | return n; | |
4641 | } | |
4642 | EXPORT_SYMBOL(__copy_from_user_ll_nozero); | |
4643 | @@ -804,11 +994,11 @@ unsigned long __copy_from_user_ll_nocach | |
4644 | BUG_ON((long)n < 0); | |
4645 | #ifdef CONFIG_X86_INTEL_USERCOPY | |
4646 | if ( n > 64 && cpu_has_xmm2) | |
4647 | - n = __copy_user_zeroing_intel_nocache(to, from, n); | |
4648 | + n = __copy_user_zeroing_intel_nocache(to, from, n); | |
4649 | else | |
4650 | - __copy_user_zeroing(to, from, n); | |
4651 | + n = __copy_user_zeroing(to, from, n); | |
4652 | #else | |
4653 | - __copy_user_zeroing(to, from, n); | |
4654 | + n = __copy_user_zeroing(to, from, n); | |
4655 | #endif | |
4656 | return n; | |
4657 | } | |
4658 | @@ -819,11 +1009,11 @@ unsigned long __copy_from_user_ll_nocach | |
4659 | BUG_ON((long)n < 0); | |
4660 | #ifdef CONFIG_X86_INTEL_USERCOPY | |
4661 | if ( n > 64 && cpu_has_xmm2) | |
4662 | - n = __copy_user_intel_nocache(to, from, n); | |
4663 | + n = __copy_user_intel_nocache(to, from, n); | |
4664 | else | |
4665 | - __copy_user(to, from, n); | |
4666 | + n = __generic_copy_from_user(to, from, n); | |
4667 | #else | |
4668 | - __copy_user(to, from, n); | |
4669 | + n = __generic_copy_from_user(to, from, n); | |
4670 | #endif | |
4671 | return n; | |
4672 | } | |
4673 | @@ -878,3 +1068,44 @@ copy_from_user(void *to, const void __us | |
4674 | return n; | |
4675 | } | |
4676 | EXPORT_SYMBOL(copy_from_user); | |
4677 | + | |
4678 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | |
4679 | +void __set_fs(mm_segment_t x, int cpu) | |
4680 | +{ | |
4681 | + unsigned long limit = x.seg; | |
4682 | + __u32 a, b; | |
4683 | + | |
4684 | + current_thread_info()->addr_limit = x; | |
4685 | + if (likely(limit)) | |
4686 | + limit -= 1UL; | |
4687 | + | |
4688 | + pack_descriptor(&a, &b, 0UL, limit, 0xF3, 0xC); | |
4689 | + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_DS, a, b); | |
4690 | +} | |
4691 | + | |
4692 | +void set_fs(mm_segment_t x) | |
4693 | +{ | |
4694 | + int cpu = get_cpu(); | |
4695 | + | |
4696 | +#ifdef CONFIG_PAX_KERNEXEC | |
4697 | + unsigned long cr0; | |
4698 | + | |
4699 | + pax_open_kernel(cr0); | |
4700 | +#endif | |
4701 | + | |
4702 | + __set_fs(x, cpu); | |
4703 | + | |
4704 | +#ifdef CONFIG_PAX_KERNEXEC | |
4705 | + pax_close_kernel(cr0); | |
4706 | +#endif | |
4707 | + | |
4708 | + put_cpu_no_resched(); | |
4709 | +} | |
4710 | +#else | |
4711 | +void set_fs(mm_segment_t x) | |
4712 | +{ | |
4713 | + current_thread_info()->addr_limit = x; | |
4714 | +} | |
4715 | +#endif | |
4716 | + | |
4717 | +EXPORT_SYMBOL(set_fs); | |
4718 | diff -urNp linux-2.6.19.1/arch/i386/mach-voyager/voyager_smp.c linux-2.6.19.1/arch/i386/mach-voyager/voyager_smp.c | |
4719 | --- linux-2.6.19.1/arch/i386/mach-voyager/voyager_smp.c 2006-11-29 16:57:37.000000000 -0500 | |
4720 | +++ linux-2.6.19.1/arch/i386/mach-voyager/voyager_smp.c 2006-12-03 15:15:45.000000000 -0500 | |
4721 | @@ -1305,7 +1305,7 @@ smp_local_timer_interrupt(void) | |
4722 | per_cpu(prof_counter, cpu); | |
4723 | } | |
4724 | ||
4725 | - update_process_times(user_mode_vm(get_irq_regs())); | |
4726 | + update_process_times(user_mode(get_irq_regs())); | |
4727 | } | |
4728 | ||
4729 | if( ((1<<cpu) & voyager_extended_vic_processors) == 0) | |
4730 | diff -urNp linux-2.6.19.1/arch/i386/mm/boot_ioremap.c linux-2.6.19.1/arch/i386/mm/boot_ioremap.c | |
4731 | --- linux-2.6.19.1/arch/i386/mm/boot_ioremap.c 2006-11-29 16:57:37.000000000 -0500 | |
4732 | +++ linux-2.6.19.1/arch/i386/mm/boot_ioremap.c 2006-12-03 15:15:45.000000000 -0500 | |
4733 | @@ -7,56 +7,35 @@ | |
4734 | * Written by Dave Hansen <haveblue@us.ibm.com> | |
4735 | */ | |
4736 | ||
4737 | - | |
4738 | -/* | |
4739 | - * We need to use the 2-level pagetable functions, but CONFIG_X86_PAE | |
4740 | - * keeps that from happenning. If anyone has a better way, I'm listening. | |
4741 | - * | |
4742 | - * boot_pte_t is defined only if this all works correctly | |
4743 | - */ | |
4744 | - | |
4745 | -#undef CONFIG_X86_PAE | |
4746 | #include <asm/page.h> | |
4747 | #include <asm/pgtable.h> | |
4748 | #include <asm/tlbflush.h> | |
4749 | #include <linux/init.h> | |
4750 | #include <linux/stddef.h> | |
4751 | ||
4752 | -/* | |
4753 | - * I'm cheating here. It is known that the two boot PTE pages are | |
4754 | - * allocated next to each other. I'm pretending that they're just | |
4755 | - * one big array. | |
4756 | - */ | |
4757 | - | |
4758 | -#define BOOT_PTE_PTRS (PTRS_PER_PTE*2) | |
4759 | - | |
4760 | -static unsigned long boot_pte_index(unsigned long vaddr) | |
4761 | -{ | |
4762 | - return __pa(vaddr) >> PAGE_SHIFT; | |
4763 | -} | |
4764 | - | |
4765 | -static inline boot_pte_t* boot_vaddr_to_pte(void *address) | |
4766 | -{ | |
4767 | - boot_pte_t* boot_pg = (boot_pte_t*)pg0; | |
4768 | - return &boot_pg[boot_pte_index((unsigned long)address)]; | |
4769 | -} | |
4770 | - | |
4771 | /* | |
4772 | * This is only for a caller who is clever enough to page-align | |
4773 | * phys_addr and virtual_source, and who also has a preference | |
4774 | * about which virtual address from which to steal ptes | |
4775 | */ | |
4776 | -static void __boot_ioremap(unsigned long phys_addr, unsigned long nrpages, | |
4777 | - void* virtual_source) | |
4778 | +static void __init __boot_ioremap(unsigned long phys_addr, unsigned long nrpages, | |
4779 | + char* virtual_source) | |
4780 | { | |
4781 | - boot_pte_t* pte; | |
4782 | - int i; | |
4783 | - char *vaddr = virtual_source; | |
4784 | + pgd_t *pgd; | |
4785 | + pud_t *pud; | |
4786 | + pmd_t *pmd; | |
4787 | + pte_t* pte; | |
4788 | + unsigned int i; | |
4789 | + unsigned long vaddr = (unsigned long)virtual_source; | |
4790 | + | |
4791 | + pgd = pgd_offset_k(vaddr); | |
4792 | + pud = pud_offset(pgd, vaddr); | |
4793 | + pmd = pmd_offset(pud, vaddr); | |
4794 | + pte = pte_offset_kernel(pmd, vaddr); | |
4795 | ||
4796 | - pte = boot_vaddr_to_pte(virtual_source); | |
4797 | for (i=0; i < nrpages; i++, phys_addr += PAGE_SIZE, pte++) { | |
4798 | set_pte(pte, pfn_pte(phys_addr>>PAGE_SHIFT, PAGE_KERNEL)); | |
4799 | - __flush_tlb_one(&vaddr[i*PAGE_SIZE]); | |
4800 | + __flush_tlb_one(&virtual_source[i*PAGE_SIZE]); | |
4801 | } | |
4802 | } | |
4803 | ||
4804 | diff -urNp linux-2.6.19.1/arch/i386/mm/extable.c linux-2.6.19.1/arch/i386/mm/extable.c | |
4805 | --- linux-2.6.19.1/arch/i386/mm/extable.c 2006-11-29 16:57:37.000000000 -0500 | |
4806 | +++ linux-2.6.19.1/arch/i386/mm/extable.c 2006-12-03 15:15:45.000000000 -0500 | |
4807 | @@ -11,7 +11,7 @@ int fixup_exception(struct pt_regs *regs | |
4808 | const struct exception_table_entry *fixup; | |
4809 | ||
4810 | #ifdef CONFIG_PNPBIOS | |
4811 | - if (unlikely(SEGMENT_IS_PNP_CODE(regs->xcs))) | |
4812 | + if (unlikely(!(regs->eflags & VM_MASK) && SEGMENT_IS_PNP_CODE(regs->xcs))) | |
4813 | { | |
4814 | extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp; | |
4815 | extern u32 pnp_bios_is_utter_crap; | |
4816 | diff -urNp linux-2.6.19.1/arch/i386/mm/fault.c linux-2.6.19.1/arch/i386/mm/fault.c | |
4817 | --- linux-2.6.19.1/arch/i386/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
4818 | +++ linux-2.6.19.1/arch/i386/mm/fault.c 2006-12-03 15:15:45.000000000 -0500 | |
4819 | @@ -22,6 +22,9 @@ | |
4820 | #include <linux/highmem.h> | |
4821 | #include <linux/module.h> | |
4822 | #include <linux/kprobes.h> | |
4823 | +#include <linux/unistd.h> | |
4824 | +#include <linux/compiler.h> | |
4825 | +#include <linux/binfmts.h> | |
4826 | ||
4827 | #include <asm/system.h> | |
4828 | #include <asm/uaccess.h> | |
4829 | @@ -104,7 +107,8 @@ static inline unsigned long get_segment_ | |
4830 | { | |
4831 | unsigned long eip = regs->eip; | |
4832 | unsigned seg = regs->xcs & 0xffff; | |
4833 | - u32 seg_ar, seg_limit, base, *desc; | |
4834 | + u32 seg_ar, seg_limit, base; | |
4835 | + struct desc_struct *desc; | |
4836 | ||
4837 | /* Unlikely, but must come before segment checks. */ | |
4838 | if (unlikely(regs->eflags & VM_MASK)) { | |
4839 | @@ -118,7 +122,7 @@ static inline unsigned long get_segment_ | |
4840 | ||
4841 | /* By far the most common cases. */ | |
4842 | if (likely(SEGMENT_IS_FLAT_CODE(seg))) | |
4843 | - return eip; | |
4844 | + return eip + (seg == __KERNEL_CS ? __KERNEL_TEXT_OFFSET : 0); | |
4845 | ||
4846 | /* Check the segment exists, is within the current LDT/GDT size, | |
4847 | that kernel/user (ring 0..3) has the appropriate privilege, | |
4848 | @@ -136,16 +140,14 @@ static inline unsigned long get_segment_ | |
4849 | if (seg & (1<<2)) { | |
4850 | /* Must lock the LDT while reading it. */ | |
4851 | down(¤t->mm->context.sem); | |
4852 | - desc = current->mm->context.ldt; | |
4853 | - desc = (void *)desc + (seg & ~7); | |
4854 | + desc = ¤t->mm->context.ldt[seg >> 3]; | |
4855 | } else { | |
4856 | /* Must disable preemption while reading the GDT. */ | |
4857 | - desc = (u32 *)get_cpu_gdt_table(get_cpu()); | |
4858 | - desc = (void *)desc + (seg & ~7); | |
4859 | + desc = &get_cpu_gdt_table(get_cpu())[seg >> 3]; | |
4860 | } | |
4861 | ||
4862 | /* Decode the code segment base from the descriptor */ | |
4863 | - base = get_desc_base((unsigned long *)desc); | |
4864 | + base = get_desc_base(desc); | |
4865 | ||
4866 | if (seg & (1<<2)) { | |
4867 | up(¤t->mm->context.sem); | |
4868 | @@ -246,6 +248,30 @@ static noinline void force_sig_info_faul | |
4869 | ||
4870 | fastcall void do_invalid_op(struct pt_regs *, unsigned long); | |
4871 | ||
4872 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
4873 | +static int pax_handle_fetch_fault(struct pt_regs *regs); | |
4874 | +#endif | |
4875 | + | |
4876 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4877 | +static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address) | |
4878 | +{ | |
4879 | + pgd_t *pgd; | |
4880 | + pud_t *pud; | |
4881 | + pmd_t *pmd; | |
4882 | + | |
4883 | + pgd = pgd_offset(mm, address); | |
4884 | + if (!pgd_present(*pgd)) | |
4885 | + return NULL; | |
4886 | + pud = pud_offset(pgd, address); | |
4887 | + if (!pud_present(*pud)) | |
4888 | + return NULL; | |
4889 | + pmd = pmd_offset(pud, address); | |
4890 | + if (!pmd_present(*pmd)) | |
4891 | + return NULL; | |
4892 | + return pmd; | |
4893 | +} | |
4894 | +#endif | |
4895 | + | |
4896 | static inline pmd_t *vmalloc_sync_one(pgd_t *pgd, unsigned long address) | |
4897 | { | |
4898 | unsigned index = pgd_index(address); | |
4899 | @@ -326,14 +352,20 @@ fastcall void __kprobes do_page_fault(st | |
4900 | struct task_struct *tsk; | |
4901 | struct mm_struct *mm; | |
4902 | struct vm_area_struct * vma; | |
4903 | - unsigned long address; | |
4904 | - unsigned long page; | |
4905 | int write, si_code; | |
4906 | ||
4907 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4908 | + pmd_t *pmd; | |
4909 | + pte_t *pte; | |
4910 | + spinlock_t *ptl; | |
4911 | + unsigned char pte_mask; | |
4912 | +#endif | |
4913 | + | |
4914 | /* get the address */ | |
4915 | - address = read_cr2(); | |
4916 | + const unsigned long address = read_cr2(); | |
4917 | ||
4918 | tsk = current; | |
4919 | + mm = tsk->mm; | |
4920 | ||
4921 | si_code = SEGV_MAPERR; | |
4922 | ||
4923 | @@ -372,14 +404,12 @@ fastcall void __kprobes do_page_fault(st | |
4924 | if (regs->eflags & (X86_EFLAGS_IF|VM_MASK)) | |
4925 | local_irq_enable(); | |
4926 | ||
4927 | - mm = tsk->mm; | |
4928 | - | |
4929 | /* | |
4930 | * If we're in an interrupt, have no user context or are running in an | |
4931 | * atomic region then we must not take the fault.. | |
4932 | */ | |
4933 | if (in_atomic() || !mm) | |
4934 | - goto bad_area_nosemaphore; | |
4935 | + goto bad_area_nopax; | |
4936 | ||
4937 | /* When running in the kernel we expect faults to occur only to | |
4938 | * addresses in user space. All other faults represent errors in the | |
4939 | @@ -399,10 +429,101 @@ fastcall void __kprobes do_page_fault(st | |
4940 | if (!down_read_trylock(&mm->mmap_sem)) { | |
4941 | if ((error_code & 4) == 0 && | |
4942 | !search_exception_tables(regs->eip)) | |
4943 | - goto bad_area_nosemaphore; | |
4944 | + goto bad_area_nopax; | |
4945 | down_read(&mm->mmap_sem); | |
4946 | } | |
4947 | ||
4948 | +#ifdef CONFIG_PAX_PAGEEXEC | |
4949 | + if (unlikely((error_code & 5) != 5 || | |
4950 | + (regs->eflags & X86_EFLAGS_VM) || | |
4951 | + !(mm->pax_flags & MF_PAX_PAGEEXEC))) | |
4952 | + goto not_pax_fault; | |
4953 | + | |
4954 | + /* PaX: it's our fault, let's handle it if we can */ | |
4955 | + | |
4956 | + /* PaX: take a look at read faults before acquiring any locks */ | |
4957 | + if (unlikely(!(error_code & 2) && (regs->eip == address))) { | |
4958 | + /* instruction fetch attempt from a protected page in user mode */ | |
4959 | + up_read(&mm->mmap_sem); | |
4960 | + | |
4961 | +#ifdef CONFIG_PAX_EMUTRAMP | |
4962 | + switch (pax_handle_fetch_fault(regs)) { | |
4963 | + case 2: | |
4964 | + return; | |
4965 | + } | |
4966 | +#endif | |
4967 | + | |
4968 | + pax_report_fault(regs, (void*)regs->eip, (void*)regs->esp); | |
4969 | + do_exit(SIGKILL); | |
4970 | + } | |
4971 | + | |
4972 | + pmd = pax_get_pmd(mm, address); | |
4973 | + if (unlikely(!pmd)) | |
4974 | + goto not_pax_fault; | |
4975 | + | |
4976 | + pte = pte_offset_map_lock(mm, pmd, address, &ptl); | |
4977 | + if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) { | |
4978 | + pte_unmap_unlock(pte, ptl); | |
4979 | + goto not_pax_fault; | |
4980 | + } | |
4981 | + | |
4982 | + if (unlikely((error_code & 2) && !pte_write(*pte))) { | |
4983 | + /* write attempt to a protected page in user mode */ | |
4984 | + pte_unmap_unlock(pte, ptl); | |
4985 | + goto not_pax_fault; | |
4986 | + } | |
4987 | + | |
4988 | +#ifdef CONFIG_SMP | |
4989 | + if (likely(address > get_limit(regs->xcs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask))) | |
4990 | +#else | |
4991 | + if (likely(address > get_limit(regs->xcs))) | |
4992 | +#endif | |
4993 | + { | |
4994 | + set_pte(pte, pte_mkread(*pte)); | |
4995 | + __flush_tlb_one(address); | |
4996 | + pte_unmap_unlock(pte, ptl); | |
4997 | + up_read(&mm->mmap_sem); | |
4998 | + return; | |
4999 | + } | |
5000 | + | |
5001 | + pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & 2) << (_PAGE_BIT_DIRTY-1)); | |
5002 | + | |
5003 | + /* | |
5004 | + * PaX: fill DTLB with user rights and retry | |
5005 | + */ | |
5006 | + __asm__ __volatile__ ( | |
5007 | + "movw %w4,%%ds\n" | |
5008 | + "orb %2,%%ss:(%1)\n" | |
5009 | +#if defined(CONFIG_M586) || defined(CONFIG_M586TSC) | |
5010 | +/* | |
5011 | + * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's | |
5012 | + * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any* | |
5013 | + * page fault when examined during a TLB load attempt. this is true not only | |
5014 | + * for PTEs holding a non-present entry but also present entries that will | |
5015 | + * raise a page fault (such as those set up by PaX, or the copy-on-write | |
5016 | + * mechanism). in effect it means that we do *not* need to flush the TLBs | |
5017 | + * for our target pages since their PTEs are simply not in the TLBs at all. | |
5018 | + | |
5019 | + * the best thing in omitting it is that we gain around 15-20% speed in the | |
5020 | + * fast path of the page fault handler and can get rid of tracing since we | |
5021 | + * can no longer flush unintended entries. | |
5022 | + */ | |
5023 | + "invlpg (%0)\n" | |
5024 | +#endif | |
5025 | + "testb $0,(%0)\n" | |
5026 | + "xorb %3,%%ss:(%1)\n" | |
5027 | + "pushl %%ss\n" | |
5028 | + "popl %%ds\n" | |
5029 | + : | |
5030 | + : "q" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER), "r" (__USER_DS) | |
5031 | + : "memory", "cc"); | |
5032 | + pte_unmap_unlock(pte, ptl); | |
5033 | + up_read(&mm->mmap_sem); | |
5034 | + return; | |
5035 | + | |
5036 | +not_pax_fault: | |
5037 | +#endif | |
5038 | + | |
5039 | vma = find_vma(mm, address); | |
5040 | if (!vma) | |
5041 | goto bad_area; | |
5042 | @@ -484,6 +605,36 @@ bad_area: | |
5043 | up_read(&mm->mmap_sem); | |
5044 | ||
5045 | bad_area_nosemaphore: | |
5046 | + | |
5047 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
5048 | + if (mm && (error_code & 4) && !(regs->eflags & X86_EFLAGS_VM)) { | |
5049 | + | |
5050 | +#ifdef CONFIG_PAX_PAGEEXEC | |
5051 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(error_code & 3) && (regs->eip == address)) { | |
5052 | + pax_report_fault(regs, (void*)regs->eip, (void*)regs->esp); | |
5053 | + do_exit(SIGKILL); | |
5054 | + } | |
5055 | +#endif | |
5056 | + | |
5057 | +#ifdef CONFIG_PAX_SEGMEXEC | |
5058 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & 3) && (regs->eip + SEGMEXEC_TASK_SIZE == address)) { | |
5059 | + | |
5060 | +#ifdef CONFIG_PAX_EMUTRAMP | |
5061 | + switch (pax_handle_fetch_fault(regs)) { | |
5062 | + case 2: | |
5063 | + return; | |
5064 | + } | |
5065 | +#endif | |
5066 | + | |
5067 | + pax_report_fault(regs, (void*)regs->eip, (void*)regs->esp); | |
5068 | + do_exit(SIGKILL); | |
5069 | + } | |
5070 | +#endif | |
5071 | + | |
5072 | + } | |
5073 | +#endif | |
5074 | + | |
5075 | +bad_area_nopax: | |
5076 | /* User mode accesses just cause a SIGSEGV */ | |
5077 | if (error_code & 4) { | |
5078 | /* | |
5079 | @@ -551,6 +702,22 @@ no_context: | |
5080 | if (address < PAGE_SIZE) | |
5081 | printk(KERN_ALERT "BUG: unable to handle kernel NULL " | |
5082 | "pointer dereference"); | |
5083 | + | |
5084 | +#ifdef CONFIG_PAX_KERNEXEC | |
5085 | +#ifdef CONFIG_MODULES | |
5086 | + else if (init_mm.start_code <= address && address < (unsigned long)MODULES_END) { | |
5087 | +#else | |
5088 | + else if (init_mm.start_code <= address && address < init_mm.end_code) { | |
5089 | +#endif | |
5090 | + if (tsk->signal->curr_ip) | |
5091 | + printk(KERN_ERR "PAX: From %u.%u.%u.%u: %s:%d, uid/euid: %u/%u, attempted to modify kernel code", | |
5092 | + NIPQUAD(tsk->signal->curr_ip), tsk->comm, tsk->pid, tsk->uid, tsk->euid); | |
5093 | + else | |
5094 | + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code", | |
5095 | + tsk->comm, tsk->pid, tsk->uid, tsk->euid); | |
5096 | + } | |
5097 | +#endif | |
5098 | + | |
5099 | else | |
5100 | printk(KERN_ALERT "BUG: unable to handle kernel paging" | |
5101 | " request"); | |
5102 | @@ -558,24 +725,34 @@ no_context: | |
5103 | printk(KERN_ALERT " printing eip:\n"); | |
5104 | printk("%08lx\n", regs->eip); | |
5105 | } | |
5106 | - page = read_cr3(); | |
5107 | - page = ((unsigned long *) __va(page))[address >> 22]; | |
5108 | - if (oops_may_print()) | |
5109 | - printk(KERN_ALERT "*pde = %08lx\n", page); | |
5110 | - /* | |
5111 | - * We must not directly access the pte in the highpte | |
5112 | - * case, the page table might be allocated in highmem. | |
5113 | - * And lets rather not kmap-atomic the pte, just in case | |
5114 | - * it's allocated already. | |
5115 | - */ | |
5116 | + | |
5117 | + if (oops_may_print()) { | |
5118 | + unsigned long index = pgd_index(address); | |
5119 | + pgd_t *pgd; | |
5120 | + pud_t *pud; | |
5121 | + pmd_t *pmd; | |
5122 | + pte_t *pte; | |
5123 | + | |
5124 | + pgd = index + (pgd_t *)__va(read_cr3()); | |
5125 | + printk(KERN_ALERT "*pgd = %*llx\n", sizeof(*pgd), (unsigned long long)pgd_val(*pgd)); | |
5126 | + if (pgd_present(*pgd)) { | |
5127 | + pud = pud_offset(pgd, address); | |
5128 | + pmd = pmd_offset(pud, address); | |
5129 | + printk(KERN_ALERT "*pmd = %*llx\n", sizeof(*pmd), (unsigned long long)pmd_val(*pmd)); | |
5130 | + /* | |
5131 | + * We must not directly access the pte in the highpte | |
5132 | + * case, the page table might be allocated in highmem. | |
5133 | + * And lets rather not kmap-atomic the pte, just in case | |
5134 | + * it's allocated already. | |
5135 | + */ | |
5136 | #ifndef CONFIG_HIGHPTE | |
5137 | - if ((page & 1) && oops_may_print()) { | |
5138 | - page &= PAGE_MASK; | |
5139 | - address &= 0x003ff000; | |
5140 | - page = ((unsigned long *) __va(page))[address >> PAGE_SHIFT]; | |
5141 | - printk(KERN_ALERT "*pte = %08lx\n", page); | |
5142 | - } | |
5143 | + if (pmd_present(*pmd) && !pmd_large(*pmd)) { | |
5144 | + pte = pte_offset_kernel(pmd, address); | |
5145 | + printk(KERN_ALERT "*pte = %*llx\n", sizeof(*pte), (unsigned long long)pte_val(*pte)); | |
5146 | + } | |
5147 | #endif | |
5148 | + } | |
5149 | + } | |
5150 | tsk->thread.cr2 = address; | |
5151 | tsk->thread.trap_no = 14; | |
5152 | tsk->thread.error_code = error_code; | |
5153 | @@ -652,3 +829,101 @@ void vmalloc_sync_all(void) | |
5154 | } | |
5155 | } | |
5156 | #endif | |
5157 | + | |
5158 | +#ifdef CONFIG_PAX_EMUTRAMP | |
5159 | +/* | |
5160 | + * PaX: decide what to do with offenders (regs->eip = fault address) | |
5161 | + * | |
5162 | + * returns 1 when task should be killed | |
5163 | + * 2 when gcc trampoline was detected | |
5164 | + */ | |
5165 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
5166 | +{ | |
5167 | + | |
5168 | + static const unsigned char trans[8] = {6, 1, 2, 0, 13, 5, 3, 4}; | |
5169 | + int err; | |
5170 | + | |
5171 | + if (regs->eflags & X86_EFLAGS_VM) | |
5172 | + return 1; | |
5173 | + | |
5174 | + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP)) | |
5175 | + return 1; | |
5176 | + | |
5177 | + do { /* PaX: gcc trampoline emulation #1 */ | |
5178 | + unsigned char mov1, mov2; | |
5179 | + unsigned short jmp; | |
5180 | + unsigned long addr1, addr2; | |
5181 | + | |
5182 | + err = get_user(mov1, (unsigned char __user *)regs->eip); | |
5183 | + err |= get_user(addr1, (unsigned long __user *)(regs->eip + 1)); | |
5184 | + err |= get_user(mov2, (unsigned char __user *)(regs->eip + 5)); | |
5185 | + err |= get_user(addr2, (unsigned long __user *)(regs->eip + 6)); | |
5186 | + err |= get_user(jmp, (unsigned short __user *)(regs->eip + 10)); | |
5187 | + | |
5188 | + if (err) | |
5189 | + break; | |
5190 | + | |
5191 | + if ((mov1 & 0xF8) == 0xB8 && | |
5192 | + (mov2 & 0xF8) == 0xB8 && | |
5193 | + (mov1 & 0x07) != (mov2 & 0x07) && | |
5194 | + (jmp & 0xF8FF) == 0xE0FF && | |
5195 | + (mov2 & 0x07) == ((jmp>>8) & 0x07)) | |
5196 | + { | |
5197 | + ((unsigned long *)regs)[trans[mov1 & 0x07]] = addr1; | |
5198 | + ((unsigned long *)regs)[trans[mov2 & 0x07]] = addr2; | |
5199 | + regs->eip = addr2; | |
5200 | + return 2; | |
5201 | + } | |
5202 | + } while (0); | |
5203 | + | |
5204 | + do { /* PaX: gcc trampoline emulation #2 */ | |
5205 | + unsigned char mov, jmp; | |
5206 | + unsigned long addr1, addr2; | |
5207 | + | |
5208 | + err = get_user(mov, (unsigned char __user *)regs->eip); | |
5209 | + err |= get_user(addr1, (unsigned long __user *)(regs->eip + 1)); | |
5210 | + err |= get_user(jmp, (unsigned char __user *)(regs->eip + 5)); | |
5211 | + err |= get_user(addr2, (unsigned long __user *)(regs->eip + 6)); | |
5212 | + | |
5213 | + if (err) | |
5214 | + break; | |
5215 | + | |
5216 | + if ((mov & 0xF8) == 0xB8 && | |
5217 | + jmp == 0xE9) | |
5218 | + { | |
5219 | + ((unsigned long *)regs)[trans[mov & 0x07]] = addr1; | |
5220 | + regs->eip += addr2 + 10; | |
5221 | + return 2; | |
5222 | + } | |
5223 | + } while (0); | |
5224 | + | |
5225 | + return 1; /* PaX in action */ | |
5226 | +} | |
5227 | +#endif | |
5228 | + | |
5229 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
5230 | +void pax_report_insns(void *pc, void *sp) | |
5231 | +{ | |
5232 | + long i; | |
5233 | + | |
5234 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
5235 | + for (i = 0; i < 20; i++) { | |
5236 | + unsigned char c; | |
5237 | + if (get_user(c, (unsigned char __user *)pc+i)) | |
5238 | + printk("?? "); | |
5239 | + else | |
5240 | + printk("%02x ", c); | |
5241 | + } | |
5242 | + printk("\n"); | |
5243 | + | |
5244 | + printk(KERN_ERR "PAX: bytes at SP-4: "); | |
5245 | + for (i = -1; i < 20; i++) { | |
5246 | + unsigned long c; | |
5247 | + if (get_user(c, (unsigned long __user *)sp+i)) | |
5248 | + printk("???????? "); | |
5249 | + else | |
5250 | + printk("%08lx ", c); | |
5251 | + } | |
5252 | + printk("\n"); | |
5253 | +} | |
5254 | +#endif | |
5255 | diff -urNp linux-2.6.19.1/arch/i386/mm/hugetlbpage.c linux-2.6.19.1/arch/i386/mm/hugetlbpage.c | |
5256 | --- linux-2.6.19.1/arch/i386/mm/hugetlbpage.c 2006-11-29 16:57:37.000000000 -0500 | |
5257 | +++ linux-2.6.19.1/arch/i386/mm/hugetlbpage.c 2006-12-03 15:15:45.000000000 -0500 | |
5258 | @@ -120,7 +120,12 @@ static unsigned long hugetlb_get_unmappe | |
5259 | { | |
5260 | struct mm_struct *mm = current->mm; | |
5261 | struct vm_area_struct *vma; | |
5262 | - unsigned long start_addr; | |
5263 | + unsigned long start_addr, task_size = TASK_SIZE; | |
5264 | + | |
5265 | +#ifdef CONFIG_PAX_SEGMEXEC | |
5266 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
5267 | + task_size = SEGMEXEC_TASK_SIZE; | |
5268 | +#endif | |
5269 | ||
5270 | if (len > mm->cached_hole_size) { | |
5271 | start_addr = mm->free_area_cache; | |
5272 | @@ -134,7 +139,7 @@ full_search: | |
5273 | ||
5274 | for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { | |
5275 | /* At this point: (!vma || addr < vma->vm_end). */ | |
5276 | - if (TASK_SIZE - len < addr) { | |
5277 | + if (task_size - len < addr) { | |
5278 | /* | |
5279 | * Start a new search - just in case we missed | |
5280 | * some holes. | |
5281 | @@ -162,9 +167,8 @@ static unsigned long hugetlb_get_unmappe | |
5282 | { | |
5283 | struct mm_struct *mm = current->mm; | |
5284 | struct vm_area_struct *vma, *prev_vma; | |
5285 | - unsigned long base = mm->mmap_base, addr = addr0; | |
5286 | + unsigned long base = mm->mmap_base, addr; | |
5287 | unsigned long largest_hole = mm->cached_hole_size; | |
5288 | - int first_time = 1; | |
5289 | ||
5290 | /* don't allow allocations above current base */ | |
5291 | if (mm->free_area_cache > base) | |
5292 | @@ -174,7 +178,7 @@ static unsigned long hugetlb_get_unmappe | |
5293 | largest_hole = 0; | |
5294 | mm->free_area_cache = base; | |
5295 | } | |
5296 | -try_again: | |
5297 | + | |
5298 | /* make sure it can fit in the remaining address space */ | |
5299 | if (mm->free_area_cache < len) | |
5300 | goto fail; | |
5301 | @@ -216,16 +220,6 @@ try_again: | |
5302 | ||
5303 | fail: | |
5304 | /* | |
5305 | - * if hint left us with no space for the requested | |
5306 | - * mapping then try again: | |
5307 | - */ | |
5308 | - if (first_time) { | |
5309 | - mm->free_area_cache = base; | |
5310 | - largest_hole = 0; | |
5311 | - first_time = 0; | |
5312 | - goto try_again; | |
5313 | - } | |
5314 | - /* | |
5315 | * A failed mmap() very likely causes application failure, | |
5316 | * so fall back to the bottom-up function here. This scenario | |
5317 | * can happen with large stack limits and large mmap() | |
5318 | @@ -251,16 +245,23 @@ hugetlb_get_unmapped_area(struct file *f | |
5319 | { | |
5320 | struct mm_struct *mm = current->mm; | |
5321 | struct vm_area_struct *vma; | |
5322 | + unsigned long task_size = TASK_SIZE; | |
5323 | ||
5324 | if (len & ~HPAGE_MASK) | |
5325 | return -EINVAL; | |
5326 | - if (len > TASK_SIZE) | |
5327 | + | |
5328 | +#ifdef CONFIG_PAX_SEGMEXEC | |
5329 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
5330 | + task_size = SEGMEXEC_TASK_SIZE; | |
5331 | +#endif | |
5332 | + | |
5333 | + if (len > task_size || addr > task_size - len) | |
5334 | return -ENOMEM; | |
5335 | ||
5336 | if (addr) { | |
5337 | addr = ALIGN(addr, HPAGE_SIZE); | |
5338 | vma = find_vma(mm, addr); | |
5339 | - if (TASK_SIZE - len >= addr && | |
5340 | + if (task_size - len >= addr && | |
5341 | (!vma || addr + len <= vma->vm_start)) | |
5342 | return addr; | |
5343 | } | |
5344 | diff -urNp linux-2.6.19.1/arch/i386/mm/init.c linux-2.6.19.1/arch/i386/mm/init.c | |
5345 | --- linux-2.6.19.1/arch/i386/mm/init.c 2006-11-29 16:57:37.000000000 -0500 | |
5346 | +++ linux-2.6.19.1/arch/i386/mm/init.c 2006-12-03 15:15:45.000000000 -0500 | |
5347 | @@ -42,6 +42,7 @@ | |
5348 | #include <asm/tlb.h> | |
5349 | #include <asm/tlbflush.h> | |
5350 | #include <asm/sections.h> | |
5351 | +#include <asm/desc.h> | |
5352 | ||
5353 | unsigned int __VMALLOC_RESERVE = 128 << 20; | |
5354 | ||
5355 | @@ -51,30 +52,6 @@ unsigned long highstart_pfn, highend_pfn | |
5356 | static int noinline do_test_wp_bit(void); | |
5357 | ||
5358 | /* | |
5359 | - * Creates a middle page table and puts a pointer to it in the | |
5360 | - * given global directory entry. This only returns the gd entry | |
5361 | - * in non-PAE compilation mode, since the middle layer is folded. | |
5362 | - */ | |
5363 | -static pmd_t * __init one_md_table_init(pgd_t *pgd) | |
5364 | -{ | |
5365 | - pud_t *pud; | |
5366 | - pmd_t *pmd_table; | |
5367 | - | |
5368 | -#ifdef CONFIG_X86_PAE | |
5369 | - pmd_table = (pmd_t *) alloc_bootmem_low_pages(PAGE_SIZE); | |
5370 | - set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT)); | |
5371 | - pud = pud_offset(pgd, 0); | |
5372 | - if (pmd_table != pmd_offset(pud, 0)) | |
5373 | - BUG(); | |
5374 | -#else | |
5375 | - pud = pud_offset(pgd, 0); | |
5376 | - pmd_table = pmd_offset(pud, 0); | |
5377 | -#endif | |
5378 | - | |
5379 | - return pmd_table; | |
5380 | -} | |
5381 | - | |
5382 | -/* | |
5383 | * Create a page table and place a pointer to it in a middle page | |
5384 | * directory entry. | |
5385 | */ | |
5386 | @@ -82,7 +59,11 @@ static pte_t * __init one_page_table_ini | |
5387 | { | |
5388 | if (pmd_none(*pmd)) { | |
5389 | pte_t *page_table = (pte_t *) alloc_bootmem_low_pages(PAGE_SIZE); | |
5390 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
5391 | + set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE)); | |
5392 | +#else | |
5393 | set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE)); | |
5394 | +#endif | |
5395 | if (page_table != pte_offset_kernel(pmd, 0)) | |
5396 | BUG(); | |
5397 | ||
5398 | @@ -117,8 +98,6 @@ static void __init page_table_range_init | |
5399 | pgd = pgd_base + pgd_idx; | |
5400 | ||
5401 | for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) { | |
5402 | - if (pgd_none(*pgd)) | |
5403 | - one_md_table_init(pgd); | |
5404 | pud = pud_offset(pgd, vaddr); | |
5405 | pmd = pmd_offset(pud, vaddr); | |
5406 | for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end); pmd++, pmd_idx++) { | |
5407 | @@ -131,11 +110,22 @@ static void __init page_table_range_init | |
5408 | } | |
5409 | } | |
5410 | ||
5411 | -static inline int is_kernel_text(unsigned long addr) | |
5412 | +static inline int is_kernel_text(unsigned long start, unsigned long end) | |
5413 | { | |
5414 | - if (addr >= PAGE_OFFSET && addr <= (unsigned long)__init_end) | |
5415 | - return 1; | |
5416 | - return 0; | |
5417 | + unsigned long etext; | |
5418 | + | |
5419 | +#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC) | |
5420 | + etext = (unsigned long)&MODULES_END - __KERNEL_TEXT_OFFSET; | |
5421 | +#else | |
5422 | + etext = (unsigned long)&_etext; | |
5423 | +#endif | |
5424 | + | |
5425 | + if ((start > etext + __KERNEL_TEXT_OFFSET || | |
5426 | + end <= (unsigned long)_stext + __KERNEL_TEXT_OFFSET) && | |
5427 | + (start > (unsigned long)_einittext + __KERNEL_TEXT_OFFSET || | |
5428 | + end <= (unsigned long)_sinittext + __KERNEL_TEXT_OFFSET)) | |
5429 | + return 0; | |
5430 | + return 1; | |
5431 | } | |
5432 | ||
5433 | /* | |
5434 | @@ -147,26 +137,24 @@ static void __init kernel_physical_mappi | |
5435 | { | |
5436 | unsigned long pfn; | |
5437 | pgd_t *pgd; | |
5438 | + pud_t *pud; | |
5439 | pmd_t *pmd; | |
5440 | pte_t *pte; | |
5441 | - int pgd_idx, pmd_idx, pte_ofs; | |
5442 | + unsigned int pgd_idx, pmd_idx, pte_ofs; | |
5443 | ||
5444 | pgd_idx = pgd_index(PAGE_OFFSET); | |
5445 | pgd = pgd_base + pgd_idx; | |
5446 | pfn = 0; | |
5447 | ||
5448 | - for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) { | |
5449 | - pmd = one_md_table_init(pgd); | |
5450 | - if (pfn >= max_low_pfn) | |
5451 | - continue; | |
5452 | + for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) { | |
5453 | + pud = pud_offset(pgd, 0); | |
5454 | + pmd = pmd_offset(pud, 0); | |
5455 | for (pmd_idx = 0; pmd_idx < PTRS_PER_PMD && pfn < max_low_pfn; pmd++, pmd_idx++) { | |
5456 | - unsigned int address = pfn * PAGE_SIZE + PAGE_OFFSET; | |
5457 | + unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET; | |
5458 | ||
5459 | /* Map with big pages if possible, otherwise create normal page tables. */ | |
5460 | if (cpu_has_pse) { | |
5461 | - unsigned int address2 = (pfn + PTRS_PER_PTE - 1) * PAGE_SIZE + PAGE_OFFSET + PAGE_SIZE-1; | |
5462 | - | |
5463 | - if (is_kernel_text(address) || is_kernel_text(address2)) | |
5464 | + if (is_kernel_text(address, address + PMD_SIZE)) | |
5465 | set_pmd(pmd, pfn_pmd(pfn, PAGE_KERNEL_LARGE_EXEC)); | |
5466 | else | |
5467 | set_pmd(pmd, pfn_pmd(pfn, PAGE_KERNEL_LARGE)); | |
5468 | @@ -175,7 +163,7 @@ static void __init kernel_physical_mappi | |
5469 | pte = one_page_table_init(pmd); | |
5470 | ||
5471 | for (pte_ofs = 0; pte_ofs < PTRS_PER_PTE && pfn < max_low_pfn; pte++, pfn++, pte_ofs++) { | |
5472 | - if (is_kernel_text(address)) | |
5473 | + if (is_kernel_text(address, address + PAGE_SIZE)) | |
5474 | set_pte(pte, pfn_pte(pfn, PAGE_KERNEL_EXEC)); | |
5475 | else | |
5476 | set_pte(pte, pfn_pte(pfn, PAGE_KERNEL)); | |
5477 | @@ -342,13 +330,6 @@ static void __init pagetable_init (void) | |
5478 | unsigned long vaddr; | |
5479 | pgd_t *pgd_base = swapper_pg_dir; | |
5480 | ||
5481 | -#ifdef CONFIG_X86_PAE | |
5482 | - int i; | |
5483 | - /* Init entries of the first-level page table to the zero page */ | |
5484 | - for (i = 0; i < PTRS_PER_PGD; i++) | |
5485 | - set_pgd(pgd_base + i, __pgd(__pa(empty_zero_page) | _PAGE_PRESENT)); | |
5486 | -#endif | |
5487 | - | |
5488 | /* Enable PSE if available */ | |
5489 | if (cpu_has_pse) { | |
5490 | set_in_cr4(X86_CR4_PSE); | |
5491 | @@ -372,17 +353,6 @@ static void __init pagetable_init (void) | |
5492 | page_table_range_init(vaddr, 0, pgd_base); | |
5493 | ||
5494 | permanent_kmaps_init(pgd_base); | |
5495 | - | |
5496 | -#ifdef CONFIG_X86_PAE | |
5497 | - /* | |
5498 | - * Add low memory identity-mappings - SMP needs it when | |
5499 | - * starting up on an AP from real-mode. In the non-PAE | |
5500 | - * case we already have these mappings through head.S. | |
5501 | - * All user-space mappings are explicitly cleared after | |
5502 | - * SMP startup. | |
5503 | - */ | |
5504 | - set_pgd(&pgd_base[0], pgd_base[USER_PTRS_PER_PGD]); | |
5505 | -#endif | |
5506 | } | |
5507 | ||
5508 | #if defined(CONFIG_SOFTWARE_SUSPEND) || defined(CONFIG_ACPI_SLEEP) | |
5509 | @@ -424,7 +394,6 @@ void zap_low_mappings (void) | |
5510 | flush_tlb_all(); | |
5511 | } | |
5512 | ||
5513 | -static int disable_nx __initdata = 0; | |
5514 | u64 __supported_pte_mask __read_mostly = ~_PAGE_NX; | |
5515 | ||
5516 | /* | |
5517 | @@ -438,13 +407,10 @@ u64 __supported_pte_mask __read_mostly = | |
5518 | static int __init noexec_setup(char *str) | |
5519 | { | |
5520 | if (!str || !strcmp(str, "on")) { | |
5521 | - if (cpu_has_nx) { | |
5522 | - __supported_pte_mask |= _PAGE_NX; | |
5523 | - disable_nx = 0; | |
5524 | - } | |
5525 | + if (cpu_has_nx) | |
5526 | + nx_enabled = 1; | |
5527 | } else if (!strcmp(str,"off")) { | |
5528 | - disable_nx = 1; | |
5529 | - __supported_pte_mask &= ~_PAGE_NX; | |
5530 | + nx_enabled = 0; | |
5531 | } else | |
5532 | return -EINVAL; | |
5533 | ||
5534 | @@ -457,17 +423,13 @@ int nx_enabled = 0; | |
5535 | ||
5536 | static void __init set_nx(void) | |
5537 | { | |
5538 | - unsigned int v[4], l, h; | |
5539 | + if (!nx_enabled && cpu_has_nx) { | |
5540 | + unsigned l, h; | |
5541 | ||
5542 | - if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) { | |
5543 | - cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]); | |
5544 | - if ((v[3] & (1 << 20)) && !disable_nx) { | |
5545 | - rdmsr(MSR_EFER, l, h); | |
5546 | - l |= EFER_NX; | |
5547 | - wrmsr(MSR_EFER, l, h); | |
5548 | - nx_enabled = 1; | |
5549 | - __supported_pte_mask |= _PAGE_NX; | |
5550 | - } | |
5551 | + __supported_pte_mask &= ~_PAGE_NX; | |
5552 | + rdmsr(MSR_EFER, l, h); | |
5553 | + l &= ~EFER_NX; | |
5554 | + wrmsr(MSR_EFER, l, h); | |
5555 | } | |
5556 | } | |
5557 | ||
5558 | @@ -520,14 +482,6 @@ void __init paging_init(void) | |
5559 | ||
5560 | load_cr3(swapper_pg_dir); | |
5561 | ||
5562 | -#ifdef CONFIG_X86_PAE | |
5563 | - /* | |
5564 | - * We will bail out later - printk doesn't work right now so | |
5565 | - * the user would just see a hanging kernel. | |
5566 | - */ | |
5567 | - if (cpu_has_pae) | |
5568 | - set_in_cr4(X86_CR4_PAE); | |
5569 | -#endif | |
5570 | __flush_tlb_all(); | |
5571 | ||
5572 | kmap_init(); | |
5573 | @@ -598,7 +552,7 @@ void __init mem_init(void) | |
5574 | set_highmem_pages_init(bad_ppro); | |
5575 | ||
5576 | codesize = (unsigned long) &_etext - (unsigned long) &_text; | |
5577 | - datasize = (unsigned long) &_edata - (unsigned long) &_etext; | |
5578 | + datasize = (unsigned long) &_edata - (unsigned long) &_data; | |
5579 | initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; | |
5580 | ||
5581 | kclist_add(&kcore_mem, __va(0), max_low_pfn << PAGE_SHIFT); | |
5582 | @@ -643,10 +597,10 @@ void __init mem_init(void) | |
5583 | (unsigned long)&__init_begin, (unsigned long)&__init_end, | |
5584 | ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, | |
5585 | ||
5586 | - (unsigned long)&_etext, (unsigned long)&_edata, | |
5587 | - ((unsigned long)&_edata - (unsigned long)&_etext) >> 10, | |
5588 | + (unsigned long)&_data, (unsigned long)&_edata, | |
5589 | + ((unsigned long)&_edata - (unsigned long)&_data) >> 10, | |
5590 | ||
5591 | - (unsigned long)&_text, (unsigned long)&_etext, | |
5592 | + (unsigned long)&_text + __KERNEL_TEXT_OFFSET, (unsigned long)&_etext + __KERNEL_TEXT_OFFSET, | |
5593 | ((unsigned long)&_etext - (unsigned long)&_text) >> 10); | |
5594 | ||
5595 | #ifdef CONFIG_HIGHMEM | |
5596 | @@ -657,10 +611,6 @@ void __init mem_init(void) | |
5597 | BUG_ON((unsigned long)high_memory > VMALLOC_START); | |
5598 | #endif /* double-sanity-check paranoia */ | |
5599 | ||
5600 | -#ifdef CONFIG_X86_PAE | |
5601 | - if (!cpu_has_pae) | |
5602 | - panic("cannot execute a PAE-enabled kernel on a PAE-less CPU!"); | |
5603 | -#endif | |
5604 | if (boot_cpu_data.wp_works_ok < 0) | |
5605 | test_wp_bit(); | |
5606 | ||
5607 | @@ -789,6 +739,38 @@ void free_init_pages(char *what, unsigne | |
5608 | ||
5609 | void free_initmem(void) | |
5610 | { | |
5611 | + | |
5612 | +#ifdef CONFIG_PAX_KERNEXEC | |
5613 | + /* PaX: limit KERNEL_CS to actual size */ | |
5614 | + unsigned long addr, limit; | |
5615 | + __u32 a, b; | |
5616 | + int cpu; | |
5617 | + pgd_t *pgd; | |
5618 | + pud_t *pud; | |
5619 | + pmd_t *pmd; | |
5620 | + | |
5621 | +#ifdef CONFIG_MODULES | |
5622 | + limit = (unsigned long)&MODULES_END - __KERNEL_TEXT_OFFSET; | |
5623 | +#else | |
5624 | + limit = (unsigned long)&_etext; | |
5625 | +#endif | |
5626 | + limit = (limit - 1UL) >> PAGE_SHIFT; | |
5627 | + | |
5628 | + for (cpu = 0; cpu < NR_CPUS; cpu++) { | |
5629 | + pack_descriptor(&a, &b, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC); | |
5630 | + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, a, b); | |
5631 | + } | |
5632 | + | |
5633 | + /* PaX: make KERNEL_CS read-only */ | |
5634 | + for (addr = __KERNEL_TEXT_OFFSET; addr < (unsigned long)&_data; addr += PMD_SIZE) { | |
5635 | + pgd = pgd_offset_k(addr); | |
5636 | + pud = pud_offset(pgd, addr); | |
5637 | + pmd = pmd_offset(pud, addr); | |
5638 | + set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW)); | |
5639 | + } | |
5640 | + flush_tlb_all(); | |
5641 | +#endif | |
5642 | + | |
5643 | free_init_pages("unused kernel memory", | |
5644 | (unsigned long)(&__init_begin), | |
5645 | (unsigned long)(&__init_end)); | |
5646 | diff -urNp linux-2.6.19.1/arch/i386/mm/mmap.c linux-2.6.19.1/arch/i386/mm/mmap.c | |
5647 | --- linux-2.6.19.1/arch/i386/mm/mmap.c 2006-11-29 16:57:37.000000000 -0500 | |
5648 | +++ linux-2.6.19.1/arch/i386/mm/mmap.c 2006-12-03 15:15:45.000000000 -0500 | |
5649 | @@ -34,12 +34,18 @@ | |
5650 | * Leave an at least ~128 MB hole. | |
5651 | */ | |
5652 | #define MIN_GAP (128*1024*1024) | |
5653 | -#define MAX_GAP (TASK_SIZE/6*5) | |
5654 | +#define MAX_GAP (task_size/6*5) | |
5655 | ||
5656 | static inline unsigned long mmap_base(struct mm_struct *mm) | |
5657 | { | |
5658 | unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur; | |
5659 | unsigned long random_factor = 0; | |
5660 | + unsigned long task_size = TASK_SIZE; | |
5661 | + | |
5662 | +#ifdef CONFIG_PAX_SEGMEXEC | |
5663 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
5664 | + task_size = SEGMEXEC_TASK_SIZE; | |
5665 | +#endif | |
5666 | ||
5667 | if (current->flags & PF_RANDOMIZE) | |
5668 | random_factor = get_random_int() % (1024*1024); | |
5669 | @@ -49,7 +55,7 @@ static inline unsigned long mmap_base(st | |
5670 | else if (gap > MAX_GAP) | |
5671 | gap = MAX_GAP; | |
5672 | ||
5673 | - return PAGE_ALIGN(TASK_SIZE - gap - random_factor); | |
5674 | + return PAGE_ALIGN(task_size - gap - random_factor); | |
5675 | } | |
5676 | ||
5677 | /* | |
5678 | @@ -66,10 +72,22 @@ void arch_pick_mmap_layout(struct mm_str | |
5679 | (current->personality & ADDR_COMPAT_LAYOUT) || | |
5680 | current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY) { | |
5681 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
5682 | + | |
5683 | +#ifdef CONFIG_PAX_RANDMMAP | |
5684 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
5685 | + mm->mmap_base += mm->delta_mmap; | |
5686 | +#endif | |
5687 | + | |
5688 | mm->get_unmapped_area = arch_get_unmapped_area; | |
5689 | mm->unmap_area = arch_unmap_area; | |
5690 | } else { | |
5691 | mm->mmap_base = mmap_base(mm); | |
5692 | + | |
5693 | +#ifdef CONFIG_PAX_RANDMMAP | |
5694 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
5695 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
5696 | +#endif | |
5697 | + | |
5698 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
5699 | mm->unmap_area = arch_unmap_area_topdown; | |
5700 | } | |
5701 | diff -urNp linux-2.6.19.1/arch/i386/mm/pageattr.c linux-2.6.19.1/arch/i386/mm/pageattr.c | |
5702 | --- linux-2.6.19.1/arch/i386/mm/pageattr.c 2006-11-29 16:57:37.000000000 -0500 | |
5703 | +++ linux-2.6.19.1/arch/i386/mm/pageattr.c 2006-12-03 15:15:45.000000000 -0500 | |
5704 | @@ -13,6 +13,7 @@ | |
5705 | #include <asm/tlbflush.h> | |
5706 | #include <asm/pgalloc.h> | |
5707 | #include <asm/sections.h> | |
5708 | +#include <asm/desc.h> | |
5709 | ||
5710 | static DEFINE_SPINLOCK(cpa_lock); | |
5711 | static struct list_head df_list = LIST_HEAD_INIT(df_list); | |
5712 | @@ -83,7 +84,18 @@ static void set_pmd_pte(pte_t *kpte, uns | |
5713 | struct page *page; | |
5714 | unsigned long flags; | |
5715 | ||
5716 | +#ifdef CONFIG_PAX_KERNEXEC | |
5717 | + unsigned long cr0; | |
5718 | + | |
5719 | + pax_open_kernel(cr0); | |
5720 | +#endif | |
5721 | + | |
5722 | set_pte_atomic(kpte, pte); /* change init_mm */ | |
5723 | + | |
5724 | +#ifdef CONFIG_PAX_KERNEXEC | |
5725 | + pax_close_kernel(cr0); | |
5726 | +#endif | |
5727 | + | |
5728 | if (PTRS_PER_PMD > 1) | |
5729 | return; | |
5730 | ||
5731 | @@ -110,7 +122,7 @@ static inline void revert_page(struct pa | |
5732 | pte_t *linear; | |
5733 | ||
5734 | ref_prot = | |
5735 | - ((address & LARGE_PAGE_MASK) < (unsigned long)&_etext) | |
5736 | + ((address & LARGE_PAGE_MASK) < (unsigned long)&_etext + __KERNEL_TEXT_OFFSET) | |
5737 | ? PAGE_KERNEL_LARGE_EXEC : PAGE_KERNEL_LARGE; | |
5738 | ||
5739 | linear = (pte_t *) | |
5740 | @@ -142,7 +154,7 @@ __change_page_attr(struct page *page, pg | |
5741 | struct page *split; | |
5742 | ||
5743 | ref_prot = | |
5744 | - ((address & LARGE_PAGE_MASK) < (unsigned long)&_etext) | |
5745 | + ((address & LARGE_PAGE_MASK) < (unsigned long)&_etext + __KERNEL_TEXT_OFFSET) | |
5746 | ? PAGE_KERNEL_EXEC : PAGE_KERNEL; | |
5747 | split = split_large_page(address, prot, ref_prot); | |
5748 | if (!split) | |
5749 | diff -urNp linux-2.6.19.1/arch/i386/oprofile/backtrace.c linux-2.6.19.1/arch/i386/oprofile/backtrace.c | |
5750 | --- linux-2.6.19.1/arch/i386/oprofile/backtrace.c 2006-11-29 16:57:37.000000000 -0500 | |
5751 | +++ linux-2.6.19.1/arch/i386/oprofile/backtrace.c 2006-12-03 15:15:45.000000000 -0500 | |
5752 | @@ -116,7 +116,7 @@ x86_backtrace(struct pt_regs * const reg | |
5753 | head = (struct frame_head *)regs->ebp; | |
5754 | #endif | |
5755 | ||
5756 | - if (!user_mode_vm(regs)) { | |
5757 | + if (!user_mode(regs)) { | |
5758 | while (depth-- && valid_kernel_stack(head, regs)) | |
5759 | head = dump_kernel_backtrace(head); | |
5760 | return; | |
5761 | diff -urNp linux-2.6.19.1/arch/i386/oprofile/op_model_p4.c linux-2.6.19.1/arch/i386/oprofile/op_model_p4.c | |
5762 | --- linux-2.6.19.1/arch/i386/oprofile/op_model_p4.c 2006-11-29 16:57:37.000000000 -0500 | |
5763 | +++ linux-2.6.19.1/arch/i386/oprofile/op_model_p4.c 2006-12-03 15:15:45.000000000 -0500 | |
5764 | @@ -47,7 +47,7 @@ static inline void setup_num_counters(vo | |
5765 | #endif | |
5766 | } | |
5767 | ||
5768 | -static int inline addr_increment(void) | |
5769 | +static inline int addr_increment(void) | |
5770 | { | |
5771 | #ifdef CONFIG_SMP | |
5772 | return smp_num_siblings == 2 ? 2 : 1; | |
5773 | diff -urNp linux-2.6.19.1/arch/i386/pci/early.c linux-2.6.19.1/arch/i386/pci/early.c | |
5774 | --- linux-2.6.19.1/arch/i386/pci/early.c 2006-11-29 16:57:37.000000000 -0500 | |
5775 | +++ linux-2.6.19.1/arch/i386/pci/early.c 2006-12-03 15:15:45.000000000 -0500 | |
5776 | @@ -7,7 +7,7 @@ | |
5777 | /* Direct PCI access. This is used for PCI accesses in early boot before | |
5778 | the PCI subsystem works. */ | |
5779 | ||
5780 | -#define PDprintk(x...) | |
5781 | +#define PDprintk(x...) do {} while (0) | |
5782 | ||
5783 | u32 read_pci_config(u8 bus, u8 slot, u8 func, u8 offset) | |
5784 | { | |
5785 | diff -urNp linux-2.6.19.1/arch/i386/power/cpu.c linux-2.6.19.1/arch/i386/power/cpu.c | |
5786 | --- linux-2.6.19.1/arch/i386/power/cpu.c 2006-11-29 16:57:37.000000000 -0500 | |
5787 | +++ linux-2.6.19.1/arch/i386/power/cpu.c 2006-12-03 15:15:45.000000000 -0500 | |
5788 | @@ -63,7 +63,7 @@ static void do_fpu_end(void) | |
5789 | static void fix_processor_context(void) | |
5790 | { | |
5791 | int cpu = smp_processor_id(); | |
5792 | - struct tss_struct * t = &per_cpu(init_tss, cpu); | |
5793 | + struct tss_struct * t = init_tss + cpu; | |
5794 | ||
5795 | set_tss_desc(cpu,t); /* This just modifies memory; should not be necessary. But... This is necessary, because 386 hardware has concept of busy TSS or some similar stupidity. */ | |
5796 | ||
5797 | diff -urNp linux-2.6.19.1/arch/ia64/ia32/binfmt_elf32.c linux-2.6.19.1/arch/ia64/ia32/binfmt_elf32.c | |
5798 | --- linux-2.6.19.1/arch/ia64/ia32/binfmt_elf32.c 2006-11-29 16:57:37.000000000 -0500 | |
5799 | +++ linux-2.6.19.1/arch/ia64/ia32/binfmt_elf32.c 2006-12-03 15:15:45.000000000 -0500 | |
5800 | @@ -45,6 +45,17 @@ randomize_stack_top(unsigned long stack_ | |
5801 | ||
5802 | #define elf_read_implies_exec(ex, have_pt_gnu_stack) (!(have_pt_gnu_stack)) | |
5803 | ||
5804 | +#ifdef CONFIG_PAX_ASLR | |
5805 | +#define PAX_ELF_ET_DYN_BASE(tsk) ((tsk)->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL) | |
5806 | + | |
5807 | +#define PAX_DELTA_MMAP_LSB(tsk) IA32_PAGE_SHIFT | |
5808 | +#define PAX_DELTA_MMAP_LEN(tsk) ((tsk)->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - IA32_PAGE_SHIFT) | |
5809 | +#define PAX_DELTA_EXEC_LSB(tsk) IA32_PAGE_SHIFT | |
5810 | +#define PAX_DELTA_EXEC_LEN(tsk) ((tsk)->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - IA32_PAGE_SHIFT) | |
5811 | +#define PAX_DELTA_STACK_LSB(tsk) IA32_PAGE_SHIFT | |
5812 | +#define PAX_DELTA_STACK_LEN(tsk) ((tsk)->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - IA32_PAGE_SHIFT) | |
5813 | +#endif | |
5814 | + | |
5815 | /* Ugly but avoids duplication */ | |
5816 | #include "../../../fs/binfmt_elf.c" | |
5817 | ||
5818 | diff -urNp linux-2.6.19.1/arch/ia64/ia32/ia32priv.h linux-2.6.19.1/arch/ia64/ia32/ia32priv.h | |
5819 | --- linux-2.6.19.1/arch/ia64/ia32/ia32priv.h 2006-11-29 16:57:37.000000000 -0500 | |
5820 | +++ linux-2.6.19.1/arch/ia64/ia32/ia32priv.h 2006-12-03 15:15:46.000000000 -0500 | |
5821 | @@ -304,7 +304,14 @@ struct old_linux32_dirent { | |
5822 | #define ELF_DATA ELFDATA2LSB | |
5823 | #define ELF_ARCH EM_386 | |
5824 | ||
5825 | -#define IA32_STACK_TOP IA32_PAGE_OFFSET | |
5826 | +#ifdef CONFIG_PAX_RANDUSTACK | |
5827 | +#define __IA32_DELTA_STACK (current->mm->delta_stack) | |
5828 | +#else | |
5829 | +#define __IA32_DELTA_STACK 0UL | |
5830 | +#endif | |
5831 | + | |
5832 | +#define IA32_STACK_TOP (IA32_PAGE_OFFSET - __IA32_DELTA_STACK) | |
5833 | + | |
5834 | #define IA32_GATE_OFFSET IA32_PAGE_OFFSET | |
5835 | #define IA32_GATE_END IA32_PAGE_OFFSET + PAGE_SIZE | |
5836 | ||
5837 | diff -urNp linux-2.6.19.1/arch/ia64/kernel/module.c linux-2.6.19.1/arch/ia64/kernel/module.c | |
5838 | --- linux-2.6.19.1/arch/ia64/kernel/module.c 2006-11-29 16:57:37.000000000 -0500 | |
5839 | +++ linux-2.6.19.1/arch/ia64/kernel/module.c 2006-12-03 15:15:46.000000000 -0500 | |
5840 | @@ -321,7 +321,7 @@ module_alloc (unsigned long size) | |
5841 | void | |
5842 | module_free (struct module *mod, void *module_region) | |
5843 | { | |
5844 | - if (mod->arch.init_unw_table && module_region == mod->module_init) { | |
5845 | + if (mod->arch.init_unw_table && module_region == mod->module_init_rx) { | |
5846 | unw_remove_unwind_table(mod->arch.init_unw_table); | |
5847 | mod->arch.init_unw_table = NULL; | |
5848 | } | |
5849 | @@ -499,15 +499,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd | |
5850 | } | |
5851 | ||
5852 | static inline int | |
5853 | +in_init_rx (const struct module *mod, uint64_t addr) | |
5854 | +{ | |
5855 | + return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx; | |
5856 | +} | |
5857 | + | |
5858 | +static inline int | |
5859 | +in_init_rw (const struct module *mod, uint64_t addr) | |
5860 | +{ | |
5861 | + return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw; | |
5862 | +} | |
5863 | + | |
5864 | +static inline int | |
5865 | in_init (const struct module *mod, uint64_t addr) | |
5866 | { | |
5867 | - return addr - (uint64_t) mod->module_init < mod->init_size; | |
5868 | + return in_init_rx(mod, value) || in_init_rw(mod, value); | |
5869 | +} | |
5870 | + | |
5871 | +static inline int | |
5872 | +in_core_rx (const struct module *mod, uint64_t addr) | |
5873 | +{ | |
5874 | + return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx; | |
5875 | +} | |
5876 | + | |
5877 | +static inline int | |
5878 | +in_core_rw (const struct module *mod, uint64_t addr) | |
5879 | +{ | |
5880 | + return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw; | |
5881 | } | |
5882 | ||
5883 | static inline int | |
5884 | in_core (const struct module *mod, uint64_t addr) | |
5885 | { | |
5886 | - return addr - (uint64_t) mod->module_core < mod->core_size; | |
5887 | + return in_core_rx(mod, value) || in_core_rw(mod, value); | |
5888 | } | |
5889 | ||
5890 | static inline int | |
5891 | @@ -691,7 +715,14 @@ do_reloc (struct module *mod, uint8_t r_ | |
5892 | break; | |
5893 | ||
5894 | case RV_BDREL: | |
5895 | - val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core); | |
5896 | + if (in_init_rx(mod, val)) | |
5897 | + val -= (uint64_t) mod->module_init_rx; | |
5898 | + else if (in_init_rw(mod, val)) | |
5899 | + val -= (uint64_t) mod->module_init_rw; | |
5900 | + else if (in_core_rx(mod, val)) | |
5901 | + val -= (uint64_t) mod->module_core_rx; | |
5902 | + else if (in_core_rw(mod, val)) | |
5903 | + val -= (uint64_t) mod->module_core_rw; | |
5904 | break; | |
5905 | ||
5906 | case RV_LTV: | |
5907 | @@ -825,15 +856,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs, | |
5908 | * addresses have been selected... | |
5909 | */ | |
5910 | uint64_t gp; | |
5911 | - if (mod->core_size > MAX_LTOFF) | |
5912 | + if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF) | |
5913 | /* | |
5914 | * This takes advantage of fact that SHF_ARCH_SMALL gets allocated | |
5915 | * at the end of the module. | |
5916 | */ | |
5917 | - gp = mod->core_size - MAX_LTOFF / 2; | |
5918 | + gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2; | |
5919 | else | |
5920 | - gp = mod->core_size / 2; | |
5921 | - gp = (uint64_t) mod->module_core + ((gp + 7) & -8); | |
5922 | + gp = (mod->core_size_rx + mod->core_size_rw) / 2; | |
5923 | + gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8); | |
5924 | mod->arch.gp = gp; | |
5925 | DEBUGP("%s: placing gp at 0x%lx\n", __FUNCTION__, gp); | |
5926 | } | |
5927 | diff -urNp linux-2.6.19.1/arch/ia64/kernel/ptrace.c linux-2.6.19.1/arch/ia64/kernel/ptrace.c | |
5928 | --- linux-2.6.19.1/arch/ia64/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
5929 | +++ linux-2.6.19.1/arch/ia64/kernel/ptrace.c 2006-12-03 15:15:46.000000000 -0500 | |
5930 | @@ -17,6 +17,7 @@ | |
c3e8c1b5 | 5931 | #include <linux/audit.h> |
5932 | #include <linux/signal.h> | |
b6fa5d20 | 5933 | #include <linux/vs_base.h> |
c3e8c1b5 | 5934 | +#include <linux/grsecurity.h> |
5935 | ||
5936 | #include <asm/pgtable.h> | |
5937 | #include <asm/processor.h> | |
5938 | @@ -1446,6 +1447,9 @@ sys_ptrace (long request, pid_t pid, uns | |
5939 | if (pid == 1) /* no messing around with init! */ | |
5940 | goto out_tsk; | |
5941 | ||
5942 | + if (gr_handle_ptrace(child, request)) | |
5943 | + goto out_tsk; | |
5944 | + | |
5945 | if (request == PTRACE_ATTACH) { | |
5946 | ret = ptrace_attach(child); | |
5947 | goto out_tsk; | |
5948 | diff -urNp linux-2.6.19.1/arch/ia64/kernel/sys_ia64.c linux-2.6.19.1/arch/ia64/kernel/sys_ia64.c | |
5949 | --- linux-2.6.19.1/arch/ia64/kernel/sys_ia64.c 2006-11-29 16:57:37.000000000 -0500 | |
5950 | +++ linux-2.6.19.1/arch/ia64/kernel/sys_ia64.c 2006-12-03 15:15:46.000000000 -0500 | |
5951 | @@ -37,6 +37,13 @@ arch_get_unmapped_area (struct file *fil | |
5952 | if (REGION_NUMBER(addr) == RGN_HPAGE) | |
5953 | addr = 0; | |
5954 | #endif | |
5955 | + | |
5956 | +#ifdef CONFIG_PAX_RANDMMAP | |
5957 | + if ((mm->pax_flags & MF_PAX_RANDMMAP) && addr && filp) | |
5958 | + addr = mm->free_area_cache; | |
5959 | + else | |
5960 | +#endif | |
5961 | + | |
5962 | if (!addr) | |
5963 | addr = mm->free_area_cache; | |
5964 | ||
5965 | @@ -55,9 +62,9 @@ arch_get_unmapped_area (struct file *fil | |
5966 | for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { | |
5967 | /* At this point: (!vma || addr < vma->vm_end). */ | |
5968 | if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) { | |
5969 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
5970 | + if (start_addr != mm->mmap_base) { | |
5971 | /* Start a new search --- just in case we missed some holes. */ | |
5972 | - addr = TASK_UNMAPPED_BASE; | |
5973 | + addr = mm->mmap_base; | |
5974 | goto full_search; | |
5975 | } | |
5976 | return -ENOMEM; | |
5977 | diff -urNp linux-2.6.19.1/arch/ia64/mm/fault.c linux-2.6.19.1/arch/ia64/mm/fault.c | |
5978 | --- linux-2.6.19.1/arch/ia64/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
5979 | +++ linux-2.6.19.1/arch/ia64/mm/fault.c 2006-12-03 15:15:46.000000000 -0500 | |
5980 | @@ -10,6 +10,7 @@ | |
c3e8c1b5 | 5981 | #include <linux/interrupt.h> |
5982 | #include <linux/kprobes.h> | |
b6fa5d20 | 5983 | #include <linux/vs_memory.h> |
c3e8c1b5 | 5984 | +#include <linux/binfmts.h> |
5985 | ||
5986 | #include <asm/pgtable.h> | |
5987 | #include <asm/processor.h> | |
5988 | @@ -85,6 +86,23 @@ mapped_kernel_page_is_present (unsigned | |
5989 | return pte_present(pte); | |
5990 | } | |
5991 | ||
5992 | +#ifdef CONFIG_PAX_PAGEEXEC | |
5993 | +void pax_report_insns(void *pc, void *sp) | |
5994 | +{ | |
5995 | + unsigned long i; | |
5996 | + | |
5997 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
5998 | + for (i = 0; i < 8; i++) { | |
5999 | + unsigned int c; | |
6000 | + if (get_user(c, (unsigned int*)pc+i)) | |
6001 | + printk("???????? "); | |
6002 | + else | |
6003 | + printk("%08x ", c); | |
6004 | + } | |
6005 | + printk("\n"); | |
6006 | +} | |
6007 | +#endif | |
6008 | + | |
6009 | void __kprobes | |
6010 | ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs) | |
6011 | { | |
6012 | @@ -152,9 +170,23 @@ ia64_do_page_fault (unsigned long addres | |
6013 | mask = ( (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT) | |
6014 | | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT)); | |
6015 | ||
6016 | - if ((vma->vm_flags & mask) != mask) | |
6017 | + if ((vma->vm_flags & mask) != mask) { | |
6018 | + | |
6019 | +#ifdef CONFIG_PAX_PAGEEXEC | |
6020 | + if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) { | |
6021 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip) | |
6022 | + goto bad_area; | |
6023 | + | |
6024 | + up_read(&mm->mmap_sem); | |
6025 | + pax_report_fault(regs, (void*)regs->cr_iip, (void*)regs->r12); | |
6026 | + do_exit(SIGKILL); | |
6027 | + } | |
6028 | +#endif | |
6029 | + | |
6030 | goto bad_area; | |
6031 | ||
6032 | + } | |
6033 | + | |
6034 | survive: | |
6035 | /* | |
6036 | * If for any reason at all we couldn't handle the fault, make | |
6037 | diff -urNp linux-2.6.19.1/arch/ia64/mm/init.c linux-2.6.19.1/arch/ia64/mm/init.c | |
6038 | --- linux-2.6.19.1/arch/ia64/mm/init.c 2006-11-29 16:57:37.000000000 -0500 | |
6039 | +++ linux-2.6.19.1/arch/ia64/mm/init.c 2006-12-03 15:15:46.000000000 -0500 | |
6040 | @@ -19,8 +19,8 @@ | |
6041 | #include <linux/swap.h> | |
6042 | #include <linux/proc_fs.h> | |
6043 | #include <linux/bitops.h> | |
6044 | +#include <linux/a.out.h> | |
6045 | ||
6046 | -#include <asm/a.out.h> | |
6047 | #include <asm/dma.h> | |
6048 | #include <asm/ia32.h> | |
6049 | #include <asm/io.h> | |
6050 | diff -urNp linux-2.6.19.1/arch/mips/kernel/binfmt_elfn32.c linux-2.6.19.1/arch/mips/kernel/binfmt_elfn32.c | |
6051 | --- linux-2.6.19.1/arch/mips/kernel/binfmt_elfn32.c 2006-11-29 16:57:37.000000000 -0500 | |
6052 | +++ linux-2.6.19.1/arch/mips/kernel/binfmt_elfn32.c 2006-12-03 15:15:49.000000000 -0500 | |
6053 | @@ -50,6 +50,17 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N | |
6054 | #undef ELF_ET_DYN_BASE | |
6055 | #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) | |
6056 | ||
6057 | +#ifdef CONFIG_PAX_ASLR | |
6058 | +#define PAX_ELF_ET_DYN_BASE(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL) | |
6059 | + | |
6060 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
6061 | +#define PAX_DELTA_MMAP_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
6062 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
6063 | +#define PAX_DELTA_EXEC_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
6064 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
6065 | +#define PAX_DELTA_STACK_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
6066 | +#endif | |
6067 | + | |
6068 | #include <asm/processor.h> | |
6069 | #include <linux/module.h> | |
6070 | #include <linux/elfcore.h> | |
6071 | diff -urNp linux-2.6.19.1/arch/mips/kernel/binfmt_elfo32.c linux-2.6.19.1/arch/mips/kernel/binfmt_elfo32.c | |
6072 | --- linux-2.6.19.1/arch/mips/kernel/binfmt_elfo32.c 2006-11-29 16:57:37.000000000 -0500 | |
6073 | +++ linux-2.6.19.1/arch/mips/kernel/binfmt_elfo32.c 2006-12-03 15:15:49.000000000 -0500 | |
6074 | @@ -52,6 +52,17 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N | |
6075 | #undef ELF_ET_DYN_BASE | |
6076 | #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) | |
6077 | ||
6078 | +#ifdef CONFIG_PAX_ASLR | |
6079 | +#define PAX_ELF_ET_DYN_BASE(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL) | |
6080 | + | |
6081 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
6082 | +#define PAX_DELTA_MMAP_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
6083 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
6084 | +#define PAX_DELTA_EXEC_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
6085 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
6086 | +#define PAX_DELTA_STACK_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
6087 | +#endif | |
6088 | + | |
6089 | #include <asm/processor.h> | |
6090 | #include <linux/module.h> | |
6091 | #include <linux/elfcore.h> | |
6092 | diff -urNp linux-2.6.19.1/arch/mips/kernel/syscall.c linux-2.6.19.1/arch/mips/kernel/syscall.c | |
6093 | --- linux-2.6.19.1/arch/mips/kernel/syscall.c 2006-11-29 16:57:37.000000000 -0500 | |
6094 | +++ linux-2.6.19.1/arch/mips/kernel/syscall.c 2006-12-03 15:15:49.000000000 -0500 | |
6095 | @@ -88,6 +88,11 @@ unsigned long arch_get_unmapped_area(str | |
6096 | do_color_align = 0; | |
6097 | if (filp || (flags & MAP_SHARED)) | |
6098 | do_color_align = 1; | |
6099 | + | |
6100 | +#ifdef CONFIG_PAX_RANDMMAP | |
6101 | + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP) || !filp) | |
6102 | +#endif | |
6103 | + | |
6104 | if (addr) { | |
6105 | if (do_color_align) | |
6106 | addr = COLOUR_ALIGN(addr, pgoff); | |
6107 | @@ -98,7 +103,7 @@ unsigned long arch_get_unmapped_area(str | |
6108 | (!vmm || addr + len <= vmm->vm_start)) | |
6109 | return addr; | |
6110 | } | |
6111 | - addr = TASK_UNMAPPED_BASE; | |
6112 | + addr = current->mm->mmap_base; | |
6113 | if (do_color_align) | |
6114 | addr = COLOUR_ALIGN(addr, pgoff); | |
6115 | else | |
6116 | diff -urNp linux-2.6.19.1/arch/mips/mm/fault.c linux-2.6.19.1/arch/mips/mm/fault.c | |
6117 | --- linux-2.6.19.1/arch/mips/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
6118 | +++ linux-2.6.19.1/arch/mips/mm/fault.c 2006-12-03 15:15:49.000000000 -0500 | |
6119 | @@ -27,6 +27,23 @@ | |
6120 | #include <asm/ptrace.h> | |
6121 | #include <asm/highmem.h> /* For VMALLOC_END */ | |
6122 | ||
6123 | +#ifdef CONFIG_PAX_PAGEEXEC | |
6124 | +void pax_report_insns(void *pc) | |
6125 | +{ | |
6126 | + unsigned long i; | |
6127 | + | |
6128 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
6129 | + for (i = 0; i < 5; i++) { | |
6130 | + unsigned int c; | |
6131 | + if (get_user(c, (unsigned int*)pc+i)) | |
6132 | + printk("???????? "); | |
6133 | + else | |
6134 | + printk("%08x ", c); | |
6135 | + } | |
6136 | + printk("\n"); | |
6137 | +} | |
6138 | +#endif | |
6139 | + | |
6140 | /* | |
6141 | * This routine handles page faults. It determines the address, | |
6142 | * and the problem, and then passes it off to one of the appropriate | |
6143 | diff -urNp linux-2.6.19.1/arch/parisc/kernel/module.c linux-2.6.19.1/arch/parisc/kernel/module.c | |
6144 | --- linux-2.6.19.1/arch/parisc/kernel/module.c 2006-11-29 16:57:37.000000000 -0500 | |
6145 | +++ linux-2.6.19.1/arch/parisc/kernel/module.c 2006-12-03 15:15:50.000000000 -0500 | |
6146 | @@ -72,16 +72,38 @@ | |
6147 | ||
6148 | /* three functions to determine where in the module core | |
6149 | * or init pieces the location is */ | |
6150 | +static inline int in_init_rx(struct module *me, void *loc) | |
6151 | +{ | |
6152 | + return (loc >= me->module_init_rx && | |
6153 | + loc < (me->module_init_rx + me->init_size_rx)); | |
6154 | +} | |
6155 | + | |
6156 | +static inline int in_init_rw(struct module *me, void *loc) | |
6157 | +{ | |
6158 | + return (loc >= me->module_init_rw && | |
6159 | + loc < (me->module_init_rw + me->init_size_rw)); | |
6160 | +} | |
6161 | + | |
6162 | static inline int in_init(struct module *me, void *loc) | |
6163 | { | |
6164 | - return (loc >= me->module_init && | |
6165 | - loc <= (me->module_init + me->init_size)); | |
6166 | + return in_init_rx(me, loc) || in_init_rw(me, loc); | |
6167 | +} | |
6168 | + | |
6169 | +static inline int in_core_rx(struct module *me, void *loc) | |
6170 | +{ | |
6171 | + return (loc >= me->module_core_rx && | |
6172 | + loc < (me->module_core_rx + me->core_size_rx)); | |
6173 | +} | |
6174 | + | |
6175 | +static inline int in_core_rw(struct module *me, void *loc) | |
6176 | +{ | |
6177 | + return (loc >= me->module_core_rw && | |
6178 | + loc < (me->module_core_rw + me->core_size_rw)); | |
6179 | } | |
6180 | ||
6181 | static inline int in_core(struct module *me, void *loc) | |
6182 | { | |
6183 | - return (loc >= me->module_core && | |
6184 | - loc <= (me->module_core + me->core_size)); | |
6185 | + return in_core_rx(me, loc) || in_core_rw(me, loc); | |
6186 | } | |
6187 | ||
6188 | static inline int in_local(struct module *me, void *loc) | |
6189 | @@ -295,21 +317,21 @@ int module_frob_arch_sections(CONST Elf_ | |
6190 | } | |
6191 | ||
6192 | /* align things a bit */ | |
6193 | - me->core_size = ALIGN(me->core_size, 16); | |
6194 | - me->arch.got_offset = me->core_size; | |
6195 | - me->core_size += gots * sizeof(struct got_entry); | |
6196 | - | |
6197 | - me->core_size = ALIGN(me->core_size, 16); | |
6198 | - me->arch.fdesc_offset = me->core_size; | |
6199 | - me->core_size += fdescs * sizeof(Elf_Fdesc); | |
6200 | - | |
6201 | - me->core_size = ALIGN(me->core_size, 16); | |
6202 | - me->arch.stub_offset = me->core_size; | |
6203 | - me->core_size += stubs * sizeof(struct stub_entry); | |
6204 | - | |
6205 | - me->init_size = ALIGN(me->init_size, 16); | |
6206 | - me->arch.init_stub_offset = me->init_size; | |
6207 | - me->init_size += init_stubs * sizeof(struct stub_entry); | |
6208 | + me->core_size_rw = ALIGN(me->core_size_rw, 16); | |
6209 | + me->arch.got_offset = me->core_size_rw; | |
6210 | + me->core_size_rw += gots * sizeof(struct got_entry); | |
6211 | + | |
6212 | + me->core_size_rw = ALIGN(me->core_size_rw, 16); | |
6213 | + me->arch.fdesc_offset = me->core_size_rw; | |
6214 | + me->core_size_rw += fdescs * sizeof(Elf_Fdesc); | |
6215 | + | |
6216 | + me->core_size_rx = ALIGN(me->core_size_rx, 16); | |
6217 | + me->arch.stub_offset = me->core_size_rx; | |
6218 | + me->core_size_rx += stubs * sizeof(struct stub_entry); | |
6219 | + | |
6220 | + me->init_size_rx = ALIGN(me->init_size_rx, 16); | |
6221 | + me->arch.init_stub_offset = me->init_size_rx; | |
6222 | + me->init_size_rx += init_stubs * sizeof(struct stub_entry); | |
6223 | ||
6224 | me->arch.got_max = gots; | |
6225 | me->arch.fdesc_max = fdescs; | |
6226 | @@ -329,7 +351,7 @@ static Elf64_Word get_got(struct module | |
6227 | ||
6228 | BUG_ON(value == 0); | |
6229 | ||
6230 | - got = me->module_core + me->arch.got_offset; | |
6231 | + got = me->module_core_rw + me->arch.got_offset; | |
6232 | for (i = 0; got[i].addr; i++) | |
6233 | if (got[i].addr == value) | |
6234 | goto out; | |
6235 | @@ -347,7 +369,7 @@ static Elf64_Word get_got(struct module | |
6236 | #ifdef __LP64__ | |
6237 | static Elf_Addr get_fdesc(struct module *me, unsigned long value) | |
6238 | { | |
6239 | - Elf_Fdesc *fdesc = me->module_core + me->arch.fdesc_offset; | |
6240 | + Elf_Fdesc *fdesc = me->module_core_rw + me->arch.fdesc_offset; | |
6241 | ||
6242 | if (!value) { | |
6243 | printk(KERN_ERR "%s: zero OPD requested!\n", me->name); | |
6244 | @@ -365,7 +387,7 @@ static Elf_Addr get_fdesc(struct module | |
6245 | ||
6246 | /* Create new one */ | |
6247 | fdesc->addr = value; | |
6248 | - fdesc->gp = (Elf_Addr)me->module_core + me->arch.got_offset; | |
6249 | + fdesc->gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset; | |
6250 | return (Elf_Addr)fdesc; | |
6251 | } | |
6252 | #endif /* __LP64__ */ | |
6253 | @@ -385,12 +407,12 @@ static Elf_Addr get_stub(struct module * | |
6254 | if(init_section) { | |
6255 | i = me->arch.init_stub_count++; | |
6256 | BUG_ON(me->arch.init_stub_count > me->arch.init_stub_max); | |
6257 | - stub = me->module_init + me->arch.init_stub_offset + | |
6258 | + stub = me->module_init_rx + me->arch.init_stub_offset + | |
6259 | i * sizeof(struct stub_entry); | |
6260 | } else { | |
6261 | i = me->arch.stub_count++; | |
6262 | BUG_ON(me->arch.stub_count > me->arch.stub_max); | |
6263 | - stub = me->module_core + me->arch.stub_offset + | |
6264 | + stub = me->module_core_rx + me->arch.stub_offset + | |
6265 | i * sizeof(struct stub_entry); | |
6266 | } | |
6267 | ||
6268 | @@ -758,7 +780,7 @@ register_unwind_table(struct module *me, | |
6269 | ||
6270 | table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr; | |
6271 | end = table + sechdrs[me->arch.unwind_section].sh_size; | |
6272 | - gp = (Elf_Addr)me->module_core + me->arch.got_offset; | |
6273 | + gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset; | |
6274 | ||
6275 | DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", | |
6276 | me->arch.unwind_section, table, end, gp); | |
6277 | diff -urNp linux-2.6.19.1/arch/parisc/kernel/ptrace.c linux-2.6.19.1/arch/parisc/kernel/ptrace.c | |
6278 | --- linux-2.6.19.1/arch/parisc/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
6279 | +++ linux-2.6.19.1/arch/parisc/kernel/ptrace.c 2006-12-03 15:15:50.000000000 -0500 | |
6280 | @@ -18,6 +18,7 @@ | |
6281 | #include <linux/security.h> | |
6282 | #include <linux/compat.h> | |
6283 | #include <linux/signal.h> | |
6284 | +#include <linux/grsecurity.h> | |
6285 | ||
6286 | #include <asm/uaccess.h> | |
6287 | #include <asm/pgtable.h> | |
6288 | diff -urNp linux-2.6.19.1/arch/parisc/kernel/sys_parisc.c linux-2.6.19.1/arch/parisc/kernel/sys_parisc.c | |
6289 | --- linux-2.6.19.1/arch/parisc/kernel/sys_parisc.c 2006-11-29 16:57:37.000000000 -0500 | |
6290 | +++ linux-2.6.19.1/arch/parisc/kernel/sys_parisc.c 2006-12-03 15:15:50.000000000 -0500 | |
6291 | @@ -107,7 +107,7 @@ unsigned long arch_get_unmapped_area(str | |
6292 | if (len > TASK_SIZE) | |
6293 | return -ENOMEM; | |
6294 | if (!addr) | |
6295 | - addr = TASK_UNMAPPED_BASE; | |
6296 | + addr = current->mm->mmap_base; | |
6297 | ||
6298 | if (filp) { | |
6299 | addr = get_shared_area(filp->f_mapping, addr, len, pgoff); | |
6300 | diff -urNp linux-2.6.19.1/arch/parisc/kernel/traps.c linux-2.6.19.1/arch/parisc/kernel/traps.c | |
6301 | --- linux-2.6.19.1/arch/parisc/kernel/traps.c 2006-11-29 16:57:37.000000000 -0500 | |
6302 | +++ linux-2.6.19.1/arch/parisc/kernel/traps.c 2006-12-03 15:15:50.000000000 -0500 | |
6303 | @@ -716,9 +716,7 @@ void handle_interruption(int code, struc | |
6304 | ||
6305 | down_read(¤t->mm->mmap_sem); | |
6306 | vma = find_vma(current->mm,regs->iaoq[0]); | |
6307 | - if (vma && (regs->iaoq[0] >= vma->vm_start) | |
6308 | - && (vma->vm_flags & VM_EXEC)) { | |
6309 | - | |
6310 | + if (vma && (regs->iaoq[0] >= vma->vm_start)) { | |
6311 | fault_address = regs->iaoq[0]; | |
6312 | fault_space = regs->iasq[0]; | |
6313 | ||
6314 | diff -urNp linux-2.6.19.1/arch/parisc/mm/fault.c linux-2.6.19.1/arch/parisc/mm/fault.c | |
6315 | --- linux-2.6.19.1/arch/parisc/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
6316 | +++ linux-2.6.19.1/arch/parisc/mm/fault.c 2006-12-03 15:15:50.000000000 -0500 | |
6317 | @@ -16,6 +16,8 @@ | |
6318 | #include <linux/sched.h> | |
6319 | #include <linux/interrupt.h> | |
6320 | #include <linux/module.h> | |
6321 | +#include <linux/unistd.h> | |
6322 | +#include <linux/binfmts.h> | |
6323 | ||
6324 | #include <asm/uaccess.h> | |
6325 | #include <asm/traps.h> | |
6326 | @@ -57,7 +59,7 @@ DEFINE_PER_CPU(struct exception_data, ex | |
6327 | static unsigned long | |
6328 | parisc_acctyp(unsigned long code, unsigned int inst) | |
6329 | { | |
6330 | - if (code == 6 || code == 16) | |
6331 | + if (code == 6 || code == 7 || code == 16) | |
6332 | return VM_EXEC; | |
6333 | ||
6334 | switch (inst & 0xf0000000) { | |
6335 | @@ -143,6 +145,116 @@ parisc_acctyp(unsigned long code, unsign | |
6336 | } | |
6337 | #endif | |
6338 | ||
6339 | +#ifdef CONFIG_PAX_PAGEEXEC | |
6340 | +/* | |
6341 | + * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address) | |
6342 | + * | |
6343 | + * returns 1 when task should be killed | |
6344 | + * 2 when rt_sigreturn trampoline was detected | |
6345 | + * 3 when unpatched PLT trampoline was detected | |
6346 | + */ | |
6347 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
6348 | +{ | |
6349 | + | |
6350 | +#ifdef CONFIG_PAX_EMUPLT | |
6351 | + int err; | |
6352 | + | |
6353 | + do { /* PaX: unpatched PLT emulation */ | |
6354 | + unsigned int bl, depwi; | |
6355 | + | |
6356 | + err = get_user(bl, (unsigned int*)instruction_pointer(regs)); | |
6357 | + err |= get_user(depwi, (unsigned int*)(instruction_pointer(regs)+4)); | |
6358 | + | |
6359 | + if (err) | |
6360 | + break; | |
6361 | + | |
6362 | + if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) { | |
6363 | + unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12; | |
6364 | + | |
6365 | + err = get_user(ldw, (unsigned int*)addr); | |
6366 | + err |= get_user(bv, (unsigned int*)(addr+4)); | |
6367 | + err |= get_user(ldw2, (unsigned int*)(addr+8)); | |
6368 | + | |
6369 | + if (err) | |
6370 | + break; | |
6371 | + | |
6372 | + if (ldw == 0x0E801096U && | |
6373 | + bv == 0xEAC0C000U && | |
6374 | + ldw2 == 0x0E881095U) | |
6375 | + { | |
6376 | + unsigned int resolver, map; | |
6377 | + | |
6378 | + err = get_user(resolver, (unsigned int*)(instruction_pointer(regs)+8)); | |
6379 | + err |= get_user(map, (unsigned int*)(instruction_pointer(regs)+12)); | |
6380 | + if (err) | |
6381 | + break; | |
6382 | + | |
6383 | + regs->gr[20] = instruction_pointer(regs)+8; | |
6384 | + regs->gr[21] = map; | |
6385 | + regs->gr[22] = resolver; | |
6386 | + regs->iaoq[0] = resolver | 3UL; | |
6387 | + regs->iaoq[1] = regs->iaoq[0] + 4; | |
6388 | + return 3; | |
6389 | + } | |
6390 | + } | |
6391 | + } while (0); | |
6392 | +#endif | |
6393 | + | |
6394 | +#ifdef CONFIG_PAX_EMUTRAMP | |
6395 | + | |
6396 | +#ifndef CONFIG_PAX_EMUSIGRT | |
6397 | + if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP)) | |
6398 | + return 1; | |
6399 | +#endif | |
6400 | + | |
6401 | + do { /* PaX: rt_sigreturn emulation */ | |
6402 | + unsigned int ldi1, ldi2, bel, nop; | |
6403 | + | |
6404 | + err = get_user(ldi1, (unsigned int *)instruction_pointer(regs)); | |
6405 | + err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4)); | |
6406 | + err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8)); | |
6407 | + err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12)); | |
6408 | + | |
6409 | + if (err) | |
6410 | + break; | |
6411 | + | |
6412 | + if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) && | |
6413 | + ldi2 == 0x3414015AU && | |
6414 | + bel == 0xE4008200U && | |
6415 | + nop == 0x08000240U) | |
6416 | + { | |
6417 | + regs->gr[25] = (ldi1 & 2) >> 1; | |
6418 | + regs->gr[20] = __NR_rt_sigreturn; | |
6419 | + regs->gr[31] = regs->iaoq[1] + 16; | |
6420 | + regs->sr[0] = regs->iasq[1]; | |
6421 | + regs->iaoq[0] = 0x100UL; | |
6422 | + regs->iaoq[1] = regs->iaoq[0] + 4; | |
6423 | + regs->iasq[0] = regs->sr[2]; | |
6424 | + regs->iasq[1] = regs->sr[2]; | |
6425 | + return 2; | |
6426 | + } | |
6427 | + } while (0); | |
6428 | +#endif | |
6429 | + | |
6430 | + return 1; | |
6431 | +} | |
6432 | + | |
6433 | +void pax_report_insns(void *pc, void *sp) | |
6434 | +{ | |
6435 | + unsigned long i; | |
6436 | + | |
6437 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
6438 | + for (i = 0; i < 5; i++) { | |
6439 | + unsigned int c; | |
6440 | + if (get_user(c, (unsigned int*)pc+i)) | |
6441 | + printk("???????? "); | |
6442 | + else | |
6443 | + printk("%08x ", c); | |
6444 | + } | |
6445 | + printk("\n"); | |
6446 | +} | |
6447 | +#endif | |
6448 | + | |
6449 | void do_page_fault(struct pt_regs *regs, unsigned long code, | |
6450 | unsigned long address) | |
6451 | { | |
6452 | @@ -168,8 +280,33 @@ good_area: | |
6453 | ||
6454 | acc_type = parisc_acctyp(code,regs->iir); | |
6455 | ||
6456 | - if ((vma->vm_flags & acc_type) != acc_type) | |
6457 | + if ((vma->vm_flags & acc_type) != acc_type) { | |
6458 | + | |
6459 | +#ifdef CONFIG_PAX_PAGEEXEC | |
6460 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) && | |
6461 | + (address & ~3UL) == instruction_pointer(regs)) | |
6462 | + { | |
6463 | + up_read(&mm->mmap_sem); | |
6464 | + switch(pax_handle_fetch_fault(regs)) { | |
6465 | + | |
6466 | +#ifdef CONFIG_PAX_EMUPLT | |
6467 | + case 3: | |
6468 | + return; | |
6469 | +#endif | |
6470 | + | |
6471 | +#ifdef CONFIG_PAX_EMUTRAMP | |
6472 | + case 2: | |
6473 | + return; | |
6474 | +#endif | |
6475 | + | |
6476 | + } | |
6477 | + pax_report_fault(regs, (void*)instruction_pointer(regs), (void*)regs->gr[30]); | |
6478 | + do_exit(SIGKILL); | |
6479 | + } | |
6480 | +#endif | |
6481 | + | |
6482 | goto bad_area; | |
6483 | + } | |
6484 | ||
6485 | /* | |
6486 | * If for any reason at all we couldn't handle the fault, make | |
6487 | diff -urNp linux-2.6.19.1/arch/powerpc/kernel/module_32.c linux-2.6.19.1/arch/powerpc/kernel/module_32.c | |
6488 | --- linux-2.6.19.1/arch/powerpc/kernel/module_32.c 2006-11-29 16:57:37.000000000 -0500 | |
6489 | +++ linux-2.6.19.1/arch/powerpc/kernel/module_32.c 2006-12-03 15:15:50.000000000 -0500 | |
6490 | @@ -125,7 +125,7 @@ int module_frob_arch_sections(Elf32_Ehdr | |
6491 | me->arch.core_plt_section = i; | |
6492 | } | |
6493 | if (!me->arch.core_plt_section || !me->arch.init_plt_section) { | |
6494 | - printk("Module doesn't contain .plt or .init.plt sections.\n"); | |
6495 | + printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name); | |
6496 | return -ENOEXEC; | |
6497 | } | |
6498 | ||
6499 | @@ -166,11 +166,16 @@ static uint32_t do_plt_call(void *locati | |
6500 | ||
6501 | DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location); | |
6502 | /* Init, or core PLT? */ | |
6503 | - if (location >= mod->module_core | |
6504 | - && location < mod->module_core + mod->core_size) | |
6505 | + if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) || | |
6506 | + (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw)) | |
6507 | entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr; | |
6508 | - else | |
6509 | + else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) || | |
6510 | + (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw)) | |
6511 | entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr; | |
6512 | + else { | |
6513 | + printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name); | |
6514 | + return ~0UL; | |
6515 | + } | |
6516 | ||
6517 | /* Find this entry, or if that fails, the next avail. entry */ | |
6518 | while (entry->jump[0]) { | |
6519 | diff -urNp linux-2.6.19.1/arch/powerpc/kernel/signal_32.c linux-2.6.19.1/arch/powerpc/kernel/signal_32.c | |
6520 | --- linux-2.6.19.1/arch/powerpc/kernel/signal_32.c 2006-11-29 16:57:37.000000000 -0500 | |
6521 | +++ linux-2.6.19.1/arch/powerpc/kernel/signal_32.c 2006-12-03 15:15:50.000000000 -0500 | |
6522 | @@ -759,7 +759,7 @@ static int handle_rt_signal(unsigned lon | |
6523 | ||
6524 | /* Save user registers on the stack */ | |
6525 | frame = &rt_sf->uc.uc_mcontext; | |
6526 | - if (vdso32_rt_sigtramp && current->mm->context.vdso_base) { | |
6527 | + if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) { | |
6528 | if (save_user_regs(regs, frame, 0)) | |
6529 | goto badframe; | |
6530 | regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; | |
6531 | diff -urNp linux-2.6.19.1/arch/powerpc/kernel/signal_64.c linux-2.6.19.1/arch/powerpc/kernel/signal_64.c | |
6532 | --- linux-2.6.19.1/arch/powerpc/kernel/signal_64.c 2006-11-29 16:57:37.000000000 -0500 | |
6533 | +++ linux-2.6.19.1/arch/powerpc/kernel/signal_64.c 2006-12-03 15:15:50.000000000 -0500 | |
6534 | @@ -397,7 +397,7 @@ static int setup_rt_frame(int signr, str | |
6535 | current->thread.fpscr.val = 0; | |
6536 | ||
6537 | /* Set up to return from userspace. */ | |
6538 | - if (vdso64_rt_sigtramp && current->mm->context.vdso_base) { | |
6539 | + if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) { | |
6540 | regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp; | |
6541 | } else { | |
6542 | err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); | |
6543 | diff -urNp linux-2.6.19.1/arch/powerpc/kernel/vdso.c linux-2.6.19.1/arch/powerpc/kernel/vdso.c | |
6544 | --- linux-2.6.19.1/arch/powerpc/kernel/vdso.c 2006-11-29 16:57:37.000000000 -0500 | |
6545 | +++ linux-2.6.19.1/arch/powerpc/kernel/vdso.c 2006-12-03 15:15:50.000000000 -0500 | |
6546 | @@ -239,7 +239,7 @@ int arch_setup_additional_pages(struct l | |
6547 | vdso_base = VDSO32_MBASE; | |
6548 | #endif | |
6549 | ||
6550 | - current->mm->context.vdso_base = 0; | |
6551 | + current->mm->context.vdso_base = ~0UL; | |
6552 | ||
6553 | /* vDSO has a problem and was disabled, just don't "enable" it for the | |
6554 | * process | |
6555 | @@ -256,7 +256,7 @@ int arch_setup_additional_pages(struct l | |
6556 | */ | |
6557 | down_write(&mm->mmap_sem); | |
6558 | vdso_base = get_unmapped_area(NULL, vdso_base, | |
6559 | - vdso_pages << PAGE_SHIFT, 0, 0); | |
6560 | + vdso_pages << PAGE_SHIFT, 0, MAP_PRIVATE | MAP_EXECUTABLE); | |
6561 | if (IS_ERR_VALUE(vdso_base)) { | |
6562 | rc = vdso_base; | |
6563 | goto fail_mmapsem; | |
6564 | @@ -284,8 +284,14 @@ int arch_setup_additional_pages(struct l | |
6565 | * pages though | |
6566 | */ | |
6567 | vma->vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; | |
6568 | + | |
6569 | +#ifdef CONFIG_PAX_MPROTECT | |
6570 | + if (mm->pax_flags & MF_PAX_MPROTECT) | |
6571 | + vma->vm_flags &= ~VM_MAYWRITE; | |
6572 | +#endif | |
6573 | + | |
6574 | vma->vm_flags |= mm->def_flags; | |
6575 | - vma->vm_page_prot = protection_map[vma->vm_flags & 0x7]; | |
6576 | + vma->vm_page_prot = protection_map[vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
6577 | vma->vm_ops = &vdso_vmops; | |
6578 | ||
6579 | /* Insert new VMA */ | |
6580 | diff -urNp linux-2.6.19.1/arch/powerpc/mm/fault.c linux-2.6.19.1/arch/powerpc/mm/fault.c | |
6581 | --- linux-2.6.19.1/arch/powerpc/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
6582 | +++ linux-2.6.19.1/arch/powerpc/mm/fault.c 2006-12-03 15:15:50.000000000 -0500 | |
6583 | @@ -28,6 +28,12 @@ | |
6584 | #include <linux/highmem.h> | |
6585 | #include <linux/module.h> | |
6586 | #include <linux/kprobes.h> | |
6587 | +#include <linux/binfmts.h> | |
6588 | +#include <linux/slab.h> | |
6589 | +#include <linux/pagemap.h> | |
6590 | +#include <linux/compiler.h> | |
6591 | +#include <linux/binfmts.h> | |
6592 | +#include <linux/unistd.h> | |
6593 | ||
6594 | #include <asm/page.h> | |
6595 | #include <asm/pgtable.h> | |
6596 | @@ -73,6 +79,364 @@ static inline int notify_page_fault(enum | |
6597 | } | |
6598 | #endif | |
6599 | ||
6600 | +#ifdef CONFIG_PAX_EMUSIGRT | |
6601 | +void pax_syscall_close(struct vm_area_struct * vma) | |
6602 | +{ | |
6603 | + vma->vm_mm->call_syscall = 0UL; | |
6604 | +} | |
6605 | + | |
6606 | +static struct page* pax_syscall_nopage(struct vm_area_struct *vma, unsigned long address, int *type) | |
6607 | +{ | |
6608 | + struct page* page; | |
6609 | + unsigned int *kaddr; | |
6610 | + | |
6611 | + page = alloc_page(GFP_HIGHUSER); | |
6612 | + if (!page) | |
6613 | + return NOPAGE_OOM; | |
6614 | + | |
6615 | + kaddr = kmap(page); | |
6616 | + memset(kaddr, 0, PAGE_SIZE); | |
6617 | + kaddr[0] = 0x44000002U; /* sc */ | |
6618 | + __flush_dcache_icache(kaddr); | |
6619 | + kunmap(page); | |
6620 | + if (type) | |
6621 | + *type = VM_FAULT_MAJOR; | |
6622 | + return page; | |
6623 | +} | |
6624 | + | |
6625 | +static struct vm_operations_struct pax_vm_ops = { | |
6626 | + .close = pax_syscall_close, | |
6627 | + .nopage = pax_syscall_nopage, | |
6628 | +}; | |
6629 | + | |
6630 | +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) | |
6631 | +{ | |
6632 | + int ret; | |
6633 | + | |
6634 | + memset(vma, 0, sizeof(*vma)); | |
6635 | + vma->vm_mm = current->mm; | |
6636 | + vma->vm_start = addr; | |
6637 | + vma->vm_end = addr + PAGE_SIZE; | |
6638 | + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC; | |
6639 | + vma->vm_page_prot = protection_map[vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
6640 | + vma->vm_ops = &pax_vm_ops; | |
6641 | + | |
6642 | + ret = insert_vm_struct(current->mm, vma); | |
6643 | + if (ret) | |
6644 | + return ret; | |
6645 | + | |
6646 | + ++current->mm->total_vm; | |
6647 | + return 0; | |
6648 | +} | |
6649 | +#endif | |
6650 | + | |
6651 | +#ifdef CONFIG_PAX_PAGEEXEC | |
6652 | +/* | |
6653 | + * PaX: decide what to do with offenders (regs->nip = fault address) | |
6654 | + * | |
6655 | + * returns 1 when task should be killed | |
6656 | + * 2 when patched GOT trampoline was detected | |
6657 | + * 3 when patched PLT trampoline was detected | |
6658 | + * 4 when unpatched PLT trampoline was detected | |
6659 | + * 5 when sigreturn trampoline was detected | |
6660 | + * 6 when rt_sigreturn trampoline was detected | |
6661 | + */ | |
6662 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
6663 | +{ | |
6664 | + | |
6665 | +#if defined(CONFIG_PAX_EMUPLT) || defined(CONFIG_PAX_EMUSIGRT) | |
6666 | + int err; | |
6667 | +#endif | |
6668 | + | |
6669 | +#ifdef CONFIG_PAX_EMUPLT | |
6670 | + do { /* PaX: patched GOT emulation */ | |
6671 | + unsigned int blrl; | |
6672 | + | |
6673 | + err = get_user(blrl, (unsigned int*)regs->nip); | |
6674 | + | |
6675 | + if (!err && blrl == 0x4E800021U) { | |
6676 | + unsigned long temp = regs->nip; | |
6677 | + | |
6678 | + regs->nip = regs->link & 0xFFFFFFFCUL; | |
6679 | + regs->link = temp + 4UL; | |
6680 | + return 2; | |
6681 | + } | |
6682 | + } while (0); | |
6683 | + | |
6684 | + do { /* PaX: patched PLT emulation #1 */ | |
6685 | + unsigned int b; | |
6686 | + | |
6687 | + err = get_user(b, (unsigned int *)regs->nip); | |
6688 | + | |
6689 | + if (!err && (b & 0xFC000003U) == 0x48000000U) { | |
6690 | + regs->nip += (((b | 0xFC000000UL) ^ 0x02000000UL) + 0x02000000UL); | |
6691 | + return 3; | |
6692 | + } | |
6693 | + } while (0); | |
6694 | + | |
6695 | + do { /* PaX: unpatched PLT emulation #1 */ | |
6696 | + unsigned int li, b; | |
6697 | + | |
6698 | + err = get_user(li, (unsigned int *)regs->nip); | |
6699 | + err |= get_user(b, (unsigned int *)(regs->nip+4)); | |
6700 | + | |
6701 | + if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) { | |
6702 | + unsigned int rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr; | |
6703 | + unsigned long addr = b | 0xFC000000UL; | |
6704 | + | |
6705 | + addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL); | |
6706 | + err = get_user(rlwinm, (unsigned int*)addr); | |
6707 | + err |= get_user(add, (unsigned int*)(addr+4)); | |
6708 | + err |= get_user(li2, (unsigned int*)(addr+8)); | |
6709 | + err |= get_user(addis2, (unsigned int*)(addr+12)); | |
6710 | + err |= get_user(mtctr, (unsigned int*)(addr+16)); | |
6711 | + err |= get_user(li3, (unsigned int*)(addr+20)); | |
6712 | + err |= get_user(addis3, (unsigned int*)(addr+24)); | |
6713 | + err |= get_user(bctr, (unsigned int*)(addr+28)); | |
6714 | + | |
6715 | + if (err) | |
6716 | + break; | |
6717 | + | |
6718 | + if (rlwinm == 0x556C083CU && | |
6719 | + add == 0x7D6C5A14U && | |
6720 | + (li2 & 0xFFFF0000U) == 0x39800000U && | |
6721 | + (addis2 & 0xFFFF0000U) == 0x3D8C0000U && | |
6722 | + mtctr == 0x7D8903A6U && | |
6723 | + (li3 & 0xFFFF0000U) == 0x39800000U && | |
6724 | + (addis3 & 0xFFFF0000U) == 0x3D8C0000U && | |
6725 | + bctr == 0x4E800420U) | |
6726 | + { | |
6727 | + regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6728 | + regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6729 | + regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16; | |
6730 | + regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6731 | + regs->ctr += (addis2 & 0xFFFFU) << 16; | |
6732 | + regs->nip = regs->ctr; | |
6733 | + return 4; | |
6734 | + } | |
6735 | + } | |
6736 | + } while (0); | |
6737 | + | |
6738 | +#if 0 | |
6739 | + do { /* PaX: unpatched PLT emulation #2 */ | |
6740 | + unsigned int lis, lwzu, b, bctr; | |
6741 | + | |
6742 | + err = get_user(lis, (unsigned int *)regs->nip); | |
6743 | + err |= get_user(lwzu, (unsigned int *)(regs->nip+4)); | |
6744 | + err |= get_user(b, (unsigned int *)(regs->nip+8)); | |
6745 | + err |= get_user(bctr, (unsigned int *)(regs->nip+12)); | |
6746 | + | |
6747 | + if (err) | |
6748 | + break; | |
6749 | + | |
6750 | + if ((lis & 0xFFFF0000U) == 0x39600000U && | |
6751 | + (lwzu & 0xU) == 0xU && | |
6752 | + (b & 0xFC000003U) == 0x48000000U && | |
6753 | + bctr == 0x4E800420U) | |
6754 | + { | |
6755 | + unsigned int addis, addi, rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr; | |
6756 | + unsigned long addr = b | 0xFC000000UL; | |
6757 | + | |
6758 | + addr = regs->nip + 12 + ((addr ^ 0x02000000UL) + 0x02000000UL); | |
6759 | + err = get_user(addis, (unsigned int*)addr); | |
6760 | + err |= get_user(addi, (unsigned int*)(addr+4)); | |
6761 | + err |= get_user(rlwinm, (unsigned int*)(addr+8)); | |
6762 | + err |= get_user(add, (unsigned int*)(addr+12)); | |
6763 | + err |= get_user(li2, (unsigned int*)(addr+16)); | |
6764 | + err |= get_user(addis2, (unsigned int*)(addr+20)); | |
6765 | + err |= get_user(mtctr, (unsigned int*)(addr+24)); | |
6766 | + err |= get_user(li3, (unsigned int*)(addr+28)); | |
6767 | + err |= get_user(addis3, (unsigned int*)(addr+32)); | |
6768 | + err |= get_user(bctr, (unsigned int*)(addr+36)); | |
6769 | + | |
6770 | + if (err) | |
6771 | + break; | |
6772 | + | |
6773 | + if ((addis & 0xFFFF0000U) == 0x3D6B0000U && | |
6774 | + (addi & 0xFFFF0000U) == 0x396B0000U && | |
6775 | + rlwinm == 0x556C083CU && | |
6776 | + add == 0x7D6C5A14U && | |
6777 | + (li2 & 0xFFFF0000U) == 0x39800000U && | |
6778 | + (addis2 & 0xFFFF0000U) == 0x3D8C0000U && | |
6779 | + mtctr == 0x7D8903A6U && | |
6780 | + (li3 & 0xFFFF0000U) == 0x39800000U && | |
6781 | + (addis3 & 0xFFFF0000U) == 0x3D8C0000U && | |
6782 | + bctr == 0x4E800420U) | |
6783 | + { | |
6784 | + regs->gpr[PT_R11] = | |
6785 | + regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6786 | + regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6787 | + regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16; | |
6788 | + regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6789 | + regs->ctr += (addis2 & 0xFFFFU) << 16; | |
6790 | + regs->nip = regs->ctr; | |
6791 | + return 4; | |
6792 | + } | |
6793 | + } | |
6794 | + } while (0); | |
6795 | +#endif | |
6796 | + | |
6797 | + do { /* PaX: unpatched PLT emulation #3 */ | |
6798 | + unsigned int li, b; | |
6799 | + | |
6800 | + err = get_user(li, (unsigned int *)regs->nip); | |
6801 | + err |= get_user(b, (unsigned int *)(regs->nip+4)); | |
6802 | + | |
6803 | + if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) { | |
6804 | + unsigned int addis, lwz, mtctr, bctr; | |
6805 | + unsigned long addr = b | 0xFC000000UL; | |
6806 | + | |
6807 | + addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL); | |
6808 | + err = get_user(addis, (unsigned int*)addr); | |
6809 | + err |= get_user(lwz, (unsigned int*)(addr+4)); | |
6810 | + err |= get_user(mtctr, (unsigned int*)(addr+8)); | |
6811 | + err |= get_user(bctr, (unsigned int*)(addr+12)); | |
6812 | + | |
6813 | + if (err) | |
6814 | + break; | |
6815 | + | |
6816 | + if ((addis & 0xFFFF0000U) == 0x3D6B0000U && | |
6817 | + (lwz & 0xFFFF0000U) == 0x816B0000U && | |
6818 | + mtctr == 0x7D6903A6U && | |
6819 | + bctr == 0x4E800420U) | |
6820 | + { | |
6821 | + unsigned int r11; | |
6822 | + | |
6823 | + addr = (addis << 16) + (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6824 | + addr += (((lwz | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
6825 | + | |
6826 | + err = get_user(r11, (unsigned int*)addr); | |
6827 | + if (err) | |
6828 | + break; | |
6829 | + | |
6830 | + regs->gpr[PT_R11] = r11; | |
6831 | + regs->ctr = r11; | |
6832 | + regs->nip = r11; | |
6833 | + return 4; | |
6834 | + } | |
6835 | + } | |
6836 | + } while (0); | |
6837 | +#endif | |
6838 | + | |
6839 | +#ifdef CONFIG_PAX_EMUSIGRT | |
6840 | + do { /* PaX: sigreturn emulation */ | |
6841 | + unsigned int li, sc; | |
6842 | + | |
6843 | + err = get_user(li, (unsigned int *)regs->nip); | |
6844 | + err |= get_user(sc, (unsigned int *)(regs->nip+4)); | |
6845 | + | |
6846 | + if (!err && li == 0x38000000U + __NR_sigreturn && sc == 0x44000002U) { | |
6847 | + struct vm_area_struct *vma; | |
6848 | + unsigned long call_syscall; | |
6849 | + | |
6850 | + down_read(¤t->mm->mmap_sem); | |
6851 | + call_syscall = current->mm->call_syscall; | |
6852 | + up_read(¤t->mm->mmap_sem); | |
6853 | + if (likely(call_syscall)) | |
6854 | + goto emulate; | |
6855 | + | |
6856 | + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
6857 | + | |
6858 | + down_write(¤t->mm->mmap_sem); | |
6859 | + if (current->mm->call_syscall) { | |
6860 | + call_syscall = current->mm->call_syscall; | |
6861 | + up_write(¤t->mm->mmap_sem); | |
6862 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
6863 | + goto emulate; | |
6864 | + } | |
6865 | + | |
6866 | + call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
6867 | + if (!vma || (call_syscall & ~PAGE_MASK)) { | |
6868 | + up_write(¤t->mm->mmap_sem); | |
6869 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
6870 | + return 1; | |
6871 | + } | |
6872 | + | |
6873 | + if (pax_insert_vma(vma, call_syscall)) { | |
6874 | + up_write(¤t->mm->mmap_sem); | |
6875 | + kmem_cache_free(vm_area_cachep, vma); | |
6876 | + return 1; | |
6877 | + } | |
6878 | + | |
6879 | + current->mm->call_syscall = call_syscall; | |
6880 | + up_write(¤t->mm->mmap_sem); | |
6881 | + | |
6882 | +emulate: | |
6883 | + regs->gpr[PT_R0] = __NR_sigreturn; | |
6884 | + regs->nip = call_syscall; | |
6885 | + return 5; | |
6886 | + } | |
6887 | + } while (0); | |
6888 | + | |
6889 | + do { /* PaX: rt_sigreturn emulation */ | |
6890 | + unsigned int li, sc; | |
6891 | + | |
6892 | + err = get_user(li, (unsigned int *)regs->nip); | |
6893 | + err |= get_user(sc, (unsigned int *)(regs->nip+4)); | |
6894 | + | |
6895 | + if (!err && li == 0x38000000U + __NR_rt_sigreturn && sc == 0x44000002U) { | |
6896 | + struct vm_area_struct *vma; | |
6897 | + unsigned int call_syscall; | |
6898 | + | |
6899 | + down_read(¤t->mm->mmap_sem); | |
6900 | + call_syscall = current->mm->call_syscall; | |
6901 | + up_read(¤t->mm->mmap_sem); | |
6902 | + if (likely(call_syscall)) | |
6903 | + goto rt_emulate; | |
6904 | + | |
6905 | + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
6906 | + | |
6907 | + down_write(¤t->mm->mmap_sem); | |
6908 | + if (current->mm->call_syscall) { | |
6909 | + call_syscall = current->mm->call_syscall; | |
6910 | + up_write(¤t->mm->mmap_sem); | |
6911 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
6912 | + goto rt_emulate; | |
6913 | + } | |
6914 | + | |
6915 | + call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
6916 | + if (!vma || (call_syscall & ~PAGE_MASK)) { | |
6917 | + up_write(¤t->mm->mmap_sem); | |
6918 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
6919 | + return 1; | |
6920 | + } | |
6921 | + | |
6922 | + if (pax_insert_vma(vma, call_syscall)) { | |
6923 | + up_write(¤t->mm->mmap_sem); | |
6924 | + kmem_cache_free(vm_area_cachep, vma); | |
6925 | + return 1; | |
6926 | + } | |
6927 | + | |
6928 | + current->mm->call_syscall = call_syscall; | |
6929 | + up_write(¤t->mm->mmap_sem); | |
6930 | + | |
6931 | +rt_emulate: | |
6932 | + regs->gpr[PT_R0] = __NR_rt_sigreturn; | |
6933 | + regs->nip = call_syscall; | |
6934 | + return 6; | |
6935 | + } | |
6936 | + } while (0); | |
6937 | +#endif | |
6938 | + | |
6939 | + return 1; | |
6940 | +} | |
6941 | + | |
6942 | +void pax_report_insns(void *pc, void *sp) | |
6943 | +{ | |
6944 | + unsigned long i; | |
6945 | + | |
6946 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
6947 | + for (i = 0; i < 5; i++) { | |
6948 | + unsigned int c; | |
6949 | + if (get_user(c, (unsigned int*)pc+i)) | |
6950 | + printk("???????? "); | |
6951 | + else | |
6952 | + printk("%08x ", c); | |
6953 | + } | |
6954 | + printk("\n"); | |
6955 | +} | |
6956 | +#endif | |
6957 | + | |
6958 | /* | |
6959 | * Check whether the instruction at regs->nip is a store using | |
6960 | * an update addressing form which will update r1. | |
6961 | @@ -168,7 +532,7 @@ int __kprobes do_page_fault(struct pt_re | |
6962 | * indicate errors in DSISR but can validly be set in SRR1. | |
6963 | */ | |
6964 | if (trap == 0x400) | |
6965 | - error_code &= 0x48200000; | |
6966 | + error_code &= 0x58200000; | |
6967 | else | |
6968 | is_write = error_code & DSISR_ISSTORE; | |
6969 | #else | |
6970 | @@ -295,9 +659,9 @@ good_area: | |
6971 | /* protection fault */ | |
6972 | if (error_code & DSISR_PROTFAULT) | |
6973 | goto bad_area; | |
6974 | +#endif | |
6975 | if (!(vma->vm_flags & VM_EXEC)) | |
6976 | goto bad_area; | |
6977 | -#endif | |
6978 | #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) | |
6979 | pte_t *ptep; | |
6980 | pmd_t *pmdp; | |
6981 | @@ -368,6 +732,37 @@ bad_area: | |
6982 | bad_area_nosemaphore: | |
6983 | /* User mode accesses cause a SIGSEGV */ | |
6984 | if (user_mode(regs)) { | |
6985 | + | |
6986 | +#ifdef CONFIG_PAX_PAGEEXEC | |
6987 | + if (mm->pax_flags & MF_PAX_PAGEEXEC) { | |
6988 | +#ifdef CONFIG_PPC64 | |
6989 | + if (is_exec && (error_code & DSISR_PROTFAULT)) { | |
6990 | +#else | |
6991 | + if (is_exec && regs->nip == address) { | |
6992 | +#endif | |
6993 | + switch (pax_handle_fetch_fault(regs)) { | |
6994 | + | |
6995 | +#ifdef CONFIG_PAX_EMUPLT | |
6996 | + case 2: | |
6997 | + case 3: | |
6998 | + case 4: | |
6999 | + return 0; | |
7000 | +#endif | |
7001 | + | |
7002 | +#ifdef CONFIG_PAX_EMUSIGRT | |
7003 | + case 5: | |
7004 | + case 6: | |
7005 | + return 0; | |
7006 | +#endif | |
7007 | + | |
7008 | + } | |
7009 | + | |
7010 | + pax_report_fault(regs, (void*)regs->nip, (void*)regs->gpr[PT_R1]); | |
7011 | + do_exit(SIGKILL); | |
7012 | + } | |
7013 | + } | |
7014 | +#endif | |
7015 | + | |
7016 | _exception(SIGSEGV, regs, code, address); | |
7017 | return 0; | |
7018 | } | |
7019 | diff -urNp linux-2.6.19.1/arch/powerpc/mm/hugetlbpage.c linux-2.6.19.1/arch/powerpc/mm/hugetlbpage.c | |
7020 | --- linux-2.6.19.1/arch/powerpc/mm/hugetlbpage.c 2006-11-29 16:57:37.000000000 -0500 | |
7021 | +++ linux-2.6.19.1/arch/powerpc/mm/hugetlbpage.c 2006-12-03 15:15:50.000000000 -0500 | |
7022 | @@ -563,6 +563,10 @@ unsigned long arch_get_unmapped_area(str | |
7023 | if (len > TASK_SIZE) | |
7024 | return -ENOMEM; | |
7025 | ||
7026 | +#ifdef CONFIG_PAX_RANDMMAP | |
7027 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
7028 | +#endif | |
7029 | + | |
7030 | if (addr) { | |
7031 | addr = PAGE_ALIGN(addr); | |
7032 | vma = find_vma(mm, addr); | |
7033 | @@ -574,7 +578,7 @@ unsigned long arch_get_unmapped_area(str | |
7034 | if (len > mm->cached_hole_size) { | |
7035 | start_addr = addr = mm->free_area_cache; | |
7036 | } else { | |
7037 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
7038 | + start_addr = addr = mm->mmap_base; | |
7039 | mm->cached_hole_size = 0; | |
7040 | } | |
7041 | ||
7042 | @@ -607,8 +611,8 @@ full_search: | |
7043 | } | |
7044 | ||
7045 | /* Make sure we didn't miss any holes */ | |
7046 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
7047 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
7048 | + if (start_addr != mm->mmap_base) { | |
7049 | + start_addr = addr = mm->mmap_base; | |
7050 | mm->cached_hole_size = 0; | |
7051 | goto full_search; | |
7052 | } | |
7053 | @@ -643,6 +647,11 @@ arch_get_unmapped_area_topdown(struct fi | |
7054 | mm->free_area_cache = base; | |
7055 | ||
7056 | /* requesting a specific address */ | |
7057 | + | |
7058 | +#ifdef CONFIG_PAX_RANDMMAP | |
7059 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
7060 | +#endif | |
7061 | + | |
7062 | if (addr) { | |
7063 | addr = PAGE_ALIGN(addr); | |
7064 | vma = find_vma(mm, addr); | |
7065 | @@ -722,12 +731,20 @@ fail: | |
7066 | * can happen with large stack limits and large mmap() | |
7067 | * allocations. | |
7068 | */ | |
7069 | - mm->free_area_cache = TASK_UNMAPPED_BASE; | |
7070 | + mm->mmap_base = TASK_UNMAPPED_BASE; | |
7071 | + | |
7072 | +#ifdef CONFIG_PAX_RANDMMAP | |
7073 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
7074 | + mm->mmap_base += mm->delta_mmap; | |
7075 | +#endif | |
7076 | + | |
7077 | + mm->free_area_cache = mm->mmap_base; | |
7078 | mm->cached_hole_size = ~0UL; | |
7079 | addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | |
7080 | /* | |
7081 | * Restore the topdown base: | |
7082 | */ | |
7083 | + mm->mmap_base = base; | |
7084 | mm->free_area_cache = base; | |
7085 | mm->cached_hole_size = ~0UL; | |
7086 | ||
7087 | diff -urNp linux-2.6.19.1/arch/powerpc/mm/mmap.c linux-2.6.19.1/arch/powerpc/mm/mmap.c | |
7088 | --- linux-2.6.19.1/arch/powerpc/mm/mmap.c 2006-11-29 16:57:37.000000000 -0500 | |
7089 | +++ linux-2.6.19.1/arch/powerpc/mm/mmap.c 2006-12-03 15:15:50.000000000 -0500 | |
7090 | @@ -74,10 +74,22 @@ void arch_pick_mmap_layout(struct mm_str | |
7091 | */ | |
7092 | if (mmap_is_legacy()) { | |
7093 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
7094 | + | |
7095 | +#ifdef CONFIG_PAX_RANDMMAP | |
7096 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
7097 | + mm->mmap_base += mm->delta_mmap; | |
7098 | +#endif | |
7099 | + | |
7100 | mm->get_unmapped_area = arch_get_unmapped_area; | |
7101 | mm->unmap_area = arch_unmap_area; | |
7102 | } else { | |
7103 | mm->mmap_base = mmap_base(); | |
7104 | + | |
7105 | +#ifdef CONFIG_PAX_RANDMMAP | |
7106 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
7107 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
7108 | +#endif | |
7109 | + | |
7110 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
7111 | mm->unmap_area = arch_unmap_area_topdown; | |
7112 | } | |
7113 | diff -urNp linux-2.6.19.1/arch/ppc/mm/fault.c linux-2.6.19.1/arch/ppc/mm/fault.c | |
7114 | --- linux-2.6.19.1/arch/ppc/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
7115 | +++ linux-2.6.19.1/arch/ppc/mm/fault.c 2006-12-03 15:15:51.000000000 -0500 | |
7116 | @@ -25,6 +25,11 @@ | |
7117 | #include <linux/interrupt.h> | |
7118 | #include <linux/highmem.h> | |
7119 | #include <linux/module.h> | |
7120 | +#include <linux/slab.h> | |
7121 | +#include <linux/pagemap.h> | |
7122 | +#include <linux/compiler.h> | |
7123 | +#include <linux/binfmts.h> | |
7124 | +#include <linux/unistd.h> | |
7125 | ||
7126 | #include <asm/page.h> | |
7127 | #include <asm/pgtable.h> | |
7128 | @@ -48,6 +53,379 @@ unsigned long pte_misses; /* updated by | |
7129 | unsigned long pte_errors; /* updated by do_page_fault() */ | |
7130 | unsigned int probingmem; | |
7131 | ||
7132 | +#ifdef CONFIG_PAX_EMUSIGRT | |
7133 | +void pax_syscall_close(struct vm_area_struct * vma) | |
7134 | +{ | |
7135 | + vma->vm_mm->call_syscall = 0UL; | |
7136 | +} | |
7137 | + | |
7138 | +static struct page* pax_syscall_nopage(struct vm_area_struct *vma, unsigned long address, int *type) | |
7139 | +{ | |
7140 | + struct page* page; | |
7141 | + unsigned int *kaddr; | |
7142 | + | |
7143 | + page = alloc_page(GFP_HIGHUSER); | |
7144 | + if (!page) | |
7145 | + return NOPAGE_OOM; | |
7146 | + | |
7147 | + kaddr = kmap(page); | |
7148 | + memset(kaddr, 0, PAGE_SIZE); | |
7149 | + kaddr[0] = 0x44000002U; /* sc */ | |
7150 | + __flush_dcache_icache(kaddr); | |
7151 | + kunmap(page); | |
7152 | + if (type) | |
7153 | + *type = VM_FAULT_MAJOR; | |
7154 | + return page; | |
7155 | +} | |
7156 | + | |
7157 | +static struct vm_operations_struct pax_vm_ops = { | |
7158 | + .close = pax_syscall_close, | |
7159 | + .nopage = pax_syscall_nopage, | |
7160 | +}; | |
7161 | + | |
7162 | +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) | |
7163 | +{ | |
7164 | + int ret; | |
7165 | + | |
7166 | + memset(vma, 0, sizeof(*vma)); | |
7167 | + vma->vm_mm = current->mm; | |
7168 | + vma->vm_start = addr; | |
7169 | + vma->vm_end = addr + PAGE_SIZE; | |
7170 | + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC; | |
7171 | + vma->vm_page_prot = protection_map[vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
7172 | + vma->vm_ops = &pax_vm_ops; | |
7173 | + | |
7174 | + ret = insert_vm_struct(current->mm, vma); | |
7175 | + if (ret) | |
7176 | + return ret; | |
7177 | + | |
7178 | + ++current->mm->total_vm; | |
7179 | + return 0; | |
7180 | +} | |
7181 | +#endif | |
7182 | + | |
7183 | +#ifdef CONFIG_PAX_PAGEEXEC | |
7184 | +/* | |
7185 | + * PaX: decide what to do with offenders (regs->nip = fault address) | |
7186 | + * | |
7187 | + * returns 1 when task should be killed | |
7188 | + * 2 when patched GOT trampoline was detected | |
7189 | + * 3 when patched PLT trampoline was detected | |
7190 | + * 4 when unpatched PLT trampoline was detected | |
7191 | + * 5 when sigreturn trampoline was detected | |
7192 | + * 6 when rt_sigreturn trampoline was detected | |
7193 | + */ | |
7194 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
7195 | +{ | |
7196 | + | |
7197 | +#if defined(CONFIG_PAX_EMUPLT) || defined(CONFIG_PAX_EMUSIGRT) | |
7198 | + int err; | |
7199 | +#endif | |
7200 | + | |
7201 | +#ifdef CONFIG_PAX_EMUPLT | |
7202 | + do { /* PaX: patched GOT emulation */ | |
7203 | + unsigned int blrl; | |
7204 | + | |
7205 | + err = get_user(blrl, (unsigned int*)regs->nip); | |
7206 | + | |
7207 | + if (!err && blrl == 0x4E800021U) { | |
7208 | + unsigned long temp = regs->nip; | |
7209 | + | |
7210 | + regs->nip = regs->link & 0xFFFFFFFCUL; | |
7211 | + regs->link = temp + 4UL; | |
7212 | + return 2; | |
7213 | + } | |
7214 | + } while (0); | |
7215 | + | |
7216 | + do { /* PaX: patched PLT emulation #1 */ | |
7217 | + unsigned int b; | |
7218 | + | |
7219 | + err = get_user(b, (unsigned int *)regs->nip); | |
7220 | + | |
7221 | + if (!err && (b & 0xFC000003U) == 0x48000000U) { | |
7222 | + regs->nip += (((b | 0xFC000000UL) ^ 0x02000000UL) + 0x02000000UL); | |
7223 | + return 3; | |
7224 | + } | |
7225 | + } while (0); | |
7226 | + | |
7227 | + do { /* PaX: unpatched PLT emulation #1 */ | |
7228 | + unsigned int li, b; | |
7229 | + | |
7230 | + err = get_user(li, (unsigned int *)regs->nip); | |
7231 | + err |= get_user(b, (unsigned int *)(regs->nip+4)); | |
7232 | + | |
7233 | + if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) { | |
7234 | + unsigned int rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr; | |
7235 | + unsigned long addr = b | 0xFC000000UL; | |
7236 | + | |
7237 | + addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL); | |
7238 | + err = get_user(rlwinm, (unsigned int*)addr); | |
7239 | + err |= get_user(add, (unsigned int*)(addr+4)); | |
7240 | + err |= get_user(li2, (unsigned int*)(addr+8)); | |
7241 | + err |= get_user(addis2, (unsigned int*)(addr+12)); | |
7242 | + err |= get_user(mtctr, (unsigned int*)(addr+16)); | |
7243 | + err |= get_user(li3, (unsigned int*)(addr+20)); | |
7244 | + err |= get_user(addis3, (unsigned int*)(addr+24)); | |
7245 | + err |= get_user(bctr, (unsigned int*)(addr+28)); | |
7246 | + | |
7247 | + if (err) | |
7248 | + break; | |
7249 | + | |
7250 | + if (rlwinm == 0x556C083CU && | |
7251 | + add == 0x7D6C5A14U && | |
7252 | + (li2 & 0xFFFF0000U) == 0x39800000U && | |
7253 | + (addis2 & 0xFFFF0000U) == 0x3D8C0000U && | |
7254 | + mtctr == 0x7D8903A6U && | |
7255 | + (li3 & 0xFFFF0000U) == 0x39800000U && | |
7256 | + (addis3 & 0xFFFF0000U) == 0x3D8C0000U && | |
7257 | + bctr == 0x4E800420U) | |
7258 | + { | |
7259 | + regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7260 | + regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7261 | + regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16; | |
7262 | + regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7263 | + regs->ctr += (addis2 & 0xFFFFU) << 16; | |
7264 | + regs->nip = regs->ctr; | |
7265 | + return 4; | |
7266 | + } | |
7267 | + } | |
7268 | + } while (0); | |
7269 | + | |
7270 | +#if 0 | |
7271 | + do { /* PaX: unpatched PLT emulation #2 */ | |
7272 | + unsigned int lis, lwzu, b, bctr; | |
7273 | + | |
7274 | + err = get_user(lis, (unsigned int *)regs->nip); | |
7275 | + err |= get_user(lwzu, (unsigned int *)(regs->nip+4)); | |
7276 | + err |= get_user(b, (unsigned int *)(regs->nip+8)); | |
7277 | + err |= get_user(bctr, (unsigned int *)(regs->nip+12)); | |
7278 | + | |
7279 | + if (err) | |
7280 | + break; | |
7281 | + | |
7282 | + if ((lis & 0xFFFF0000U) == 0x39600000U && | |
7283 | + (lwzu & 0xU) == 0xU && | |
7284 | + (b & 0xFC000003U) == 0x48000000U && | |
7285 | + bctr == 0x4E800420U) | |
7286 | + { | |
7287 | + unsigned int addis, addi, rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr; | |
7288 | + unsigned long addr = b | 0xFC000000UL; | |
7289 | + | |
7290 | + addr = regs->nip + 12 + ((addr ^ 0x02000000UL) + 0x02000000UL); | |
7291 | + err = get_user(addis, (unsigned int*)addr); | |
7292 | + err |= get_user(addi, (unsigned int*)(addr+4)); | |
7293 | + err |= get_user(rlwinm, (unsigned int*)(addr+8)); | |
7294 | + err |= get_user(add, (unsigned int*)(addr+12)); | |
7295 | + err |= get_user(li2, (unsigned int*)(addr+16)); | |
7296 | + err |= get_user(addis2, (unsigned int*)(addr+20)); | |
7297 | + err |= get_user(mtctr, (unsigned int*)(addr+24)); | |
7298 | + err |= get_user(li3, (unsigned int*)(addr+28)); | |
7299 | + err |= get_user(addis3, (unsigned int*)(addr+32)); | |
7300 | + err |= get_user(bctr, (unsigned int*)(addr+36)); | |
7301 | + | |
7302 | + if (err) | |
7303 | + break; | |
7304 | + | |
7305 | + if ((addis & 0xFFFF0000U) == 0x3D6B0000U && | |
7306 | + (addi & 0xFFFF0000U) == 0x396B0000U && | |
7307 | + rlwinm == 0x556C083CU && | |
7308 | + add == 0x7D6C5A14U && | |
7309 | + (li2 & 0xFFFF0000U) == 0x39800000U && | |
7310 | + (addis2 & 0xFFFF0000U) == 0x3D8C0000U && | |
7311 | + mtctr == 0x7D8903A6U && | |
7312 | + (li3 & 0xFFFF0000U) == 0x39800000U && | |
7313 | + (addis3 & 0xFFFF0000U) == 0x3D8C0000U && | |
7314 | + bctr == 0x4E800420U) | |
7315 | + { | |
7316 | + regs->gpr[PT_R11] = | |
7317 | + regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7318 | + regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7319 | + regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16; | |
7320 | + regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7321 | + regs->ctr += (addis2 & 0xFFFFU) << 16; | |
7322 | + regs->nip = regs->ctr; | |
7323 | + return 4; | |
7324 | + } | |
7325 | + } | |
7326 | + } while (0); | |
7327 | +#endif | |
7328 | + | |
7329 | + do { /* PaX: unpatched PLT emulation #3 */ | |
7330 | + unsigned int li, b; | |
7331 | + | |
7332 | + err = get_user(li, (unsigned int *)regs->nip); | |
7333 | + err |= get_user(b, (unsigned int *)(regs->nip+4)); | |
7334 | + | |
7335 | + if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) { | |
7336 | + unsigned int addis, lwz, mtctr, bctr; | |
7337 | + unsigned long addr = b | 0xFC000000UL; | |
7338 | + | |
7339 | + addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL); | |
7340 | + err = get_user(addis, (unsigned int*)addr); | |
7341 | + err |= get_user(lwz, (unsigned int*)(addr+4)); | |
7342 | + err |= get_user(mtctr, (unsigned int*)(addr+8)); | |
7343 | + err |= get_user(bctr, (unsigned int*)(addr+12)); | |
7344 | + | |
7345 | + if (err) | |
7346 | + break; | |
7347 | + | |
7348 | + if ((addis & 0xFFFF0000U) == 0x3D6B0000U && | |
7349 | + (lwz & 0xFFFF0000U) == 0x816B0000U && | |
7350 | + mtctr == 0x7D6903A6U && | |
7351 | + bctr == 0x4E800420U) | |
7352 | + { | |
7353 | + unsigned int r11; | |
7354 | + | |
7355 | + addr = (addis << 16) + (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7356 | + addr += (((lwz | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL); | |
7357 | + | |
7358 | + err = get_user(r11, (unsigned int*)addr); | |
7359 | + if (err) | |
7360 | + break; | |
7361 | + | |
7362 | + regs->gpr[PT_R11] = r11; | |
7363 | + regs->ctr = r11; | |
7364 | + regs->nip = r11; | |
7365 | + return 4; | |
7366 | + } | |
7367 | + } | |
7368 | + } while (0); | |
7369 | +#endif | |
7370 | + | |
7371 | +#ifdef CONFIG_PAX_EMUSIGRT | |
7372 | + do { /* PaX: sigreturn emulation */ | |
7373 | + unsigned int li, sc; | |
7374 | + | |
7375 | + err = get_user(li, (unsigned int *)regs->nip); | |
7376 | + err |= get_user(sc, (unsigned int *)(regs->nip+4)); | |
7377 | + | |
7378 | + if (!err && li == 0x38000000U + __NR_sigreturn && sc == 0x44000002U) { | |
7379 | + struct vm_area_struct *vma; | |
7380 | + unsigned long call_syscall; | |
7381 | + | |
7382 | + down_read(¤t->mm->mmap_sem); | |
7383 | + call_syscall = current->mm->call_syscall; | |
7384 | + up_read(¤t->mm->mmap_sem); | |
7385 | + if (likely(call_syscall)) | |
7386 | + goto emulate; | |
7387 | + | |
7388 | + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
7389 | + | |
7390 | + down_write(¤t->mm->mmap_sem); | |
7391 | + if (current->mm->call_syscall) { | |
7392 | + call_syscall = current->mm->call_syscall; | |
7393 | + up_write(¤t->mm->mmap_sem); | |
7394 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
7395 | + goto emulate; | |
7396 | + } | |
7397 | + | |
7398 | + call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
7399 | + if (!vma || (call_syscall & ~PAGE_MASK)) { | |
7400 | + up_write(¤t->mm->mmap_sem); | |
7401 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
7402 | + return 1; | |
7403 | + } | |
7404 | + | |
7405 | + if (pax_insert_vma(vma, call_syscall)) { | |
7406 | + up_write(¤t->mm->mmap_sem); | |
7407 | + kmem_cache_free(vm_area_cachep, vma); | |
7408 | + return 1; | |
7409 | + } | |
7410 | + | |
7411 | + current->mm->call_syscall = call_syscall; | |
7412 | + up_write(¤t->mm->mmap_sem); | |
7413 | + | |
7414 | +emulate: | |
7415 | + regs->gpr[PT_R0] = __NR_sigreturn; | |
7416 | + regs->nip = call_syscall; | |
7417 | + return 5; | |
7418 | + } | |
7419 | + } while (0); | |
7420 | + | |
7421 | + do { /* PaX: rt_sigreturn emulation */ | |
7422 | + unsigned int li, sc; | |
7423 | + | |
7424 | + err = get_user(li, (unsigned int *)regs->nip); | |
7425 | + err |= get_user(sc, (unsigned int *)(regs->nip+4)); | |
7426 | + | |
7427 | + if (!err && li == 0x38000000U + __NR_rt_sigreturn && sc == 0x44000002U) { | |
7428 | + struct vm_area_struct *vma; | |
7429 | + unsigned int call_syscall; | |
7430 | + | |
7431 | + down_read(¤t->mm->mmap_sem); | |
7432 | + call_syscall = current->mm->call_syscall; | |
7433 | + up_read(¤t->mm->mmap_sem); | |
7434 | + if (likely(call_syscall)) | |
7435 | + goto rt_emulate; | |
7436 | + | |
7437 | + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
7438 | + | |
7439 | + down_write(¤t->mm->mmap_sem); | |
7440 | + if (current->mm->call_syscall) { | |
7441 | + call_syscall = current->mm->call_syscall; | |
7442 | + up_write(¤t->mm->mmap_sem); | |
7443 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
7444 | + goto rt_emulate; | |
7445 | + } | |
7446 | + | |
7447 | + call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
7448 | + if (!vma || (call_syscall & ~PAGE_MASK)) { | |
7449 | + up_write(¤t->mm->mmap_sem); | |
7450 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
7451 | + return 1; | |
7452 | + } | |
7453 | + | |
7454 | + if (pax_insert_vma(vma, call_syscall)) { | |
7455 | + up_write(¤t->mm->mmap_sem); | |
7456 | + kmem_cache_free(vm_area_cachep, vma); | |
7457 | + return 1; | |
7458 | + } | |
7459 | + | |
7460 | + current->mm->call_syscall = call_syscall; | |
7461 | + up_write(¤t->mm->mmap_sem); | |
7462 | + | |
7463 | +rt_emulate: | |
7464 | + regs->gpr[PT_R0] = __NR_rt_sigreturn; | |
7465 | + regs->nip = call_syscall; | |
7466 | + return 6; | |
7467 | + } | |
7468 | + } while (0); | |
7469 | +#endif | |
7470 | + | |
7471 | + return 1; | |
7472 | +} | |
7473 | + | |
7474 | +/* | |
7475 | + * PaX: decide what to do with offenders (regs->nip = fault address) | |
7476 | + * | |
7477 | + * returns 1 when task should be killed | |
7478 | + */ | |
7479 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
7480 | +{ | |
7481 | + | |
7482 | +#if defined(CONFIG_PAX_EMUPLT) || defined(CONFIG_PAX_EMUSIGRT) | |
7483 | + int err; | |
7484 | +#endif | |
7485 | + | |
7486 | + return 1; | |
7487 | +} | |
7488 | + | |
7489 | +void pax_report_insns(void *pc, void *sp) | |
7490 | +{ | |
7491 | + unsigned long i; | |
7492 | + | |
7493 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
7494 | + for (i = 0; i < 5; i++) { | |
7495 | + unsigned int c; | |
7496 | + if (get_user(c, (unsigned int*)pc+i)) | |
7497 | + printk("???????? "); | |
7498 | + else | |
7499 | + printk("%08x ", c); | |
7500 | + } | |
7501 | + printk("\n"); | |
7502 | +} | |
7503 | +#endif | |
7504 | + | |
7505 | /* | |
7506 | * Check whether the instruction at regs->nip is a store using | |
7507 | * an update addressing form which will update r1. | |
7508 | @@ -108,7 +486,7 @@ int do_page_fault(struct pt_regs *regs, | |
7509 | * indicate errors in DSISR but can validly be set in SRR1. | |
7510 | */ | |
7511 | if (TRAP(regs) == 0x400) | |
7512 | - error_code &= 0x48200000; | |
7513 | + error_code &= 0x58200000; | |
7514 | else | |
7515 | is_write = error_code & 0x02000000; | |
7516 | #endif /* CONFIG_4xx || CONFIG_BOOKE */ | |
7517 | @@ -203,15 +581,14 @@ good_area: | |
7518 | pte_t *ptep; | |
7519 | pmd_t *pmdp; | |
7520 | ||
7521 | -#if 0 | |
7522 | +#if 1 | |
7523 | /* It would be nice to actually enforce the VM execute | |
7524 | permission on CPUs which can do so, but far too | |
7525 | much stuff in userspace doesn't get the permissions | |
7526 | right, so we let any page be executed for now. */ | |
7527 | if (! (vma->vm_flags & VM_EXEC)) | |
7528 | goto bad_area; | |
7529 | -#endif | |
7530 | - | |
7531 | +#else | |
7532 | /* Since 4xx/Book-E supports per-page execute permission, | |
7533 | * we lazily flush dcache to icache. */ | |
7534 | ptep = NULL; | |
7535 | @@ -234,6 +611,7 @@ good_area: | |
7536 | pte_unmap_unlock(ptep, ptl); | |
7537 | } | |
7538 | #endif | |
7539 | +#endif | |
7540 | /* a read */ | |
7541 | } else { | |
7542 | /* protection fault */ | |
7543 | @@ -279,6 +657,33 @@ bad_area: | |
7544 | ||
7545 | /* User mode accesses cause a SIGSEGV */ | |
7546 | if (user_mode(regs)) { | |
7547 | + | |
7548 | +#ifdef CONFIG_PAX_PAGEEXEC | |
7549 | + if (mm->pax_flags & MF_PAX_PAGEEXEC) { | |
7550 | + if ((TRAP(regs) == 0x400) && (regs->nip == address)) { | |
7551 | + switch (pax_handle_fetch_fault(regs)) { | |
7552 | + | |
7553 | +#ifdef CONFIG_PAX_EMUPLT | |
7554 | + case 2: | |
7555 | + case 3: | |
7556 | + case 4: | |
7557 | + return 0; | |
7558 | +#endif | |
7559 | + | |
7560 | +#ifdef CONFIG_PAX_EMUSIGRT | |
7561 | + case 5: | |
7562 | + case 6: | |
7563 | + return 0; | |
7564 | +#endif | |
7565 | + | |
7566 | + } | |
7567 | + | |
7568 | + pax_report_fault(regs, (void*)regs->nip, (void*)regs->gpr[1]); | |
7569 | + do_exit(SIGKILL); | |
7570 | + } | |
7571 | + } | |
7572 | +#endif | |
7573 | + | |
7574 | _exception(SIGSEGV, regs, code, address); | |
7575 | return 0; | |
7576 | } | |
7577 | diff -urNp linux-2.6.19.1/arch/s390/kernel/module.c linux-2.6.19.1/arch/s390/kernel/module.c | |
7578 | --- linux-2.6.19.1/arch/s390/kernel/module.c 2006-11-29 16:57:37.000000000 -0500 | |
7579 | +++ linux-2.6.19.1/arch/s390/kernel/module.c 2006-12-03 15:15:52.000000000 -0500 | |
7580 | @@ -164,11 +164,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr, | |
7581 | ||
7582 | /* Increase core size by size of got & plt and set start | |
7583 | offsets for got and plt. */ | |
7584 | - me->core_size = ALIGN(me->core_size, 4); | |
7585 | - me->arch.got_offset = me->core_size; | |
7586 | - me->core_size += me->arch.got_size; | |
7587 | - me->arch.plt_offset = me->core_size; | |
7588 | - me->core_size += me->arch.plt_size; | |
7589 | + me->core_size_rw = ALIGN(me->core_size_rw, 4); | |
7590 | + me->arch.got_offset = me->core_size_rw; | |
7591 | + me->core_size_rw += me->arch.got_size; | |
7592 | + me->arch.plt_offset = me->core_size_rx; | |
7593 | + me->core_size_rx += me->arch.plt_size; | |
7594 | return 0; | |
7595 | } | |
7596 | ||
7597 | @@ -254,7 +254,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base | |
7598 | if (info->got_initialized == 0) { | |
7599 | Elf_Addr *gotent; | |
7600 | ||
7601 | - gotent = me->module_core + me->arch.got_offset + | |
7602 | + gotent = me->module_core_rw + me->arch.got_offset + | |
7603 | info->got_offset; | |
7604 | *gotent = val; | |
7605 | info->got_initialized = 1; | |
7606 | @@ -278,7 +278,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base | |
7607 | else if (r_type == R_390_GOTENT || | |
7608 | r_type == R_390_GOTPLTENT) | |
7609 | *(unsigned int *) loc = | |
7610 | - (val + (Elf_Addr) me->module_core - loc) >> 1; | |
7611 | + (val + (Elf_Addr) me->module_core_rw - loc) >> 1; | |
7612 | else if (r_type == R_390_GOT64 || | |
7613 | r_type == R_390_GOTPLT64) | |
7614 | *(unsigned long *) loc = val; | |
7615 | @@ -292,7 +292,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base | |
7616 | case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */ | |
7617 | if (info->plt_initialized == 0) { | |
7618 | unsigned int *ip; | |
7619 | - ip = me->module_core + me->arch.plt_offset + | |
7620 | + ip = me->module_core_rx + me->arch.plt_offset + | |
7621 | info->plt_offset; | |
7622 | #ifndef CONFIG_64BIT | |
7623 | ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */ | |
7624 | @@ -314,7 +314,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base | |
7625 | val = me->arch.plt_offset - me->arch.got_offset + | |
7626 | info->plt_offset + rela->r_addend; | |
7627 | else | |
7628 | - val = (Elf_Addr) me->module_core + | |
7629 | + val = (Elf_Addr) me->module_core_rx + | |
7630 | me->arch.plt_offset + info->plt_offset + | |
7631 | rela->r_addend - loc; | |
7632 | if (r_type == R_390_PLT16DBL) | |
7633 | @@ -334,7 +334,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base | |
7634 | case R_390_GOTOFF32: /* 32 bit offset to GOT. */ | |
7635 | case R_390_GOTOFF64: /* 64 bit offset to GOT. */ | |
7636 | val = val + rela->r_addend - | |
7637 | - ((Elf_Addr) me->module_core + me->arch.got_offset); | |
7638 | + ((Elf_Addr) me->module_core_rw + me->arch.got_offset); | |
7639 | if (r_type == R_390_GOTOFF16) | |
7640 | *(unsigned short *) loc = val; | |
7641 | else if (r_type == R_390_GOTOFF32) | |
7642 | @@ -344,7 +344,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base | |
7643 | break; | |
7644 | case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */ | |
7645 | case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */ | |
7646 | - val = (Elf_Addr) me->module_core + me->arch.got_offset + | |
7647 | + val = (Elf_Addr) me->module_core_rw + me->arch.got_offset + | |
7648 | rela->r_addend - loc; | |
7649 | if (r_type == R_390_GOTPC) | |
7650 | *(unsigned int *) loc = val; | |
7651 | diff -urNp linux-2.6.19.1/arch/sparc/kernel/ptrace.c linux-2.6.19.1/arch/sparc/kernel/ptrace.c | |
7652 | --- linux-2.6.19.1/arch/sparc/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
7653 | +++ linux-2.6.19.1/arch/sparc/kernel/ptrace.c 2006-12-03 15:15:54.000000000 -0500 | |
7654 | @@ -19,6 +19,7 @@ | |
c3e8c1b5 | 7655 | #include <linux/security.h> |
7656 | #include <linux/signal.h> | |
b6fa5d20 | 7657 | #include <linux/vs_base.h> |
c3e8c1b5 | 7658 | +#include <linux/grsecurity.h> |
7659 | ||
7660 | #include <asm/pgtable.h> | |
7661 | #include <asm/system.h> | |
7662 | @@ -300,6 +301,11 @@ asmlinkage void do_ptrace(struct pt_regs | |
7663 | goto out; | |
7664 | } | |
7665 | ||
7666 | + if (gr_handle_ptrace(child, request)) { | |
7667 | + pt_error_return(regs, EPERM); | |
7668 | + goto out_tsk; | |
7669 | + } | |
7670 | + | |
7671 | if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH) | |
7672 | || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) { | |
7673 | if (ptrace_attach(child)) { | |
7674 | diff -urNp linux-2.6.19.1/arch/sparc/kernel/sys_sparc.c linux-2.6.19.1/arch/sparc/kernel/sys_sparc.c | |
7675 | --- linux-2.6.19.1/arch/sparc/kernel/sys_sparc.c 2006-11-29 16:57:37.000000000 -0500 | |
7676 | +++ linux-2.6.19.1/arch/sparc/kernel/sys_sparc.c 2006-12-03 15:15:54.000000000 -0500 | |
7677 | @@ -57,7 +57,7 @@ unsigned long arch_get_unmapped_area(str | |
7678 | if (ARCH_SUN4C_SUN4 && len > 0x20000000) | |
7679 | return -ENOMEM; | |
7680 | if (!addr) | |
7681 | - addr = TASK_UNMAPPED_BASE; | |
7682 | + addr = current->mm->mmap_base; | |
7683 | ||
7684 | if (flags & MAP_SHARED) | |
7685 | addr = COLOUR_ALIGN(addr); | |
7686 | diff -urNp linux-2.6.19.1/arch/sparc/Makefile linux-2.6.19.1/arch/sparc/Makefile | |
7687 | --- linux-2.6.19.1/arch/sparc/Makefile 2006-11-29 16:57:37.000000000 -0500 | |
7688 | +++ linux-2.6.19.1/arch/sparc/Makefile 2006-12-03 15:15:53.000000000 -0500 | |
7689 | @@ -36,7 +36,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc | |
7690 | # Renaming is done to avoid confusing pattern matching rules in 2.5.45 (multy-) | |
7691 | INIT_Y := $(patsubst %/, %/built-in.o, $(init-y)) | |
7692 | CORE_Y := $(core-y) | |
7693 | -CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ | |
7694 | +CORE_Y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/ | |
7695 | CORE_Y := $(patsubst %/, %/built-in.o, $(CORE_Y)) | |
7696 | DRIVERS_Y := $(patsubst %/, %/built-in.o, $(drivers-y)) | |
7697 | NET_Y := $(patsubst %/, %/built-in.o, $(net-y)) | |
7698 | diff -urNp linux-2.6.19.1/arch/sparc/mm/fault.c linux-2.6.19.1/arch/sparc/mm/fault.c | |
7699 | --- linux-2.6.19.1/arch/sparc/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
7700 | +++ linux-2.6.19.1/arch/sparc/mm/fault.c 2006-12-03 15:15:54.000000000 -0500 | |
7701 | @@ -21,6 +21,10 @@ | |
7702 | #include <linux/smp_lock.h> | |
7703 | #include <linux/interrupt.h> | |
7704 | #include <linux/module.h> | |
7705 | +#include <linux/slab.h> | |
7706 | +#include <linux/pagemap.h> | |
7707 | +#include <linux/compiler.h> | |
7708 | +#include <linux/binfmts.h> | |
7709 | ||
7710 | #include <asm/system.h> | |
7711 | #include <asm/page.h> | |
7712 | @@ -217,6 +221,252 @@ static unsigned long compute_si_addr(str | |
7713 | return safe_compute_effective_address(regs, insn); | |
7714 | } | |
7715 | ||
7716 | +#ifdef CONFIG_PAX_PAGEEXEC | |
7717 | +void pax_emuplt_close(struct vm_area_struct * vma) | |
7718 | +{ | |
7719 | + vma->vm_mm->call_dl_resolve = 0UL; | |
7720 | +} | |
7721 | + | |
7722 | +static struct page* pax_emuplt_nopage(struct vm_area_struct *vma, unsigned long address, int *type) | |
7723 | +{ | |
7724 | + struct page* page; | |
7725 | + unsigned int *kaddr; | |
7726 | + | |
7727 | + page = alloc_page(GFP_HIGHUSER); | |
7728 | + if (!page) | |
7729 | + return NOPAGE_OOM; | |
7730 | + | |
7731 | + kaddr = kmap(page); | |
7732 | + memset(kaddr, 0, PAGE_SIZE); | |
7733 | + kaddr[0] = 0x9DE3BFA8U; /* save */ | |
7734 | + flush_dcache_page(page); | |
7735 | + kunmap(page); | |
7736 | + if (type) | |
7737 | + *type = VM_FAULT_MAJOR; | |
7738 | + | |
7739 | + return page; | |
7740 | +} | |
7741 | + | |
7742 | +static struct vm_operations_struct pax_vm_ops = { | |
7743 | + .close = pax_emuplt_close, | |
7744 | + .nopage = pax_emuplt_nopage, | |
7745 | +}; | |
7746 | + | |
7747 | +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) | |
7748 | +{ | |
7749 | + int ret; | |
7750 | + | |
7751 | + memset(vma, 0, sizeof(*vma)); | |
7752 | + vma->vm_mm = current->mm; | |
7753 | + vma->vm_start = addr; | |
7754 | + vma->vm_end = addr + PAGE_SIZE; | |
7755 | + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC; | |
7756 | + vma->vm_page_prot = protection_map[vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
7757 | + vma->vm_ops = &pax_vm_ops; | |
7758 | + | |
7759 | + ret = insert_vm_struct(current->mm, vma); | |
7760 | + if (ret) | |
7761 | + return ret; | |
7762 | + | |
7763 | + ++current->mm->total_vm; | |
7764 | + return 0; | |
7765 | +} | |
7766 | + | |
7767 | +/* | |
7768 | + * PaX: decide what to do with offenders (regs->pc = fault address) | |
7769 | + * | |
7770 | + * returns 1 when task should be killed | |
7771 | + * 2 when patched PLT trampoline was detected | |
7772 | + * 3 when unpatched PLT trampoline was detected | |
7773 | + */ | |
7774 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
7775 | +{ | |
7776 | + | |
7777 | +#ifdef CONFIG_PAX_EMUPLT | |
7778 | + int err; | |
7779 | + | |
7780 | + do { /* PaX: patched PLT emulation #1 */ | |
7781 | + unsigned int sethi1, sethi2, jmpl; | |
7782 | + | |
7783 | + err = get_user(sethi1, (unsigned int*)regs->pc); | |
7784 | + err |= get_user(sethi2, (unsigned int*)(regs->pc+4)); | |
7785 | + err |= get_user(jmpl, (unsigned int*)(regs->pc+8)); | |
7786 | + | |
7787 | + if (err) | |
7788 | + break; | |
7789 | + | |
7790 | + if ((sethi1 & 0xFFC00000U) == 0x03000000U && | |
7791 | + (sethi2 & 0xFFC00000U) == 0x03000000U && | |
7792 | + (jmpl & 0xFFFFE000U) == 0x81C06000U) | |
7793 | + { | |
7794 | + unsigned int addr; | |
7795 | + | |
7796 | + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10; | |
7797 | + addr = regs->u_regs[UREG_G1]; | |
7798 | + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U); | |
7799 | + regs->pc = addr; | |
7800 | + regs->npc = addr+4; | |
7801 | + return 2; | |
7802 | + } | |
7803 | + } while (0); | |
7804 | + | |
7805 | + { /* PaX: patched PLT emulation #2 */ | |
7806 | + unsigned int ba; | |
7807 | + | |
7808 | + err = get_user(ba, (unsigned int*)regs->pc); | |
7809 | + | |
7810 | + if (!err && (ba & 0xFFC00000U) == 0x30800000U) { | |
7811 | + unsigned int addr; | |
7812 | + | |
7813 | + addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2); | |
7814 | + regs->pc = addr; | |
7815 | + regs->npc = addr+4; | |
7816 | + return 2; | |
7817 | + } | |
7818 | + } | |
7819 | + | |
7820 | + do { /* PaX: patched PLT emulation #3 */ | |
7821 | + unsigned int sethi, jmpl, nop; | |
7822 | + | |
7823 | + err = get_user(sethi, (unsigned int*)regs->pc); | |
7824 | + err |= get_user(jmpl, (unsigned int*)(regs->pc+4)); | |
7825 | + err |= get_user(nop, (unsigned int*)(regs->pc+8)); | |
7826 | + | |
7827 | + if (err) | |
7828 | + break; | |
7829 | + | |
7830 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
7831 | + (jmpl & 0xFFFFE000U) == 0x81C06000U && | |
7832 | + nop == 0x01000000U) | |
7833 | + { | |
7834 | + unsigned int addr; | |
7835 | + | |
7836 | + addr = (sethi & 0x003FFFFFU) << 10; | |
7837 | + regs->u_regs[UREG_G1] = addr; | |
7838 | + addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U); | |
7839 | + regs->pc = addr; | |
7840 | + regs->npc = addr+4; | |
7841 | + return 2; | |
7842 | + } | |
7843 | + } while (0); | |
7844 | + | |
7845 | + do { /* PaX: unpatched PLT emulation step 1 */ | |
7846 | + unsigned int sethi, ba, nop; | |
7847 | + | |
7848 | + err = get_user(sethi, (unsigned int*)regs->pc); | |
7849 | + err |= get_user(ba, (unsigned int*)(regs->pc+4)); | |
7850 | + err |= get_user(nop, (unsigned int*)(regs->pc+8)); | |
7851 | + | |
7852 | + if (err) | |
7853 | + break; | |
7854 | + | |
7855 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
7856 | + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) && | |
7857 | + nop == 0x01000000U) | |
7858 | + { | |
7859 | + unsigned int addr, save, call; | |
7860 | + | |
7861 | + if ((ba & 0xFFC00000U) == 0x30800000U) | |
7862 | + addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2); | |
7863 | + else | |
7864 | + addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2); | |
7865 | + | |
7866 | + err = get_user(save, (unsigned int*)addr); | |
7867 | + err |= get_user(call, (unsigned int*)(addr+4)); | |
7868 | + err |= get_user(nop, (unsigned int*)(addr+8)); | |
7869 | + if (err) | |
7870 | + break; | |
7871 | + | |
7872 | + if (save == 0x9DE3BFA8U && | |
7873 | + (call & 0xC0000000U) == 0x40000000U && | |
7874 | + nop == 0x01000000U) | |
7875 | + { | |
7876 | + struct vm_area_struct *vma; | |
7877 | + unsigned long call_dl_resolve; | |
7878 | + | |
7879 | + down_read(¤t->mm->mmap_sem); | |
7880 | + call_dl_resolve = current->mm->call_dl_resolve; | |
7881 | + up_read(¤t->mm->mmap_sem); | |
7882 | + if (likely(call_dl_resolve)) | |
7883 | + goto emulate; | |
7884 | + | |
7885 | + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
7886 | + | |
7887 | + down_write(¤t->mm->mmap_sem); | |
7888 | + if (current->mm->call_dl_resolve) { | |
7889 | + call_dl_resolve = current->mm->call_dl_resolve; | |
7890 | + up_write(¤t->mm->mmap_sem); | |
7891 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
7892 | + goto emulate; | |
7893 | + } | |
7894 | + | |
7895 | + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
7896 | + if (!vma || (call_dl_resolve & ~PAGE_MASK)) { | |
7897 | + up_write(¤t->mm->mmap_sem); | |
7898 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
7899 | + return 1; | |
7900 | + } | |
7901 | + | |
7902 | + if (pax_insert_vma(vma, call_dl_resolve)) { | |
7903 | + up_write(¤t->mm->mmap_sem); | |
7904 | + kmem_cache_free(vm_area_cachep, vma); | |
7905 | + return 1; | |
7906 | + } | |
7907 | + | |
7908 | + current->mm->call_dl_resolve = call_dl_resolve; | |
7909 | + up_write(¤t->mm->mmap_sem); | |
7910 | + | |
7911 | +emulate: | |
7912 | + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10; | |
7913 | + regs->pc = call_dl_resolve; | |
7914 | + regs->npc = addr+4; | |
7915 | + return 3; | |
7916 | + } | |
7917 | + } | |
7918 | + } while (0); | |
7919 | + | |
7920 | + do { /* PaX: unpatched PLT emulation step 2 */ | |
7921 | + unsigned int save, call, nop; | |
7922 | + | |
7923 | + err = get_user(save, (unsigned int*)(regs->pc-4)); | |
7924 | + err |= get_user(call, (unsigned int*)regs->pc); | |
7925 | + err |= get_user(nop, (unsigned int*)(regs->pc+4)); | |
7926 | + if (err) | |
7927 | + break; | |
7928 | + | |
7929 | + if (save == 0x9DE3BFA8U && | |
7930 | + (call & 0xC0000000U) == 0x40000000U && | |
7931 | + nop == 0x01000000U) | |
7932 | + { | |
7933 | + unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2); | |
7934 | + | |
7935 | + regs->u_regs[UREG_RETPC] = regs->pc; | |
7936 | + regs->pc = dl_resolve; | |
7937 | + regs->npc = dl_resolve+4; | |
7938 | + return 3; | |
7939 | + } | |
7940 | + } while (0); | |
7941 | +#endif | |
7942 | + | |
7943 | + return 1; | |
7944 | +} | |
7945 | + | |
7946 | +void pax_report_insns(void *pc, void *sp) | |
7947 | +{ | |
7948 | + unsigned long i; | |
7949 | + | |
7950 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
7951 | + for (i = 0; i < 5; i++) { | |
7952 | + unsigned int c; | |
7953 | + if (get_user(c, (unsigned int*)pc+i)) | |
7954 | + printk("???????? "); | |
7955 | + else | |
7956 | + printk("%08x ", c); | |
7957 | + } | |
7958 | + printk("\n"); | |
7959 | +} | |
7960 | +#endif | |
7961 | + | |
7962 | asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write, | |
7963 | unsigned long address) | |
7964 | { | |
7965 | @@ -280,6 +530,24 @@ good_area: | |
7966 | if(!(vma->vm_flags & VM_WRITE)) | |
7967 | goto bad_area; | |
7968 | } else { | |
7969 | + | |
7970 | +#ifdef CONFIG_PAX_PAGEEXEC | |
7971 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) { | |
7972 | + up_read(&mm->mmap_sem); | |
7973 | + switch (pax_handle_fetch_fault(regs)) { | |
7974 | + | |
7975 | +#ifdef CONFIG_PAX_EMUPLT | |
7976 | + case 2: | |
7977 | + case 3: | |
7978 | + return; | |
7979 | +#endif | |
7980 | + | |
7981 | + } | |
7982 | + pax_report_fault(regs, (void*)regs->pc, (void*)regs->u_regs[UREG_FP]); | |
7983 | + do_exit(SIGKILL); | |
7984 | + } | |
7985 | +#endif | |
7986 | + | |
7987 | /* Allow reads even for write-only mappings */ | |
7988 | if(!(vma->vm_flags & (VM_READ | VM_EXEC))) | |
7989 | goto bad_area; | |
7990 | diff -urNp linux-2.6.19.1/arch/sparc/mm/init.c linux-2.6.19.1/arch/sparc/mm/init.c | |
7991 | --- linux-2.6.19.1/arch/sparc/mm/init.c 2006-11-29 16:57:37.000000000 -0500 | |
7992 | +++ linux-2.6.19.1/arch/sparc/mm/init.c 2006-12-03 15:15:54.000000000 -0500 | |
7993 | @@ -333,17 +333,17 @@ void __init paging_init(void) | |
7994 | ||
7995 | /* Initialize the protection map with non-constant, MMU dependent values. */ | |
7996 | protection_map[0] = PAGE_NONE; | |
7997 | - protection_map[1] = PAGE_READONLY; | |
7998 | - protection_map[2] = PAGE_COPY; | |
7999 | - protection_map[3] = PAGE_COPY; | |
8000 | + protection_map[1] = PAGE_READONLY_NOEXEC; | |
8001 | + protection_map[2] = PAGE_COPY_NOEXEC; | |
8002 | + protection_map[3] = PAGE_COPY_NOEXEC; | |
8003 | protection_map[4] = PAGE_READONLY; | |
8004 | protection_map[5] = PAGE_READONLY; | |
8005 | protection_map[6] = PAGE_COPY; | |
8006 | protection_map[7] = PAGE_COPY; | |
8007 | protection_map[8] = PAGE_NONE; | |
8008 | - protection_map[9] = PAGE_READONLY; | |
8009 | - protection_map[10] = PAGE_SHARED; | |
8010 | - protection_map[11] = PAGE_SHARED; | |
8011 | + protection_map[9] = PAGE_READONLY_NOEXEC; | |
8012 | + protection_map[10] = PAGE_SHARED_NOEXEC; | |
8013 | + protection_map[11] = PAGE_SHARED_NOEXEC; | |
8014 | protection_map[12] = PAGE_READONLY; | |
8015 | protection_map[13] = PAGE_READONLY; | |
8016 | protection_map[14] = PAGE_SHARED; | |
8017 | diff -urNp linux-2.6.19.1/arch/sparc/mm/srmmu.c linux-2.6.19.1/arch/sparc/mm/srmmu.c | |
8018 | --- linux-2.6.19.1/arch/sparc/mm/srmmu.c 2006-11-29 16:57:37.000000000 -0500 | |
8019 | +++ linux-2.6.19.1/arch/sparc/mm/srmmu.c 2006-12-03 15:15:54.000000000 -0500 | |
8020 | @@ -2160,6 +2160,13 @@ void __init ld_mmu_srmmu(void) | |
8021 | BTFIXUPSET_INT(page_shared, pgprot_val(SRMMU_PAGE_SHARED)); | |
8022 | BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY)); | |
8023 | BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY)); | |
8024 | + | |
8025 | +#ifdef CONFIG_PAX_PAGEEXEC | |
8026 | + BTFIXUPSET_INT(page_shared_noexec, pgprot_val(SRMMU_PAGE_SHARED_NOEXEC)); | |
8027 | + BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC)); | |
8028 | + BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC)); | |
8029 | +#endif | |
8030 | + | |
8031 | BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL)); | |
8032 | page_kernel = pgprot_val(SRMMU_PAGE_KERNEL); | |
8033 | ||
8034 | diff -urNp linux-2.6.19.1/arch/sparc64/kernel/ptrace.c linux-2.6.19.1/arch/sparc64/kernel/ptrace.c | |
8035 | --- linux-2.6.19.1/arch/sparc64/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
8036 | +++ linux-2.6.19.1/arch/sparc64/kernel/ptrace.c 2006-12-03 15:15:54.000000000 -0500 | |
8037 | @@ -22,6 +22,7 @@ | |
c3e8c1b5 | 8038 | #include <linux/audit.h> |
8039 | #include <linux/signal.h> | |
b6fa5d20 | 8040 | #include <linux/vs_base.h> |
c3e8c1b5 | 8041 | +#include <linux/grsecurity.h> |
8042 | ||
8043 | #include <asm/asi.h> | |
8044 | #include <asm/pgtable.h> | |
8045 | @@ -213,6 +214,11 @@ asmlinkage void do_ptrace(struct pt_regs | |
8046 | goto out; | |
8047 | } | |
8048 | ||
8049 | + if (gr_handle_ptrace(child, (long)request)) { | |
8050 | + pt_error_return(regs, EPERM); | |
8051 | + goto out_tsk; | |
8052 | + } | |
8053 | + | |
8054 | if ((current->personality == PER_SUNOS && request == PTRACE_SUNATTACH) | |
8055 | || (current->personality != PER_SUNOS && request == PTRACE_ATTACH)) { | |
8056 | if (ptrace_attach(child)) { | |
8057 | diff -urNp linux-2.6.19.1/arch/sparc64/kernel/sys_sparc.c linux-2.6.19.1/arch/sparc64/kernel/sys_sparc.c | |
8058 | --- linux-2.6.19.1/arch/sparc64/kernel/sys_sparc.c 2006-11-29 16:57:37.000000000 -0500 | |
8059 | +++ linux-2.6.19.1/arch/sparc64/kernel/sys_sparc.c 2006-12-03 15:15:54.000000000 -0500 | |
8060 | @@ -140,6 +140,10 @@ unsigned long arch_get_unmapped_area(str | |
8061 | if (filp || (flags & MAP_SHARED)) | |
8062 | do_color_align = 1; | |
8063 | ||
8064 | +#ifdef CONFIG_PAX_RANDMMAP | |
8065 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp) | |
8066 | +#endif | |
8067 | + | |
8068 | if (addr) { | |
8069 | if (do_color_align) | |
8070 | addr = COLOUR_ALIGN(addr, pgoff); | |
8071 | @@ -153,9 +157,9 @@ unsigned long arch_get_unmapped_area(str | |
8072 | } | |
8073 | ||
8074 | if (len > mm->cached_hole_size) { | |
8075 | - start_addr = addr = mm->free_area_cache; | |
8076 | + start_addr = addr = mm->free_area_cache; | |
8077 | } else { | |
8078 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
8079 | + start_addr = addr = mm->mmap_base; | |
8080 | mm->cached_hole_size = 0; | |
8081 | } | |
8082 | ||
8083 | @@ -175,8 +179,8 @@ full_search: | |
8084 | vma = find_vma(mm, VA_EXCLUDE_END); | |
8085 | } | |
8086 | if (unlikely(task_size < addr)) { | |
8087 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
8088 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
8089 | + if (start_addr != mm->mmap_base) { | |
8090 | + start_addr = addr = mm->mmap_base; | |
8091 | mm->cached_hole_size = 0; | |
8092 | goto full_search; | |
8093 | } | |
8094 | @@ -379,6 +383,12 @@ void arch_pick_mmap_layout(struct mm_str | |
8095 | current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY || | |
8096 | sysctl_legacy_va_layout) { | |
8097 | mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; | |
8098 | + | |
8099 | +#ifdef CONFIG_PAX_RANDMMAP | |
8100 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
8101 | + mm->mmap_base += mm->delta_mmap; | |
8102 | +#endif | |
8103 | + | |
8104 | mm->get_unmapped_area = arch_get_unmapped_area; | |
8105 | mm->unmap_area = arch_unmap_area; | |
8106 | } else { | |
8107 | @@ -393,6 +403,12 @@ void arch_pick_mmap_layout(struct mm_str | |
8108 | gap = (task_size / 6 * 5); | |
8109 | ||
8110 | mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); | |
8111 | + | |
8112 | +#ifdef CONFIG_PAX_RANDMMAP | |
8113 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
8114 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
8115 | +#endif | |
8116 | + | |
8117 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
8118 | mm->unmap_area = arch_unmap_area_topdown; | |
8119 | } | |
8120 | diff -urNp linux-2.6.19.1/arch/sparc64/mm/fault.c linux-2.6.19.1/arch/sparc64/mm/fault.c | |
8121 | --- linux-2.6.19.1/arch/sparc64/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
8122 | +++ linux-2.6.19.1/arch/sparc64/mm/fault.c 2006-12-03 15:15:54.000000000 -0500 | |
8123 | @@ -20,6 +20,10 @@ | |
8124 | #include <linux/interrupt.h> | |
8125 | #include <linux/kprobes.h> | |
8126 | #include <linux/kallsyms.h> | |
8127 | +#include <linux/slab.h> | |
8128 | +#include <linux/pagemap.h> | |
8129 | +#include <linux/compiler.h> | |
8130 | +#include <linux/binfmts.h> | |
8131 | ||
8132 | #include <asm/page.h> | |
8133 | #include <asm/pgtable.h> | |
8134 | @@ -290,6 +294,369 @@ cannot_handle: | |
8135 | unhandled_fault (address, current, regs); | |
8136 | } | |
8137 | ||
8138 | +#ifdef CONFIG_PAX_PAGEEXEC | |
8139 | +#ifdef CONFIG_PAX_EMUPLT | |
8140 | +static void pax_emuplt_close(struct vm_area_struct * vma) | |
8141 | +{ | |
8142 | + vma->vm_mm->call_dl_resolve = 0UL; | |
8143 | +} | |
8144 | + | |
8145 | +static struct page* pax_emuplt_nopage(struct vm_area_struct *vma, unsigned long address, int *type) | |
8146 | +{ | |
8147 | + struct page* page; | |
8148 | + unsigned int *kaddr; | |
8149 | + | |
8150 | + page = alloc_page(GFP_HIGHUSER); | |
8151 | + if (!page) | |
8152 | + return NOPAGE_OOM; | |
8153 | + | |
8154 | + kaddr = kmap(page); | |
8155 | + memset(kaddr, 0, PAGE_SIZE); | |
8156 | + kaddr[0] = 0x9DE3BFA8U; /* save */ | |
8157 | + flush_dcache_page(page); | |
8158 | + kunmap(page); | |
8159 | + if (type) | |
8160 | + *type = VM_FAULT_MAJOR; | |
8161 | + return page; | |
8162 | +} | |
8163 | + | |
8164 | +static struct vm_operations_struct pax_vm_ops = { | |
8165 | + .close = pax_emuplt_close, | |
8166 | + .nopage = pax_emuplt_nopage, | |
8167 | +}; | |
8168 | + | |
8169 | +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) | |
8170 | +{ | |
8171 | + int ret; | |
8172 | + | |
8173 | + memset(vma, 0, sizeof(*vma)); | |
8174 | + vma->vm_mm = current->mm; | |
8175 | + vma->vm_start = addr; | |
8176 | + vma->vm_end = addr + PAGE_SIZE; | |
8177 | + vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC; | |
8178 | + vma->vm_page_prot = protection_map[vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
8179 | + vma->vm_ops = &pax_vm_ops; | |
8180 | + | |
8181 | + ret = insert_vm_struct(current->mm, vma); | |
8182 | + if (ret) | |
8183 | + return ret; | |
8184 | + | |
8185 | + ++current->mm->total_vm; | |
8186 | + return 0; | |
8187 | +} | |
8188 | +#endif | |
8189 | + | |
8190 | +/* | |
8191 | + * PaX: decide what to do with offenders (regs->tpc = fault address) | |
8192 | + * | |
8193 | + * returns 1 when task should be killed | |
8194 | + * 2 when patched PLT trampoline was detected | |
8195 | + * 3 when unpatched PLT trampoline was detected | |
8196 | + */ | |
8197 | +static int pax_handle_fetch_fault(struct pt_regs *regs) | |
8198 | +{ | |
8199 | + | |
8200 | +#ifdef CONFIG_PAX_EMUPLT | |
8201 | + int err; | |
8202 | + | |
8203 | + do { /* PaX: patched PLT emulation #1 */ | |
8204 | + unsigned int sethi1, sethi2, jmpl; | |
8205 | + | |
8206 | + err = get_user(sethi1, (unsigned int*)regs->tpc); | |
8207 | + err |= get_user(sethi2, (unsigned int*)(regs->tpc+4)); | |
8208 | + err |= get_user(jmpl, (unsigned int*)(regs->tpc+8)); | |
8209 | + | |
8210 | + if (err) | |
8211 | + break; | |
8212 | + | |
8213 | + if ((sethi1 & 0xFFC00000U) == 0x03000000U && | |
8214 | + (sethi2 & 0xFFC00000U) == 0x03000000U && | |
8215 | + (jmpl & 0xFFFFE000U) == 0x81C06000U) | |
8216 | + { | |
8217 | + unsigned long addr; | |
8218 | + | |
8219 | + regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10; | |
8220 | + addr = regs->u_regs[UREG_G1]; | |
8221 | + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL); | |
8222 | + regs->tpc = addr; | |
8223 | + regs->tnpc = addr+4; | |
8224 | + return 2; | |
8225 | + } | |
8226 | + } while (0); | |
8227 | + | |
8228 | + { /* PaX: patched PLT emulation #2 */ | |
8229 | + unsigned int ba; | |
8230 | + | |
8231 | + err = get_user(ba, (unsigned int*)regs->tpc); | |
8232 | + | |
8233 | + if (!err && (ba & 0xFFC00000U) == 0x30800000U) { | |
8234 | + unsigned long addr; | |
8235 | + | |
8236 | + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2); | |
8237 | + regs->tpc = addr; | |
8238 | + regs->tnpc = addr+4; | |
8239 | + return 2; | |
8240 | + } | |
8241 | + } | |
8242 | + | |
8243 | + do { /* PaX: patched PLT emulation #3 */ | |
8244 | + unsigned int sethi, jmpl, nop; | |
8245 | + | |
8246 | + err = get_user(sethi, (unsigned int*)regs->tpc); | |
8247 | + err |= get_user(jmpl, (unsigned int*)(regs->tpc+4)); | |
8248 | + err |= get_user(nop, (unsigned int*)(regs->tpc+8)); | |
8249 | + | |
8250 | + if (err) | |
8251 | + break; | |
8252 | + | |
8253 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
8254 | + (jmpl & 0xFFFFE000U) == 0x81C06000U && | |
8255 | + nop == 0x01000000U) | |
8256 | + { | |
8257 | + unsigned long addr; | |
8258 | + | |
8259 | + addr = (sethi & 0x003FFFFFU) << 10; | |
8260 | + regs->u_regs[UREG_G1] = addr; | |
8261 | + addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL); | |
8262 | + regs->tpc = addr; | |
8263 | + regs->tnpc = addr+4; | |
8264 | + return 2; | |
8265 | + } | |
8266 | + } while (0); | |
8267 | + | |
8268 | + do { /* PaX: patched PLT emulation #4 */ | |
8269 | + unsigned int mov1, call, mov2; | |
8270 | + | |
8271 | + err = get_user(mov1, (unsigned int*)regs->tpc); | |
8272 | + err |= get_user(call, (unsigned int*)(regs->tpc+4)); | |
8273 | + err |= get_user(mov2, (unsigned int*)(regs->tpc+8)); | |
8274 | + | |
8275 | + if (err) | |
8276 | + break; | |
8277 | + | |
8278 | + if (mov1 == 0x8210000FU && | |
8279 | + (call & 0xC0000000U) == 0x40000000U && | |
8280 | + mov2 == 0x9E100001U) | |
8281 | + { | |
8282 | + unsigned long addr; | |
8283 | + | |
8284 | + regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC]; | |
8285 | + addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2); | |
8286 | + regs->tpc = addr; | |
8287 | + regs->tnpc = addr+4; | |
8288 | + return 2; | |
8289 | + } | |
8290 | + } while (0); | |
8291 | + | |
8292 | + do { /* PaX: patched PLT emulation #5 */ | |
8293 | + unsigned int sethi1, sethi2, or1, or2, sllx, jmpl, nop; | |
8294 | + | |
8295 | + err = get_user(sethi1, (unsigned int*)regs->tpc); | |
8296 | + err |= get_user(sethi2, (unsigned int*)(regs->tpc+4)); | |
8297 | + err |= get_user(or1, (unsigned int*)(regs->tpc+8)); | |
8298 | + err |= get_user(or2, (unsigned int*)(regs->tpc+12)); | |
8299 | + err |= get_user(sllx, (unsigned int*)(regs->tpc+16)); | |
8300 | + err |= get_user(jmpl, (unsigned int*)(regs->tpc+20)); | |
8301 | + err |= get_user(nop, (unsigned int*)(regs->tpc+24)); | |
8302 | + | |
8303 | + if (err) | |
8304 | + break; | |
8305 | + | |
8306 | + if ((sethi1 & 0xFFC00000U) == 0x03000000U && | |
8307 | + (sethi2 & 0xFFC00000U) == 0x0B000000U && | |
8308 | + (or1 & 0xFFFFE000U) == 0x82106000U && | |
8309 | + (or2 & 0xFFFFE000U) == 0x8A116000U && | |
8310 | + sllx == 0x83287020 && | |
8311 | + jmpl == 0x81C04005U && | |
8312 | + nop == 0x01000000U) | |
8313 | + { | |
8314 | + unsigned long addr; | |
8315 | + | |
8316 | + regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU); | |
8317 | + regs->u_regs[UREG_G1] <<= 32; | |
8318 | + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU); | |
8319 | + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5]; | |
8320 | + regs->tpc = addr; | |
8321 | + regs->tnpc = addr+4; | |
8322 | + return 2; | |
8323 | + } | |
8324 | + } while (0); | |
8325 | + | |
8326 | + do { /* PaX: patched PLT emulation #6 */ | |
8327 | + unsigned int sethi1, sethi2, sllx, or, jmpl, nop; | |
8328 | + | |
8329 | + err = get_user(sethi1, (unsigned int*)regs->tpc); | |
8330 | + err |= get_user(sethi2, (unsigned int*)(regs->tpc+4)); | |
8331 | + err |= get_user(sllx, (unsigned int*)(regs->tpc+8)); | |
8332 | + err |= get_user(or, (unsigned int*)(regs->tpc+12)); | |
8333 | + err |= get_user(jmpl, (unsigned int*)(regs->tpc+16)); | |
8334 | + err |= get_user(nop, (unsigned int*)(regs->tpc+20)); | |
8335 | + | |
8336 | + if (err) | |
8337 | + break; | |
8338 | + | |
8339 | + if ((sethi1 & 0xFFC00000U) == 0x03000000U && | |
8340 | + (sethi2 & 0xFFC00000U) == 0x0B000000U && | |
8341 | + sllx == 0x83287020 && | |
8342 | + (or & 0xFFFFE000U) == 0x8A116000U && | |
8343 | + jmpl == 0x81C04005U && | |
8344 | + nop == 0x01000000U) | |
8345 | + { | |
8346 | + unsigned long addr; | |
8347 | + | |
8348 | + regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10; | |
8349 | + regs->u_regs[UREG_G1] <<= 32; | |
8350 | + regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU); | |
8351 | + addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5]; | |
8352 | + regs->tpc = addr; | |
8353 | + regs->tnpc = addr+4; | |
8354 | + return 2; | |
8355 | + } | |
8356 | + } while (0); | |
8357 | + | |
8358 | + do { /* PaX: patched PLT emulation #7 */ | |
8359 | + unsigned int sethi, ba, nop; | |
8360 | + | |
8361 | + err = get_user(sethi, (unsigned int*)regs->tpc); | |
8362 | + err |= get_user(ba, (unsigned int*)(regs->tpc+4)); | |
8363 | + err |= get_user(nop, (unsigned int*)(regs->tpc+8)); | |
8364 | + | |
8365 | + if (err) | |
8366 | + break; | |
8367 | + | |
8368 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
8369 | + (ba & 0xFFF00000U) == 0x30600000U && | |
8370 | + nop == 0x01000000U) | |
8371 | + { | |
8372 | + unsigned long addr; | |
8373 | + | |
8374 | + addr = (sethi & 0x003FFFFFU) << 10; | |
8375 | + regs->u_regs[UREG_G1] = addr; | |
8376 | + addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2); | |
8377 | + regs->tpc = addr; | |
8378 | + regs->tnpc = addr+4; | |
8379 | + return 2; | |
8380 | + } | |
8381 | + } while (0); | |
8382 | + | |
8383 | + do { /* PaX: unpatched PLT emulation step 1 */ | |
8384 | + unsigned int sethi, ba, nop; | |
8385 | + | |
8386 | + err = get_user(sethi, (unsigned int*)regs->tpc); | |
8387 | + err |= get_user(ba, (unsigned int*)(regs->tpc+4)); | |
8388 | + err |= get_user(nop, (unsigned int*)(regs->tpc+8)); | |
8389 | + | |
8390 | + if (err) | |
8391 | + break; | |
8392 | + | |
8393 | + if ((sethi & 0xFFC00000U) == 0x03000000U && | |
8394 | + ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) && | |
8395 | + nop == 0x01000000U) | |
8396 | + { | |
8397 | + unsigned long addr; | |
8398 | + unsigned int save, call; | |
8399 | + | |
8400 | + if ((ba & 0xFFC00000U) == 0x30800000U) | |
8401 | + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2); | |
8402 | + else | |
8403 | + addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2); | |
8404 | + | |
8405 | + err = get_user(save, (unsigned int*)addr); | |
8406 | + err |= get_user(call, (unsigned int*)(addr+4)); | |
8407 | + err |= get_user(nop, (unsigned int*)(addr+8)); | |
8408 | + if (err) | |
8409 | + break; | |
8410 | + | |
8411 | + if (save == 0x9DE3BFA8U && | |
8412 | + (call & 0xC0000000U) == 0x40000000U && | |
8413 | + nop == 0x01000000U) | |
8414 | + { | |
8415 | + struct vm_area_struct *vma; | |
8416 | + unsigned long call_dl_resolve; | |
8417 | + | |
8418 | + down_read(¤t->mm->mmap_sem); | |
8419 | + call_dl_resolve = current->mm->call_dl_resolve; | |
8420 | + up_read(¤t->mm->mmap_sem); | |
8421 | + if (likely(call_dl_resolve)) | |
8422 | + goto emulate; | |
8423 | + | |
8424 | + vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
8425 | + | |
8426 | + down_write(¤t->mm->mmap_sem); | |
8427 | + if (current->mm->call_dl_resolve) { | |
8428 | + call_dl_resolve = current->mm->call_dl_resolve; | |
8429 | + up_write(¤t->mm->mmap_sem); | |
8430 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
8431 | + goto emulate; | |
8432 | + } | |
8433 | + | |
8434 | + call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE); | |
8435 | + if (!vma || (call_dl_resolve & ~PAGE_MASK)) { | |
8436 | + up_write(¤t->mm->mmap_sem); | |
8437 | + if (vma) kmem_cache_free(vm_area_cachep, vma); | |
8438 | + return 1; | |
8439 | + } | |
8440 | + | |
8441 | + if (pax_insert_vma(vma, call_dl_resolve)) { | |
8442 | + up_write(¤t->mm->mmap_sem); | |
8443 | + kmem_cache_free(vm_area_cachep, vma); | |
8444 | + return 1; | |
8445 | + } | |
8446 | + | |
8447 | + current->mm->call_dl_resolve = call_dl_resolve; | |
8448 | + up_write(¤t->mm->mmap_sem); | |
8449 | + | |
8450 | +emulate: | |
8451 | + regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10; | |
8452 | + regs->tpc = call_dl_resolve; | |
8453 | + regs->tnpc = addr+4; | |
8454 | + return 3; | |
8455 | + } | |
8456 | + } | |
8457 | + } while (0); | |
8458 | + | |
8459 | + do { /* PaX: unpatched PLT emulation step 2 */ | |
8460 | + unsigned int save, call, nop; | |
8461 | + | |
8462 | + err = get_user(save, (unsigned int*)(regs->tpc-4)); | |
8463 | + err |= get_user(call, (unsigned int*)regs->tpc); | |
8464 | + err |= get_user(nop, (unsigned int*)(regs->tpc+4)); | |
8465 | + if (err) | |
8466 | + break; | |
8467 | + | |
8468 | + if (save == 0x9DE3BFA8U && | |
8469 | + (call & 0xC0000000U) == 0x40000000U && | |
8470 | + nop == 0x01000000U) | |
8471 | + { | |
8472 | + unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2); | |
8473 | + | |
8474 | + regs->u_regs[UREG_RETPC] = regs->tpc; | |
8475 | + regs->tpc = dl_resolve; | |
8476 | + regs->tnpc = dl_resolve+4; | |
8477 | + return 3; | |
8478 | + } | |
8479 | + } while (0); | |
8480 | +#endif | |
8481 | + | |
8482 | + return 1; | |
8483 | +} | |
8484 | + | |
8485 | +void pax_report_insns(void *pc, void *sp) | |
8486 | +{ | |
8487 | + unsigned long i; | |
8488 | + | |
8489 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
8490 | + for (i = 0; i < 5; i++) { | |
8491 | + unsigned int c; | |
8492 | + if (get_user(c, (unsigned int*)pc+i)) | |
8493 | + printk("???????? "); | |
8494 | + else | |
8495 | + printk("%08x ", c); | |
8496 | + } | |
8497 | + printk("\n"); | |
8498 | +} | |
8499 | +#endif | |
8500 | + | |
8501 | asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) | |
8502 | { | |
8503 | struct mm_struct *mm = current->mm; | |
8504 | @@ -332,8 +699,10 @@ asmlinkage void __kprobes do_sparc64_fau | |
8505 | goto intr_or_no_mm; | |
8506 | ||
8507 | if (test_thread_flag(TIF_32BIT)) { | |
8508 | - if (!(regs->tstate & TSTATE_PRIV)) | |
8509 | + if (!(regs->tstate & TSTATE_PRIV)) { | |
8510 | regs->tpc &= 0xffffffff; | |
8511 | + regs->tnpc &= 0xffffffff; | |
8512 | + } | |
8513 | address &= 0xffffffff; | |
8514 | } | |
8515 | ||
8516 | @@ -350,6 +719,29 @@ asmlinkage void __kprobes do_sparc64_fau | |
8517 | if (!vma) | |
8518 | goto bad_area; | |
8519 | ||
8520 | +#ifdef CONFIG_PAX_PAGEEXEC | |
8521 | + /* PaX: detect ITLB misses on non-exec pages */ | |
8522 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address && | |
8523 | + !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB)) | |
8524 | + { | |
8525 | + if (address != regs->tpc) | |
8526 | + goto good_area; | |
8527 | + | |
8528 | + up_read(&mm->mmap_sem); | |
8529 | + switch (pax_handle_fetch_fault(regs)) { | |
8530 | + | |
8531 | +#ifdef CONFIG_PAX_EMUPLT | |
8532 | + case 2: | |
8533 | + case 3: | |
8534 | + return; | |
8535 | +#endif | |
8536 | + | |
8537 | + } | |
8538 | + pax_report_fault(regs, (void*)regs->tpc, (void*)(regs->u_regs[UREG_FP] + STACK_BIAS)); | |
8539 | + do_exit(SIGKILL); | |
8540 | + } | |
8541 | +#endif | |
8542 | + | |
8543 | /* Pure DTLB misses do not tell us whether the fault causing | |
8544 | * load/store/atomic was a write or not, it only says that there | |
8545 | * was no match. So in such a case we (carefully) read the | |
8546 | diff -urNp linux-2.6.19.1/arch/v850/kernel/module.c linux-2.6.19.1/arch/v850/kernel/module.c | |
8547 | --- linux-2.6.19.1/arch/v850/kernel/module.c 2006-11-29 16:57:37.000000000 -0500 | |
8548 | +++ linux-2.6.19.1/arch/v850/kernel/module.c 2006-12-03 15:15:54.000000000 -0500 | |
8549 | @@ -150,8 +150,8 @@ static uint32_t do_plt_call (void *locat | |
8550 | tramp[1] = ((val >> 16) & 0xffff) + 0x610000; /* ...; jmp r1 */ | |
8551 | ||
8552 | /* Init, or core PLT? */ | |
8553 | - if (location >= mod->module_core | |
8554 | - && location < mod->module_core + mod->core_size) | |
8555 | + if (location >= mod->module_core_rx | |
8556 | + && location < mod->module_core_rx + mod->core_size_rx) | |
8557 | entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr; | |
8558 | else | |
8559 | entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr; | |
8560 | diff -urNp linux-2.6.19.1/arch/x86_64/boot/compressed/head.S linux-2.6.19.1/arch/x86_64/boot/compressed/head.S | |
8561 | --- linux-2.6.19.1/arch/x86_64/boot/compressed/head.S 2006-11-29 16:57:37.000000000 -0500 | |
8562 | +++ linux-2.6.19.1/arch/x86_64/boot/compressed/head.S 2006-12-03 15:15:55.000000000 -0500 | |
8563 | @@ -41,11 +41,13 @@ startup_32: | |
8564 | movl %eax,%gs | |
8565 | ||
8566 | lss stack_start,%esp | |
8567 | + movl 0x000000,%ecx | |
8568 | xorl %eax,%eax | |
8569 | 1: incl %eax # check that A20 really IS enabled | |
8570 | movl %eax,0x000000 # loop forever if it isn't | |
8571 | cmpl %eax,0x100000 | |
8572 | je 1b | |
8573 | + movl %ecx,0x000000 | |
8574 | ||
8575 | /* | |
8576 | * Initialize eflags. Some BIOS's leave bits like NT set. This would | |
8577 | diff -urNp linux-2.6.19.1/arch/x86_64/ia32/ia32_binfmt.c linux-2.6.19.1/arch/x86_64/ia32/ia32_binfmt.c | |
8578 | --- linux-2.6.19.1/arch/x86_64/ia32/ia32_binfmt.c 2006-11-29 16:57:37.000000000 -0500 | |
8579 | +++ linux-2.6.19.1/arch/x86_64/ia32/ia32_binfmt.c 2006-12-03 15:15:55.000000000 -0500 | |
8580 | @@ -190,6 +190,17 @@ struct elf_prpsinfo | |
8581 | //#include <asm/ia32.h> | |
8582 | #include <linux/elf.h> | |
8583 | ||
8584 | +#ifdef CONFIG_PAX_ASLR | |
8585 | +#define PAX_ELF_ET_DYN_BASE(tsk) 0x08048000UL | |
8586 | + | |
8587 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
8588 | +#define PAX_DELTA_MMAP_LEN(tsk) 16 | |
8589 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
8590 | +#define PAX_DELTA_EXEC_LEN(tsk) 16 | |
8591 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
8592 | +#define PAX_DELTA_STACK_LEN(tsk) 16 | |
8593 | +#endif | |
8594 | + | |
8595 | typedef struct user_i387_ia32_struct elf_fpregset_t; | |
8596 | typedef struct user32_fxsr_struct elf_fpxregset_t; | |
8597 | ||
8598 | diff -urNp linux-2.6.19.1/arch/x86_64/ia32/mmap32.c linux-2.6.19.1/arch/x86_64/ia32/mmap32.c | |
8599 | --- linux-2.6.19.1/arch/x86_64/ia32/mmap32.c 2006-11-29 16:57:37.000000000 -0500 | |
8600 | +++ linux-2.6.19.1/arch/x86_64/ia32/mmap32.c 2006-12-03 15:15:55.000000000 -0500 | |
8601 | @@ -68,10 +68,22 @@ void ia32_pick_mmap_layout(struct mm_str | |
8602 | (current->personality & ADDR_COMPAT_LAYOUT) || | |
8603 | current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY) { | |
8604 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
8605 | + | |
8606 | +#ifdef CONFIG_PAX_RANDMMAP | |
8607 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
8608 | + mm->mmap_base += mm->delta_mmap; | |
8609 | +#endif | |
8610 | + | |
8611 | mm->get_unmapped_area = arch_get_unmapped_area; | |
8612 | mm->unmap_area = arch_unmap_area; | |
8613 | } else { | |
8614 | mm->mmap_base = mmap_base(mm); | |
8615 | + | |
8616 | +#ifdef CONFIG_PAX_RANDMMAP | |
8617 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
8618 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | |
8619 | +#endif | |
8620 | + | |
8621 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | |
8622 | mm->unmap_area = arch_unmap_area_topdown; | |
8623 | } | |
8624 | diff -urNp linux-2.6.19.1/arch/x86_64/ia32/syscall32.c linux-2.6.19.1/arch/x86_64/ia32/syscall32.c | |
8625 | --- linux-2.6.19.1/arch/x86_64/ia32/syscall32.c 2006-11-29 16:57:37.000000000 -0500 | |
8626 | +++ linux-2.6.19.1/arch/x86_64/ia32/syscall32.c 2006-12-03 15:15:55.000000000 -0500 | |
8627 | @@ -49,16 +49,21 @@ int syscall32_setup_pages(struct linux_b | |
8628 | struct mm_struct *mm = current->mm; | |
8629 | int ret; | |
8630 | ||
8631 | - vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
8632 | + vma = kmem_cache_zalloc(vm_area_cachep, SLAB_KERNEL); | |
8633 | if (!vma) | |
8634 | return -ENOMEM; | |
8635 | ||
8636 | - memset(vma, 0, sizeof(struct vm_area_struct)); | |
8637 | /* Could randomize here */ | |
8638 | vma->vm_start = VSYSCALL32_BASE; | |
8639 | vma->vm_end = VSYSCALL32_END; | |
8640 | /* MAYWRITE to allow gdb to COW and set breakpoints */ | |
8641 | vma->vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYEXEC|VM_MAYWRITE; | |
8642 | + | |
8643 | +#ifdef CONFIG_PAX_MPROTECT | |
8644 | + if (mm->pax_flags & MF_PAX_MPROTECT) | |
8645 | + vma->vm_flags &= ~VM_MAYWRITE; | |
8646 | +#endif | |
8647 | + | |
8648 | vma->vm_flags |= mm->def_flags; | |
8649 | vma->vm_page_prot = protection_map[vma->vm_flags & 7]; | |
8650 | vma->vm_ops = &syscall32_vm_ops; | |
8651 | diff -urNp linux-2.6.19.1/arch/x86_64/kernel/ioport.c linux-2.6.19.1/arch/x86_64/kernel/ioport.c | |
8652 | --- linux-2.6.19.1/arch/x86_64/kernel/ioport.c 2006-11-29 16:57:37.000000000 -0500 | |
8653 | +++ linux-2.6.19.1/arch/x86_64/kernel/ioport.c 2006-12-10 22:09:57.000000000 -0500 | |
8654 | @@ -41,8 +41,16 @@ asmlinkage long sys_ioperm(unsigned long | |
8655 | ||
8656 | if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) | |
8657 | return -EINVAL; | |
8658 | + | |
8659 | +#ifdef CONFIG_GRKERNSEC_IO | |
8660 | + if (turn_on) { | |
8661 | + gr_handle_ioperm(); | |
8662 | + return -EPERM; | |
8663 | + } | |
8664 | +#else | |
8665 | if (turn_on && !capable(CAP_SYS_RAWIO)) | |
8666 | return -EPERM; | |
8667 | +#endif | |
8668 | ||
8669 | /* | |
8670 | * If it's the first ioperm() call in this thread's lifetime, set the | |
8671 | @@ -111,8 +119,13 @@ asmlinkage long sys_iopl(unsigned int le | |
8672 | return -EINVAL; | |
8673 | /* Trying to gain more privileges? */ | |
8674 | if (level > old) { | |
8675 | +#ifdef CONFIG_GRKERNSEC_IO | |
8676 | + gr_handle_iopl(); | |
8677 | + return -EPERM; | |
8678 | +#else | |
8679 | if (!capable(CAP_SYS_RAWIO)) | |
8680 | return -EPERM; | |
8681 | +#endif | |
8682 | } | |
8683 | regs->eflags = (regs->eflags &~ 0x3000UL) | (level << 12); | |
8684 | return 0; | |
8685 | diff -urNp linux-2.6.19.1/arch/x86_64/kernel/process.c linux-2.6.19.1/arch/x86_64/kernel/process.c | |
8686 | --- linux-2.6.19.1/arch/x86_64/kernel/process.c 2006-11-29 16:57:37.000000000 -0500 | |
8687 | +++ linux-2.6.19.1/arch/x86_64/kernel/process.c 2006-12-03 15:15:55.000000000 -0500 | |
8688 | @@ -871,10 +871,3 @@ int dump_task_regs(struct task_struct *t | |
8689 | ||
8690 | return 1; | |
8691 | } | |
8692 | - | |
8693 | -unsigned long arch_align_stack(unsigned long sp) | |
8694 | -{ | |
8695 | - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) | |
8696 | - sp -= get_random_int() % 8192; | |
8697 | - return sp & ~0xf; | |
8698 | -} | |
8699 | diff -urNp linux-2.6.19.1/arch/x86_64/kernel/ptrace.c linux-2.6.19.1/arch/x86_64/kernel/ptrace.c | |
8700 | --- linux-2.6.19.1/arch/x86_64/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
8701 | +++ linux-2.6.19.1/arch/x86_64/kernel/ptrace.c 2006-12-03 15:15:55.000000000 -0500 | |
8702 | @@ -19,6 +19,7 @@ | |
8703 | #include <linux/audit.h> | |
8704 | #include <linux/seccomp.h> | |
8705 | #include <linux/signal.h> | |
8706 | +#include <linux/grsecurity.h> | |
8707 | ||
8708 | #include <asm/uaccess.h> | |
8709 | #include <asm/pgtable.h> | |
8710 | diff -urNp linux-2.6.19.1/arch/x86_64/kernel/setup64.c linux-2.6.19.1/arch/x86_64/kernel/setup64.c | |
8711 | --- linux-2.6.19.1/arch/x86_64/kernel/setup64.c 2006-11-29 16:57:37.000000000 -0500 | |
8712 | +++ linux-2.6.19.1/arch/x86_64/kernel/setup64.c 2006-12-03 15:15:55.000000000 -0500 | |
8713 | @@ -38,7 +38,6 @@ char boot_cpu_stack[IRQSTACKSIZE] __attr | |
8714 | ||
8715 | unsigned long __supported_pte_mask __read_mostly = ~0UL; | |
8716 | EXPORT_SYMBOL(__supported_pte_mask); | |
8717 | -static int do_not_nx __cpuinitdata = 0; | |
8718 | ||
8719 | /* noexec=on|off | |
8720 | Control non executable mappings for 64bit processes. | |
8721 | @@ -52,16 +51,14 @@ static int __init nonx_setup(char *str) | |
8722 | return -EINVAL; | |
8723 | if (!strncmp(str, "on", 2)) { | |
8724 | __supported_pte_mask |= _PAGE_NX; | |
8725 | - do_not_nx = 0; | |
8726 | } else if (!strncmp(str, "off", 3)) { | |
8727 | - do_not_nx = 1; | |
8728 | __supported_pte_mask &= ~_PAGE_NX; | |
8729 | } | |
8730 | return 0; | |
8731 | } | |
8732 | early_param("noexec", nonx_setup); | |
8733 | ||
8734 | -int force_personality32 = 0; | |
8735 | +int force_personality32; | |
8736 | ||
8737 | /* noexec32=on|off | |
8738 | Control non executable heap for 32bit processes. | |
8739 | @@ -175,7 +172,7 @@ void __cpuinit check_efer(void) | |
8740 | unsigned long efer; | |
8741 | ||
8742 | rdmsrl(MSR_EFER, efer); | |
8743 | - if (!(efer & EFER_NX) || do_not_nx) { | |
8744 | + if (!(efer & EFER_NX)) { | |
8745 | __supported_pte_mask &= ~_PAGE_NX; | |
8746 | } | |
8747 | } | |
8748 | diff -urNp linux-2.6.19.1/arch/x86_64/kernel/signal.c linux-2.6.19.1/arch/x86_64/kernel/signal.c | |
8749 | --- linux-2.6.19.1/arch/x86_64/kernel/signal.c 2006-11-29 16:57:37.000000000 -0500 | |
8750 | +++ linux-2.6.19.1/arch/x86_64/kernel/signal.c 2006-12-03 15:15:55.000000000 -0500 | |
8751 | @@ -254,8 +254,8 @@ static int setup_rt_frame(int sig, struc | |
8752 | err |= setup_sigcontext(&frame->uc.uc_mcontext, regs, set->sig[0], me); | |
8753 | err |= __put_user(fp, &frame->uc.uc_mcontext.fpstate); | |
8754 | if (sizeof(*set) == 16) { | |
8755 | - __put_user(set->sig[0], &frame->uc.uc_sigmask.sig[0]); | |
8756 | - __put_user(set->sig[1], &frame->uc.uc_sigmask.sig[1]); | |
8757 | + err |= __put_user(set->sig[0], &frame->uc.uc_sigmask.sig[0]); | |
8758 | + err |= __put_user(set->sig[1], &frame->uc.uc_sigmask.sig[1]); | |
8759 | } else | |
8760 | err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); | |
8761 | ||
8762 | diff -urNp linux-2.6.19.1/arch/x86_64/kernel/sys_x86_64.c linux-2.6.19.1/arch/x86_64/kernel/sys_x86_64.c | |
8763 | --- linux-2.6.19.1/arch/x86_64/kernel/sys_x86_64.c 2006-11-29 16:57:37.000000000 -0500 | |
8764 | +++ linux-2.6.19.1/arch/x86_64/kernel/sys_x86_64.c 2006-12-03 15:15:55.000000000 -0500 | |
8765 | @@ -65,8 +65,8 @@ out: | |
8766 | return error; | |
8767 | } | |
8768 | ||
8769 | -static void find_start_end(unsigned long flags, unsigned long *begin, | |
8770 | - unsigned long *end) | |
8771 | +static void find_start_end(struct mm_struct *mm, unsigned long flags, | |
8772 | + unsigned long *begin, unsigned long *end) | |
8773 | { | |
8774 | if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) { | |
8775 | /* This is usually used needed to map code in small | |
8776 | @@ -79,7 +79,7 @@ static void find_start_end(unsigned long | |
8777 | *begin = 0x40000000; | |
8778 | *end = 0x80000000; | |
8779 | } else { | |
8780 | - *begin = TASK_UNMAPPED_BASE; | |
8781 | + *begin = mm->mmap_base; | |
8782 | *end = TASK_SIZE; | |
8783 | } | |
8784 | } | |
8785 | @@ -93,11 +93,15 @@ arch_get_unmapped_area(struct file *filp | |
8786 | unsigned long start_addr; | |
8787 | unsigned long begin, end; | |
8788 | ||
8789 | - find_start_end(flags, &begin, &end); | |
8790 | + find_start_end(mm, flags, &begin, &end); | |
8791 | ||
8792 | if (len > end) | |
8793 | return -ENOMEM; | |
8794 | ||
8795 | +#ifdef CONFIG_PAX_RANDMMAP | |
8796 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP) || !filp) | |
8797 | +#endif | |
8798 | + | |
8799 | if (addr) { | |
8800 | addr = PAGE_ALIGN(addr); | |
8801 | vma = find_vma(mm, addr); | |
8802 | diff -urNp linux-2.6.19.1/arch/x86_64/mm/fault.c linux-2.6.19.1/arch/x86_64/mm/fault.c | |
8803 | --- linux-2.6.19.1/arch/x86_64/mm/fault.c 2006-11-29 16:57:37.000000000 -0500 | |
8804 | +++ linux-2.6.19.1/arch/x86_64/mm/fault.c 2006-12-03 15:15:55.000000000 -0500 | |
8805 | @@ -23,6 +23,7 @@ | |
8806 | #include <linux/compiler.h> | |
8807 | #include <linux/module.h> | |
8808 | #include <linux/kprobes.h> | |
8809 | +#include <linux/binfmts.h> | |
8810 | ||
8811 | #include <asm/system.h> | |
8812 | #include <asm/uaccess.h> | |
8813 | @@ -322,6 +323,33 @@ static int vmalloc_fault(unsigned long a | |
8814 | return 0; | |
8815 | } | |
8816 | ||
8817 | +#ifdef CONFIG_PAX_PAGEEXEC | |
8818 | +void pax_report_insns(void *pc, void *sp) | |
8819 | +{ | |
8820 | + long i; | |
8821 | + | |
8822 | + printk(KERN_ERR "PAX: bytes at PC: "); | |
8823 | + for (i = 0; i < 20; i++) { | |
8824 | + unsigned char c; | |
8825 | + if (get_user(c, (unsigned char __user *)pc+i)) | |
8826 | + printk("?? "); | |
8827 | + else | |
8828 | + printk("%02x ", c); | |
8829 | + } | |
8830 | + printk("\n"); | |
8831 | + | |
8832 | + printk(KERN_ERR "PAX: bytes at SP-8: "); | |
8833 | + for (i = -1; i < 10; i++) { | |
8834 | + unsigned long c; | |
8835 | + if (get_user(c, (unsigned long __user *)sp+i)) | |
8836 | + printk("???????????????? "); | |
8837 | + else | |
8838 | + printk("%016lx ", c); | |
8839 | + } | |
8840 | + printk("\n"); | |
8841 | +} | |
8842 | +#endif | |
8843 | + | |
8844 | int page_fault_trace = 0; | |
8845 | int exception_trace = 1; | |
8846 | ||
8847 | @@ -453,6 +481,8 @@ asmlinkage void __kprobes do_page_fault( | |
8848 | good_area: | |
8849 | info.si_code = SEGV_ACCERR; | |
8850 | write = 0; | |
8851 | + if ((error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC)) | |
8852 | + goto bad_area; | |
8853 | switch (error_code & (PF_PROT|PF_WRITE)) { | |
8854 | default: /* 3: write, present */ | |
8855 | /* fall through */ | |
8856 | @@ -519,7 +549,14 @@ bad_area_nosemaphore: | |
8857 | tsk->comm, tsk->pid, address, regs->rip, | |
8858 | regs->rsp, error_code); | |
8859 | } | |
8860 | - | |
8861 | + | |
8862 | +#ifdef CONFIG_PAX_PAGEEXEC | |
8863 | + if (mm && (mm->pax_flags & MF_PAX_PAGEEXEC) && (error_code & 16)) { | |
8864 | + pax_report_fault(regs, (void*)regs->rip, (void*)regs->rsp); | |
8865 | + do_exit(SIGKILL); | |
8866 | + } | |
8867 | +#endif | |
8868 | + | |
8869 | tsk->thread.cr2 = address; | |
8870 | /* Kernel addresses are always protection faults */ | |
8871 | tsk->thread.error_code = error_code | (address >= TASK_SIZE); | |
8872 | diff -urNp linux-2.6.19.1/arch/x86_64/mm/mmap.c linux-2.6.19.1/arch/x86_64/mm/mmap.c | |
8873 | --- linux-2.6.19.1/arch/x86_64/mm/mmap.c 2006-11-29 16:57:37.000000000 -0500 | |
8874 | +++ linux-2.6.19.1/arch/x86_64/mm/mmap.c 2006-12-03 15:15:55.000000000 -0500 | |
8875 | @@ -23,6 +23,12 @@ void arch_pick_mmap_layout(struct mm_str | |
8876 | unsigned rnd = get_random_int() & 0xfffffff; | |
8877 | mm->mmap_base += ((unsigned long)rnd) << PAGE_SHIFT; | |
8878 | } | |
8879 | + | |
8880 | +#ifdef CONFIG_PAX_RANDMMAP | |
8881 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
8882 | + mm->mmap_base += mm->delta_mmap; | |
8883 | +#endif | |
8884 | + | |
8885 | mm->get_unmapped_area = arch_get_unmapped_area; | |
8886 | mm->unmap_area = arch_unmap_area; | |
8887 | } | |
8888 | diff -urNp linux-2.6.19.1/Documentation/dontdiff linux-2.6.19.1/Documentation/dontdiff | |
8889 | --- linux-2.6.19.1/Documentation/dontdiff 2006-11-29 16:57:37.000000000 -0500 | |
8890 | +++ linux-2.6.19.1/Documentation/dontdiff 2006-12-03 15:15:41.000000000 -0500 | |
8891 | @@ -55,7 +55,7 @@ aic7*seq.h* | |
8892 | aicasm | |
8893 | aicdb.h* | |
8894 | asm | |
8895 | -asm-offsets.* | |
8896 | +asm-offsets.h | |
8897 | asm_offsets.* | |
8898 | autoconf.h* | |
8899 | bbootsect | |
8900 | @@ -143,4 +143,5 @@ vmlinux.lds | |
8901 | vsyscall.lds | |
8902 | wanxlfw.inc | |
8903 | uImage | |
8904 | +utsrelease.h | |
8905 | zImage | |
8906 | diff -urNp linux-2.6.19.1/drivers/acpi/glue.c linux-2.6.19.1/drivers/acpi/glue.c | |
8907 | --- linux-2.6.19.1/drivers/acpi/glue.c 2006-11-29 16:57:37.000000000 -0500 | |
8908 | +++ linux-2.6.19.1/drivers/acpi/glue.c 2006-12-03 15:15:55.000000000 -0500 | |
8909 | @@ -16,7 +16,7 @@ | |
8910 | #if ACPI_GLUE_DEBUG | |
8911 | #define DBG(x...) printk(PREFIX x) | |
8912 | #else | |
8913 | -#define DBG(x...) | |
8914 | +#define DBG(x...) do {} while (0) | |
8915 | #endif | |
8916 | static LIST_HEAD(bus_type_list); | |
8917 | static DECLARE_RWSEM(bus_type_sem); | |
8918 | diff -urNp linux-2.6.19.1/drivers/acpi/processor_core.c linux-2.6.19.1/drivers/acpi/processor_core.c | |
8919 | --- linux-2.6.19.1/drivers/acpi/processor_core.c 2006-11-29 16:57:37.000000000 -0500 | |
8920 | +++ linux-2.6.19.1/drivers/acpi/processor_core.c 2006-12-03 15:15:55.000000000 -0500 | |
8921 | @@ -534,7 +534,7 @@ static int __cpuinit acpi_processor_star | |
8922 | return 0; | |
8923 | } | |
8924 | ||
8925 | - BUG_ON((pr->id >= NR_CPUS) || (pr->id < 0)); | |
8926 | + BUG_ON(pr->id >= NR_CPUS); | |
8927 | ||
8928 | /* | |
8929 | * Buggy BIOS check | |
8930 | diff -urNp linux-2.6.19.1/drivers/char/agp/frontend.c linux-2.6.19.1/drivers/char/agp/frontend.c | |
8931 | --- linux-2.6.19.1/drivers/char/agp/frontend.c 2006-11-29 16:57:37.000000000 -0500 | |
8932 | +++ linux-2.6.19.1/drivers/char/agp/frontend.c 2006-12-03 15:15:56.000000000 -0500 | |
8933 | @@ -818,7 +818,7 @@ static int agpioc_reserve_wrap(struct ag | |
8934 | if (copy_from_user(&reserve, arg, sizeof(struct agp_region))) | |
8935 | return -EFAULT; | |
8936 | ||
8937 | - if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment)) | |
8938 | + if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv)) | |
8939 | return -EFAULT; | |
8940 | ||
8941 | client = agp_find_client_by_pid(reserve.pid); | |
8942 | diff -urNp linux-2.6.19.1/drivers/char/keyboard.c linux-2.6.19.1/drivers/char/keyboard.c | |
8943 | --- linux-2.6.19.1/drivers/char/keyboard.c 2006-11-29 16:57:37.000000000 -0500 | |
8944 | +++ linux-2.6.19.1/drivers/char/keyboard.c 2006-12-03 15:15:56.000000000 -0500 | |
8945 | @@ -203,7 +203,7 @@ int setkeycode(unsigned int scancode, un | |
8946 | ||
8947 | if (scancode >= dev->keycodemax) | |
8948 | return -EINVAL; | |
8949 | - if (keycode < 0 || keycode > KEY_MAX) | |
8950 | + if (keycode > KEY_MAX) | |
8951 | return -EINVAL; | |
8952 | if (dev->keycodesize < sizeof(keycode) && (keycode >> (dev->keycodesize * 8))) | |
8953 | return -EINVAL; | |
8954 | @@ -628,6 +628,16 @@ static void k_spec(struct vc_data *vc, u | |
8955 | kbd->kbdmode == VC_MEDIUMRAW) && | |
8956 | value != KVAL(K_SAK)) | |
8957 | return; /* SAK is allowed even in raw mode */ | |
8958 | + | |
8959 | +#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP) | |
8960 | + { | |
8961 | + void *func = fn_handler[value]; | |
8962 | + if (func == fn_show_state || func == fn_show_ptregs || | |
8963 | + func == fn_show_mem) | |
8964 | + return; | |
8965 | + } | |
8966 | +#endif | |
8967 | + | |
8968 | fn_handler[value](vc); | |
8969 | } | |
8970 | ||
8971 | diff -urNp linux-2.6.19.1/drivers/char/mem.c linux-2.6.19.1/drivers/char/mem.c | |
8972 | --- linux-2.6.19.1/drivers/char/mem.c 2006-11-29 16:57:37.000000000 -0500 | |
8973 | +++ linux-2.6.19.1/drivers/char/mem.c 2006-12-03 15:25:55.000000000 -0500 | |
8974 | @@ -27,6 +27,7 @@ | |
8975 | #include <linux/bootmem.h> | |
8976 | #include <linux/pipe_fs_i.h> | |
8977 | #include <linux/pfn.h> | |
8978 | +#include <linux/grsecurity.h> | |
8979 | ||
8980 | #include <asm/uaccess.h> | |
8981 | #include <asm/io.h> | |
8982 | @@ -35,6 +36,10 @@ | |
8983 | # include <linux/efi.h> | |
8984 | #endif | |
8985 | ||
8986 | +#ifdef CONFIG_GRKERNSEC | |
8987 | +extern struct file_operations grsec_fops; | |
8988 | +#endif | |
8989 | + | |
8990 | /* | |
8991 | * Architectures vary in how they handle caching for addresses | |
8992 | * outside of main memory. | |
8993 | @@ -174,6 +179,11 @@ static ssize_t write_mem(struct file * f | |
8994 | if (!valid_phys_addr_range(p, count)) | |
8995 | return -EFAULT; | |
8996 | ||
8997 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
8998 | + gr_handle_mem_write(); | |
8999 | + return -EPERM; | |
9000 | +#endif | |
9001 | + | |
9002 | written = 0; | |
9003 | ||
9004 | #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED | |
9005 | @@ -275,6 +285,11 @@ static int mmap_mem(struct file * file, | |
9006 | if (!private_mapping_ok(vma)) | |
9007 | return -ENOSYS; | |
9008 | ||
9009 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
9010 | + if (gr_handle_mem_mmap(vma->vm_pgoff << PAGE_SHIFT, vma)) | |
9011 | + return -EPERM; | |
9012 | +#endif | |
9013 | + | |
9014 | vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff, | |
9015 | size, | |
9016 | vma->vm_page_prot); | |
9017 | @@ -506,6 +521,11 @@ static ssize_t write_kmem(struct file * | |
9018 | ssize_t written; | |
9019 | char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */ | |
9020 | ||
9021 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
9022 | + gr_handle_kmem_write(); | |
9023 | + return -EPERM; | |
9024 | +#endif | |
9025 | + | |
9026 | if (p < (unsigned long) high_memory) { | |
9027 | ||
9028 | wrote = count; | |
9029 | @@ -646,7 +666,23 @@ static inline size_t read_zero_pagealign | |
9030 | count = size; | |
9031 | ||
9032 | zap_page_range(vma, addr, count, NULL); | |
9033 | - zeromap_page_range(vma, addr, count, PAGE_COPY); | |
9034 | + zeromap_page_range(vma, addr, count, vma->vm_page_prot); | |
9035 | + | |
9036 | +#ifdef CONFIG_PAX_SEGMEXEC | |
9037 | + if (vma->vm_flags & VM_MIRROR) { | |
9038 | + unsigned long addr_m; | |
9039 | + struct vm_area_struct * vma_m; | |
9040 | + | |
9041 | + addr_m = vma->vm_start + vma->vm_mirror; | |
9042 | + vma_m = find_vma(mm, addr_m); | |
9043 | + if (vma_m && vma_m->vm_start == addr_m && (vma_m->vm_flags & VM_MIRROR)) { | |
9044 | + addr_m = addr + vma->vm_mirror; | |
9045 | + zap_page_range(vma_m, addr_m, count, NULL); | |
9046 | + } else | |
9047 | + printk(KERN_ERR "PAX: VMMIRROR: read_zero bug, %08lx, %08lx\n", | |
9048 | + addr, vma->vm_start); | |
9049 | + } | |
9050 | +#endif | |
9051 | ||
9052 | size -= count; | |
9053 | buf += count; | |
9054 | @@ -795,6 +831,16 @@ static loff_t memory_lseek(struct file * | |
9055 | ||
9056 | static int open_port(struct inode * inode, struct file * filp) | |
9057 | { | |
9058 | +#ifdef CONFIG_GRKERNSEC_KMEM | |
9059 | + gr_handle_open_port(); | |
9060 | + return -EPERM; | |
9061 | +#endif | |
9062 | + | |
9063 | + return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; | |
9064 | +} | |
9065 | + | |
9066 | +static int open_mem(struct inode * inode, struct file * filp) | |
9067 | +{ | |
9068 | return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; | |
9069 | } | |
9070 | ||
9071 | @@ -802,7 +848,6 @@ static int open_port(struct inode * inod | |
9072 | #define full_lseek null_lseek | |
9073 | #define write_zero write_null | |
9074 | #define read_full read_zero | |
9075 | -#define open_mem open_port | |
9076 | #define open_kmem open_mem | |
9077 | #define open_oldmem open_mem | |
9078 | ||
9079 | @@ -935,6 +980,11 @@ static int memory_open(struct inode * in | |
9080 | filp->f_op = &oldmem_fops; | |
9081 | break; | |
9082 | #endif | |
9083 | +#ifdef CONFIG_GRKERNSEC | |
9084 | + case 13: | |
9085 | + filp->f_op = &grsec_fops; | |
9086 | + break; | |
9087 | +#endif | |
9088 | default: | |
9089 | return -ENXIO; | |
9090 | } | |
9091 | @@ -967,6 +1017,9 @@ static const struct { | |
9092 | #ifdef CONFIG_CRASH_DUMP | |
9093 | {12,"oldmem", S_IRUSR | S_IWUSR | S_IRGRP, &oldmem_fops}, | |
9094 | #endif | |
9095 | +#ifdef CONFIG_GRKERNSEC | |
9096 | + {13,"grsec", S_IRUSR | S_IWUGO, &grsec_fops}, | |
9097 | +#endif | |
9098 | }; | |
9099 | ||
9100 | static struct class *mem_class; | |
9101 | diff -urNp linux-2.6.19.1/drivers/char/random.c linux-2.6.19.1/drivers/char/random.c | |
9102 | --- linux-2.6.19.1/drivers/char/random.c 2006-11-29 16:57:37.000000000 -0500 | |
9103 | +++ linux-2.6.19.1/drivers/char/random.c 2006-12-03 15:15:56.000000000 -0500 | |
9104 | @@ -248,8 +248,13 @@ | |
9105 | /* | |
9106 | * Configuration information | |
9107 | */ | |
9108 | +#ifdef CONFIG_GRKERNSEC_RANDNET | |
9109 | +#define INPUT_POOL_WORDS 512 | |
9110 | +#define OUTPUT_POOL_WORDS 128 | |
9111 | +#else | |
9112 | #define INPUT_POOL_WORDS 128 | |
9113 | #define OUTPUT_POOL_WORDS 32 | |
9114 | +#endif | |
9115 | #define SEC_XFER_SIZE 512 | |
9116 | ||
9117 | /* | |
9118 | @@ -286,10 +291,17 @@ static struct poolinfo { | |
9119 | int poolwords; | |
9120 | int tap1, tap2, tap3, tap4, tap5; | |
9121 | } poolinfo_table[] = { | |
9122 | +#ifdef CONFIG_GRKERNSEC_RANDNET | |
9123 | + /* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */ | |
9124 | + { 512, 411, 308, 208, 104, 1 }, | |
9125 | + /* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */ | |
9126 | + { 128, 103, 76, 51, 25, 1 }, | |
9127 | +#else | |
9128 | /* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */ | |
9129 | { 128, 103, 76, 51, 25, 1 }, | |
9130 | /* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */ | |
9131 | { 32, 26, 20, 14, 7, 1 }, | |
9132 | +#endif | |
9133 | #if 0 | |
9134 | /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ | |
9135 | { 2048, 1638, 1231, 819, 411, 1 }, | |
9136 | @@ -1662,3 +1674,25 @@ randomize_range(unsigned long start, uns | |
9137 | return 0; | |
9138 | return PAGE_ALIGN(get_random_int() % range + start); | |
9139 | } | |
9140 | + | |
9141 | +#if defined(CONFIG_PAX_ASLR) || defined(CONFIG_GRKERNSEC) | |
9142 | +unsigned long pax_get_random_long(void) | |
9143 | +{ | |
9144 | + static time_t rekey_time; | |
9145 | + static __u32 secret[12]; | |
9146 | + time_t t; | |
9147 | + | |
9148 | + /* | |
9149 | + * Pick a random secret every REKEY_INTERVAL seconds. | |
9150 | + */ | |
9151 | + t = get_seconds(); | |
9152 | + if (!rekey_time || (t - rekey_time) > REKEY_INTERVAL) { | |
9153 | + rekey_time = t; | |
9154 | + get_random_bytes(secret, sizeof(secret)); | |
9155 | + } | |
9156 | + | |
9157 | + secret[1] = half_md4_transform(secret+8, secret); | |
9158 | + secret[0] = half_md4_transform(secret+8, secret); | |
9159 | + return *(unsigned long *)secret; | |
9160 | +} | |
9161 | +#endif | |
9162 | diff -urNp linux-2.6.19.1/drivers/char/vt_ioctl.c linux-2.6.19.1/drivers/char/vt_ioctl.c | |
9163 | --- linux-2.6.19.1/drivers/char/vt_ioctl.c 2006-11-29 16:57:37.000000000 -0500 | |
9164 | +++ linux-2.6.19.1/drivers/char/vt_ioctl.c 2006-12-03 15:15:57.000000000 -0500 | |
9165 | @@ -95,6 +95,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __ | |
9166 | case KDSKBENT: | |
9167 | if (!perm) | |
9168 | return -EPERM; | |
9169 | + | |
9170 | +#ifdef CONFIG_GRKERNSEC | |
9171 | + if (!capable(CAP_SYS_TTY_CONFIG)) | |
9172 | + return -EPERM; | |
9173 | +#endif | |
9174 | + | |
9175 | if (!i && v == K_NOSUCHMAP) { | |
9176 | /* deallocate map */ | |
9177 | key_map = key_maps[s]; | |
9178 | @@ -235,6 +241,13 @@ do_kdgkb_ioctl(int cmd, struct kbsentry | |
9179 | goto reterr; | |
9180 | } | |
9181 | ||
9182 | +#ifdef CONFIG_GRKERNSEC | |
9183 | + if (!capable(CAP_SYS_TTY_CONFIG)) { | |
9184 | + ret = -EPERM; | |
9185 | + goto reterr; | |
9186 | + } | |
9187 | +#endif | |
9188 | + | |
9189 | q = func_table[i]; | |
9190 | first_free = funcbufptr + (funcbufsize - funcbufleft); | |
9191 | for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) | |
9192 | diff -urNp linux-2.6.19.1/drivers/edac/edac_mc.h linux-2.6.19.1/drivers/edac/edac_mc.h | |
9193 | --- linux-2.6.19.1/drivers/edac/edac_mc.h 2006-11-29 16:57:37.000000000 -0500 | |
9194 | +++ linux-2.6.19.1/drivers/edac/edac_mc.h 2006-12-03 15:15:57.000000000 -0500 | |
9195 | @@ -71,11 +71,11 @@ extern int edac_debug_level; | |
9196 | ||
9197 | #else /* !CONFIG_EDAC_DEBUG */ | |
9198 | ||
9199 | -#define debugf0( ... ) | |
9200 | -#define debugf1( ... ) | |
9201 | -#define debugf2( ... ) | |
9202 | -#define debugf3( ... ) | |
9203 | -#define debugf4( ... ) | |
9204 | +#define debugf0( ... ) do {} while (0) | |
9205 | +#define debugf1( ... ) do {} while (0) | |
9206 | +#define debugf2( ... ) do {} while (0) | |
9207 | +#define debugf3( ... ) do {} while (0) | |
9208 | +#define debugf4( ... ) do {} while (0) | |
9209 | ||
9210 | #endif /* !CONFIG_EDAC_DEBUG */ | |
9211 | ||
9212 | diff -urNp linux-2.6.19.1/drivers/hwmon/fscpos.c linux-2.6.19.1/drivers/hwmon/fscpos.c | |
9213 | --- linux-2.6.19.1/drivers/hwmon/fscpos.c 2006-11-29 16:57:37.000000000 -0500 | |
9214 | +++ linux-2.6.19.1/drivers/hwmon/fscpos.c 2006-12-03 15:15:59.000000000 -0500 | |
9215 | @@ -231,7 +231,6 @@ static ssize_t set_pwm(struct i2c_client | |
9216 | unsigned long v = simple_strtoul(buf, NULL, 10); | |
9217 | ||
9218 | /* Range: 0..255 */ | |
9219 | - if (v < 0) v = 0; | |
9220 | if (v > 255) v = 255; | |
9221 | ||
9222 | mutex_lock(&data->update_lock); | |
9223 | diff -urNp linux-2.6.19.1/drivers/hwmon/w83791d.c linux-2.6.19.1/drivers/hwmon/w83791d.c | |
9224 | --- linux-2.6.19.1/drivers/hwmon/w83791d.c 2006-11-29 16:57:37.000000000 -0500 | |
9225 | +++ linux-2.6.19.1/drivers/hwmon/w83791d.c 2006-12-03 15:15:59.000000000 -0500 | |
9226 | @@ -289,8 +289,8 @@ static int w83791d_attach_adapter(struct | |
9227 | static int w83791d_detect(struct i2c_adapter *adapter, int address, int kind); | |
9228 | static int w83791d_detach_client(struct i2c_client *client); | |
9229 | ||
9230 | -static int w83791d_read(struct i2c_client *client, u8 register); | |
9231 | -static int w83791d_write(struct i2c_client *client, u8 register, u8 value); | |
9232 | +static int w83791d_read(struct i2c_client *client, u8 reg); | |
9233 | +static int w83791d_write(struct i2c_client *client, u8 reg, u8 value); | |
9234 | static struct w83791d_data *w83791d_update_device(struct device *dev); | |
9235 | ||
9236 | #ifdef DEBUG | |
9237 | diff -urNp linux-2.6.19.1/drivers/ide/ide-cd.c linux-2.6.19.1/drivers/ide/ide-cd.c | |
9238 | --- linux-2.6.19.1/drivers/ide/ide-cd.c 2006-11-29 16:57:37.000000000 -0500 | |
9239 | +++ linux-2.6.19.1/drivers/ide/ide-cd.c 2006-12-03 15:15:59.000000000 -0500 | |
9240 | @@ -457,8 +457,6 @@ void cdrom_analyze_sense_data(ide_drive_ | |
9241 | sector &= ~(bio_sectors -1); | |
9242 | valid = (sector - failed_command->sector) << 9; | |
9243 | ||
9244 | - if (valid < 0) | |
9245 | - valid = 0; | |
9246 | if (sector < get_capacity(info->disk) && | |
9247 | drive->probed_capacity - sector < 4 * 75) { | |
9248 | set_capacity(info->disk, sector); | |
9249 | diff -urNp linux-2.6.19.1/drivers/ieee1394/dv1394.c linux-2.6.19.1/drivers/ieee1394/dv1394.c | |
9250 | --- linux-2.6.19.1/drivers/ieee1394/dv1394.c 2006-11-29 16:57:37.000000000 -0500 | |
9251 | +++ linux-2.6.19.1/drivers/ieee1394/dv1394.c 2006-12-03 15:15:59.000000000 -0500 | |
9252 | @@ -919,7 +919,7 @@ static int do_dv1394_init(struct video_c | |
9253 | /* default SYT offset is 3 cycles */ | |
9254 | init->syt_offset = 3; | |
9255 | ||
9256 | - if ( (init->channel > 63) || (init->channel < 0) ) | |
9257 | + if (init->channel > 63) | |
9258 | init->channel = 63; | |
9259 | ||
9260 | chan_mask = (u64)1 << init->channel; | |
9261 | diff -urNp linux-2.6.19.1/drivers/ieee1394/hosts.c linux-2.6.19.1/drivers/ieee1394/hosts.c | |
9262 | --- linux-2.6.19.1/drivers/ieee1394/hosts.c 2006-11-29 16:57:37.000000000 -0500 | |
9263 | +++ linux-2.6.19.1/drivers/ieee1394/hosts.c 2006-12-03 15:15:59.000000000 -0500 | |
9264 | @@ -75,6 +75,7 @@ static int dummy_isoctl(struct hpsb_iso | |
9265 | } | |
9266 | ||
9267 | static struct hpsb_host_driver dummy_driver = { | |
9268 | + .name = "dummy", | |
9269 | .transmit_packet = dummy_transmit_packet, | |
9270 | .devctl = dummy_devctl, | |
9271 | .isoctl = dummy_isoctl | |
9272 | diff -urNp linux-2.6.19.1/drivers/ieee1394/ohci1394.c linux-2.6.19.1/drivers/ieee1394/ohci1394.c | |
9273 | --- linux-2.6.19.1/drivers/ieee1394/ohci1394.c 2006-11-29 16:57:37.000000000 -0500 | |
9274 | +++ linux-2.6.19.1/drivers/ieee1394/ohci1394.c 2006-12-03 15:15:59.000000000 -0500 | |
9275 | @@ -161,9 +161,9 @@ printk(level "%s: " fmt "\n" , OHCI1394_ | |
9276 | printk(level "%s: fw-host%d: " fmt "\n" , OHCI1394_DRIVER_NAME, ohci->host->id , ## args) | |
9277 | ||
9278 | /* Module Parameters */ | |
9279 | -static int phys_dma = 1; | |
9280 | +static int phys_dma = 0; | |
9281 | module_param(phys_dma, int, 0444); | |
9282 | -MODULE_PARM_DESC(phys_dma, "Enable physical dma (default = 1)."); | |
9283 | +MODULE_PARM_DESC(phys_dma, "Enable physical dma (default = 0)."); | |
9284 | ||
9285 | static void dma_trm_tasklet(unsigned long data); | |
9286 | static void dma_trm_reset(struct dma_trm_ctx *d); | |
9287 | diff -urNp linux-2.6.19.1/drivers/ieee1394/sbp2.c linux-2.6.19.1/drivers/ieee1394/sbp2.c | |
9288 | --- linux-2.6.19.1/drivers/ieee1394/sbp2.c 2006-11-29 16:57:37.000000000 -0500 | |
9289 | +++ linux-2.6.19.1/drivers/ieee1394/sbp2.c 2006-12-10 21:43:36.000000000 -0500 | |
9290 | @@ -2664,7 +2664,7 @@ static struct scsi_host_template scsi_dr | |
9291 | .sdev_attrs = sbp2_sysfs_sdev_attrs, | |
9292 | }; | |
9293 | ||
9294 | -static int sbp2_module_init(void) | |
9295 | +static int __init sbp2_module_init(void) | |
9296 | { | |
9297 | int ret; | |
9298 | ||
9299 | diff -urNp linux-2.6.19.1/drivers/ieee1394/video1394.c linux-2.6.19.1/drivers/ieee1394/video1394.c | |
9300 | --- linux-2.6.19.1/drivers/ieee1394/video1394.c 2006-11-29 16:57:37.000000000 -0500 | |
9301 | +++ linux-2.6.19.1/drivers/ieee1394/video1394.c 2006-12-03 15:15:59.000000000 -0500 | |
9302 | @@ -890,7 +890,7 @@ static int __video1394_ioctl(struct file | |
9303 | d = find_ctx(&ctx->context_list, OHCI_ISO_RECEIVE, v.channel); | |
9304 | if (d == NULL) return -EFAULT; | |
9305 | ||
9306 | - if ((v.buffer<0) || (v.buffer>=d->num_desc - 1)) { | |
9307 | + if (v.buffer>=d->num_desc - 1) { | |
9308 | PRINT(KERN_ERR, ohci->host->id, | |
9309 | "Buffer %d out of range",v.buffer); | |
9310 | return -EINVAL; | |
9311 | @@ -955,7 +955,7 @@ static int __video1394_ioctl(struct file | |
9312 | d = find_ctx(&ctx->context_list, OHCI_ISO_RECEIVE, v.channel); | |
9313 | if (d == NULL) return -EFAULT; | |
9314 | ||
9315 | - if ((v.buffer<0) || (v.buffer>d->num_desc - 1)) { | |
9316 | + if (v.buffer>d->num_desc - 1) { | |
9317 | PRINT(KERN_ERR, ohci->host->id, | |
9318 | "Buffer %d out of range",v.buffer); | |
9319 | return -EINVAL; | |
9320 | @@ -1026,7 +1026,7 @@ static int __video1394_ioctl(struct file | |
9321 | d = find_ctx(&ctx->context_list, OHCI_ISO_TRANSMIT, v.channel); | |
9322 | if (d == NULL) return -EFAULT; | |
9323 | ||
9324 | - if ((v.buffer<0) || (v.buffer>=d->num_desc - 1)) { | |
9325 | + if (v.buffer>=d->num_desc - 1) { | |
9326 | PRINT(KERN_ERR, ohci->host->id, | |
9327 | "Buffer %d out of range",v.buffer); | |
9328 | return -EINVAL; | |
9329 | @@ -1128,7 +1128,7 @@ static int __video1394_ioctl(struct file | |
9330 | d = find_ctx(&ctx->context_list, OHCI_ISO_TRANSMIT, v.channel); | |
9331 | if (d == NULL) return -EFAULT; | |
9332 | ||
9333 | - if ((v.buffer<0) || (v.buffer>=d->num_desc-1)) { | |
9334 | + if (v.buffer>=d->num_desc-1) { | |
9335 | PRINT(KERN_ERR, ohci->host->id, | |
9336 | "Buffer %d out of range",v.buffer); | |
9337 | return -EINVAL; | |
9338 | diff -urNp linux-2.6.19.1/drivers/md/bitmap.c linux-2.6.19.1/drivers/md/bitmap.c | |
9339 | --- linux-2.6.19.1/drivers/md/bitmap.c 2006-11-29 16:57:37.000000000 -0500 | |
9340 | +++ linux-2.6.19.1/drivers/md/bitmap.c 2006-12-03 15:16:00.000000000 -0500 | |
9341 | @@ -57,7 +57,7 @@ | |
9342 | # if DEBUG > 0 | |
9343 | # define PRINTK(x...) printk(KERN_DEBUG x) | |
9344 | # else | |
9345 | -# define PRINTK(x...) | |
9346 | +# define PRINTK(x...) do {} while (0) | |
9347 | # endif | |
9348 | #endif | |
9349 | ||
9350 | diff -urNp linux-2.6.19.1/drivers/mtd/devices/doc2001.c linux-2.6.19.1/drivers/mtd/devices/doc2001.c | |
9351 | --- linux-2.6.19.1/drivers/mtd/devices/doc2001.c 2006-11-29 16:57:37.000000000 -0500 | |
9352 | +++ linux-2.6.19.1/drivers/mtd/devices/doc2001.c 2006-12-03 15:16:01.000000000 -0500 | |
9353 | @@ -401,6 +401,8 @@ static int doc_read (struct mtd_info *mt | |
9354 | /* Don't allow read past end of device */ | |
9355 | if (from >= this->totlen) | |
9356 | return -EINVAL; | |
9357 | + if (!len) | |
9358 | + return -EINVAL; | |
9359 | ||
9360 | /* Don't allow a single read to cross a 512-byte block boundary */ | |
9361 | if (from + len > ((from | 0x1ff) + 1)) | |
9362 | diff -urNp linux-2.6.19.1/drivers/net/eepro100.c linux-2.6.19.1/drivers/net/eepro100.c | |
9363 | --- linux-2.6.19.1/drivers/net/eepro100.c 2006-11-29 16:57:37.000000000 -0500 | |
9364 | +++ linux-2.6.19.1/drivers/net/eepro100.c 2006-12-03 15:16:04.000000000 -0500 | |
9365 | @@ -47,7 +47,7 @@ static int rxdmacount /* = 0 */; | |
9366 | # define rx_align(skb) skb_reserve((skb), 2) | |
9367 | # define RxFD_ALIGNMENT __attribute__ ((aligned (2), packed)) | |
9368 | #else | |
9369 | -# define rx_align(skb) | |
9370 | +# define rx_align(skb) do {} while (0) | |
9371 | # define RxFD_ALIGNMENT | |
9372 | #endif | |
9373 | ||
9374 | diff -urNp linux-2.6.19.1/drivers/net/pcnet32.c linux-2.6.19.1/drivers/net/pcnet32.c | |
9375 | --- linux-2.6.19.1/drivers/net/pcnet32.c 2006-11-29 16:57:37.000000000 -0500 | |
9376 | +++ linux-2.6.19.1/drivers/net/pcnet32.c 2006-12-03 15:16:05.000000000 -0500 | |
9377 | @@ -82,7 +82,7 @@ static int cards_found; | |
9378 | /* | |
9379 | * VLB I/O addresses | |
9380 | */ | |
9381 | -static unsigned int pcnet32_portlist[] __initdata = | |
9382 | +static unsigned int pcnet32_portlist[] __devinitdata = | |
9383 | { 0x300, 0x320, 0x340, 0x360, 0 }; | |
9384 | ||
9385 | static int pcnet32_debug = 0; | |
9386 | diff -urNp linux-2.6.19.1/drivers/pci/proc.c linux-2.6.19.1/drivers/pci/proc.c | |
9387 | --- linux-2.6.19.1/drivers/pci/proc.c 2006-11-29 16:57:37.000000000 -0500 | |
9388 | +++ linux-2.6.19.1/drivers/pci/proc.c 2006-12-03 15:16:06.000000000 -0500 | |
9389 | @@ -467,7 +467,15 @@ static int __init pci_proc_init(void) | |
9390 | { | |
9391 | struct proc_dir_entry *entry; | |
9392 | struct pci_dev *dev = NULL; | |
9393 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
9394 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
9395 | + proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR, proc_bus); | |
9396 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
9397 | + proc_bus_pci_dir = proc_mkdir_mode("pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, proc_bus); | |
9398 | +#endif | |
9399 | +#else | |
9400 | proc_bus_pci_dir = proc_mkdir("pci", proc_bus); | |
9401 | +#endif | |
9402 | entry = create_proc_entry("devices", 0, proc_bus_pci_dir); | |
9403 | if (entry) | |
9404 | entry->proc_fops = &proc_bus_pci_dev_operations; | |
9405 | diff -urNp linux-2.6.19.1/drivers/pnp/pnpbios/bioscalls.c linux-2.6.19.1/drivers/pnp/pnpbios/bioscalls.c | |
9406 | --- linux-2.6.19.1/drivers/pnp/pnpbios/bioscalls.c 2006-11-29 16:57:37.000000000 -0500 | |
9407 | +++ linux-2.6.19.1/drivers/pnp/pnpbios/bioscalls.c 2006-12-03 15:16:06.000000000 -0500 | |
9408 | @@ -65,7 +65,7 @@ set_base(gdt[(selname) >> 3], (u32)(addr | |
9409 | set_limit(gdt[(selname) >> 3], size); \ | |
9410 | } while(0) | |
9411 | ||
9412 | -static struct desc_struct bad_bios_desc = { 0, 0x00409200 }; | |
9413 | +static struct desc_struct bad_bios_desc = { 0, 0x00409300 }; | |
9414 | ||
9415 | /* | |
9416 | * At some point we want to use this stack frame pointer to unwind | |
9417 | @@ -93,6 +93,10 @@ static inline u16 call_pnp_bios(u16 func | |
9418 | struct desc_struct save_desc_40; | |
9419 | int cpu; | |
9420 | ||
9421 | +#ifdef CONFIG_PAX_KERNEXEC | |
9422 | + unsigned long cr0; | |
9423 | +#endif | |
9424 | + | |
9425 | /* | |
9426 | * PnP BIOSes are generally not terribly re-entrant. | |
9427 | * Also, don't rely on them to save everything correctly. | |
9428 | @@ -107,6 +111,10 @@ static inline u16 call_pnp_bios(u16 func | |
9429 | /* On some boxes IRQ's during PnP BIOS calls are deadly. */ | |
9430 | spin_lock_irqsave(&pnp_bios_lock, flags); | |
9431 | ||
9432 | +#ifdef CONFIG_PAX_KERNEXEC | |
9433 | + pax_open_kernel(cr0); | |
9434 | +#endif | |
9435 | + | |
9436 | /* The lock prevents us bouncing CPU here */ | |
9437 | if (ts1_size) | |
9438 | Q2_SET_SEL(smp_processor_id(), PNP_TS1, ts1_base, ts1_size); | |
9439 | @@ -142,9 +150,14 @@ static inline u16 call_pnp_bios(u16 func | |
9440 | "i" (0) | |
9441 | : "memory" | |
9442 | ); | |
9443 | - spin_unlock_irqrestore(&pnp_bios_lock, flags); | |
9444 | ||
9445 | get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40; | |
9446 | + | |
9447 | +#ifdef CONFIG_PAX_KERNEXEC | |
9448 | + pax_close_kernel(cr0); | |
9449 | +#endif | |
9450 | + | |
9451 | + spin_unlock_irqrestore(&pnp_bios_lock, flags); | |
9452 | put_cpu(); | |
9453 | ||
9454 | /* If we get here and this is set then the PnP BIOS faulted on us. */ | |
9455 | diff -urNp linux-2.6.19.1/drivers/pnp/resource.c linux-2.6.19.1/drivers/pnp/resource.c | |
9456 | --- linux-2.6.19.1/drivers/pnp/resource.c 2006-11-29 16:57:37.000000000 -0500 | |
9457 | +++ linux-2.6.19.1/drivers/pnp/resource.c 2006-12-03 15:16:06.000000000 -0500 | |
9458 | @@ -364,7 +364,7 @@ int pnp_check_irq(struct pnp_dev * dev, | |
9459 | return 1; | |
9460 | ||
9461 | /* check if the resource is valid */ | |
9462 | - if (*irq < 0 || *irq > 15) | |
9463 | + if (*irq > 15) | |
9464 | return 0; | |
9465 | ||
9466 | /* check if the resource is reserved */ | |
9467 | @@ -430,7 +430,7 @@ int pnp_check_dma(struct pnp_dev * dev, | |
9468 | return 1; | |
9469 | ||
9470 | /* check if the resource is valid */ | |
9471 | - if (*dma < 0 || *dma == 4 || *dma > 7) | |
9472 | + if (*dma == 4 || *dma > 7) | |
9473 | return 0; | |
9474 | ||
9475 | /* check if the resource is reserved */ | |
9476 | diff -urNp linux-2.6.19.1/drivers/scsi/scsi_logging.h linux-2.6.19.1/drivers/scsi/scsi_logging.h | |
9477 | --- linux-2.6.19.1/drivers/scsi/scsi_logging.h 2006-11-29 16:57:37.000000000 -0500 | |
9478 | +++ linux-2.6.19.1/drivers/scsi/scsi_logging.h 2006-12-03 15:16:10.000000000 -0500 | |
9479 | @@ -51,7 +51,7 @@ do { \ | |
9480 | } while (0); \ | |
9481 | } while (0) | |
9482 | #else | |
9483 | -#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) | |
9484 | +#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) do {} while (0) | |
9485 | #endif /* CONFIG_SCSI_LOGGING */ | |
9486 | ||
9487 | /* | |
9488 | diff -urNp linux-2.6.19.1/drivers/usb/storage/debug.h linux-2.6.19.1/drivers/usb/storage/debug.h | |
9489 | --- linux-2.6.19.1/drivers/usb/storage/debug.h 2006-11-29 16:57:37.000000000 -0500 | |
9490 | +++ linux-2.6.19.1/drivers/usb/storage/debug.h 2006-12-03 15:16:11.000000000 -0500 | |
9491 | @@ -56,9 +56,9 @@ void usb_stor_show_sense( unsigned char | |
9492 | #define US_DEBUGPX(x...) printk( x ) | |
9493 | #define US_DEBUG(x) x | |
9494 | #else | |
9495 | -#define US_DEBUGP(x...) | |
9496 | -#define US_DEBUGPX(x...) | |
9497 | -#define US_DEBUG(x) | |
9498 | +#define US_DEBUGP(x...) do {} while (0) | |
9499 | +#define US_DEBUGPX(x...) do {} while (0) | |
9500 | +#define US_DEBUG(x) do {} while (0) | |
9501 | #endif | |
9502 | ||
9503 | #endif | |
9504 | diff -urNp linux-2.6.19.1/drivers/video/fbcmap.c linux-2.6.19.1/drivers/video/fbcmap.c | |
9505 | --- linux-2.6.19.1/drivers/video/fbcmap.c 2006-11-29 16:57:37.000000000 -0500 | |
9506 | +++ linux-2.6.19.1/drivers/video/fbcmap.c 2006-12-03 15:16:11.000000000 -0500 | |
9507 | @@ -250,8 +250,7 @@ int fb_set_user_cmap(struct fb_cmap_user | |
9508 | int rc, size = cmap->len * sizeof(u16); | |
9509 | struct fb_cmap umap; | |
9510 | ||
9511 | - if (cmap->start < 0 || (!info->fbops->fb_setcolreg && | |
9512 | - !info->fbops->fb_setcmap)) | |
9513 | + if (!info->fbops->fb_setcolreg && !info->fbops->fb_setcmap) | |
9514 | return -EINVAL; | |
9515 | ||
9516 | memset(&umap, 0, sizeof(struct fb_cmap)); | |
9517 | diff -urNp linux-2.6.19.1/drivers/video/fbmem.c linux-2.6.19.1/drivers/video/fbmem.c | |
9518 | --- linux-2.6.19.1/drivers/video/fbmem.c 2006-11-29 16:57:37.000000000 -0500 | |
9519 | +++ linux-2.6.19.1/drivers/video/fbmem.c 2006-12-03 15:16:11.000000000 -0500 | |
9520 | @@ -936,9 +936,9 @@ fb_ioctl(struct inode *inode, struct fil | |
9521 | case FBIOPUT_CON2FBMAP: | |
9522 | if (copy_from_user(&con2fb, argp, sizeof(con2fb))) | |
9523 | return - EFAULT; | |
9524 | - if (con2fb.console < 0 || con2fb.console > MAX_NR_CONSOLES) | |
9525 | + if (con2fb.console > MAX_NR_CONSOLES) | |
9526 | return -EINVAL; | |
9527 | - if (con2fb.framebuffer < 0 || con2fb.framebuffer >= FB_MAX) | |
9528 | + if (con2fb.framebuffer >= FB_MAX) | |
9529 | return -EINVAL; | |
9530 | #ifdef CONFIG_KMOD | |
9531 | if (!registered_fb[con2fb.framebuffer]) | |
9532 | diff -urNp linux-2.6.19.1/drivers/video/fbmon.c linux-2.6.19.1/drivers/video/fbmon.c | |
9533 | --- linux-2.6.19.1/drivers/video/fbmon.c 2006-11-29 16:57:37.000000000 -0500 | |
9534 | +++ linux-2.6.19.1/drivers/video/fbmon.c 2006-12-03 15:16:11.000000000 -0500 | |
9535 | @@ -45,7 +45,7 @@ | |
9536 | #ifdef DEBUG | |
9537 | #define DPRINTK(fmt, args...) printk(fmt,## args) | |
9538 | #else | |
9539 | -#define DPRINTK(fmt, args...) | |
9540 | +#define DPRINTK(fmt, args...) do {} while (0) | |
9541 | #endif | |
9542 | ||
9543 | #define FBMON_FIX_HEADER 1 | |
9544 | diff -urNp linux-2.6.19.1/drivers/video/i810/i810_accel.c linux-2.6.19.1/drivers/video/i810/i810_accel.c | |
9545 | --- linux-2.6.19.1/drivers/video/i810/i810_accel.c 2006-11-29 16:57:37.000000000 -0500 | |
9546 | +++ linux-2.6.19.1/drivers/video/i810/i810_accel.c 2006-12-03 15:16:11.000000000 -0500 | |
9547 | @@ -73,6 +73,7 @@ static inline int wait_for_space(struct | |
9548 | } | |
9549 | } | |
9550 | printk("ringbuffer lockup!!!\n"); | |
9551 | + printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space); | |
9552 | i810_report_error(mmio); | |
9553 | par->dev_flags |= LOCKUP; | |
9554 | info->pixmap.scan_align = 1; | |
9555 | diff -urNp linux-2.6.19.1/drivers/video/i810/i810_main.c linux-2.6.19.1/drivers/video/i810/i810_main.c | |
9556 | --- linux-2.6.19.1/drivers/video/i810/i810_main.c 2006-11-29 16:57:37.000000000 -0500 | |
9557 | +++ linux-2.6.19.1/drivers/video/i810/i810_main.c 2006-12-03 15:16:11.000000000 -0500 | |
9558 | @@ -1506,7 +1506,7 @@ static int i810fb_cursor(struct fb_info | |
9559 | int size = ((cursor->image.width + 7) >> 3) * | |
9560 | cursor->image.height; | |
9561 | int i; | |
9562 | - u8 *data = kmalloc(64 * 8, GFP_ATOMIC); | |
9563 | + u8 *data = kmalloc(64 * 8, GFP_KERNEL); | |
9564 | ||
9565 | if (data == NULL) | |
9566 | return -ENOMEM; | |
9567 | diff -urNp linux-2.6.19.1/drivers/video/vesafb.c linux-2.6.19.1/drivers/video/vesafb.c | |
9568 | --- linux-2.6.19.1/drivers/video/vesafb.c 2006-11-29 16:57:37.000000000 -0500 | |
9569 | +++ linux-2.6.19.1/drivers/video/vesafb.c 2006-12-03 15:16:12.000000000 -0500 | |
9570 | @@ -267,7 +267,7 @@ static int __init vesafb_probe(struct pl | |
9571 | size_remap = size_total; | |
9572 | vesafb_fix.smem_len = size_remap; | |
9573 | ||
9574 | -#ifndef __i386__ | |
9575 | +#if !defined(__i386__) || defined(CONFIG_PAX_KERNEXEC) | |
9576 | screen_info.vesapm_seg = 0; | |
9577 | #endif | |
9578 | ||
9579 | diff -urNp linux-2.6.19.1/fs/binfmt_aout.c linux-2.6.19.1/fs/binfmt_aout.c | |
9580 | --- linux-2.6.19.1/fs/binfmt_aout.c 2006-11-29 16:57:37.000000000 -0500 | |
9581 | +++ linux-2.6.19.1/fs/binfmt_aout.c 2006-12-03 15:16:12.000000000 -0500 | |
9582 | @@ -24,6 +24,7 @@ | |
c3e8c1b5 | 9583 | #include <linux/personality.h> |
9584 | #include <linux/init.h> | |
b6fa5d20 | 9585 | #include <linux/vs_memory.h> |
c3e8c1b5 | 9586 | +#include <linux/grsecurity.h> |
9587 | ||
9588 | #include <asm/system.h> | |
9589 | #include <asm/uaccess.h> | |
9590 | @@ -123,10 +124,12 @@ static int aout_core_dump(long signr, st | |
9591 | /* If the size of the dump file exceeds the rlimit, then see what would happen | |
9592 | if we wrote the stack, but not the data area. */ | |
9593 | #ifdef __sparc__ | |
9594 | + gr_learn_resource(current, RLIMIT_CORE, dump.u_dsize+dump.u_ssize, 1); | |
9595 | if ((dump.u_dsize+dump.u_ssize) > | |
9596 | current->signal->rlim[RLIMIT_CORE].rlim_cur) | |
9597 | dump.u_dsize = 0; | |
9598 | #else | |
9599 | + gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE, 1); | |
9600 | if ((dump.u_dsize+dump.u_ssize+1) * PAGE_SIZE > | |
9601 | current->signal->rlim[RLIMIT_CORE].rlim_cur) | |
9602 | dump.u_dsize = 0; | |
9603 | @@ -134,10 +137,12 @@ static int aout_core_dump(long signr, st | |
9604 | ||
9605 | /* Make sure we have enough room to write the stack and data areas. */ | |
9606 | #ifdef __sparc__ | |
9607 | + gr_learn_resource(current, RLIMIT_CORE, dump.u_ssize, 1); | |
9608 | if ((dump.u_ssize) > | |
9609 | current->signal->rlim[RLIMIT_CORE].rlim_cur) | |
9610 | dump.u_ssize = 0; | |
9611 | #else | |
9612 | + gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize+1) * PAGE_SIZE, 1); | |
9613 | if ((dump.u_ssize+1) * PAGE_SIZE > | |
9614 | current->signal->rlim[RLIMIT_CORE].rlim_cur) | |
9615 | dump.u_ssize = 0; | |
9616 | @@ -294,6 +299,8 @@ static int load_aout_binary(struct linux | |
9617 | rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; | |
9618 | if (rlim >= RLIM_INFINITY) | |
9619 | rlim = ~0; | |
9620 | + | |
9621 | + gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1); | |
9622 | if (ex.a_data + ex.a_bss > rlim) | |
9623 | return -ENOMEM; | |
9624 | ||
9625 | @@ -326,6 +333,28 @@ static int load_aout_binary(struct linux | |
9626 | current->mm->mmap = NULL; | |
9627 | compute_creds(bprm); | |
9628 | current->flags &= ~PF_FORKNOEXEC; | |
9629 | + | |
9630 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
9631 | + current->mm->pax_flags = 0UL; | |
9632 | +#endif | |
9633 | + | |
9634 | +#ifdef CONFIG_PAX_PAGEEXEC | |
9635 | + if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) { | |
9636 | + current->mm->pax_flags |= MF_PAX_PAGEEXEC; | |
9637 | + | |
9638 | +#ifdef CONFIG_PAX_EMUTRAMP | |
9639 | + if (N_FLAGS(ex) & F_PAX_EMUTRAMP) | |
9640 | + current->mm->pax_flags |= MF_PAX_EMUTRAMP; | |
9641 | +#endif | |
9642 | + | |
9643 | +#ifdef CONFIG_PAX_MPROTECT | |
9644 | + if (!(N_FLAGS(ex) & F_PAX_MPROTECT)) | |
9645 | + current->mm->pax_flags |= MF_PAX_MPROTECT; | |
9646 | +#endif | |
9647 | + | |
9648 | + } | |
9649 | +#endif | |
9650 | + | |
9651 | #ifdef __sparc__ | |
9652 | if (N_MAGIC(ex) == NMAGIC) { | |
9653 | loff_t pos = fd_offset; | |
9654 | @@ -421,7 +450,7 @@ static int load_aout_binary(struct linux | |
9655 | ||
9656 | down_write(¤t->mm->mmap_sem); | |
9657 | error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, | |
9658 | - PROT_READ | PROT_WRITE | PROT_EXEC, | |
9659 | + PROT_READ | PROT_WRITE, | |
9660 | MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, | |
9661 | fd_offset + ex.a_text); | |
9662 | up_write(¤t->mm->mmap_sem); | |
9663 | diff -urNp linux-2.6.19.1/fs/binfmt_elf.c linux-2.6.19.1/fs/binfmt_elf.c | |
9664 | --- linux-2.6.19.1/fs/binfmt_elf.c 2006-11-29 16:57:37.000000000 -0500 | |
9665 | +++ linux-2.6.19.1/fs/binfmt_elf.c 2006-12-03 15:16:12.000000000 -0500 | |
9666 | @@ -39,10 +39,16 @@ | |
c3e8c1b5 | 9667 | #include <linux/random.h> |
9668 | #include <linux/elf.h> | |
b6fa5d20 | 9669 | #include <linux/vs_memory.h> |
c3e8c1b5 | 9670 | +#include <linux/grsecurity.h> |
9671 | + | |
9672 | #include <asm/uaccess.h> | |
9673 | #include <asm/param.h> | |
9674 | #include <asm/page.h> | |
9675 | ||
9676 | +#ifdef CONFIG_PAX_SEGMEXEC | |
9677 | +#include <asm/desc.h> | |
9678 | +#endif | |
9679 | + | |
9680 | static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs); | |
9681 | static int load_elf_library(struct file *); | |
9682 | static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int); | |
9683 | @@ -87,6 +93,8 @@ static struct linux_binfmt elf_format = | |
9684 | ||
9685 | static int set_brk(unsigned long start, unsigned long end) | |
9686 | { | |
9687 | + unsigned long e = end; | |
9688 | + | |
9689 | start = ELF_PAGEALIGN(start); | |
9690 | end = ELF_PAGEALIGN(end); | |
9691 | if (end > start) { | |
9692 | @@ -97,7 +105,7 @@ static int set_brk(unsigned long start, | |
9693 | if (BAD_ADDR(addr)) | |
9694 | return addr; | |
9695 | } | |
9696 | - current->mm->start_brk = current->mm->brk = end; | |
9697 | + current->mm->start_brk = current->mm->brk = e; | |
9698 | return 0; | |
9699 | } | |
9700 | ||
9701 | @@ -315,10 +323,9 @@ static unsigned long load_elf_interp(str | |
9702 | { | |
9703 | struct elf_phdr *elf_phdata; | |
9704 | struct elf_phdr *eppnt; | |
9705 | - unsigned long load_addr = 0; | |
9706 | - int load_addr_set = 0; | |
9707 | + unsigned long load_addr = 0, min_addr, max_addr, task_size = TASK_SIZE; | |
9708 | unsigned long last_bss = 0, elf_bss = 0; | |
9709 | - unsigned long error = ~0UL; | |
9710 | + unsigned long error = -EINVAL; | |
9711 | int retval, i, size; | |
9712 | ||
9713 | /* First of all, some simple consistency checks */ | |
9714 | @@ -357,66 +364,86 @@ static unsigned long load_elf_interp(str | |
9715 | goto out_close; | |
9716 | } | |
9717 | ||
9718 | +#ifdef CONFIG_PAX_SEGMEXEC | |
9719 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) | |
9720 | + task_size = SEGMEXEC_TASK_SIZE; | |
9721 | +#endif | |
9722 | + | |
9723 | eppnt = elf_phdata; | |
9724 | + min_addr = task_size; | |
9725 | + max_addr = 0; | |
9726 | + error = -ENOMEM; | |
9727 | + | |
9728 | for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { | |
9729 | - if (eppnt->p_type == PT_LOAD) { | |
9730 | - int elf_type = MAP_PRIVATE | MAP_DENYWRITE; | |
9731 | - int elf_prot = 0; | |
9732 | - unsigned long vaddr = 0; | |
9733 | - unsigned long k, map_addr; | |
9734 | - | |
9735 | - if (eppnt->p_flags & PF_R) | |
9736 | - elf_prot = PROT_READ; | |
9737 | - if (eppnt->p_flags & PF_W) | |
9738 | - elf_prot |= PROT_WRITE; | |
9739 | - if (eppnt->p_flags & PF_X) | |
9740 | - elf_prot |= PROT_EXEC; | |
9741 | - vaddr = eppnt->p_vaddr; | |
9742 | - if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) | |
9743 | - elf_type |= MAP_FIXED; | |
9744 | - | |
9745 | - map_addr = elf_map(interpreter, load_addr + vaddr, | |
9746 | - eppnt, elf_prot, elf_type); | |
9747 | - error = map_addr; | |
9748 | - if (BAD_ADDR(map_addr)) | |
9749 | - goto out_close; | |
9750 | - | |
9751 | - if (!load_addr_set && | |
9752 | - interp_elf_ex->e_type == ET_DYN) { | |
9753 | - load_addr = map_addr - ELF_PAGESTART(vaddr); | |
9754 | - load_addr_set = 1; | |
9755 | - } | |
9756 | + if (eppnt->p_type != PT_LOAD) | |
9757 | + continue; | |
9758 | ||
9759 | - /* | |
9760 | - * Check to see if the section's size will overflow the | |
9761 | - * allowed task size. Note that p_filesz must always be | |
9762 | - * <= p_memsize so it's only necessary to check p_memsz. | |
9763 | - */ | |
9764 | - k = load_addr + eppnt->p_vaddr; | |
9765 | - if (BAD_ADDR(k) || | |
9766 | - eppnt->p_filesz > eppnt->p_memsz || | |
9767 | - eppnt->p_memsz > TASK_SIZE || | |
9768 | - TASK_SIZE - eppnt->p_memsz < k) { | |
9769 | - error = -ENOMEM; | |
9770 | - goto out_close; | |
9771 | - } | |
9772 | + /* | |
9773 | + * Check to see if the section's size will overflow the | |
9774 | + * allowed task size. Note that p_filesz must always be | |
9775 | + * <= p_memsize so it is only necessary to check p_memsz. | |
9776 | + */ | |
9777 | + if (eppnt->p_filesz > eppnt->p_memsz || eppnt->p_vaddr >= eppnt->p_vaddr + eppnt->p_memsz) | |
9778 | + goto out_close; | |
9779 | ||
9780 | - /* | |
9781 | - * Find the end of the file mapping for this phdr, and | |
9782 | - * keep track of the largest address we see for this. | |
9783 | - */ | |
9784 | - k = load_addr + eppnt->p_vaddr + eppnt->p_filesz; | |
9785 | - if (k > elf_bss) | |
9786 | - elf_bss = k; | |
9787 | + if (min_addr > ELF_PAGESTART(eppnt->p_vaddr)) | |
9788 | + min_addr = ELF_PAGESTART(eppnt->p_vaddr); | |
9789 | + if (max_addr < ELF_PAGEALIGN(eppnt->p_vaddr + eppnt->p_memsz)) | |
9790 | + max_addr = ELF_PAGEALIGN(eppnt->p_vaddr + eppnt->p_memsz); | |
9791 | + } | |
9792 | + if (min_addr >= max_addr || max_addr > task_size) | |
9793 | + goto out_close; | |
9794 | ||
9795 | - /* | |
9796 | - * Do the same thing for the memory mapping - between | |
9797 | - * elf_bss and last_bss is the bss section. | |
9798 | - */ | |
9799 | - k = load_addr + eppnt->p_memsz + eppnt->p_vaddr; | |
9800 | - if (k > last_bss) | |
9801 | - last_bss = k; | |
9802 | - } | |
9803 | + if (interp_elf_ex->e_type == ET_DYN) { | |
9804 | + load_addr = get_unmapped_area(interpreter, 0, max_addr - min_addr, 0, MAP_PRIVATE | MAP_EXECUTABLE); | |
9805 | + | |
9806 | + if (load_addr >= task_size) | |
9807 | + goto out_close; | |
9808 | + | |
9809 | + load_addr -= min_addr; | |
9810 | + } | |
9811 | + | |
9812 | + eppnt = elf_phdata; | |
9813 | + for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { | |
9814 | + int elf_type = MAP_PRIVATE | MAP_DENYWRITE | MAP_FIXED; | |
9815 | + int elf_prot = 0; | |
9816 | + unsigned long vaddr = 0; | |
9817 | + unsigned long k, map_addr; | |
9818 | + | |
9819 | + if (eppnt->p_type != PT_LOAD) | |
9820 | + continue; | |
9821 | + | |
9822 | + if (eppnt->p_flags & PF_R) | |
9823 | + elf_prot = PROT_READ; | |
9824 | + if (eppnt->p_flags & PF_W) | |
9825 | + elf_prot |= PROT_WRITE; | |
9826 | + if (eppnt->p_flags & PF_X) | |
9827 | + elf_prot |= PROT_EXEC; | |
9828 | + vaddr = eppnt->p_vaddr; | |
9829 | + | |
9830 | + map_addr = elf_map(interpreter, load_addr + vaddr, | |
9831 | + eppnt, elf_prot, elf_type); | |
9832 | + error = map_addr; | |
9833 | + if (BAD_ADDR(map_addr)) | |
9834 | + goto out_close; | |
9835 | + | |
9836 | + k = load_addr + eppnt->p_vaddr; | |
9837 | + | |
9838 | + /* | |
9839 | + * Find the end of the file mapping for this phdr, and | |
9840 | + * keep track of the largest address we see for this. | |
9841 | + */ | |
9842 | + k = load_addr + eppnt->p_vaddr + eppnt->p_filesz; | |
9843 | + if (k > elf_bss) | |
9844 | + elf_bss = k; | |
9845 | + | |
9846 | + /* | |
9847 | + * Do the same thing for the memory mapping - between | |
9848 | + * elf_bss and last_bss is the bss section. | |
9849 | + */ | |
9850 | + k = load_addr + eppnt->p_memsz + eppnt->p_vaddr; | |
9851 | + if (k > last_bss) | |
9852 | + last_bss = k; | |
9853 | } | |
9854 | ||
9855 | /* | |
9856 | @@ -444,6 +471,8 @@ static unsigned long load_elf_interp(str | |
9857 | ||
9858 | *interp_load_addr = load_addr; | |
9859 | error = ((unsigned long)interp_elf_ex->e_entry) + load_addr; | |
9860 | + if (BAD_ADDR(error)) | |
9861 | + error = -EFAULT; | |
9862 | ||
9863 | out_close: | |
9864 | kfree(elf_phdata); | |
9865 | @@ -454,7 +483,7 @@ out: | |
9866 | static unsigned long load_aout_interp(struct exec *interp_ex, | |
9867 | struct file *interpreter) | |
9868 | { | |
9869 | - unsigned long text_data, elf_entry = ~0UL; | |
9870 | + unsigned long text_data, elf_entry = -EINVAL; | |
9871 | char __user * addr; | |
9872 | loff_t offset; | |
9873 | ||
9874 | @@ -497,6 +526,180 @@ out: | |
9875 | return elf_entry; | |
9876 | } | |
9877 | ||
9878 | +#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE) | |
9879 | +static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata) | |
9880 | +{ | |
9881 | + unsigned long pax_flags = 0UL; | |
9882 | + | |
9883 | +#ifdef CONFIG_PAX_PAGEEXEC | |
9884 | + if (elf_phdata->p_flags & PF_PAGEEXEC) | |
9885 | + pax_flags |= MF_PAX_PAGEEXEC; | |
9886 | +#endif | |
9887 | + | |
9888 | +#ifdef CONFIG_PAX_SEGMEXEC | |
9889 | + if (elf_phdata->p_flags & PF_SEGMEXEC) | |
9890 | + pax_flags |= MF_PAX_SEGMEXEC; | |
9891 | +#endif | |
9892 | + | |
9893 | +#ifdef CONFIG_PAX_DEFAULT_PAGEEXEC | |
9894 | + if (pax_flags & MF_PAX_PAGEEXEC) | |
9895 | + pax_flags &= ~MF_PAX_SEGMEXEC; | |
9896 | +#endif | |
9897 | + | |
9898 | +#ifdef CONFIG_PAX_DEFAULT_SEGMEXEC | |
9899 | + if (pax_flags & MF_PAX_SEGMEXEC) | |
9900 | + pax_flags &= ~MF_PAX_PAGEEXEC; | |
9901 | +#endif | |
9902 | + | |
9903 | +#ifdef CONFIG_PAX_EMUTRAMP | |
9904 | + if (elf_phdata->p_flags & PF_EMUTRAMP) | |
9905 | + pax_flags |= MF_PAX_EMUTRAMP; | |
9906 | +#endif | |
9907 | + | |
9908 | +#ifdef CONFIG_PAX_MPROTECT | |
9909 | + if (elf_phdata->p_flags & PF_MPROTECT) | |
9910 | + pax_flags |= MF_PAX_MPROTECT; | |
9911 | +#endif | |
9912 | + | |
9913 | +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK) | |
9914 | + if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP)) | |
9915 | + pax_flags |= MF_PAX_RANDMMAP; | |
9916 | +#endif | |
9917 | + | |
9918 | + return pax_flags; | |
9919 | +} | |
9920 | +#endif | |
9921 | + | |
9922 | +#ifdef CONFIG_PAX_PT_PAX_FLAGS | |
9923 | +static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata) | |
9924 | +{ | |
9925 | + unsigned long pax_flags = 0UL; | |
9926 | + | |
9927 | +#ifdef CONFIG_PAX_PAGEEXEC | |
9928 | + if (!(elf_phdata->p_flags & PF_NOPAGEEXEC)) | |
9929 | + pax_flags |= MF_PAX_PAGEEXEC; | |
9930 | +#endif | |
9931 | + | |
9932 | +#ifdef CONFIG_PAX_SEGMEXEC | |
9933 | + if (!(elf_phdata->p_flags & PF_NOSEGMEXEC)) | |
9934 | + pax_flags |= MF_PAX_SEGMEXEC; | |
9935 | +#endif | |
9936 | + | |
9937 | +#ifdef CONFIG_PAX_DEFAULT_PAGEEXEC | |
9938 | + if (pax_flags & MF_PAX_PAGEEXEC) | |
9939 | + pax_flags &= ~MF_PAX_SEGMEXEC; | |
9940 | +#endif | |
9941 | + | |
9942 | +#ifdef CONFIG_PAX_DEFAULT_SEGMEXEC | |
9943 | + if (pax_flags & MF_PAX_SEGMEXEC) | |
9944 | + pax_flags &= ~MF_PAX_PAGEEXEC; | |
9945 | +#endif | |
9946 | + | |
9947 | +#ifdef CONFIG_PAX_EMUTRAMP | |
9948 | + if (!(elf_phdata->p_flags & PF_NOEMUTRAMP)) | |
9949 | + pax_flags |= MF_PAX_EMUTRAMP; | |
9950 | +#endif | |
9951 | + | |
9952 | +#ifdef CONFIG_PAX_MPROTECT | |
9953 | + if (!(elf_phdata->p_flags & PF_NOMPROTECT)) | |
9954 | + pax_flags |= MF_PAX_MPROTECT; | |
9955 | +#endif | |
9956 | + | |
9957 | +#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK) | |
9958 | + if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP)) | |
9959 | + pax_flags |= MF_PAX_RANDMMAP; | |
9960 | +#endif | |
9961 | + | |
9962 | + return pax_flags; | |
9963 | +} | |
9964 | +#endif | |
9965 | + | |
9966 | +#ifdef CONFIG_PAX_EI_PAX | |
9967 | +static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) | |
9968 | +{ | |
9969 | + unsigned long pax_flags = 0UL; | |
9970 | + | |
9971 | +#ifdef CONFIG_PAX_PAGEEXEC | |
9972 | + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC)) | |
9973 | + pax_flags |= MF_PAX_PAGEEXEC; | |
9974 | +#endif | |
9975 | + | |
9976 | +#ifdef CONFIG_PAX_SEGMEXEC | |
9977 | + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC)) | |
9978 | + pax_flags |= MF_PAX_SEGMEXEC; | |
9979 | +#endif | |
9980 | + | |
9981 | +#ifdef CONFIG_PAX_DEFAULT_PAGEEXEC | |
9982 | + if (pax_flags & MF_PAX_PAGEEXEC) | |
9983 | + pax_flags &= ~MF_PAX_SEGMEXEC; | |
9984 | +#endif | |
9985 | + | |
9986 | +#ifdef CONFIG_PAX_DEFAULT_SEGMEXEC | |
9987 | + if (pax_flags & MF_PAX_SEGMEXEC) | |
9988 | + pax_flags &= ~MF_PAX_PAGEEXEC; | |
9989 | +#endif | |
9990 | + | |
9991 | +#ifdef CONFIG_PAX_EMUTRAMP | |
9992 | + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP)) | |
9993 | + pax_flags |= MF_PAX_EMUTRAMP; | |
9994 | +#endif | |
9995 | + | |
9996 | +#ifdef CONFIG_PAX_MPROTECT | |
9997 | + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT)) | |
9998 | + pax_flags |= MF_PAX_MPROTECT; | |
9999 | +#endif | |
10000 | + | |
10001 | +#ifdef CONFIG_PAX_ASLR | |
10002 | + if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP)) | |
10003 | + pax_flags |= MF_PAX_RANDMMAP; | |
10004 | +#endif | |
10005 | + | |
10006 | + return pax_flags; | |
10007 | +} | |
10008 | +#endif | |
10009 | + | |
10010 | +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) | |
10011 | +static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata) | |
10012 | +{ | |
10013 | + unsigned long pax_flags = 0UL; | |
10014 | + | |
10015 | +#ifdef CONFIG_PAX_PT_PAX_FLAGS | |
10016 | + unsigned long i; | |
10017 | +#endif | |
10018 | + | |
10019 | +#ifdef CONFIG_PAX_EI_PAX | |
10020 | + pax_flags = pax_parse_ei_pax(elf_ex); | |
10021 | +#endif | |
10022 | + | |
10023 | +#ifdef CONFIG_PAX_PT_PAX_FLAGS | |
10024 | + for (i = 0UL; i < elf_ex->e_phnum; i++) | |
10025 | + if (elf_phdata[i].p_type == PT_PAX_FLAGS) { | |
10026 | + if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) || | |
10027 | + ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) || | |
10028 | + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) || | |
10029 | + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) || | |
10030 | + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP))) | |
10031 | + return -EINVAL; | |
10032 | + | |
10033 | +#ifdef CONFIG_PAX_SOFTMODE | |
10034 | + if (pax_softmode) | |
10035 | + pax_flags = pax_parse_softmode(&elf_phdata[i]); | |
10036 | + else | |
10037 | +#endif | |
10038 | + | |
10039 | + pax_flags = pax_parse_hardmode(&elf_phdata[i]); | |
10040 | + break; | |
10041 | + } | |
10042 | +#endif | |
10043 | + | |
10044 | + if (0 > pax_check_flags(&pax_flags)) | |
10045 | + return -EINVAL; | |
10046 | + | |
10047 | + current->mm->pax_flags = pax_flags; | |
10048 | + return 0; | |
10049 | +} | |
10050 | +#endif | |
10051 | + | |
10052 | /* | |
10053 | * These are the functions used to load ELF style executables and shared | |
10054 | * libraries. There is no binary dependent code anywhere else. | |
10055 | @@ -534,7 +737,7 @@ static int load_elf_binary(struct linux_ | |
10056 | char * elf_interpreter = NULL; | |
10057 | unsigned int interpreter_type = INTERPRETER_NONE; | |
10058 | unsigned char ibcs2_interpreter = 0; | |
10059 | - unsigned long error; | |
10060 | + unsigned long error = 0; | |
10061 | struct elf_phdr *elf_ppnt, *elf_phdata; | |
10062 | unsigned long elf_bss, elf_brk; | |
10063 | int elf_exec_fileno; | |
10064 | @@ -552,6 +755,7 @@ static int load_elf_binary(struct linux_ | |
10065 | struct elfhdr interp_elf_ex; | |
10066 | struct exec interp_ex; | |
10067 | } *loc; | |
10068 | + unsigned long task_size = TASK_SIZE; | |
10069 | ||
10070 | loc = kmalloc(sizeof(*loc), GFP_KERNEL); | |
10071 | if (!loc) { | |
10072 | @@ -774,14 +978,88 @@ static int load_elf_binary(struct linux_ | |
10073 | current->mm->end_code = 0; | |
10074 | current->mm->mmap = NULL; | |
10075 | current->flags &= ~PF_FORKNOEXEC; | |
10076 | + | |
10077 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
10078 | + current->mm->pax_flags = 0UL; | |
10079 | +#endif | |
10080 | + | |
10081 | +#ifdef CONFIG_PAX_DLRESOLVE | |
10082 | + current->mm->call_dl_resolve = 0UL; | |
10083 | +#endif | |
10084 | + | |
10085 | +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT) | |
10086 | + current->mm->call_syscall = 0UL; | |
10087 | +#endif | |
10088 | + | |
10089 | +#ifdef CONFIG_PAX_ASLR | |
10090 | + current->mm->delta_mmap = 0UL; | |
10091 | + current->mm->delta_exec = 0UL; | |
10092 | + current->mm->delta_stack = 0UL; | |
10093 | +#endif | |
10094 | + | |
10095 | current->mm->def_flags = def_flags; | |
10096 | ||
10097 | +#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) | |
10098 | + if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) { | |
10099 | + send_sig(SIGKILL, current, 0); | |
10100 | + goto out_free_dentry; | |
10101 | + } | |
10102 | +#endif | |
10103 | + | |
10104 | +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS | |
10105 | + pax_set_initial_flags(bprm); | |
10106 | +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS) | |
10107 | + if (pax_set_initial_flags_func) | |
10108 | + (pax_set_initial_flags_func)(bprm); | |
10109 | +#endif | |
10110 | + | |
10111 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
10112 | + if (current->mm->pax_flags & MF_PAX_PAGEEXEC) | |
10113 | + current->mm->context.user_cs_limit = PAGE_SIZE; | |
10114 | +#endif | |
10115 | + | |
10116 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10117 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
10118 | + int cpu = get_cpu(); | |
10119 | + | |
10120 | + current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE; | |
10121 | + current->mm->context.user_cs_limit = -SEGMEXEC_TASK_SIZE; | |
10122 | + set_user_cs(current->mm, cpu); | |
10123 | + put_cpu(); | |
10124 | + task_size = SEGMEXEC_TASK_SIZE; | |
10125 | + } | |
10126 | +#endif | |
10127 | + | |
10128 | +#ifdef CONFIG_PAX_ASLR | |
10129 | + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { | |
10130 | +#define pax_delta_mask(delta, lsb, len) (((delta) & ((1UL << (len)) - 1)) << (lsb)) | |
10131 | + | |
10132 | + current->mm->delta_mmap = pax_delta_mask(pax_get_random_long(), PAX_DELTA_MMAP_LSB(current), PAX_DELTA_MMAP_LEN(current)); | |
10133 | + current->mm->delta_exec = pax_delta_mask(pax_get_random_long(), PAX_DELTA_EXEC_LSB(current), PAX_DELTA_EXEC_LEN(current)); | |
10134 | + current->mm->delta_stack = pax_delta_mask(pax_get_random_long(), PAX_DELTA_STACK_LSB(current), PAX_DELTA_STACK_LEN(current)); | |
10135 | + } | |
10136 | +#endif | |
10137 | + | |
10138 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
10139 | + if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) | |
10140 | + executable_stack = EXSTACK_DEFAULT; | |
10141 | +#endif | |
10142 | + | |
10143 | /* Do this immediately, since STACK_TOP as used in setup_arg_pages | |
10144 | may depend on the personality. */ | |
10145 | SET_PERSONALITY(loc->elf_ex, ibcs2_interpreter); | |
10146 | + | |
10147 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
10148 | + if (!(current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))) | |
10149 | +#endif | |
10150 | + | |
10151 | if (elf_read_implies_exec(loc->elf_ex, executable_stack)) | |
10152 | current->personality |= READ_IMPLIES_EXEC; | |
10153 | ||
10154 | +#ifdef CONFIG_PAX_ASLR | |
10155 | + if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) | |
10156 | +#endif | |
10157 | + | |
10158 | if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) | |
10159 | current->flags |= PF_RANDOMIZE; | |
10160 | arch_pick_mmap_layout(current->mm); | |
10161 | @@ -857,6 +1135,15 @@ static int load_elf_binary(struct linux_ | |
10162 | * might try to exec. This is because the brk will | |
10163 | * follow the loader, and is not movable. */ | |
10164 | load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); | |
10165 | + | |
10166 | +#ifdef CONFIG_PAX_RANDMMAP | |
10167 | + /* PaX: randomize base address at the default exe base if requested */ | |
10168 | + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { | |
10169 | + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE(current) - vaddr + current->mm->delta_exec); | |
10170 | + elf_flags |= MAP_FIXED; | |
10171 | + } | |
10172 | +#endif | |
10173 | + | |
10174 | } | |
10175 | ||
10176 | error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, | |
10177 | @@ -887,9 +1174,9 @@ static int load_elf_binary(struct linux_ | |
10178 | * allowed task size. Note that p_filesz must always be | |
10179 | * <= p_memsz so it is only necessary to check p_memsz. | |
10180 | */ | |
10181 | - if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz || | |
10182 | - elf_ppnt->p_memsz > TASK_SIZE || | |
10183 | - TASK_SIZE - elf_ppnt->p_memsz < k) { | |
10184 | + if (k >= task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz || | |
10185 | + elf_ppnt->p_memsz > task_size || | |
10186 | + task_size - elf_ppnt->p_memsz < k) { | |
10187 | /* set_brk can never work. Avoid overflows. */ | |
10188 | send_sig(SIGKILL, current, 0); | |
10189 | goto out_free_dentry; | |
10190 | @@ -916,6 +1203,12 @@ static int load_elf_binary(struct linux_ | |
10191 | start_data += load_bias; | |
10192 | end_data += load_bias; | |
10193 | ||
10194 | +#ifdef CONFIG_PAX_RANDMMAP | |
10195 | + if (current->mm->pax_flags & MF_PAX_RANDMMAP) | |
10196 | + elf_brk += PAGE_SIZE + pax_delta_mask(pax_get_random_long(), 4, PAGE_SHIFT); | |
10197 | +#undef pax_delta_mask | |
10198 | +#endif | |
10199 | + | |
10200 | /* Calling set_brk effectively mmaps the pages that we need | |
10201 | * for the bss and break sections. We must do this before | |
10202 | * mapping in the interpreter, to make sure it doesn't wind | |
10203 | @@ -1178,7 +1471,7 @@ static int dump_seek(struct file *file, | |
10204 | * | |
10205 | * I think we should skip something. But I am not sure how. H.J. | |
10206 | */ | |
10207 | -static int maydump(struct vm_area_struct *vma) | |
10208 | +static int maydump(struct vm_area_struct *vma, long signr) | |
10209 | { | |
10210 | /* Do not dump I/O mapped devices or special mappings */ | |
10211 | if (vma->vm_flags & (VM_IO | VM_RESERVED)) | |
10212 | @@ -1189,7 +1482,7 @@ static int maydump(struct vm_area_struct | |
10213 | return vma->vm_file->f_dentry->d_inode->i_nlink == 0; | |
10214 | ||
10215 | /* If it hasn't been written to, don't write it out */ | |
10216 | - if (!vma->anon_vma) | |
10217 | + if (signr != SIGKILL && !vma->anon_vma) | |
10218 | return 0; | |
10219 | ||
10220 | return 1; | |
10221 | @@ -1246,8 +1539,11 @@ static int writenote(struct memelfnote * | |
10222 | #undef DUMP_WRITE | |
10223 | ||
10224 | #define DUMP_WRITE(addr, nr) \ | |
10225 | + do { \ | |
10226 | + gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \ | |
10227 | if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \ | |
10228 | - goto end_coredump; | |
10229 | + goto end_coredump; \ | |
10230 | + } while (0); | |
10231 | #define DUMP_SEEK(off) \ | |
10232 | if (!dump_seek(file, (off))) \ | |
10233 | goto end_coredump; | |
10234 | @@ -1600,7 +1896,7 @@ static int elf_core_dump(long signr, str | |
10235 | phdr.p_offset = offset; | |
10236 | phdr.p_vaddr = vma->vm_start; | |
10237 | phdr.p_paddr = 0; | |
10238 | - phdr.p_filesz = maydump(vma) ? sz : 0; | |
10239 | + phdr.p_filesz = maydump(vma, signr) ? sz : 0; | |
10240 | phdr.p_memsz = sz; | |
10241 | offset += phdr.p_filesz; | |
10242 | phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; | |
10243 | @@ -1638,7 +1934,7 @@ static int elf_core_dump(long signr, str | |
10244 | for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) { | |
10245 | unsigned long addr; | |
10246 | ||
10247 | - if (!maydump(vma)) | |
10248 | + if (!maydump(vma, signr)) | |
10249 | continue; | |
10250 | ||
10251 | for (addr = vma->vm_start; | |
10252 | @@ -1658,6 +1954,7 @@ static int elf_core_dump(long signr, str | |
10253 | flush_cache_page(vma, addr, | |
10254 | page_to_pfn(page)); | |
10255 | kaddr = kmap(page); | |
10256 | + gr_learn_resource(current, RLIMIT_CORE, size + PAGE_SIZE, 1); | |
10257 | if ((size += PAGE_SIZE) > limit || | |
10258 | !dump_write(file, kaddr, | |
10259 | PAGE_SIZE)) { | |
10260 | diff -urNp linux-2.6.19.1/fs/binfmt_flat.c linux-2.6.19.1/fs/binfmt_flat.c | |
10261 | --- linux-2.6.19.1/fs/binfmt_flat.c 2006-11-29 16:57:37.000000000 -0500 | |
10262 | +++ linux-2.6.19.1/fs/binfmt_flat.c 2006-12-03 15:16:12.000000000 -0500 | |
10263 | @@ -551,7 +551,9 @@ static int load_flat_file(struct linux_b | |
10264 | realdatastart = (unsigned long) -ENOMEM; | |
10265 | printk("Unable to allocate RAM for process data, errno %d\n", | |
10266 | (int)-datapos); | |
10267 | + down_write(¤t->mm->mmap_sem); | |
10268 | do_munmap(current->mm, textpos, text_len); | |
10269 | + up_write(¤t->mm->mmap_sem); | |
10270 | ret = realdatastart; | |
10271 | goto err; | |
10272 | } | |
10273 | @@ -573,8 +575,10 @@ static int load_flat_file(struct linux_b | |
10274 | } | |
10275 | if (result >= (unsigned long)-4096) { | |
10276 | printk("Unable to read data+bss, errno %d\n", (int)-result); | |
10277 | + down_write(¤t->mm->mmap_sem); | |
10278 | do_munmap(current->mm, textpos, text_len); | |
10279 | do_munmap(current->mm, realdatastart, data_len + extra); | |
10280 | + up_write(¤t->mm->mmap_sem); | |
10281 | ret = result; | |
10282 | goto err; | |
10283 | } | |
10284 | @@ -638,8 +642,10 @@ static int load_flat_file(struct linux_b | |
10285 | } | |
10286 | if (result >= (unsigned long)-4096) { | |
10287 | printk("Unable to read code+data+bss, errno %d\n",(int)-result); | |
10288 | + down_write(¤t->mm->mmap_sem); | |
10289 | do_munmap(current->mm, textpos, text_len + data_len + extra + | |
10290 | MAX_SHARED_LIBS * sizeof(unsigned long)); | |
10291 | + up_write(¤t->mm->mmap_sem); | |
10292 | ret = result; | |
10293 | goto err; | |
10294 | } | |
10295 | diff -urNp linux-2.6.19.1/fs/binfmt_misc.c linux-2.6.19.1/fs/binfmt_misc.c | |
10296 | --- linux-2.6.19.1/fs/binfmt_misc.c 2006-11-29 16:57:37.000000000 -0500 | |
10297 | +++ linux-2.6.19.1/fs/binfmt_misc.c 2006-12-03 15:16:12.000000000 -0500 | |
10298 | @@ -113,9 +113,11 @@ static int load_misc_binary(struct linux | |
10299 | struct files_struct *files = NULL; | |
10300 | ||
10301 | retval = -ENOEXEC; | |
10302 | - if (!enabled) | |
10303 | + if (!enabled || bprm->misc) | |
10304 | goto _ret; | |
10305 | ||
10306 | + bprm->misc++; | |
10307 | + | |
10308 | /* to keep locking time low, we copy the interpreter string */ | |
10309 | read_lock(&entries_lock); | |
10310 | fmt = check_file(bprm); | |
10311 | diff -urNp linux-2.6.19.1/fs/buffer.c linux-2.6.19.1/fs/buffer.c | |
10312 | --- linux-2.6.19.1/fs/buffer.c 2006-11-29 16:57:37.000000000 -0500 | |
10313 | +++ linux-2.6.19.1/fs/buffer.c 2006-12-03 15:16:12.000000000 -0500 | |
10314 | @@ -41,6 +41,7 @@ | |
10315 | #include <linux/bitops.h> | |
10316 | #include <linux/mpage.h> | |
10317 | #include <linux/bit_spinlock.h> | |
10318 | +#include <linux/grsecurity.h> | |
10319 | ||
10320 | static int fsync_buffers_list(spinlock_t *lock, struct list_head *list); | |
10321 | static void invalidate_bh_lrus(void); | |
10322 | @@ -2018,6 +2019,7 @@ static int __generic_cont_expand(struct | |
10323 | ||
10324 | err = -EFBIG; | |
10325 | limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; | |
10326 | + gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long) size, 1); | |
10327 | if (limit != RLIM_INFINITY && size > (loff_t)limit) { | |
10328 | send_sig(SIGXFSZ, current, 0); | |
10329 | goto out; | |
10330 | diff -urNp linux-2.6.19.1/fs/cifs/cifssmb.c linux-2.6.19.1/fs/cifs/cifssmb.c | |
10331 | --- linux-2.6.19.1/fs/cifs/cifssmb.c 2006-11-29 16:57:37.000000000 -0500 | |
10332 | +++ linux-2.6.19.1/fs/cifs/cifssmb.c 2006-12-03 15:16:14.000000000 -0500 | |
10333 | @@ -2812,10 +2812,10 @@ GetExtAttrOut: | |
10334 | ||
10335 | ||
10336 | /* security id for everyone */ | |
10337 | -const static struct cifs_sid sid_everyone = | |
10338 | +static const struct cifs_sid sid_everyone = | |
10339 | {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}}; | |
10340 | /* group users */ | |
10341 | -const static struct cifs_sid sid_user = | |
10342 | +static const struct cifs_sid sid_user = | |
10343 | {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}}; | |
10344 | ||
10345 | /* Convert CIFS ACL to POSIX form */ | |
10346 | diff -urNp linux-2.6.19.1/fs/cifs/smbdes.c linux-2.6.19.1/fs/cifs/smbdes.c | |
10347 | --- linux-2.6.19.1/fs/cifs/smbdes.c 2006-11-29 16:57:37.000000000 -0500 | |
10348 | +++ linux-2.6.19.1/fs/cifs/smbdes.c 2006-12-03 15:16:14.000000000 -0500 | |
10349 | @@ -196,15 +196,18 @@ dohash(char *out, char *in, char *key, i | |
10350 | char c[28]; | |
10351 | char d[28]; | |
10352 | char *cd; | |
10353 | - char ki[16][48]; | |
10354 | + char *ki; | |
10355 | char *pd1; | |
10356 | char l[32], r[32]; | |
10357 | char *rl; | |
10358 | + char *er; /* er[48] */ | |
10359 | ||
10360 | /* Have to reduce stack usage */ | |
10361 | - pk1 = kmalloc(56+56+64+64,GFP_KERNEL); | |
10362 | - if(pk1 == NULL) | |
10363 | - return; | |
10364 | + pk1 = kmalloc(56+56+64+64, GFP_KERNEL); | |
10365 | + ki = kmalloc(16*48, GFP_KERNEL); | |
10366 | + er = kmalloc(48+48+32+32+32, GFP_KERNEL); | |
10367 | + if (!pk1 || !ki || !er) | |
10368 | + goto free; | |
10369 | ||
10370 | cd = pk1 + 56; | |
10371 | pd1= cd + 56; | |
10372 | @@ -222,7 +225,7 @@ dohash(char *out, char *in, char *key, i | |
10373 | lshift(d, sc[i], 28); | |
10374 | ||
10375 | concat(cd, c, d, 28, 28); | |
10376 | - permute(ki[i], cd, perm2, 48); | |
10377 | + permute(ki+48*i, cd, perm2, 48); | |
10378 | } | |
10379 | ||
10380 | permute(pd1, in, perm3, 64); | |
10381 | @@ -233,18 +236,12 @@ dohash(char *out, char *in, char *key, i | |
10382 | } | |
10383 | ||
10384 | for (i = 0; i < 16; i++) { | |
10385 | - char *er; /* er[48] */ | |
10386 | char *erk; /* erk[48] */ | |
10387 | char b[8][6]; | |
10388 | char *cb; /* cb[32] */ | |
10389 | char *pcb; /* pcb[32] */ | |
10390 | char *r2; /* r2[32] */ | |
10391 | ||
10392 | - er = kmalloc(48+48+32+32+32, GFP_KERNEL); | |
10393 | - if(er == NULL) { | |
10394 | - kfree(pk1); | |
10395 | - return; | |
10396 | - } | |
10397 | erk = er+48; | |
10398 | cb = erk+48; | |
10399 | pcb = cb+32; | |
10400 | @@ -252,7 +249,7 @@ dohash(char *out, char *in, char *key, i | |
10401 | ||
10402 | permute(er, r, perm4, 48); | |
10403 | ||
10404 | - xor(erk, er, ki[forw ? i : 15 - i], 48); | |
10405 | + xor(erk, er, ki+48*(forw ? i : 15 - i), 48); | |
10406 | ||
10407 | for (j = 0; j < 8; j++) | |
10408 | for (k = 0; k < 6; k++) | |
10409 | @@ -282,13 +279,15 @@ dohash(char *out, char *in, char *key, i | |
10410 | ||
10411 | for (j = 0; j < 32; j++) | |
10412 | r[j] = r2[j]; | |
10413 | - | |
10414 | - kfree(er); | |
10415 | } | |
10416 | ||
10417 | concat(rl, r, l, 32, 32); | |
10418 | ||
10419 | permute(out, rl, perm6, 64); | |
10420 | + | |
10421 | +free: | |
10422 | + kfree(er); | |
10423 | + kfree(ki); | |
10424 | kfree(pk1); | |
10425 | } | |
10426 | ||
10427 | diff -urNp linux-2.6.19.1/fs/compat.c linux-2.6.19.1/fs/compat.c | |
10428 | --- linux-2.6.19.1/fs/compat.c 2006-12-10 21:40:26.000000000 -0500 | |
10429 | +++ linux-2.6.19.1/fs/compat.c 2006-12-10 21:40:16.000000000 -0500 | |
10430 | @@ -46,6 +46,7 @@ | |
10431 | #include <linux/rwsem.h> | |
10432 | #include <linux/tsacct_kern.h> | |
10433 | #include <linux/mm.h> | |
10434 | +#include <linux/grsecurity.h> | |
10435 | ||
10436 | #include <net/sock.h> /* siocdevprivate_ioctl */ | |
10437 | ||
10438 | @@ -1492,6 +1493,11 @@ int compat_do_execve(char * filename, | |
10439 | struct file *file; | |
10440 | int retval; | |
10441 | int i; | |
10442 | +#ifdef CONFIG_GRKERNSEC | |
10443 | + struct file *old_exec_file; | |
10444 | + struct acl_subject_label *old_acl; | |
10445 | + struct rlimit old_rlim[RLIM_NLIMITS]; | |
10446 | +#endif | |
10447 | ||
10448 | retval = -ENOMEM; | |
10449 | bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); | |
10450 | @@ -1509,6 +1515,15 @@ int compat_do_execve(char * filename, | |
10451 | bprm->file = file; | |
10452 | bprm->filename = filename; | |
10453 | bprm->interp = filename; | |
10454 | + | |
10455 | + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes), 1); | |
10456 | + retval = -EAGAIN; | |
10457 | + if (gr_handle_nproc()) | |
10458 | + goto out_file; | |
10459 | + retval = -EACCES; | |
10460 | + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) | |
10461 | + goto out_file; | |
10462 | + | |
10463 | bprm->mm = mm_alloc(); | |
10464 | retval = -ENOMEM; | |
10465 | if (!bprm->mm) | |
10466 | @@ -1547,10 +1562,39 @@ int compat_do_execve(char * filename, | |
10467 | if (retval < 0) | |
10468 | goto out; | |
10469 | ||
10470 | + if (!gr_tpe_allow(file)) { | |
10471 | + retval = -EACCES; | |
10472 | + goto out; | |
10473 | + } | |
10474 | + | |
10475 | + if (gr_check_crash_exec(file)) { | |
10476 | + retval = -EACCES; | |
10477 | + goto out; | |
10478 | + } | |
10479 | + | |
10480 | + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); | |
10481 | + | |
10482 | + gr_handle_exec_args(bprm, (char __user * __user *)argv); | |
10483 | + | |
10484 | +#ifdef CONFIG_GRKERNSEC | |
10485 | + old_acl = current->acl; | |
10486 | + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim)); | |
10487 | + old_exec_file = current->exec_file; | |
10488 | + get_file(file); | |
10489 | + current->exec_file = file; | |
10490 | +#endif | |
10491 | + | |
10492 | + gr_set_proc_label(file->f_dentry, file->f_vfsmnt); | |
10493 | + | |
10494 | retval = search_binary_handler(bprm, regs); | |
10495 | if (retval >= 0) { | |
10496 | free_arg_pages(bprm); | |
10497 | ||
10498 | +#ifdef CONFIG_GRKERNSEC | |
10499 | + if (old_exec_file) | |
10500 | + fput(old_exec_file); | |
10501 | +#endif | |
10502 | + | |
10503 | /* execve success */ | |
10504 | security_bprm_free(bprm); | |
10505 | acct_update_integrals(current); | |
10506 | @@ -1558,6 +1602,13 @@ int compat_do_execve(char * filename, | |
10507 | return retval; | |
10508 | } | |
10509 | ||
10510 | +#ifdef CONFIG_GRKERNSEC | |
10511 | + current->acl = old_acl; | |
10512 | + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim)); | |
10513 | + fput(current->exec_file); | |
10514 | + current->exec_file = old_exec_file; | |
10515 | +#endif | |
10516 | + | |
10517 | out: | |
10518 | /* Something went wrong, return the inode and free the argument pages*/ | |
10519 | for (i = 0 ; i < MAX_ARG_PAGES ; i++) { | |
10520 | diff -urNp linux-2.6.19.1/fs/dcache.c linux-2.6.19.1/fs/dcache.c | |
10521 | --- linux-2.6.19.1/fs/dcache.c 2006-11-29 16:57:37.000000000 -0500 | |
10522 | +++ linux-2.6.19.1/fs/dcache.c 2006-12-03 15:16:14.000000000 -0500 | |
10523 | @@ -1739,7 +1739,7 @@ shouldnt_be_hashed: | |
10524 | * | |
10525 | * "buflen" should be positive. Caller holds the dcache_lock. | |
10526 | */ | |
10527 | -static char * __d_path( struct dentry *dentry, struct vfsmount *vfsmnt, | |
10528 | +char * __d_path( struct dentry *dentry, struct vfsmount *vfsmnt, | |
10529 | struct dentry *root, struct vfsmount *rootmnt, | |
10530 | char *buffer, int buflen) | |
10531 | { | |
10532 | diff -urNp linux-2.6.19.1/fs/exec.c linux-2.6.19.1/fs/exec.c | |
10533 | --- linux-2.6.19.1/fs/exec.c 2006-12-10 21:40:26.000000000 -0500 | |
10534 | +++ linux-2.6.19.1/fs/exec.c 2006-12-10 21:40:16.000000000 -0500 | |
10535 | @@ -49,6 +49,8 @@ | |
c3e8c1b5 | 10536 | #include <linux/cn_proc.h> |
10537 | #include <linux/audit.h> | |
b6fa5d20 | 10538 | #include <linux/vs_memory.h> |
c3e8c1b5 | 10539 | +#include <linux/random.h> |
10540 | +#include <linux/grsecurity.h> | |
10541 | ||
10542 | #include <asm/uaccess.h> | |
10543 | #include <asm/mmu_context.h> | |
10544 | @@ -67,6 +69,15 @@ EXPORT_SYMBOL(suid_dumpable); | |
10545 | static struct linux_binfmt *formats; | |
10546 | static DEFINE_RWLOCK(binfmt_lock); | |
10547 | ||
10548 | +#ifdef CONFIG_PAX_SOFTMODE | |
10549 | +unsigned int pax_softmode; | |
10550 | +#endif | |
10551 | + | |
10552 | +#ifdef CONFIG_PAX_HOOK_ACL_FLAGS | |
10553 | +void (*pax_set_initial_flags_func)(struct linux_binprm * bprm); | |
10554 | +EXPORT_SYMBOL(pax_set_initial_flags_func); | |
10555 | +#endif | |
10556 | + | |
10557 | int register_binfmt(struct linux_binfmt * fmt) | |
10558 | { | |
10559 | struct linux_binfmt ** tmp = &formats; | |
10560 | @@ -312,6 +323,10 @@ void install_arg_page(struct vm_area_str | |
10561 | if (unlikely(anon_vma_prepare(vma))) | |
10562 | goto out; | |
10563 | ||
10564 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10565 | + if (page_count(page) == 1) | |
10566 | +#endif | |
10567 | + | |
10568 | flush_dcache_page(page); | |
10569 | pte = get_locked_pte(mm, address, &ptl); | |
10570 | if (!pte) | |
10571 | @@ -321,9 +336,21 @@ void install_arg_page(struct vm_area_str | |
10572 | goto out; | |
10573 | } | |
10574 | inc_mm_counter(mm, anon_rss); | |
10575 | + | |
10576 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10577 | + if (page_count(page) == 1) | |
10578 | +#endif | |
10579 | + | |
10580 | lru_cache_add_active(page); | |
10581 | set_pte_at(mm, address, pte, pte_mkdirty(pte_mkwrite(mk_pte( | |
10582 | page, vma->vm_page_prot)))); | |
10583 | + | |
10584 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10585 | + if (page_count(page) != 1) | |
10586 | + page_add_anon_rmap(page, vma, address); | |
10587 | + else | |
10588 | +#endif | |
10589 | + | |
10590 | page_add_new_anon_rmap(page, vma, address); | |
10591 | pte_unmap_unlock(pte, ptl); | |
10592 | ||
10593 | @@ -346,6 +373,10 @@ int setup_arg_pages(struct linux_binprm | |
10594 | int i, ret; | |
10595 | long arg_size; | |
10596 | ||
10597 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10598 | + struct vm_area_struct *mpnt_m = NULL; | |
10599 | +#endif | |
10600 | + | |
10601 | #ifdef CONFIG_STACK_GROWSUP | |
10602 | /* Move the argument and environment strings to the bottom of the | |
10603 | * stack space. | |
10604 | @@ -404,11 +435,19 @@ int setup_arg_pages(struct linux_binprm | |
10605 | bprm->loader += stack_base; | |
10606 | bprm->exec += stack_base; | |
10607 | ||
10608 | - mpnt = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL); | |
10609 | + mpnt = kmem_cache_zalloc(vm_area_cachep, SLAB_KERNEL); | |
10610 | if (!mpnt) | |
10611 | return -ENOMEM; | |
10612 | ||
10613 | - memset(mpnt, 0, sizeof(*mpnt)); | |
10614 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10615 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (VM_STACK_FLAGS & VM_MAYEXEC)) { | |
10616 | + mpnt_m = kmem_cache_zalloc(vm_area_cachep, SLAB_KERNEL); | |
10617 | + if (!mpnt_m) { | |
10618 | + kmem_cache_free(vm_area_cachep, mpnt); | |
10619 | + return -ENOMEM; | |
10620 | + } | |
10621 | + } | |
10622 | +#endif | |
10623 | ||
10624 | down_write(&mm->mmap_sem); | |
10625 | { | |
5c9295bc | 10626 | @@ -430,10 +453,23 @@ int setup_arg_pages(struct linux_binprm |
c3e8c1b5 | 10627 | else |
10628 | mpnt->vm_flags = VM_STACK_FLAGS; | |
10629 | mpnt->vm_flags |= mm->def_flags; | |
10630 | - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; | |
10631 | + | |
10632 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
10633 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC)) | |
10634 | + mpnt->vm_page_prot = protection_map[(mpnt->vm_flags | VM_EXEC) & (VM_READ|VM_WRITE|VM_EXEC)]; | |
10635 | + else | |
10636 | +#endif | |
10637 | + | |
10638 | + mpnt->vm_page_prot = protection_map[mpnt->vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
10639 | if ((ret = insert_vm_struct(mm, mpnt))) { | |
10640 | up_write(&mm->mmap_sem); | |
10641 | kmem_cache_free(vm_area_cachep, mpnt); | |
10642 | + | |
10643 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10644 | + if (mpnt_m) | |
10645 | + kmem_cache_free(vm_area_cachep, mpnt_m); | |
10646 | +#endif | |
10647 | + | |
10648 | return ret; | |
10649 | } | |
b6fa5d20 | 10650 | vx_vmpages_sub(mm, mm->total_vm - vma_pages(mpnt)); |
5c9295bc | 10651 | @@ -452,6 +482,30 @@ int setup_arg_pages(struct linux_binprm |
10652 | } | |
10653 | vx_vmpages_sub(mm, mm->total_vm - vma_pages(mpnt)); | |
b6fa5d20 | 10654 | mm->stack_vm = mm->total_vm; |
c3e8c1b5 | 10655 | + |
10656 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10657 | + if (mpnt_m) { | |
10658 | + *mpnt_m = *mpnt; | |
10659 | + if (!(mpnt->vm_flags & VM_EXEC)) { | |
10660 | + mpnt_m->vm_flags &= ~(VM_READ | VM_WRITE | VM_EXEC); | |
10661 | + mpnt_m->vm_page_prot = PAGE_NONE; | |
10662 | + } | |
10663 | + mpnt_m->vm_start += SEGMEXEC_TASK_SIZE; | |
10664 | + mpnt_m->vm_end += SEGMEXEC_TASK_SIZE; | |
10665 | + if ((ret = insert_vm_struct(mm, mpnt_m))) { | |
10666 | + up_write(&mm->mmap_sem); | |
10667 | + kmem_cache_free(vm_area_cachep, mpnt_m); | |
10668 | + return ret; | |
10669 | + } | |
10670 | + mpnt_m->vm_flags |= VM_MIRROR; | |
10671 | + mpnt->vm_flags |= VM_MIRROR; | |
10672 | + mpnt_m->vm_mirror = mpnt->vm_start - mpnt_m->vm_start; | |
10673 | + mpnt->vm_mirror = mpnt_m->vm_start - mpnt->vm_start; | |
10674 | + mpnt_m->vm_pgoff = mpnt->vm_pgoff; | |
10675 | + mm->total_vm += vma_pages(mpnt_m); | |
10676 | + } | |
10677 | +#endif | |
10678 | + | |
10679 | } | |
10680 | ||
10681 | for (i = 0 ; i < MAX_ARG_PAGES ; i++) { | |
10682 | @@ -444,6 +520,14 @@ int setup_arg_pages(struct linux_binprm | |
10683 | if (page) { | |
10684 | bprm->page[i] = NULL; | |
10685 | install_arg_page(mpnt, page, stack_base); | |
10686 | + | |
10687 | +#ifdef CONFIG_PAX_SEGMEXEC | |
10688 | + if (mpnt_m) { | |
10689 | + page_cache_get(page); | |
10690 | + install_arg_page(mpnt_m, page, stack_base + SEGMEXEC_TASK_SIZE); | |
10691 | + } | |
10692 | +#endif | |
10693 | + | |
10694 | } | |
10695 | stack_base += PAGE_SIZE; | |
10696 | } | |
10697 | @@ -1128,6 +1212,11 @@ int do_execve(char * filename, | |
10698 | struct file *file; | |
10699 | int retval; | |
10700 | int i; | |
10701 | +#ifdef CONFIG_GRKERNSEC | |
10702 | + struct file *old_exec_file; | |
10703 | + struct acl_subject_label *old_acl; | |
10704 | + struct rlimit old_rlim[RLIM_NLIMITS]; | |
10705 | +#endif | |
10706 | ||
10707 | retval = -ENOMEM; | |
10708 | bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); | |
10709 | @@ -1139,10 +1228,29 @@ int do_execve(char * filename, | |
10710 | if (IS_ERR(file)) | |
10711 | goto out_kfree; | |
10712 | ||
10713 | + gr_learn_resource(current, RLIMIT_NPROC, atomic_read(¤t->user->processes), 1); | |
10714 | + | |
10715 | + if (gr_handle_nproc()) { | |
10716 | + allow_write_access(file); | |
10717 | + fput(file); | |
10718 | + return -EAGAIN; | |
10719 | + } | |
10720 | + | |
10721 | + if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) { | |
10722 | + allow_write_access(file); | |
10723 | + fput(file); | |
10724 | + return -EACCES; | |
10725 | + } | |
10726 | + | |
10727 | sched_exec(); | |
10728 | ||
10729 | bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); | |
10730 | ||
10731 | +#ifdef CONFIG_PAX_RANDUSTACK | |
10732 | + if (randomize_va_space) | |
10733 | + bprm->p -= (pax_get_random_long() & ~(sizeof(void *)-1)) & ~PAGE_MASK; | |
10734 | +#endif | |
10735 | + | |
10736 | bprm->file = file; | |
10737 | bprm->filename = filename; | |
10738 | bprm->interp = filename; | |
10739 | @@ -1184,8 +1292,38 @@ int do_execve(char * filename, | |
10740 | if (retval < 0) | |
10741 | goto out; | |
10742 | ||
10743 | + if (!gr_tpe_allow(file)) { | |
10744 | + retval = -EACCES; | |
10745 | + goto out; | |
10746 | + } | |
10747 | + | |
10748 | + if (gr_check_crash_exec(file)) { | |
10749 | + retval = -EACCES; | |
10750 | + goto out; | |
10751 | + } | |
10752 | + | |
10753 | + gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); | |
10754 | + | |
10755 | + gr_handle_exec_args(bprm, argv); | |
10756 | + | |
10757 | +#ifdef CONFIG_GRKERNSEC | |
10758 | + old_acl = current->acl; | |
10759 | + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim)); | |
10760 | + old_exec_file = current->exec_file; | |
10761 | + get_file(file); | |
10762 | + current->exec_file = file; | |
10763 | +#endif | |
10764 | + | |
10765 | + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt); | |
10766 | + if (retval < 0) | |
10767 | + goto out_fail; | |
10768 | + | |
10769 | retval = search_binary_handler(bprm,regs); | |
10770 | if (retval >= 0) { | |
10771 | +#ifdef CONFIG_GRKERNSEC | |
10772 | + if (old_exec_file) | |
10773 | + fput(old_exec_file); | |
10774 | +#endif | |
10775 | free_arg_pages(bprm); | |
10776 | ||
10777 | /* execve success */ | |
10778 | @@ -1195,6 +1333,14 @@ int do_execve(char * filename, | |
10779 | return retval; | |
10780 | } | |
10781 | ||
10782 | +out_fail: | |
10783 | +#ifdef CONFIG_GRKERNSEC | |
10784 | + current->acl = old_acl; | |
10785 | + memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim)); | |
10786 | + fput(current->exec_file); | |
10787 | + current->exec_file = old_exec_file; | |
10788 | +#endif | |
10789 | + | |
10790 | out: | |
10791 | /* Something went wrong, return the inode and free the argument pages*/ | |
10792 | for (i = 0 ; i < MAX_ARG_PAGES ; i++) { | |
10793 | @@ -1355,6 +1501,114 @@ static void format_corename(char *corena | |
10794 | *out_ptr = 0; | |
10795 | } | |
10796 | ||
10797 | +int pax_check_flags(unsigned long * flags) | |
10798 | +{ | |
10799 | + int retval = 0; | |
10800 | + | |
10801 | +#if !defined(__i386__) || !defined(CONFIG_PAX_SEGMEXEC) | |
10802 | + if (*flags & MF_PAX_SEGMEXEC) | |
10803 | + { | |
10804 | + *flags &= ~MF_PAX_SEGMEXEC; | |
10805 | + retval = -EINVAL; | |
10806 | + } | |
10807 | +#endif | |
10808 | + | |
10809 | + if ((*flags & MF_PAX_PAGEEXEC) | |
10810 | + | |
10811 | +#ifdef CONFIG_PAX_PAGEEXEC | |
10812 | + && (*flags & MF_PAX_SEGMEXEC) | |
10813 | +#endif | |
10814 | + | |
10815 | + ) | |
10816 | + { | |
10817 | + *flags &= ~MF_PAX_PAGEEXEC; | |
10818 | + retval = -EINVAL; | |
10819 | + } | |
10820 | + | |
10821 | + if ((*flags & MF_PAX_MPROTECT) | |
10822 | + | |
10823 | +#ifdef CONFIG_PAX_MPROTECT | |
10824 | + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) | |
10825 | +#endif | |
10826 | + | |
10827 | + ) | |
10828 | + { | |
10829 | + *flags &= ~MF_PAX_MPROTECT; | |
10830 | + retval = -EINVAL; | |
10831 | + } | |
10832 | + | |
10833 | + if ((*flags & MF_PAX_EMUTRAMP) | |
10834 | + | |
10835 | +#ifdef CONFIG_PAX_EMUTRAMP | |
10836 | + && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) | |
10837 | +#endif | |
10838 | + | |
10839 | + ) | |
10840 | + { | |
10841 | + *flags &= ~MF_PAX_EMUTRAMP; | |
10842 | + retval = -EINVAL; | |
10843 | + } | |
10844 | + | |
10845 | + return retval; | |
10846 | +} | |
10847 | + | |
10848 | +EXPORT_SYMBOL(pax_check_flags); | |
10849 | + | |
10850 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
10851 | +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp) | |
10852 | +{ | |
10853 | + struct task_struct *tsk = current; | |
10854 | + struct mm_struct *mm = current->mm; | |
10855 | + char* buffer_exec = (char*)__get_free_page(GFP_ATOMIC); | |
10856 | + char* buffer_fault = (char*)__get_free_page(GFP_ATOMIC); | |
10857 | + char* path_exec=NULL; | |
10858 | + char* path_fault=NULL; | |
10859 | + unsigned long start=0UL, end=0UL, offset=0UL; | |
10860 | + | |
10861 | + if (buffer_exec && buffer_fault) { | |
10862 | + struct vm_area_struct* vma, * vma_exec=NULL, * vma_fault=NULL; | |
10863 | + | |
10864 | + down_read(&mm->mmap_sem); | |
10865 | + vma = mm->mmap; | |
10866 | + while (vma && (!vma_exec || !vma_fault)) { | |
10867 | + if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) | |
10868 | + vma_exec = vma; | |
10869 | + if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end) | |
10870 | + vma_fault = vma; | |
10871 | + vma = vma->vm_next; | |
10872 | + } | |
10873 | + if (vma_exec) { | |
10874 | + path_exec = d_path(vma_exec->vm_file->f_dentry, vma_exec->vm_file->f_vfsmnt, buffer_exec, PAGE_SIZE); | |
10875 | + if (IS_ERR(path_exec)) | |
10876 | + path_exec = "<path too long>"; | |
10877 | + } | |
10878 | + if (vma_fault) { | |
10879 | + start = vma_fault->vm_start; | |
10880 | + end = vma_fault->vm_end; | |
10881 | + offset = vma_fault->vm_pgoff << PAGE_SHIFT; | |
10882 | + if (vma_fault->vm_file) { | |
10883 | + path_fault = d_path(vma_fault->vm_file->f_dentry, vma_fault->vm_file->f_vfsmnt, buffer_fault, PAGE_SIZE); | |
10884 | + if (IS_ERR(path_fault)) | |
10885 | + path_fault = "<path too long>"; | |
10886 | + } else | |
10887 | + path_fault = "<anonymous mapping>"; | |
10888 | + } | |
10889 | + up_read(&mm->mmap_sem); | |
10890 | + } | |
10891 | + if (tsk->signal->curr_ip) | |
10892 | + printk(KERN_ERR "PAX: From %u.%u.%u.%u: execution attempt in: %s, %08lx-%08lx %08lx\n", NIPQUAD(tsk->signal->curr_ip), path_fault, start, end, offset); | |
10893 | + else | |
10894 | + printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); | |
10895 | + printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " | |
10896 | + "PC: %p, SP: %p\n", path_exec, tsk->comm, tsk->pid, | |
10897 | + tsk->uid, tsk->euid, pc, sp); | |
10898 | + free_page((unsigned long)buffer_exec); | |
10899 | + free_page((unsigned long)buffer_fault); | |
10900 | + pax_report_insns(pc, sp); | |
10901 | + do_coredump(SIGKILL, SIGKILL, regs); | |
10902 | +} | |
10903 | +#endif | |
10904 | + | |
10905 | static void zap_process(struct task_struct *start) | |
10906 | { | |
10907 | struct task_struct *t; | |
10908 | @@ -1495,6 +1749,10 @@ int do_coredump(long signr, int exit_cod | |
10909 | */ | |
10910 | clear_thread_flag(TIF_SIGPENDING); | |
10911 | ||
10912 | + if (signr == SIGKILL || signr == SIGILL) | |
10913 | + gr_handle_brute_attach(current); | |
10914 | + | |
10915 | + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1); | |
10916 | if (current->signal->rlim[RLIMIT_CORE].rlim_cur < binfmt->min_coredump) | |
10917 | goto fail_unlock; | |
10918 | ||
10919 | diff -urNp linux-2.6.19.1/fs/ext3/xattr.c linux-2.6.19.1/fs/ext3/xattr.c | |
10920 | --- linux-2.6.19.1/fs/ext3/xattr.c 2006-11-29 16:57:37.000000000 -0500 | |
10921 | +++ linux-2.6.19.1/fs/ext3/xattr.c 2006-12-03 15:16:14.000000000 -0500 | |
10922 | @@ -89,8 +89,8 @@ | |
10923 | printk("\n"); \ | |
10924 | } while (0) | |
10925 | #else | |
10926 | -# define ea_idebug(f...) | |
10927 | -# define ea_bdebug(f...) | |
10928 | +# define ea_idebug(f...) do {} while (0) | |
10929 | +# define ea_bdebug(f...) do {} while (0) | |
10930 | #endif | |
10931 | ||
10932 | static void ext3_xattr_cache_insert(struct buffer_head *); | |
10933 | diff -urNp linux-2.6.19.1/fs/ext4/extents.c linux-2.6.19.1/fs/ext4/extents.c | |
10934 | --- linux-2.6.19.1/fs/ext4/extents.c 2006-11-29 16:57:37.000000000 -0500 | |
10935 | +++ linux-2.6.19.1/fs/ext4/extents.c 2006-12-03 15:16:14.000000000 -0500 | |
10936 | @@ -1093,7 +1093,7 @@ int ext4_ext_correct_indexes(handle_t *h | |
10937 | return err; | |
10938 | } | |
10939 | ||
10940 | -static int inline | |
10941 | +inline static int | |
10942 | ext4_can_extents_be_merged(struct inode *inode, struct ext4_extent *ex1, | |
10943 | struct ext4_extent *ex2) | |
10944 | { | |
10945 | @@ -1509,7 +1509,7 @@ int ext4_ext_rm_idx(handle_t *handle, st | |
10946 | * the caller should calculate credits under truncate_mutex and | |
10947 | * pass the actual path. | |
10948 | */ | |
10949 | -int inline ext4_ext_calc_credits_for_insert(struct inode *inode, | |
10950 | +inline int ext4_ext_calc_credits_for_insert(struct inode *inode, | |
10951 | struct ext4_ext_path *path) | |
10952 | { | |
10953 | int depth, needed; | |
10954 | @@ -1718,7 +1718,7 @@ out: | |
10955 | * ext4_ext_more_to_rm: | |
10956 | * returns 1 if current index has to be freed (even partial) | |
10957 | */ | |
10958 | -static int inline | |
10959 | +inline static int | |
10960 | ext4_ext_more_to_rm(struct ext4_ext_path *path) | |
10961 | { | |
10962 | BUG_ON(path->p_idx == NULL); | |
10963 | diff -urNp linux-2.6.19.1/fs/fcntl.c linux-2.6.19.1/fs/fcntl.c | |
10964 | --- linux-2.6.19.1/fs/fcntl.c 2006-11-29 16:57:37.000000000 -0500 | |
10965 | +++ linux-2.6.19.1/fs/fcntl.c 2006-12-03 15:16:14.000000000 -0500 | |
10966 | @@ -18,6 +18,7 @@ | |
c3e8c1b5 | 10967 | #include <linux/signal.h> |
10968 | #include <linux/rcupdate.h> | |
b6fa5d20 | 10969 | #include <linux/vs_limit.h> |
c3e8c1b5 | 10970 | +#include <linux/grsecurity.h> |
10971 | ||
10972 | #include <asm/poll.h> | |
10973 | #include <asm/siginfo.h> | |
10974 | @@ -63,6 +64,7 @@ static int locate_fd(struct files_struct | |
10975 | struct fdtable *fdt; | |
10976 | ||
10977 | error = -EINVAL; | |
10978 | + gr_learn_resource(current, RLIMIT_NOFILE, orig_start, 0); | |
10979 | if (orig_start >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur) | |
10980 | goto out; | |
10981 | ||
10982 | @@ -83,6 +85,7 @@ repeat: | |
10983 | } | |
10984 | ||
10985 | error = -EMFILE; | |
10986 | + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0); | |
10987 | if (newfd >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur) | |
10988 | goto out; | |
10989 | ||
10990 | @@ -141,6 +144,8 @@ asmlinkage long sys_dup2(unsigned int ol | |
10991 | struct files_struct * files = current->files; | |
10992 | struct fdtable *fdt; | |
10993 | ||
10994 | + gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0); | |
10995 | + | |
10996 | spin_lock(&files->file_lock); | |
10997 | if (!(file = fcheck(oldfd))) | |
10998 | goto out_unlock; | |
10999 | @@ -459,7 +464,8 @@ static inline int sigio_perm(struct task | |
11000 | return (((fown->euid == 0) || | |
11001 | (fown->euid == p->suid) || (fown->euid == p->uid) || | |
11002 | (fown->uid == p->suid) || (fown->uid == p->uid)) && | |
11003 | - !security_file_send_sigiotask(p, fown, sig)); | |
11004 | + !security_file_send_sigiotask(p, fown, sig) && | |
11005 | + !gr_check_protected_task(p) && !gr_pid_is_chrooted(p)); | |
11006 | } | |
11007 | ||
11008 | static void send_sigio_to_task(struct task_struct *p, | |
11009 | diff -urNp linux-2.6.19.1/fs/Kconfig linux-2.6.19.1/fs/Kconfig | |
11010 | --- linux-2.6.19.1/fs/Kconfig 2006-11-29 16:57:37.000000000 -0500 | |
11011 | +++ linux-2.6.19.1/fs/Kconfig 2006-12-03 15:16:12.000000000 -0500 | |
11012 | @@ -929,7 +929,7 @@ config PROC_FS | |
11013 | ||
11014 | config PROC_KCORE | |
11015 | bool "/proc/kcore support" if !ARM | |
11016 | - depends on PROC_FS && MMU | |
11017 | + depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD | |
11018 | ||
11019 | config PROC_VMCORE | |
11020 | bool "/proc/vmcore support (EXPERIMENTAL)" | |
11021 | diff -urNp linux-2.6.19.1/fs/namei.c linux-2.6.19.1/fs/namei.c | |
11022 | --- linux-2.6.19.1/fs/namei.c 2006-11-29 16:57:37.000000000 -0500 | |
11023 | +++ linux-2.6.19.1/fs/namei.c 2006-12-03 15:16:15.000000000 -0500 | |
11024 | @@ -32,6 +32,7 @@ | |
b6fa5d20 | 11025 | #include <linux/vs_base.h> |
11026 | #include <linux/vs_tag.h> | |
11027 | #include <linux/vs_cowbl.h> | |
c3e8c1b5 | 11028 | +#include <linux/grsecurity.h> |
11029 | #include <asm/namei.h> | |
11030 | #include <asm/uaccess.h> | |
11031 | ||
11032 | @@ -640,6 +641,13 @@ static inline int do_follow_link(struct | |
11033 | err = security_inode_follow_link(path->dentry, nd); | |
11034 | if (err) | |
11035 | goto loop; | |
11036 | + | |
11037 | + if (gr_handle_follow_link(path->dentry->d_parent->d_inode, | |
11038 | + path->dentry->d_inode, path->dentry, nd->mnt)) { | |
11039 | + err = -EACCES; | |
11040 | + goto loop; | |
11041 | + } | |
11042 | + | |
11043 | current->link_count++; | |
11044 | current->total_link_count++; | |
11045 | nd->depth++; | |
11046 | @@ -985,11 +993,18 @@ return_reval: | |
11047 | break; | |
11048 | } | |
11049 | return_base: | |
11050 | + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt)) { | |
11051 | + path_release(nd); | |
11052 | + return -ENOENT; | |
11053 | + } | |
11054 | return 0; | |
11055 | out_dput: | |
11056 | dput_path(&next, nd); | |
11057 | break; | |
11058 | } | |
11059 | + if (!gr_acl_handle_hidden_file(nd->dentry, nd->mnt)) | |
11060 | + err = -ENOENT; | |
11061 | + | |
11062 | path_release(nd); | |
11063 | return_err: | |
11064 | return err; | |
11065 | @@ -1601,9 +1616,17 @@ static int open_namei_create(struct name | |
11066 | int error; | |
11067 | struct dentry *dir = nd->dentry; | |
11068 | ||
11069 | + if (!gr_acl_handle_creat(path->dentry, nd->dentry, nd->mnt, flag, mode)) { | |
11070 | + error = -EACCES; | |
11071 | + goto out_unlock_dput; | |
11072 | + } | |
11073 | + | |
11074 | if (!IS_POSIXACL(dir->d_inode)) | |
11075 | mode &= ~current->fs->umask; | |
11076 | error = vfs_create(dir->d_inode, path->dentry, mode, nd); | |
11077 | + if (!error) | |
11078 | + gr_handle_create(path->dentry, nd->mnt); | |
11079 | +out_unlock_dput: | |
11080 | mutex_unlock(&dir->d_inode->i_mutex); | |
11081 | dput(nd->dentry); | |
11082 | nd->dentry = path->dentry; | |
11083 | @@ -1654,6 +1677,17 @@ int open_namei(int dfd, const char *path | |
11084 | nd, flag); | |
11085 | if (error) | |
11086 | return error; | |
11087 | + | |
11088 | + if (gr_handle_rawio(nd->dentry->d_inode)) { | |
11089 | + error = -EPERM; | |
11090 | + goto exit; | |
11091 | + } | |
11092 | + | |
11093 | + if (!gr_acl_handle_open(nd->dentry, nd->mnt, flag)) { | |
11094 | + error = -EACCES; | |
11095 | + goto exit; | |
11096 | + } | |
11097 | + | |
11098 | goto ok; | |
11099 | } | |
11100 | ||
11101 | @@ -1703,6 +1737,23 @@ do_last: | |
11102 | /* | |
11103 | * It already exists. | |
11104 | */ | |
11105 | + | |
11106 | + if (gr_handle_rawio(path.dentry->d_inode)) { | |
11107 | + mutex_unlock(&dir->d_inode->i_mutex); | |
11108 | + error = -EPERM; | |
11109 | + goto exit_dput; | |
11110 | + } | |
11111 | + if (!gr_acl_handle_open(path.dentry, nd->mnt, flag)) { | |
11112 | + mutex_unlock(&dir->d_inode->i_mutex); | |
11113 | + error = -EACCES; | |
11114 | + goto exit_dput; | |
11115 | + } | |
11116 | + if (gr_handle_fifo(path.dentry, nd->mnt, dir, flag, acc_mode)) { | |
11117 | + mutex_unlock(&dir->d_inode->i_mutex); | |
11118 | + error = -EACCES; | |
11119 | + goto exit_dput; | |
11120 | + } | |
11121 | + | |
11122 | mutex_unlock(&dir->d_inode->i_mutex); | |
11123 | audit_inode_update(path.dentry->d_inode); | |
11124 | ||
11125 | @@ -1758,6 +1809,13 @@ do_link: | |
11126 | error = security_inode_follow_link(path.dentry, nd); | |
11127 | if (error) | |
11128 | goto exit_dput; | |
11129 | + | |
11130 | + if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode, | |
11131 | + path.dentry, nd->mnt)) { | |
11132 | + error = -EACCES; | |
11133 | + goto exit_dput; | |
11134 | + } | |
11135 | + | |
11136 | error = __do_follow_link(&path, nd); | |
11137 | if (error) { | |
11138 | /* Does someone understand code flow here? Or it is only | |
11139 | @@ -1886,6 +1944,22 @@ asmlinkage long sys_mknodat(int dfd, con | |
11140 | if (!IS_POSIXACL(nd.dentry->d_inode)) | |
11141 | mode &= ~current->fs->umask; | |
11142 | if (!IS_ERR(dentry)) { | |
11143 | + if (gr_handle_chroot_mknod(dentry, nd.mnt, mode)) { | |
11144 | + error = -EPERM; | |
11145 | + dput(dentry); | |
11146 | + mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
11147 | + path_release(&nd); | |
11148 | + goto out; | |
11149 | + } | |
11150 | + | |
11151 | + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) { | |
11152 | + error = -EACCES; | |
11153 | + dput(dentry); | |
11154 | + mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
11155 | + path_release(&nd); | |
11156 | + goto out; | |
11157 | + } | |
11158 | + | |
11159 | switch (mode & S_IFMT) { | |
11160 | case 0: case S_IFREG: | |
11161 | error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); | |
11162 | @@ -1903,6 +1977,10 @@ asmlinkage long sys_mknodat(int dfd, con | |
11163 | default: | |
11164 | error = -EINVAL; | |
11165 | } | |
11166 | + | |
11167 | + if (!error) | |
11168 | + gr_handle_create(dentry, nd.mnt); | |
11169 | + | |
11170 | dput(dentry); | |
11171 | } | |
11172 | mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
11173 | @@ -1960,9 +2038,18 @@ asmlinkage long sys_mkdirat(int dfd, con | |
11174 | if (IS_ERR(dentry)) | |
11175 | goto out_unlock; | |
11176 | ||
11177 | + if (!gr_acl_handle_mkdir(dentry, nd.dentry, nd.mnt)) { | |
11178 | + error = -EACCES; | |
11179 | + goto out_unlock_dput; | |
11180 | + } | |
11181 | + | |
11182 | if (!IS_POSIXACL(nd.dentry->d_inode)) | |
11183 | mode &= ~current->fs->umask; | |
b6fa5d20 | 11184 | error = vfs_mkdir(nd.dentry->d_inode, dentry, mode, &nd); |
c3e8c1b5 | 11185 | + |
11186 | + if (!error) | |
11187 | + gr_handle_create(dentry, nd.mnt); | |
11188 | +out_unlock_dput: | |
11189 | dput(dentry); | |
11190 | out_unlock: | |
11191 | mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
11192 | @@ -2045,6 +2132,8 @@ static long do_rmdir(int dfd, const char | |
11193 | char * name; | |
11194 | struct dentry *dentry; | |
11195 | struct nameidata nd; | |
11196 | + ino_t saved_ino = 0; | |
11197 | + dev_t saved_dev = 0; | |
11198 | ||
11199 | name = getname(pathname); | |
11200 | if(IS_ERR(name)) | |
11201 | @@ -2070,7 +2159,22 @@ static long do_rmdir(int dfd, const char | |
11202 | error = PTR_ERR(dentry); | |
11203 | if (IS_ERR(dentry)) | |
11204 | goto exit2; | |
11205 | + | |
11206 | + if (dentry->d_inode != NULL) { | |
11207 | + if (dentry->d_inode->i_nlink <= 1) { | |
11208 | + saved_ino = dentry->d_inode->i_ino; | |
11209 | + saved_dev = dentry->d_inode->i_sb->s_dev; | |
11210 | + } | |
11211 | + | |
11212 | + if (!gr_acl_handle_rmdir(dentry, nd.mnt)) { | |
11213 | + error = -EACCES; | |
11214 | + goto dput_exit2; | |
11215 | + } | |
11216 | + } | |
b6fa5d20 | 11217 | error = vfs_rmdir(nd.dentry->d_inode, dentry, &nd); |
c3e8c1b5 | 11218 | + if (!error && (saved_dev || saved_ino)) |
11219 | + gr_handle_delete(saved_ino, saved_dev); | |
11220 | +dput_exit2: | |
11221 | dput(dentry); | |
11222 | exit2: | |
11223 | mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
11224 | @@ -2129,6 +2233,8 @@ static long do_unlinkat(int dfd, const c | |
11225 | struct dentry *dentry; | |
11226 | struct nameidata nd; | |
11227 | struct inode *inode = NULL; | |
11228 | + ino_t saved_ino = 0; | |
11229 | + dev_t saved_dev = 0; | |
11230 | ||
11231 | name = getname(pathname); | |
11232 | if(IS_ERR(name)) | |
11233 | @@ -2144,13 +2250,26 @@ static long do_unlinkat(int dfd, const c | |
11234 | dentry = lookup_hash(&nd); | |
11235 | error = PTR_ERR(dentry); | |
11236 | if (!IS_ERR(dentry)) { | |
11237 | + error = 0; | |
11238 | /* Why not before? Because we want correct error value */ | |
11239 | if (nd.last.name[nd.last.len]) | |
11240 | goto slashes; | |
11241 | inode = dentry->d_inode; | |
11242 | - if (inode) | |
11243 | + if (inode) { | |
11244 | + if (inode->i_nlink <= 1) { | |
11245 | + saved_ino = inode->i_ino; | |
11246 | + saved_dev = inode->i_sb->s_dev; | |
11247 | + } | |
11248 | + | |
11249 | + if (!gr_acl_handle_unlink(dentry, nd.mnt)) | |
11250 | + error = -EACCES; | |
11251 | + | |
11252 | atomic_inc(&inode->i_count); | |
b6fa5d20 | 11253 | - error = vfs_unlink(nd.dentry->d_inode, dentry, &nd); |
c3e8c1b5 | 11254 | + } |
11255 | + if (!error) | |
b6fa5d20 | 11256 | + error = vfs_unlink(nd.dentry->d_inode, dentry, &nd); |
c3e8c1b5 | 11257 | + if (!error && (saved_ino || saved_dev)) |
11258 | + gr_handle_delete(saved_ino, saved_dev); | |
11259 | exit2: | |
11260 | dput(dentry); | |
11261 | } | |
11262 | @@ -2231,7 +2350,16 @@ asmlinkage long sys_symlinkat(const char | |
11263 | if (IS_ERR(dentry)) | |
11264 | goto out_unlock; | |
11265 | ||
11266 | + if (!gr_acl_handle_symlink(dentry, nd.dentry, nd.mnt, from)) { | |
11267 | + error = -EACCES; | |
11268 | + goto out_dput_unlock; | |
11269 | + } | |
11270 | + | |
b6fa5d20 | 11271 | error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO, &nd); |
c3e8c1b5 | 11272 | + |
11273 | + if (!error) | |
11274 | + gr_handle_create(dentry, nd.mnt); | |
11275 | +out_dput_unlock: | |
11276 | dput(dentry); | |
11277 | out_unlock: | |
11278 | mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
11279 | @@ -2326,7 +2454,25 @@ asmlinkage long sys_linkat(int olddfd, c | |
11280 | error = PTR_ERR(new_dentry); | |
11281 | if (IS_ERR(new_dentry)) | |
11282 | goto out_unlock; | |
11283 | + | |
11284 | + if (gr_handle_hardlink(old_nd.dentry, old_nd.mnt, | |
11285 | + old_nd.dentry->d_inode, | |
11286 | + old_nd.dentry->d_inode->i_mode, to)) { | |
11287 | + error = -EACCES; | |
11288 | + goto out_unlock_dput; | |
11289 | + } | |
11290 | + | |
11291 | + if (!gr_acl_handle_link(new_dentry, nd.dentry, nd.mnt, | |
11292 | + old_nd.dentry, old_nd.mnt, to)) { | |
11293 | + error = -EACCES; | |
11294 | + goto out_unlock_dput; | |
11295 | + } | |
11296 | + | |
b6fa5d20 | 11297 | error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry, &nd); |
c3e8c1b5 | 11298 | + |
11299 | + if (!error) | |
11300 | + gr_handle_create(new_dentry, nd.mnt); | |
11301 | +out_unlock_dput: | |
11302 | dput(new_dentry); | |
11303 | out_unlock: | |
11304 | mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
11305 | @@ -2552,8 +2698,16 @@ static int do_rename(int olddfd, const c | |
11306 | if (new_dentry == trap) | |
11307 | goto exit5; | |
11308 | ||
11309 | - error = vfs_rename(old_dir->d_inode, old_dentry, | |
11310 | + error = gr_acl_handle_rename(new_dentry, newnd.dentry, newnd.mnt, | |
11311 | + old_dentry, old_dir->d_inode, oldnd.mnt, | |
11312 | + newname); | |
11313 | + | |
11314 | + if (!error) | |
11315 | + error = vfs_rename(old_dir->d_inode, old_dentry, | |
11316 | new_dir->d_inode, new_dentry); | |
11317 | + if (!error) | |
11318 | + gr_handle_rename(old_dir->d_inode, newnd.dentry->d_inode, old_dentry, | |
11319 | + new_dentry, oldnd.mnt, new_dentry->d_inode ? 1 : 0); | |
11320 | exit5: | |
11321 | dput(new_dentry); | |
11322 | exit4: | |
11323 | diff -urNp linux-2.6.19.1/fs/namespace.c linux-2.6.19.1/fs/namespace.c | |
11324 | --- linux-2.6.19.1/fs/namespace.c 2006-11-29 16:57:37.000000000 -0500 | |
11325 | +++ linux-2.6.19.1/fs/namespace.c 2006-12-03 15:16:15.000000000 -0500 | |
11326 | @@ -25,6 +25,7 @@ | |
b6fa5d20 | 11327 | #include <linux/vserver/space.h> |
11328 | #include <linux/vs_context.h> | |
11329 | #include <linux/vs_tag.h> | |
c3e8c1b5 | 11330 | +#include <linux/grsecurity.h> |
11331 | #include <asm/uaccess.h> | |
11332 | #include <asm/unistd.h> | |
11333 | #include "pnode.h" | |
11334 | @@ -598,6 +599,8 @@ static int do_umount(struct vfsmount *mn | |
11335 | DQUOT_OFF(sb); | |
11336 | retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); | |
11337 | unlock_kernel(); | |
11338 | + | |
11339 | + gr_log_remount(mnt->mnt_devname, retval); | |
11340 | } | |
11341 | up_write(&sb->s_umount); | |
11342 | return retval; | |
11343 | @@ -618,6 +621,9 @@ static int do_umount(struct vfsmount *mn | |
11344 | security_sb_umount_busy(mnt); | |
11345 | up_write(&namespace_sem); | |
11346 | release_mounts(&umount_list); | |
11347 | + | |
11348 | + gr_log_unmount(mnt->mnt_devname, retval); | |
11349 | + | |
11350 | return retval; | |
11351 | } | |
11352 | ||
11353 | @@ -1418,6 +1424,11 @@ long do_mount(char *dev_name, char *dir_ | |
11354 | if (retval) | |
11355 | goto dput_out; | |
11356 | ||
11357 | + if (gr_handle_chroot_mount(nd.dentry, nd.mnt, dev_name)) { | |
11358 | + retval = -EPERM; | |
11359 | + goto dput_out; | |
11360 | + } | |
11361 | + | |
11362 | if (flags & MS_REMOUNT) | |
11363 | retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags, | |
11364 | data_page); | |
11365 | @@ -1432,6 +1443,9 @@ long do_mount(char *dev_name, char *dir_ | |
11366 | dev_name, data_page); | |
11367 | dput_out: | |
11368 | path_release(&nd); | |
11369 | + | |
11370 | + gr_log_mount(dev_name, dir_name, retval); | |
11371 | + | |
11372 | return retval; | |
11373 | } | |
11374 | ||
11375 | @@ -1684,6 +1698,9 @@ asmlinkage long sys_pivot_root(const cha | |
11376 | if (!capable(CAP_SYS_ADMIN)) | |
11377 | return -EPERM; | |
11378 | ||
11379 | + if (gr_handle_chroot_pivot()) | |
11380 | + return -EPERM; | |
11381 | + | |
11382 | lock_kernel(); | |
11383 | ||
11384 | error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, | |
11385 | diff -urNp linux-2.6.19.1/fs/open.c linux-2.6.19.1/fs/open.c | |
11386 | --- linux-2.6.19.1/fs/open.c 2006-11-29 16:57:37.000000000 -0500 | |
11387 | +++ linux-2.6.19.1/fs/open.c 2006-12-03 15:16:15.000000000 -0500 | |
11388 | @@ -27,6 +27,7 @@ | |
b6fa5d20 | 11389 | #include <linux/vs_dlimit.h> |
11390 | #include <linux/vs_tag.h> | |
11391 | #include <linux/vs_cowbl.h> | |
c3e8c1b5 | 11392 | +#include <linux/grsecurity.h> |
11393 | ||
11394 | int vfs_statfs(struct dentry *dentry, struct kstatfs *buf) | |
11395 | { | |
11396 | @@ -204,6 +205,9 @@ int do_truncate(struct dentry *dentry, l | |
11397 | if (length < 0) | |
11398 | return -EINVAL; | |
11399 | ||
11400 | + if (filp && !gr_acl_handle_truncate(dentry, filp->f_vfsmnt)) | |
11401 | + return -EACCES; | |
11402 | + | |
11403 | newattrs.ia_size = length; | |
11404 | newattrs.ia_valid = ATTR_SIZE | time_attrs; | |
11405 | if (filp) { | |
11406 | @@ -398,6 +402,9 @@ asmlinkage long sys_faccessat(int dfd, c | |
11407 | if(IS_RDONLY(nd.dentry->d_inode)) | |
11408 | res = -EROFS; | |
11409 | ||
11410 | + if (!res && !gr_acl_handle_access(nd.dentry, nd.mnt, mode)) | |
11411 | + res = -EACCES; | |
11412 | + | |
11413 | out_path_release: | |
11414 | path_release(&nd); | |
11415 | out: | |
11416 | @@ -427,6 +434,8 @@ asmlinkage long sys_chdir(const char __u | |
11417 | if (error) | |
11418 | goto dput_and_out; | |
11419 | ||
11420 | + gr_log_chdir(nd.dentry, nd.mnt); | |
11421 | + | |
11422 | set_fs_pwd(current->fs, nd.mnt, nd.dentry); | |
11423 | ||
11424 | dput_and_out: | |
11425 | @@ -457,6 +466,13 @@ asmlinkage long sys_fchdir(unsigned int | |
11426 | goto out_putf; | |
11427 | ||
11428 | error = file_permission(file, MAY_EXEC); | |
11429 | + | |
11430 | + if (!error && !gr_chroot_fchdir(dentry, mnt)) | |
11431 | + error = -EPERM; | |
11432 | + | |
11433 | + if (!error) | |
11434 | + gr_log_chdir(dentry, mnt); | |
11435 | + | |
11436 | if (!error) | |
11437 | set_fs_pwd(current->fs, mnt, dentry); | |
11438 | out_putf: | |
11439 | @@ -482,8 +498,16 @@ asmlinkage long sys_chroot(const char __ | |
11440 | if (!capable(CAP_SYS_CHROOT)) | |
11441 | goto dput_and_out; | |
11442 | ||
11443 | + if (gr_handle_chroot_chroot(nd.dentry, nd.mnt)) | |
11444 | + goto dput_and_out; | |
11445 | + | |
11446 | set_fs_root(current->fs, nd.mnt, nd.dentry); | |
11447 | set_fs_altroot(); | |
11448 | + | |
11449 | + gr_handle_chroot_caps(current); | |
11450 | + | |
11451 | + gr_handle_chroot_chdir(nd.dentry, nd.mnt); | |
11452 | + | |
11453 | error = 0; | |
11454 | dput_and_out: | |
11455 | path_release(&nd); | |
11456 | @@ -514,9 +538,22 @@ asmlinkage long sys_fchmod(unsigned int | |
11457 | err = -EPERM; | |
11458 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) | |
11459 | goto out_putf; | |
11460 | + | |
11461 | + if (!gr_acl_handle_fchmod(dentry, file->f_vfsmnt, mode)) { | |
11462 | + err = -EACCES; | |
11463 | + goto out_putf; | |
11464 | + } | |
11465 | + | |
11466 | mutex_lock(&inode->i_mutex); | |
11467 | if (mode == (mode_t) -1) | |
11468 | mode = inode->i_mode; | |
11469 | + | |
11470 | + if (gr_handle_chroot_chmod(dentry, file->f_vfsmnt, mode)) { | |
11471 | + err = -EPERM; | |
11472 | + mutex_unlock(&inode->i_mutex); | |
11473 | + goto out_putf; | |
11474 | + } | |
11475 | + | |
11476 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); | |
11477 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; | |
11478 | err = notify_change(dentry, &newattrs); | |
11479 | @@ -549,9 +586,21 @@ asmlinkage long sys_fchmodat(int dfd, co | |
11480 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) | |
11481 | goto dput_and_out; | |
11482 | ||
11483 | + if (!gr_acl_handle_chmod(nd.dentry, nd.mnt, mode)) { | |
11484 | + error = -EACCES; | |
11485 | + goto dput_and_out; | |
11486 | + }; | |
11487 | + | |
11488 | mutex_lock(&inode->i_mutex); | |
11489 | if (mode == (mode_t) -1) | |
11490 | mode = inode->i_mode; | |
11491 | + | |
11492 | + if (gr_handle_chroot_chmod(nd.dentry, nd.mnt, mode)) { | |
11493 | + error = -EACCES; | |
11494 | + mutex_unlock(&inode->i_mutex); | |
11495 | + goto dput_and_out; | |
11496 | + } | |
11497 | + | |
11498 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); | |
11499 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; | |
11500 | error = notify_change(nd.dentry, &newattrs); | |
c3e8c1b5 | 11501 | @@ -585,6 +634,12 @@ static int chown_common(struct dentry * |
11502 | error = -EPERM; | |
11503 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) | |
11504 | goto out; | |
11505 | + | |
11506 | + if (!gr_acl_handle_chown(dentry, mnt)) { | |
11507 | + error = -EACCES; | |
11508 | + goto out; | |
11509 | + } | |
11510 | + | |
11511 | newattrs.ia_valid = ATTR_CTIME; | |
11512 | if (user != (uid_t) -1) { | |
11513 | newattrs.ia_valid |= ATTR_UID; | |
c3e8c1b5 | 11514 | @@ -872,6 +927,7 @@ repeat: |
11515 | * N.B. For clone tasks sharing a files structure, this test | |
11516 | * will limit the total number of files that can be opened. | |
11517 | */ | |
11518 | + gr_learn_resource(current, RLIMIT_NOFILE, fd, 0); | |
11519 | if (fd >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur) | |
11520 | goto out; | |
11521 | ||
11522 | diff -urNp linux-2.6.19.1/fs/partitions/efi.c linux-2.6.19.1/fs/partitions/efi.c | |
11523 | --- linux-2.6.19.1/fs/partitions/efi.c 2006-11-29 16:57:37.000000000 -0500 | |
11524 | +++ linux-2.6.19.1/fs/partitions/efi.c 2006-12-03 15:16:15.000000000 -0500 | |
11525 | @@ -99,7 +99,7 @@ | |
11526 | #ifdef EFI_DEBUG | |
11527 | #define Dprintk(x...) printk(KERN_DEBUG x) | |
11528 | #else | |
11529 | -#define Dprintk(x...) | |
11530 | +#define Dprintk(x...) do {} while (0) | |
11531 | #endif | |
11532 | ||
11533 | /* This allows a kernel command line option 'gpt' to override | |
11534 | diff -urNp linux-2.6.19.1/fs/pipe.c linux-2.6.19.1/fs/pipe.c | |
11535 | --- linux-2.6.19.1/fs/pipe.c 2006-11-29 16:57:37.000000000 -0500 | |
11536 | +++ linux-2.6.19.1/fs/pipe.c 2006-12-03 15:16:15.000000000 -0500 | |
11537 | @@ -827,7 +827,7 @@ void free_pipe_info(struct inode *inode) | |
11538 | inode->i_pipe = NULL; | |
11539 | } | |
11540 | ||
11541 | -static struct vfsmount *pipe_mnt __read_mostly; | |
11542 | +struct vfsmount *pipe_mnt __read_mostly; | |
11543 | static int pipefs_delete_dentry(struct dentry *dentry) | |
11544 | { | |
11545 | return 1; | |
11546 | diff -urNp linux-2.6.19.1/fs/proc/array.c linux-2.6.19.1/fs/proc/array.c | |
11547 | --- linux-2.6.19.1/fs/proc/array.c 2006-11-29 16:57:37.000000000 -0500 | |
11548 | +++ linux-2.6.19.1/fs/proc/array.c 2006-12-03 15:16:15.000000000 -0500 | |
11549 | @@ -291,6 +291,21 @@ static inline char *task_cap(struct task | |
11550 | cap_t(p->cap_effective)); | |
11551 | } | |
11552 | ||
11553 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
11554 | +static inline char *task_pax(struct task_struct *p, char *buffer) | |
11555 | +{ | |
11556 | + if (p->mm) | |
11557 | + return buffer + sprintf(buffer, "PaX:\t%c%c%c%c%c\n", | |
11558 | + p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p', | |
11559 | + p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e', | |
11560 | + p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm', | |
11561 | + p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r', | |
11562 | + p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's'); | |
11563 | + else | |
11564 | + return buffer + sprintf(buffer, "PaX:\t-----\n"); | |
11565 | +} | |
11566 | +#endif | |
11567 | + | |
11568 | int proc_pid_status(struct task_struct *task, char * buffer) | |
11569 | { | |
11570 | char * orig = buffer; | |
11571 | @@ -309,9 +324,20 @@ int proc_pid_status(struct task_struct * | |
11572 | #if defined(CONFIG_S390) | |
11573 | buffer = task_show_regs(task, buffer); | |
11574 | #endif | |
11575 | + | |
11576 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
11577 | + buffer = task_pax(task, buffer); | |
11578 | +#endif | |
11579 | + | |
11580 | return buffer - orig; | |
11581 | } | |
11582 | ||
11583 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
11584 | +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \ | |
11585 | + (_mm->pax_flags & MF_PAX_RANDMMAP || \ | |
11586 | + _mm->pax_flags & MF_PAX_SEGMEXEC)) | |
11587 | +#endif | |
11588 | + | |
11589 | static int do_task_stat(struct task_struct *task, char * buffer, int whole) | |
11590 | { | |
11591 | unsigned long vsize, eip, esp, wchan = ~0UL; | |
11592 | @@ -406,6 +432,19 @@ static int do_task_stat(struct task_stru | |
11593 | stime = task->stime; | |
11594 | } | |
11595 | ||
11596 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
11597 | + if (PAX_RAND_FLAGS(mm)) { | |
11598 | + eip = 0; | |
11599 | + esp = 0; | |
11600 | + wchan = 0; | |
11601 | + } | |
11602 | +#endif | |
11603 | +#ifdef CONFIG_GRKERNSEC_HIDESYM | |
11604 | + wchan = 0; | |
11605 | + eip =0; | |
11606 | + esp =0; | |
11607 | +#endif | |
11608 | + | |
11609 | /* scale priority and nice values from timeslices to -20..20 */ | |
11610 | /* to make it look like a "normal" Unix priority/nice value */ | |
11611 | priority = task_prio(task); | |
11612 | @@ -445,9 +484,15 @@ static int do_task_stat(struct task_stru | |
11613 | vsize, | |
11614 | mm ? get_mm_rss(mm) : 0, | |
11615 | rsslim, | |
11616 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
11617 | + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->start_code : 0), | |
11618 | + PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->end_code : 0), | |
11619 | + PAX_RAND_FLAGS(mm) ? 0 : (mm ? mm->start_stack : 0), | |
11620 | +#else | |
11621 | mm ? mm->start_code : 0, | |
11622 | mm ? mm->end_code : 0, | |
11623 | mm ? mm->start_stack : 0, | |
11624 | +#endif | |
11625 | esp, | |
11626 | eip, | |
11627 | /* The signal information here is obsolete. | |
11628 | @@ -494,3 +539,14 @@ int proc_pid_statm(struct task_struct *t | |
11629 | return sprintf(buffer,"%d %d %d %d %d %d %d\n", | |
11630 | size, resident, shared, text, lib, data, 0); | |
11631 | } | |
11632 | + | |
11633 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
11634 | +int proc_pid_ipaddr(struct task_struct *task, char * buffer) | |
11635 | +{ | |
11636 | + int len; | |
11637 | + | |
11638 | + len = sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->signal->curr_ip)); | |
11639 | + return len; | |
11640 | +} | |
11641 | +#endif | |
11642 | + | |
11643 | diff -urNp linux-2.6.19.1/fs/proc/base.c linux-2.6.19.1/fs/proc/base.c | |
11644 | --- linux-2.6.19.1/fs/proc/base.c 2006-11-29 16:57:37.000000000 -0500 | |
11645 | +++ linux-2.6.19.1/fs/proc/base.c 2006-12-03 15:41:31.000000000 -0500 | |
11646 | @@ -73,6 +73,7 @@ | |
c3e8c1b5 | 11647 | #include <linux/oom.h> |
b6fa5d20 | 11648 | #include <linux/vs_context.h> |
11649 | #include <linux/vs_network.h> | |
c3e8c1b5 | 11650 | +#include <linux/grsecurity.h> |
b6fa5d20 | 11651 | |
c3e8c1b5 | 11652 | #include "internal.h" |
11653 | ||
c3e8c1b5 | 11654 | @@ -194,7 +195,7 @@ static int proc_root_link(struct inode * |
11655 | (task->parent == current && \ | |
11656 | (task->ptrace & PT_PTRACED) && \ | |
11657 | (task->state == TASK_STOPPED || task->state == TASK_TRACED) && \ | |
11658 | - security_ptrace(current,task) == 0)) | |
11659 | + security_ptrace(current,task) == 0 && !gr_handle_proc_ptrace(task))) | |
11660 | ||
11661 | static int proc_pid_environ(struct task_struct *task, char * buffer) | |
11662 | { | |
11663 | @@ -330,6 +331,8 @@ static int proc_fd_access_allowed(struct | |
11664 | task = get_proc_task(inode); | |
11665 | if (task) { | |
11666 | allowed = ptrace_may_attach(task); | |
11667 | + if (allowed != 0) | |
11668 | + allowed = !gr_acl_handle_procpidmem(task); | |
11669 | put_task_struct(task); | |
11670 | } | |
11671 | return allowed; | |
11672 | @@ -521,7 +524,7 @@ static ssize_t mem_read(struct file * fi | |
11673 | if (!task) | |
11674 | goto out_no_task; | |
11675 | ||
11676 | - if (!MAY_PTRACE(task) || !ptrace_may_attach(task)) | |
11677 | + if (!MAY_PTRACE(task) || !ptrace_may_attach(task) || gr_acl_handle_procpidmem(task)) | |
11678 | goto out; | |
11679 | ||
11680 | ret = -ENOMEM; | |
11681 | @@ -591,7 +594,7 @@ static ssize_t mem_write(struct file * f | |
11682 | if (!task) | |
11683 | goto out_no_task; | |
11684 | ||
11685 | - if (!MAY_PTRACE(task) || !ptrace_may_attach(task)) | |
11686 | + if (!MAY_PTRACE(task) || !ptrace_may_attach(task) || gr_acl_handle_procpidmem(task)) | |
11687 | goto out; | |
11688 | ||
11689 | copied = -ENOMEM; | |
11690 | @@ -969,7 +972,11 @@ static struct inode *proc_pid_make_inode | |
11691 | inode->i_gid = 0; | |
11692 | if (task_dumpable(task)) { | |
11693 | inode->i_uid = task->euid; | |
11694 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
11695 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
11696 | +#else | |
11697 | inode->i_gid = task->egid; | |
11698 | +#endif | |
11699 | } | |
11700 | security_task_to_inode(task, inode); | |
11701 | ||
11702 | @@ -985,17 +992,38 @@ static int pid_getattr(struct vfsmount * | |
11703 | { | |
11704 | struct inode *inode = dentry->d_inode; | |
11705 | struct task_struct *task; | |
11706 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
11707 | + struct task_struct *tmp = current; | |
11708 | +#endif | |
11709 | + | |
11710 | generic_fillattr(inode, stat); | |
11711 | ||
11712 | rcu_read_lock(); | |
11713 | stat->uid = 0; | |
11714 | stat->gid = 0; | |
11715 | task = pid_task(proc_pid(inode), PIDTYPE_PID); | |
11716 | - if (task) { | |
11717 | + if (task && | |
11718 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
11719 | + (!tmp->uid || (tmp->uid == task->uid) | |
11720 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
11721 | + || in_group_p(CONFIG_GRKERNSEC_PROC_GID) | |
11722 | +#endif | |
11723 | + ) && | |
11724 | +#endif | |
11725 | + !gr_check_hidden_task(task)) { | |
11726 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | |
11727 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11728 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) || | |
11729 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
11730 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) || | |
11731 | +#endif | |
11732 | task_dumpable(task)) { | |
11733 | stat->uid = task->euid; | |
11734 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
11735 | + stat->gid = CONFIG_GRKERNSEC_PROC_GID; | |
11736 | +#else | |
11737 | stat->gid = task->egid; | |
11738 | +#endif | |
11739 | } | |
11740 | } | |
11741 | rcu_read_unlock(); | |
11742 | @@ -1025,9 +1053,18 @@ static int pid_revalidate(struct dentry | |
11743 | struct task_struct *task = get_proc_task(inode); | |
11744 | if (task) { | |
11745 | if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || | |
11746 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11747 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) || | |
11748 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
11749 | + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) || | |
11750 | +#endif | |
11751 | task_dumpable(task)) { | |
11752 | inode->i_uid = task->euid; | |
11753 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
11754 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
11755 | +#else | |
11756 | inode->i_gid = task->egid; | |
11757 | +#endif | |
11758 | } else { | |
11759 | inode->i_uid = 0; | |
11760 | inode->i_gid = 0; | |
11761 | @@ -1273,6 +1310,9 @@ static struct dentry *proc_lookupfd(stru | |
11762 | if (fd == ~0U) | |
11763 | goto out; | |
11764 | ||
11765 | + if (gr_acl_handle_procpidmem(task)) | |
11766 | + goto out; | |
11767 | + | |
11768 | result = proc_fd_instantiate(dir, dentry, task, &fd); | |
11769 | out: | |
11770 | put_task_struct(task); | |
11771 | @@ -1317,6 +1357,8 @@ static int proc_readfd(struct file * fil | |
11772 | goto out; | |
11773 | filp->f_pos++; | |
11774 | default: | |
11775 | + if (gr_acl_handle_procpidmem(p)) | |
11776 | + goto out; | |
11777 | files = get_files_struct(p); | |
11778 | if (!files) | |
11779 | goto out; | |
11780 | @@ -1791,6 +1833,9 @@ static struct pid_entry tgid_base_stuff[ | |
11781 | #ifdef CONFIG_AUDITSYSCALL | |
11782 | REG("loginuid", S_IWUSR|S_IRUGO, loginuid), | |
11783 | #endif | |
11784 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
11785 | + INF("ipaddr", S_IRUSR, pid_ipaddr), | |
11786 | +#endif | |
11787 | }; | |
11788 | ||
11789 | static int proc_tgid_base_readdir(struct file * filp, | |
11790 | @@ -1893,7 +1938,14 @@ struct dentry *proc_pid_instantiate(stru | |
11791 | if (!inode) | |
11792 | goto out; | |
11793 | ||
11794 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11795 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR; | |
11796 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
11797 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
11798 | + inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP; | |
11799 | +#else | |
11800 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | |
11801 | +#endif | |
11802 | inode->i_op = &proc_tgid_base_inode_operations; | |
11803 | inode->i_fop = &proc_tgid_base_operations; | |
11804 | inode->i_flags|=S_IMMUTABLE; | |
11805 | @@ -1934,7 +1986,11 @@ struct dentry *proc_pid_lookup(struct in | |
11806 | if (!task) | |
11807 | goto out; | |
11808 | ||
11809 | + if (gr_check_hidden_task(task)) | |
11810 | + goto out_put_task; | |
11811 | + | |
11812 | result = proc_pid_instantiate(dir, dentry, task, NULL); | |
11813 | +out_put_task: | |
11814 | put_task_struct(task); | |
11815 | out: | |
11816 | return result; | |
11817 | @@ -1992,6 +2048,9 @@ int proc_pid_readdir(struct file * filp, | |
11818 | { | |
11819 | unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY; | |
b6fa5d20 | 11820 | struct task_struct *reaper = get_proc_task_real(filp->f_dentry->d_inode); |
c3e8c1b5 | 11821 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) |
11822 | + struct task_struct *tmp = current; | |
11823 | +#endif | |
11824 | struct task_struct *task; | |
11825 | int tgid; | |
11826 | ||
11827 | @@ -2009,6 +2068,18 @@ int proc_pid_readdir(struct file * filp, | |
11828 | task; | |
11829 | put_task_struct(task), task = next_tgid(tgid + 1)) { | |
11830 | tgid = task->pid; | |
11831 | + | |
11832 | + if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task) | |
11833 | +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
11834 | + || (tmp->uid && (task->uid != tmp->uid) | |
11835 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
11836 | + && !in_group_p(CONFIG_GRKERNSEC_PROC_GID) | |
11837 | +#endif | |
11838 | + ) | |
11839 | +#endif | |
11840 | + ) | |
11841 | + continue; | |
11842 | + | |
11843 | filp->f_pos = tgid + TGID_OFFSET; | |
11844 | if (proc_pid_fill_cache(filp, dirent, filldir, task, tgid) < 0) { | |
11845 | put_task_struct(task); | |
11846 | diff -urNp linux-2.6.19.1/fs/proc/inode.c linux-2.6.19.1/fs/proc/inode.c | |
11847 | --- linux-2.6.19.1/fs/proc/inode.c 2006-11-29 16:57:37.000000000 -0500 | |
11848 | +++ linux-2.6.19.1/fs/proc/inode.c 2006-12-03 15:16:15.000000000 -0500 | |
11849 | @@ -166,7 +166,11 @@ struct inode *proc_get_inode(struct supe | |
11850 | if (de->mode) { | |
11851 | inode->i_mode = de->mode; | |
11852 | inode->i_uid = de->uid; | |
11853 | +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP | |
11854 | + inode->i_gid = CONFIG_GRKERNSEC_PROC_GID; | |
11855 | +#else | |
11856 | inode->i_gid = de->gid; | |
11857 | +#endif | |
11858 | } | |
11859 | if (de->size) | |
11860 | inode->i_size = de->size; | |
11861 | diff -urNp linux-2.6.19.1/fs/proc/internal.h linux-2.6.19.1/fs/proc/internal.h | |
11862 | --- linux-2.6.19.1/fs/proc/internal.h 2006-11-29 16:57:37.000000000 -0500 | |
11863 | +++ linux-2.6.19.1/fs/proc/internal.h 2006-12-03 15:16:15.000000000 -0500 | |
11864 | @@ -37,6 +37,9 @@ extern int proc_tid_stat(struct task_str | |
11865 | extern int proc_tgid_stat(struct task_struct *, char *); | |
11866 | extern int proc_pid_status(struct task_struct *, char *); | |
11867 | extern int proc_pid_statm(struct task_struct *, char *); | |
11868 | +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR | |
11869 | +extern int proc_pid_ipaddr(struct task_struct*,char*); | |
11870 | +#endif | |
11871 | ||
11872 | extern struct file_operations proc_maps_operations; | |
11873 | extern struct file_operations proc_numa_maps_operations; | |
11874 | diff -urNp linux-2.6.19.1/fs/proc/proc_misc.c linux-2.6.19.1/fs/proc/proc_misc.c | |
11875 | --- linux-2.6.19.1/fs/proc/proc_misc.c 2006-11-29 16:57:37.000000000 -0500 | |
11876 | +++ linux-2.6.19.1/fs/proc/proc_misc.c 2006-12-03 15:16:15.000000000 -0500 | |
11877 | @@ -670,6 +670,8 @@ void create_seq_entry(char *name, mode_t | |
11878 | void __init proc_misc_init(void) | |
11879 | { | |
11880 | struct proc_dir_entry *entry; | |
11881 | + int gr_mode = 0; | |
11882 | + | |
11883 | static struct { | |
11884 | char *name; | |
11885 | int (*read_proc)(char*,char**,off_t,int,int*,void*); | |
11886 | @@ -685,7 +687,9 @@ void __init proc_misc_init(void) | |
11887 | {"stram", stram_read_proc}, | |
11888 | #endif | |
11889 | {"filesystems", filesystems_read_proc}, | |
11890 | +#ifndef CONFIG_GRKERNSEC_PROC_ADD | |
11891 | {"cmdline", cmdline_read_proc}, | |
11892 | +#endif | |
11893 | {"locks", locks_read_proc}, | |
11894 | {"execdomains", execdomains_read_proc}, | |
11895 | {NULL,} | |
11896 | @@ -693,13 +697,26 @@ void __init proc_misc_init(void) | |
11897 | for (p = simple_ones; p->name; p++) | |
11898 | create_proc_read_entry(p->name, 0, NULL, p->read_proc, NULL); | |
11899 | ||
11900 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11901 | + gr_mode = S_IRUSR; | |
11902 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
11903 | + gr_mode = S_IRUSR | S_IRGRP; | |
11904 | +#endif | |
11905 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11906 | + create_proc_read_entry("cmdline", gr_mode, NULL, &cmdline_read_proc, NULL); | |
11907 | +#endif | |
11908 | + | |
11909 | proc_symlink("mounts", NULL, "self/mounts"); | |
11910 | ||
11911 | /* And now for trickier ones */ | |
11912 | entry = create_proc_entry("kmsg", S_IRUSR, &proc_root); | |
11913 | if (entry) | |
11914 | entry->proc_fops = &proc_kmsg_operations; | |
11915 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11916 | + create_seq_entry("devices", gr_mode, &proc_devinfo_operations); | |
11917 | +#else | |
11918 | create_seq_entry("devices", 0, &proc_devinfo_operations); | |
11919 | +#endif | |
11920 | create_seq_entry("cpuinfo", 0, &proc_cpuinfo_operations); | |
11921 | #ifdef CONFIG_BLOCK | |
11922 | create_seq_entry("partitions", 0, &proc_partitions_operations); | |
11923 | @@ -707,7 +724,11 @@ void __init proc_misc_init(void) | |
11924 | create_seq_entry("stat", 0, &proc_stat_operations); | |
11925 | create_seq_entry("interrupts", 0, &proc_interrupts_operations); | |
11926 | #ifdef CONFIG_SLAB | |
11927 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11928 | + create_seq_entry("slabinfo",S_IWUSR|gr_mode,&proc_slabinfo_operations); | |
11929 | +#else | |
11930 | create_seq_entry("slabinfo",S_IWUSR|S_IRUGO,&proc_slabinfo_operations); | |
11931 | +#endif | |
11932 | #ifdef CONFIG_DEBUG_SLAB_LEAK | |
11933 | create_seq_entry("slab_allocators", 0 ,&proc_slabstats_operations); | |
11934 | #endif | |
11935 | @@ -724,7 +745,7 @@ void __init proc_misc_init(void) | |
11936 | #ifdef CONFIG_SCHEDSTATS | |
11937 | create_seq_entry("schedstat", 0, &proc_schedstat_operations); | |
11938 | #endif | |
11939 | -#ifdef CONFIG_PROC_KCORE | |
11940 | +#if defined(CONFIG_PROC_KCORE) && !defined(CONFIG_GRKERNSEC_PROC_ADD) | |
11941 | proc_root_kcore = create_proc_entry("kcore", S_IRUSR, NULL); | |
11942 | if (proc_root_kcore) { | |
11943 | proc_root_kcore->proc_fops = &proc_kcore_operations; | |
11944 | diff -urNp linux-2.6.19.1/fs/proc/root.c linux-2.6.19.1/fs/proc/root.c | |
11945 | --- linux-2.6.19.1/fs/proc/root.c 2006-11-29 16:57:37.000000000 -0500 | |
11946 | +++ linux-2.6.19.1/fs/proc/root.c 2006-12-03 15:16:15.000000000 -0500 | |
11947 | @@ -64,7 +64,13 @@ void __init proc_root_init(void) | |
11948 | return; | |
11949 | } | |
11950 | proc_misc_init(); | |
11951 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11952 | + proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR, NULL); | |
11953 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
11954 | + proc_net = proc_mkdir_mode("net", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL); | |
11955 | +#else | |
11956 | proc_net = proc_mkdir("net", NULL); | |
11957 | +#endif | |
11958 | proc_net_stat = proc_mkdir("net/stat", NULL); | |
11959 | ||
11960 | #ifdef CONFIG_SYSVIPC | |
11961 | @@ -88,7 +94,15 @@ void __init proc_root_init(void) | |
11962 | #ifdef CONFIG_PROC_DEVICETREE | |
11963 | proc_device_tree_init(); | |
11964 | #endif | |
11965 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
11966 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
11967 | + proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL); | |
11968 | +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) | |
11969 | + proc_bus = proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL); | |
11970 | +#endif | |
11971 | +#else | |
11972 | proc_bus = proc_mkdir("bus", NULL); | |
11973 | +#endif | |
b6fa5d20 | 11974 | proc_vx_init(); |
c3e8c1b5 | 11975 | } |
11976 | ||
11977 | static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat | |
11978 | diff -urNp linux-2.6.19.1/fs/proc/task_mmu.c linux-2.6.19.1/fs/proc/task_mmu.c | |
11979 | --- linux-2.6.19.1/fs/proc/task_mmu.c 2006-11-29 16:57:37.000000000 -0500 | |
11980 | +++ linux-2.6.19.1/fs/proc/task_mmu.c 2006-12-03 15:16:15.000000000 -0500 | |
11981 | @@ -43,15 +43,27 @@ char *task_mem(struct mm_struct *mm, cha | |
11982 | "VmStk:\t%8lu kB\n" | |
11983 | "VmExe:\t%8lu kB\n" | |
11984 | "VmLib:\t%8lu kB\n" | |
11985 | - "VmPTE:\t%8lu kB\n", | |
11986 | - hiwater_vm << (PAGE_SHIFT-10), | |
11987 | + "VmPTE:\t%8lu kB\n" | |
11988 | + | |
11989 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
11990 | + "CsBase:\t%8lx\nCsLim:\t%8lx\n" | |
11991 | +#endif | |
11992 | + | |
11993 | + ,hiwater_vm << (PAGE_SHIFT-10), | |
11994 | (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10), | |
11995 | mm->locked_vm << (PAGE_SHIFT-10), | |
11996 | hiwater_rss << (PAGE_SHIFT-10), | |
11997 | total_rss << (PAGE_SHIFT-10), | |
11998 | data << (PAGE_SHIFT-10), | |
11999 | mm->stack_vm << (PAGE_SHIFT-10), text, lib, | |
12000 | - (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10); | |
12001 | + (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10 | |
12002 | + | |
12003 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
12004 | + , mm->context.user_cs_base, mm->context.user_cs_limit | |
12005 | +#endif | |
12006 | + | |
12007 | + ); | |
12008 | + | |
12009 | return buffer; | |
12010 | } | |
12011 | ||
12012 | @@ -122,6 +134,12 @@ struct mem_size_stats | |
12013 | unsigned long private_dirty; | |
12014 | }; | |
12015 | ||
12016 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
12017 | +#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \ | |
12018 | + (_mm->pax_flags & MF_PAX_RANDMMAP || \ | |
12019 | + _mm->pax_flags & MF_PAX_SEGMEXEC)) | |
12020 | +#endif | |
12021 | + | |
12022 | static int show_map_internal(struct seq_file *m, void *v, struct mem_size_stats *mss) | |
12023 | { | |
12024 | struct proc_maps_private *priv = m->private; | |
12025 | @@ -141,13 +159,30 @@ static int show_map_internal(struct seq_ | |
12026 | } | |
12027 | ||
12028 | seq_printf(m, "%08lx-%08lx %c%c%c%c %08lx %02x:%02x %lu %n", | |
12029 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
12030 | + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start, | |
12031 | + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end, | |
12032 | +#else | |
12033 | vma->vm_start, | |
12034 | vma->vm_end, | |
12035 | +#endif | |
12036 | + | |
12037 | +#if 0 | |
12038 | + flags & VM_MAYREAD ? flags & VM_READ ? 'R' : '+' : flags & VM_READ ? 'r' : '-', | |
12039 | + flags & VM_MAYWRITE ? flags & VM_WRITE ? 'W' : '+' : flags & VM_WRITE ? 'w' : '-', | |
12040 | + flags & VM_MAYEXEC ? flags & VM_EXEC ? 'X' : '+' : flags & VM_EXEC ? 'x' : '-', | |
12041 | +#else | |
12042 | flags & VM_READ ? 'r' : '-', | |
12043 | flags & VM_WRITE ? 'w' : '-', | |
12044 | flags & VM_EXEC ? 'x' : '-', | |
12045 | +#endif | |
12046 | + | |
12047 | flags & VM_MAYSHARE ? 's' : 'p', | |
12048 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
12049 | + PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_pgoff << PAGE_SHIFT, | |
12050 | +#else | |
12051 | vma->vm_pgoff << PAGE_SHIFT, | |
12052 | +#endif | |
12053 | MAJOR(dev), MINOR(dev), ino, &len); | |
12054 | ||
12055 | /* | |
12056 | @@ -161,11 +196,11 @@ static int show_map_internal(struct seq_ | |
12057 | const char *name = arch_vma_name(vma); | |
12058 | if (!name) { | |
12059 | if (mm) { | |
12060 | - if (vma->vm_start <= mm->start_brk && | |
12061 | - vma->vm_end >= mm->brk) { | |
12062 | + if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) { | |
12063 | name = "[heap]"; | |
12064 | - } else if (vma->vm_start <= mm->start_stack && | |
12065 | - vma->vm_end >= mm->start_stack) { | |
12066 | + } else if ((vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) || | |
12067 | + (vma->vm_start <= mm->start_stack && | |
12068 | + vma->vm_end >= mm->start_stack)) { | |
12069 | name = "[stack]"; | |
12070 | } | |
12071 | } else { | |
12072 | @@ -179,7 +214,25 @@ static int show_map_internal(struct seq_ | |
12073 | } | |
12074 | seq_putc(m, '\n'); | |
12075 | ||
12076 | - if (mss) | |
12077 | + | |
12078 | + if (mss) { | |
12079 | +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP | |
12080 | + if (PAX_RAND_FLAGS(mm)) | |
12081 | + seq_printf(m, | |
12082 | + "Size: %8lu kB\n" | |
12083 | + "Rss: %8lu kB\n" | |
12084 | + "Shared_Clean: %8lu kB\n" | |
12085 | + "Shared_Dirty: %8lu kB\n" | |
12086 | + "Private_Clean: %8lu kB\n" | |
12087 | + "Private_Dirty: %8lu kB\n", | |
12088 | + 0UL, | |
12089 | + 0UL, | |
12090 | + 0UL, | |
12091 | + 0UL, | |
12092 | + 0UL, | |
12093 | + 0UL); | |
12094 | + else | |
12095 | +#endif | |
12096 | seq_printf(m, | |
12097 | "Size: %8lu kB\n" | |
12098 | "Rss: %8lu kB\n" | |
12099 | @@ -193,6 +246,7 @@ static int show_map_internal(struct seq_ | |
12100 | mss->shared_dirty >> 10, | |
12101 | mss->private_clean >> 10, | |
12102 | mss->private_dirty >> 10); | |
12103 | + } | |
12104 | ||
12105 | if (m->count < m->size) /* vma is copied successfully */ | |
12106 | m->version = (vma != get_gate_vma(task))? vma->vm_start: 0; | |
12107 | diff -urNp linux-2.6.19.1/fs/readdir.c linux-2.6.19.1/fs/readdir.c | |
12108 | --- linux-2.6.19.1/fs/readdir.c 2006-11-29 16:57:37.000000000 -0500 | |
12109 | +++ linux-2.6.19.1/fs/readdir.c 2006-12-03 16:05:44.000000000 -0500 | |
12110 | @@ -16,6 +16,8 @@ | |
12111 | #include <linux/security.h> | |
12112 | #include <linux/syscalls.h> | |
12113 | #include <linux/unistd.h> | |
12114 | +#include <linux/namei.h> | |
12115 | +#include <linux/grsecurity.h> | |
12116 | ||
12117 | #include <asm/uaccess.h> | |
12118 | ||
12119 | @@ -65,6 +67,7 @@ struct old_linux_dirent { | |
12120 | ||
12121 | struct readdir_callback { | |
12122 | struct old_linux_dirent __user * dirent; | |
12123 | + struct file * file; | |
12124 | int result; | |
12125 | }; | |
12126 | ||
12127 | @@ -80,6 +83,10 @@ static int fillonedir(void * __buf, cons | |
12128 | d_ino = ino; | |
12129 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) | |
12130 | return -EOVERFLOW; | |
12131 | + | |
12132 | + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino)) | |
12133 | + return 0; | |
12134 | + | |
12135 | buf->result++; | |
12136 | dirent = buf->dirent; | |
12137 | if (!access_ok(VERIFY_WRITE, dirent, | |
12138 | @@ -111,6 +118,7 @@ asmlinkage long old_readdir(unsigned int | |
12139 | ||
12140 | buf.result = 0; | |
12141 | buf.dirent = dirent; | |
12142 | + buf.file = file; | |
12143 | ||
12144 | error = vfs_readdir(file, fillonedir, &buf); | |
12145 | if (error >= 0) | |
12146 | @@ -137,6 +145,7 @@ struct linux_dirent { | |
12147 | struct getdents_callback { | |
12148 | struct linux_dirent __user * current_dir; | |
12149 | struct linux_dirent __user * previous; | |
12150 | + struct file * file; | |
12151 | int count; | |
12152 | int error; | |
12153 | }; | |
12154 | @@ -155,6 +164,10 @@ static int filldir(void * __buf, const c | |
12155 | d_ino = ino; | |
12156 | if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) | |
12157 | return -EOVERFLOW; | |
12158 | + | |
12159 | + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino)) | |
12160 | + return 0; | |
12161 | + | |
12162 | dirent = buf->previous; | |
12163 | if (dirent) { | |
12164 | if (__put_user(offset, &dirent->d_off)) | |
12165 | @@ -201,6 +214,7 @@ asmlinkage long sys_getdents(unsigned in | |
12166 | buf.previous = NULL; | |
12167 | buf.count = count; | |
12168 | buf.error = 0; | |
12169 | + buf.file = file; | |
12170 | ||
12171 | error = vfs_readdir(file, filldir, &buf); | |
12172 | if (error < 0) | |
12173 | @@ -225,6 +239,7 @@ out: | |
12174 | struct getdents_callback64 { | |
12175 | struct linux_dirent64 __user * current_dir; | |
12176 | struct linux_dirent64 __user * previous; | |
12177 | + struct file *file; | |
12178 | int count; | |
12179 | int error; | |
12180 | }; | |
12181 | @@ -239,6 +254,10 @@ static int filldir64(void * __buf, const | |
12182 | buf->error = -EINVAL; /* only used if we fail.. */ | |
12183 | if (reclen > buf->count) | |
12184 | return -EINVAL; | |
12185 | + | |
12186 | + if (!gr_acl_handle_filldir(buf->file, name, namlen, ino)) | |
12187 | + return 0; | |
12188 | + | |
12189 | dirent = buf->previous; | |
12190 | if (dirent) { | |
12191 | if (__put_user(offset, &dirent->d_off)) | |
12192 | @@ -285,6 +304,7 @@ asmlinkage long sys_getdents64(unsigned | |
12193 | ||
12194 | buf.current_dir = dirent; | |
12195 | buf.previous = NULL; | |
12196 | + buf.file = file; | |
12197 | buf.count = count; | |
12198 | buf.error = 0; | |
12199 | ||
12200 | diff -urNp linux-2.6.19.1/fs/udf/balloc.c linux-2.6.19.1/fs/udf/balloc.c | |
12201 | --- linux-2.6.19.1/fs/udf/balloc.c 2006-11-29 16:57:37.000000000 -0500 | |
12202 | +++ linux-2.6.19.1/fs/udf/balloc.c 2006-12-03 15:16:15.000000000 -0500 | |
12203 | @@ -153,8 +153,7 @@ static void udf_bitmap_free_blocks(struc | |
12204 | unsigned long overflow; | |
12205 | ||
12206 | mutex_lock(&sbi->s_alloc_mutex); | |
12207 | - if (bloc.logicalBlockNum < 0 || | |
12208 | - (bloc.logicalBlockNum + count) > UDF_SB_PARTLEN(sb, bloc.partitionReferenceNum)) | |
12209 | + if (bloc.logicalBlockNum + count > UDF_SB_PARTLEN(sb, bloc.partitionReferenceNum)) | |
12210 | { | |
12211 | udf_debug("%d < %d || %d + %d > %d\n", | |
12212 | bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count, | |
12213 | @@ -227,7 +226,7 @@ static int udf_bitmap_prealloc_blocks(st | |
12214 | struct buffer_head *bh; | |
12215 | ||
12216 | mutex_lock(&sbi->s_alloc_mutex); | |
12217 | - if (first_block < 0 || first_block >= UDF_SB_PARTLEN(sb, partition)) | |
12218 | + if (first_block >= UDF_SB_PARTLEN(sb, partition)) | |
12219 | goto out; | |
12220 | ||
12221 | if (first_block + block_count > UDF_SB_PARTLEN(sb, partition)) | |
12222 | @@ -294,7 +293,7 @@ static int udf_bitmap_new_block(struct s | |
12223 | mutex_lock(&sbi->s_alloc_mutex); | |
12224 | ||
12225 | repeat: | |
12226 | - if (goal < 0 || goal >= UDF_SB_PARTLEN(sb, partition)) | |
12227 | + if (goal >= UDF_SB_PARTLEN(sb, partition)) | |
12228 | goal = 0; | |
12229 | ||
12230 | nr_groups = bitmap->s_nr_groups; | |
12231 | @@ -434,8 +433,7 @@ static void udf_table_free_blocks(struct | |
12232 | int i; | |
12233 | ||
12234 | mutex_lock(&sbi->s_alloc_mutex); | |
12235 | - if (bloc.logicalBlockNum < 0 || | |
12236 | - (bloc.logicalBlockNum + count) > UDF_SB_PARTLEN(sb, bloc.partitionReferenceNum)) | |
12237 | + if (bloc.logicalBlockNum + count > UDF_SB_PARTLEN(sb, bloc.partitionReferenceNum)) | |
12238 | { | |
12239 | udf_debug("%d < %d || %d + %d > %d\n", | |
12240 | bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count, | |
12241 | @@ -682,7 +680,7 @@ static int udf_table_prealloc_blocks(str | |
12242 | struct buffer_head *bh; | |
12243 | int8_t etype = -1; | |
12244 | ||
12245 | - if (first_block < 0 || first_block >= UDF_SB_PARTLEN(sb, partition)) | |
12246 | + if (first_block >= UDF_SB_PARTLEN(sb, partition)) | |
12247 | return 0; | |
12248 | ||
12249 | if (UDF_I_ALLOCTYPE(table) == ICBTAG_FLAG_AD_SHORT) | |
12250 | @@ -762,7 +760,7 @@ static int udf_table_new_block(struct su | |
12251 | return newblock; | |
12252 | ||
12253 | mutex_lock(&sbi->s_alloc_mutex); | |
12254 | - if (goal < 0 || goal >= UDF_SB_PARTLEN(sb, partition)) | |
12255 | + if (goal >= UDF_SB_PARTLEN(sb, partition)) | |
12256 | goal = 0; | |
12257 | ||
12258 | /* We search for the closest matching block to goal. If we find a exact hit, | |
12259 | diff -urNp linux-2.6.19.1/fs/udf/inode.c linux-2.6.19.1/fs/udf/inode.c | |
12260 | --- linux-2.6.19.1/fs/udf/inode.c 2006-11-29 16:57:37.000000000 -0500 | |
12261 | +++ linux-2.6.19.1/fs/udf/inode.c 2006-12-03 15:16:15.000000000 -0500 | |
12262 | @@ -300,9 +300,6 @@ static int udf_get_block(struct inode *i | |
12263 | ||
12264 | lock_kernel(); | |
12265 | ||
12266 | - if (block < 0) | |
12267 | - goto abort_negative; | |
12268 | - | |
12269 | if (block == UDF_I_NEXT_ALLOC_BLOCK(inode) + 1) | |
12270 | { | |
12271 | UDF_I_NEXT_ALLOC_BLOCK(inode) ++; | |
12272 | @@ -323,10 +320,6 @@ static int udf_get_block(struct inode *i | |
12273 | abort: | |
12274 | unlock_kernel(); | |
12275 | return err; | |
12276 | - | |
12277 | -abort_negative: | |
12278 | - udf_warning(inode->i_sb, "udf_get_block", "block < 0"); | |
12279 | - goto abort; | |
12280 | } | |
12281 | ||
12282 | static struct buffer_head * | |
12283 | diff -urNp linux-2.6.19.1/fs/ufs/inode.c linux-2.6.19.1/fs/ufs/inode.c | |
12284 | --- linux-2.6.19.1/fs/ufs/inode.c 2006-11-29 16:57:37.000000000 -0500 | |
12285 | +++ linux-2.6.19.1/fs/ufs/inode.c 2006-12-03 15:16:16.000000000 -0500 | |
12286 | @@ -55,9 +55,7 @@ static int ufs_block_to_path(struct inod | |
12287 | ||
12288 | ||
12289 | UFSD("ptrs=uspi->s_apb = %d,double_blocks=%ld \n",ptrs,double_blocks); | |
12290 | - if (i_block < 0) { | |
12291 | - ufs_warning(inode->i_sb, "ufs_block_to_path", "block < 0"); | |
12292 | - } else if (i_block < direct_blocks) { | |
12293 | + if (i_block < direct_blocks) { | |
12294 | offsets[n++] = i_block; | |
12295 | } else if ((i_block -= direct_blocks) < indirect_blocks) { | |
12296 | offsets[n++] = UFS_IND_BLOCK; | |
12297 | @@ -454,8 +452,6 @@ int ufs_getfrag_block(struct inode *inod | |
12298 | lock_kernel(); | |
12299 | ||
12300 | UFSD("ENTER, ino %lu, fragment %llu\n", inode->i_ino, (unsigned long long)fragment); | |
12301 | - if (fragment < 0) | |
12302 | - goto abort_negative; | |
12303 | if (fragment > | |
12304 | ((UFS_NDADDR + uspi->s_apb + uspi->s_2apb + uspi->s_3apb) | |
12305 | << uspi->s_fpbshift)) | |
12306 | @@ -516,10 +512,6 @@ abort: | |
12307 | unlock_kernel(); | |
12308 | return err; | |
12309 | ||
12310 | -abort_negative: | |
12311 | - ufs_warning(sb, "ufs_get_block", "block < 0"); | |
12312 | - goto abort; | |
12313 | - | |
12314 | abort_too_big: | |
12315 | ufs_warning(sb, "ufs_get_block", "block > big"); | |
12316 | goto abort; | |
12317 | diff -urNp linux-2.6.19.1/fs/utimes.c linux-2.6.19.1/fs/utimes.c | |
12318 | --- linux-2.6.19.1/fs/utimes.c 2006-11-29 16:57:37.000000000 -0500 | |
12319 | +++ linux-2.6.19.1/fs/utimes.c 2006-12-03 15:16:16.000000000 -0500 | |
12320 | @@ -3,6 +3,7 @@ | |
c3e8c1b5 | 12321 | #include <linux/utime.h> |
b6fa5d20 | 12322 | #include <linux/mount.h> |
12323 | #include <linux/vs_cowbl.h> | |
c3e8c1b5 | 12324 | +#include <linux/grsecurity.h> |
12325 | #include <asm/uaccess.h> | |
12326 | #include <asm/unistd.h> | |
12327 | ||
12328 | @@ -60,6 +61,12 @@ asmlinkage long sys_utime(char __user * | |
12329 | (error = vfs_permission(&nd, MAY_WRITE)) != 0) | |
12330 | goto dput_and_out; | |
12331 | } | |
12332 | + | |
12333 | + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) { | |
12334 | + error = -EACCES; | |
12335 | + goto dput_and_out; | |
12336 | + } | |
12337 | + | |
12338 | mutex_lock(&inode->i_mutex); | |
12339 | error = notify_change(nd.dentry, &newattrs); | |
12340 | mutex_unlock(&inode->i_mutex); | |
12341 | @@ -113,6 +120,12 @@ long do_utimes(int dfd, char __user *fil | |
12342 | (error = vfs_permission(&nd, MAY_WRITE)) != 0) | |
12343 | goto dput_and_out; | |
12344 | } | |
12345 | + | |
12346 | + if (!gr_acl_handle_utime(nd.dentry, nd.mnt)) { | |
12347 | + error = -EACCES; | |
12348 | + goto dput_and_out; | |
12349 | + } | |
12350 | + | |
12351 | mutex_lock(&inode->i_mutex); | |
12352 | error = notify_change(nd.dentry, &newattrs); | |
12353 | mutex_unlock(&inode->i_mutex); | |
12354 | diff -urNp linux-2.6.19.1/fs/xfs/linux-2.6/xfs_file.c linux-2.6.19.1/fs/xfs/linux-2.6/xfs_file.c | |
12355 | --- linux-2.6.19.1/fs/xfs/linux-2.6/xfs_file.c 2006-11-29 16:57:37.000000000 -0500 | |
12356 | +++ linux-2.6.19.1/fs/xfs/linux-2.6/xfs_file.c 2006-12-03 15:16:16.000000000 -0500 | |
12357 | @@ -342,6 +342,12 @@ xfs_file_mmap( | |
12358 | struct file *filp, | |
12359 | struct vm_area_struct *vma) | |
12360 | { | |
12361 | + | |
12362 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
12363 | + if ((vma->vm_mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_EXEC)) | |
12364 | + vma->vm_page_prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(vma->vm_page_prot))))); | |
12365 | +#endif | |
12366 | + | |
12367 | vma->vm_ops = &xfs_file_vm_ops; | |
12368 | ||
12369 | #ifdef CONFIG_XFS_DMAPI | |
12370 | diff -urNp linux-2.6.19.1/fs/xfs/xfs_bmap.c linux-2.6.19.1/fs/xfs/xfs_bmap.c | |
12371 | --- linux-2.6.19.1/fs/xfs/xfs_bmap.c 2006-11-29 16:57:37.000000000 -0500 | |
12372 | +++ linux-2.6.19.1/fs/xfs/xfs_bmap.c 2006-12-03 15:16:16.000000000 -0500 | |
12373 | @@ -376,7 +376,7 @@ xfs_bmap_validate_ret( | |
12374 | int nmap, | |
12375 | int ret_nmap); | |
12376 | #else | |
12377 | -#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) | |
12378 | +#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0) | |
12379 | #endif /* DEBUG */ | |
12380 | ||
12381 | #if defined(XFS_RW_TRACE) | |
12382 | diff -urNp linux-2.6.19.1/grsecurity/gracl_alloc.c linux-2.6.19.1/grsecurity/gracl_alloc.c | |
12383 | --- linux-2.6.19.1/grsecurity/gracl_alloc.c 1969-12-31 19:00:00.000000000 -0500 | |
12384 | +++ linux-2.6.19.1/grsecurity/gracl_alloc.c 2006-12-03 15:16:32.000000000 -0500 | |
12385 | @@ -0,0 +1,91 @@ | |
12386 | +#include <linux/kernel.h> | |
12387 | +#include <linux/mm.h> | |
12388 | +#include <linux/slab.h> | |
12389 | +#include <linux/vmalloc.h> | |
12390 | +#include <linux/gracl.h> | |
12391 | +#include <linux/grsecurity.h> | |
12392 | + | |
12393 | +static unsigned long alloc_stack_next = 1; | |
12394 | +static unsigned long alloc_stack_size = 1; | |
12395 | +static void **alloc_stack; | |
12396 | + | |
12397 | +static __inline__ int | |
12398 | +alloc_pop(void) | |
12399 | +{ | |
12400 | + if (alloc_stack_next == 1) | |
12401 | + return 0; | |
12402 | + | |
12403 | + kfree(alloc_stack[alloc_stack_next - 2]); | |
12404 | + | |
12405 | + alloc_stack_next--; | |
12406 | + | |
12407 | + return 1; | |
12408 | +} | |
12409 | + | |
12410 | +static __inline__ void | |
12411 | +alloc_push(void *buf) | |
12412 | +{ | |
12413 | + if (alloc_stack_next >= alloc_stack_size) | |
12414 | + BUG(); | |
12415 | + | |
12416 | + alloc_stack[alloc_stack_next - 1] = buf; | |
12417 | + | |
12418 | + alloc_stack_next++; | |
12419 | + | |
12420 | + return; | |
12421 | +} | |
12422 | + | |
12423 | +void * | |
12424 | +acl_alloc(unsigned long len) | |
12425 | +{ | |
12426 | + void *ret; | |
12427 | + | |
12428 | + if (len > PAGE_SIZE) | |
12429 | + BUG(); | |
12430 | + | |
12431 | + ret = kmalloc(len, GFP_KERNEL); | |
12432 | + | |
12433 | + if (ret) | |
12434 | + alloc_push(ret); | |
12435 | + | |
12436 | + return ret; | |
12437 | +} | |
12438 | + | |
12439 | +void | |
12440 | +acl_free_all(void) | |
12441 | +{ | |
12442 | + if (gr_acl_is_enabled() || !alloc_stack) | |
12443 | + return; | |
12444 | + | |
12445 | + while (alloc_pop()) ; | |
12446 | + | |
12447 | + if (alloc_stack) { | |
12448 | + if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE) | |
12449 | + kfree(alloc_stack); | |
12450 | + else | |
12451 | + vfree(alloc_stack); | |
12452 | + } | |
12453 | + | |
12454 | + alloc_stack = NULL; | |
12455 | + alloc_stack_size = 1; | |
12456 | + alloc_stack_next = 1; | |
12457 | + | |
12458 | + return; | |
12459 | +} | |
12460 | + | |
12461 | +int | |
12462 | +acl_alloc_stack_init(unsigned long size) | |
12463 | +{ | |
12464 | + if ((size * sizeof (void *)) <= PAGE_SIZE) | |
12465 | + alloc_stack = | |
12466 | + (void **) kmalloc(size * sizeof (void *), GFP_KERNEL); | |
12467 | + else | |
12468 | + alloc_stack = (void **) vmalloc(size * sizeof (void *)); | |
12469 | + | |
12470 | + alloc_stack_size = size; | |
12471 | + | |
12472 | + if (!alloc_stack) | |
12473 | + return 0; | |
12474 | + else | |
12475 | + return 1; | |
12476 | +} | |
12477 | diff -urNp linux-2.6.19.1/grsecurity/gracl.c linux-2.6.19.1/grsecurity/gracl.c | |
12478 | --- linux-2.6.19.1/grsecurity/gracl.c 1969-12-31 19:00:00.000000000 -0500 | |
12479 | +++ linux-2.6.19.1/grsecurity/gracl.c 2006-12-03 15:16:32.000000000 -0500 | |
12480 | @@ -0,0 +1,3547 @@ | |
12481 | +#include <linux/kernel.h> | |
12482 | +#include <linux/module.h> | |
12483 | +#include <linux/sched.h> | |
12484 | +#include <linux/mm.h> | |
12485 | +#include <linux/file.h> | |
12486 | +#include <linux/fs.h> | |
12487 | +#include <linux/namei.h> | |
12488 | +#include <linux/mount.h> | |
12489 | +#include <linux/tty.h> | |
12490 | +#include <linux/proc_fs.h> | |
12491 | +#include <linux/smp_lock.h> | |
12492 | +#include <linux/slab.h> | |
12493 | +#include <linux/vmalloc.h> | |
12494 | +#include <linux/types.h> | |
12495 | +#include <linux/capability.h> | |
12496 | +#include <linux/sysctl.h> | |
12497 | +#include <linux/netdevice.h> | |
12498 | +#include <linux/ptrace.h> | |
12499 | +#include <linux/gracl.h> | |
12500 | +#include <linux/gralloc.h> | |
12501 | +#include <linux/grsecurity.h> | |
12502 | +#include <linux/grinternal.h> | |
12503 | +#include <linux/percpu.h> | |
12504 | + | |
12505 | +#include <asm/uaccess.h> | |
12506 | +#include <asm/errno.h> | |
12507 | +#include <asm/mman.h> | |
12508 | + | |
12509 | +static struct acl_role_db acl_role_set; | |
12510 | +static struct name_db name_set; | |
12511 | +static struct inodev_db inodev_set; | |
12512 | + | |
12513 | +/* for keeping track of userspace pointers used for subjects, so we | |
12514 | + can share references in the kernel as well | |
12515 | +*/ | |
12516 | + | |
12517 | +static struct dentry *real_root; | |
12518 | +static struct vfsmount *real_root_mnt; | |
12519 | + | |
12520 | +static struct acl_subj_map_db subj_map_set; | |
12521 | + | |
12522 | +static struct acl_role_label *default_role; | |
12523 | + | |
12524 | +static u16 acl_sp_role_value; | |
12525 | + | |
12526 | +extern char *gr_shared_page[4]; | |
12527 | +static DECLARE_MUTEX(gr_dev_sem); | |
12528 | +rwlock_t gr_inode_lock = RW_LOCK_UNLOCKED; | |
12529 | + | |
12530 | +struct gr_arg *gr_usermode; | |
12531 | + | |
12532 | +static unsigned int gr_status = GR_STATUS_INIT; | |
12533 | + | |
12534 | +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum); | |
12535 | +extern void gr_clear_learn_entries(void); | |
12536 | + | |
12537 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
12538 | +extern void gr_log_resource(const struct task_struct *task, | |
12539 | + const int res, const unsigned long wanted, const int gt); | |
12540 | +#endif | |
12541 | + | |
12542 | +extern char * __d_path(struct dentry *dentry, struct vfsmount *vfsmnt, | |
12543 | + struct dentry *root, struct vfsmount *rootmnt, | |
12544 | + char *buffer, int buflen); | |
12545 | + | |
12546 | +unsigned char *gr_system_salt; | |
12547 | +unsigned char *gr_system_sum; | |
12548 | + | |
12549 | +static struct sprole_pw **acl_special_roles = NULL; | |
12550 | +static __u16 num_sprole_pws = 0; | |
12551 | + | |
12552 | +static struct acl_role_label *kernel_role = NULL; | |
12553 | + | |
12554 | +static unsigned int gr_auth_attempts = 0; | |
12555 | +static unsigned long gr_auth_expires = 0UL; | |
12556 | + | |
12557 | +extern struct vfsmount *sock_mnt; | |
12558 | +extern struct vfsmount *pipe_mnt; | |
12559 | +extern struct vfsmount *shm_mnt; | |
12560 | +static struct acl_object_label *fakefs_obj; | |
12561 | + | |
12562 | +extern int gr_init_uidset(void); | |
12563 | +extern void gr_free_uidset(void); | |
12564 | +extern void gr_remove_uid(uid_t uid); | |
12565 | +extern int gr_find_uid(uid_t uid); | |
12566 | + | |
12567 | +__inline__ int | |
12568 | +gr_acl_is_enabled(void) | |
12569 | +{ | |
12570 | + return (gr_status & GR_READY); | |
12571 | +} | |
12572 | + | |
12573 | +char gr_roletype_to_char(void) | |
12574 | +{ | |
12575 | + switch (current->role->roletype & | |
12576 | + (GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP | | |
12577 | + GR_ROLE_SPECIAL)) { | |
12578 | + case GR_ROLE_DEFAULT: | |
12579 | + return 'D'; | |
12580 | + case GR_ROLE_USER: | |
12581 | + return 'U'; | |
12582 | + case GR_ROLE_GROUP: | |
12583 | + return 'G'; | |
12584 | + case GR_ROLE_SPECIAL: | |
12585 | + return 'S'; | |
12586 | + } | |
12587 | + | |
12588 | + return 'X'; | |
12589 | +} | |
12590 | + | |
12591 | +__inline__ int | |
12592 | +gr_acl_tpe_check(void) | |
12593 | +{ | |
12594 | + if (unlikely(!(gr_status & GR_READY))) | |
12595 | + return 0; | |
12596 | + if (current->role->roletype & GR_ROLE_TPE) | |
12597 | + return 1; | |
12598 | + else | |
12599 | + return 0; | |
12600 | +} | |
12601 | + | |
12602 | +int | |
12603 | +gr_handle_rawio(const struct inode *inode) | |
12604 | +{ | |
12605 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
12606 | + if (inode && S_ISBLK(inode->i_mode) && | |
12607 | + grsec_enable_chroot_caps && proc_is_chrooted(current) && | |
12608 | + !capable(CAP_SYS_RAWIO)) | |
12609 | + return 1; | |
12610 | +#endif | |
12611 | + return 0; | |
12612 | +} | |
12613 | + | |
12614 | +static int | |
12615 | +gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb) | |
12616 | +{ | |
12617 | + int i; | |
12618 | + unsigned long *l1; | |
12619 | + unsigned long *l2; | |
12620 | + unsigned char *c1; | |
12621 | + unsigned char *c2; | |
12622 | + int num_longs; | |
12623 | + | |
12624 | + if (likely(lena != lenb)) | |
12625 | + return 0; | |
12626 | + | |
12627 | + l1 = (unsigned long *)a; | |
12628 | + l2 = (unsigned long *)b; | |
12629 | + | |
12630 | + num_longs = lena / sizeof(unsigned long); | |
12631 | + | |
12632 | + for (i = num_longs; i--; l1++, l2++) { | |
12633 | + if (unlikely(*l1 != *l2)) | |
12634 | + return 0; | |
12635 | + } | |
12636 | + | |
12637 | + c1 = (unsigned char *) l1; | |
12638 | + c2 = (unsigned char *) l2; | |
12639 | + | |
12640 | + i = lena - (num_longs * sizeof(unsigned long)); | |
12641 | + | |
12642 | + for (; i--; c1++, c2++) { | |
12643 | + if (unlikely(*c1 != *c2)) | |
12644 | + return 0; | |
12645 | + } | |
12646 | + | |
12647 | + return 1; | |
12648 | +} | |
12649 | + | |
12650 | +static char * | |
12651 | +gen_full_path(struct dentry *dentry, struct vfsmount *vfsmnt, | |
12652 | + struct dentry *root, struct vfsmount *rootmnt, char *buf, int buflen) | |
12653 | +{ | |
12654 | + char *end = buf + buflen; | |
12655 | + char *retval; | |
12656 | + int namelen = 0; | |
12657 | + | |
12658 | + *--end = '\0'; | |
12659 | + | |
12660 | + retval = end - 1; | |
12661 | + *retval = '/'; | |
12662 | + | |
12663 | + if (dentry == root && vfsmnt == rootmnt) | |
12664 | + return retval; | |
12665 | + if (dentry != vfsmnt->mnt_root && !IS_ROOT(dentry)) { | |
12666 | + namelen = strlen(dentry->d_name.name); | |
12667 | + buflen -= namelen; | |
12668 | + if (buflen < 2) | |
12669 | + goto err; | |
12670 | + if (dentry->d_parent != root || vfsmnt != rootmnt) | |
12671 | + buflen--; | |
12672 | + } | |
12673 | + | |
12674 | + retval = __d_path(dentry->d_parent, vfsmnt, root, rootmnt, buf, buflen); | |
12675 | + if (unlikely(IS_ERR(retval))) | |
12676 | +err: | |
12677 | + retval = strcpy(buf, "<path too long>"); | |
12678 | + else if (namelen != 0) { | |
12679 | + end = buf + buflen - 1; // accounts for null termination | |
12680 | + if (dentry->d_parent != root || vfsmnt != rootmnt) | |
12681 | + *end++ = '/'; // accounted for above with buflen-- | |
12682 | + memcpy(end, dentry->d_name.name, namelen); | |
12683 | + } | |
12684 | + | |
12685 | + return retval; | |
12686 | +} | |
12687 | + | |
12688 | +static char * | |
12689 | +__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt, | |
12690 | + char *buf, int buflen) | |
12691 | +{ | |
12692 | + char *res; | |
12693 | + | |
12694 | + /* we can use real_root, real_root_mnt, because this is only called | |
12695 | + by the RBAC system */ | |
12696 | + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, real_root, real_root_mnt, buf, buflen); | |
12697 | + | |
12698 | + return res; | |
12699 | +} | |
12700 | + | |
12701 | +static char * | |
12702 | +d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt, | |
12703 | + char *buf, int buflen) | |
12704 | +{ | |
12705 | + char *res; | |
12706 | + struct dentry *root; | |
12707 | + struct vfsmount *rootmnt; | |
12708 | + | |
12709 | + /* we can't use real_root, real_root_mnt, because they belong only to the RBAC system */ | |
12710 | + read_lock(&child_reaper->fs->lock); | |
12711 | + root = dget(child_reaper->fs->root); | |
12712 | + rootmnt = mntget(child_reaper->fs->rootmnt); | |
12713 | + read_unlock(&child_reaper->fs->lock); | |
12714 | + | |
12715 | + spin_lock(&dcache_lock); | |
12716 | + res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen); | |
12717 | + spin_unlock(&dcache_lock); | |
12718 | + | |
12719 | + dput(root); | |
12720 | + mntput(rootmnt); | |
12721 | + return res; | |
12722 | +} | |
12723 | + | |
12724 | +static char * | |
12725 | +gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt) | |
12726 | +{ | |
12727 | + char *ret; | |
12728 | + spin_lock(&dcache_lock); | |
12729 | + ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()), | |
12730 | + PAGE_SIZE); | |
12731 | + spin_unlock(&dcache_lock); | |
12732 | + return ret; | |
12733 | +} | |
12734 | + | |
12735 | +char * | |
12736 | +gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt) | |
12737 | +{ | |
12738 | + return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()), | |
12739 | + PAGE_SIZE); | |
12740 | +} | |
12741 | + | |
12742 | +char * | |
12743 | +gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt) | |
12744 | +{ | |
12745 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()), | |
12746 | + PAGE_SIZE); | |
12747 | +} | |
12748 | + | |
12749 | +char * | |
12750 | +gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt) | |
12751 | +{ | |
12752 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()), | |
12753 | + PAGE_SIZE); | |
12754 | +} | |
12755 | + | |
12756 | +char * | |
12757 | +gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt) | |
12758 | +{ | |
12759 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()), | |
12760 | + PAGE_SIZE); | |
12761 | +} | |
12762 | + | |
12763 | +char * | |
12764 | +gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt) | |
12765 | +{ | |
12766 | + return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()), | |
12767 | + PAGE_SIZE); | |
12768 | +} | |
12769 | + | |
12770 | +__inline__ __u32 | |
12771 | +to_gr_audit(const __u32 reqmode) | |
12772 | +{ | |
12773 | + /* masks off auditable permission flags, then shifts them to create | |
12774 | + auditing flags, and adds the special case of append auditing if | |
12775 | + we're requesting write */ | |
12776 | + return (((reqmode & GR_AUDIT_READ) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0)); | |
12777 | +} | |
12778 | + | |
12779 | +struct acl_subject_label * | |
12780 | +lookup_subject_map(const struct acl_subject_label *userp) | |
12781 | +{ | |
12782 | + unsigned int index = shash(userp, subj_map_set.s_size); | |
12783 | + struct subject_map *match; | |
12784 | + | |
12785 | + match = subj_map_set.s_hash[index]; | |
12786 | + | |
12787 | + while (match && match->user != userp) | |
12788 | + match = match->next; | |
12789 | + | |
12790 | + if (match != NULL) | |
12791 | + return match->kernel; | |
12792 | + else | |
12793 | + return NULL; | |
12794 | +} | |
12795 | + | |
12796 | +static void | |
12797 | +insert_subj_map_entry(struct subject_map *subjmap) | |
12798 | +{ | |
12799 | + unsigned int index = shash(subjmap->user, subj_map_set.s_size); | |
12800 | + struct subject_map **curr; | |
12801 | + | |
12802 | + subjmap->prev = NULL; | |
12803 | + | |
12804 | + curr = &subj_map_set.s_hash[index]; | |
12805 | + if (*curr != NULL) | |
12806 | + (*curr)->prev = subjmap; | |
12807 | + | |
12808 | + subjmap->next = *curr; | |
12809 | + *curr = subjmap; | |
12810 | + | |
12811 | + return; | |
12812 | +} | |
12813 | + | |
12814 | +static struct acl_role_label * | |
12815 | +lookup_acl_role_label(const struct task_struct *task, const uid_t uid, | |
12816 | + const gid_t gid) | |
12817 | +{ | |
12818 | + unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size); | |
12819 | + struct acl_role_label *match; | |
12820 | + struct role_allowed_ip *ipp; | |
12821 | + unsigned int x; | |
12822 | + | |
12823 | + match = acl_role_set.r_hash[index]; | |
12824 | + | |
12825 | + while (match) { | |
12826 | + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) { | |
12827 | + for (x = 0; x < match->domain_child_num; x++) { | |
12828 | + if (match->domain_children[x] == uid) | |
12829 | + goto found; | |
12830 | + } | |
12831 | + } else if (match->uidgid == uid && match->roletype & GR_ROLE_USER) | |
12832 | + break; | |
12833 | + match = match->next; | |
12834 | + } | |
12835 | +found: | |
12836 | + if (match == NULL) { | |
12837 | + try_group: | |
12838 | + index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size); | |
12839 | + match = acl_role_set.r_hash[index]; | |
12840 | + | |
12841 | + while (match) { | |
12842 | + if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) { | |
12843 | + for (x = 0; x < match->domain_child_num; x++) { | |
12844 | + if (match->domain_children[x] == gid) | |
12845 | + goto found2; | |
12846 | + } | |
12847 | + } else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP) | |
12848 | + break; | |
12849 | + match = match->next; | |
12850 | + } | |
12851 | +found2: | |
12852 | + if (match == NULL) | |
12853 | + match = default_role; | |
12854 | + if (match->allowed_ips == NULL) | |
12855 | + return match; | |
12856 | + else { | |
12857 | + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) { | |
12858 | + if (likely | |
12859 | + ((ntohl(task->signal->curr_ip) & ipp->netmask) == | |
12860 | + (ntohl(ipp->addr) & ipp->netmask))) | |
12861 | + return match; | |
12862 | + } | |
12863 | + match = default_role; | |
12864 | + } | |
12865 | + } else if (match->allowed_ips == NULL) { | |
12866 | + return match; | |
12867 | + } else { | |
12868 | + for (ipp = match->allowed_ips; ipp; ipp = ipp->next) { | |
12869 | + if (likely | |
12870 | + ((ntohl(task->signal->curr_ip) & ipp->netmask) == | |
12871 | + (ntohl(ipp->addr) & ipp->netmask))) | |
12872 | + return match; | |
12873 | + } | |
12874 | + goto try_group; | |
12875 | + } | |
12876 | + | |
12877 | + return match; | |
12878 | +} | |
12879 | + | |
12880 | +struct acl_subject_label * | |
12881 | +lookup_acl_subj_label(const ino_t ino, const dev_t dev, | |
12882 | + const struct acl_role_label *role) | |
12883 | +{ | |
12884 | + unsigned int index = fhash(ino, dev, role->subj_hash_size); | |
12885 | + struct acl_subject_label *match; | |
12886 | + | |
12887 | + match = role->subj_hash[index]; | |
12888 | + | |
12889 | + while (match && (match->inode != ino || match->device != dev || | |
12890 | + (match->mode & GR_DELETED))) { | |
12891 | + match = match->next; | |
12892 | + } | |
12893 | + | |
12894 | + if (match && !(match->mode & GR_DELETED)) | |
12895 | + return match; | |
12896 | + else | |
12897 | + return NULL; | |
12898 | +} | |
12899 | + | |
12900 | +static struct acl_object_label * | |
12901 | +lookup_acl_obj_label(const ino_t ino, const dev_t dev, | |
12902 | + const struct acl_subject_label *subj) | |
12903 | +{ | |
12904 | + unsigned int index = fhash(ino, dev, subj->obj_hash_size); | |
12905 | + struct acl_object_label *match; | |
12906 | + | |
12907 | + match = subj->obj_hash[index]; | |
12908 | + | |
12909 | + while (match && (match->inode != ino || match->device != dev || | |
12910 | + (match->mode & GR_DELETED))) { | |
12911 | + match = match->next; | |
12912 | + } | |
12913 | + | |
12914 | + if (match && !(match->mode & GR_DELETED)) | |
12915 | + return match; | |
12916 | + else | |
12917 | + return NULL; | |
12918 | +} | |
12919 | + | |
12920 | +static struct acl_object_label * | |
12921 | +lookup_acl_obj_label_create(const ino_t ino, const dev_t dev, | |
12922 | + const struct acl_subject_label *subj) | |
12923 | +{ | |
12924 | + unsigned int index = fhash(ino, dev, subj->obj_hash_size); | |
12925 | + struct acl_object_label *match; | |
12926 | + | |
12927 | + match = subj->obj_hash[index]; | |
12928 | + | |
12929 | + while (match && (match->inode != ino || match->device != dev || | |
12930 | + !(match->mode & GR_DELETED))) { | |
12931 | + match = match->next; | |
12932 | + } | |
12933 | + | |
12934 | + if (match && (match->mode & GR_DELETED)) | |
12935 | + return match; | |
12936 | + | |
12937 | + match = subj->obj_hash[index]; | |
12938 | + | |
12939 | + while (match && (match->inode != ino || match->device != dev || | |
12940 | + (match->mode & GR_DELETED))) { | |
12941 | + match = match->next; | |
12942 | + } | |
12943 | + | |
12944 | + if (match && !(match->mode & GR_DELETED)) | |
12945 | + return match; | |
12946 | + else | |
12947 | + return NULL; | |
12948 | +} | |
12949 | + | |
12950 | +static struct name_entry * | |
12951 | +lookup_name_entry(const char *name) | |
12952 | +{ | |
12953 | + unsigned int len = strlen(name); | |
12954 | + unsigned int key = full_name_hash(name, len); | |
12955 | + unsigned int index = key % name_set.n_size; | |
12956 | + struct name_entry *match; | |
12957 | + | |
12958 | + match = name_set.n_hash[index]; | |
12959 | + | |
12960 | + while (match && (match->key != key || !gr_streq(match->name, name, match->len, len))) | |
12961 | + match = match->next; | |
12962 | + | |
12963 | + return match; | |
12964 | +} | |
12965 | + | |
12966 | +static struct inodev_entry * | |
12967 | +lookup_inodev_entry(const ino_t ino, const dev_t dev) | |
12968 | +{ | |
12969 | + unsigned int index = fhash(ino, dev, inodev_set.i_size); | |
12970 | + struct inodev_entry *match; | |
12971 | + | |
12972 | + match = inodev_set.i_hash[index]; | |
12973 | + | |
12974 | + while (match && (match->nentry->inode != ino || match->nentry->device != dev)) | |
12975 | + match = match->next; | |
12976 | + | |
12977 | + return match; | |
12978 | +} | |
12979 | + | |
12980 | +static void | |
12981 | +insert_inodev_entry(struct inodev_entry *entry) | |
12982 | +{ | |
12983 | + unsigned int index = fhash(entry->nentry->inode, entry->nentry->device, | |
12984 | + inodev_set.i_size); | |
12985 | + struct inodev_entry **curr; | |
12986 | + | |
12987 | + entry->prev = NULL; | |
12988 | + | |
12989 | + curr = &inodev_set.i_hash[index]; | |
12990 | + if (*curr != NULL) | |
12991 | + (*curr)->prev = entry; | |
12992 | + | |
12993 | + entry->next = *curr; | |
12994 | + *curr = entry; | |
12995 | + | |
12996 | + return; | |
12997 | +} | |
12998 | + | |
12999 | +static void | |
13000 | +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid) | |
13001 | +{ | |
13002 | + unsigned int index = | |
13003 | + rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size); | |
13004 | + struct acl_role_label **curr; | |
13005 | + | |
13006 | + role->prev = NULL; | |
13007 | + | |
13008 | + curr = &acl_role_set.r_hash[index]; | |
13009 | + if (*curr != NULL) | |
13010 | + (*curr)->prev = role; | |
13011 | + | |
13012 | + role->next = *curr; | |
13013 | + *curr = role; | |
13014 | + | |
13015 | + return; | |
13016 | +} | |
13017 | + | |
13018 | +static void | |
13019 | +insert_acl_role_label(struct acl_role_label *role) | |
13020 | +{ | |
13021 | + int i; | |
13022 | + | |
13023 | + if (role->roletype & GR_ROLE_DOMAIN) { | |
13024 | + for (i = 0; i < role->domain_child_num; i++) | |
13025 | + __insert_acl_role_label(role, role->domain_children[i]); | |
13026 | + } else | |
13027 | + __insert_acl_role_label(role, role->uidgid); | |
13028 | +} | |
13029 | + | |
13030 | +static int | |
13031 | +insert_name_entry(char *name, const ino_t inode, const dev_t device) | |
13032 | +{ | |
13033 | + struct name_entry **curr, *nentry; | |
13034 | + struct inodev_entry *ientry; | |
13035 | + unsigned int len = strlen(name); | |
13036 | + unsigned int key = full_name_hash(name, len); | |
13037 | + unsigned int index = key % name_set.n_size; | |
13038 | + | |
13039 | + curr = &name_set.n_hash[index]; | |
13040 | + | |
13041 | + while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len))) | |
13042 | + curr = &((*curr)->next); | |
13043 | + | |
13044 | + if (*curr != NULL) | |
13045 | + return 1; | |
13046 | + | |
13047 | + nentry = acl_alloc(sizeof (struct name_entry)); | |
13048 | + if (nentry == NULL) | |
13049 | + return 0; | |
13050 | + ientry = acl_alloc(sizeof (struct inodev_entry)); | |
13051 | + if (ientry == NULL) | |
13052 | + return 0; | |
13053 | + ientry->nentry = nentry; | |
13054 | + | |
13055 | + nentry->key = key; | |
13056 | + nentry->name = name; | |
13057 | + nentry->inode = inode; | |
13058 | + nentry->device = device; | |
13059 | + nentry->len = len; | |
13060 | + | |
13061 | + nentry->prev = NULL; | |
13062 | + curr = &name_set.n_hash[index]; | |
13063 | + if (*curr != NULL) | |
13064 | + (*curr)->prev = nentry; | |
13065 | + nentry->next = *curr; | |
13066 | + *curr = nentry; | |
13067 | + | |
13068 | + /* insert us into the table searchable by inode/dev */ | |
13069 | + insert_inodev_entry(ientry); | |
13070 | + | |
13071 | + return 1; | |
13072 | +} | |
13073 | + | |
13074 | +static void | |
13075 | +insert_acl_obj_label(struct acl_object_label *obj, | |
13076 | + struct acl_subject_label *subj) | |
13077 | +{ | |
13078 | + unsigned int index = | |
13079 | + fhash(obj->inode, obj->device, subj->obj_hash_size); | |
13080 | + struct acl_object_label **curr; | |
13081 | + | |
13082 | + | |
13083 | + obj->prev = NULL; | |
13084 | + | |
13085 | + curr = &subj->obj_hash[index]; | |
13086 | + if (*curr != NULL) | |
13087 | + (*curr)->prev = obj; | |
13088 | + | |
13089 | + obj->next = *curr; | |
13090 | + *curr = obj; | |
13091 | + | |
13092 | + return; | |
13093 | +} | |
13094 | + | |
13095 | +static void | |
13096 | +insert_acl_subj_label(struct acl_subject_label *obj, | |
13097 | + struct acl_role_label *role) | |
13098 | +{ | |
13099 | + unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size); | |
13100 | + struct acl_subject_label **curr; | |
13101 | + | |
13102 | + obj->prev = NULL; | |
13103 | + | |
13104 | + curr = &role->subj_hash[index]; | |
13105 | + if (*curr != NULL) | |
13106 | + (*curr)->prev = obj; | |
13107 | + | |
13108 | + obj->next = *curr; | |
13109 | + *curr = obj; | |
13110 | + | |
13111 | + return; | |
13112 | +} | |
13113 | + | |
13114 | +/* allocating chained hash tables, so optimal size is where lambda ~ 1 */ | |
13115 | + | |
13116 | +static void * | |
13117 | +create_table(__u32 * len, int elementsize) | |
13118 | +{ | |
13119 | + unsigned int table_sizes[] = { | |
13120 | + 7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381, | |
13121 | + 32749, 65521, 131071, 262139, 524287, 1048573, 2097143, | |
13122 | + 4194301, 8388593, 16777213, 33554393, 67108859, 134217689, | |
13123 | + 268435399, 536870909, 1073741789, 2147483647 | |
13124 | + }; | |
13125 | + void *newtable = NULL; | |
13126 | + unsigned int pwr = 0; | |
13127 | + | |
13128 | + while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) && | |
13129 | + table_sizes[pwr] <= *len) | |
13130 | + pwr++; | |
13131 | + | |
13132 | + if (table_sizes[pwr] <= *len) | |
13133 | + return newtable; | |
13134 | + | |
13135 | + if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE) | |
13136 | + newtable = | |
13137 | + kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL); | |
13138 | + else | |
13139 | + newtable = vmalloc(table_sizes[pwr] * elementsize); | |
13140 | + | |
13141 | + *len = table_sizes[pwr]; | |
13142 | + | |
13143 | + return newtable; | |
13144 | +} | |
13145 | + | |
13146 | +static int | |
13147 | +init_variables(const struct gr_arg *arg) | |
13148 | +{ | |
13149 | + unsigned int stacksize; | |
13150 | + | |
13151 | + subj_map_set.s_size = arg->role_db.num_subjects; | |
13152 | + acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children; | |
13153 | + name_set.n_size = arg->role_db.num_objects; | |
13154 | + inodev_set.i_size = arg->role_db.num_objects; | |
13155 | + | |
13156 | + if (!subj_map_set.s_size || !acl_role_set.r_size || | |
13157 | + !name_set.n_size || !inodev_set.i_size) | |
13158 | + return 1; | |
13159 | + | |
13160 | + if (!gr_init_uidset()) | |
13161 | + return 1; | |
13162 | + | |
13163 | + /* set up the stack that holds allocation info */ | |
13164 | + | |
13165 | + stacksize = arg->role_db.num_pointers + 5; | |
13166 | + | |
13167 | + if (!acl_alloc_stack_init(stacksize)) | |
13168 | + return 1; | |
13169 | + | |
13170 | + /* grab reference for the real root dentry and vfsmount */ | |
13171 | + read_lock(&child_reaper->fs->lock); | |
13172 | + real_root_mnt = mntget(child_reaper->fs->rootmnt); | |
13173 | + real_root = dget(child_reaper->fs->root); | |
13174 | + read_unlock(&child_reaper->fs->lock); | |
13175 | + | |
13176 | + fakefs_obj = acl_alloc(sizeof(struct acl_object_label)); | |
13177 | + if (fakefs_obj == NULL) | |
13178 | + return 1; | |
13179 | + fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC; | |
13180 | + | |
13181 | + subj_map_set.s_hash = | |
13182 | + (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *)); | |
13183 | + acl_role_set.r_hash = | |
13184 | + (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *)); | |
13185 | + name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *)); | |
13186 | + inodev_set.i_hash = | |
13187 | + (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *)); | |
13188 | + | |
13189 | + if (!subj_map_set.s_hash || !acl_role_set.r_hash || | |
13190 | + !name_set.n_hash || !inodev_set.i_hash) | |
13191 | + return 1; | |
13192 | + | |
13193 | + memset(subj_map_set.s_hash, 0, | |
13194 | + sizeof(struct subject_map *) * subj_map_set.s_size); | |
13195 | + memset(acl_role_set.r_hash, 0, | |
13196 | + sizeof (struct acl_role_label *) * acl_role_set.r_size); | |
13197 | + memset(name_set.n_hash, 0, | |
13198 | + sizeof (struct name_entry *) * name_set.n_size); | |
13199 | + memset(inodev_set.i_hash, 0, | |
13200 | + sizeof (struct inodev_entry *) * inodev_set.i_size); | |
13201 | + | |
13202 | + return 0; | |
13203 | +} | |
13204 | + | |
13205 | +/* free information not needed after startup | |
13206 | + currently contains user->kernel pointer mappings for subjects | |
13207 | +*/ | |
13208 | + | |
13209 | +static void | |
13210 | +free_init_variables(void) | |
13211 | +{ | |
13212 | + __u32 i; | |
13213 | + | |
13214 | + if (subj_map_set.s_hash) { | |
13215 | + for (i = 0; i < subj_map_set.s_size; i++) { | |
13216 | + if (subj_map_set.s_hash[i]) { | |
13217 | + kfree(subj_map_set.s_hash[i]); | |
13218 | + subj_map_set.s_hash[i] = NULL; | |
13219 | + } | |
13220 | + } | |
13221 | + | |
13222 | + if ((subj_map_set.s_size * sizeof (struct subject_map *)) <= | |
13223 | + PAGE_SIZE) | |
13224 | + kfree(subj_map_set.s_hash); | |
13225 | + else | |
13226 | + vfree(subj_map_set.s_hash); | |
13227 | + } | |
13228 | + | |
13229 | + return; | |
13230 | +} | |
13231 | + | |
13232 | +static void | |
13233 | +free_variables(void) | |
13234 | +{ | |
13235 | + struct acl_subject_label *s; | |
13236 | + struct acl_role_label *r; | |
13237 | + struct task_struct *task, *task2; | |
13238 | + unsigned int i, x; | |
13239 | + | |
13240 | + gr_clear_learn_entries(); | |
13241 | + | |
13242 | + read_lock(&tasklist_lock); | |
13243 | + do_each_thread(task2, task) { | |
13244 | + task->acl_sp_role = 0; | |
13245 | + task->acl_role_id = 0; | |
13246 | + task->acl = NULL; | |
13247 | + task->role = NULL; | |
13248 | + } while_each_thread(task2, task); | |
13249 | + read_unlock(&tasklist_lock); | |
13250 | + | |
13251 | + /* release the reference to the real root dentry and vfsmount */ | |
13252 | + if (real_root) | |
13253 | + dput(real_root); | |
13254 | + real_root = NULL; | |
13255 | + if (real_root_mnt) | |
13256 | + mntput(real_root_mnt); | |
13257 | + real_root_mnt = NULL; | |
13258 | + | |
13259 | + /* free all object hash tables */ | |
13260 | + | |
13261 | + FOR_EACH_ROLE_START(r, i) | |
13262 | + if (r->subj_hash == NULL) | |
13263 | + break; | |
13264 | + FOR_EACH_SUBJECT_START(r, s, x) | |
13265 | + if (s->obj_hash == NULL) | |
13266 | + break; | |
13267 | + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE) | |
13268 | + kfree(s->obj_hash); | |
13269 | + else | |
13270 | + vfree(s->obj_hash); | |
13271 | + FOR_EACH_SUBJECT_END(s, x) | |
13272 | + FOR_EACH_NESTED_SUBJECT_START(r, s) | |
13273 | + if (s->obj_hash == NULL) | |
13274 | + break; | |
13275 | + if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE) | |
13276 | + kfree(s->obj_hash); | |
13277 | + else | |
13278 | + vfree(s->obj_hash); | |
13279 | + FOR_EACH_NESTED_SUBJECT_END(s) | |
13280 | + if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE) | |
13281 | + kfree(r->subj_hash); | |
13282 | + else | |
13283 | + vfree(r->subj_hash); | |
13284 | + r->subj_hash = NULL; | |
13285 | + FOR_EACH_ROLE_END(r,i) | |
13286 | + | |
13287 | + acl_free_all(); | |
13288 | + | |
13289 | + if (acl_role_set.r_hash) { | |
13290 | + if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <= | |
13291 | + PAGE_SIZE) | |
13292 | + kfree(acl_role_set.r_hash); | |
13293 | + else | |
13294 | + vfree(acl_role_set.r_hash); | |
13295 | + } | |
13296 | + if (name_set.n_hash) { | |
13297 | + if ((name_set.n_size * sizeof (struct name_entry *)) <= | |
13298 | + PAGE_SIZE) | |
13299 | + kfree(name_set.n_hash); | |
13300 | + else | |
13301 | + vfree(name_set.n_hash); | |
13302 | + } | |
13303 | + | |
13304 | + if (inodev_set.i_hash) { | |
13305 | + if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <= | |
13306 | + PAGE_SIZE) | |
13307 | + kfree(inodev_set.i_hash); | |
13308 | + else | |
13309 | + vfree(inodev_set.i_hash); | |
13310 | + } | |
13311 | + | |
13312 | + gr_free_uidset(); | |
13313 | + | |
13314 | + memset(&name_set, 0, sizeof (struct name_db)); | |
13315 | + memset(&inodev_set, 0, sizeof (struct inodev_db)); | |
13316 | + memset(&acl_role_set, 0, sizeof (struct acl_role_db)); | |
13317 | + memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db)); | |
13318 | + | |
13319 | + default_role = NULL; | |
13320 | + | |
13321 | + return; | |
13322 | +} | |
13323 | + | |
13324 | +static __u32 | |
13325 | +count_user_objs(struct acl_object_label *userp) | |
13326 | +{ | |
13327 | + struct acl_object_label o_tmp; | |
13328 | + __u32 num = 0; | |
13329 | + | |
13330 | + while (userp) { | |
13331 | + if (copy_from_user(&o_tmp, userp, | |
13332 | + sizeof (struct acl_object_label))) | |
13333 | + break; | |
13334 | + | |
13335 | + userp = o_tmp.prev; | |
13336 | + num++; | |
13337 | + } | |
13338 | + | |
13339 | + return num; | |
13340 | +} | |
13341 | + | |
13342 | +static struct acl_subject_label * | |
13343 | +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role); | |
13344 | + | |
13345 | +static int | |
13346 | +copy_user_glob(struct acl_object_label *obj) | |
13347 | +{ | |
13348 | + struct acl_object_label *g_tmp, **guser; | |
13349 | + unsigned int len; | |
13350 | + char *tmp; | |
13351 | + | |
13352 | + if (obj->globbed == NULL) | |
13353 | + return 0; | |
13354 | + | |
13355 | + guser = &obj->globbed; | |
13356 | + while (*guser) { | |
13357 | + g_tmp = (struct acl_object_label *) | |
13358 | + acl_alloc(sizeof (struct acl_object_label)); | |
13359 | + if (g_tmp == NULL) | |
13360 | + return -ENOMEM; | |
13361 | + | |
13362 | + if (copy_from_user(g_tmp, *guser, | |
13363 | + sizeof (struct acl_object_label))) | |
13364 | + return -EFAULT; | |
13365 | + | |
13366 | + len = strnlen_user(g_tmp->filename, PATH_MAX); | |
13367 | + | |
13368 | + if (!len || len >= PATH_MAX) | |
13369 | + return -EINVAL; | |
13370 | + | |
13371 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
13372 | + return -ENOMEM; | |
13373 | + | |
13374 | + if (copy_from_user(tmp, g_tmp->filename, len)) | |
13375 | + return -EFAULT; | |
13376 | + | |
13377 | + g_tmp->filename = tmp; | |
13378 | + | |
13379 | + *guser = g_tmp; | |
13380 | + guser = &(g_tmp->next); | |
13381 | + } | |
13382 | + | |
13383 | + return 0; | |
13384 | +} | |
13385 | + | |
13386 | +static int | |
13387 | +copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj, | |
13388 | + struct acl_role_label *role) | |
13389 | +{ | |
13390 | + struct acl_object_label *o_tmp; | |
13391 | + unsigned int len; | |
13392 | + int ret; | |
13393 | + char *tmp; | |
13394 | + | |
13395 | + while (userp) { | |
13396 | + if ((o_tmp = (struct acl_object_label *) | |
13397 | + acl_alloc(sizeof (struct acl_object_label))) == NULL) | |
13398 | + return -ENOMEM; | |
13399 | + | |
13400 | + if (copy_from_user(o_tmp, userp, | |
13401 | + sizeof (struct acl_object_label))) | |
13402 | + return -EFAULT; | |
13403 | + | |
13404 | + userp = o_tmp->prev; | |
13405 | + | |
13406 | + len = strnlen_user(o_tmp->filename, PATH_MAX); | |
13407 | + | |
13408 | + if (!len || len >= PATH_MAX) | |
13409 | + return -EINVAL; | |
13410 | + | |
13411 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
13412 | + return -ENOMEM; | |
13413 | + | |
13414 | + if (copy_from_user(tmp, o_tmp->filename, len)) | |
13415 | + return -EFAULT; | |
13416 | + | |
13417 | + o_tmp->filename = tmp; | |
13418 | + | |
13419 | + insert_acl_obj_label(o_tmp, subj); | |
13420 | + if (!insert_name_entry(o_tmp->filename, o_tmp->inode, | |
13421 | + o_tmp->device)) | |
13422 | + return -ENOMEM; | |
13423 | + | |
13424 | + ret = copy_user_glob(o_tmp); | |
13425 | + if (ret) | |
13426 | + return ret; | |
13427 | + | |
13428 | + if (o_tmp->nested) { | |
13429 | + o_tmp->nested = do_copy_user_subj(o_tmp->nested, role); | |
13430 | + if (IS_ERR(o_tmp->nested)) | |
13431 | + return PTR_ERR(o_tmp->nested); | |
13432 | + | |
13433 | + /* insert into nested subject list */ | |
13434 | + o_tmp->nested->next = role->hash->first; | |
13435 | + role->hash->first = o_tmp->nested; | |
13436 | + } | |
13437 | + } | |
13438 | + | |
13439 | + return 0; | |
13440 | +} | |
13441 | + | |
13442 | +static __u32 | |
13443 | +count_user_subjs(struct acl_subject_label *userp) | |
13444 | +{ | |
13445 | + struct acl_subject_label s_tmp; | |
13446 | + __u32 num = 0; | |
13447 | + | |
13448 | + while (userp) { | |
13449 | + if (copy_from_user(&s_tmp, userp, | |
13450 | + sizeof (struct acl_subject_label))) | |
13451 | + break; | |
13452 | + | |
13453 | + userp = s_tmp.prev; | |
13454 | + /* do not count nested subjects against this count, since | |
13455 | + they are not included in the hash table, but are | |
13456 | + attached to objects. We have already counted | |
13457 | + the subjects in userspace for the allocation | |
13458 | + stack | |
13459 | + */ | |
13460 | + if (!(s_tmp.mode & GR_NESTED)) | |
13461 | + num++; | |
13462 | + } | |
13463 | + | |
13464 | + return num; | |
13465 | +} | |
13466 | + | |
13467 | +static int | |
13468 | +copy_user_allowedips(struct acl_role_label *rolep) | |
13469 | +{ | |
13470 | + struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast; | |
13471 | + | |
13472 | + ruserip = rolep->allowed_ips; | |
13473 | + | |
13474 | + while (ruserip) { | |
13475 | + rlast = rtmp; | |
13476 | + | |
13477 | + if ((rtmp = (struct role_allowed_ip *) | |
13478 | + acl_alloc(sizeof (struct role_allowed_ip))) == NULL) | |
13479 | + return -ENOMEM; | |
13480 | + | |
13481 | + if (copy_from_user(rtmp, ruserip, | |
13482 | + sizeof (struct role_allowed_ip))) | |
13483 | + return -EFAULT; | |
13484 | + | |
13485 | + ruserip = rtmp->prev; | |
13486 | + | |
13487 | + if (!rlast) { | |
13488 | + rtmp->prev = NULL; | |
13489 | + rolep->allowed_ips = rtmp; | |
13490 | + } else { | |
13491 | + rlast->next = rtmp; | |
13492 | + rtmp->prev = rlast; | |
13493 | + } | |
13494 | + | |
13495 | + if (!ruserip) | |
13496 | + rtmp->next = NULL; | |
13497 | + } | |
13498 | + | |
13499 | + return 0; | |
13500 | +} | |
13501 | + | |
13502 | +static int | |
13503 | +copy_user_transitions(struct acl_role_label *rolep) | |
13504 | +{ | |
13505 | + struct role_transition *rusertp, *rtmp = NULL, *rlast; | |
13506 | + | |
13507 | + unsigned int len; | |
13508 | + char *tmp; | |
13509 | + | |
13510 | + rusertp = rolep->transitions; | |
13511 | + | |
13512 | + while (rusertp) { | |
13513 | + rlast = rtmp; | |
13514 | + | |
13515 | + if ((rtmp = (struct role_transition *) | |
13516 | + acl_alloc(sizeof (struct role_transition))) == NULL) | |
13517 | + return -ENOMEM; | |
13518 | + | |
13519 | + if (copy_from_user(rtmp, rusertp, | |
13520 | + sizeof (struct role_transition))) | |
13521 | + return -EFAULT; | |
13522 | + | |
13523 | + rusertp = rtmp->prev; | |
13524 | + | |
13525 | + len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN); | |
13526 | + | |
13527 | + if (!len || len >= GR_SPROLE_LEN) | |
13528 | + return -EINVAL; | |
13529 | + | |
13530 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
13531 | + return -ENOMEM; | |
13532 | + | |
13533 | + if (copy_from_user(tmp, rtmp->rolename, len)) | |
13534 | + return -EFAULT; | |
13535 | + | |
13536 | + rtmp->rolename = tmp; | |
13537 | + | |
13538 | + if (!rlast) { | |
13539 | + rtmp->prev = NULL; | |
13540 | + rolep->transitions = rtmp; | |
13541 | + } else { | |
13542 | + rlast->next = rtmp; | |
13543 | + rtmp->prev = rlast; | |
13544 | + } | |
13545 | + | |
13546 | + if (!rusertp) | |
13547 | + rtmp->next = NULL; | |
13548 | + } | |
13549 | + | |
13550 | + return 0; | |
13551 | +} | |
13552 | + | |
13553 | +static struct acl_subject_label * | |
13554 | +do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role) | |
13555 | +{ | |
13556 | + struct acl_subject_label *s_tmp = NULL, *s_tmp2; | |
13557 | + unsigned int len; | |
13558 | + char *tmp; | |
13559 | + __u32 num_objs; | |
13560 | + struct acl_ip_label **i_tmp, *i_utmp2; | |
13561 | + struct gr_hash_struct ghash; | |
13562 | + struct subject_map *subjmap; | |
13563 | + unsigned int i_num; | |
13564 | + int err; | |
13565 | + | |
13566 | + s_tmp = lookup_subject_map(userp); | |
13567 | + | |
13568 | + /* we've already copied this subject into the kernel, just return | |
13569 | + the reference to it, and don't copy it over again | |
13570 | + */ | |
13571 | + if (s_tmp) | |
13572 | + return(s_tmp); | |
13573 | + | |
13574 | + if ((s_tmp = (struct acl_subject_label *) | |
13575 | + acl_alloc(sizeof (struct acl_subject_label))) == NULL) | |
13576 | + return ERR_PTR(-ENOMEM); | |
13577 | + | |
13578 | + subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL); | |
13579 | + if (subjmap == NULL) | |
13580 | + return ERR_PTR(-ENOMEM); | |
13581 | + | |
13582 | + subjmap->user = userp; | |
13583 | + subjmap->kernel = s_tmp; | |
13584 | + insert_subj_map_entry(subjmap); | |
13585 | + | |
13586 | + if (copy_from_user(s_tmp, userp, | |
13587 | + sizeof (struct acl_subject_label))) | |
13588 | + return ERR_PTR(-EFAULT); | |
13589 | + | |
13590 | + len = strnlen_user(s_tmp->filename, PATH_MAX); | |
13591 | + | |
13592 | + if (!len || len >= PATH_MAX) | |
13593 | + return ERR_PTR(-EINVAL); | |
13594 | + | |
13595 | + if ((tmp = (char *) acl_alloc(len)) == NULL) | |
13596 | + return ERR_PTR(-ENOMEM); | |
13597 | + | |
13598 | + if (copy_from_user(tmp, s_tmp->filename, len)) | |
13599 | + return ERR_PTR(-EFAULT); | |
13600 | + | |
13601 | + s_tmp->filename = tmp; | |
13602 | + | |
13603 | + if (!strcmp(s_tmp->filename, "/")) | |
13604 | + role->root_label = s_tmp; | |
13605 | + | |
13606 | + if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct))) | |
13607 | + return ERR_PTR(-EFAULT); | |
13608 | + | |
13609 | + /* copy user and group transition tables */ | |
13610 | + | |
13611 | + if (s_tmp->user_trans_num) { | |
13612 | + uid_t *uidlist; | |
13613 | + | |
13614 | + uidlist = (uid_t *)acl_alloc(s_tmp->user_trans_num * sizeof(uid_t)); | |
13615 | + if (uidlist == NULL) | |
13616 | + return ERR_PTR(-ENOMEM); | |
13617 | + if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t))) | |
13618 | + return ERR_PTR(-EFAULT); | |
13619 | + | |
13620 | + s_tmp->user_transitions = uidlist; | |
13621 | + } | |
13622 | + | |
13623 | + if (s_tmp->group_trans_num) { | |
13624 | + gid_t *gidlist; | |
13625 | + | |
13626 | + gidlist = (gid_t *)acl_alloc(s_tmp->group_trans_num * sizeof(gid_t)); | |
13627 | + if (gidlist == NULL) | |
13628 | + return ERR_PTR(-ENOMEM); | |
13629 | + if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t))) | |
13630 | + return ERR_PTR(-EFAULT); | |
13631 | + | |
13632 | + s_tmp->group_transitions = gidlist; | |
13633 | + } | |
13634 | + | |
13635 | + /* set up object hash table */ | |
13636 | + num_objs = count_user_objs(ghash.first); | |
13637 | + | |
13638 | + s_tmp->obj_hash_size = num_objs; | |
13639 | + s_tmp->obj_hash = | |
13640 | + (struct acl_object_label **) | |
13641 | + create_table(&(s_tmp->obj_hash_size), sizeof(void *)); | |
13642 | + | |
13643 | + if (!s_tmp->obj_hash) | |
13644 | + return ERR_PTR(-ENOMEM); | |
13645 | + | |
13646 | + memset(s_tmp->obj_hash, 0, | |
13647 | + s_tmp->obj_hash_size * | |
13648 | + sizeof (struct acl_object_label *)); | |
13649 | + | |
13650 | + /* add in objects */ | |
13651 | + err = copy_user_objs(ghash.first, s_tmp, role); | |
13652 | + | |
13653 | + if (err) | |
13654 | + return ERR_PTR(err); | |
13655 | + | |
13656 | + /* set pointer for parent subject */ | |
13657 | + if (s_tmp->parent_subject) { | |
13658 | + s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role); | |
13659 | + | |
13660 | + if (IS_ERR(s_tmp2)) | |
13661 | + return s_tmp2; | |
13662 | + | |
13663 | + s_tmp->parent_subject = s_tmp2; | |
13664 | + } | |
13665 | + | |
13666 | + /* add in ip acls */ | |
13667 | + | |
13668 | + if (!s_tmp->ip_num) { | |
13669 | + s_tmp->ips = NULL; | |
13670 | + goto insert; | |
13671 | + } | |
13672 | + | |
13673 | + i_tmp = | |
13674 | + (struct acl_ip_label **) acl_alloc(s_tmp->ip_num * | |
13675 | + sizeof (struct | |
13676 | + acl_ip_label *)); | |
13677 | + | |
13678 | + if (!i_tmp) | |
13679 | + return ERR_PTR(-ENOMEM); | |
13680 | + | |
13681 | + for (i_num = 0; i_num < s_tmp->ip_num; i_num++) { | |
13682 | + *(i_tmp + i_num) = | |
13683 | + (struct acl_ip_label *) | |
13684 | + acl_alloc(sizeof (struct acl_ip_label)); | |
13685 | + if (!*(i_tmp + i_num)) | |
13686 | + return ERR_PTR(-ENOMEM); | |
13687 | + | |
13688 | + if (copy_from_user | |
13689 | + (&i_utmp2, s_tmp->ips + i_num, | |
13690 | + sizeof (struct acl_ip_label *))) | |
13691 | + return ERR_PTR(-EFAULT); | |
13692 | + | |
13693 | + if (copy_from_user | |
13694 | + (*(i_tmp + i_num), i_utmp2, | |
13695 | + sizeof (struct acl_ip_label))) | |
13696 | + return ERR_PTR(-EFAULT); | |
13697 | + | |
13698 | + if ((*(i_tmp + i_num))->iface == NULL) | |
13699 | + continue; | |
13700 | + | |
13701 | + len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ); | |
13702 | + if (!len || len >= IFNAMSIZ) | |
13703 | + return ERR_PTR(-EINVAL); | |
13704 | + tmp = acl_alloc(len); | |
13705 | + if (tmp == NULL) | |
13706 | + return ERR_PTR(-ENOMEM); | |
13707 | + if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len)) | |
13708 | + return ERR_PTR(-EFAULT); | |
13709 | + (*(i_tmp + i_num))->iface = tmp; | |
13710 | + } | |
13711 | + | |
13712 | + s_tmp->ips = i_tmp; | |
13713 | + | |
13714 | +insert: | |
13715 | + if (!insert_name_entry(s_tmp->filename, s_tmp->inode, | |
13716 | + s_tmp->device)) | |
13717 | + return ERR_PTR(-ENOMEM); | |
13718 | + | |
13719 | + return s_tmp; | |
13720 | +} | |
13721 | + | |
13722 | +static int | |
13723 | +copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role) | |
13724 | +{ | |
13725 | + struct acl_subject_label s_pre; | |
13726 | + struct acl_subject_label * ret; | |
13727 | + int err; | |
13728 | + | |
13729 | + while (userp) { | |
13730 | + if (copy_from_user(&s_pre, userp, | |
13731 | + sizeof (struct acl_subject_label))) | |
13732 | + return -EFAULT; | |
13733 | + | |
13734 | + /* do not add nested subjects here, add | |
13735 | + while parsing objects | |
13736 | + */ | |
13737 | + | |
13738 | + if (s_pre.mode & GR_NESTED) { | |
13739 | + userp = s_pre.prev; | |
13740 | + continue; | |
13741 | + } | |
13742 | + | |
13743 | + ret = do_copy_user_subj(userp, role); | |
13744 | + | |
13745 | + err = PTR_ERR(ret); | |
13746 | + if (IS_ERR(ret)) | |
13747 | + return err; | |
13748 | + | |
13749 | + insert_acl_subj_label(ret, role); | |
13750 | + | |
13751 | + userp = s_pre.prev; | |
13752 | + } | |
13753 | + | |
13754 | + return 0; | |
13755 | +} | |
13756 | + | |
13757 | +static int | |
13758 | +copy_user_acl(struct gr_arg *arg) | |
13759 | +{ | |
13760 | + struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2; | |
13761 | + struct sprole_pw *sptmp; | |
13762 | + struct gr_hash_struct *ghash; | |
13763 | + uid_t *domainlist; | |
13764 | + unsigned int r_num; | |
13765 | + unsigned int len; | |
13766 | + char *tmp; | |
13767 | + int err = 0; | |
13768 | + __u16 i; | |
13769 | + __u32 num_subjs; | |
13770 | + | |
13771 | + /* we need a default and kernel role */ | |
13772 | + if (arg->role_db.num_roles < 2) | |
13773 | + return -EINVAL; | |
13774 | + | |
13775 | + /* copy special role authentication info from userspace */ | |
13776 | + | |
13777 | + num_sprole_pws = arg->num_sprole_pws; | |
13778 | + acl_special_roles = (struct sprole_pw **) acl_alloc(num_sprole_pws * sizeof(struct sprole_pw *)); | |
13779 | + | |
13780 | + if (!acl_special_roles) { | |
13781 | + err = -ENOMEM; | |
13782 | + goto cleanup; | |
13783 | + } | |
13784 | + | |
13785 | + for (i = 0; i < num_sprole_pws; i++) { | |
13786 | + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw)); | |
13787 | + if (!sptmp) { | |
13788 | + err = -ENOMEM; | |
13789 | + goto cleanup; | |
13790 | + } | |
13791 | + if (copy_from_user(sptmp, arg->sprole_pws + i, | |
13792 | + sizeof (struct sprole_pw))) { | |
13793 | + err = -EFAULT; | |
13794 | + goto cleanup; | |
13795 | + } | |
13796 | + | |
13797 | + len = | |
13798 | + strnlen_user(sptmp->rolename, GR_SPROLE_LEN); | |
13799 | + | |
13800 | + if (!len || len >= GR_SPROLE_LEN) { | |
13801 | + err = -EINVAL; | |
13802 | + goto cleanup; | |
13803 | + } | |
13804 | + | |
13805 | + if ((tmp = (char *) acl_alloc(len)) == NULL) { | |
13806 | + err = -ENOMEM; | |
13807 | + goto cleanup; | |
13808 | + } | |
13809 | + | |
13810 | + if (copy_from_user(tmp, sptmp->rolename, len)) { | |
13811 | + err = -EFAULT; | |
13812 | + goto cleanup; | |
13813 | + } | |
13814 | + | |
13815 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
13816 | + printk(KERN_ALERT "Copying special role %s\n", tmp); | |
13817 | +#endif | |
13818 | + sptmp->rolename = tmp; | |
13819 | + acl_special_roles[i] = sptmp; | |
13820 | + } | |
13821 | + | |
13822 | + r_utmp = (struct acl_role_label **) arg->role_db.r_table; | |
13823 | + | |
13824 | + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) { | |
13825 | + r_tmp = acl_alloc(sizeof (struct acl_role_label)); | |
13826 | + | |
13827 | + if (!r_tmp) { | |
13828 | + err = -ENOMEM; | |
13829 | + goto cleanup; | |
13830 | + } | |
13831 | + | |
13832 | + if (copy_from_user(&r_utmp2, r_utmp + r_num, | |
13833 | + sizeof (struct acl_role_label *))) { | |
13834 | + err = -EFAULT; | |
13835 | + goto cleanup; | |
13836 | + } | |
13837 | + | |
13838 | + if (copy_from_user(r_tmp, r_utmp2, | |
13839 | + sizeof (struct acl_role_label))) { | |
13840 | + err = -EFAULT; | |
13841 | + goto cleanup; | |
13842 | + } | |
13843 | + | |
13844 | + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN); | |
13845 | + | |
13846 | + if (!len || len >= PATH_MAX) { | |
13847 | + err = -EINVAL; | |
13848 | + goto cleanup; | |
13849 | + } | |
13850 | + | |
13851 | + if ((tmp = (char *) acl_alloc(len)) == NULL) { | |
13852 | + err = -ENOMEM; | |
13853 | + goto cleanup; | |
13854 | + } | |
13855 | + if (copy_from_user(tmp, r_tmp->rolename, len)) { | |
13856 | + err = -EFAULT; | |
13857 | + goto cleanup; | |
13858 | + } | |
13859 | + r_tmp->rolename = tmp; | |
13860 | + | |
13861 | + if (!strcmp(r_tmp->rolename, "default") | |
13862 | + && (r_tmp->roletype & GR_ROLE_DEFAULT)) { | |
13863 | + default_role = r_tmp; | |
13864 | + } else if (!strcmp(r_tmp->rolename, ":::kernel:::")) { | |
13865 | + kernel_role = r_tmp; | |
13866 | + } | |
13867 | + | |
13868 | + if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) { | |
13869 | + err = -ENOMEM; | |
13870 | + goto cleanup; | |
13871 | + } | |
13872 | + if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) { | |
13873 | + err = -EFAULT; | |
13874 | + goto cleanup; | |
13875 | + } | |
13876 | + | |
13877 | + r_tmp->hash = ghash; | |
13878 | + | |
13879 | + num_subjs = count_user_subjs(r_tmp->hash->first); | |
13880 | + | |
13881 | + r_tmp->subj_hash_size = num_subjs; | |
13882 | + r_tmp->subj_hash = | |
13883 | + (struct acl_subject_label **) | |
13884 | + create_table(&(r_tmp->subj_hash_size), sizeof(void *)); | |
13885 | + | |
13886 | + if (!r_tmp->subj_hash) { | |
13887 | + err = -ENOMEM; | |
13888 | + goto cleanup; | |
13889 | + } | |
13890 | + | |
13891 | + err = copy_user_allowedips(r_tmp); | |
13892 | + if (err) | |
13893 | + goto cleanup; | |
13894 | + | |
13895 | + /* copy domain info */ | |
13896 | + if (r_tmp->domain_children != NULL) { | |
13897 | + domainlist = acl_alloc(r_tmp->domain_child_num * sizeof(uid_t)); | |
13898 | + if (domainlist == NULL) { | |
13899 | + err = -ENOMEM; | |
13900 | + goto cleanup; | |
13901 | + } | |
13902 | + if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) { | |
13903 | + err = -EFAULT; | |
13904 | + goto cleanup; | |
13905 | + } | |
13906 | + r_tmp->domain_children = domainlist; | |
13907 | + } | |
13908 | + | |
13909 | + err = copy_user_transitions(r_tmp); | |
13910 | + if (err) | |
13911 | + goto cleanup; | |
13912 | + | |
13913 | + memset(r_tmp->subj_hash, 0, | |
13914 | + r_tmp->subj_hash_size * | |
13915 | + sizeof (struct acl_subject_label *)); | |
13916 | + | |
13917 | + err = copy_user_subjs(r_tmp->hash->first, r_tmp); | |
13918 | + | |
13919 | + if (err) | |
13920 | + goto cleanup; | |
13921 | + | |
13922 | + /* set nested subject list to null */ | |
13923 | + r_tmp->hash->first = NULL; | |
13924 | + | |
13925 | + insert_acl_role_label(r_tmp); | |
13926 | + } | |
13927 | + | |
13928 | + goto return_err; | |
13929 | + cleanup: | |
13930 | + free_variables(); | |
13931 | + return_err: | |
13932 | + return err; | |
13933 | + | |
13934 | +} | |
13935 | + | |
13936 | +static int | |
13937 | +gracl_init(struct gr_arg *args) | |
13938 | +{ | |
13939 | + int error = 0; | |
13940 | + | |
13941 | + memcpy(gr_system_salt, args->salt, GR_SALT_LEN); | |
13942 | + memcpy(gr_system_sum, args->sum, GR_SHA_LEN); | |
13943 | + | |
13944 | + if (init_variables(args)) { | |
13945 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION); | |
13946 | + error = -ENOMEM; | |
13947 | + free_variables(); | |
13948 | + goto out; | |
13949 | + } | |
13950 | + | |
13951 | + error = copy_user_acl(args); | |
13952 | + free_init_variables(); | |
13953 | + if (error) { | |
13954 | + free_variables(); | |
13955 | + goto out; | |
13956 | + } | |
13957 | + | |
13958 | + if ((error = gr_set_acls(0))) { | |
13959 | + free_variables(); | |
13960 | + goto out; | |
13961 | + } | |
13962 | + | |
13963 | + gr_status |= GR_READY; | |
13964 | + out: | |
13965 | + return error; | |
13966 | +} | |
13967 | + | |
13968 | +/* derived from glibc fnmatch() 0: match, 1: no match*/ | |
13969 | + | |
13970 | +static int | |
13971 | +glob_match(const char *p, const char *n) | |
13972 | +{ | |
13973 | + char c; | |
13974 | + | |
13975 | + while ((c = *p++) != '\0') { | |
13976 | + switch (c) { | |
13977 | + case '?': | |
13978 | + if (*n == '\0') | |
13979 | + return 1; | |
13980 | + else if (*n == '/') | |
13981 | + return 1; | |
13982 | + break; | |
13983 | + case '\\': | |
13984 | + if (*n != c) | |
13985 | + return 1; | |
13986 | + break; | |
13987 | + case '*': | |
13988 | + for (c = *p++; c == '?' || c == '*'; c = *p++) { | |
13989 | + if (*n == '/') | |
13990 | + return 1; | |
13991 | + else if (c == '?') { | |
13992 | + if (*n == '\0') | |
13993 | + return 1; | |
13994 | + else | |
13995 | + ++n; | |
13996 | + } | |
13997 | + } | |
13998 | + if (c == '\0') { | |
13999 | + return 0; | |
14000 | + } else { | |
14001 | + const char *endp; | |
14002 | + | |
14003 | + if ((endp = strchr(n, '/')) == NULL) | |
14004 | + endp = n + strlen(n); | |
14005 | + | |
14006 | + if (c == '[') { | |
14007 | + for (--p; n < endp; ++n) | |
14008 | + if (!glob_match(p, n)) | |
14009 | + return 0; | |
14010 | + } else if (c == '/') { | |
14011 | + while (*n != '\0' && *n != '/') | |
14012 | + ++n; | |
14013 | + if (*n == '/' && !glob_match(p, n + 1)) | |
14014 | + return 0; | |
14015 | + } else { | |
14016 | + for (--p; n < endp; ++n) | |
14017 | + if (*n == c && !glob_match(p, n)) | |
14018 | + return 0; | |
14019 | + } | |
14020 | + | |
14021 | + return 1; | |
14022 | + } | |
14023 | + case '[': | |
14024 | + { | |
14025 | + int not; | |
14026 | + char cold; | |
14027 | + | |
14028 | + if (*n == '\0' || *n == '/') | |
14029 | + return 1; | |
14030 | + | |
14031 | + not = (*p == '!' || *p == '^'); | |
14032 | + if (not) | |
14033 | + ++p; | |
14034 | + | |
14035 | + c = *p++; | |
14036 | + for (;;) { | |
14037 | + unsigned char fn = (unsigned char)*n; | |
14038 | + | |
14039 | + if (c == '\0') | |
14040 | + return 1; | |
14041 | + else { | |
14042 | + if (c == fn) | |
14043 | + goto matched; | |
14044 | + cold = c; | |
14045 | + c = *p++; | |
14046 | + | |
14047 | + if (c == '-' && *p != ']') { | |
14048 | + unsigned char cend = *p++; | |
14049 | + | |
14050 | + if (cend == '\0') | |
14051 | + return 1; | |
14052 | + | |
14053 | + if (cold <= fn && fn <= cend) | |
14054 | + goto matched; | |
14055 | + | |
14056 | + c = *p++; | |
14057 | + } | |
14058 | + } | |
14059 | + | |
14060 | + if (c == ']') | |
14061 | + break; | |
14062 | + } | |
14063 | + if (!not) | |
14064 | + return 1; | |
14065 | + break; | |
14066 | + matched: | |
14067 | + while (c != ']') { | |
14068 | + if (c == '\0') | |
14069 | + return 1; | |
14070 | + | |
14071 | + c = *p++; | |
14072 | + } | |
14073 | + if (not) | |
14074 | + return 1; | |
14075 | + } | |
14076 | + break; | |
14077 | + default: | |
14078 | + if (c != *n) | |
14079 | + return 1; | |
14080 | + } | |
14081 | + | |
14082 | + ++n; | |
14083 | + } | |
14084 | + | |
14085 | + if (*n == '\0') | |
14086 | + return 0; | |
14087 | + | |
14088 | + if (*n == '/') | |
14089 | + return 0; | |
14090 | + | |
14091 | + return 1; | |
14092 | +} | |
14093 | + | |
14094 | +static struct acl_object_label * | |
14095 | +chk_glob_label(struct acl_object_label *globbed, | |
14096 | + struct dentry *dentry, struct vfsmount *mnt, char **path) | |
14097 | +{ | |
14098 | + struct acl_object_label *tmp; | |
14099 | + | |
14100 | + if (*path == NULL) | |
14101 | + *path = gr_to_filename_nolock(dentry, mnt); | |
14102 | + | |
14103 | + tmp = globbed; | |
14104 | + | |
14105 | + while (tmp) { | |
14106 | + if (!glob_match(tmp->filename, *path)) | |
14107 | + return tmp; | |
14108 | + tmp = tmp->next; | |
14109 | + } | |
14110 | + | |
14111 | + return NULL; | |
14112 | +} | |
14113 | + | |
14114 | +static struct acl_object_label * | |
14115 | +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt, | |
14116 | + const ino_t curr_ino, const dev_t curr_dev, | |
14117 | + const struct acl_subject_label *subj, char **path) | |
14118 | +{ | |
14119 | + struct acl_subject_label *tmpsubj; | |
14120 | + struct acl_object_label *retval; | |
14121 | + struct acl_object_label *retval2; | |
14122 | + | |
14123 | + tmpsubj = (struct acl_subject_label *) subj; | |
14124 | + read_lock(&gr_inode_lock); | |
14125 | + do { | |
14126 | + retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj); | |
14127 | + if (retval) { | |
14128 | + if (retval->globbed) { | |
14129 | + retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry, | |
14130 | + (struct vfsmount *)orig_mnt, path); | |
14131 | + if (retval2) | |
14132 | + retval = retval2; | |
14133 | + } | |
14134 | + break; | |
14135 | + } | |
14136 | + } while ((tmpsubj = tmpsubj->parent_subject)); | |
14137 | + read_unlock(&gr_inode_lock); | |
14138 | + | |
14139 | + return retval; | |
14140 | +} | |
14141 | + | |
14142 | +static __inline__ struct acl_object_label * | |
14143 | +full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt, | |
14144 | + const struct dentry *curr_dentry, | |
14145 | + const struct acl_subject_label *subj, char **path) | |
14146 | +{ | |
14147 | + return __full_lookup(orig_dentry, orig_mnt, | |
14148 | + curr_dentry->d_inode->i_ino, | |
14149 | + curr_dentry->d_inode->i_sb->s_dev, subj, path); | |
14150 | +} | |
14151 | + | |
14152 | +static struct acl_object_label * | |
14153 | +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
14154 | + const struct acl_subject_label *subj, char *path) | |
14155 | +{ | |
14156 | + struct dentry *dentry = (struct dentry *) l_dentry; | |
14157 | + struct vfsmount *mnt = (struct vfsmount *) l_mnt; | |
14158 | + struct acl_object_label *retval; | |
14159 | + | |
14160 | + spin_lock(&dcache_lock); | |
14161 | + | |
14162 | + if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt)) { | |
14163 | + retval = fakefs_obj; | |
14164 | + goto out; | |
14165 | + } | |
14166 | + | |
14167 | + for (;;) { | |
14168 | + if (dentry == real_root && mnt == real_root_mnt) | |
14169 | + break; | |
14170 | + | |
14171 | + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { | |
14172 | + if (mnt->mnt_parent == mnt) | |
14173 | + break; | |
14174 | + | |
14175 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
14176 | + if (retval != NULL) | |
14177 | + goto out; | |
14178 | + | |
14179 | + dentry = mnt->mnt_mountpoint; | |
14180 | + mnt = mnt->mnt_parent; | |
14181 | + continue; | |
14182 | + } | |
14183 | + | |
14184 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
14185 | + if (retval != NULL) | |
14186 | + goto out; | |
14187 | + | |
14188 | + dentry = dentry->d_parent; | |
14189 | + } | |
14190 | + | |
14191 | + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path); | |
14192 | + | |
14193 | + if (retval == NULL) | |
14194 | + retval = full_lookup(l_dentry, l_mnt, real_root, subj, &path); | |
14195 | +out: | |
14196 | + spin_unlock(&dcache_lock); | |
14197 | + return retval; | |
14198 | +} | |
14199 | + | |
14200 | +static __inline__ struct acl_object_label * | |
14201 | +chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
14202 | + const struct acl_subject_label *subj) | |
14203 | +{ | |
14204 | + char *path = NULL; | |
14205 | + return __chk_obj_label(l_dentry, l_mnt, subj, path); | |
14206 | +} | |
14207 | + | |
14208 | +static __inline__ struct acl_object_label * | |
14209 | +chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
14210 | + const struct acl_subject_label *subj, char *path) | |
14211 | +{ | |
14212 | + return __chk_obj_label(l_dentry, l_mnt, subj, path); | |
14213 | +} | |
14214 | + | |
14215 | +static struct acl_subject_label * | |
14216 | +chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, | |
14217 | + const struct acl_role_label *role) | |
14218 | +{ | |
14219 | + struct dentry *dentry = (struct dentry *) l_dentry; | |
14220 | + struct vfsmount *mnt = (struct vfsmount *) l_mnt; | |
14221 | + struct acl_subject_label *retval; | |
14222 | + | |
14223 | + spin_lock(&dcache_lock); | |
14224 | + | |
14225 | + for (;;) { | |
14226 | + if (dentry == real_root && mnt == real_root_mnt) | |
14227 | + break; | |
14228 | + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { | |
14229 | + if (mnt->mnt_parent == mnt) | |
14230 | + break; | |
14231 | + | |
14232 | + read_lock(&gr_inode_lock); | |
14233 | + retval = | |
14234 | + lookup_acl_subj_label(dentry->d_inode->i_ino, | |
14235 | + dentry->d_inode->i_sb->s_dev, role); | |
14236 | + read_unlock(&gr_inode_lock); | |
14237 | + if (retval != NULL) | |
14238 | + goto out; | |
14239 | + | |
14240 | + dentry = mnt->mnt_mountpoint; | |
14241 | + mnt = mnt->mnt_parent; | |
14242 | + continue; | |
14243 | + } | |
14244 | + | |
14245 | + read_lock(&gr_inode_lock); | |
14246 | + retval = lookup_acl_subj_label(dentry->d_inode->i_ino, | |
14247 | + dentry->d_inode->i_sb->s_dev, role); | |
14248 | + read_unlock(&gr_inode_lock); | |
14249 | + if (retval != NULL) | |
14250 | + goto out; | |
14251 | + | |
14252 | + dentry = dentry->d_parent; | |
14253 | + } | |
14254 | + | |
14255 | + read_lock(&gr_inode_lock); | |
14256 | + retval = lookup_acl_subj_label(dentry->d_inode->i_ino, | |
14257 | + dentry->d_inode->i_sb->s_dev, role); | |
14258 | + read_unlock(&gr_inode_lock); | |
14259 | + | |
14260 | + if (unlikely(retval == NULL)) { | |
14261 | + read_lock(&gr_inode_lock); | |
14262 | + retval = lookup_acl_subj_label(real_root->d_inode->i_ino, | |
14263 | + real_root->d_inode->i_sb->s_dev, role); | |
14264 | + read_unlock(&gr_inode_lock); | |
14265 | + } | |
14266 | +out: | |
14267 | + spin_unlock(&dcache_lock); | |
14268 | + | |
14269 | + return retval; | |
14270 | +} | |
14271 | + | |
14272 | +static void | |
14273 | +gr_log_learn(const struct task_struct *task, const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode) | |
14274 | +{ | |
14275 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype, | |
14276 | + task->uid, task->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry, | |
14277 | + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename, | |
14278 | + 1, 1, gr_to_filename(dentry, mnt), (unsigned long) mode, NIPQUAD(task->signal->curr_ip)); | |
14279 | + | |
14280 | + return; | |
14281 | +} | |
14282 | + | |
14283 | +static void | |
14284 | +gr_log_learn_id_change(const struct task_struct *task, const char type, const unsigned int real, | |
14285 | + const unsigned int effective, const unsigned int fs) | |
14286 | +{ | |
14287 | + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype, | |
14288 | + task->uid, task->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_dentry, | |
14289 | + task->exec_file->f_vfsmnt) : task->acl->filename, task->acl->filename, | |
14290 | + type, real, effective, fs, NIPQUAD(task->signal->curr_ip)); | |
14291 | + | |
14292 | + return; | |
14293 | +} | |
14294 | + | |
14295 | +__u32 | |
14296 | +gr_check_link(const struct dentry * new_dentry, | |
14297 | + const struct dentry * parent_dentry, | |
14298 | + const struct vfsmount * parent_mnt, | |
14299 | + const struct dentry * old_dentry, const struct vfsmount * old_mnt) | |
14300 | +{ | |
14301 | + struct acl_object_label *obj; | |
14302 | + __u32 oldmode, newmode; | |
14303 | + __u32 needmode; | |
14304 | + | |
14305 | + if (unlikely(!(gr_status & GR_READY))) | |
14306 | + return (GR_CREATE | GR_LINK); | |
14307 | + | |
14308 | + obj = chk_obj_label(old_dentry, old_mnt, current->acl); | |
14309 | + oldmode = obj->mode; | |
14310 | + | |
14311 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
14312 | + oldmode |= (GR_CREATE | GR_LINK); | |
14313 | + | |
14314 | + needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS; | |
14315 | + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID)) | |
14316 | + needmode |= GR_SETID | GR_AUDIT_SETID; | |
14317 | + | |
14318 | + newmode = | |
14319 | + gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
14320 | + oldmode | needmode); | |
14321 | + | |
14322 | + needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC | | |
14323 | + GR_SETID | GR_READ | GR_FIND | GR_DELETE | | |
14324 | + GR_INHERIT | GR_AUDIT_INHERIT); | |
14325 | + | |
14326 | + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID)) | |
14327 | + goto bad; | |
14328 | + | |
14329 | + if ((oldmode & needmode) != needmode) | |
14330 | + goto bad; | |
14331 | + | |
14332 | + needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS); | |
14333 | + if ((newmode & needmode) != needmode) | |
14334 | + goto bad; | |
14335 | + | |
14336 | + if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK)) | |
14337 | + return newmode; | |
14338 | +bad: | |
14339 | + needmode = oldmode; | |
14340 | + if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID)) | |
14341 | + needmode |= GR_SETID; | |
14342 | + | |
14343 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
14344 | + gr_log_learn(current, old_dentry, old_mnt, needmode); | |
14345 | + return (GR_CREATE | GR_LINK); | |
14346 | + } else if (newmode & GR_SUPPRESS) | |
14347 | + return GR_SUPPRESS; | |
14348 | + else | |
14349 | + return 0; | |
14350 | +} | |
14351 | + | |
14352 | +__u32 | |
14353 | +gr_search_file(const struct dentry * dentry, const __u32 mode, | |
14354 | + const struct vfsmount * mnt) | |
14355 | +{ | |
14356 | + __u32 retval = mode; | |
14357 | + struct acl_subject_label *curracl; | |
14358 | + struct acl_object_label *currobj; | |
14359 | + | |
14360 | + if (unlikely(!(gr_status & GR_READY))) | |
14361 | + return (mode & ~GR_AUDITS); | |
14362 | + | |
14363 | + curracl = current->acl; | |
14364 | + | |
14365 | + currobj = chk_obj_label(dentry, mnt, curracl); | |
14366 | + retval = currobj->mode & mode; | |
14367 | + | |
14368 | + if (unlikely | |
14369 | + ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE) | |
14370 | + && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) { | |
14371 | + __u32 new_mode = mode; | |
14372 | + | |
14373 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
14374 | + | |
14375 | + retval = new_mode; | |
14376 | + | |
14377 | + if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN) | |
14378 | + new_mode |= GR_INHERIT; | |
14379 | + | |
14380 | + if (!(mode & GR_NOLEARN)) | |
14381 | + gr_log_learn(current, dentry, mnt, new_mode); | |
14382 | + } | |
14383 | + | |
14384 | + return retval; | |
14385 | +} | |
14386 | + | |
14387 | +__u32 | |
14388 | +gr_check_create(const struct dentry * new_dentry, const struct dentry * parent, | |
14389 | + const struct vfsmount * mnt, const __u32 mode) | |
14390 | +{ | |
14391 | + struct name_entry *match; | |
14392 | + struct acl_object_label *matchpo; | |
14393 | + struct acl_subject_label *curracl; | |
14394 | + char *path; | |
14395 | + __u32 retval; | |
14396 | + | |
14397 | + if (unlikely(!(gr_status & GR_READY))) | |
14398 | + return (mode & ~GR_AUDITS); | |
14399 | + | |
14400 | + preempt_disable(); | |
14401 | + path = gr_to_filename_rbac(new_dentry, mnt); | |
14402 | + match = lookup_name_entry(path); | |
14403 | + | |
14404 | + if (!match) | |
14405 | + goto check_parent; | |
14406 | + | |
14407 | + curracl = current->acl; | |
14408 | + | |
14409 | + read_lock(&gr_inode_lock); | |
14410 | + matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl); | |
14411 | + read_unlock(&gr_inode_lock); | |
14412 | + | |
14413 | + if (matchpo) { | |
14414 | + if ((matchpo->mode & mode) != | |
14415 | + (mode & ~(GR_AUDITS | GR_SUPPRESS)) | |
14416 | + && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
14417 | + __u32 new_mode = mode; | |
14418 | + | |
14419 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
14420 | + | |
14421 | + gr_log_learn(current, new_dentry, mnt, new_mode); | |
14422 | + | |
14423 | + preempt_enable(); | |
14424 | + return new_mode; | |
14425 | + } | |
14426 | + preempt_enable(); | |
14427 | + return (matchpo->mode & mode); | |
14428 | + } | |
14429 | + | |
14430 | + check_parent: | |
14431 | + curracl = current->acl; | |
14432 | + | |
14433 | + matchpo = chk_obj_create_label(parent, mnt, curracl, path); | |
14434 | + retval = matchpo->mode & mode; | |
14435 | + | |
14436 | + if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))) | |
14437 | + && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) { | |
14438 | + __u32 new_mode = mode; | |
14439 | + | |
14440 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
14441 | + | |
14442 | + gr_log_learn(current, new_dentry, mnt, new_mode); | |
14443 | + preempt_enable(); | |
14444 | + return new_mode; | |
14445 | + } | |
14446 | + | |
14447 | + preempt_enable(); | |
14448 | + return retval; | |
14449 | +} | |
14450 | + | |
14451 | +int | |
14452 | +gr_check_hidden_task(const struct task_struct *task) | |
14453 | +{ | |
14454 | + if (unlikely(!(gr_status & GR_READY))) | |
14455 | + return 0; | |
14456 | + | |
14457 | + if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW)) | |
14458 | + return 1; | |
14459 | + | |
14460 | + return 0; | |
14461 | +} | |
14462 | + | |
14463 | +int | |
14464 | +gr_check_protected_task(const struct task_struct *task) | |
14465 | +{ | |
14466 | + if (unlikely(!(gr_status & GR_READY) || !task)) | |
14467 | + return 0; | |
14468 | + | |
14469 | + if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) && | |
14470 | + task->acl != current->acl) | |
14471 | + return 1; | |
14472 | + | |
14473 | + return 0; | |
14474 | +} | |
14475 | + | |
14476 | +void | |
14477 | +gr_copy_label(struct task_struct *tsk) | |
14478 | +{ | |
14479 | + tsk->signal->used_accept = 0; | |
14480 | + tsk->acl_sp_role = 0; | |
14481 | + tsk->acl_role_id = current->acl_role_id; | |
14482 | + tsk->acl = current->acl; | |
14483 | + tsk->role = current->role; | |
14484 | + tsk->signal->curr_ip = current->signal->curr_ip; | |
14485 | + if (current->exec_file) | |
14486 | + get_file(current->exec_file); | |
14487 | + tsk->exec_file = current->exec_file; | |
14488 | + tsk->is_writable = current->is_writable; | |
14489 | + if (unlikely(current->signal->used_accept)) | |
14490 | + current->signal->curr_ip = 0; | |
14491 | + | |
14492 | + return; | |
14493 | +} | |
14494 | + | |
14495 | +static void | |
14496 | +gr_set_proc_res(struct task_struct *task) | |
14497 | +{ | |
14498 | + struct acl_subject_label *proc; | |
14499 | + unsigned short i; | |
14500 | + | |
14501 | + proc = task->acl; | |
14502 | + | |
14503 | + if (proc->mode & (GR_LEARN | GR_INHERITLEARN)) | |
14504 | + return; | |
14505 | + | |
14506 | + for (i = 0; i < (GR_NLIMITS - 1); i++) { | |
14507 | + if (!(proc->resmask & (1 << i))) | |
14508 | + continue; | |
14509 | + | |
14510 | + task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur; | |
14511 | + task->signal->rlim[i].rlim_max = proc->res[i].rlim_max; | |
14512 | + } | |
14513 | + | |
14514 | + return; | |
14515 | +} | |
14516 | + | |
14517 | +int | |
14518 | +gr_check_user_change(int real, int effective, int fs) | |
14519 | +{ | |
14520 | + unsigned int i; | |
14521 | + __u16 num; | |
14522 | + uid_t *uidlist; | |
14523 | + int curuid; | |
14524 | + int realok = 0; | |
14525 | + int effectiveok = 0; | |
14526 | + int fsok = 0; | |
14527 | + | |
14528 | + if (unlikely(!(gr_status & GR_READY))) | |
14529 | + return 0; | |
14530 | + | |
14531 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
14532 | + gr_log_learn_id_change(current, 'u', real, effective, fs); | |
14533 | + | |
14534 | + num = current->acl->user_trans_num; | |
14535 | + uidlist = current->acl->user_transitions; | |
14536 | + | |
14537 | + if (uidlist == NULL) | |
14538 | + return 0; | |
14539 | + | |
14540 | + if (real == -1) | |
14541 | + realok = 1; | |
14542 | + if (effective == -1) | |
14543 | + effectiveok = 1; | |
14544 | + if (fs == -1) | |
14545 | + fsok = 1; | |
14546 | + | |
14547 | + if (current->acl->user_trans_type & GR_ID_ALLOW) { | |
14548 | + for (i = 0; i < num; i++) { | |
14549 | + curuid = (int)uidlist[i]; | |
14550 | + if (real == curuid) | |
14551 | + realok = 1; | |
14552 | + if (effective == curuid) | |
14553 | + effectiveok = 1; | |
14554 | + if (fs == curuid) | |
14555 | + fsok = 1; | |
14556 | + } | |
14557 | + } else if (current->acl->user_trans_type & GR_ID_DENY) { | |
14558 | + for (i = 0; i < num; i++) { | |
14559 | + curuid = (int)uidlist[i]; | |
14560 | + if (real == curuid) | |
14561 | + break; | |
14562 | + if (effective == curuid) | |
14563 | + break; | |
14564 | + if (fs == curuid) | |
14565 | + break; | |
14566 | + } | |
14567 | + /* not in deny list */ | |
14568 | + if (i == num) { | |
14569 | + realok = 1; | |
14570 | + effectiveok = 1; | |
14571 | + fsok = 1; | |
14572 | + } | |
14573 | + } | |
14574 | + | |
14575 | + if (realok && effectiveok && fsok) | |
14576 | + return 0; | |
14577 | + else { | |
14578 | + gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); | |
14579 | + return 1; | |
14580 | + } | |
14581 | +} | |
14582 | + | |
14583 | +int | |
14584 | +gr_check_group_change(int real, int effective, int fs) | |
14585 | +{ | |
14586 | + unsigned int i; | |
14587 | + __u16 num; | |
14588 | + gid_t *gidlist; | |
14589 | + int curgid; | |
14590 | + int realok = 0; | |
14591 | + int effectiveok = 0; | |
14592 | + int fsok = 0; | |
14593 | + | |
14594 | + if (unlikely(!(gr_status & GR_READY))) | |
14595 | + return 0; | |
14596 | + | |
14597 | + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
14598 | + gr_log_learn_id_change(current, 'g', real, effective, fs); | |
14599 | + | |
14600 | + num = current->acl->group_trans_num; | |
14601 | + gidlist = current->acl->group_transitions; | |
14602 | + | |
14603 | + if (gidlist == NULL) | |
14604 | + return 0; | |
14605 | + | |
14606 | + if (real == -1) | |
14607 | + realok = 1; | |
14608 | + if (effective == -1) | |
14609 | + effectiveok = 1; | |
14610 | + if (fs == -1) | |
14611 | + fsok = 1; | |
14612 | + | |
14613 | + if (current->acl->group_trans_type & GR_ID_ALLOW) { | |
14614 | + for (i = 0; i < num; i++) { | |
14615 | + curgid = (int)gidlist[i]; | |
14616 | + if (real == curgid) | |
14617 | + realok = 1; | |
14618 | + if (effective == curgid) | |
14619 | + effectiveok = 1; | |
14620 | + if (fs == curgid) | |
14621 | + fsok = 1; | |
14622 | + } | |
14623 | + } else if (current->acl->group_trans_type & GR_ID_DENY) { | |
14624 | + for (i = 0; i < num; i++) { | |
14625 | + curgid = (int)gidlist[i]; | |
14626 | + if (real == curgid) | |
14627 | + break; | |
14628 | + if (effective == curgid) | |
14629 | + break; | |
14630 | + if (fs == curgid) | |
14631 | + break; | |
14632 | + } | |
14633 | + /* not in deny list */ | |
14634 | + if (i == num) { | |
14635 | + realok = 1; | |
14636 | + effectiveok = 1; | |
14637 | + fsok = 1; | |
14638 | + } | |
14639 | + } | |
14640 | + | |
14641 | + if (realok && effectiveok && fsok) | |
14642 | + return 0; | |
14643 | + else { | |
14644 | + gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); | |
14645 | + return 1; | |
14646 | + } | |
14647 | +} | |
14648 | + | |
14649 | +void | |
14650 | +gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid) | |
14651 | +{ | |
14652 | + struct acl_role_label *role = task->role; | |
14653 | + struct acl_subject_label *subj = NULL; | |
14654 | + struct acl_object_label *obj; | |
14655 | + struct file *filp; | |
14656 | + | |
14657 | + if (unlikely(!(gr_status & GR_READY))) | |
14658 | + return; | |
14659 | + | |
14660 | + filp = task->exec_file; | |
14661 | + | |
14662 | + /* kernel process, we'll give them the kernel role */ | |
14663 | + if (unlikely(!filp)) { | |
14664 | + task->role = kernel_role; | |
14665 | + task->acl = kernel_role->root_label; | |
14666 | + return; | |
14667 | + } else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL)) | |
14668 | + role = lookup_acl_role_label(task, uid, gid); | |
14669 | + | |
14670 | + /* perform subject lookup in possibly new role | |
14671 | + we can use this result below in the case where role == task->role | |
14672 | + */ | |
14673 | + subj = chk_subj_label(filp->f_dentry, filp->f_vfsmnt, role); | |
14674 | + | |
14675 | + /* if we changed uid/gid, but result in the same role | |
14676 | + and are using inheritance, don't lose the inherited subject | |
14677 | + if current subject is other than what normal lookup | |
14678 | + would result in, we arrived via inheritance, don't | |
14679 | + lose subject | |
14680 | + */ | |
14681 | + if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) && | |
14682 | + (subj == task->acl))) | |
14683 | + task->acl = subj; | |
14684 | + | |
14685 | + task->role = role; | |
14686 | + | |
14687 | + task->is_writable = 0; | |
14688 | + | |
14689 | + /* ignore additional mmap checks for processes that are writable | |
14690 | + by the default ACL */ | |
14691 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
14692 | + if (unlikely(obj->mode & GR_WRITE)) | |
14693 | + task->is_writable = 1; | |
14694 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label); | |
14695 | + if (unlikely(obj->mode & GR_WRITE)) | |
14696 | + task->is_writable = 1; | |
14697 | + | |
14698 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
14699 | + printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
14700 | +#endif | |
14701 | + | |
14702 | + gr_set_proc_res(task); | |
14703 | + | |
14704 | + return; | |
14705 | +} | |
14706 | + | |
14707 | +int | |
14708 | +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt) | |
14709 | +{ | |
14710 | + struct task_struct *task = current; | |
14711 | + struct acl_subject_label *newacl; | |
14712 | + struct acl_object_label *obj; | |
14713 | + __u32 retmode; | |
14714 | + | |
14715 | + if (unlikely(!(gr_status & GR_READY))) | |
14716 | + return 0; | |
14717 | + | |
14718 | + newacl = chk_subj_label(dentry, mnt, task->role); | |
14719 | + | |
14720 | + task_lock(task); | |
14721 | + if (((task->ptrace & PT_PTRACED) && !(task->acl->mode & | |
14722 | + GR_POVERRIDE) && (task->acl != newacl) && | |
14723 | + !(task->role->roletype & GR_ROLE_GOD) && | |
14724 | + !gr_search_file(dentry, GR_PTRACERD, mnt) && | |
14725 | + !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN))) || | |
14726 | + (atomic_read(&task->fs->count) > 1 || | |
14727 | + atomic_read(&task->files->count) > 1 || | |
14728 | + atomic_read(&task->sighand->count) > 1)) { | |
14729 | + task_unlock(task); | |
14730 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt); | |
14731 | + return -EACCES; | |
14732 | + } | |
14733 | + task_unlock(task); | |
14734 | + | |
14735 | + obj = chk_obj_label(dentry, mnt, task->acl); | |
14736 | + retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT); | |
14737 | + | |
14738 | + if (!(task->acl->mode & GR_INHERITLEARN) && | |
14739 | + ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) { | |
14740 | + if (obj->nested) | |
14741 | + task->acl = obj->nested; | |
14742 | + else | |
14743 | + task->acl = newacl; | |
14744 | + } else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT) | |
14745 | + gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt); | |
14746 | + | |
14747 | + task->is_writable = 0; | |
14748 | + | |
14749 | + /* ignore additional mmap checks for processes that are writable | |
14750 | + by the default ACL */ | |
14751 | + obj = chk_obj_label(dentry, mnt, default_role->root_label); | |
14752 | + if (unlikely(obj->mode & GR_WRITE)) | |
14753 | + task->is_writable = 1; | |
14754 | + obj = chk_obj_label(dentry, mnt, task->role->root_label); | |
14755 | + if (unlikely(obj->mode & GR_WRITE)) | |
14756 | + task->is_writable = 1; | |
14757 | + | |
14758 | + gr_set_proc_res(task); | |
14759 | + | |
14760 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
14761 | + printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
14762 | +#endif | |
14763 | + return 0; | |
14764 | +} | |
14765 | + | |
14766 | +static void | |
14767 | +do_handle_delete(const ino_t ino, const dev_t dev) | |
14768 | +{ | |
14769 | + struct acl_object_label *matchpo; | |
14770 | + struct acl_subject_label *matchps; | |
14771 | + struct acl_subject_label *subj; | |
14772 | + struct acl_role_label *role; | |
14773 | + unsigned int i, x; | |
14774 | + | |
14775 | + FOR_EACH_ROLE_START(role, i) | |
14776 | + FOR_EACH_SUBJECT_START(role, subj, x) | |
14777 | + if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL) | |
14778 | + matchpo->mode |= GR_DELETED; | |
14779 | + FOR_EACH_SUBJECT_END(subj,x) | |
14780 | + FOR_EACH_NESTED_SUBJECT_START(role, subj) | |
14781 | + if (subj->inode == ino && subj->device == dev) | |
14782 | + subj->mode |= GR_DELETED; | |
14783 | + FOR_EACH_NESTED_SUBJECT_END(subj) | |
14784 | + if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL) | |
14785 | + matchps->mode |= GR_DELETED; | |
14786 | + FOR_EACH_ROLE_END(role,i) | |
14787 | + | |
14788 | + return; | |
14789 | +} | |
14790 | + | |
14791 | +void | |
14792 | +gr_handle_delete(const ino_t ino, const dev_t dev) | |
14793 | +{ | |
14794 | + if (unlikely(!(gr_status & GR_READY))) | |
14795 | + return; | |
14796 | + | |
14797 | + write_lock(&gr_inode_lock); | |
14798 | + if (unlikely((unsigned long)lookup_inodev_entry(ino, dev))) | |
14799 | + do_handle_delete(ino, dev); | |
14800 | + write_unlock(&gr_inode_lock); | |
14801 | + | |
14802 | + return; | |
14803 | +} | |
14804 | + | |
14805 | +static void | |
14806 | +update_acl_obj_label(const ino_t oldinode, const dev_t olddevice, | |
14807 | + const ino_t newinode, const dev_t newdevice, | |
14808 | + struct acl_subject_label *subj) | |
14809 | +{ | |
14810 | + unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size); | |
14811 | + struct acl_object_label *match; | |
14812 | + | |
14813 | + match = subj->obj_hash[index]; | |
14814 | + | |
14815 | + while (match && (match->inode != oldinode || | |
14816 | + match->device != olddevice || | |
14817 | + !(match->mode & GR_DELETED))) | |
14818 | + match = match->next; | |
14819 | + | |
14820 | + if (match && (match->inode == oldinode) | |
14821 | + && (match->device == olddevice) | |
14822 | + && (match->mode & GR_DELETED)) { | |
14823 | + if (match->prev == NULL) { | |
14824 | + subj->obj_hash[index] = match->next; | |
14825 | + if (match->next != NULL) | |
14826 | + match->next->prev = NULL; | |
14827 | + } else { | |
14828 | + match->prev->next = match->next; | |
14829 | + if (match->next != NULL) | |
14830 | + match->next->prev = match->prev; | |
14831 | + } | |
14832 | + match->prev = NULL; | |
14833 | + match->next = NULL; | |
14834 | + match->inode = newinode; | |
14835 | + match->device = newdevice; | |
14836 | + match->mode &= ~GR_DELETED; | |
14837 | + | |
14838 | + insert_acl_obj_label(match, subj); | |
14839 | + } | |
14840 | + | |
14841 | + return; | |
14842 | +} | |
14843 | + | |
14844 | +static void | |
14845 | +update_acl_subj_label(const ino_t oldinode, const dev_t olddevice, | |
14846 | + const ino_t newinode, const dev_t newdevice, | |
14847 | + struct acl_role_label *role) | |
14848 | +{ | |
14849 | + unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size); | |
14850 | + struct acl_subject_label *match; | |
14851 | + | |
14852 | + match = role->subj_hash[index]; | |
14853 | + | |
14854 | + while (match && (match->inode != oldinode || | |
14855 | + match->device != olddevice || | |
14856 | + !(match->mode & GR_DELETED))) | |
14857 | + match = match->next; | |
14858 | + | |
14859 | + if (match && (match->inode == oldinode) | |
14860 | + && (match->device == olddevice) | |
14861 | + && (match->mode & GR_DELETED)) { | |
14862 | + if (match->prev == NULL) { | |
14863 | + role->subj_hash[index] = match->next; | |
14864 | + if (match->next != NULL) | |
14865 | + match->next->prev = NULL; | |
14866 | + } else { | |
14867 | + match->prev->next = match->next; | |
14868 | + if (match->next != NULL) | |
14869 | + match->next->prev = match->prev; | |
14870 | + } | |
14871 | + match->prev = NULL; | |
14872 | + match->next = NULL; | |
14873 | + match->inode = newinode; | |
14874 | + match->device = newdevice; | |
14875 | + match->mode &= ~GR_DELETED; | |
14876 | + | |
14877 | + insert_acl_subj_label(match, role); | |
14878 | + } | |
14879 | + | |
14880 | + return; | |
14881 | +} | |
14882 | + | |
14883 | +static void | |
14884 | +update_inodev_entry(const ino_t oldinode, const dev_t olddevice, | |
14885 | + const ino_t newinode, const dev_t newdevice) | |
14886 | +{ | |
14887 | + unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size); | |
14888 | + struct inodev_entry *match; | |
14889 | + | |
14890 | + match = inodev_set.i_hash[index]; | |
14891 | + | |
14892 | + while (match && (match->nentry->inode != oldinode || | |
14893 | + match->nentry->device != olddevice)) | |
14894 | + match = match->next; | |
14895 | + | |
14896 | + if (match && (match->nentry->inode == oldinode) | |
14897 | + && (match->nentry->device == olddevice)) { | |
14898 | + if (match->prev == NULL) { | |
14899 | + inodev_set.i_hash[index] = match->next; | |
14900 | + if (match->next != NULL) | |
14901 | + match->next->prev = NULL; | |
14902 | + } else { | |
14903 | + match->prev->next = match->next; | |
14904 | + if (match->next != NULL) | |
14905 | + match->next->prev = match->prev; | |
14906 | + } | |
14907 | + match->prev = NULL; | |
14908 | + match->next = NULL; | |
14909 | + match->nentry->inode = newinode; | |
14910 | + match->nentry->device = newdevice; | |
14911 | + | |
14912 | + insert_inodev_entry(match); | |
14913 | + } | |
14914 | + | |
14915 | + return; | |
14916 | +} | |
14917 | + | |
14918 | +static void | |
14919 | +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry, | |
14920 | + const struct vfsmount *mnt) | |
14921 | +{ | |
14922 | + struct acl_subject_label *subj; | |
14923 | + struct acl_role_label *role; | |
14924 | + unsigned int i, x; | |
14925 | + | |
14926 | + FOR_EACH_ROLE_START(role, i) | |
14927 | + update_acl_subj_label(matchn->inode, matchn->device, | |
14928 | + dentry->d_inode->i_ino, | |
14929 | + dentry->d_inode->i_sb->s_dev, role); | |
14930 | + | |
14931 | + FOR_EACH_NESTED_SUBJECT_START(role, subj) | |
14932 | + if ((subj->inode == dentry->d_inode->i_ino) && | |
14933 | + (subj->device == dentry->d_inode->i_sb->s_dev)) { | |
14934 | + subj->inode = dentry->d_inode->i_ino; | |
14935 | + subj->device = dentry->d_inode->i_sb->s_dev; | |
14936 | + } | |
14937 | + FOR_EACH_NESTED_SUBJECT_END(subj) | |
14938 | + FOR_EACH_SUBJECT_START(role, subj, x) | |
14939 | + update_acl_obj_label(matchn->inode, matchn->device, | |
14940 | + dentry->d_inode->i_ino, | |
14941 | + dentry->d_inode->i_sb->s_dev, subj); | |
14942 | + FOR_EACH_SUBJECT_END(subj,x) | |
14943 | + FOR_EACH_ROLE_END(role,i) | |
14944 | + | |
14945 | + update_inodev_entry(matchn->inode, matchn->device, | |
14946 | + dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev); | |
14947 | + | |
14948 | + return; | |
14949 | +} | |
14950 | + | |
14951 | +void | |
14952 | +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt) | |
14953 | +{ | |
14954 | + struct name_entry *matchn; | |
14955 | + | |
14956 | + if (unlikely(!(gr_status & GR_READY))) | |
14957 | + return; | |
14958 | + | |
14959 | + preempt_disable(); | |
14960 | + matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt)); | |
14961 | + | |
14962 | + if (unlikely((unsigned long)matchn)) { | |
14963 | + write_lock(&gr_inode_lock); | |
14964 | + do_handle_create(matchn, dentry, mnt); | |
14965 | + write_unlock(&gr_inode_lock); | |
14966 | + } | |
14967 | + preempt_enable(); | |
14968 | + | |
14969 | + return; | |
14970 | +} | |
14971 | + | |
14972 | +void | |
14973 | +gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
14974 | + struct dentry *old_dentry, | |
14975 | + struct dentry *new_dentry, | |
14976 | + struct vfsmount *mnt, const __u8 replace) | |
14977 | +{ | |
14978 | + struct name_entry *matchn; | |
14979 | + | |
14980 | + if (unlikely(!(gr_status & GR_READY))) | |
14981 | + return; | |
14982 | + | |
14983 | + preempt_disable(); | |
14984 | + matchn = lookup_name_entry(gr_to_filename_rbac(new_dentry, mnt)); | |
14985 | + | |
14986 | + /* we wouldn't have to check d_inode if it weren't for | |
14987 | + NFS silly-renaming | |
14988 | + */ | |
14989 | + | |
14990 | + write_lock(&gr_inode_lock); | |
14991 | + if (unlikely(replace && new_dentry->d_inode)) { | |
14992 | + if (unlikely(lookup_inodev_entry(new_dentry->d_inode->i_ino, | |
14993 | + new_dentry->d_inode->i_sb->s_dev) && | |
14994 | + (old_dentry->d_inode->i_nlink <= 1))) | |
14995 | + do_handle_delete(new_dentry->d_inode->i_ino, | |
14996 | + new_dentry->d_inode->i_sb->s_dev); | |
14997 | + } | |
14998 | + | |
14999 | + if (unlikely(lookup_inodev_entry(old_dentry->d_inode->i_ino, | |
15000 | + old_dentry->d_inode->i_sb->s_dev) && | |
15001 | + (old_dentry->d_inode->i_nlink <= 1))) | |
15002 | + do_handle_delete(old_dentry->d_inode->i_ino, | |
15003 | + old_dentry->d_inode->i_sb->s_dev); | |
15004 | + | |
15005 | + if (unlikely((unsigned long)matchn)) | |
15006 | + do_handle_create(matchn, old_dentry, mnt); | |
15007 | + | |
15008 | + write_unlock(&gr_inode_lock); | |
15009 | + preempt_enable(); | |
15010 | + | |
15011 | + return; | |
15012 | +} | |
15013 | + | |
15014 | +static int | |
15015 | +lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt, | |
15016 | + unsigned char **sum) | |
15017 | +{ | |
15018 | + struct acl_role_label *r; | |
15019 | + struct role_allowed_ip *ipp; | |
15020 | + struct role_transition *trans; | |
15021 | + unsigned int i; | |
15022 | + int found = 0; | |
15023 | + | |
15024 | + /* check transition table */ | |
15025 | + | |
15026 | + for (trans = current->role->transitions; trans; trans = trans->next) { | |
15027 | + if (!strcmp(rolename, trans->rolename)) { | |
15028 | + found = 1; | |
15029 | + break; | |
15030 | + } | |
15031 | + } | |
15032 | + | |
15033 | + if (!found) | |
15034 | + return 0; | |
15035 | + | |
15036 | + /* handle special roles that do not require authentication | |
15037 | + and check ip */ | |
15038 | + | |
15039 | + FOR_EACH_ROLE_START(r, i) | |
15040 | + if (!strcmp(rolename, r->rolename) && | |
15041 | + (r->roletype & GR_ROLE_SPECIAL)) { | |
15042 | + found = 0; | |
15043 | + if (r->allowed_ips != NULL) { | |
15044 | + for (ipp = r->allowed_ips; ipp; ipp = ipp->next) { | |
15045 | + if ((ntohl(current->signal->curr_ip) & ipp->netmask) == | |
15046 | + (ntohl(ipp->addr) & ipp->netmask)) | |
15047 | + found = 1; | |
15048 | + } | |
15049 | + } else | |
15050 | + found = 2; | |
15051 | + if (!found) | |
15052 | + return 0; | |
15053 | + | |
15054 | + if (((mode == SPROLE) && (r->roletype & GR_ROLE_NOPW)) || | |
15055 | + ((mode == SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) { | |
15056 | + *salt = NULL; | |
15057 | + *sum = NULL; | |
15058 | + return 1; | |
15059 | + } | |
15060 | + } | |
15061 | + FOR_EACH_ROLE_END(r,i) | |
15062 | + | |
15063 | + for (i = 0; i < num_sprole_pws; i++) { | |
15064 | + if (!strcmp(rolename, acl_special_roles[i]->rolename)) { | |
15065 | + *salt = acl_special_roles[i]->salt; | |
15066 | + *sum = acl_special_roles[i]->sum; | |
15067 | + return 1; | |
15068 | + } | |
15069 | + } | |
15070 | + | |
15071 | + return 0; | |
15072 | +} | |
15073 | + | |
15074 | +static void | |
15075 | +assign_special_role(char *rolename) | |
15076 | +{ | |
15077 | + struct acl_object_label *obj; | |
15078 | + struct acl_role_label *r; | |
15079 | + struct acl_role_label *assigned = NULL; | |
15080 | + struct task_struct *tsk; | |
15081 | + struct file *filp; | |
15082 | + unsigned int i; | |
15083 | + | |
15084 | + FOR_EACH_ROLE_START(r, i) | |
15085 | + if (!strcmp(rolename, r->rolename) && | |
15086 | + (r->roletype & GR_ROLE_SPECIAL)) | |
15087 | + assigned = r; | |
15088 | + FOR_EACH_ROLE_END(r,i) | |
15089 | + | |
15090 | + if (!assigned) | |
15091 | + return; | |
15092 | + | |
15093 | + read_lock(&tasklist_lock); | |
15094 | + read_lock(&grsec_exec_file_lock); | |
15095 | + | |
15096 | + tsk = current->parent; | |
15097 | + if (tsk == NULL) | |
15098 | + goto out_unlock; | |
15099 | + | |
15100 | + filp = tsk->exec_file; | |
15101 | + if (filp == NULL) | |
15102 | + goto out_unlock; | |
15103 | + | |
15104 | + tsk->is_writable = 0; | |
15105 | + | |
15106 | + tsk->acl_sp_role = 1; | |
15107 | + tsk->acl_role_id = ++acl_sp_role_value; | |
15108 | + tsk->role = assigned; | |
15109 | + tsk->acl = chk_subj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role); | |
15110 | + | |
15111 | + /* ignore additional mmap checks for processes that are writable | |
15112 | + by the default ACL */ | |
15113 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
15114 | + if (unlikely(obj->mode & GR_WRITE)) | |
15115 | + tsk->is_writable = 1; | |
15116 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, tsk->role->root_label); | |
15117 | + if (unlikely(obj->mode & GR_WRITE)) | |
15118 | + tsk->is_writable = 1; | |
15119 | + | |
15120 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
15121 | + printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid); | |
15122 | +#endif | |
15123 | + | |
15124 | +out_unlock: | |
15125 | + read_unlock(&grsec_exec_file_lock); | |
15126 | + read_unlock(&tasklist_lock); | |
15127 | + return; | |
15128 | +} | |
15129 | + | |
15130 | +int gr_check_secure_terminal(struct task_struct *task) | |
15131 | +{ | |
15132 | + struct task_struct *p, *p2, *p3; | |
15133 | + struct files_struct *files; | |
15134 | + struct fdtable *fdt; | |
15135 | + struct file *our_file = NULL, *file; | |
15136 | + int i; | |
15137 | + | |
15138 | + if (task->signal->tty == NULL) | |
15139 | + return 1; | |
15140 | + | |
15141 | + files = get_files_struct(task); | |
15142 | + if (files != NULL) { | |
15143 | + rcu_read_lock(); | |
15144 | + fdt = files_fdtable(files); | |
15145 | + for (i=0; i < fdt->max_fds; i++) { | |
15146 | + file = fcheck_files(files, i); | |
15147 | + if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) { | |
15148 | + get_file(file); | |
15149 | + our_file = file; | |
15150 | + } | |
15151 | + } | |
15152 | + rcu_read_unlock(); | |
15153 | + put_files_struct(files); | |
15154 | + } | |
15155 | + | |
15156 | + if (our_file == NULL) | |
15157 | + return 1; | |
15158 | + | |
15159 | + read_lock(&tasklist_lock); | |
15160 | + do_each_thread(p2, p) { | |
15161 | + files = get_files_struct(p); | |
15162 | + if (files == NULL || | |
15163 | + (p->signal && p->signal->tty == task->signal->tty)) { | |
15164 | + if (files != NULL) | |
15165 | + put_files_struct(files); | |
15166 | + continue; | |
15167 | + } | |
15168 | + rcu_read_lock(); | |
15169 | + fdt = files_fdtable(files); | |
15170 | + for (i=0; i < fdt->max_fds; i++) { | |
15171 | + file = fcheck_files(files, i); | |
15172 | + if (file && S_ISCHR(file->f_dentry->d_inode->i_mode) && | |
15173 | + file->f_dentry->d_inode->i_rdev == our_file->f_dentry->d_inode->i_rdev) { | |
15174 | + p3 = task; | |
15175 | + while (p3->pid > 0) { | |
15176 | + if (p3 == p) | |
15177 | + break; | |
15178 | + p3 = p3->parent; | |
15179 | + } | |
15180 | + if (p3 == p) | |
15181 | + break; | |
15182 | + gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p); | |
15183 | + gr_handle_alertkill(p); | |
15184 | + rcu_read_unlock(); | |
15185 | + put_files_struct(files); | |
15186 | + read_unlock(&tasklist_lock); | |
15187 | + fput(our_file); | |
15188 | + return 0; | |
15189 | + } | |
15190 | + } | |
15191 | + rcu_read_unlock(); | |
15192 | + put_files_struct(files); | |
15193 | + } while_each_thread(p2, p); | |
15194 | + read_unlock(&tasklist_lock); | |
15195 | + | |
15196 | + fput(our_file); | |
15197 | + return 1; | |
15198 | +} | |
15199 | + | |
15200 | +ssize_t | |
15201 | +write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos) | |
15202 | +{ | |
15203 | + struct gr_arg_wrapper uwrap; | |
15204 | + unsigned char *sprole_salt; | |
15205 | + unsigned char *sprole_sum; | |
15206 | + int error = sizeof (struct gr_arg_wrapper); | |
15207 | + int error2 = 0; | |
15208 | + | |
15209 | + down(&gr_dev_sem); | |
15210 | + | |
15211 | + if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) { | |
15212 | + error = -EPERM; | |
15213 | + goto out; | |
15214 | + } | |
15215 | + | |
15216 | + if (count != sizeof (struct gr_arg_wrapper)) { | |
15217 | + gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper)); | |
15218 | + error = -EINVAL; | |
15219 | + goto out; | |
15220 | + } | |
15221 | + | |
15222 | + | |
15223 | + if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) { | |
15224 | + gr_auth_expires = 0; | |
15225 | + gr_auth_attempts = 0; | |
15226 | + } | |
15227 | + | |
15228 | + if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) { | |
15229 | + error = -EFAULT; | |
15230 | + goto out; | |
15231 | + } | |
15232 | + | |
15233 | + if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) { | |
15234 | + error = -EINVAL; | |
15235 | + goto out; | |
15236 | + } | |
15237 | + | |
15238 | + if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) { | |
15239 | + error = -EFAULT; | |
15240 | + goto out; | |
15241 | + } | |
15242 | + | |
15243 | + if (gr_usermode->mode != SPROLE && gr_usermode->mode != SPROLEPAM && | |
15244 | + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES && | |
15245 | + time_after(gr_auth_expires, get_seconds())) { | |
15246 | + error = -EBUSY; | |
15247 | + goto out; | |
15248 | + } | |
15249 | + | |
15250 | + /* if non-root trying to do anything other than use a special role, | |
15251 | + do not attempt authentication, do not count towards authentication | |
15252 | + locking | |
15253 | + */ | |
15254 | + | |
15255 | + if (gr_usermode->mode != SPROLE && gr_usermode->mode != STATUS && | |
15256 | + gr_usermode->mode != UNSPROLE && gr_usermode->mode != SPROLEPAM && | |
15257 | + current->uid) { | |
15258 | + error = -EPERM; | |
15259 | + goto out; | |
15260 | + } | |
15261 | + | |
15262 | + /* ensure pw and special role name are null terminated */ | |
15263 | + | |
15264 | + gr_usermode->pw[GR_PW_LEN - 1] = '\0'; | |
15265 | + gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0'; | |
15266 | + | |
15267 | + /* Okay. | |
15268 | + * We have our enough of the argument structure..(we have yet | |
15269 | + * to copy_from_user the tables themselves) . Copy the tables | |
15270 | + * only if we need them, i.e. for loading operations. */ | |
15271 | + | |
15272 | + switch (gr_usermode->mode) { | |
15273 | + case STATUS: | |
15274 | + if (gr_status & GR_READY) { | |
15275 | + error = 1; | |
15276 | + if (!gr_check_secure_terminal(current)) | |
15277 | + error = 3; | |
15278 | + } else | |
15279 | + error = 2; | |
15280 | + goto out; | |
15281 | + case SHUTDOWN: | |
15282 | + if ((gr_status & GR_READY) | |
15283 | + && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
15284 | + gr_status &= ~GR_READY; | |
15285 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG); | |
15286 | + free_variables(); | |
15287 | + memset(gr_usermode, 0, sizeof (struct gr_arg)); | |
15288 | + memset(gr_system_salt, 0, GR_SALT_LEN); | |
15289 | + memset(gr_system_sum, 0, GR_SHA_LEN); | |
15290 | + } else if (gr_status & GR_READY) { | |
15291 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG); | |
15292 | + error = -EPERM; | |
15293 | + } else { | |
15294 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG); | |
15295 | + error = -EAGAIN; | |
15296 | + } | |
15297 | + break; | |
15298 | + case ENABLE: | |
15299 | + if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode))) | |
15300 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION); | |
15301 | + else { | |
15302 | + if (gr_status & GR_READY) | |
15303 | + error = -EAGAIN; | |
15304 | + else | |
15305 | + error = error2; | |
15306 | + gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION); | |
15307 | + } | |
15308 | + break; | |
15309 | + case RELOAD: | |
15310 | + if (!(gr_status & GR_READY)) { | |
15311 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION); | |
15312 | + error = -EAGAIN; | |
15313 | + } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
15314 | + lock_kernel(); | |
15315 | + gr_status &= ~GR_READY; | |
15316 | + free_variables(); | |
15317 | + if (!(error2 = gracl_init(gr_usermode))) { | |
15318 | + unlock_kernel(); | |
15319 | + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION); | |
15320 | + } else { | |
15321 | + unlock_kernel(); | |
15322 | + error = error2; | |
15323 | + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION); | |
15324 | + } | |
15325 | + } else { | |
15326 | + gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION); | |
15327 | + error = -EPERM; | |
15328 | + } | |
15329 | + break; | |
15330 | + case SEGVMOD: | |
15331 | + if (unlikely(!(gr_status & GR_READY))) { | |
15332 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG); | |
15333 | + error = -EAGAIN; | |
15334 | + break; | |
15335 | + } | |
15336 | + | |
15337 | + if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { | |
15338 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG); | |
15339 | + if (gr_usermode->segv_device && gr_usermode->segv_inode) { | |
15340 | + struct acl_subject_label *segvacl; | |
15341 | + segvacl = | |
15342 | + lookup_acl_subj_label(gr_usermode->segv_inode, | |
15343 | + gr_usermode->segv_device, | |
15344 | + current->role); | |
15345 | + if (segvacl) { | |
15346 | + segvacl->crashes = 0; | |
15347 | + segvacl->expires = 0; | |
15348 | + } | |
15349 | + } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) { | |
15350 | + gr_remove_uid(gr_usermode->segv_uid); | |
15351 | + } | |
15352 | + } else { | |
15353 | + gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG); | |
15354 | + error = -EPERM; | |
15355 | + } | |
15356 | + break; | |
15357 | + case SPROLE: | |
15358 | + case SPROLEPAM: | |
15359 | + if (unlikely(!(gr_status & GR_READY))) { | |
15360 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG); | |
15361 | + error = -EAGAIN; | |
15362 | + break; | |
15363 | + } | |
15364 | + | |
15365 | + if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) { | |
15366 | + current->role->expires = 0; | |
15367 | + current->role->auth_attempts = 0; | |
15368 | + } | |
15369 | + | |
15370 | + if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES && | |
15371 | + time_after(current->role->expires, get_seconds())) { | |
15372 | + error = -EBUSY; | |
15373 | + goto out; | |
15374 | + } | |
15375 | + | |
15376 | + if (lookup_special_role_auth | |
15377 | + (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum) | |
15378 | + && ((!sprole_salt && !sprole_sum) | |
15379 | + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) { | |
15380 | + char *p = ""; | |
15381 | + assign_special_role(gr_usermode->sp_role); | |
15382 | + read_lock(&tasklist_lock); | |
15383 | + if (current->parent) | |
15384 | + p = current->parent->role->rolename; | |
15385 | + read_unlock(&tasklist_lock); | |
15386 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG, | |
15387 | + p, acl_sp_role_value); | |
15388 | + } else { | |
15389 | + gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role); | |
15390 | + error = -EPERM; | |
15391 | + if(!(current->role->auth_attempts++)) | |
15392 | + current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; | |
15393 | + | |
15394 | + goto out; | |
15395 | + } | |
15396 | + break; | |
15397 | + case UNSPROLE: | |
15398 | + if (unlikely(!(gr_status & GR_READY))) { | |
15399 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG); | |
15400 | + error = -EAGAIN; | |
15401 | + break; | |
15402 | + } | |
15403 | + | |
15404 | + if (current->role->roletype & GR_ROLE_SPECIAL) { | |
15405 | + char *p = ""; | |
15406 | + int i = 0; | |
15407 | + | |
15408 | + read_lock(&tasklist_lock); | |
15409 | + if (current->parent) { | |
15410 | + p = current->parent->role->rolename; | |
15411 | + i = current->parent->acl_role_id; | |
15412 | + } | |
15413 | + read_unlock(&tasklist_lock); | |
15414 | + | |
15415 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i); | |
15416 | + gr_set_acls(1); | |
15417 | + } else { | |
15418 | + gr_log_str(GR_DONT_AUDIT, GR_UNSPROLEF_ACL_MSG, current->role->rolename); | |
15419 | + error = -EPERM; | |
15420 | + goto out; | |
15421 | + } | |
15422 | + break; | |
15423 | + default: | |
15424 | + gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode); | |
15425 | + error = -EINVAL; | |
15426 | + break; | |
15427 | + } | |
15428 | + | |
15429 | + if (error != -EPERM) | |
15430 | + goto out; | |
15431 | + | |
15432 | + if(!(gr_auth_attempts++)) | |
15433 | + gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; | |
15434 | + | |
15435 | + out: | |
15436 | + up(&gr_dev_sem); | |
15437 | + return error; | |
15438 | +} | |
15439 | + | |
15440 | +int | |
15441 | +gr_set_acls(const int type) | |
15442 | +{ | |
15443 | + struct acl_object_label *obj; | |
15444 | + struct task_struct *task, *task2; | |
15445 | + struct file *filp; | |
15446 | + struct acl_role_label *role = current->role; | |
15447 | + __u16 acl_role_id = current->acl_role_id; | |
15448 | + | |
15449 | + read_lock(&tasklist_lock); | |
15450 | + read_lock(&grsec_exec_file_lock); | |
15451 | + do_each_thread(task2, task) { | |
15452 | + /* check to see if we're called from the exit handler, | |
15453 | + if so, only replace ACLs that have inherited the admin | |
15454 | + ACL */ | |
15455 | + | |
15456 | + if (type && (task->role != role || | |
15457 | + task->acl_role_id != acl_role_id)) | |
15458 | + continue; | |
15459 | + | |
15460 | + task->acl_role_id = 0; | |
15461 | + task->acl_sp_role = 0; | |
15462 | + | |
15463 | + if ((filp = task->exec_file)) { | |
15464 | + task->role = lookup_acl_role_label(task, task->uid, task->gid); | |
15465 | + | |
15466 | + task->acl = | |
15467 | + chk_subj_label(filp->f_dentry, filp->f_vfsmnt, | |
15468 | + task->role); | |
15469 | + if (task->acl) { | |
15470 | + struct acl_subject_label *curr; | |
15471 | + curr = task->acl; | |
15472 | + | |
15473 | + task->is_writable = 0; | |
15474 | + /* ignore additional mmap checks for processes that are writable | |
15475 | + by the default ACL */ | |
15476 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
15477 | + if (unlikely(obj->mode & GR_WRITE)) | |
15478 | + task->is_writable = 1; | |
15479 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, task->role->root_label); | |
15480 | + if (unlikely(obj->mode & GR_WRITE)) | |
15481 | + task->is_writable = 1; | |
15482 | + | |
15483 | + gr_set_proc_res(task); | |
15484 | + | |
15485 | +#ifdef CONFIG_GRKERNSEC_ACL_DEBUG | |
15486 | + printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); | |
15487 | +#endif | |
15488 | + } else { | |
15489 | + read_unlock(&grsec_exec_file_lock); | |
15490 | + read_unlock(&tasklist_lock); | |
15491 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid); | |
15492 | + return 1; | |
15493 | + } | |
15494 | + } else { | |
15495 | + // it's a kernel process | |
15496 | + task->role = kernel_role; | |
15497 | + task->acl = kernel_role->root_label; | |
15498 | +#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN | |
15499 | + task->acl->mode &= ~GR_PROCFIND; | |
15500 | +#endif | |
15501 | + } | |
15502 | + } while_each_thread(task2, task); | |
15503 | + read_unlock(&grsec_exec_file_lock); | |
15504 | + read_unlock(&tasklist_lock); | |
15505 | + return 0; | |
15506 | +} | |
15507 | + | |
15508 | +void | |
15509 | +gr_learn_resource(const struct task_struct *task, | |
15510 | + const int res, const unsigned long wanted, const int gt) | |
15511 | +{ | |
15512 | + struct acl_subject_label *acl; | |
15513 | + | |
15514 | + if (unlikely((gr_status & GR_READY) && | |
15515 | + task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) | |
15516 | + goto skip_reslog; | |
15517 | + | |
15518 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
15519 | + gr_log_resource(task, res, wanted, gt); | |
15520 | +#endif | |
15521 | + skip_reslog: | |
15522 | + | |
15523 | + if (unlikely(!(gr_status & GR_READY) || !wanted)) | |
15524 | + return; | |
15525 | + | |
15526 | + acl = task->acl; | |
15527 | + | |
15528 | + if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) || | |
15529 | + !(acl->resmask & (1 << (unsigned short) res)))) | |
15530 | + return; | |
15531 | + | |
15532 | + if (wanted >= acl->res[res].rlim_cur) { | |
15533 | + unsigned long res_add; | |
15534 | + | |
15535 | + res_add = wanted; | |
15536 | + switch (res) { | |
15537 | + case RLIMIT_CPU: | |
15538 | + res_add += GR_RLIM_CPU_BUMP; | |
15539 | + break; | |
15540 | + case RLIMIT_FSIZE: | |
15541 | + res_add += GR_RLIM_FSIZE_BUMP; | |
15542 | + break; | |
15543 | + case RLIMIT_DATA: | |
15544 | + res_add += GR_RLIM_DATA_BUMP; | |
15545 | + break; | |
15546 | + case RLIMIT_STACK: | |
15547 | + res_add += GR_RLIM_STACK_BUMP; | |
15548 | + break; | |
15549 | + case RLIMIT_CORE: | |
15550 | + res_add += GR_RLIM_CORE_BUMP; | |
15551 | + break; | |
15552 | + case RLIMIT_RSS: | |
15553 | + res_add += GR_RLIM_RSS_BUMP; | |
15554 | + break; | |
15555 | + case RLIMIT_NPROC: | |
15556 | + res_add += GR_RLIM_NPROC_BUMP; | |
15557 | + break; | |
15558 | + case RLIMIT_NOFILE: | |
15559 | + res_add += GR_RLIM_NOFILE_BUMP; | |
15560 | + break; | |
15561 | + case RLIMIT_MEMLOCK: | |
15562 | + res_add += GR_RLIM_MEMLOCK_BUMP; | |
15563 | + break; | |
15564 | + case RLIMIT_AS: | |
15565 | + res_add += GR_RLIM_AS_BUMP; | |
15566 | + break; | |
15567 | + case RLIMIT_LOCKS: | |
15568 | + res_add += GR_RLIM_LOCKS_BUMP; | |
15569 | + break; | |
15570 | + } | |
15571 | + | |
15572 | + acl->res[res].rlim_cur = res_add; | |
15573 | + | |
15574 | + if (wanted > acl->res[res].rlim_max) | |
15575 | + acl->res[res].rlim_max = res_add; | |
15576 | + | |
15577 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, | |
15578 | + task->role->roletype, acl->filename, | |
15579 | + acl->res[res].rlim_cur, acl->res[res].rlim_max, | |
15580 | + "", (unsigned long) res); | |
15581 | + } | |
15582 | + | |
15583 | + return; | |
15584 | +} | |
15585 | + | |
15586 | +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS | |
15587 | +void | |
15588 | +pax_set_initial_flags(struct linux_binprm *bprm) | |
15589 | +{ | |
15590 | + struct task_struct *task = current; | |
15591 | + struct acl_subject_label *proc; | |
15592 | + unsigned long flags; | |
15593 | + | |
15594 | + if (unlikely(!(gr_status & GR_READY))) | |
15595 | + return; | |
15596 | + | |
15597 | + flags = pax_get_flags(task); | |
15598 | + | |
15599 | + proc = task->acl; | |
15600 | + | |
15601 | + if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC) | |
15602 | + flags &= ~MF_PAX_PAGEEXEC; | |
15603 | + if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC) | |
15604 | + flags &= ~MF_PAX_SEGMEXEC; | |
15605 | + if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP) | |
15606 | + flags &= ~MF_PAX_RANDMMAP; | |
15607 | + if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP) | |
15608 | + flags &= ~MF_PAX_EMUTRAMP; | |
15609 | + if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT) | |
15610 | + flags &= ~MF_PAX_MPROTECT; | |
15611 | + | |
15612 | + if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC) | |
15613 | + flags |= MF_PAX_PAGEEXEC; | |
15614 | + if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC) | |
15615 | + flags |= MF_PAX_SEGMEXEC; | |
15616 | + if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP) | |
15617 | + flags |= MF_PAX_RANDMMAP; | |
15618 | + if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP) | |
15619 | + flags |= MF_PAX_EMUTRAMP; | |
15620 | + if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT) | |
15621 | + flags |= MF_PAX_MPROTECT; | |
15622 | + | |
15623 | + pax_set_flags(task, flags); | |
15624 | + | |
15625 | + return; | |
15626 | +} | |
15627 | +#endif | |
15628 | + | |
15629 | +#ifdef CONFIG_SYSCTL | |
15630 | +extern struct proc_dir_entry *proc_sys_root; | |
15631 | + | |
15632 | +/* the following function is called under the BKL */ | |
15633 | + | |
15634 | +__u32 | |
15635 | +gr_handle_sysctl(const struct ctl_table *table, const void *oldval, | |
15636 | + const void *newval) | |
15637 | +{ | |
15638 | + struct proc_dir_entry *tmp; | |
15639 | + struct nameidata nd; | |
15640 | + const char *proc_sys = "/proc/sys"; | |
15641 | + char *path; | |
15642 | + struct acl_object_label *obj; | |
15643 | + unsigned short len = 0, pos = 0, depth = 0, i; | |
15644 | + __u32 err = 0; | |
15645 | + __u32 mode = 0; | |
15646 | + | |
15647 | + if (unlikely(!(gr_status & GR_READY))) | |
15648 | + return 1; | |
15649 | + | |
15650 | + path = per_cpu_ptr(gr_shared_page[0], smp_processor_id()); | |
15651 | + | |
15652 | + if (oldval) | |
15653 | + mode |= GR_READ; | |
15654 | + if (newval) | |
15655 | + mode |= GR_WRITE; | |
15656 | + | |
15657 | + /* convert the requested sysctl entry into a pathname */ | |
15658 | + | |
15659 | + for (tmp = table->de; tmp != proc_sys_root; tmp = tmp->parent) { | |
15660 | + len += strlen(tmp->name); | |
15661 | + len++; | |
15662 | + depth++; | |
15663 | + } | |
15664 | + | |
15665 | + if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) | |
15666 | + return 0; /* deny */ | |
15667 | + | |
15668 | + memset(path, 0, PAGE_SIZE); | |
15669 | + | |
15670 | + memcpy(path, proc_sys, strlen(proc_sys)); | |
15671 | + | |
15672 | + pos += strlen(proc_sys); | |
15673 | + | |
15674 | + for (; depth > 0; depth--) { | |
15675 | + path[pos] = '/'; | |
15676 | + pos++; | |
15677 | + for (i = 1, tmp = table->de; tmp != proc_sys_root; | |
15678 | + tmp = tmp->parent) { | |
15679 | + if (depth == i) { | |
15680 | + memcpy(path + pos, tmp->name, | |
15681 | + strlen(tmp->name)); | |
15682 | + pos += strlen(tmp->name); | |
15683 | + } | |
15684 | + i++; | |
15685 | + } | |
15686 | + } | |
15687 | + | |
15688 | + err = path_lookup(path, LOOKUP_FOLLOW, &nd); | |
15689 | + | |
15690 | + if (err) | |
15691 | + goto out; | |
15692 | + | |
15693 | + obj = chk_obj_label(nd.dentry, nd.mnt, current->acl); | |
15694 | + err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS); | |
15695 | + | |
15696 | + if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) && | |
15697 | + ((err & mode) != mode))) { | |
15698 | + __u32 new_mode = mode; | |
15699 | + | |
15700 | + new_mode &= ~(GR_AUDITS | GR_SUPPRESS); | |
15701 | + | |
15702 | + err = new_mode; | |
15703 | + gr_log_learn(current, nd.dentry, nd.mnt, new_mode); | |
15704 | + } else if ((err & mode) != mode && !(err & GR_SUPPRESS)) { | |
15705 | + gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied", | |
15706 | + path, (mode & GR_READ) ? " reading" : "", | |
15707 | + (mode & GR_WRITE) ? " writing" : ""); | |
15708 | + err = 0; | |
15709 | + } else if ((err & mode) != mode) { | |
15710 | + err = 0; | |
15711 | + } else if (((err & mode) == mode) && (err & GR_AUDITS)) { | |
15712 | + gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful", | |
15713 | + path, (mode & GR_READ) ? " reading" : "", | |
15714 | + (mode & GR_WRITE) ? " writing" : ""); | |
15715 | + } | |
15716 | + | |
15717 | + path_release(&nd); | |
15718 | + | |
15719 | + out: | |
15720 | + return err; | |
15721 | +} | |
15722 | +#endif | |
15723 | + | |
15724 | +int | |
15725 | +gr_handle_proc_ptrace(struct task_struct *task) | |
15726 | +{ | |
15727 | + struct file *filp; | |
15728 | + struct task_struct *tmp = task; | |
15729 | + struct task_struct *curtemp = current; | |
15730 | + __u32 retmode; | |
15731 | + | |
15732 | + if (unlikely(!(gr_status & GR_READY))) | |
15733 | + return 0; | |
15734 | + | |
15735 | + read_lock(&tasklist_lock); | |
15736 | + read_lock(&grsec_exec_file_lock); | |
15737 | + filp = task->exec_file; | |
15738 | + | |
15739 | + while (tmp->pid > 0) { | |
15740 | + if (tmp == curtemp) | |
15741 | + break; | |
15742 | + tmp = tmp->parent; | |
15743 | + } | |
15744 | + | |
15745 | + if (!filp || (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE))) { | |
15746 | + read_unlock(&grsec_exec_file_lock); | |
15747 | + read_unlock(&tasklist_lock); | |
15748 | + return 1; | |
15749 | + } | |
15750 | + | |
15751 | + retmode = gr_search_file(filp->f_dentry, GR_NOPTRACE, filp->f_vfsmnt); | |
15752 | + read_unlock(&grsec_exec_file_lock); | |
15753 | + read_unlock(&tasklist_lock); | |
15754 | + | |
15755 | + if (retmode & GR_NOPTRACE) | |
15756 | + return 1; | |
15757 | + | |
15758 | + if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD) | |
15759 | + && (current->acl != task->acl || (current->acl != current->role->root_label | |
15760 | + && current->pid != task->pid))) | |
15761 | + return 1; | |
15762 | + | |
15763 | + return 0; | |
15764 | +} | |
15765 | + | |
15766 | +int | |
15767 | +gr_handle_ptrace(struct task_struct *task, const long request) | |
15768 | +{ | |
15769 | + struct task_struct *tmp = task; | |
15770 | + struct task_struct *curtemp = current; | |
15771 | + __u32 retmode; | |
15772 | + | |
15773 | + if (unlikely(!(gr_status & GR_READY))) | |
15774 | + return 0; | |
15775 | + | |
15776 | + read_lock(&tasklist_lock); | |
15777 | + while (tmp->pid > 0) { | |
15778 | + if (tmp == curtemp) | |
15779 | + break; | |
15780 | + tmp = tmp->parent; | |
15781 | + } | |
15782 | + | |
15783 | + if (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE)) { | |
15784 | + read_unlock(&tasklist_lock); | |
15785 | + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); | |
15786 | + return 1; | |
15787 | + } | |
15788 | + read_unlock(&tasklist_lock); | |
15789 | + | |
15790 | + read_lock(&grsec_exec_file_lock); | |
15791 | + if (unlikely(!task->exec_file)) { | |
15792 | + read_unlock(&grsec_exec_file_lock); | |
15793 | + return 0; | |
15794 | + } | |
15795 | + | |
15796 | + retmode = gr_search_file(task->exec_file->f_dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_vfsmnt); | |
15797 | + read_unlock(&grsec_exec_file_lock); | |
15798 | + | |
15799 | + if (retmode & GR_NOPTRACE) { | |
15800 | + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); | |
15801 | + return 1; | |
15802 | + } | |
15803 | + | |
15804 | + if (retmode & GR_PTRACERD) { | |
15805 | + switch (request) { | |
15806 | + case PTRACE_POKETEXT: | |
15807 | + case PTRACE_POKEDATA: | |
15808 | + case PTRACE_POKEUSR: | |
15809 | +#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64) | |
15810 | + case PTRACE_SETREGS: | |
15811 | + case PTRACE_SETFPREGS: | |
15812 | +#endif | |
15813 | +#ifdef CONFIG_X86 | |
15814 | + case PTRACE_SETFPXREGS: | |
15815 | +#endif | |
15816 | +#ifdef CONFIG_ALTIVEC | |
15817 | + case PTRACE_SETVRREGS: | |
15818 | +#endif | |
15819 | + return 1; | |
15820 | + default: | |
15821 | + return 0; | |
15822 | + } | |
15823 | + } else if (!(current->acl->mode & GR_POVERRIDE) && | |
15824 | + !(current->role->roletype & GR_ROLE_GOD) && | |
15825 | + (current->acl != task->acl)) { | |
15826 | + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); | |
15827 | + return 1; | |
15828 | + } | |
15829 | + | |
15830 | + return 0; | |
15831 | +} | |
15832 | + | |
15833 | +static int is_writable_mmap(const struct file *filp) | |
15834 | +{ | |
15835 | + struct task_struct *task = current; | |
15836 | + struct acl_object_label *obj, *obj2; | |
15837 | + | |
15838 | + if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) && | |
15839 | + !task->is_writable && S_ISREG(filp->f_dentry->d_inode->i_mode)) { | |
15840 | + obj = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, default_role->root_label); | |
15841 | + obj2 = chk_obj_label(filp->f_dentry, filp->f_vfsmnt, | |
15842 | + task->role->root_label); | |
15843 | + if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) { | |
15844 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_dentry, filp->f_vfsmnt); | |
15845 | + return 1; | |
15846 | + } | |
15847 | + } | |
15848 | + return 0; | |
15849 | +} | |
15850 | + | |
15851 | +int | |
15852 | +gr_acl_handle_mmap(const struct file *file, const unsigned long prot) | |
15853 | +{ | |
15854 | + __u32 mode; | |
15855 | + | |
15856 | + if (unlikely(!file || !(prot & PROT_EXEC))) | |
15857 | + return 1; | |
15858 | + | |
15859 | + if (is_writable_mmap(file)) | |
15860 | + return 0; | |
15861 | + | |
15862 | + mode = | |
15863 | + gr_search_file(file->f_dentry, | |
15864 | + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS, | |
15865 | + file->f_vfsmnt); | |
15866 | + | |
15867 | + if (!gr_tpe_allow(file)) | |
15868 | + return 0; | |
15869 | + | |
15870 | + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) { | |
15871 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_dentry, file->f_vfsmnt); | |
15872 | + return 0; | |
15873 | + } else if (unlikely(!(mode & GR_EXEC))) { | |
15874 | + return 0; | |
15875 | + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) { | |
15876 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_dentry, file->f_vfsmnt); | |
15877 | + return 1; | |
15878 | + } | |
15879 | + | |
15880 | + return 1; | |
15881 | +} | |
15882 | + | |
15883 | +int | |
15884 | +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot) | |
15885 | +{ | |
15886 | + __u32 mode; | |
15887 | + | |
15888 | + if (unlikely(!file || !(prot & PROT_EXEC))) | |
15889 | + return 1; | |
15890 | + | |
15891 | + if (is_writable_mmap(file)) | |
15892 | + return 0; | |
15893 | + | |
15894 | + mode = | |
15895 | + gr_search_file(file->f_dentry, | |
15896 | + GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS, | |
15897 | + file->f_vfsmnt); | |
15898 | + | |
15899 | + if (!gr_tpe_allow(file)) | |
15900 | + return 0; | |
15901 | + | |
15902 | + if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) { | |
15903 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_dentry, file->f_vfsmnt); | |
15904 | + return 0; | |
15905 | + } else if (unlikely(!(mode & GR_EXEC))) { | |
15906 | + return 0; | |
15907 | + } else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) { | |
15908 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_dentry, file->f_vfsmnt); | |
15909 | + return 1; | |
15910 | + } | |
15911 | + | |
15912 | + return 1; | |
15913 | +} | |
15914 | + | |
15915 | +void | |
15916 | +gr_acl_handle_psacct(struct task_struct *task, const long code) | |
15917 | +{ | |
15918 | + unsigned long runtime; | |
15919 | + unsigned long cputime; | |
15920 | + unsigned int wday, cday; | |
15921 | + __u8 whr, chr; | |
15922 | + __u8 wmin, cmin; | |
15923 | + __u8 wsec, csec; | |
15924 | + | |
15925 | + if (unlikely(!(gr_status & GR_READY) || !task->acl || | |
15926 | + !(task->acl->mode & GR_PROCACCT))) | |
15927 | + return; | |
15928 | + | |
15929 | + runtime = xtime.tv_sec - task->start_time.tv_sec; | |
15930 | + wday = runtime / (3600 * 24); | |
15931 | + runtime -= wday * (3600 * 24); | |
15932 | + whr = runtime / 3600; | |
15933 | + runtime -= whr * 3600; | |
15934 | + wmin = runtime / 60; | |
15935 | + runtime -= wmin * 60; | |
15936 | + wsec = runtime; | |
15937 | + | |
15938 | + cputime = (task->utime + task->stime) / HZ; | |
15939 | + cday = cputime / (3600 * 24); | |
15940 | + cputime -= cday * (3600 * 24); | |
15941 | + chr = cputime / 3600; | |
15942 | + cputime -= chr * 3600; | |
15943 | + cmin = cputime / 60; | |
15944 | + cputime -= cmin * 60; | |
15945 | + csec = cputime; | |
15946 | + | |
15947 | + gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code); | |
15948 | + | |
15949 | + return; | |
15950 | +} | |
15951 | + | |
15952 | +void gr_set_kernel_label(struct task_struct *task) | |
15953 | +{ | |
15954 | + if (gr_status & GR_READY) { | |
15955 | + task->role = kernel_role; | |
15956 | + task->acl = kernel_role->root_label; | |
15957 | + } | |
15958 | + return; | |
15959 | +} | |
15960 | + | |
15961 | +int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino) | |
15962 | +{ | |
15963 | + struct task_struct *task = current; | |
15964 | + struct dentry *dentry = file->f_dentry; | |
15965 | + struct vfsmount *mnt = file->f_vfsmnt; | |
15966 | + struct acl_object_label *obj, *tmp; | |
15967 | + struct acl_subject_label *subj; | |
15968 | + unsigned int bufsize; | |
15969 | + int is_not_root; | |
15970 | + char *path; | |
15971 | + | |
15972 | + if (unlikely(!(gr_status & GR_READY))) | |
15973 | + return 1; | |
15974 | + | |
15975 | + if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
15976 | + return 1; | |
15977 | + | |
15978 | + subj = task->acl; | |
15979 | + do { | |
15980 | + obj = lookup_acl_obj_label(ino, dentry->d_inode->i_sb->s_dev, subj); | |
15981 | + if (obj != NULL) | |
15982 | + return (obj->mode & GR_FIND) ? 1 : 0; | |
15983 | + } while ((subj = subj->parent_subject)); | |
15984 | + | |
15985 | + obj = chk_obj_label(dentry, mnt, task->acl); | |
15986 | + if (obj->globbed == NULL) | |
15987 | + return (obj->mode & GR_FIND) ? 1 : 0; | |
15988 | + | |
15989 | + is_not_root = ((obj->filename[0] == '/') && | |
15990 | + (obj->filename[1] == '\0')) ? 0 : 1; | |
15991 | + bufsize = PAGE_SIZE - namelen - is_not_root; | |
15992 | + | |
15993 | + /* check bufsize > PAGE_SIZE || bufsize == 0 */ | |
15994 | + if (unlikely((bufsize - 1) > (PAGE_SIZE - 1))) | |
15995 | + return 1; | |
15996 | + | |
15997 | + preempt_disable(); | |
15998 | + path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()), | |
15999 | + bufsize); | |
16000 | + | |
16001 | + bufsize = strlen(path); | |
16002 | + | |
16003 | + /* if base is "/", don't append an additional slash */ | |
16004 | + if (is_not_root) | |
16005 | + *(path + bufsize) = '/'; | |
16006 | + memcpy(path + bufsize + is_not_root, name, namelen); | |
16007 | + *(path + bufsize + namelen + is_not_root) = '\0'; | |
16008 | + | |
16009 | + tmp = obj->globbed; | |
16010 | + while (tmp) { | |
16011 | + if (!glob_match(tmp->filename, path)) { | |
16012 | + preempt_enable(); | |
16013 | + return (tmp->mode & GR_FIND) ? 1 : 0; | |
16014 | + } | |
16015 | + tmp = tmp->next; | |
16016 | + } | |
16017 | + preempt_enable(); | |
16018 | + return (obj->mode & GR_FIND) ? 1 : 0; | |
16019 | +} | |
16020 | + | |
16021 | +EXPORT_SYMBOL(gr_learn_resource); | |
16022 | +EXPORT_SYMBOL(gr_set_kernel_label); | |
16023 | +#ifdef CONFIG_SECURITY | |
16024 | +EXPORT_SYMBOL(gr_check_user_change); | |
16025 | +EXPORT_SYMBOL(gr_check_group_change); | |
16026 | +#endif | |
16027 | + | |
16028 | diff -urNp linux-2.6.19.1/grsecurity/gracl_cap.c linux-2.6.19.1/grsecurity/gracl_cap.c | |
16029 | --- linux-2.6.19.1/grsecurity/gracl_cap.c 1969-12-31 19:00:00.000000000 -0500 | |
16030 | +++ linux-2.6.19.1/grsecurity/gracl_cap.c 2006-12-03 15:16:32.000000000 -0500 | |
16031 | @@ -0,0 +1,110 @@ | |
16032 | +#include <linux/kernel.h> | |
16033 | +#include <linux/module.h> | |
16034 | +#include <linux/sched.h> | |
16035 | +#include <linux/capability.h> | |
16036 | +#include <linux/gracl.h> | |
16037 | +#include <linux/grsecurity.h> | |
16038 | +#include <linux/grinternal.h> | |
16039 | + | |
16040 | +static const char *captab_log[] = { | |
16041 | + "CAP_CHOWN", | |
16042 | + "CAP_DAC_OVERRIDE", | |
16043 | + "CAP_DAC_READ_SEARCH", | |
16044 | + "CAP_FOWNER", | |
16045 | + "CAP_FSETID", | |
16046 | + "CAP_KILL", | |
16047 | + "CAP_SETGID", | |
16048 | + "CAP_SETUID", | |
16049 | + "CAP_SETPCAP", | |
16050 | + "CAP_LINUX_IMMUTABLE", | |
16051 | + "CAP_NET_BIND_SERVICE", | |
16052 | + "CAP_NET_BROADCAST", | |
16053 | + "CAP_NET_ADMIN", | |
16054 | + "CAP_NET_RAW", | |
16055 | + "CAP_IPC_LOCK", | |
16056 | + "CAP_IPC_OWNER", | |
16057 | + "CAP_SYS_MODULE", | |
16058 | + "CAP_SYS_RAWIO", | |
16059 | + "CAP_SYS_CHROOT", | |
16060 | + "CAP_SYS_PTRACE", | |
16061 | + "CAP_SYS_PACCT", | |
16062 | + "CAP_SYS_ADMIN", | |
16063 | + "CAP_SYS_BOOT", | |
16064 | + "CAP_SYS_NICE", | |
16065 | + "CAP_SYS_RESOURCE", | |
16066 | + "CAP_SYS_TIME", | |
16067 | + "CAP_SYS_TTY_CONFIG", | |
16068 | + "CAP_MKNOD", | |
16069 | + "CAP_LEASE" | |
16070 | +}; | |
16071 | + | |
16072 | +EXPORT_SYMBOL(gr_task_is_capable); | |
16073 | + | |
16074 | +int | |
16075 | +gr_task_is_capable(struct task_struct *task, const int cap) | |
16076 | +{ | |
16077 | + struct acl_subject_label *curracl; | |
16078 | + __u32 cap_drop = 0, cap_mask = 0; | |
16079 | + | |
16080 | + if (!gr_acl_is_enabled()) | |
16081 | + return 1; | |
16082 | + | |
16083 | + curracl = task->acl; | |
16084 | + | |
16085 | + cap_drop = curracl->cap_lower; | |
16086 | + cap_mask = curracl->cap_mask; | |
16087 | + | |
16088 | + while ((curracl = curracl->parent_subject)) { | |
16089 | + if (!(cap_mask & (1 << cap)) && (curracl->cap_mask & (1 << cap))) | |
16090 | + cap_drop |= curracl->cap_lower & (1 << cap); | |
16091 | + cap_mask |= curracl->cap_mask; | |
16092 | + } | |
16093 | + | |
16094 | + if (!cap_raised(cap_drop, cap)) | |
16095 | + return 1; | |
16096 | + | |
16097 | + curracl = task->acl; | |
16098 | + | |
16099 | + if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) | |
16100 | + && cap_raised(task->cap_effective, cap)) { | |
16101 | + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, | |
16102 | + task->role->roletype, task->uid, | |
16103 | + task->gid, task->exec_file ? | |
16104 | + gr_to_filename(task->exec_file->f_dentry, | |
16105 | + task->exec_file->f_vfsmnt) : curracl->filename, | |
16106 | + curracl->filename, 0UL, | |
16107 | + 0UL, "", (unsigned long) cap, NIPQUAD(task->signal->curr_ip)); | |
16108 | + return 1; | |
16109 | + } | |
16110 | + | |
16111 | + if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(task->cap_effective, cap)) | |
16112 | + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); | |
16113 | + | |
16114 | + return 0; | |
16115 | +} | |
16116 | + | |
16117 | +int | |
16118 | +gr_is_capable_nolog(const int cap) | |
16119 | +{ | |
16120 | + struct acl_subject_label *curracl; | |
16121 | + __u32 cap_drop = 0, cap_mask = 0; | |
16122 | + | |
16123 | + if (!gr_acl_is_enabled()) | |
16124 | + return 1; | |
16125 | + | |
16126 | + curracl = current->acl; | |
16127 | + | |
16128 | + cap_drop = curracl->cap_lower; | |
16129 | + cap_mask = curracl->cap_mask; | |
16130 | + | |
16131 | + while ((curracl = curracl->parent_subject)) { | |
16132 | + cap_drop |= curracl->cap_lower & (cap_mask & ~curracl->cap_mask); | |
16133 | + cap_mask |= curracl->cap_mask; | |
16134 | + } | |
16135 | + | |
16136 | + if (!cap_raised(cap_drop, cap)) | |
16137 | + return 1; | |
16138 | + | |
16139 | + return 0; | |
16140 | +} | |
16141 | + | |
16142 | diff -urNp linux-2.6.19.1/grsecurity/gracl_fs.c linux-2.6.19.1/grsecurity/gracl_fs.c | |
16143 | --- linux-2.6.19.1/grsecurity/gracl_fs.c 1969-12-31 19:00:00.000000000 -0500 | |
16144 | +++ linux-2.6.19.1/grsecurity/gracl_fs.c 2006-12-03 15:16:32.000000000 -0500 | |
16145 | @@ -0,0 +1,423 @@ | |
16146 | +#include <linux/kernel.h> | |
16147 | +#include <linux/sched.h> | |
16148 | +#include <linux/types.h> | |
16149 | +#include <linux/fs.h> | |
16150 | +#include <linux/file.h> | |
16151 | +#include <linux/stat.h> | |
16152 | +#include <linux/grsecurity.h> | |
16153 | +#include <linux/grinternal.h> | |
16154 | +#include <linux/gracl.h> | |
16155 | + | |
16156 | +__u32 | |
16157 | +gr_acl_handle_hidden_file(const struct dentry * dentry, | |
16158 | + const struct vfsmount * mnt) | |
16159 | +{ | |
16160 | + __u32 mode; | |
16161 | + | |
16162 | + if (unlikely(!dentry->d_inode)) | |
16163 | + return GR_FIND; | |
16164 | + | |
16165 | + mode = | |
16166 | + gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt); | |
16167 | + | |
16168 | + if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) { | |
16169 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt); | |
16170 | + return mode; | |
16171 | + } else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) { | |
16172 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt); | |
16173 | + return 0; | |
16174 | + } else if (unlikely(!(mode & GR_FIND))) | |
16175 | + return 0; | |
16176 | + | |
16177 | + return GR_FIND; | |
16178 | +} | |
16179 | + | |
16180 | +__u32 | |
16181 | +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, | |
16182 | + const int fmode) | |
16183 | +{ | |
16184 | + __u32 reqmode = GR_FIND; | |
16185 | + __u32 mode; | |
16186 | + | |
16187 | + if (unlikely(!dentry->d_inode)) | |
16188 | + return reqmode; | |
16189 | + | |
16190 | + if (unlikely(fmode & O_APPEND)) | |
16191 | + reqmode |= GR_APPEND; | |
16192 | + else if (unlikely(fmode & FMODE_WRITE)) | |
16193 | + reqmode |= GR_WRITE; | |
16194 | + if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) | |
16195 | + reqmode |= GR_READ; | |
16196 | + | |
16197 | + mode = | |
16198 | + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, | |
16199 | + mnt); | |
16200 | + | |
16201 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
16202 | + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, | |
16203 | + reqmode & GR_READ ? " reading" : "", | |
16204 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
16205 | + GR_APPEND ? " appending" : ""); | |
16206 | + return reqmode; | |
16207 | + } else | |
16208 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
16209 | + { | |
16210 | + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, | |
16211 | + reqmode & GR_READ ? " reading" : "", | |
16212 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
16213 | + GR_APPEND ? " appending" : ""); | |
16214 | + return 0; | |
16215 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
16216 | + return 0; | |
16217 | + | |
16218 | + return reqmode; | |
16219 | +} | |
16220 | + | |
16221 | +__u32 | |
16222 | +gr_acl_handle_creat(const struct dentry * dentry, | |
16223 | + const struct dentry * p_dentry, | |
16224 | + const struct vfsmount * p_mnt, const int fmode, | |
16225 | + const int imode) | |
16226 | +{ | |
16227 | + __u32 reqmode = GR_WRITE | GR_CREATE; | |
16228 | + __u32 mode; | |
16229 | + | |
16230 | + if (unlikely(fmode & O_APPEND)) | |
16231 | + reqmode |= GR_APPEND; | |
16232 | + if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) | |
16233 | + reqmode |= GR_READ; | |
16234 | + if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID)))) | |
16235 | + reqmode |= GR_SETID; | |
16236 | + | |
16237 | + mode = | |
16238 | + gr_check_create(dentry, p_dentry, p_mnt, | |
16239 | + reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); | |
16240 | + | |
16241 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
16242 | + gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, | |
16243 | + reqmode & GR_READ ? " reading" : "", | |
16244 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
16245 | + GR_APPEND ? " appending" : ""); | |
16246 | + return reqmode; | |
16247 | + } else | |
16248 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
16249 | + { | |
16250 | + gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, | |
16251 | + reqmode & GR_READ ? " reading" : "", | |
16252 | + reqmode & GR_WRITE ? " writing" : reqmode & | |
16253 | + GR_APPEND ? " appending" : ""); | |
16254 | + return 0; | |
16255 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
16256 | + return 0; | |
16257 | + | |
16258 | + return reqmode; | |
16259 | +} | |
16260 | + | |
16261 | +__u32 | |
16262 | +gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt, | |
16263 | + const int fmode) | |
16264 | +{ | |
16265 | + __u32 mode, reqmode = GR_FIND; | |
16266 | + | |
16267 | + if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode)) | |
16268 | + reqmode |= GR_EXEC; | |
16269 | + if (fmode & S_IWOTH) | |
16270 | + reqmode |= GR_WRITE; | |
16271 | + if (fmode & S_IROTH) | |
16272 | + reqmode |= GR_READ; | |
16273 | + | |
16274 | + mode = | |
16275 | + gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, | |
16276 | + mnt); | |
16277 | + | |
16278 | + if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { | |
16279 | + gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt, | |
16280 | + reqmode & GR_READ ? " reading" : "", | |
16281 | + reqmode & GR_WRITE ? " writing" : "", | |
16282 | + reqmode & GR_EXEC ? " executing" : ""); | |
16283 | + return reqmode; | |
16284 | + } else | |
16285 | + if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) | |
16286 | + { | |
16287 | + gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt, | |
16288 | + reqmode & GR_READ ? " reading" : "", | |
16289 | + reqmode & GR_WRITE ? " writing" : "", | |
16290 | + reqmode & GR_EXEC ? " executing" : ""); | |
16291 | + return 0; | |
16292 | + } else if (unlikely((mode & reqmode) != reqmode)) | |
16293 | + return 0; | |
16294 | + | |
16295 | + return reqmode; | |
16296 | +} | |
16297 | + | |
16298 | +static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt) | |
16299 | +{ | |
16300 | + __u32 mode; | |
16301 | + | |
16302 | + mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); | |
16303 | + | |
16304 | + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { | |
16305 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt); | |
16306 | + return mode; | |
16307 | + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { | |
16308 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt); | |
16309 | + return 0; | |
16310 | + } else if (unlikely((mode & (reqmode)) != (reqmode))) | |
16311 | + return 0; | |
16312 | + | |
16313 | + return (reqmode); | |
16314 | +} | |
16315 | + | |
16316 | +__u32 | |
16317 | +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt) | |
16318 | +{ | |
16319 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG); | |
16320 | +} | |
16321 | + | |
16322 | +__u32 | |
16323 | +gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt) | |
16324 | +{ | |
16325 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG); | |
16326 | +} | |
16327 | + | |
16328 | +__u32 | |
16329 | +gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt) | |
16330 | +{ | |
16331 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG); | |
16332 | +} | |
16333 | + | |
16334 | +__u32 | |
16335 | +gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt) | |
16336 | +{ | |
16337 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG); | |
16338 | +} | |
16339 | + | |
16340 | +__u32 | |
16341 | +gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt, | |
16342 | + mode_t mode) | |
16343 | +{ | |
16344 | + if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode))) | |
16345 | + return 1; | |
16346 | + | |
16347 | + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) { | |
16348 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID, | |
16349 | + GR_FCHMOD_ACL_MSG); | |
16350 | + } else { | |
16351 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG); | |
16352 | + } | |
16353 | +} | |
16354 | + | |
16355 | +__u32 | |
16356 | +gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt, | |
16357 | + mode_t mode) | |
16358 | +{ | |
16359 | + if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) { | |
16360 | + return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID, | |
16361 | + GR_CHMOD_ACL_MSG); | |
16362 | + } else { | |
16363 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG); | |
16364 | + } | |
16365 | +} | |
16366 | + | |
16367 | +__u32 | |
16368 | +gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt) | |
16369 | +{ | |
16370 | + return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG); | |
16371 | +} | |
16372 | + | |
16373 | +__u32 | |
16374 | +gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt) | |
16375 | +{ | |
16376 | + return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG); | |
16377 | +} | |
16378 | + | |
16379 | +__u32 | |
16380 | +gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt) | |
16381 | +{ | |
16382 | + return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE, | |
16383 | + GR_UNIXCONNECT_ACL_MSG); | |
16384 | +} | |
16385 | + | |
16386 | +/* hardlinks require at minimum create permission, | |
16387 | + any additional privilege required is based on the | |
16388 | + privilege of the file being linked to | |
16389 | +*/ | |
16390 | +__u32 | |
16391 | +gr_acl_handle_link(const struct dentry * new_dentry, | |
16392 | + const struct dentry * parent_dentry, | |
16393 | + const struct vfsmount * parent_mnt, | |
16394 | + const struct dentry * old_dentry, | |
16395 | + const struct vfsmount * old_mnt, const char *to) | |
16396 | +{ | |
16397 | + __u32 mode; | |
16398 | + __u32 needmode = GR_CREATE | GR_LINK; | |
16399 | + __u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK; | |
16400 | + | |
16401 | + mode = | |
16402 | + gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry, | |
16403 | + old_mnt); | |
16404 | + | |
16405 | + if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) { | |
16406 | + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to); | |
16407 | + return mode; | |
16408 | + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { | |
16409 | + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to); | |
16410 | + return 0; | |
16411 | + } else if (unlikely((mode & needmode) != needmode)) | |
16412 | + return 0; | |
16413 | + | |
16414 | + return 1; | |
16415 | +} | |
16416 | + | |
16417 | +__u32 | |
16418 | +gr_acl_handle_symlink(const struct dentry * new_dentry, | |
16419 | + const struct dentry * parent_dentry, | |
16420 | + const struct vfsmount * parent_mnt, const char *from) | |
16421 | +{ | |
16422 | + __u32 needmode = GR_WRITE | GR_CREATE; | |
16423 | + __u32 mode; | |
16424 | + | |
16425 | + mode = | |
16426 | + gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
16427 | + GR_CREATE | GR_AUDIT_CREATE | | |
16428 | + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS); | |
16429 | + | |
16430 | + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) { | |
16431 | + gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt); | |
16432 | + return mode; | |
16433 | + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { | |
16434 | + gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt); | |
16435 | + return 0; | |
16436 | + } else if (unlikely((mode & needmode) != needmode)) | |
16437 | + return 0; | |
16438 | + | |
16439 | + return (GR_WRITE | GR_CREATE); | |
16440 | +} | |
16441 | + | |
16442 | +static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt) | |
16443 | +{ | |
16444 | + __u32 mode; | |
16445 | + | |
16446 | + mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); | |
16447 | + | |
16448 | + if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) { | |
16449 | + gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt); | |
16450 | + return mode; | |
16451 | + } else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) { | |
16452 | + gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt); | |
16453 | + return 0; | |
16454 | + } else if (unlikely((mode & (reqmode)) != (reqmode))) | |
16455 | + return 0; | |
16456 | + | |
16457 | + return (reqmode); | |
16458 | +} | |
16459 | + | |
16460 | +__u32 | |
16461 | +gr_acl_handle_mknod(const struct dentry * new_dentry, | |
16462 | + const struct dentry * parent_dentry, | |
16463 | + const struct vfsmount * parent_mnt, | |
16464 | + const int mode) | |
16465 | +{ | |
16466 | + __u32 reqmode = GR_WRITE | GR_CREATE; | |
16467 | + if (unlikely(mode & (S_ISUID | S_ISGID))) | |
16468 | + reqmode |= GR_SETID; | |
16469 | + | |
16470 | + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, | |
16471 | + reqmode, GR_MKNOD_ACL_MSG); | |
16472 | +} | |
16473 | + | |
16474 | +__u32 | |
16475 | +gr_acl_handle_mkdir(const struct dentry *new_dentry, | |
16476 | + const struct dentry *parent_dentry, | |
16477 | + const struct vfsmount *parent_mnt) | |
16478 | +{ | |
16479 | + return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt, | |
16480 | + GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG); | |
16481 | +} | |
16482 | + | |
16483 | +#define RENAME_CHECK_SUCCESS(old, new) \ | |
16484 | + (((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \ | |
16485 | + ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ))) | |
16486 | + | |
16487 | +int | |
16488 | +gr_acl_handle_rename(struct dentry *new_dentry, | |
16489 | + struct dentry *parent_dentry, | |
16490 | + const struct vfsmount *parent_mnt, | |
16491 | + struct dentry *old_dentry, | |
16492 | + struct inode *old_parent_inode, | |
16493 | + struct vfsmount *old_mnt, const char *newname) | |
16494 | +{ | |
16495 | + __u32 comp1, comp2; | |
16496 | + int error = 0; | |
16497 | + | |
16498 | + if (unlikely(!gr_acl_is_enabled())) | |
16499 | + return 0; | |
16500 | + | |
16501 | + if (!new_dentry->d_inode) { | |
16502 | + comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt, | |
16503 | + GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ | | |
16504 | + GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS); | |
16505 | + comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE | | |
16506 | + GR_DELETE | GR_AUDIT_DELETE | | |
16507 | + GR_AUDIT_READ | GR_AUDIT_WRITE | | |
16508 | + GR_SUPPRESS, old_mnt); | |
16509 | + } else { | |
16510 | + comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE | | |
16511 | + GR_CREATE | GR_DELETE | | |
16512 | + GR_AUDIT_CREATE | GR_AUDIT_DELETE | | |
16513 | + GR_AUDIT_READ | GR_AUDIT_WRITE | | |
16514 | + GR_SUPPRESS, parent_mnt); | |
16515 | + comp2 = | |
16516 | + gr_search_file(old_dentry, | |
16517 | + GR_READ | GR_WRITE | GR_AUDIT_READ | | |
16518 | + GR_DELETE | GR_AUDIT_DELETE | | |
16519 | + GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt); | |
16520 | + } | |
16521 | + | |
16522 | + if (RENAME_CHECK_SUCCESS(comp1, comp2) && | |
16523 | + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS))) | |
16524 | + gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname); | |
16525 | + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS) | |
16526 | + && !(comp2 & GR_SUPPRESS)) { | |
16527 | + gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname); | |
16528 | + error = -EACCES; | |
16529 | + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2))) | |
16530 | + error = -EACCES; | |
16531 | + | |
16532 | + return error; | |
16533 | +} | |
16534 | + | |
16535 | +void | |
16536 | +gr_acl_handle_exit(void) | |
16537 | +{ | |
16538 | + u16 id; | |
16539 | + char *rolename; | |
16540 | + struct file *exec_file; | |
16541 | + | |
16542 | + if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) { | |
16543 | + id = current->acl_role_id; | |
16544 | + rolename = current->role->rolename; | |
16545 | + gr_set_acls(1); | |
16546 | + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id); | |
16547 | + } | |
16548 | + | |
16549 | + write_lock(&grsec_exec_file_lock); | |
16550 | + exec_file = current->exec_file; | |
16551 | + current->exec_file = NULL; | |
16552 | + write_unlock(&grsec_exec_file_lock); | |
16553 | + | |
16554 | + if (exec_file) | |
16555 | + fput(exec_file); | |
16556 | +} | |
16557 | + | |
16558 | +int | |
16559 | +gr_acl_handle_procpidmem(const struct task_struct *task) | |
16560 | +{ | |
16561 | + if (unlikely(!gr_acl_is_enabled())) | |
16562 | + return 0; | |
16563 | + | |
16564 | + if (task->acl->mode & GR_PROTPROCFD) | |
16565 | + return -EACCES; | |
16566 | + | |
16567 | + return 0; | |
16568 | +} | |
16569 | diff -urNp linux-2.6.19.1/grsecurity/gracl_ip.c linux-2.6.19.1/grsecurity/gracl_ip.c | |
16570 | --- linux-2.6.19.1/grsecurity/gracl_ip.c 1969-12-31 19:00:00.000000000 -0500 | |
16571 | +++ linux-2.6.19.1/grsecurity/gracl_ip.c 2006-12-03 15:16:32.000000000 -0500 | |
16572 | @@ -0,0 +1,313 @@ | |
16573 | +#include <linux/kernel.h> | |
16574 | +#include <asm/uaccess.h> | |
16575 | +#include <asm/errno.h> | |
16576 | +#include <net/sock.h> | |
16577 | +#include <linux/file.h> | |
16578 | +#include <linux/fs.h> | |
16579 | +#include <linux/net.h> | |
16580 | +#include <linux/in.h> | |
16581 | +#include <linux/skbuff.h> | |
16582 | +#include <linux/ip.h> | |
16583 | +#include <linux/udp.h> | |
16584 | +#include <linux/smp_lock.h> | |
16585 | +#include <linux/types.h> | |
16586 | +#include <linux/sched.h> | |
16587 | +#include <linux/netdevice.h> | |
16588 | +#include <linux/inetdevice.h> | |
16589 | +#include <linux/gracl.h> | |
16590 | +#include <linux/grsecurity.h> | |
16591 | +#include <linux/grinternal.h> | |
16592 | + | |
16593 | +#define GR_BIND 0x01 | |
16594 | +#define GR_CONNECT 0x02 | |
16595 | +#define GR_INVERT 0x04 | |
16596 | + | |
16597 | +static const char * gr_protocols[256] = { | |
16598 | + "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt", | |
16599 | + "egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet", | |
16600 | + "chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1", | |
16601 | + "trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp", | |
16602 | + "merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++", | |
16603 | + "il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre", | |
16604 | + "mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile", | |
16605 | + "tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63", | |
16606 | + "sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv", | |
16607 | + "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak", | |
16608 | + "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf", | |
16609 | + "eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp", | |
16610 | + "scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim", | |
16611 | + "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip", | |
16612 | + "vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp", | |
16613 | + "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup", | |
16614 | + "sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135", | |
16615 | + "unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143", | |
16616 | + "unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151", | |
16617 | + "unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159", | |
16618 | + "unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167", | |
16619 | + "unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175", | |
16620 | + "unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183", | |
16621 | + "unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191", | |
16622 | + "unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199", | |
16623 | + "unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207", | |
16624 | + "unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215", | |
16625 | + "unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223", | |
16626 | + "unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231", | |
16627 | + "unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239", | |
16628 | + "unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247", | |
16629 | + "unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255", | |
16630 | + }; | |
16631 | + | |
16632 | +static const char * gr_socktypes[11] = { | |
16633 | + "unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6", | |
16634 | + "unknown:7", "unknown:8", "unknown:9", "packet" | |
16635 | + }; | |
16636 | + | |
16637 | +const char * | |
16638 | +gr_proto_to_name(unsigned char proto) | |
16639 | +{ | |
16640 | + return gr_protocols[proto]; | |
16641 | +} | |
16642 | + | |
16643 | +const char * | |
16644 | +gr_socktype_to_name(unsigned char type) | |
16645 | +{ | |
16646 | + return gr_socktypes[type]; | |
16647 | +} | |
16648 | + | |
16649 | +int | |
16650 | +gr_search_socket(const int domain, const int type, const int protocol) | |
16651 | +{ | |
16652 | + struct acl_subject_label *curr; | |
16653 | + | |
16654 | + if (unlikely(!gr_acl_is_enabled())) | |
16655 | + goto exit; | |
16656 | + | |
16657 | + if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET) | |
16658 | + || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255)) | |
16659 | + goto exit; // let the kernel handle it | |
16660 | + | |
16661 | + curr = current->acl; | |
16662 | + | |
16663 | + if (!curr->ips) | |
16664 | + goto exit; | |
16665 | + | |
16666 | + if ((curr->ip_type & (1 << type)) && | |
16667 | + (curr->ip_proto[protocol / 32] & (1 << (protocol % 32)))) | |
16668 | + goto exit; | |
16669 | + | |
16670 | + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
16671 | + /* we don't place acls on raw sockets , and sometimes | |
16672 | + dgram/ip sockets are opened for ioctl and not | |
16673 | + bind/connect, so we'll fake a bind learn log */ | |
16674 | + if (type == SOCK_RAW || type == SOCK_PACKET) { | |
16675 | + __u32 fakeip = 0; | |
16676 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
16677 | + current->role->roletype, current->uid, | |
16678 | + current->gid, current->exec_file ? | |
16679 | + gr_to_filename(current->exec_file->f_dentry, | |
16680 | + current->exec_file->f_vfsmnt) : | |
16681 | + curr->filename, curr->filename, | |
16682 | + NIPQUAD(fakeip), 0, type, | |
16683 | + protocol, GR_CONNECT, | |
16684 | +NIPQUAD(current->signal->curr_ip)); | |
16685 | + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) { | |
16686 | + __u32 fakeip = 0; | |
16687 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
16688 | + current->role->roletype, current->uid, | |
16689 | + current->gid, current->exec_file ? | |
16690 | + gr_to_filename(current->exec_file->f_dentry, | |
16691 | + current->exec_file->f_vfsmnt) : | |
16692 | + curr->filename, curr->filename, | |
16693 | + NIPQUAD(fakeip), 0, type, | |
16694 | + protocol, GR_BIND, NIPQUAD(current->signal->curr_ip)); | |
16695 | + } | |
16696 | + /* we'll log when they use connect or bind */ | |
16697 | + goto exit; | |
16698 | + } | |
16699 | + | |
16700 | + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, "inet", | |
16701 | + gr_socktype_to_name(type), gr_proto_to_name(protocol)); | |
16702 | + | |
16703 | + return 0; | |
16704 | + exit: | |
16705 | + return 1; | |
16706 | +} | |
16707 | + | |
16708 | +int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask) | |
16709 | +{ | |
16710 | + if ((ip->mode & mode) && | |
16711 | + (ip_port >= ip->low) && | |
16712 | + (ip_port <= ip->high) && | |
16713 | + ((ntohl(ip_addr) & our_netmask) == | |
16714 | + (ntohl(our_addr) & our_netmask)) | |
16715 | + && (ip->proto[protocol / 32] & (1 << (protocol % 32))) | |
16716 | + && (ip->type & (1 << type))) { | |
16717 | + if (ip->mode & GR_INVERT) | |
16718 | + return 2; // specifically denied | |
16719 | + else | |
16720 | + return 1; // allowed | |
16721 | + } | |
16722 | + | |
16723 | + return 0; // not specifically allowed, may continue parsing | |
16724 | +} | |
16725 | + | |
16726 | +static int | |
16727 | +gr_search_connectbind(const int mode, const struct sock *sk, | |
16728 | + const struct sockaddr_in *addr, const int type) | |
16729 | +{ | |
16730 | + char iface[IFNAMSIZ] = {0}; | |
16731 | + struct acl_subject_label *curr; | |
16732 | + struct acl_ip_label *ip; | |
16733 | + struct net_device *dev; | |
16734 | + struct in_device *idev; | |
16735 | + unsigned long i; | |
16736 | + int ret; | |
16737 | + __u32 ip_addr = 0; | |
16738 | + __u32 our_addr; | |
16739 | + __u32 our_netmask; | |
16740 | + char *p; | |
16741 | + __u16 ip_port = 0; | |
16742 | + | |
16743 | + if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET)) | |
16744 | + return 1; | |
16745 | + | |
16746 | + curr = current->acl; | |
16747 | + | |
16748 | + if (!curr->ips) | |
16749 | + return 1; | |
16750 | + | |
16751 | + ip_addr = addr->sin_addr.s_addr; | |
16752 | + ip_port = ntohs(addr->sin_port); | |
16753 | + | |
16754 | + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { | |
16755 | + security_learn(GR_IP_LEARN_MSG, current->role->rolename, | |
16756 | + current->role->roletype, current->uid, | |
16757 | + current->gid, current->exec_file ? | |
16758 | + gr_to_filename(current->exec_file->f_dentry, | |
16759 | + current->exec_file->f_vfsmnt) : | |
16760 | + curr->filename, curr->filename, | |
16761 | + NIPQUAD(ip_addr), ip_port, type, | |
16762 | + sk->sk_protocol, mode, NIPQUAD(current->signal->curr_ip)); | |
16763 | + return 1; | |
16764 | + } | |
16765 | + | |
16766 | + for (i = 0; i < curr->ip_num; i++) { | |
16767 | + ip = *(curr->ips + i); | |
16768 | + if (ip->iface != NULL) { | |
16769 | + strncpy(iface, ip->iface, IFNAMSIZ - 1); | |
16770 | + p = strchr(iface, ':'); | |
16771 | + if (p != NULL) | |
16772 | + *p = '\0'; | |
16773 | + dev = dev_get_by_name(iface); | |
16774 | + if (dev == NULL) | |
16775 | + continue; | |
16776 | + idev = in_dev_get(dev); | |
16777 | + if (idev == NULL) { | |
16778 | + dev_put(dev); | |
16779 | + continue; | |
16780 | + } | |
16781 | + rcu_read_lock(); | |
16782 | + for_ifa(idev) { | |
16783 | + if (!strcmp(ip->iface, ifa->ifa_label)) { | |
16784 | + our_addr = ifa->ifa_address; | |
16785 | + our_netmask = 0xffffffff; | |
16786 | + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask); | |
16787 | + if (ret == 1) { | |
16788 | + rcu_read_unlock(); | |
16789 | + in_dev_put(idev); | |
16790 | + dev_put(dev); | |
16791 | + return 1; | |
16792 | + } else if (ret == 2) { | |
16793 | + rcu_read_unlock(); | |
16794 | + in_dev_put(idev); | |
16795 | + dev_put(dev); | |
16796 | + goto denied; | |
16797 | + } | |
16798 | + } | |
16799 | + } endfor_ifa(idev); | |
16800 | + rcu_read_unlock(); | |
16801 | + in_dev_put(idev); | |
16802 | + dev_put(dev); | |
16803 | + } else { | |
16804 | + our_addr = ip->addr; | |
16805 | + our_netmask = ip->netmask; | |
16806 | + ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask); | |
16807 | + if (ret == 1) | |
16808 | + return 1; | |
16809 | + else if (ret == 2) | |
16810 | + goto denied; | |
16811 | + } | |
16812 | + } | |
16813 | + | |
16814 | +denied: | |
16815 | + if (mode == GR_BIND) | |
16816 | + gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, NIPQUAD(ip_addr), ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol)); | |
16817 | + else if (mode == GR_CONNECT) | |
16818 | + gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, NIPQUAD(ip_addr), ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol)); | |
16819 | + | |
16820 | + return 0; | |
16821 | +} | |
16822 | + | |
16823 | +int | |
16824 | +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr) | |
16825 | +{ | |
16826 | + return gr_search_connectbind(GR_CONNECT, sock->sk, addr, sock->type); | |
16827 | +} | |
16828 | + | |
16829 | +int | |
16830 | +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr) | |
16831 | +{ | |
16832 | + return gr_search_connectbind(GR_BIND, sock->sk, addr, sock->type); | |
16833 | +} | |
16834 | + | |
16835 | +int gr_search_listen(const struct socket *sock) | |
16836 | +{ | |
16837 | + struct sock *sk = sock->sk; | |
16838 | + struct sockaddr_in addr; | |
16839 | + | |
16840 | + addr.sin_addr.s_addr = inet_sk(sk)->saddr; | |
16841 | + addr.sin_port = inet_sk(sk)->sport; | |
16842 | + | |
16843 | + return gr_search_connectbind(GR_BIND, sock->sk, &addr, sock->type); | |
16844 | +} | |
16845 | + | |
16846 | +int gr_search_accept(const struct socket *sock) | |
16847 | +{ | |
16848 | + struct sock *sk = sock->sk; | |
16849 | + struct sockaddr_in addr; | |
16850 | + | |
16851 | + addr.sin_addr.s_addr = inet_sk(sk)->saddr; | |
16852 | + addr.sin_port = inet_sk(sk)->sport; | |
16853 | + | |
16854 | + return gr_search_connectbind(GR_BIND, sock->sk, &addr, sock->type); | |
16855 | +} | |
16856 | + | |
16857 | +int | |
16858 | +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr) | |
16859 | +{ | |
16860 | + if (addr) | |
16861 | + return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM); | |
16862 | + else { | |
16863 | + struct sockaddr_in sin; | |
16864 | + const struct inet_sock *inet = inet_sk(sk); | |
16865 | + | |
16866 | + sin.sin_addr.s_addr = inet->daddr; | |
16867 | + sin.sin_port = inet->dport; | |
16868 | + | |
16869 | + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM); | |
16870 | + } | |
16871 | +} | |
16872 | + | |
16873 | +int | |
16874 | +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb) | |
16875 | +{ | |
16876 | + struct sockaddr_in sin; | |
16877 | + | |
16878 | + if (unlikely(skb->len < sizeof (struct udphdr))) | |
16879 | + return 1; // skip this packet | |
16880 | + | |
16881 | + sin.sin_addr.s_addr = skb->nh.iph->saddr; | |
16882 | + sin.sin_port = skb->h.uh->source; | |
16883 | + | |
16884 | + return gr_search_connectbind(GR_CONNECT, sk, &sin, SOCK_DGRAM); | |
16885 | +} | |
16886 | diff -urNp linux-2.6.19.1/grsecurity/gracl_learn.c linux-2.6.19.1/grsecurity/gracl_learn.c | |
16887 | --- linux-2.6.19.1/grsecurity/gracl_learn.c 1969-12-31 19:00:00.000000000 -0500 | |
16888 | +++ linux-2.6.19.1/grsecurity/gracl_learn.c 2006-12-03 15:16:32.000000000 -0500 | |
16889 | @@ -0,0 +1,204 @@ | |
16890 | +#include <linux/kernel.h> | |
16891 | +#include <linux/mm.h> | |
16892 | +#include <linux/sched.h> | |
16893 | +#include <linux/poll.h> | |
16894 | +#include <linux/smp_lock.h> | |
16895 | +#include <linux/string.h> | |
16896 | +#include <linux/file.h> | |
16897 | +#include <linux/types.h> | |
16898 | +#include <linux/vmalloc.h> | |
16899 | +#include <linux/grinternal.h> | |
16900 | + | |
16901 | +extern ssize_t write_grsec_handler(struct file * file, const char __user * buf, | |
16902 | + size_t count, loff_t *ppos); | |
16903 | +extern int gr_acl_is_enabled(void); | |
16904 | + | |
16905 | +static DECLARE_WAIT_QUEUE_HEAD(learn_wait); | |
16906 | +static int gr_learn_attached; | |
16907 | + | |
16908 | +/* use a 512k buffer */ | |
16909 | +#define LEARN_BUFFER_SIZE (512 * 1024) | |
16910 | + | |
16911 | +static spinlock_t gr_learn_lock = SPIN_LOCK_UNLOCKED; | |
16912 | +static DECLARE_MUTEX(gr_learn_user_sem); | |
16913 | + | |
16914 | +/* we need to maintain two buffers, so that the kernel context of grlearn | |
16915 | + uses a semaphore around the userspace copying, and the other kernel contexts | |
16916 | + use a spinlock when copying into the buffer, since they cannot sleep | |
16917 | +*/ | |
16918 | +static char *learn_buffer; | |
16919 | +static char *learn_buffer_user; | |
16920 | +static int learn_buffer_len; | |
16921 | +static int learn_buffer_user_len; | |
16922 | + | |
16923 | +static ssize_t | |
16924 | +read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos) | |
16925 | +{ | |
16926 | + DECLARE_WAITQUEUE(wait, current); | |
16927 | + ssize_t retval = 0; | |
16928 | + | |
16929 | + add_wait_queue(&learn_wait, &wait); | |
16930 | + set_current_state(TASK_INTERRUPTIBLE); | |
16931 | + do { | |
16932 | + down(&gr_learn_user_sem); | |
16933 | + spin_lock(&gr_learn_lock); | |
16934 | + if (learn_buffer_len) | |
16935 | + break; | |
16936 | + spin_unlock(&gr_learn_lock); | |
16937 | + up(&gr_learn_user_sem); | |
16938 | + if (file->f_flags & O_NONBLOCK) { | |
16939 | + retval = -EAGAIN; | |
16940 | + goto out; | |
16941 | + } | |
16942 | + if (signal_pending(current)) { | |
16943 | + retval = -ERESTARTSYS; | |
16944 | + goto out; | |
16945 | + } | |
16946 | + | |
16947 | + schedule(); | |
16948 | + } while (1); | |
16949 | + | |
16950 | + memcpy(learn_buffer_user, learn_buffer, learn_buffer_len); | |
16951 | + learn_buffer_user_len = learn_buffer_len; | |
16952 | + retval = learn_buffer_len; | |
16953 | + learn_buffer_len = 0; | |
16954 | + | |
16955 | + spin_unlock(&gr_learn_lock); | |
16956 | + | |
16957 | + if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len)) | |
16958 | + retval = -EFAULT; | |
16959 | + | |
16960 | + up(&gr_learn_user_sem); | |
16961 | +out: | |
16962 | + set_current_state(TASK_RUNNING); | |
16963 | + remove_wait_queue(&learn_wait, &wait); | |
16964 | + return retval; | |
16965 | +} | |
16966 | + | |
16967 | +static unsigned int | |
16968 | +poll_learn(struct file * file, poll_table * wait) | |
16969 | +{ | |
16970 | + poll_wait(file, &learn_wait, wait); | |
16971 | + | |
16972 | + if (learn_buffer_len) | |
16973 | + return (POLLIN | POLLRDNORM); | |
16974 | + | |
16975 | + return 0; | |
16976 | +} | |
16977 | + | |
16978 | +void | |
16979 | +gr_clear_learn_entries(void) | |
16980 | +{ | |
16981 | + char *tmp; | |
16982 | + | |
16983 | + down(&gr_learn_user_sem); | |
16984 | + if (learn_buffer != NULL) { | |
16985 | + spin_lock(&gr_learn_lock); | |
16986 | + tmp = learn_buffer; | |
16987 | + learn_buffer = NULL; | |
16988 | + spin_unlock(&gr_learn_lock); | |
16989 | + vfree(learn_buffer); | |
16990 | + } | |
16991 | + if (learn_buffer_user != NULL) { | |
16992 | + vfree(learn_buffer_user); | |
16993 | + learn_buffer_user = NULL; | |
16994 | + } | |
16995 | + learn_buffer_len = 0; | |
16996 | + up(&gr_learn_user_sem); | |
16997 | + | |
16998 | + return; | |
16999 | +} | |
17000 | + | |
17001 | +void | |
17002 | +gr_add_learn_entry(const char *fmt, ...) | |
17003 | +{ | |
17004 | + va_list args; | |
17005 | + unsigned int len; | |
17006 | + | |
17007 | + if (!gr_learn_attached) | |
17008 | + return; | |
17009 | + | |
17010 | + spin_lock(&gr_learn_lock); | |
17011 | + | |
17012 | + /* leave a gap at the end so we know when it's "full" but don't have to | |
17013 | + compute the exact length of the string we're trying to append | |
17014 | + */ | |
17015 | + if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) { | |
17016 | + spin_unlock(&gr_learn_lock); | |
17017 | + wake_up_interruptible(&learn_wait); | |
17018 | + return; | |
17019 | + } | |
17020 | + if (learn_buffer == NULL) { | |
17021 | + spin_unlock(&gr_learn_lock); | |
17022 | + return; | |
17023 | + } | |
17024 | + | |
17025 | + va_start(args, fmt); | |
17026 | + len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args); | |
17027 | + va_end(args); | |
17028 | + | |
17029 | + learn_buffer_len += len + 1; | |
17030 | + | |
17031 | + spin_unlock(&gr_learn_lock); | |
17032 | + wake_up_interruptible(&learn_wait); | |
17033 | + | |
17034 | + return; | |
17035 | +} | |
17036 | + | |
17037 | +static int | |
17038 | +open_learn(struct inode *inode, struct file *file) | |
17039 | +{ | |
17040 | + if (file->f_mode & FMODE_READ && gr_learn_attached) | |
17041 | + return -EBUSY; | |
17042 | + if (file->f_mode & FMODE_READ) { | |
17043 | + down(&gr_learn_user_sem); | |
17044 | + if (learn_buffer == NULL) | |
17045 | + learn_buffer = vmalloc(LEARN_BUFFER_SIZE); | |
17046 | + if (learn_buffer_user == NULL) | |
17047 | + learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE); | |
17048 | + if (learn_buffer == NULL) | |
17049 | + return -ENOMEM; | |
17050 | + if (learn_buffer_user == NULL) | |
17051 | + return -ENOMEM; | |
17052 | + learn_buffer_len = 0; | |
17053 | + learn_buffer_user_len = 0; | |
17054 | + gr_learn_attached = 1; | |
17055 | + up(&gr_learn_user_sem); | |
17056 | + } | |
17057 | + return 0; | |
17058 | +} | |
17059 | + | |
17060 | +static int | |
17061 | +close_learn(struct inode *inode, struct file *file) | |
17062 | +{ | |
17063 | + char *tmp; | |
17064 | + | |
17065 | + if (file->f_mode & FMODE_READ) { | |
17066 | + down(&gr_learn_user_sem); | |
17067 | + if (learn_buffer != NULL) { | |
17068 | + spin_lock(&gr_learn_lock); | |
17069 | + tmp = learn_buffer; | |
17070 | + learn_buffer = NULL; | |
17071 | + spin_unlock(&gr_learn_lock); | |
17072 | + vfree(tmp); | |
17073 | + } | |
17074 | + if (learn_buffer_user != NULL) { | |
17075 | + vfree(learn_buffer_user); | |
17076 | + learn_buffer_user = NULL; | |
17077 | + } | |
17078 | + learn_buffer_len = 0; | |
17079 | + learn_buffer_user_len = 0; | |
17080 | + gr_learn_attached = 0; | |
17081 | + up(&gr_learn_user_sem); | |
17082 | + } | |
17083 | + | |
17084 | + return 0; | |
17085 | +} | |
17086 | + | |
17087 | +struct file_operations grsec_fops = { | |
17088 | + .read = read_learn, | |
17089 | + .write = write_grsec_handler, | |
17090 | + .open = open_learn, | |
17091 | + .release = close_learn, | |
17092 | + .poll = poll_learn, | |
17093 | +}; | |
17094 | diff -urNp linux-2.6.19.1/grsecurity/gracl_res.c linux-2.6.19.1/grsecurity/gracl_res.c | |
17095 | --- linux-2.6.19.1/grsecurity/gracl_res.c 1969-12-31 19:00:00.000000000 -0500 | |
17096 | +++ linux-2.6.19.1/grsecurity/gracl_res.c 2006-12-03 15:16:32.000000000 -0500 | |
17097 | @@ -0,0 +1,45 @@ | |
17098 | +#include <linux/kernel.h> | |
17099 | +#include <linux/sched.h> | |
17100 | +#include <linux/gracl.h> | |
17101 | +#include <linux/grinternal.h> | |
17102 | + | |
17103 | +static const char *restab_log[] = { | |
17104 | + [RLIMIT_CPU] = "RLIMIT_CPU", | |
17105 | + [RLIMIT_FSIZE] = "RLIMIT_FSIZE", | |
17106 | + [RLIMIT_DATA] = "RLIMIT_DATA", | |
17107 | + [RLIMIT_STACK] = "RLIMIT_STACK", | |
17108 | + [RLIMIT_CORE] = "RLIMIT_CORE", | |
17109 | + [RLIMIT_RSS] = "RLIMIT_RSS", | |
17110 | + [RLIMIT_NPROC] = "RLIMIT_NPROC", | |
17111 | + [RLIMIT_NOFILE] = "RLIMIT_NOFILE", | |
17112 | + [RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK", | |
17113 | + [RLIMIT_AS] = "RLIMIT_AS", | |
17114 | + [RLIMIT_LOCKS] = "RLIMIT_LOCKS", | |
17115 | + [RLIMIT_LOCKS + 1] = "RLIMIT_CRASH" | |
17116 | +}; | |
17117 | + | |
17118 | +void | |
17119 | +gr_log_resource(const struct task_struct *task, | |
17120 | + const int res, const unsigned long wanted, const int gt) | |
17121 | +{ | |
17122 | + if (res == RLIMIT_NPROC && | |
17123 | + (cap_raised(task->cap_effective, CAP_SYS_ADMIN) || | |
17124 | + cap_raised(task->cap_effective, CAP_SYS_RESOURCE))) | |
17125 | + return; | |
17126 | + else if (res == RLIMIT_MEMLOCK && | |
17127 | + cap_raised(task->cap_effective, CAP_IPC_LOCK)) | |
17128 | + return; | |
17129 | + | |
17130 | + if (!gr_acl_is_enabled() && !grsec_resource_logging) | |
17131 | + return; | |
17132 | + | |
17133 | + preempt_disable(); | |
17134 | + | |
17135 | + if (unlikely(((gt && wanted > task->signal->rlim[res].rlim_cur) || | |
17136 | + (!gt && wanted >= task->signal->rlim[res].rlim_cur)) && | |
17137 | + task->signal->rlim[res].rlim_cur != RLIM_INFINITY)) | |
17138 | + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur); | |
17139 | + preempt_enable_no_resched(); | |
17140 | + | |
17141 | + return; | |
17142 | +} | |
17143 | diff -urNp linux-2.6.19.1/grsecurity/gracl_segv.c linux-2.6.19.1/grsecurity/gracl_segv.c | |
17144 | --- linux-2.6.19.1/grsecurity/gracl_segv.c 1969-12-31 19:00:00.000000000 -0500 | |
17145 | +++ linux-2.6.19.1/grsecurity/gracl_segv.c 2006-12-03 15:16:32.000000000 -0500 | |
17146 | @@ -0,0 +1,295 @@ | |
17147 | +#include <linux/kernel.h> | |
17148 | +#include <linux/mm.h> | |
17149 | +#include <asm/uaccess.h> | |
17150 | +#include <asm/errno.h> | |
17151 | +#include <asm/mman.h> | |
17152 | +#include <net/sock.h> | |
17153 | +#include <linux/file.h> | |
17154 | +#include <linux/fs.h> | |
17155 | +#include <linux/net.h> | |
17156 | +#include <linux/in.h> | |
17157 | +#include <linux/smp_lock.h> | |
17158 | +#include <linux/slab.h> | |
17159 | +#include <linux/types.h> | |
17160 | +#include <linux/sched.h> | |
17161 | +#include <linux/timer.h> | |
17162 | +#include <linux/gracl.h> | |
17163 | +#include <linux/grsecurity.h> | |
17164 | +#include <linux/grinternal.h> | |
17165 | + | |
17166 | +static struct crash_uid *uid_set; | |
17167 | +static unsigned short uid_used; | |
17168 | +static spinlock_t gr_uid_lock = SPIN_LOCK_UNLOCKED; | |
17169 | +extern rwlock_t gr_inode_lock; | |
17170 | +extern struct acl_subject_label * | |
17171 | + lookup_acl_subj_label(const ino_t inode, const dev_t dev, | |
17172 | + struct acl_role_label *role); | |
17173 | +extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t); | |
17174 | + | |
17175 | +int | |
17176 | +gr_init_uidset(void) | |
17177 | +{ | |
17178 | + uid_set = | |
17179 | + kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL); | |
17180 | + uid_used = 0; | |
17181 | + | |
17182 | + return uid_set ? 1 : 0; | |
17183 | +} | |
17184 | + | |
17185 | +void | |
17186 | +gr_free_uidset(void) | |
17187 | +{ | |
17188 | + if (uid_set) | |
17189 | + kfree(uid_set); | |
17190 | + | |
17191 | + return; | |
17192 | +} | |
17193 | + | |
17194 | +int | |
17195 | +gr_find_uid(const uid_t uid) | |
17196 | +{ | |
17197 | + struct crash_uid *tmp = uid_set; | |
17198 | + uid_t buid; | |
17199 | + int low = 0, high = uid_used - 1, mid; | |
17200 | + | |
17201 | + while (high >= low) { | |
17202 | + mid = (low + high) >> 1; | |
17203 | + buid = tmp[mid].uid; | |
17204 | + if (buid == uid) | |
17205 | + return mid; | |
17206 | + if (buid > uid) | |
17207 | + high = mid - 1; | |
17208 | + if (buid < uid) | |
17209 | + low = mid + 1; | |
17210 | + } | |
17211 | + | |
17212 | + return -1; | |
17213 | +} | |
17214 | + | |
17215 | +static __inline__ void | |
17216 | +gr_insertsort(void) | |
17217 | +{ | |
17218 | + unsigned short i, j; | |
17219 | + struct crash_uid index; | |
17220 | + | |
17221 | + for (i = 1; i < uid_used; i++) { | |
17222 | + index = uid_set[i]; | |
17223 | + j = i; | |
17224 | + while ((j > 0) && uid_set[j - 1].uid > index.uid) { | |
17225 | + uid_set[j] = uid_set[j - 1]; | |
17226 | + j--; | |
17227 | + } | |
17228 | + uid_set[j] = index; | |
17229 | + } | |
17230 | + | |
17231 | + return; | |
17232 | +} | |
17233 | + | |
17234 | +static __inline__ void | |
17235 | +gr_insert_uid(const uid_t uid, const unsigned long expires) | |
17236 | +{ | |
17237 | + int loc; | |
17238 | + | |
17239 | + if (uid_used == GR_UIDTABLE_MAX) | |
17240 | + return; | |
17241 | + | |
17242 | + loc = gr_find_uid(uid); | |
17243 | + | |
17244 | + if (loc >= 0) { | |
17245 | + uid_set[loc].expires = expires; | |
17246 | + return; | |
17247 | + } | |
17248 | + | |
17249 | + uid_set[uid_used].uid = uid; | |
17250 | + uid_set[uid_used].expires = expires; | |
17251 | + uid_used++; | |
17252 | + | |
17253 | + gr_insertsort(); | |
17254 | + | |
17255 | + return; | |
17256 | +} | |
17257 | + | |
17258 | +void | |
17259 | +gr_remove_uid(const unsigned short loc) | |
17260 | +{ | |
17261 | + unsigned short i; | |
17262 | + | |
17263 | + for (i = loc + 1; i < uid_used; i++) | |
17264 | + uid_set[i - 1] = uid_set[i]; | |
17265 | + | |
17266 | + uid_used--; | |
17267 | + | |
17268 | + return; | |
17269 | +} | |
17270 | + | |
17271 | +int | |
17272 | +gr_check_crash_uid(const uid_t uid) | |
17273 | +{ | |
17274 | + int loc; | |
17275 | + int ret = 0; | |
17276 | + | |
17277 | + if (unlikely(!gr_acl_is_enabled())) | |
17278 | + return 0; | |
17279 | + | |
17280 | + spin_lock(&gr_uid_lock); | |
17281 | + loc = gr_find_uid(uid); | |
17282 | + | |
17283 | + if (loc < 0) | |
17284 | + goto out_unlock; | |
17285 | + | |
17286 | + if (time_before_eq(uid_set[loc].expires, get_seconds())) | |
17287 | + gr_remove_uid(loc); | |
17288 | + else | |
17289 | + ret = 1; | |
17290 | + | |
17291 | +out_unlock: | |
17292 | + spin_unlock(&gr_uid_lock); | |
17293 | + return ret; | |
17294 | +} | |
17295 | + | |
17296 | +static __inline__ int | |
17297 | +proc_is_setxid(const struct task_struct *task) | |
17298 | +{ | |
17299 | + if (task->uid != task->euid || task->uid != task->suid || | |
17300 | + task->uid != task->fsuid) | |
17301 | + return 1; | |
17302 | + if (task->gid != task->egid || task->gid != task->sgid || | |
17303 | + task->gid != task->fsgid) | |
17304 | + return 1; | |
17305 | + | |
17306 | + return 0; | |
17307 | +} | |
17308 | +static __inline__ int | |
17309 | +gr_fake_force_sig(int sig, struct task_struct *t) | |
17310 | +{ | |
17311 | + unsigned long int flags; | |
17312 | + int ret; | |
17313 | + | |
17314 | + spin_lock_irqsave(&t->sighand->siglock, flags); | |
17315 | + if (sigismember(&t->blocked, sig) || t->sighand->action[sig-1].sa.sa_handler == SIG_IGN) { | |
17316 | + t->sighand->action[sig-1].sa.sa_handler = SIG_DFL; | |
17317 | + sigdelset(&t->blocked, sig); | |
17318 | + recalc_sigpending_tsk(t); | |
17319 | + } | |
17320 | + ret = specific_send_sig_info(sig, (void*)1L, t); | |
17321 | + spin_unlock_irqrestore(&t->sighand->siglock, flags); | |
17322 | + | |
17323 | + return ret; | |
17324 | +} | |
17325 | + | |
17326 | +void | |
17327 | +gr_handle_crash(struct task_struct *task, const int sig) | |
17328 | +{ | |
17329 | + struct acl_subject_label *curr; | |
17330 | + struct acl_subject_label *curr2; | |
17331 | + struct task_struct *tsk, *tsk2; | |
17332 | + | |
17333 | + if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL) | |
17334 | + return; | |
17335 | + | |
17336 | + if (unlikely(!gr_acl_is_enabled())) | |
17337 | + return; | |
17338 | + | |
17339 | + curr = task->acl; | |
17340 | + | |
17341 | + if (!(curr->resmask & (1 << GR_CRASH_RES))) | |
17342 | + return; | |
17343 | + | |
17344 | + if (time_before_eq(curr->expires, get_seconds())) { | |
17345 | + curr->expires = 0; | |
17346 | + curr->crashes = 0; | |
17347 | + } | |
17348 | + | |
17349 | + curr->crashes++; | |
17350 | + | |
17351 | + if (!curr->expires) | |
17352 | + curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max; | |
17353 | + | |
17354 | + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) && | |
17355 | + time_after(curr->expires, get_seconds())) { | |
17356 | + if (task->uid && proc_is_setxid(task)) { | |
17357 | + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max); | |
17358 | + spin_lock(&gr_uid_lock); | |
17359 | + gr_insert_uid(task->uid, curr->expires); | |
17360 | + spin_unlock(&gr_uid_lock); | |
17361 | + curr->expires = 0; | |
17362 | + curr->crashes = 0; | |
17363 | + read_lock(&tasklist_lock); | |
17364 | + do_each_thread(tsk2, tsk) { | |
17365 | + if (tsk != task && tsk->uid == task->uid) | |
17366 | + gr_fake_force_sig(SIGKILL, tsk); | |
17367 | + } while_each_thread(tsk2, tsk); | |
17368 | + read_unlock(&tasklist_lock); | |
17369 | + } else { | |
17370 | + gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max); | |
17371 | + read_lock(&tasklist_lock); | |
17372 | + do_each_thread(tsk2, tsk) { | |
17373 | + if (likely(tsk != task)) { | |
17374 | + curr2 = tsk->acl; | |
17375 | + | |
17376 | + if (curr2->device == curr->device && | |
17377 | + curr2->inode == curr->inode) | |
17378 | + gr_fake_force_sig(SIGKILL, tsk); | |
17379 | + } | |
17380 | + } while_each_thread(tsk2, tsk); | |
17381 | + read_unlock(&tasklist_lock); | |
17382 | + } | |
17383 | + } | |
17384 | + | |
17385 | + return; | |
17386 | +} | |
17387 | + | |
17388 | +int | |
17389 | +gr_check_crash_exec(const struct file *filp) | |
17390 | +{ | |
17391 | + struct acl_subject_label *curr; | |
17392 | + | |
17393 | + if (unlikely(!gr_acl_is_enabled())) | |
17394 | + return 0; | |
17395 | + | |
17396 | + read_lock(&gr_inode_lock); | |
17397 | + curr = lookup_acl_subj_label(filp->f_dentry->d_inode->i_ino, | |
17398 | + filp->f_dentry->d_inode->i_sb->s_dev, | |
17399 | + current->role); | |
17400 | + read_unlock(&gr_inode_lock); | |
17401 | + | |
17402 | + if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) || | |
17403 | + (!curr->crashes && !curr->expires)) | |
17404 | + return 0; | |
17405 | + | |
17406 | + if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) && | |
17407 | + time_after(curr->expires, get_seconds())) | |
17408 | + return 1; | |
17409 | + else if (time_before_eq(curr->expires, get_seconds())) { | |
17410 | + curr->crashes = 0; | |
17411 | + curr->expires = 0; | |
17412 | + } | |
17413 | + | |
17414 | + return 0; | |
17415 | +} | |
17416 | + | |
17417 | +void | |
17418 | +gr_handle_alertkill(struct task_struct *task) | |
17419 | +{ | |
17420 | + struct acl_subject_label *curracl; | |
17421 | + __u32 curr_ip; | |
17422 | + struct task_struct *p, *p2; | |
17423 | + | |
17424 | + if (unlikely(!gr_acl_is_enabled())) | |
17425 | + return; | |
17426 | + | |
17427 | + curracl = task->acl; | |
17428 | + curr_ip = task->signal->curr_ip; | |
17429 | + | |
17430 | + if ((curracl->mode & GR_KILLIPPROC) && curr_ip) { | |
17431 | + read_lock(&tasklist_lock); | |
17432 | + do_each_thread(p2, p) { | |
17433 | + if (p->signal->curr_ip == curr_ip) | |
17434 | + gr_fake_force_sig(SIGKILL, p); | |
17435 | + } while_each_thread(p2, p); | |
17436 | + read_unlock(&tasklist_lock); | |
17437 | + } else if (curracl->mode & GR_KILLPROC) | |
17438 | + gr_fake_force_sig(SIGKILL, task); | |
17439 | + | |
17440 | + return; | |
17441 | +} | |
17442 | diff -urNp linux-2.6.19.1/grsecurity/gracl_shm.c linux-2.6.19.1/grsecurity/gracl_shm.c | |
17443 | --- linux-2.6.19.1/grsecurity/gracl_shm.c 1969-12-31 19:00:00.000000000 -0500 | |
17444 | +++ linux-2.6.19.1/grsecurity/gracl_shm.c 2006-12-03 15:16:32.000000000 -0500 | |
fbd7084a | 17445 | @@ -0,0 +1,34 @@ |
c3e8c1b5 | 17446 | +#include <linux/kernel.h> |
17447 | +#include <linux/mm.h> | |
17448 | +#include <linux/sched.h> | |
17449 | +#include <linux/file.h> | |
17450 | +#include <linux/ipc.h> | |
17451 | +#include <linux/gracl.h> | |
17452 | +#include <linux/grsecurity.h> | |
17453 | +#include <linux/grinternal.h> | |
fbd7084a | 17454 | +#include <linux/vs_pid.h> |
c3e8c1b5 | 17455 | + |
17456 | +int | |
17457 | +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
17458 | + const time_t shm_createtime, const uid_t cuid, const int shmid) | |
17459 | +{ | |
17460 | + struct task_struct *task; | |
17461 | + | |
17462 | + if (!gr_acl_is_enabled()) | |
17463 | + return 1; | |
17464 | + | |
17465 | + task = find_task_by_pid(shm_cprid); | |
17466 | + | |
17467 | + if (unlikely(!task)) | |
17468 | + task = find_task_by_pid(shm_lapid); | |
17469 | + | |
17470 | + if (unlikely(task && (time_before((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) || | |
17471 | + (task->pid == shm_lapid)) && | |
17472 | + (task->acl->mode & GR_PROTSHM) && | |
17473 | + (task->acl != current->acl))) { | |
17474 | + gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid); | |
17475 | + return 0; | |
17476 | + } | |
17477 | + | |
17478 | + return 1; | |
17479 | +} | |
17480 | diff -urNp linux-2.6.19.1/grsecurity/grsec_chdir.c linux-2.6.19.1/grsecurity/grsec_chdir.c | |
17481 | --- linux-2.6.19.1/grsecurity/grsec_chdir.c 1969-12-31 19:00:00.000000000 -0500 | |
17482 | +++ linux-2.6.19.1/grsecurity/grsec_chdir.c 2006-12-03 15:16:32.000000000 -0500 | |
17483 | @@ -0,0 +1,19 @@ | |
17484 | +#include <linux/kernel.h> | |
17485 | +#include <linux/sched.h> | |
17486 | +#include <linux/fs.h> | |
17487 | +#include <linux/file.h> | |
17488 | +#include <linux/grsecurity.h> | |
17489 | +#include <linux/grinternal.h> | |
17490 | + | |
17491 | +void | |
17492 | +gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt) | |
17493 | +{ | |
17494 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
17495 | + if ((grsec_enable_chdir && grsec_enable_group && | |
17496 | + in_group_p(grsec_audit_gid)) || (grsec_enable_chdir && | |
17497 | + !grsec_enable_group)) { | |
17498 | + gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt); | |
17499 | + } | |
17500 | +#endif | |
17501 | + return; | |
17502 | +} | |
17503 | diff -urNp linux-2.6.19.1/grsecurity/grsec_chroot.c linux-2.6.19.1/grsecurity/grsec_chroot.c | |
17504 | --- linux-2.6.19.1/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 | |
17505 | +++ linux-2.6.19.1/grsecurity/grsec_chroot.c 2006-12-03 15:16:32.000000000 -0500 | |
17506 | @@ -0,0 +1,332 @@ | |
17507 | +#include <linux/kernel.h> | |
17508 | +#include <linux/module.h> | |
17509 | +#include <linux/sched.h> | |
17510 | +#include <linux/file.h> | |
17511 | +#include <linux/fs.h> | |
17512 | +#include <linux/mount.h> | |
17513 | +#include <linux/types.h> | |
17514 | +#include <linux/grinternal.h> | |
17515 | + | |
17516 | +int | |
17517 | +gr_handle_chroot_unix(const pid_t pid) | |
17518 | +{ | |
17519 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
17520 | + struct pid *spid = NULL; | |
17521 | + | |
17522 | + if (unlikely(!grsec_enable_chroot_unix)) | |
17523 | + return 1; | |
17524 | + | |
17525 | + if (likely(!proc_is_chrooted(current))) | |
17526 | + return 1; | |
17527 | + | |
17528 | + read_lock(&tasklist_lock); | |
17529 | + | |
17530 | + spid = find_pid(pid); | |
17531 | + if (spid) { | |
17532 | + struct task_struct *p; | |
17533 | + p = pid_task(spid, PIDTYPE_PID); | |
17534 | + task_lock(p); | |
17535 | + if (unlikely(!have_same_root(current, p))) { | |
17536 | + task_unlock(p); | |
17537 | + read_unlock(&tasklist_lock); | |
17538 | + gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG); | |
17539 | + return 0; | |
17540 | + } | |
17541 | + task_unlock(p); | |
17542 | + } | |
17543 | + read_unlock(&tasklist_lock); | |
17544 | +#endif | |
17545 | + return 1; | |
17546 | +} | |
17547 | + | |
17548 | +int | |
17549 | +gr_handle_chroot_nice(void) | |
17550 | +{ | |
17551 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
17552 | + if (grsec_enable_chroot_nice && proc_is_chrooted(current)) { | |
17553 | + gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG); | |
17554 | + return -EPERM; | |
17555 | + } | |
17556 | +#endif | |
17557 | + return 0; | |
17558 | +} | |
17559 | + | |
17560 | +int | |
17561 | +gr_handle_chroot_setpriority(struct task_struct *p, const int niceval) | |
17562 | +{ | |
17563 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
17564 | + if (grsec_enable_chroot_nice && (niceval < task_nice(p)) | |
17565 | + && proc_is_chrooted(current)) { | |
17566 | + gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid); | |
17567 | + return -EACCES; | |
17568 | + } | |
17569 | +#endif | |
17570 | + return 0; | |
17571 | +} | |
17572 | + | |
17573 | +int | |
17574 | +gr_handle_chroot_rawio(const struct inode *inode) | |
17575 | +{ | |
17576 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
17577 | + if (grsec_enable_chroot_caps && proc_is_chrooted(current) && | |
17578 | + inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO)) | |
17579 | + return 1; | |
17580 | +#endif | |
17581 | + return 0; | |
17582 | +} | |
17583 | + | |
17584 | +int | |
17585 | +gr_pid_is_chrooted(struct task_struct *p) | |
17586 | +{ | |
17587 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
17588 | + if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || !p) | |
17589 | + return 0; | |
17590 | + | |
17591 | + task_lock(p); | |
17592 | + if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) || | |
17593 | + !have_same_root(current, p)) { | |
17594 | + task_unlock(p); | |
17595 | + return 1; | |
17596 | + } | |
17597 | + task_unlock(p); | |
17598 | +#endif | |
17599 | + return 0; | |
17600 | +} | |
17601 | + | |
17602 | +EXPORT_SYMBOL(gr_pid_is_chrooted); | |
17603 | + | |
17604 | +#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR) | |
17605 | +int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt) | |
17606 | +{ | |
17607 | + struct dentry *dentry = (struct dentry *)u_dentry; | |
17608 | + struct vfsmount *mnt = (struct vfsmount *)u_mnt; | |
17609 | + struct dentry *realroot; | |
17610 | + struct vfsmount *realrootmnt; | |
17611 | + struct dentry *currentroot; | |
17612 | + struct vfsmount *currentmnt; | |
17613 | + int ret = 1; | |
17614 | + | |
17615 | + read_lock(&child_reaper->fs->lock); | |
17616 | + realrootmnt = mntget(child_reaper->fs->rootmnt); | |
17617 | + realroot = dget(child_reaper->fs->root); | |
17618 | + read_unlock(&child_reaper->fs->lock); | |
17619 | + | |
17620 | + read_lock(¤t->fs->lock); | |
17621 | + currentmnt = mntget(current->fs->rootmnt); | |
17622 | + currentroot = dget(current->fs->root); | |
17623 | + read_unlock(¤t->fs->lock); | |
17624 | + | |
17625 | + spin_lock(&dcache_lock); | |
17626 | + for (;;) { | |
17627 | + if (unlikely((dentry == realroot && mnt == realrootmnt) | |
17628 | + || (dentry == currentroot && mnt == currentmnt))) | |
17629 | + break; | |
17630 | + if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) { | |
17631 | + if (mnt->mnt_parent == mnt) | |
17632 | + break; | |
17633 | + dentry = mnt->mnt_mountpoint; | |
17634 | + mnt = mnt->mnt_parent; | |
17635 | + continue; | |
17636 | + } | |
17637 | + dentry = dentry->d_parent; | |
17638 | + } | |
17639 | + spin_unlock(&dcache_lock); | |
17640 | + | |
17641 | + dput(currentroot); | |
17642 | + mntput(currentmnt); | |
17643 | + | |
17644 | + /* access is outside of chroot */ | |
17645 | + if (dentry == realroot && mnt == realrootmnt) | |
17646 | + ret = 0; | |
17647 | + | |
17648 | + dput(realroot); | |
17649 | + mntput(realrootmnt); | |
17650 | + return ret; | |
17651 | +} | |
17652 | +#endif | |
17653 | + | |
17654 | +int | |
17655 | +gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt) | |
17656 | +{ | |
17657 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
17658 | + if (!grsec_enable_chroot_fchdir) | |
17659 | + return 1; | |
17660 | + | |
17661 | + if (!proc_is_chrooted(current)) | |
17662 | + return 1; | |
17663 | + else if (!gr_is_outside_chroot(u_dentry, u_mnt)) { | |
17664 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt); | |
17665 | + return 0; | |
17666 | + } | |
17667 | +#endif | |
17668 | + return 1; | |
17669 | +} | |
17670 | + | |
17671 | +int | |
17672 | +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
17673 | + const time_t shm_createtime) | |
17674 | +{ | |
17675 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
17676 | + struct pid *pid = NULL; | |
17677 | + time_t starttime; | |
17678 | + | |
17679 | + if (unlikely(!grsec_enable_chroot_shmat)) | |
17680 | + return 1; | |
17681 | + | |
17682 | + if (likely(!proc_is_chrooted(current))) | |
17683 | + return 1; | |
17684 | + | |
17685 | + read_lock(&tasklist_lock); | |
17686 | + | |
17687 | + pid = find_pid(shm_cprid); | |
17688 | + if (pid) { | |
17689 | + struct task_struct *p; | |
17690 | + p = pid_task(pid, PIDTYPE_PID); | |
17691 | + task_lock(p); | |
17692 | + starttime = p->start_time.tv_sec; | |
17693 | + if (unlikely(!have_same_root(current, p) && | |
17694 | + time_before((unsigned long)starttime, (unsigned long)shm_createtime))) { | |
17695 | + task_unlock(p); | |
17696 | + read_unlock(&tasklist_lock); | |
17697 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); | |
17698 | + return 0; | |
17699 | + } | |
17700 | + task_unlock(p); | |
17701 | + } else { | |
17702 | + pid = find_pid(shm_lapid); | |
17703 | + if (pid) { | |
17704 | + struct task_struct *p; | |
17705 | + p = pid_task(pid, PIDTYPE_PID); | |
17706 | + task_lock(p); | |
17707 | + if (unlikely(!have_same_root(current, p))) { | |
17708 | + task_unlock(p); | |
17709 | + read_unlock(&tasklist_lock); | |
17710 | + gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); | |
17711 | + return 0; | |
17712 | + } | |
17713 | + task_unlock(p); | |
17714 | + } | |
17715 | + } | |
17716 | + | |
17717 | + read_unlock(&tasklist_lock); | |
17718 | +#endif | |
17719 | + return 1; | |
17720 | +} | |
17721 | + | |
17722 | +void | |
17723 | +gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt) | |
17724 | +{ | |
17725 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
17726 | + if (grsec_enable_chroot_execlog && proc_is_chrooted(current)) | |
17727 | + gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt); | |
17728 | +#endif | |
17729 | + return; | |
17730 | +} | |
17731 | + | |
17732 | +int | |
17733 | +gr_handle_chroot_mknod(const struct dentry *dentry, | |
17734 | + const struct vfsmount *mnt, const int mode) | |
17735 | +{ | |
17736 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
17737 | + if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) && | |
17738 | + proc_is_chrooted(current)) { | |
17739 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt); | |
17740 | + return -EPERM; | |
17741 | + } | |
17742 | +#endif | |
17743 | + return 0; | |
17744 | +} | |
17745 | + | |
17746 | +int | |
17747 | +gr_handle_chroot_mount(const struct dentry *dentry, | |
17748 | + const struct vfsmount *mnt, const char *dev_name) | |
17749 | +{ | |
17750 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
17751 | + if (grsec_enable_chroot_mount && proc_is_chrooted(current)) { | |
17752 | + gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt); | |
17753 | + return -EPERM; | |
17754 | + } | |
17755 | +#endif | |
17756 | + return 0; | |
17757 | +} | |
17758 | + | |
17759 | +int | |
17760 | +gr_handle_chroot_pivot(void) | |
17761 | +{ | |
17762 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
17763 | + if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) { | |
17764 | + gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG); | |
17765 | + return -EPERM; | |
17766 | + } | |
17767 | +#endif | |
17768 | + return 0; | |
17769 | +} | |
17770 | + | |
17771 | +int | |
17772 | +gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt) | |
17773 | +{ | |
17774 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
17775 | + if (grsec_enable_chroot_double && proc_is_chrooted(current) && | |
17776 | + !gr_is_outside_chroot(dentry, mnt)) { | |
17777 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt); | |
17778 | + return -EPERM; | |
17779 | + } | |
17780 | +#endif | |
17781 | + return 0; | |
17782 | +} | |
17783 | + | |
17784 | +void | |
17785 | +gr_handle_chroot_caps(struct task_struct *task) | |
17786 | +{ | |
17787 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
17788 | + if (grsec_enable_chroot_caps && proc_is_chrooted(task)) { | |
17789 | + task->cap_permitted = | |
17790 | + cap_drop(task->cap_permitted, GR_CHROOT_CAPS); | |
17791 | + task->cap_inheritable = | |
17792 | + cap_drop(task->cap_inheritable, GR_CHROOT_CAPS); | |
17793 | + task->cap_effective = | |
17794 | + cap_drop(task->cap_effective, GR_CHROOT_CAPS); | |
17795 | + } | |
17796 | +#endif | |
17797 | + return; | |
17798 | +} | |
17799 | + | |
17800 | +int | |
17801 | +gr_handle_chroot_sysctl(const int op) | |
17802 | +{ | |
17803 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
17804 | + if (grsec_enable_chroot_sysctl && proc_is_chrooted(current) | |
17805 | + && (op & 002)) | |
17806 | + return -EACCES; | |
17807 | +#endif | |
17808 | + return 0; | |
17809 | +} | |
17810 | + | |
17811 | +void | |
17812 | +gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt) | |
17813 | +{ | |
17814 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
17815 | + if (grsec_enable_chroot_chdir) | |
17816 | + set_fs_pwd(current->fs, mnt, dentry); | |
17817 | +#endif | |
17818 | + return; | |
17819 | +} | |
17820 | + | |
17821 | +int | |
17822 | +gr_handle_chroot_chmod(const struct dentry *dentry, | |
17823 | + const struct vfsmount *mnt, const int mode) | |
17824 | +{ | |
17825 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
17826 | + if (grsec_enable_chroot_chmod && | |
17827 | + ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) && | |
17828 | + proc_is_chrooted(current)) { | |
17829 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt); | |
17830 | + return -EPERM; | |
17831 | + } | |
17832 | +#endif | |
17833 | + return 0; | |
17834 | +} | |
17835 | + | |
17836 | +#ifdef CONFIG_SECURITY | |
17837 | +EXPORT_SYMBOL(gr_handle_chroot_caps); | |
17838 | +#endif | |
17839 | diff -urNp linux-2.6.19.1/grsecurity/grsec_disabled.c linux-2.6.19.1/grsecurity/grsec_disabled.c | |
17840 | --- linux-2.6.19.1/grsecurity/grsec_disabled.c 1969-12-31 19:00:00.000000000 -0500 | |
17841 | +++ linux-2.6.19.1/grsecurity/grsec_disabled.c 2006-12-03 16:58:13.000000000 -0500 | |
17842 | @@ -0,0 +1,417 @@ | |
17843 | +#include <linux/kernel.h> | |
17844 | +#include <linux/module.h> | |
17845 | +#include <linux/sched.h> | |
17846 | +#include <linux/file.h> | |
17847 | +#include <linux/fs.h> | |
17848 | +#include <linux/kdev_t.h> | |
17849 | +#include <linux/net.h> | |
17850 | +#include <linux/in.h> | |
17851 | +#include <linux/ip.h> | |
17852 | +#include <linux/skbuff.h> | |
17853 | +#include <linux/sysctl.h> | |
17854 | + | |
17855 | +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS | |
17856 | +void | |
17857 | +pax_set_initial_flags(struct linux_binprm *bprm) | |
17858 | +{ | |
17859 | + return; | |
17860 | +} | |
17861 | +#endif | |
17862 | + | |
17863 | +#ifdef CONFIG_SYSCTL | |
17864 | +__u32 | |
17865 | +gr_handle_sysctl(const struct ctl_table * table, __u32 mode) | |
17866 | +{ | |
17867 | + return mode; | |
17868 | +} | |
17869 | +#endif | |
17870 | + | |
17871 | +int | |
17872 | +gr_acl_is_enabled(void) | |
17873 | +{ | |
17874 | + return 0; | |
17875 | +} | |
17876 | + | |
17877 | +int | |
17878 | +gr_handle_rawio(const struct inode *inode) | |
17879 | +{ | |
17880 | + return 0; | |
17881 | +} | |
17882 | + | |
17883 | +void | |
17884 | +gr_acl_handle_psacct(struct task_struct *task, const long code) | |
17885 | +{ | |
17886 | + return; | |
17887 | +} | |
17888 | + | |
17889 | +int | |
17890 | +gr_handle_ptrace(struct task_struct *task, const long request) | |
17891 | +{ | |
17892 | + return 0; | |
17893 | +} | |
17894 | + | |
17895 | +int | |
17896 | +gr_handle_proc_ptrace(struct task_struct *task) | |
17897 | +{ | |
17898 | + return 0; | |
17899 | +} | |
17900 | + | |
17901 | +void | |
17902 | +gr_learn_resource(const struct task_struct *task, | |
17903 | + const int res, const unsigned long wanted, const int gt) | |
17904 | +{ | |
17905 | + return; | |
17906 | +} | |
17907 | + | |
17908 | +int | |
17909 | +gr_set_acls(const int type) | |
17910 | +{ | |
17911 | + return 0; | |
17912 | +} | |
17913 | + | |
17914 | +int | |
17915 | +gr_check_hidden_task(const struct task_struct *tsk) | |
17916 | +{ | |
17917 | + return 0; | |
17918 | +} | |
17919 | + | |
17920 | +int | |
17921 | +gr_check_protected_task(const struct task_struct *task) | |
17922 | +{ | |
17923 | + return 0; | |
17924 | +} | |
17925 | + | |
17926 | +void | |
17927 | +gr_copy_label(struct task_struct *tsk) | |
17928 | +{ | |
17929 | + return; | |
17930 | +} | |
17931 | + | |
17932 | +void | |
17933 | +gr_set_pax_flags(struct task_struct *task) | |
17934 | +{ | |
17935 | + return; | |
17936 | +} | |
17937 | + | |
17938 | +int | |
17939 | +gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt) | |
17940 | +{ | |
17941 | + return 0; | |
17942 | +} | |
17943 | + | |
17944 | +void | |
17945 | +gr_handle_delete(const ino_t ino, const dev_t dev) | |
17946 | +{ | |
17947 | + return; | |
17948 | +} | |
17949 | + | |
17950 | +void | |
17951 | +gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt) | |
17952 | +{ | |
17953 | + return; | |
17954 | +} | |
17955 | + | |
17956 | +void | |
17957 | +gr_handle_crash(struct task_struct *task, const int sig) | |
17958 | +{ | |
17959 | + return; | |
17960 | +} | |
17961 | + | |
17962 | +int | |
17963 | +gr_check_crash_exec(const struct file *filp) | |
17964 | +{ | |
17965 | + return 0; | |
17966 | +} | |
17967 | + | |
17968 | +int | |
17969 | +gr_check_crash_uid(const uid_t uid) | |
17970 | +{ | |
17971 | + return 0; | |
17972 | +} | |
17973 | + | |
17974 | +void | |
17975 | +gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
17976 | + struct dentry *old_dentry, | |
17977 | + struct dentry *new_dentry, | |
17978 | + struct vfsmount *mnt, const __u8 replace) | |
17979 | +{ | |
17980 | + return; | |
17981 | +} | |
17982 | + | |
17983 | +int | |
17984 | +gr_search_socket(const int family, const int type, const int protocol) | |
17985 | +{ | |
17986 | + return 1; | |
17987 | +} | |
17988 | + | |
17989 | +int | |
17990 | +gr_search_connectbind(const int mode, const struct socket *sock, | |
17991 | + const struct sockaddr_in *addr) | |
17992 | +{ | |
17993 | + return 1; | |
17994 | +} | |
17995 | + | |
17996 | +int | |
17997 | +gr_task_is_capable(struct task_struct *task, const int cap) | |
17998 | +{ | |
17999 | + return 1; | |
18000 | +} | |
18001 | + | |
18002 | +int | |
18003 | +gr_is_capable_nolog(const int cap) | |
18004 | +{ | |
18005 | + return 1; | |
18006 | +} | |
18007 | + | |
18008 | +void | |
18009 | +gr_handle_alertkill(struct task_struct *task) | |
18010 | +{ | |
18011 | + return; | |
18012 | +} | |
18013 | + | |
18014 | +__u32 | |
18015 | +gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt) | |
18016 | +{ | |
18017 | + return 1; | |
18018 | +} | |
18019 | + | |
18020 | +__u32 | |
18021 | +gr_acl_handle_hidden_file(const struct dentry * dentry, | |
18022 | + const struct vfsmount * mnt) | |
18023 | +{ | |
18024 | + return 1; | |
18025 | +} | |
18026 | + | |
18027 | +__u32 | |
18028 | +gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, | |
18029 | + const int fmode) | |
18030 | +{ | |
18031 | + return 1; | |
18032 | +} | |
18033 | + | |
18034 | +__u32 | |
18035 | +gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt) | |
18036 | +{ | |
18037 | + return 1; | |
18038 | +} | |
18039 | + | |
18040 | +__u32 | |
18041 | +gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt) | |
18042 | +{ | |
18043 | + return 1; | |
18044 | +} | |
18045 | + | |
18046 | +int | |
18047 | +gr_acl_handle_mmap(const struct file *file, const unsigned long prot, | |
18048 | + unsigned int *vm_flags) | |
18049 | +{ | |
18050 | + return 1; | |
18051 | +} | |
18052 | + | |
18053 | +__u32 | |
18054 | +gr_acl_handle_truncate(const struct dentry * dentry, | |
18055 | + const struct vfsmount * mnt) | |
18056 | +{ | |
18057 | + return 1; | |
18058 | +} | |
18059 | + | |
18060 | +__u32 | |
18061 | +gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt) | |
18062 | +{ | |
18063 | + return 1; | |
18064 | +} | |
18065 | + | |
18066 | +__u32 | |
18067 | +gr_acl_handle_access(const struct dentry * dentry, | |
18068 | + const struct vfsmount * mnt, const int fmode) | |
18069 | +{ | |
18070 | + return 1; | |
18071 | +} | |
18072 | + | |
18073 | +__u32 | |
18074 | +gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt, | |
18075 | + mode_t mode) | |
18076 | +{ | |
18077 | + return 1; | |
18078 | +} | |
18079 | + | |
18080 | +__u32 | |
18081 | +gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt, | |
18082 | + mode_t mode) | |
18083 | +{ | |
18084 | + return 1; | |
18085 | +} | |
18086 | + | |
18087 | +__u32 | |
18088 | +gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt) | |
18089 | +{ | |
18090 | + return 1; | |
18091 | +} | |
18092 | + | |
18093 | +void | |
18094 | +grsecurity_init(void) | |
18095 | +{ | |
18096 | + return; | |
18097 | +} | |
18098 | + | |
18099 | +__u32 | |
18100 | +gr_acl_handle_mknod(const struct dentry * new_dentry, | |
18101 | + const struct dentry * parent_dentry, | |
18102 | + const struct vfsmount * parent_mnt, | |
18103 | + const int mode) | |
18104 | +{ | |
18105 | + return 1; | |
18106 | +} | |
18107 | + | |
18108 | +__u32 | |
18109 | +gr_acl_handle_mkdir(const struct dentry * new_dentry, | |
18110 | + const struct dentry * parent_dentry, | |
18111 | + const struct vfsmount * parent_mnt) | |
18112 | +{ | |
18113 | + return 1; | |
18114 | +} | |
18115 | + | |
18116 | +__u32 | |
18117 | +gr_acl_handle_symlink(const struct dentry * new_dentry, | |
18118 | + const struct dentry * parent_dentry, | |
18119 | + const struct vfsmount * parent_mnt, const char *from) | |
18120 | +{ | |
18121 | + return 1; | |
18122 | +} | |
18123 | + | |
18124 | +__u32 | |
18125 | +gr_acl_handle_link(const struct dentry * new_dentry, | |
18126 | + const struct dentry * parent_dentry, | |
18127 | + const struct vfsmount * parent_mnt, | |
18128 | + const struct dentry * old_dentry, | |
18129 | + const struct vfsmount * old_mnt, const char *to) | |
18130 | +{ | |
18131 | + return 1; | |
18132 | +} | |
18133 | + | |
18134 | +int | |
18135 | +gr_acl_handle_rename(const struct dentry *new_dentry, | |
18136 | + const struct dentry *parent_dentry, | |
18137 | + const struct vfsmount *parent_mnt, | |
18138 | + const struct dentry *old_dentry, | |
18139 | + const struct inode *old_parent_inode, | |
18140 | + const struct vfsmount *old_mnt, const char *newname) | |
18141 | +{ | |
18142 | + return 0; | |
18143 | +} | |
18144 | + | |
18145 | +int | |
18146 | +gr_acl_handle_filldir(const struct file *file, const char *name, | |
18147 | + const int namelen, const ino_t ino) | |
18148 | +{ | |
18149 | + return 1; | |
18150 | +} | |
18151 | + | |
18152 | +int | |
18153 | +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
18154 | + const time_t shm_createtime, const uid_t cuid, const int shmid) | |
18155 | +{ | |
18156 | + return 1; | |
18157 | +} | |
18158 | + | |
18159 | +int | |
18160 | +gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr) | |
18161 | +{ | |
18162 | + return 1; | |
18163 | +} | |
18164 | + | |
18165 | +int | |
18166 | +gr_search_accept(const struct socket *sock) | |
18167 | +{ | |
18168 | + return 1; | |
18169 | +} | |
18170 | + | |
18171 | +int | |
18172 | +gr_search_listen(const struct socket *sock) | |
18173 | +{ | |
18174 | + return 1; | |
18175 | +} | |
18176 | + | |
18177 | +int | |
18178 | +gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr) | |
18179 | +{ | |
18180 | + return 1; | |
18181 | +} | |
18182 | + | |
18183 | +__u32 | |
18184 | +gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt) | |
18185 | +{ | |
18186 | + return 1; | |
18187 | +} | |
18188 | + | |
18189 | +__u32 | |
18190 | +gr_acl_handle_creat(const struct dentry * dentry, | |
18191 | + const struct dentry * p_dentry, | |
18192 | + const struct vfsmount * p_mnt, const int fmode, | |
18193 | + const int imode) | |
18194 | +{ | |
18195 | + return 1; | |
18196 | +} | |
18197 | + | |
18198 | +void | |
18199 | +gr_acl_handle_exit(void) | |
18200 | +{ | |
18201 | + return; | |
18202 | +} | |
18203 | + | |
18204 | +int | |
18205 | +gr_acl_handle_mprotect(const struct file *file, const unsigned long prot) | |
18206 | +{ | |
18207 | + return 1; | |
18208 | +} | |
18209 | + | |
18210 | +void | |
18211 | +gr_set_role_label(const uid_t uid, const gid_t gid) | |
18212 | +{ | |
18213 | + return; | |
18214 | +} | |
18215 | + | |
18216 | +int | |
18217 | +gr_acl_handle_procpidmem(const struct task_struct *task) | |
18218 | +{ | |
18219 | + return 0; | |
18220 | +} | |
18221 | + | |
18222 | +int | |
18223 | +gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb) | |
18224 | +{ | |
18225 | + return 1; | |
18226 | +} | |
18227 | + | |
18228 | +int | |
18229 | +gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr) | |
18230 | +{ | |
18231 | + return 1; | |
18232 | +} | |
18233 | + | |
18234 | +void | |
18235 | +gr_set_kernel_label(struct task_struct *task) | |
18236 | +{ | |
18237 | + return; | |
18238 | +} | |
18239 | + | |
18240 | +int | |
18241 | +gr_check_user_change(int real, int effective, int fs) | |
18242 | +{ | |
18243 | + return 0; | |
18244 | +} | |
18245 | + | |
18246 | +int | |
18247 | +gr_check_group_change(int real, int effective, int fs) | |
18248 | +{ | |
18249 | + return 0; | |
18250 | +} | |
18251 | + | |
18252 | + | |
18253 | +EXPORT_SYMBOL(gr_task_is_capable); | |
18254 | +EXPORT_SYMBOL(gr_learn_resource); | |
18255 | +EXPORT_SYMBOL(gr_set_kernel_label); | |
18256 | +#ifdef CONFIG_SECURITY | |
18257 | +EXPORT_SYMBOL(gr_check_user_change); | |
18258 | +EXPORT_SYMBOL(gr_check_group_change); | |
18259 | +#endif | |
18260 | diff -urNp linux-2.6.19.1/grsecurity/grsec_exec.c linux-2.6.19.1/grsecurity/grsec_exec.c | |
18261 | --- linux-2.6.19.1/grsecurity/grsec_exec.c 1969-12-31 19:00:00.000000000 -0500 | |
18262 | +++ linux-2.6.19.1/grsecurity/grsec_exec.c 2006-12-03 15:16:32.000000000 -0500 | |
18263 | @@ -0,0 +1,88 @@ | |
18264 | +#include <linux/kernel.h> | |
18265 | +#include <linux/sched.h> | |
18266 | +#include <linux/file.h> | |
18267 | +#include <linux/binfmts.h> | |
18268 | +#include <linux/smp_lock.h> | |
18269 | +#include <linux/fs.h> | |
18270 | +#include <linux/types.h> | |
18271 | +#include <linux/grdefs.h> | |
18272 | +#include <linux/grinternal.h> | |
18273 | +#include <linux/capability.h> | |
18274 | + | |
18275 | +#include <asm/uaccess.h> | |
18276 | + | |
18277 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
18278 | +static char gr_exec_arg_buf[132]; | |
18279 | +static DECLARE_MUTEX(gr_exec_arg_sem); | |
18280 | +#endif | |
18281 | + | |
18282 | +int | |
18283 | +gr_handle_nproc(void) | |
18284 | +{ | |
18285 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
18286 | + if (grsec_enable_execve && current->user && | |
18287 | + (atomic_read(¤t->user->processes) > | |
18288 | + current->signal->rlim[RLIMIT_NPROC].rlim_cur) && | |
18289 | + !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) { | |
18290 | + gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG); | |
18291 | + return -EAGAIN; | |
18292 | + } | |
18293 | +#endif | |
18294 | + return 0; | |
18295 | +} | |
18296 | + | |
18297 | +void | |
18298 | +gr_handle_exec_args(struct linux_binprm *bprm, const char __user *__user *argv) | |
18299 | +{ | |
18300 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
18301 | + char *grarg = gr_exec_arg_buf; | |
18302 | + unsigned int i, x, execlen = 0; | |
18303 | + char c; | |
18304 | + | |
18305 | + if (!((grsec_enable_execlog && grsec_enable_group && | |
18306 | + in_group_p(grsec_audit_gid)) | |
18307 | + || (grsec_enable_execlog && !grsec_enable_group))) | |
18308 | + return; | |
18309 | + | |
18310 | + down(&gr_exec_arg_sem); | |
18311 | + memset(grarg, 0, sizeof(gr_exec_arg_buf)); | |
18312 | + | |
18313 | + if (unlikely(argv == NULL)) | |
18314 | + goto log; | |
18315 | + | |
18316 | + for (i = 0; i < bprm->argc && execlen < 128; i++) { | |
18317 | + const char __user *p; | |
18318 | + unsigned int len; | |
18319 | + | |
18320 | + if (copy_from_user(&p, argv + i, sizeof(p))) | |
18321 | + goto log; | |
18322 | + if (!p) | |
18323 | + goto log; | |
18324 | + len = strnlen_user(p, 128 - execlen); | |
18325 | + if (len > 128 - execlen) | |
18326 | + len = 128 - execlen; | |
18327 | + else if (len > 0) | |
18328 | + len--; | |
18329 | + if (copy_from_user(grarg + execlen, p, len)) | |
18330 | + goto log; | |
18331 | + | |
18332 | + /* rewrite unprintable characters */ | |
18333 | + for (x = 0; x < len; x++) { | |
18334 | + c = *(grarg + execlen + x); | |
18335 | + if (c < 32 || c > 126) | |
18336 | + *(grarg + execlen + x) = ' '; | |
18337 | + } | |
18338 | + | |
18339 | + execlen += len; | |
18340 | + *(grarg + execlen) = ' '; | |
18341 | + *(grarg + execlen + 1) = '\0'; | |
18342 | + execlen++; | |
18343 | + } | |
18344 | + | |
18345 | + log: | |
18346 | + gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_dentry, | |
18347 | + bprm->file->f_vfsmnt, grarg); | |
18348 | + up(&gr_exec_arg_sem); | |
18349 | +#endif | |
18350 | + return; | |
18351 | +} | |
18352 | diff -urNp linux-2.6.19.1/grsecurity/grsec_fifo.c linux-2.6.19.1/grsecurity/grsec_fifo.c | |
18353 | --- linux-2.6.19.1/grsecurity/grsec_fifo.c 1969-12-31 19:00:00.000000000 -0500 | |
18354 | +++ linux-2.6.19.1/grsecurity/grsec_fifo.c 2006-12-03 15:16:32.000000000 -0500 | |
18355 | @@ -0,0 +1,22 @@ | |
18356 | +#include <linux/kernel.h> | |
18357 | +#include <linux/sched.h> | |
18358 | +#include <linux/fs.h> | |
18359 | +#include <linux/file.h> | |
18360 | +#include <linux/grinternal.h> | |
18361 | + | |
18362 | +int | |
18363 | +gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt, | |
18364 | + const struct dentry *dir, const int flag, const int acc_mode) | |
18365 | +{ | |
18366 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
18367 | + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) && | |
18368 | + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) && | |
18369 | + (dentry->d_inode->i_uid != dir->d_inode->i_uid) && | |
18370 | + (current->fsuid != dentry->d_inode->i_uid)) { | |
18371 | + if (!generic_permission(dentry->d_inode, acc_mode, NULL)) | |
18372 | + gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid); | |
18373 | + return -EACCES; | |
18374 | + } | |
18375 | +#endif | |
18376 | + return 0; | |
18377 | +} | |
18378 | diff -urNp linux-2.6.19.1/grsecurity/grsec_fork.c linux-2.6.19.1/grsecurity/grsec_fork.c | |
18379 | --- linux-2.6.19.1/grsecurity/grsec_fork.c 1969-12-31 19:00:00.000000000 -0500 | |
18380 | +++ linux-2.6.19.1/grsecurity/grsec_fork.c 2006-12-03 15:16:32.000000000 -0500 | |
18381 | @@ -0,0 +1,15 @@ | |
18382 | +#include <linux/kernel.h> | |
18383 | +#include <linux/sched.h> | |
18384 | +#include <linux/grsecurity.h> | |
18385 | +#include <linux/grinternal.h> | |
18386 | +#include <linux/errno.h> | |
18387 | + | |
18388 | +void | |
18389 | +gr_log_forkfail(const int retval) | |
18390 | +{ | |
18391 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
18392 | + if (grsec_enable_forkfail && retval != -ERESTARTNOINTR) | |
18393 | + gr_log_int(GR_DONT_AUDIT, GR_FAILFORK_MSG, retval); | |
18394 | +#endif | |
18395 | + return; | |
18396 | +} | |
18397 | diff -urNp linux-2.6.19.1/grsecurity/grsec_init.c linux-2.6.19.1/grsecurity/grsec_init.c | |
18398 | --- linux-2.6.19.1/grsecurity/grsec_init.c 1969-12-31 19:00:00.000000000 -0500 | |
18399 | +++ linux-2.6.19.1/grsecurity/grsec_init.c 2006-12-03 15:16:32.000000000 -0500 | |
18400 | @@ -0,0 +1,236 @@ | |
18401 | +#include <linux/kernel.h> | |
18402 | +#include <linux/sched.h> | |
18403 | +#include <linux/mm.h> | |
18404 | +#include <linux/smp_lock.h> | |
18405 | +#include <linux/gracl.h> | |
18406 | +#include <linux/slab.h> | |
18407 | +#include <linux/vmalloc.h> | |
18408 | +#include <linux/percpu.h> | |
18409 | + | |
18410 | +int grsec_enable_shm; | |
18411 | +int grsec_enable_link; | |
18412 | +int grsec_enable_dmesg; | |
18413 | +int grsec_enable_fifo; | |
18414 | +int grsec_enable_execve; | |
18415 | +int grsec_enable_execlog; | |
18416 | +int grsec_enable_signal; | |
18417 | +int grsec_enable_forkfail; | |
18418 | +int grsec_enable_time; | |
18419 | +int grsec_enable_audit_textrel; | |
18420 | +int grsec_enable_group; | |
18421 | +int grsec_audit_gid; | |
18422 | +int grsec_enable_chdir; | |
18423 | +int grsec_enable_audit_ipc; | |
18424 | +int grsec_enable_mount; | |
18425 | +int grsec_enable_chroot_findtask; | |
18426 | +int grsec_enable_chroot_mount; | |
18427 | +int grsec_enable_chroot_shmat; | |
18428 | +int grsec_enable_chroot_fchdir; | |
18429 | +int grsec_enable_chroot_double; | |
18430 | +int grsec_enable_chroot_pivot; | |
18431 | +int grsec_enable_chroot_chdir; | |
18432 | +int grsec_enable_chroot_chmod; | |
18433 | +int grsec_enable_chroot_mknod; | |
18434 | +int grsec_enable_chroot_nice; | |
18435 | +int grsec_enable_chroot_execlog; | |
18436 | +int grsec_enable_chroot_caps; | |
18437 | +int grsec_enable_chroot_sysctl; | |
18438 | +int grsec_enable_chroot_unix; | |
18439 | +int grsec_enable_tpe; | |
18440 | +int grsec_tpe_gid; | |
18441 | +int grsec_enable_tpe_all; | |
18442 | +int grsec_enable_randpid; | |
18443 | +int grsec_enable_socket_all; | |
18444 | +int grsec_socket_all_gid; | |
18445 | +int grsec_enable_socket_client; | |
18446 | +int grsec_socket_client_gid; | |
18447 | +int grsec_enable_socket_server; | |
18448 | +int grsec_socket_server_gid; | |
18449 | +int grsec_resource_logging; | |
18450 | +int grsec_lock; | |
18451 | + | |
18452 | +spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED; | |
18453 | +unsigned long grsec_alert_wtime = 0; | |
18454 | +unsigned long grsec_alert_fyet = 0; | |
18455 | + | |
18456 | +spinlock_t grsec_audit_lock = SPIN_LOCK_UNLOCKED; | |
18457 | + | |
18458 | +rwlock_t grsec_exec_file_lock = RW_LOCK_UNLOCKED; | |
18459 | + | |
18460 | +char *gr_shared_page[4]; | |
18461 | + | |
18462 | +char *gr_alert_log_fmt; | |
18463 | +char *gr_audit_log_fmt; | |
18464 | +char *gr_alert_log_buf; | |
18465 | +char *gr_audit_log_buf; | |
18466 | + | |
18467 | +extern struct gr_arg *gr_usermode; | |
18468 | +extern unsigned char *gr_system_salt; | |
18469 | +extern unsigned char *gr_system_sum; | |
18470 | + | |
18471 | +void | |
18472 | +grsecurity_init(void) | |
18473 | +{ | |
18474 | + int j; | |
18475 | + /* create the per-cpu shared pages */ | |
18476 | + | |
18477 | + preempt_disable(); | |
18478 | + for (j = 0; j < 4; j++) { | |
18479 | + gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE); | |
18480 | + if (gr_shared_page[j] == NULL) { | |
18481 | + panic("Unable to allocate grsecurity shared page"); | |
18482 | + return; | |
18483 | + } | |
18484 | + } | |
18485 | + preempt_enable(); | |
18486 | + | |
18487 | + /* allocate log buffers */ | |
18488 | + gr_alert_log_fmt = kmalloc(512, GFP_KERNEL); | |
18489 | + if (!gr_alert_log_fmt) { | |
18490 | + panic("Unable to allocate grsecurity alert log format buffer"); | |
18491 | + return; | |
18492 | + } | |
18493 | + gr_audit_log_fmt = kmalloc(512, GFP_KERNEL); | |
18494 | + if (!gr_audit_log_fmt) { | |
18495 | + panic("Unable to allocate grsecurity audit log format buffer"); | |
18496 | + return; | |
18497 | + } | |
18498 | + gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL); | |
18499 | + if (!gr_alert_log_buf) { | |
18500 | + panic("Unable to allocate grsecurity alert log buffer"); | |
18501 | + return; | |
18502 | + } | |
18503 | + gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL); | |
18504 | + if (!gr_audit_log_buf) { | |
18505 | + panic("Unable to allocate grsecurity audit log buffer"); | |
18506 | + return; | |
18507 | + } | |
18508 | + | |
18509 | + /* allocate memory for authentication structure */ | |
18510 | + gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL); | |
18511 | + gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL); | |
18512 | + gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL); | |
18513 | + | |
18514 | + if (!gr_usermode || !gr_system_salt || !gr_system_sum) { | |
18515 | + panic("Unable to allocate grsecurity authentication structure"); | |
18516 | + return; | |
18517 | + } | |
18518 | + | |
18519 | +#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON) | |
18520 | +#ifndef CONFIG_GRKERNSEC_SYSCTL | |
18521 | + grsec_lock = 1; | |
18522 | +#endif | |
18523 | +#ifdef CONFIG_GRKERNSEC_SHM | |
18524 | + grsec_enable_shm = 1; | |
18525 | +#endif | |
18526 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL | |
18527 | + grsec_enable_audit_textrel = 1; | |
18528 | +#endif | |
18529 | +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP | |
18530 | + grsec_enable_group = 1; | |
18531 | + grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID; | |
18532 | +#endif | |
18533 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
18534 | + grsec_enable_chdir = 1; | |
18535 | +#endif | |
18536 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
18537 | + grsec_enable_audit_ipc = 1; | |
18538 | +#endif | |
18539 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
18540 | + grsec_enable_mount = 1; | |
18541 | +#endif | |
18542 | +#ifdef CONFIG_GRKERNSEC_LINK | |
18543 | + grsec_enable_link = 1; | |
18544 | +#endif | |
18545 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
18546 | + grsec_enable_dmesg = 1; | |
18547 | +#endif | |
18548 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
18549 | + grsec_enable_fifo = 1; | |
18550 | +#endif | |
18551 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
18552 | + grsec_enable_execve = 1; | |
18553 | +#endif | |
18554 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
18555 | + grsec_enable_execlog = 1; | |
18556 | +#endif | |
18557 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
18558 | + grsec_enable_signal = 1; | |
18559 | +#endif | |
18560 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
18561 | + grsec_enable_forkfail = 1; | |
18562 | +#endif | |
18563 | +#ifdef CONFIG_GRKERNSEC_TIME | |
18564 | + grsec_enable_time = 1; | |
18565 | +#endif | |
18566 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
18567 | + grsec_resource_logging = 1; | |
18568 | +#endif | |
18569 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
18570 | + grsec_enable_chroot_findtask = 1; | |
18571 | +#endif | |
18572 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
18573 | + grsec_enable_chroot_unix = 1; | |
18574 | +#endif | |
18575 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
18576 | + grsec_enable_chroot_mount = 1; | |
18577 | +#endif | |
18578 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
18579 | + grsec_enable_chroot_fchdir = 1; | |
18580 | +#endif | |
18581 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
18582 | + grsec_enable_chroot_shmat = 1; | |
18583 | +#endif | |
18584 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
18585 | + grsec_enable_chroot_double = 1; | |
18586 | +#endif | |
18587 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
18588 | + grsec_enable_chroot_pivot = 1; | |
18589 | +#endif | |
18590 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
18591 | + grsec_enable_chroot_chdir = 1; | |
18592 | +#endif | |
18593 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
18594 | + grsec_enable_chroot_chmod = 1; | |
18595 | +#endif | |
18596 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
18597 | + grsec_enable_chroot_mknod = 1; | |
18598 | +#endif | |
18599 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
18600 | + grsec_enable_chroot_nice = 1; | |
18601 | +#endif | |
18602 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
18603 | + grsec_enable_chroot_execlog = 1; | |
18604 | +#endif | |
18605 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
18606 | + grsec_enable_chroot_caps = 1; | |
18607 | +#endif | |
18608 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
18609 | + grsec_enable_chroot_sysctl = 1; | |
18610 | +#endif | |
18611 | +#ifdef CONFIG_GRKERNSEC_TPE | |
18612 | + grsec_enable_tpe = 1; | |
18613 | + grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID; | |
18614 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
18615 | + grsec_enable_tpe_all = 1; | |
18616 | +#endif | |
18617 | +#endif | |
18618 | +#ifdef CONFIG_GRKERNSEC_RANDPID | |
18619 | + grsec_enable_randpid = 1; | |
18620 | +#endif | |
18621 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
18622 | + grsec_enable_socket_all = 1; | |
18623 | + grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID; | |
18624 | +#endif | |
18625 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
18626 | + grsec_enable_socket_client = 1; | |
18627 | + grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID; | |
18628 | +#endif | |
18629 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
18630 | + grsec_enable_socket_server = 1; | |
18631 | + grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID; | |
18632 | +#endif | |
18633 | +#endif | |
18634 | + | |
18635 | + return; | |
18636 | +} | |
18637 | diff -urNp linux-2.6.19.1/grsecurity/grsec_ipc.c linux-2.6.19.1/grsecurity/grsec_ipc.c | |
18638 | --- linux-2.6.19.1/grsecurity/grsec_ipc.c 1969-12-31 19:00:00.000000000 -0500 | |
18639 | +++ linux-2.6.19.1/grsecurity/grsec_ipc.c 2006-12-03 15:16:32.000000000 -0500 | |
18640 | @@ -0,0 +1,81 @@ | |
18641 | +#include <linux/kernel.h> | |
18642 | +#include <linux/sched.h> | |
18643 | +#include <linux/types.h> | |
18644 | +#include <linux/ipc.h> | |
18645 | +#include <linux/grsecurity.h> | |
18646 | +#include <linux/grinternal.h> | |
18647 | + | |
18648 | +void | |
18649 | +gr_log_msgget(const int ret, const int msgflg) | |
18650 | +{ | |
18651 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
18652 | + if (((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
18653 | + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc && | |
18654 | + !grsec_enable_group)) && (ret >= 0) | |
18655 | + && (msgflg & IPC_CREAT)) | |
18656 | + gr_log_noargs(GR_DO_AUDIT, GR_MSGQ_AUDIT_MSG); | |
18657 | +#endif | |
18658 | + return; | |
18659 | +} | |
18660 | + | |
18661 | +void | |
18662 | +gr_log_msgrm(const uid_t uid, const uid_t cuid) | |
18663 | +{ | |
18664 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
18665 | + if ((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
18666 | + grsec_enable_audit_ipc) || | |
18667 | + (grsec_enable_audit_ipc && !grsec_enable_group)) | |
18668 | + gr_log_int_int(GR_DO_AUDIT, GR_MSGQR_AUDIT_MSG, uid, cuid); | |
18669 | +#endif | |
18670 | + return; | |
18671 | +} | |
18672 | + | |
18673 | +void | |
18674 | +gr_log_semget(const int err, const int semflg) | |
18675 | +{ | |
18676 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
18677 | + if (((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
18678 | + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc && | |
18679 | + !grsec_enable_group)) && (err >= 0) | |
18680 | + && (semflg & IPC_CREAT)) | |
18681 | + gr_log_noargs(GR_DO_AUDIT, GR_SEM_AUDIT_MSG); | |
18682 | +#endif | |
18683 | + return; | |
18684 | +} | |
18685 | + | |
18686 | +void | |
18687 | +gr_log_semrm(const uid_t uid, const uid_t cuid) | |
18688 | +{ | |
18689 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
18690 | + if ((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
18691 | + grsec_enable_audit_ipc) || | |
18692 | + (grsec_enable_audit_ipc && !grsec_enable_group)) | |
18693 | + gr_log_int_int(GR_DO_AUDIT, GR_SEMR_AUDIT_MSG, uid, cuid); | |
18694 | +#endif | |
18695 | + return; | |
18696 | +} | |
18697 | + | |
18698 | +void | |
18699 | +gr_log_shmget(const int err, const int shmflg, const size_t size) | |
18700 | +{ | |
18701 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
18702 | + if (((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
18703 | + grsec_enable_audit_ipc) || (grsec_enable_audit_ipc && | |
18704 | + !grsec_enable_group)) && (err >= 0) | |
18705 | + && (shmflg & IPC_CREAT)) | |
18706 | + gr_log_int(GR_DO_AUDIT, GR_SHM_AUDIT_MSG, size); | |
18707 | +#endif | |
18708 | + return; | |
18709 | +} | |
18710 | + | |
18711 | +void | |
18712 | +gr_log_shmrm(const uid_t uid, const uid_t cuid) | |
18713 | +{ | |
18714 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
18715 | + if ((grsec_enable_group && in_group_p(grsec_audit_gid) && | |
18716 | + grsec_enable_audit_ipc) || | |
18717 | + (grsec_enable_audit_ipc && !grsec_enable_group)) | |
18718 | + gr_log_int_int(GR_DO_AUDIT, GR_SHMR_AUDIT_MSG, uid, cuid); | |
18719 | +#endif | |
18720 | + return; | |
18721 | +} | |
18722 | diff -urNp linux-2.6.19.1/grsecurity/grsec_link.c linux-2.6.19.1/grsecurity/grsec_link.c | |
18723 | --- linux-2.6.19.1/grsecurity/grsec_link.c 1969-12-31 19:00:00.000000000 -0500 | |
18724 | +++ linux-2.6.19.1/grsecurity/grsec_link.c 2006-12-03 15:16:32.000000000 -0500 | |
18725 | @@ -0,0 +1,39 @@ | |
18726 | +#include <linux/kernel.h> | |
18727 | +#include <linux/sched.h> | |
18728 | +#include <linux/fs.h> | |
18729 | +#include <linux/file.h> | |
18730 | +#include <linux/grinternal.h> | |
18731 | + | |
18732 | +int | |
18733 | +gr_handle_follow_link(const struct inode *parent, | |
18734 | + const struct inode *inode, | |
18735 | + const struct dentry *dentry, const struct vfsmount *mnt) | |
18736 | +{ | |
18737 | +#ifdef CONFIG_GRKERNSEC_LINK | |
18738 | + if (grsec_enable_link && S_ISLNK(inode->i_mode) && | |
18739 | + (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) && | |
18740 | + (parent->i_mode & S_IWOTH) && (current->fsuid != inode->i_uid)) { | |
18741 | + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid); | |
18742 | + return -EACCES; | |
18743 | + } | |
18744 | +#endif | |
18745 | + return 0; | |
18746 | +} | |
18747 | + | |
18748 | +int | |
18749 | +gr_handle_hardlink(const struct dentry *dentry, | |
18750 | + const struct vfsmount *mnt, | |
18751 | + struct inode *inode, const int mode, const char *to) | |
18752 | +{ | |
18753 | +#ifdef CONFIG_GRKERNSEC_LINK | |
18754 | + if (grsec_enable_link && current->fsuid != inode->i_uid && | |
18755 | + (!S_ISREG(mode) || (mode & S_ISUID) || | |
18756 | + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) || | |
18757 | + (generic_permission(inode, MAY_READ | MAY_WRITE, NULL))) && | |
18758 | + !capable(CAP_FOWNER) && current->uid) { | |
18759 | + gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to); | |
18760 | + return -EPERM; | |
18761 | + } | |
18762 | +#endif | |
18763 | + return 0; | |
18764 | +} | |
18765 | diff -urNp linux-2.6.19.1/grsecurity/grsec_log.c linux-2.6.19.1/grsecurity/grsec_log.c | |
18766 | --- linux-2.6.19.1/grsecurity/grsec_log.c 1969-12-31 19:00:00.000000000 -0500 | |
18767 | +++ linux-2.6.19.1/grsecurity/grsec_log.c 2006-12-03 15:16:32.000000000 -0500 | |
18768 | @@ -0,0 +1,265 @@ | |
18769 | +#include <linux/kernel.h> | |
18770 | +#include <linux/sched.h> | |
18771 | +#include <linux/file.h> | |
18772 | +#include <linux/tty.h> | |
18773 | +#include <linux/fs.h> | |
18774 | +#include <linux/grinternal.h> | |
18775 | + | |
18776 | +#define BEGIN_LOCKS(x) \ | |
18777 | + read_lock(&tasklist_lock); \ | |
18778 | + read_lock(&grsec_exec_file_lock); \ | |
18779 | + if (x != GR_DO_AUDIT) \ | |
18780 | + spin_lock(&grsec_alert_lock); \ | |
18781 | + else \ | |
18782 | + spin_lock(&grsec_audit_lock) | |
18783 | + | |
18784 | +#define END_LOCKS(x) \ | |
18785 | + if (x != GR_DO_AUDIT) \ | |
18786 | + spin_unlock(&grsec_alert_lock); \ | |
18787 | + else \ | |
18788 | + spin_unlock(&grsec_audit_lock); \ | |
18789 | + read_unlock(&grsec_exec_file_lock); \ | |
18790 | + read_unlock(&tasklist_lock); \ | |
18791 | + if (x == GR_DONT_AUDIT) \ | |
18792 | + gr_handle_alertkill(current) | |
18793 | + | |
18794 | +enum { | |
18795 | + FLOODING, | |
18796 | + NO_FLOODING | |
18797 | +}; | |
18798 | + | |
18799 | +extern char *gr_alert_log_fmt; | |
18800 | +extern char *gr_audit_log_fmt; | |
18801 | +extern char *gr_alert_log_buf; | |
18802 | +extern char *gr_audit_log_buf; | |
18803 | + | |
18804 | +static int gr_log_start(int audit) | |
18805 | +{ | |
18806 | + char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT; | |
18807 | + char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt; | |
18808 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
18809 | + | |
18810 | + if (audit == GR_DO_AUDIT) | |
18811 | + goto set_fmt; | |
18812 | + | |
18813 | + if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) { | |
18814 | + grsec_alert_wtime = jiffies; | |
18815 | + grsec_alert_fyet = 0; | |
18816 | + } else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) { | |
18817 | + grsec_alert_fyet++; | |
18818 | + } else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) { | |
18819 | + grsec_alert_wtime = jiffies; | |
18820 | + grsec_alert_fyet++; | |
18821 | + printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME); | |
18822 | + return FLOODING; | |
18823 | + } else return FLOODING; | |
18824 | + | |
18825 | +set_fmt: | |
18826 | + memset(buf, 0, PAGE_SIZE); | |
18827 | + if (current->signal->curr_ip && gr_acl_is_enabled()) { | |
18828 | + sprintf(fmt, "%s%s", loglevel, "grsec: From %u.%u.%u.%u: (%.64s:%c:%.950s) "); | |
18829 | + snprintf(buf, PAGE_SIZE - 1, fmt, NIPQUAD(current->signal->curr_ip), current->role->rolename, gr_roletype_to_char(), current->acl->filename); | |
18830 | + } else if (current->signal->curr_ip) { | |
18831 | + sprintf(fmt, "%s%s", loglevel, "grsec: From %u.%u.%u.%u: "); | |
18832 | + snprintf(buf, PAGE_SIZE - 1, fmt, NIPQUAD(current->signal->curr_ip)); | |
18833 | + } else if (gr_acl_is_enabled()) { | |
18834 | + sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) "); | |
18835 | + snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename); | |
18836 | + } else { | |
18837 | + sprintf(fmt, "%s%s", loglevel, "grsec: "); | |
18838 | + strcpy(buf, fmt); | |
18839 | + } | |
18840 | + | |
18841 | + return NO_FLOODING; | |
18842 | +} | |
18843 | + | |
18844 | +static void gr_log_middle(int audit, const char *msg, va_list ap) | |
18845 | +{ | |
18846 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
18847 | + unsigned int len = strlen(buf); | |
18848 | + | |
18849 | + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap); | |
18850 | + | |
18851 | + return; | |
18852 | +} | |
18853 | + | |
18854 | +static void gr_log_middle_varargs(int audit, const char *msg, ...) | |
18855 | +{ | |
18856 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
18857 | + unsigned int len = strlen(buf); | |
18858 | + va_list ap; | |
18859 | + | |
18860 | + va_start(ap, msg); | |
18861 | + vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap); | |
18862 | + va_end(ap); | |
18863 | + | |
18864 | + return; | |
18865 | +} | |
18866 | + | |
18867 | +static void gr_log_end(int audit) | |
18868 | +{ | |
18869 | + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; | |
18870 | + unsigned int len = strlen(buf); | |
18871 | + | |
18872 | + snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current)); | |
18873 | + printk("%s\n", buf); | |
18874 | + | |
18875 | + return; | |
18876 | +} | |
18877 | + | |
18878 | +void gr_log_varargs(int audit, const char *msg, int argtypes, ...) | |
18879 | +{ | |
18880 | + int logtype; | |
18881 | + char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied"; | |
18882 | + char *str1, *str2, *str3; | |
18883 | + int num1, num2; | |
18884 | + unsigned long ulong1, ulong2; | |
18885 | + struct dentry *dentry; | |
18886 | + struct vfsmount *mnt; | |
18887 | + struct file *file; | |
18888 | + struct task_struct *task; | |
18889 | + va_list ap; | |
18890 | + | |
18891 | + BEGIN_LOCKS(audit); | |
18892 | + logtype = gr_log_start(audit); | |
18893 | + if (logtype == FLOODING) { | |
18894 | + END_LOCKS(audit); | |
18895 | + return; | |
18896 | + } | |
18897 | + va_start(ap, argtypes); | |
18898 | + switch (argtypes) { | |
18899 | + case GR_TTYSNIFF: | |
18900 | + task = va_arg(ap, struct task_struct *); | |
18901 | + gr_log_middle_varargs(audit, msg, NIPQUAD(task->signal->curr_ip), gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid); | |
18902 | + break; | |
18903 | + case GR_RBAC: | |
18904 | + dentry = va_arg(ap, struct dentry *); | |
18905 | + mnt = va_arg(ap, struct vfsmount *); | |
18906 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt)); | |
18907 | + break; | |
18908 | + case GR_RBAC_STR: | |
18909 | + dentry = va_arg(ap, struct dentry *); | |
18910 | + mnt = va_arg(ap, struct vfsmount *); | |
18911 | + str1 = va_arg(ap, char *); | |
18912 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1); | |
18913 | + break; | |
18914 | + case GR_STR_RBAC: | |
18915 | + str1 = va_arg(ap, char *); | |
18916 | + dentry = va_arg(ap, struct dentry *); | |
18917 | + mnt = va_arg(ap, struct vfsmount *); | |
18918 | + gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt)); | |
18919 | + break; | |
18920 | + case GR_RBAC_MODE2: | |
18921 | + dentry = va_arg(ap, struct dentry *); | |
18922 | + mnt = va_arg(ap, struct vfsmount *); | |
18923 | + str1 = va_arg(ap, char *); | |
18924 | + str2 = va_arg(ap, char *); | |
18925 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2); | |
18926 | + break; | |
18927 | + case GR_RBAC_MODE3: | |
18928 | + dentry = va_arg(ap, struct dentry *); | |
18929 | + mnt = va_arg(ap, struct vfsmount *); | |
18930 | + str1 = va_arg(ap, char *); | |
18931 | + str2 = va_arg(ap, char *); | |
18932 | + str3 = va_arg(ap, char *); | |
18933 | + gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3); | |
18934 | + break; | |
18935 | + case GR_FILENAME: | |
18936 | + dentry = va_arg(ap, struct dentry *); | |
18937 | + mnt = va_arg(ap, struct vfsmount *); | |
18938 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt)); | |
18939 | + break; | |
18940 | + case GR_STR_FILENAME: | |
18941 | + str1 = va_arg(ap, char *); | |
18942 | + dentry = va_arg(ap, struct dentry *); | |
18943 | + mnt = va_arg(ap, struct vfsmount *); | |
18944 | + gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt)); | |
18945 | + break; | |
18946 | + case GR_FILENAME_STR: | |
18947 | + dentry = va_arg(ap, struct dentry *); | |
18948 | + mnt = va_arg(ap, struct vfsmount *); | |
18949 | + str1 = va_arg(ap, char *); | |
18950 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1); | |
18951 | + break; | |
18952 | + case GR_FILENAME_TWO_INT: | |
18953 | + dentry = va_arg(ap, struct dentry *); | |
18954 | + mnt = va_arg(ap, struct vfsmount *); | |
18955 | + num1 = va_arg(ap, int); | |
18956 | + num2 = va_arg(ap, int); | |
18957 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2); | |
18958 | + break; | |
18959 | + case GR_FILENAME_TWO_INT_STR: | |
18960 | + dentry = va_arg(ap, struct dentry *); | |
18961 | + mnt = va_arg(ap, struct vfsmount *); | |
18962 | + num1 = va_arg(ap, int); | |
18963 | + num2 = va_arg(ap, int); | |
18964 | + str1 = va_arg(ap, char *); | |
18965 | + gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1); | |
18966 | + break; | |
18967 | + case GR_TEXTREL: | |
18968 | + file = va_arg(ap, struct file *); | |
18969 | + ulong1 = va_arg(ap, unsigned long); | |
18970 | + ulong2 = va_arg(ap, unsigned long); | |
18971 | + gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_dentry, file->f_vfsmnt) : "<anonymous mapping>", ulong1, ulong2); | |
18972 | + break; | |
18973 | + case GR_PTRACE: | |
18974 | + task = va_arg(ap, struct task_struct *); | |
18975 | + gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_dentry, task->exec_file->f_vfsmnt) : "(none)", task->comm, task->pid); | |
18976 | + break; | |
18977 | + case GR_RESOURCE: | |
18978 | + task = va_arg(ap, struct task_struct *); | |
18979 | + ulong1 = va_arg(ap, unsigned long); | |
18980 | + str1 = va_arg(ap, char *); | |
18981 | + ulong2 = va_arg(ap, unsigned long); | |
18982 | + gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); | |
18983 | + break; | |
18984 | + case GR_CAP: | |
18985 | + task = va_arg(ap, struct task_struct *); | |
18986 | + str1 = va_arg(ap, char *); | |
18987 | + gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); | |
18988 | + break; | |
18989 | + case GR_SIG: | |
18990 | + task = va_arg(ap, struct task_struct *); | |
18991 | + num1 = va_arg(ap, int); | |
18992 | + gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); | |
18993 | + break; | |
18994 | + case GR_CRASH1: | |
18995 | + task = va_arg(ap, struct task_struct *); | |
18996 | + ulong1 = va_arg(ap, unsigned long); | |
18997 | + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid, task->uid, ulong1); | |
18998 | + break; | |
18999 | + case GR_CRASH2: | |
19000 | + task = va_arg(ap, struct task_struct *); | |
19001 | + ulong1 = va_arg(ap, unsigned long); | |
19002 | + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid, ulong1); | |
19003 | + break; | |
19004 | + case GR_PSACCT: | |
19005 | + { | |
19006 | + unsigned int wday, cday; | |
19007 | + __u8 whr, chr; | |
19008 | + __u8 wmin, cmin; | |
19009 | + __u8 wsec, csec; | |
19010 | + char cur_tty[64] = { 0 }; | |
19011 | + char parent_tty[64] = { 0 }; | |
19012 | + | |
19013 | + task = va_arg(ap, struct task_struct *); | |
19014 | + wday = va_arg(ap, unsigned int); | |
19015 | + cday = va_arg(ap, unsigned int); | |
19016 | + whr = va_arg(ap, int); | |
19017 | + chr = va_arg(ap, int); | |
19018 | + wmin = va_arg(ap, int); | |
19019 | + cmin = va_arg(ap, int); | |
19020 | + wsec = va_arg(ap, int); | |
19021 | + csec = va_arg(ap, int); | |
19022 | + ulong1 = va_arg(ap, unsigned long); | |
19023 | + | |
19024 | + gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, NIPQUAD(task->signal->curr_ip), tty_name(task->signal->tty, cur_tty), task->uid, task->euid, task->gid, task->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, NIPQUAD(task->parent->signal->curr_ip), tty_name(task->parent->signal->tty, parent_tty), task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); | |
19025 | + } | |
19026 | + break; | |
19027 | + default: | |
19028 | + gr_log_middle(audit, msg, ap); | |
19029 | + } | |
19030 | + va_end(ap); | |
19031 | + gr_log_end(audit); | |
19032 | + END_LOCKS(audit); | |
19033 | +} | |
19034 | diff -urNp linux-2.6.19.1/grsecurity/grsec_mem.c linux-2.6.19.1/grsecurity/grsec_mem.c | |
19035 | --- linux-2.6.19.1/grsecurity/grsec_mem.c 1969-12-31 19:00:00.000000000 -0500 | |
19036 | +++ linux-2.6.19.1/grsecurity/grsec_mem.c 2006-12-03 15:16:32.000000000 -0500 | |
19037 | @@ -0,0 +1,71 @@ | |
19038 | +#include <linux/kernel.h> | |
19039 | +#include <linux/sched.h> | |
19040 | +#include <linux/mm.h> | |
19041 | +#include <linux/mman.h> | |
19042 | +#include <linux/grinternal.h> | |
19043 | + | |
19044 | +void | |
19045 | +gr_handle_ioperm(void) | |
19046 | +{ | |
19047 | + gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG); | |
19048 | + return; | |
19049 | +} | |
19050 | + | |
19051 | +void | |
19052 | +gr_handle_iopl(void) | |
19053 | +{ | |
19054 | + gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG); | |
19055 | + return; | |
19056 | +} | |
19057 | + | |
19058 | +void | |
19059 | +gr_handle_mem_write(void) | |
19060 | +{ | |
19061 | + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG); | |
19062 | + return; | |
19063 | +} | |
19064 | + | |
19065 | +void | |
19066 | +gr_handle_kmem_write(void) | |
19067 | +{ | |
19068 | + gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG); | |
19069 | + return; | |
19070 | +} | |
19071 | + | |
19072 | +void | |
19073 | +gr_handle_open_port(void) | |
19074 | +{ | |
19075 | + gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG); | |
19076 | + return; | |
19077 | +} | |
19078 | + | |
19079 | +int | |
19080 | +gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma) | |
19081 | +{ | |
19082 | + unsigned long start, end; | |
19083 | + | |
19084 | + start = offset; | |
19085 | + end = start + vma->vm_end - vma->vm_start; | |
19086 | + | |
19087 | + if (start > end) { | |
19088 | + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG); | |
19089 | + return -EPERM; | |
19090 | + } | |
19091 | + | |
19092 | + /* allowed ranges : ISA I/O BIOS */ | |
19093 | + if ((start >= __pa(high_memory)) | |
19094 | +#ifdef CONFIG_X86 | |
19095 | + || (start >= 0x000a0000 && end <= 0x00100000) | |
19096 | + || (start >= 0x00000000 && end <= 0x00001000) | |
19097 | +#endif | |
19098 | + ) | |
19099 | + return 0; | |
19100 | + | |
19101 | + if (vma->vm_flags & VM_WRITE) { | |
19102 | + gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG); | |
19103 | + return -EPERM; | |
19104 | + } else | |
19105 | + vma->vm_flags &= ~VM_MAYWRITE; | |
19106 | + | |
19107 | + return 0; | |
19108 | +} | |
19109 | diff -urNp linux-2.6.19.1/grsecurity/grsec_mount.c linux-2.6.19.1/grsecurity/grsec_mount.c | |
19110 | --- linux-2.6.19.1/grsecurity/grsec_mount.c 1969-12-31 19:00:00.000000000 -0500 | |
19111 | +++ linux-2.6.19.1/grsecurity/grsec_mount.c 2006-12-03 15:16:32.000000000 -0500 | |
19112 | @@ -0,0 +1,34 @@ | |
19113 | +#include <linux/kernel.h> | |
19114 | +#include <linux/sched.h> | |
19115 | +#include <linux/grsecurity.h> | |
19116 | +#include <linux/grinternal.h> | |
19117 | + | |
19118 | +void | |
19119 | +gr_log_remount(const char *devname, const int retval) | |
19120 | +{ | |
19121 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
19122 | + if (grsec_enable_mount && (retval >= 0)) | |
19123 | + gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none"); | |
19124 | +#endif | |
19125 | + return; | |
19126 | +} | |
19127 | + | |
19128 | +void | |
19129 | +gr_log_unmount(const char *devname, const int retval) | |
19130 | +{ | |
19131 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
19132 | + if (grsec_enable_mount && (retval >= 0)) | |
19133 | + gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none"); | |
19134 | +#endif | |
19135 | + return; | |
19136 | +} | |
19137 | + | |
19138 | +void | |
19139 | +gr_log_mount(const char *from, const char *to, const int retval) | |
19140 | +{ | |
19141 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
19142 | + if (grsec_enable_mount && (retval >= 0)) | |
19143 | + gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to); | |
19144 | +#endif | |
19145 | + return; | |
19146 | +} | |
19147 | diff -urNp linux-2.6.19.1/grsecurity/grsec_rand.c linux-2.6.19.1/grsecurity/grsec_rand.c | |
19148 | --- linux-2.6.19.1/grsecurity/grsec_rand.c 1969-12-31 19:00:00.000000000 -0500 | |
19149 | +++ linux-2.6.19.1/grsecurity/grsec_rand.c 2006-12-03 15:16:32.000000000 -0500 | |
19150 | @@ -0,0 +1,26 @@ | |
19151 | +#include <linux/kernel.h> | |
19152 | +#include <linux/sched.h> | |
19153 | +#include <linux/smp_lock.h> | |
19154 | +#include <linux/grsecurity.h> | |
19155 | +#include <linux/grinternal.h> | |
19156 | + | |
19157 | +extern int pid_max; | |
19158 | + | |
19159 | +int | |
19160 | +gr_random_pid(void) | |
19161 | +{ | |
19162 | +#ifdef CONFIG_GRKERNSEC_RANDPID | |
19163 | + int pid; | |
19164 | + | |
19165 | + if (grsec_enable_randpid && current->fs->root) { | |
19166 | + /* return a pid in the range 1 ... pid_max - 1 | |
19167 | + optimize this so we don't have to do a real division | |
19168 | + */ | |
19169 | + pid = 1 + (get_random_long() % pid_max); | |
19170 | + if (pid == pid_max) | |
19171 | + pid = pid_max - 1; | |
19172 | + return pid; | |
19173 | + } | |
19174 | +#endif | |
19175 | + return 0; | |
19176 | +} | |
19177 | diff -urNp linux-2.6.19.1/grsecurity/grsec_sig.c linux-2.6.19.1/grsecurity/grsec_sig.c | |
19178 | --- linux-2.6.19.1/grsecurity/grsec_sig.c 1969-12-31 19:00:00.000000000 -0500 | |
19179 | +++ linux-2.6.19.1/grsecurity/grsec_sig.c 2006-12-03 15:16:32.000000000 -0500 | |
19180 | @@ -0,0 +1,59 @@ | |
19181 | +#include <linux/kernel.h> | |
19182 | +#include <linux/sched.h> | |
19183 | +#include <linux/grsecurity.h> | |
19184 | +#include <linux/grinternal.h> | |
19185 | + | |
19186 | +void | |
19187 | +gr_log_signal(const int sig, const struct task_struct *t) | |
19188 | +{ | |
19189 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
19190 | + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) || | |
19191 | + (sig == SIGABRT) || (sig == SIGBUS))) { | |
19192 | + if (t->pid == current->pid) { | |
19193 | + gr_log_int(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, sig); | |
19194 | + } else { | |
19195 | + gr_log_sig(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig); | |
19196 | + } | |
19197 | + } | |
19198 | +#endif | |
19199 | + return; | |
19200 | +} | |
19201 | + | |
19202 | +int | |
19203 | +gr_handle_signal(const struct task_struct *p, const int sig) | |
19204 | +{ | |
19205 | +#ifdef CONFIG_GRKERNSEC | |
19206 | + if (current->pid > 1 && gr_check_protected_task(p)) { | |
19207 | + gr_log_sig(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig); | |
19208 | + return -EPERM; | |
19209 | + } else if (gr_pid_is_chrooted((struct task_struct *)p)) { | |
19210 | + return -EPERM; | |
19211 | + } | |
19212 | +#endif | |
19213 | + return 0; | |
19214 | +} | |
19215 | + | |
19216 | +void gr_handle_brute_attach(struct task_struct *p) | |
19217 | +{ | |
19218 | +#ifdef CONFIG_GRKERNSEC_BRUTE | |
19219 | + read_lock(&tasklist_lock); | |
19220 | + read_lock(&grsec_exec_file_lock); | |
19221 | + if (p->parent && p->parent->exec_file == p->exec_file) | |
19222 | + p->parent->brute = 1; | |
19223 | + read_unlock(&grsec_exec_file_lock); | |
19224 | + read_unlock(&tasklist_lock); | |
19225 | +#endif | |
19226 | + return; | |
19227 | +} | |
19228 | + | |
19229 | +void gr_handle_brute_check(void) | |
19230 | +{ | |
19231 | +#ifdef CONFIG_GRKERNSEC_BRUTE | |
19232 | + if (current->brute) { | |
19233 | + set_current_state(TASK_UNINTERRUPTIBLE); | |
19234 | + schedule_timeout(30 * HZ); | |
19235 | + } | |
19236 | +#endif | |
19237 | + return; | |
19238 | +} | |
19239 | + | |
19240 | diff -urNp linux-2.6.19.1/grsecurity/grsec_sock.c linux-2.6.19.1/grsecurity/grsec_sock.c | |
19241 | --- linux-2.6.19.1/grsecurity/grsec_sock.c 1969-12-31 19:00:00.000000000 -0500 | |
19242 | +++ linux-2.6.19.1/grsecurity/grsec_sock.c 2006-12-03 15:16:32.000000000 -0500 | |
19243 | @@ -0,0 +1,263 @@ | |
19244 | +#include <linux/kernel.h> | |
19245 | +#include <linux/module.h> | |
19246 | +#include <linux/sched.h> | |
19247 | +#include <linux/file.h> | |
19248 | +#include <linux/net.h> | |
19249 | +#include <linux/in.h> | |
19250 | +#include <linux/ip.h> | |
19251 | +#include <net/sock.h> | |
19252 | +#include <net/inet_sock.h> | |
19253 | +#include <linux/grsecurity.h> | |
19254 | +#include <linux/grinternal.h> | |
19255 | +#include <linux/gracl.h> | |
19256 | + | |
19257 | +#if defined(CONFIG_IP_NF_MATCH_STEALTH_MODULE) | |
19258 | +extern struct sock *udp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport, int dif); | |
19259 | +EXPORT_SYMBOL(udp_v4_lookup); | |
19260 | +#endif | |
19261 | + | |
19262 | +EXPORT_SYMBOL(gr_cap_rtnetlink); | |
19263 | + | |
19264 | +extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb); | |
19265 | +extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr); | |
19266 | + | |
19267 | +EXPORT_SYMBOL(gr_search_udp_recvmsg); | |
19268 | +EXPORT_SYMBOL(gr_search_udp_sendmsg); | |
19269 | + | |
19270 | +#ifdef CONFIG_UNIX_MODULE | |
19271 | +EXPORT_SYMBOL(gr_acl_handle_unix); | |
19272 | +EXPORT_SYMBOL(gr_acl_handle_mknod); | |
19273 | +EXPORT_SYMBOL(gr_handle_chroot_unix); | |
19274 | +EXPORT_SYMBOL(gr_handle_create); | |
19275 | +#endif | |
19276 | + | |
19277 | +#ifdef CONFIG_GRKERNSEC | |
19278 | +#define gr_conn_table_size 32749 | |
19279 | +struct conn_table_entry { | |
19280 | + struct conn_table_entry *next; | |
19281 | + struct signal_struct *sig; | |
19282 | +}; | |
19283 | + | |
19284 | +struct conn_table_entry *gr_conn_table[gr_conn_table_size]; | |
19285 | +spinlock_t gr_conn_table_lock = SPIN_LOCK_UNLOCKED; | |
19286 | + | |
19287 | +extern const char * gr_socktype_to_name(unsigned char type); | |
19288 | +extern const char * gr_proto_to_name(unsigned char proto); | |
19289 | + | |
19290 | +static __inline__ int | |
19291 | +conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size) | |
19292 | +{ | |
19293 | + return ((daddr + saddr + (sport << 8) + (dport << 16)) % size); | |
19294 | +} | |
19295 | + | |
19296 | +static __inline__ int | |
19297 | +conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr, | |
19298 | + __u16 sport, __u16 dport) | |
19299 | +{ | |
19300 | + if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr && | |
19301 | + sig->gr_sport == sport && sig->gr_dport == dport)) | |
19302 | + return 1; | |
19303 | + else | |
19304 | + return 0; | |
19305 | +} | |
19306 | + | |
19307 | +static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent) | |
19308 | +{ | |
19309 | + struct conn_table_entry **match; | |
19310 | + unsigned int index; | |
19311 | + | |
19312 | + index = conn_hash(sig->gr_saddr, sig->gr_daddr, | |
19313 | + sig->gr_sport, sig->gr_dport, | |
19314 | + gr_conn_table_size); | |
19315 | + | |
19316 | + newent->sig = sig; | |
19317 | + | |
19318 | + match = &gr_conn_table[index]; | |
19319 | + newent->next = *match; | |
19320 | + *match = newent; | |
19321 | + | |
19322 | + return; | |
19323 | +} | |
19324 | + | |
19325 | +static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig) | |
19326 | +{ | |
19327 | + struct conn_table_entry *match, *last = NULL; | |
19328 | + unsigned int index; | |
19329 | + | |
19330 | + index = conn_hash(sig->gr_saddr, sig->gr_daddr, | |
19331 | + sig->gr_sport, sig->gr_dport, | |
19332 | + gr_conn_table_size); | |
19333 | + | |
19334 | + match = gr_conn_table[index]; | |
19335 | + while (match && !conn_match(match->sig, | |
19336 | + sig->gr_saddr, sig->gr_daddr, sig->gr_sport, | |
19337 | + sig->gr_dport)) { | |
19338 | + last = match; | |
19339 | + match = match->next; | |
19340 | + } | |
19341 | + | |
19342 | + if (match) { | |
19343 | + if (last) | |
19344 | + last->next = match->next; | |
19345 | + else | |
19346 | + gr_conn_table[index] = NULL; | |
19347 | + kfree(match); | |
19348 | + } | |
19349 | + | |
19350 | + return; | |
19351 | +} | |
19352 | + | |
19353 | +static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr, | |
19354 | + __u16 sport, __u16 dport) | |
19355 | +{ | |
19356 | + struct conn_table_entry *match; | |
19357 | + unsigned int index; | |
19358 | + | |
19359 | + index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size); | |
19360 | + | |
19361 | + match = gr_conn_table[index]; | |
19362 | + while (match && !conn_match(match->sig, saddr, daddr, sport, dport)) | |
19363 | + match = match->next; | |
19364 | + | |
19365 | + if (match) | |
19366 | + return match->sig; | |
19367 | + else | |
19368 | + return NULL; | |
19369 | +} | |
19370 | + | |
19371 | +#endif | |
19372 | + | |
19373 | +void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet) | |
19374 | +{ | |
19375 | +#ifdef CONFIG_GRKERNSEC | |
19376 | + struct signal_struct *sig = task->signal; | |
19377 | + struct conn_table_entry *newent; | |
19378 | + | |
19379 | + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC); | |
19380 | + if (newent == NULL) | |
19381 | + return; | |
19382 | + /* no bh lock needed since we are called with bh disabled */ | |
19383 | + spin_lock(&gr_conn_table_lock); | |
19384 | + gr_del_task_from_ip_table_nolock(sig); | |
19385 | + sig->gr_saddr = inet->rcv_saddr; | |
19386 | + sig->gr_daddr = inet->daddr; | |
19387 | + sig->gr_sport = inet->sport; | |
19388 | + sig->gr_dport = inet->dport; | |
19389 | + gr_add_to_task_ip_table_nolock(sig, newent); | |
19390 | + spin_unlock(&gr_conn_table_lock); | |
19391 | +#endif | |
19392 | + return; | |
19393 | +} | |
19394 | + | |
19395 | +void gr_del_task_from_ip_table(struct task_struct *task) | |
19396 | +{ | |
19397 | +#ifdef CONFIG_GRKERNSEC | |
19398 | + spin_lock(&gr_conn_table_lock); | |
19399 | + gr_del_task_from_ip_table_nolock(task->signal); | |
19400 | + spin_unlock(&gr_conn_table_lock); | |
19401 | +#endif | |
19402 | + return; | |
19403 | +} | |
19404 | + | |
19405 | +void | |
19406 | +gr_attach_curr_ip(const struct sock *sk) | |
19407 | +{ | |
19408 | +#ifdef CONFIG_GRKERNSEC | |
19409 | + struct signal_struct *p, *set; | |
19410 | + const struct inet_sock *inet = inet_sk(sk); | |
19411 | + | |
19412 | + if (unlikely(sk->sk_protocol != IPPROTO_TCP)) | |
19413 | + return; | |
19414 | + | |
19415 | + set = current->signal; | |
19416 | + | |
19417 | + spin_lock_bh(&gr_conn_table_lock); | |
19418 | + p = gr_lookup_task_ip_table(inet->daddr, inet->rcv_saddr, | |
19419 | + inet->dport, inet->sport); | |
19420 | + if (unlikely(p != NULL)) { | |
19421 | + set->curr_ip = p->curr_ip; | |
19422 | + set->used_accept = 1; | |
19423 | + gr_del_task_from_ip_table_nolock(p); | |
19424 | + spin_unlock_bh(&gr_conn_table_lock); | |
19425 | + return; | |
19426 | + } | |
19427 | + spin_unlock_bh(&gr_conn_table_lock); | |
19428 | + | |
19429 | + set->curr_ip = inet->daddr; | |
19430 | + set->used_accept = 1; | |
19431 | +#endif | |
19432 | + return; | |
19433 | +} | |
19434 | + | |
19435 | +int | |
19436 | +gr_handle_sock_all(const int family, const int type, const int protocol) | |
19437 | +{ | |
19438 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
19439 | + if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) && | |
19440 | + (family != AF_UNIX) && (family != AF_LOCAL)) { | |
19441 | + gr_log_int_str2(GR_DONT_AUDIT, GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol)); | |
19442 | + return -EACCES; | |
19443 | + } | |
19444 | +#endif | |
19445 | + return 0; | |
19446 | +} | |
19447 | + | |
19448 | +int | |
19449 | +gr_handle_sock_server(const struct sockaddr *sck) | |
19450 | +{ | |
19451 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
19452 | + if (grsec_enable_socket_server && | |
19453 | + in_group_p(grsec_socket_server_gid) && | |
19454 | + sck && (sck->sa_family != AF_UNIX) && | |
19455 | + (sck->sa_family != AF_LOCAL)) { | |
19456 | + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG); | |
19457 | + return -EACCES; | |
19458 | + } | |
19459 | +#endif | |
19460 | + return 0; | |
19461 | +} | |
19462 | + | |
19463 | +int | |
19464 | +gr_handle_sock_server_other(const struct sock *sck) | |
19465 | +{ | |
19466 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
19467 | + if (grsec_enable_socket_server && | |
19468 | + in_group_p(grsec_socket_server_gid) && | |
19469 | + sck && (sck->sk_family != AF_UNIX) && | |
19470 | + (sck->sk_family != AF_LOCAL)) { | |
19471 | + gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG); | |
19472 | + return -EACCES; | |
19473 | + } | |
19474 | +#endif | |
19475 | + return 0; | |
19476 | +} | |
19477 | + | |
19478 | +int | |
19479 | +gr_handle_sock_client(const struct sockaddr *sck) | |
19480 | +{ | |
19481 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
19482 | + if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) && | |
19483 | + sck && (sck->sa_family != AF_UNIX) && | |
19484 | + (sck->sa_family != AF_LOCAL)) { | |
19485 | + gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG); | |
19486 | + return -EACCES; | |
19487 | + } | |
19488 | +#endif | |
19489 | + return 0; | |
19490 | +} | |
19491 | + | |
19492 | +__u32 | |
19493 | +gr_cap_rtnetlink(void) | |
19494 | +{ | |
19495 | +#ifdef CONFIG_GRKERNSEC | |
19496 | + if (!gr_acl_is_enabled()) | |
19497 | + return current->cap_effective; | |
19498 | + else if (cap_raised(current->cap_effective, CAP_NET_ADMIN) && | |
19499 | + gr_task_is_capable(current, CAP_NET_ADMIN)) | |
19500 | + return current->cap_effective; | |
19501 | + else | |
19502 | + return 0; | |
19503 | +#else | |
19504 | + return current->cap_effective; | |
19505 | +#endif | |
19506 | +} | |
19507 | diff -urNp linux-2.6.19.1/grsecurity/grsec_sysctl.c linux-2.6.19.1/grsecurity/grsec_sysctl.c | |
19508 | --- linux-2.6.19.1/grsecurity/grsec_sysctl.c 1969-12-31 19:00:00.000000000 -0500 | |
19509 | +++ linux-2.6.19.1/grsecurity/grsec_sysctl.c 2006-12-03 15:16:32.000000000 -0500 | |
19510 | @@ -0,0 +1,466 @@ | |
19511 | +#include <linux/kernel.h> | |
19512 | +#include <linux/sched.h> | |
19513 | +#include <linux/sysctl.h> | |
19514 | +#include <linux/grsecurity.h> | |
19515 | +#include <linux/grinternal.h> | |
19516 | + | |
19517 | +#ifdef CONFIG_GRKERNSEC_MODSTOP | |
19518 | +int grsec_modstop; | |
19519 | +#endif | |
19520 | + | |
19521 | +int | |
19522 | +gr_handle_sysctl_mod(const char *dirname, const char *name, const int op) | |
19523 | +{ | |
19524 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | |
19525 | + if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & 002)) { | |
19526 | + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name); | |
19527 | + return -EACCES; | |
19528 | + } | |
19529 | +#endif | |
19530 | +#ifdef CONFIG_GRKERNSEC_MODSTOP | |
19531 | + if (!strcmp(dirname, "grsecurity") && !strcmp(name, "disable_modules") && | |
19532 | + grsec_modstop && (op & 002)) { | |
19533 | + gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name); | |
19534 | + return -EACCES; | |
19535 | + } | |
19536 | +#endif | |
19537 | + return 0; | |
19538 | +} | |
19539 | + | |
19540 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP) | |
19541 | +enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL, | |
19542 | +GS_FORKFAIL, GS_TIME, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT, | |
19543 | +GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM, | |
19544 | +GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS, | |
19545 | +GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL, GS_SIDCAPS, | |
19546 | +GS_RANDPID, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT, | |
19547 | +GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, | |
19548 | +GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, | |
19549 | +GS_TEXTREL, GS_FINDTASK, GS_SHM, GS_LOCK, GS_MODSTOP, GS_RESLOG}; | |
19550 | + | |
19551 | + | |
19552 | +ctl_table grsecurity_table[] = { | |
19553 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | |
19554 | +#ifdef CONFIG_GRKERNSEC_LINK | |
19555 | + { | |
19556 | + .ctl_name = GS_LINK, | |
19557 | + .procname = "linking_restrictions", | |
19558 | + .data = &grsec_enable_link, | |
19559 | + .maxlen = sizeof(int), | |
19560 | + .mode = 0600, | |
19561 | + .proc_handler = &proc_dointvec, | |
19562 | + }, | |
19563 | +#endif | |
19564 | +#ifdef CONFIG_GRKERNSEC_FIFO | |
19565 | + { | |
19566 | + .ctl_name = GS_FIFO, | |
19567 | + .procname = "fifo_restrictions", | |
19568 | + .data = &grsec_enable_fifo, | |
19569 | + .maxlen = sizeof(int), | |
19570 | + .mode = 0600, | |
19571 | + .proc_handler = &proc_dointvec, | |
19572 | + }, | |
19573 | +#endif | |
19574 | +#ifdef CONFIG_GRKERNSEC_EXECVE | |
19575 | + { | |
19576 | + .ctl_name = GS_EXECVE, | |
19577 | + .procname = "execve_limiting", | |
19578 | + .data = &grsec_enable_execve, | |
19579 | + .maxlen = sizeof(int), | |
19580 | + .mode = 0600, | |
19581 | + .proc_handler = &proc_dointvec, | |
19582 | + }, | |
19583 | +#endif | |
19584 | +#ifdef CONFIG_GRKERNSEC_EXECLOG | |
19585 | + { | |
19586 | + .ctl_name = GS_EXECLOG, | |
19587 | + .procname = "exec_logging", | |
19588 | + .data = &grsec_enable_execlog, | |
19589 | + .maxlen = sizeof(int), | |
19590 | + .mode = 0600, | |
19591 | + .proc_handler = &proc_dointvec, | |
19592 | + }, | |
19593 | +#endif | |
19594 | +#ifdef CONFIG_GRKERNSEC_SIGNAL | |
19595 | + { | |
19596 | + .ctl_name = GS_SIGNAL, | |
19597 | + .procname = "signal_logging", | |
19598 | + .data = &grsec_enable_signal, | |
19599 | + .maxlen = sizeof(int), | |
19600 | + .mode = 0600, | |
19601 | + .proc_handler = &proc_dointvec, | |
19602 | + }, | |
19603 | +#endif | |
19604 | +#ifdef CONFIG_GRKERNSEC_FORKFAIL | |
19605 | + { | |
19606 | + .ctl_name = GS_FORKFAIL, | |
19607 | + .procname = "forkfail_logging", | |
19608 | + .data = &grsec_enable_forkfail, | |
19609 | + .maxlen = sizeof(int), | |
19610 | + .mode = 0600, | |
19611 | + .proc_handler = &proc_dointvec, | |
19612 | + }, | |
19613 | +#endif | |
19614 | +#ifdef CONFIG_GRKERNSEC_TIME | |
19615 | + { | |
19616 | + .ctl_name = GS_TIME, | |
19617 | + .procname = "timechange_logging", | |
19618 | + .data = &grsec_enable_time, | |
19619 | + .maxlen = sizeof(int), | |
19620 | + .mode = 0600, | |
19621 | + .proc_handler = &proc_dointvec, | |
19622 | + }, | |
19623 | +#endif | |
19624 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT | |
19625 | + { | |
19626 | + .ctl_name = GS_CHROOT_SHMAT, | |
19627 | + .procname = "chroot_deny_shmat", | |
19628 | + .data = &grsec_enable_chroot_shmat, | |
19629 | + .maxlen = sizeof(int), | |
19630 | + .mode = 0600, | |
19631 | + .proc_handler = &proc_dointvec, | |
19632 | + }, | |
19633 | +#endif | |
19634 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
19635 | + { | |
19636 | + .ctl_name = GS_CHROOT_UNIX, | |
19637 | + .procname = "chroot_deny_unix", | |
19638 | + .data = &grsec_enable_chroot_unix, | |
19639 | + .maxlen = sizeof(int), | |
19640 | + .mode = 0600, | |
19641 | + .proc_handler = &proc_dointvec, | |
19642 | + }, | |
19643 | +#endif | |
19644 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT | |
19645 | + { | |
19646 | + .ctl_name = GS_CHROOT_MNT, | |
19647 | + .procname = "chroot_deny_mount", | |
19648 | + .data = &grsec_enable_chroot_mount, | |
19649 | + .maxlen = sizeof(int), | |
19650 | + .mode = 0600, | |
19651 | + .proc_handler = &proc_dointvec, | |
19652 | + }, | |
19653 | +#endif | |
19654 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR | |
19655 | + { | |
19656 | + .ctl_name = GS_CHROOT_FCHDIR, | |
19657 | + .procname = "chroot_deny_fchdir", | |
19658 | + .data = &grsec_enable_chroot_fchdir, | |
19659 | + .maxlen = sizeof(int), | |
19660 | + .mode = 0600, | |
19661 | + .proc_handler = &proc_dointvec, | |
19662 | + }, | |
19663 | +#endif | |
19664 | +#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE | |
19665 | + { | |
19666 | + .ctl_name = GS_CHROOT_DBL, | |
19667 | + .procname = "chroot_deny_chroot", | |
19668 | + .data = &grsec_enable_chroot_double, | |
19669 | + .maxlen = sizeof(int), | |
19670 | + .mode = 0600, | |
19671 | + .proc_handler = &proc_dointvec, | |
19672 | + }, | |
19673 | +#endif | |
19674 | +#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT | |
19675 | + { | |
19676 | + .ctl_name = GS_CHROOT_PVT, | |
19677 | + .procname = "chroot_deny_pivot", | |
19678 | + .data = &grsec_enable_chroot_pivot, | |
19679 | + .maxlen = sizeof(int), | |
19680 | + .mode = 0600, | |
19681 | + .proc_handler = &proc_dointvec, | |
19682 | + }, | |
19683 | +#endif | |
19684 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR | |
19685 | + { | |
19686 | + .ctl_name = GS_CHROOT_CD, | |
19687 | + .procname = "chroot_enforce_chdir", | |
19688 | + .data = &grsec_enable_chroot_chdir, | |
19689 | + .maxlen = sizeof(int), | |
19690 | + .mode = 0600, | |
19691 | + .proc_handler = &proc_dointvec, | |
19692 | + }, | |
19693 | +#endif | |
19694 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD | |
19695 | + { | |
19696 | + .ctl_name = GS_CHROOT_CM, | |
19697 | + .procname = "chroot_deny_chmod", | |
19698 | + .data = &grsec_enable_chroot_chmod, | |
19699 | + .maxlen = sizeof(int), | |
19700 | + .mode = 0600, | |
19701 | + .proc_handler = &proc_dointvec, | |
19702 | + }, | |
19703 | +#endif | |
19704 | +#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD | |
19705 | + { | |
19706 | + .ctl_name = GS_CHROOT_MK, | |
19707 | + .procname = "chroot_deny_mknod", | |
19708 | + .data = &grsec_enable_chroot_mknod, | |
19709 | + .maxlen = sizeof(int), | |
19710 | + .mode = 0600, | |
19711 | + .proc_handler = &proc_dointvec, | |
19712 | + }, | |
19713 | +#endif | |
19714 | +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE | |
19715 | + { | |
19716 | + .ctl_name = GS_CHROOT_NI, | |
19717 | + .procname = "chroot_restrict_nice", | |
19718 | + .data = &grsec_enable_chroot_nice, | |
19719 | + .maxlen = sizeof(int), | |
19720 | + .mode = 0600, | |
19721 | + .proc_handler = &proc_dointvec, | |
19722 | + }, | |
19723 | +#endif | |
19724 | +#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG | |
19725 | + { | |
19726 | + .ctl_name = GS_CHROOT_EXECLOG, | |
19727 | + .procname = "chroot_execlog", | |
19728 | + .data = &grsec_enable_chroot_execlog, | |
19729 | + .maxlen = sizeof(int), | |
19730 | + .mode = 0600, | |
19731 | + .proc_handler = &proc_dointvec, | |
19732 | + }, | |
19733 | +#endif | |
19734 | +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS | |
19735 | + { | |
19736 | + .ctl_name = GS_CHROOT_CAPS, | |
19737 | + .procname = "chroot_caps", | |
19738 | + .data = &grsec_enable_chroot_caps, | |
19739 | + .maxlen = sizeof(int), | |
19740 | + .mode = 0600, | |
19741 | + .proc_handler = &proc_dointvec, | |
19742 | + }, | |
19743 | +#endif | |
19744 | +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL | |
19745 | + { | |
19746 | + .ctl_name = GS_CHROOT_SYSCTL, | |
19747 | + .procname = "chroot_deny_sysctl", | |
19748 | + .data = &grsec_enable_chroot_sysctl, | |
19749 | + .maxlen = sizeof(int), | |
19750 | + .mode = 0600, | |
19751 | + .proc_handler = &proc_dointvec, | |
19752 | + }, | |
19753 | +#endif | |
19754 | +#ifdef CONFIG_GRKERNSEC_TPE | |
19755 | + { | |
19756 | + .ctl_name = GS_TPE, | |
19757 | + .procname = "tpe", | |
19758 | + .data = &grsec_enable_tpe, | |
19759 | + .maxlen = sizeof(int), | |
19760 | + .mode = 0600, | |
19761 | + .proc_handler = &proc_dointvec, | |
19762 | + }, | |
19763 | + { | |
19764 | + .ctl_name = GS_TPE_GID, | |
19765 | + .procname = "tpe_gid", | |
19766 | + .data = &grsec_tpe_gid, | |
19767 | + .maxlen = sizeof(int), | |
19768 | + .mode = 0600, | |
19769 | + .proc_handler = &proc_dointvec, | |
19770 | + }, | |
19771 | +#endif | |
19772 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
19773 | + { | |
19774 | + .ctl_name = GS_TPE_ALL, | |
19775 | + .procname = "tpe_restrict_all", | |
19776 | + .data = &grsec_enable_tpe_all, | |
19777 | + .maxlen = sizeof(int), | |
19778 | + .mode = 0600, | |
19779 | + .proc_handler = &proc_dointvec, | |
19780 | + }, | |
19781 | +#endif | |
19782 | +#ifdef CONFIG_GRKERNSEC_RANDPID | |
19783 | + { | |
19784 | + .ctl_name = GS_RANDPID, | |
19785 | + .procname = "rand_pids", | |
19786 | + .data = &grsec_enable_randpid, | |
19787 | + .maxlen = sizeof(int), | |
19788 | + .mode = 0600, | |
19789 | + .proc_handler = &proc_dointvec, | |
19790 | + }, | |
19791 | +#endif | |
19792 | +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL | |
19793 | + { | |
19794 | + .ctl_name = GS_SOCKET_ALL, | |
19795 | + .procname = "socket_all", | |
19796 | + .data = &grsec_enable_socket_all, | |
19797 | + .maxlen = sizeof(int), | |
19798 | + .mode = 0600, | |
19799 | + .proc_handler = &proc_dointvec, | |
19800 | + }, | |
19801 | + { | |
19802 | + .ctl_name = GS_SOCKET_ALL_GID, | |
19803 | + .procname = "socket_all_gid", | |
19804 | + .data = &grsec_socket_all_gid, | |
19805 | + .maxlen = sizeof(int), | |
19806 | + .mode = 0600, | |
19807 | + .proc_handler = &proc_dointvec, | |
19808 | + }, | |
19809 | +#endif | |
19810 | +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT | |
19811 | + { | |
19812 | + .ctl_name = GS_SOCKET_CLIENT, | |
19813 | + .procname = "socket_client", | |
19814 | + .data = &grsec_enable_socket_client, | |
19815 | + .maxlen = sizeof(int), | |
19816 | + .mode = 0600, | |
19817 | + .proc_handler = &proc_dointvec, | |
19818 | + }, | |
19819 | + { | |
19820 | + .ctl_name = GS_SOCKET_CLIENT_GID, | |
19821 | + .procname = "socket_client_gid", | |
19822 | + .data = &grsec_socket_client_gid, | |
19823 | + .maxlen = sizeof(int), | |
19824 | + .mode = 0600, | |
19825 | + .proc_handler = &proc_dointvec, | |
19826 | + }, | |
19827 | +#endif | |
19828 | +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER | |
19829 | + { | |
19830 | + .ctl_name = GS_SOCKET_SERVER, | |
19831 | + .procname = "socket_server", | |
19832 | + .data = &grsec_enable_socket_server, | |
19833 | + .maxlen = sizeof(int), | |
19834 | + .mode = 0600, | |
19835 | + .proc_handler = &proc_dointvec, | |
19836 | + }, | |
19837 | + { | |
19838 | + .ctl_name = GS_SOCKET_SERVER_GID, | |
19839 | + .procname = "socket_server_gid", | |
19840 | + .data = &grsec_socket_server_gid, | |
19841 | + .maxlen = sizeof(int), | |
19842 | + .mode = 0600, | |
19843 | + .proc_handler = &proc_dointvec, | |
19844 | + }, | |
19845 | +#endif | |
19846 | +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP | |
19847 | + { | |
19848 | + .ctl_name = GS_GROUP, | |
19849 | + .procname = "audit_group", | |
19850 | + .data = &grsec_enable_group, | |
19851 | + .maxlen = sizeof(int), | |
19852 | + .mode = 0600, | |
19853 | + .proc_handler = &proc_dointvec, | |
19854 | + }, | |
19855 | + { | |
19856 | + .ctl_name = GS_GID, | |
19857 | + .procname = "audit_gid", | |
19858 | + .data = &grsec_audit_gid, | |
19859 | + .maxlen = sizeof(int), | |
19860 | + .mode = 0600, | |
19861 | + .proc_handler = &proc_dointvec, | |
19862 | + }, | |
19863 | +#endif | |
19864 | +#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR | |
19865 | + { | |
19866 | + .ctl_name = GS_ACHDIR, | |
19867 | + .procname = "audit_chdir", | |
19868 | + .data = &grsec_enable_chdir, | |
19869 | + .maxlen = sizeof(int), | |
19870 | + .mode = 0600, | |
19871 | + .proc_handler = &proc_dointvec, | |
19872 | + }, | |
19873 | +#endif | |
19874 | +#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT | |
19875 | + { | |
19876 | + .ctl_name = GS_AMOUNT, | |
19877 | + .procname = "audit_mount", | |
19878 | + .data = &grsec_enable_mount, | |
19879 | + .maxlen = sizeof(int), | |
19880 | + .mode = 0600, | |
19881 | + .proc_handler = &proc_dointvec, | |
19882 | + }, | |
19883 | +#endif | |
19884 | +#ifdef CONFIG_GRKERNSEC_AUDIT_IPC | |
19885 | + { | |
19886 | + .ctl_name = GS_AIPC, | |
19887 | + .procname = "audit_ipc", | |
19888 | + .data = &grsec_enable_audit_ipc, | |
19889 | + .maxlen = sizeof(int), | |
19890 | + .mode = 0600, | |
19891 | + .proc_handler = &proc_dointvec, | |
19892 | + }, | |
19893 | +#endif | |
19894 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL | |
19895 | + { | |
19896 | + .ctl_name = GS_TEXTREL, | |
19897 | + .procname = "audit_textrel", | |
19898 | + .data = &grsec_enable_audit_textrel, | |
19899 | + .maxlen = sizeof(int), | |
19900 | + .mode = 0600, | |
19901 | + .proc_handler = &proc_dointvec, | |
19902 | + }, | |
19903 | +#endif | |
19904 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
19905 | + { | |
19906 | + .ctl_name = GS_DMSG, | |
19907 | + .procname = "dmesg", | |
19908 | + .data = &grsec_enable_dmesg, | |
19909 | + .maxlen = sizeof(int), | |
19910 | + .mode = 0600, | |
19911 | + .proc_handler = &proc_dointvec, | |
19912 | + }, | |
19913 | +#endif | |
19914 | +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK | |
19915 | + { | |
19916 | + .ctl_name = GS_FINDTASK, | |
19917 | + .procname = "chroot_findtask", | |
19918 | + .data = &grsec_enable_chroot_findtask, | |
19919 | + .maxlen = sizeof(int), | |
19920 | + .mode = 0600, | |
19921 | + .proc_handler = &proc_dointvec, | |
19922 | + }, | |
19923 | +#endif | |
19924 | +#ifdef CONFIG_GRKERNSEC_SHM | |
19925 | + { | |
19926 | + .ctl_name = GS_SHM, | |
19927 | + .procname = "destroy_unused_shm", | |
19928 | + .data = &grsec_enable_shm, | |
19929 | + .maxlen = sizeof(int), | |
19930 | + .mode = 0600, | |
19931 | + .proc_handler = &proc_dointvec, | |
19932 | + }, | |
19933 | +#endif | |
19934 | +#ifdef CONFIG_GRKERNSEC_RESLOG | |
19935 | + { | |
19936 | + .ctl_name = GS_RESLOG, | |
19937 | + .procname = "resource_logging", | |
19938 | + .data = &grsec_resource_logging, | |
19939 | + .maxlen = sizeof(int), | |
19940 | + .mode = 0600, | |
19941 | + .proc_handler = &proc_dointvec, | |
19942 | + }, | |
19943 | +#endif | |
19944 | + { | |
19945 | + .ctl_name = GS_LOCK, | |
19946 | + .procname = "grsec_lock", | |
19947 | + .data = &grsec_lock, | |
19948 | + .maxlen = sizeof(int), | |
19949 | + .mode = 0600, | |
19950 | + .proc_handler = &proc_dointvec, | |
19951 | + }, | |
19952 | +#endif | |
19953 | +#ifdef CONFIG_GRKERNSEC_MODSTOP | |
19954 | + { | |
19955 | + .ctl_name = GS_MODSTOP, | |
19956 | + .procname = "disable_modules", | |
19957 | + .data = &grsec_modstop, | |
19958 | + .maxlen = sizeof(int), | |
19959 | + .mode = 0600, | |
19960 | + .proc_handler = &proc_dointvec, | |
19961 | + }, | |
19962 | +#endif | |
19963 | + { .ctl_name = 0 } | |
19964 | +}; | |
19965 | +#endif | |
19966 | + | |
19967 | +int gr_check_modstop(void) | |
19968 | +{ | |
19969 | +#ifdef CONFIG_GRKERNSEC_MODSTOP | |
19970 | + if (grsec_modstop == 1) { | |
19971 | + gr_log_noargs(GR_DONT_AUDIT, GR_STOPMOD_MSG); | |
19972 | + return 1; | |
19973 | + } | |
19974 | +#endif | |
19975 | + return 0; | |
19976 | +} | |
19977 | diff -urNp linux-2.6.19.1/grsecurity/grsec_textrel.c linux-2.6.19.1/grsecurity/grsec_textrel.c | |
19978 | --- linux-2.6.19.1/grsecurity/grsec_textrel.c 1969-12-31 19:00:00.000000000 -0500 | |
19979 | +++ linux-2.6.19.1/grsecurity/grsec_textrel.c 2006-12-03 15:16:32.000000000 -0500 | |
19980 | @@ -0,0 +1,16 @@ | |
19981 | +#include <linux/kernel.h> | |
19982 | +#include <linux/sched.h> | |
19983 | +#include <linux/mm.h> | |
19984 | +#include <linux/file.h> | |
19985 | +#include <linux/grinternal.h> | |
19986 | +#include <linux/grsecurity.h> | |
19987 | + | |
19988 | +void | |
19989 | +gr_log_textrel(struct vm_area_struct * vma) | |
19990 | +{ | |
19991 | +#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL | |
19992 | + if (grsec_enable_audit_textrel) | |
19993 | + gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff); | |
19994 | +#endif | |
19995 | + return; | |
19996 | +} | |
19997 | diff -urNp linux-2.6.19.1/grsecurity/grsec_time.c linux-2.6.19.1/grsecurity/grsec_time.c | |
19998 | --- linux-2.6.19.1/grsecurity/grsec_time.c 1969-12-31 19:00:00.000000000 -0500 | |
19999 | +++ linux-2.6.19.1/grsecurity/grsec_time.c 2006-12-03 15:16:32.000000000 -0500 | |
20000 | @@ -0,0 +1,13 @@ | |
20001 | +#include <linux/kernel.h> | |
20002 | +#include <linux/sched.h> | |
20003 | +#include <linux/grinternal.h> | |
20004 | + | |
20005 | +void | |
20006 | +gr_log_timechange(void) | |
20007 | +{ | |
20008 | +#ifdef CONFIG_GRKERNSEC_TIME | |
20009 | + if (grsec_enable_time) | |
20010 | + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG); | |
20011 | +#endif | |
20012 | + return; | |
20013 | +} | |
20014 | diff -urNp linux-2.6.19.1/grsecurity/grsec_tpe.c linux-2.6.19.1/grsecurity/grsec_tpe.c | |
20015 | --- linux-2.6.19.1/grsecurity/grsec_tpe.c 1969-12-31 19:00:00.000000000 -0500 | |
20016 | +++ linux-2.6.19.1/grsecurity/grsec_tpe.c 2006-12-03 15:16:32.000000000 -0500 | |
20017 | @@ -0,0 +1,37 @@ | |
20018 | +#include <linux/kernel.h> | |
20019 | +#include <linux/sched.h> | |
20020 | +#include <linux/file.h> | |
20021 | +#include <linux/fs.h> | |
20022 | +#include <linux/grinternal.h> | |
20023 | + | |
20024 | +extern int gr_acl_tpe_check(void); | |
20025 | + | |
20026 | +int | |
20027 | +gr_tpe_allow(const struct file *file) | |
20028 | +{ | |
20029 | +#ifdef CONFIG_GRKERNSEC | |
20030 | + struct inode *inode = file->f_dentry->d_parent->d_inode; | |
20031 | + | |
20032 | + if (current->uid && ((grsec_enable_tpe && | |
20033 | +#ifdef CONFIG_GRKERNSEC_TPE_INVERT | |
20034 | + !in_group_p(grsec_tpe_gid) | |
20035 | +#else | |
20036 | + in_group_p(grsec_tpe_gid) | |
20037 | +#endif | |
20038 | + ) || gr_acl_tpe_check()) && | |
20039 | + (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) || | |
20040 | + (inode->i_mode & S_IWOTH))))) { | |
20041 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_dentry, file->f_vfsmnt); | |
20042 | + return 0; | |
20043 | + } | |
20044 | +#ifdef CONFIG_GRKERNSEC_TPE_ALL | |
20045 | + if (current->uid && grsec_enable_tpe && grsec_enable_tpe_all && | |
20046 | + ((inode->i_uid && (inode->i_uid != current->uid)) || | |
20047 | + (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) { | |
20048 | + gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_dentry, file->f_vfsmnt); | |
20049 | + return 0; | |
20050 | + } | |
20051 | +#endif | |
20052 | +#endif | |
20053 | + return 1; | |
20054 | +} | |
20055 | diff -urNp linux-2.6.19.1/grsecurity/grsum.c linux-2.6.19.1/grsecurity/grsum.c | |
20056 | --- linux-2.6.19.1/grsecurity/grsum.c 1969-12-31 19:00:00.000000000 -0500 | |
20057 | +++ linux-2.6.19.1/grsecurity/grsum.c 2006-12-03 15:16:32.000000000 -0500 | |
20058 | @@ -0,0 +1,59 @@ | |
20059 | +#include <linux/kernel.h> | |
20060 | +#include <linux/sched.h> | |
20061 | +#include <linux/mm.h> | |
20062 | +#include <asm/scatterlist.h> | |
20063 | +#include <linux/crypto.h> | |
20064 | +#include <linux/gracl.h> | |
20065 | + | |
20066 | + | |
20067 | +#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE) | |
20068 | +#error "crypto and sha256 must be built into the kernel" | |
20069 | +#endif | |
20070 | + | |
20071 | +int | |
20072 | +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum) | |
20073 | +{ | |
20074 | + char *p; | |
20075 | + struct crypto_tfm *tfm; | |
20076 | + unsigned char temp_sum[GR_SHA_LEN]; | |
20077 | + struct scatterlist sg[2]; | |
20078 | + volatile int retval = 0; | |
20079 | + volatile int dummy = 0; | |
20080 | + unsigned int i; | |
20081 | + | |
20082 | + tfm = crypto_alloc_tfm("sha256", 0); | |
20083 | + if (tfm == NULL) { | |
20084 | + /* should never happen, since sha256 should be built in */ | |
20085 | + return 1; | |
20086 | + } | |
20087 | + | |
20088 | + crypto_digest_init(tfm); | |
20089 | + | |
20090 | + p = salt; | |
20091 | + sg[0].page = virt_to_page(p); | |
20092 | + sg[0].offset = ((long) p & ~PAGE_MASK); | |
20093 | + sg[0].length = GR_SALT_LEN; | |
20094 | + | |
20095 | + crypto_digest_update(tfm, sg, 1); | |
20096 | + | |
20097 | + p = entry->pw; | |
20098 | + sg[0].page = virt_to_page(p); | |
20099 | + sg[0].offset = ((long) p & ~PAGE_MASK); | |
20100 | + sg[0].length = strlen(entry->pw); | |
20101 | + | |
20102 | + crypto_digest_update(tfm, sg, 1); | |
20103 | + | |
20104 | + crypto_digest_final(tfm, temp_sum); | |
20105 | + | |
20106 | + memset(entry->pw, 0, GR_PW_LEN); | |
20107 | + | |
20108 | + for (i = 0; i < GR_SHA_LEN; i++) | |
20109 | + if (sum[i] != temp_sum[i]) | |
20110 | + retval = 1; | |
20111 | + else | |
20112 | + dummy = 1; // waste a cycle | |
20113 | + | |
20114 | + crypto_free_tfm(tfm); | |
20115 | + | |
20116 | + return retval; | |
20117 | +} | |
20118 | diff -urNp linux-2.6.19.1/grsecurity/Kconfig linux-2.6.19.1/grsecurity/Kconfig | |
20119 | --- linux-2.6.19.1/grsecurity/Kconfig 1969-12-31 19:00:00.000000000 -0500 | |
20120 | +++ linux-2.6.19.1/grsecurity/Kconfig 2006-12-03 15:16:32.000000000 -0500 | |
20121 | @@ -0,0 +1,888 @@ | |
20122 | +# | |
20123 | +# grecurity configuration | |
20124 | +# | |
20125 | + | |
20126 | +menu "Grsecurity" | |
20127 | + | |
20128 | +config GRKERNSEC | |
20129 | + bool "Grsecurity" | |
20130 | + select CRYPTO | |
20131 | + select CRYPTO_SHA256 | |
20132 | + help | |
20133 | + If you say Y here, you will be able to configure many features | |
20134 | + that will enhance the security of your system. It is highly | |
20135 | + recommended that you say Y here and read through the help | |
20136 | + for each option so that you fully understand the features and | |
20137 | + can evaluate their usefulness for your machine. | |
20138 | + | |
20139 | +choice | |
20140 | + prompt "Security Level" | |
20141 | + depends GRKERNSEC | |
20142 | + default GRKERNSEC_CUSTOM | |
20143 | + | |
20144 | +config GRKERNSEC_LOW | |
20145 | + bool "Low" | |
20146 | + select GRKERNSEC_LINK | |
20147 | + select GRKERNSEC_FIFO | |
20148 | + select GRKERNSEC_RANDPID | |
20149 | + select GRKERNSEC_EXECVE | |
20150 | + select GRKERNSEC_RANDNET | |
20151 | + select GRKERNSEC_DMESG | |
20152 | + select GRKERNSEC_CHROOT_CHDIR | |
20153 | + select GRKERNSEC_MODSTOP if (MODULES) | |
20154 | + | |
20155 | + help | |
20156 | + If you choose this option, several of the grsecurity options will | |
20157 | + be enabled that will give you greater protection against a number | |
20158 | + of attacks, while assuring that none of your software will have any | |
20159 | + conflicts with the additional security measures. If you run a lot | |
20160 | + of unusual software, or you are having problems with the higher | |
20161 | + security levels, you should say Y here. With this option, the | |
20162 | + following features are enabled: | |
20163 | + | |
20164 | + - Linking restrictions | |
20165 | + - FIFO restrictions | |
20166 | + - Randomized PIDs | |
20167 | + - Enforcing RLIMIT_NPROC on execve | |
20168 | + - Restricted dmesg | |
20169 | + - Enforced chdir("/") on chroot | |
20170 | + - Runtime module disabling | |
20171 | + | |
20172 | +config GRKERNSEC_MEDIUM | |
20173 | + bool "Medium" | |
20174 | + select PAX | |
20175 | + select PAX_EI_PAX | |
20176 | + select PAX_PT_PAX_FLAGS | |
20177 | + select PAX_HAVE_ACL_FLAGS | |
20178 | + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) | |
20179 | + select GRKERNSEC_CHROOT_SYSCTL | |
20180 | + select GRKERNSEC_LINK | |
20181 | + select GRKERNSEC_FIFO | |
20182 | + select GRKERNSEC_RANDPID | |
20183 | + select GRKERNSEC_EXECVE | |
20184 | + select GRKERNSEC_DMESG | |
20185 | + select GRKERNSEC_RANDNET | |
20186 | + select GRKERNSEC_FORKFAIL | |
20187 | + select GRKERNSEC_TIME | |
20188 | + select GRKERNSEC_SIGNAL | |
20189 | + select GRKERNSEC_CHROOT | |
20190 | + select GRKERNSEC_CHROOT_UNIX | |
20191 | + select GRKERNSEC_CHROOT_MOUNT | |
20192 | + select GRKERNSEC_CHROOT_PIVOT | |
20193 | + select GRKERNSEC_CHROOT_DOUBLE | |
20194 | + select GRKERNSEC_CHROOT_CHDIR | |
20195 | + select GRKERNSEC_CHROOT_MKNOD | |
20196 | + select GRKERNSEC_PROC | |
20197 | + select GRKERNSEC_PROC_USERGROUP | |
20198 | + select GRKERNSEC_MODSTOP if (MODULES) | |
20199 | + select PAX_RANDUSTACK | |
20200 | + select PAX_ASLR | |
20201 | + select PAX_RANDMMAP | |
20202 | + | |
20203 | + help | |
20204 | + If you say Y here, several features in addition to those included | |
20205 | + in the low additional security level will be enabled. These | |
20206 | + features provide even more security to your system, though in rare | |
20207 | + cases they may be incompatible with very old or poorly written | |
20208 | + software. If you enable this option, make sure that your auth | |
20209 | + service (identd) is running as gid 1001. With this option, | |
20210 | + the following features (in addition to those provided in the | |
20211 | + low additional security level) will be enabled: | |
20212 | + | |
20213 | + - Randomized TCP source ports | |
20214 | + - Failed fork logging | |
20215 | + - Time change logging | |
20216 | + - Signal logging | |
20217 | + - Deny mounts in chroot | |
20218 | + - Deny double chrooting | |
20219 | + - Deny sysctl writes in chroot | |
20220 | + - Deny mknod in chroot | |
20221 | + - Deny access to abstract AF_UNIX sockets out of chroot | |
20222 | + - Deny pivot_root in chroot | |
20223 | + - Denied writes of /dev/kmem, /dev/mem, and /dev/port | |
20224 | + - /proc restrictions with special GID set to 10 (usually wheel) | |
20225 | + - Address Space Layout Randomization (ASLR) | |
20226 | + | |
20227 | +config GRKERNSEC_HIGH | |
20228 | + bool "High" | |
20229 | + select GRKERNSEC_LINK | |
20230 | + select GRKERNSEC_FIFO | |
20231 | + select GRKERNSEC_RANDPID | |
20232 | + select GRKERNSEC_EXECVE | |
20233 | + select GRKERNSEC_DMESG | |
20234 | + select GRKERNSEC_FORKFAIL | |
20235 | + select GRKERNSEC_TIME | |
20236 | + select GRKERNSEC_SIGNAL | |
20237 | + select GRKERNSEC_CHROOT_SHMAT | |
20238 | + select GRKERNSEC_CHROOT_UNIX | |
20239 | + select GRKERNSEC_CHROOT_MOUNT | |
20240 | + select GRKERNSEC_CHROOT_FCHDIR | |
20241 | + select GRKERNSEC_CHROOT_PIVOT | |
20242 | + select GRKERNSEC_CHROOT_DOUBLE | |
20243 | + select GRKERNSEC_CHROOT_CHDIR | |
20244 | + select GRKERNSEC_CHROOT_MKNOD | |
20245 | + select GRKERNSEC_CHROOT_CAPS | |
20246 | + select GRKERNSEC_CHROOT_SYSCTL | |
20247 | + select GRKERNSEC_CHROOT_FINDTASK | |
20248 | + select GRKERNSEC_PROC | |
20249 | + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) | |
20250 | + select GRKERNSEC_HIDESYM | |
20251 | + select GRKERNSEC_BRUTE | |
20252 | + select GRKERNSEC_SHM if (SYSVIPC) | |
20253 | + select GRKERNSEC_PROC_USERGROUP | |
20254 | + select GRKERNSEC_KMEM | |
20255 | + select GRKERNSEC_RESLOG | |
20256 | + select GRKERNSEC_RANDNET | |
20257 | + select GRKERNSEC_PROC_ADD | |
20258 | + select GRKERNSEC_CHROOT_CHMOD | |
20259 | + select GRKERNSEC_CHROOT_NICE | |
20260 | + select GRKERNSEC_AUDIT_MOUNT | |
20261 | + select GRKERNSEC_MODSTOP if (MODULES) | |
20262 | + select PAX | |
20263 | + select PAX_RANDUSTACK | |
20264 | + select PAX_ASLR | |
20265 | + select PAX_RANDMMAP | |
20266 | + select PAX_NOEXEC | |
20267 | + select PAX_MPROTECT | |
20268 | + select PAX_EI_PAX | |
20269 | + select PAX_PT_PAX_FLAGS | |
20270 | + select PAX_HAVE_ACL_FLAGS | |
20271 | + select PAX_KERNEXEC if (!X86_64 && !MODULES && !HOTPLUG_PCI_COMPAQ_NVRAM && !PCI_BIOS) | |
20272 | + select PAX_RANDKSTACK if (X86_TSC && !X86_64) | |
20273 | + select PAX_SEGMEXEC if (X86 && !X86_64) | |
20274 | + select PAX_PAGEEXEC if (!X86) | |
20275 | + select PAX_EMUPLT if (ALPHA || PARISC || PPC32 || SPARC32 || SPARC64) | |
20276 | + select PAX_DLRESOLVE if (SPARC32 || SPARC64) | |
20277 | + select PAX_SYSCALL if (PPC32) | |
20278 | + select PAX_EMUTRAMP if (PARISC) | |
20279 | + select PAX_EMUSIGRT if (PARISC) | |
20280 | + select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC) | |
20281 | + help | |
20282 | + If you say Y here, many of the features of grsecurity will be | |
20283 | + enabled, which will protect you against many kinds of attacks | |
20284 | + against your system. The heightened security comes at a cost | |
20285 | + of an increased chance of incompatibilities with rare software | |
20286 | + on your machine. Since this security level enables PaX, you should | |
20287 | + view <http://pax.grsecurity.net> and read about the PaX | |
20288 | + project. While you are there, download chpax and run it on | |
20289 | + binaries that cause problems with PaX. Also remember that | |
20290 | + since the /proc restrictions are enabled, you must run your | |
20291 | + identd as gid 1001. This security level enables the following | |
20292 | + features in addition to those listed in the low and medium | |
20293 | + security levels: | |
20294 | + | |
20295 | + - Additional /proc restrictions | |
20296 | + - Chmod restrictions in chroot | |
20297 | + - No signals, ptrace, or viewing of processes outside of chroot | |
20298 | + - Capability restrictions in chroot | |
20299 | + - Deny fchdir out of chroot | |
20300 | + - Priority restrictions in chroot | |
20301 | + - Segmentation-based implementation of PaX | |
20302 | + - Mprotect restrictions | |
20303 | + - Removal of addresses from /proc/<pid>/[smaps|maps|stat] | |
20304 | + - Kernel stack randomization | |
20305 | + - Mount/unmount/remount logging | |
20306 | + - Kernel symbol hiding | |
20307 | + - Destroy unused shared memory | |
20308 | + - Prevention of memory exhaustion-based exploits | |
20309 | +config GRKERNSEC_CUSTOM | |
20310 | + bool "Custom" | |
20311 | + help | |
20312 | + If you say Y here, you will be able to configure every grsecurity | |
20313 | + option, which allows you to enable many more features that aren't | |
20314 | + covered in the basic security levels. These additional features | |
20315 | + include TPE, socket restrictions, and the sysctl system for | |
20316 | + grsecurity. It is advised that you read through the help for | |
20317 | + each option to determine its usefulness in your situation. | |
20318 | + | |
20319 | +endchoice | |
20320 | + | |
20321 | +menu "Address Space Protection" | |
20322 | +depends on GRKERNSEC | |
20323 | + | |
20324 | +config GRKERNSEC_KMEM | |
20325 | + bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port" | |
20326 | + help | |
20327 | + If you say Y here, /dev/kmem and /dev/mem won't be allowed to | |
20328 | + be written to via mmap or otherwise to modify the running kernel. | |
20329 | + /dev/port will also not be allowed to be opened. If you have module | |
20330 | + support disabled, enabling this will close up four ways that are | |
20331 | + currently used to insert malicious code into the running kernel. | |
20332 | + Even with all these features enabled, we still highly recommend that | |
20333 | + you use the RBAC system, as it is still possible for an attacker to | |
20334 | + modify the running kernel through privileged I/O granted by ioperm/iopl. | |
20335 | + If you are not using XFree86, you may be able to stop this additional | |
20336 | + case by enabling the 'Disable privileged I/O' option. Though nothing | |
20337 | + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem, | |
20338 | + but only to video memory, which is the only writing we allow in this | |
20339 | + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will | |
20340 | + not be allowed to mprotect it with PROT_WRITE later. | |
20341 | + It is highly recommended that you say Y here if you meet all the | |
20342 | + conditions above. | |
20343 | + | |
20344 | +config GRKERNSEC_IO | |
20345 | + bool "Disable privileged I/O" | |
20346 | + depends on X86 | |
20347 | + select RTC | |
20348 | + help | |
20349 | + If you say Y here, all ioperm and iopl calls will return an error. | |
20350 | + Ioperm and iopl can be used to modify the running kernel. | |
20351 | + Unfortunately, some programs need this access to operate properly, | |
20352 | + the most notable of which are XFree86 and hwclock. hwclock can be | |
20353 | + remedied by having RTC support in the kernel, so CONFIG_RTC is | |
20354 | + enabled if this option is enabled, to ensure that hwclock operates | |
20355 | + correctly. XFree86 still will not operate correctly with this option | |
20356 | + enabled, so DO NOT CHOOSE Y IF YOU USE XFree86. If you use XFree86 | |
20357 | + and you still want to protect your kernel against modification, | |
20358 | + use the RBAC system. | |
20359 | + | |
20360 | +config GRKERNSEC_PROC_MEMMAP | |
20361 | + bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]" | |
20362 | + depends on PAX_NOEXEC || PAX_ASLR | |
20363 | + help | |
20364 | + If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will | |
20365 | + give no information about the addresses of its mappings if | |
20366 | + PaX features that rely on random addresses are enabled on the task. | |
20367 | + If you use PaX it is greatly recommended that you say Y here as it | |
20368 | + closes up a hole that makes the full ASLR useless for suid | |
20369 | + binaries. | |
20370 | + | |
20371 | +config GRKERNSEC_BRUTE | |
20372 | + bool "Deter exploit bruteforcing" | |
20373 | + help | |
20374 | + If you say Y here, attempts to bruteforce exploits against forking | |
20375 | + daemons such as apache or sshd will be deterred. When a child of a | |
20376 | + forking daemon is killed by PaX or crashes due to an illegal | |
20377 | + instruction, the parent process will be delayed 30 seconds upon every | |
20378 | + subsequent fork until the administrator is able to assess the | |
20379 | + situation and restart the daemon. It is recommended that you also | |
20380 | + enable signal logging in the auditing section so that logs are | |
20381 | + generated when a process performs an illegal instruction. | |
20382 | + | |
20383 | +config GRKERNSEC_MODSTOP | |
20384 | + bool "Runtime module disabling" | |
20385 | + depends on MODULES | |
20386 | + help | |
20387 | + If you say Y here, you will be able to disable the ability to (un)load | |
20388 | + modules at runtime. This feature is useful if you need the ability | |
20389 | + to load kernel modules at boot time, but do not want to allow an | |
20390 | + attacker to load a rootkit kernel module into the system, or to remove | |
20391 | + a loaded kernel module important to system functioning. You should | |
20392 | + enable the /dev/mem protection feature as well, since rootkits can be | |
20393 | + inserted into the kernel via other methods than kernel modules. Since | |
20394 | + an untrusted module could still be loaded by modifying init scripts and | |
20395 | + rebooting the system, it is also recommended that you enable the RBAC | |
20396 | + system. If you enable this option, a sysctl option with name | |
20397 | + "disable_modules" will be created. Setting this option to "1" disables | |
20398 | + module loading. After this option is set, no further writes to it are | |
20399 | + allowed until the system is rebooted. | |
20400 | + | |
20401 | +config GRKERNSEC_HIDESYM | |
20402 | + bool "Hide kernel symbols" | |
20403 | + help | |
20404 | + If you say Y here, getting information on loaded modules, and | |
20405 | + displaying all kernel symbols through a syscall will be restricted | |
20406 | + to users with CAP_SYS_MODULE. This option is only effective | |
20407 | + provided the following conditions are met: | |
20408 | + 1) The kernel using grsecurity is not precompiled by some distribution | |
20409 | + 2) You are using the RBAC system and hiding other files such as your | |
20410 | + kernel image and System.map | |
20411 | + 3) You have the additional /proc restrictions enabled, which removes | |
20412 | + /proc/kcore | |
20413 | + If the above conditions are met, this option will aid to provide a | |
20414 | + useful protection against local and remote kernel exploitation of | |
20415 | + overflows and arbitrary read/write vulnerabilities. | |
20416 | + | |
20417 | +endmenu | |
20418 | +menu "Role Based Access Control Options" | |
20419 | +depends on GRKERNSEC | |
20420 | + | |
20421 | +config GRKERNSEC_ACL_HIDEKERN | |
20422 | + bool "Hide kernel processes" | |
20423 | + help | |
20424 | + If you say Y here, all kernel threads will be hidden to all | |
20425 | + processes but those whose subject has the "view hidden processes" | |
20426 | + flag. | |
20427 | + | |
20428 | +config GRKERNSEC_ACL_MAXTRIES | |
20429 | + int "Maximum tries before password lockout" | |
20430 | + default 3 | |
20431 | + help | |
20432 | + This option enforces the maximum number of times a user can attempt | |
20433 | + to authorize themselves with the grsecurity RBAC system before being | |
20434 | + denied the ability to attempt authorization again for a specified time. | |
20435 | + The lower the number, the harder it will be to brute-force a password. | |
20436 | + | |
20437 | +config GRKERNSEC_ACL_TIMEOUT | |
20438 | + int "Time to wait after max password tries, in seconds" | |
20439 | + default 30 | |
20440 | + help | |
20441 | + This option specifies the time the user must wait after attempting to | |
20442 | + authorize to the RBAC system with the maximum number of invalid | |
20443 | + passwords. The higher the number, the harder it will be to brute-force | |
20444 | + a password. | |
20445 | + | |
20446 | +endmenu | |
20447 | +menu "Filesystem Protections" | |
20448 | +depends on GRKERNSEC | |
20449 | + | |
20450 | +config GRKERNSEC_PROC | |
20451 | + bool "Proc restrictions" | |
20452 | + help | |
20453 | + If you say Y here, the permissions of the /proc filesystem | |
20454 | + will be altered to enhance system security and privacy. You MUST | |
20455 | + choose either a user only restriction or a user and group restriction. | |
20456 | + Depending upon the option you choose, you can either restrict users to | |
20457 | + see only the processes they themselves run, or choose a group that can | |
20458 | + view all processes and files normally restricted to root if you choose | |
20459 | + the "restrict to user only" option. NOTE: If you're running identd as | |
20460 | + a non-root user, you will have to run it as the group you specify here. | |
20461 | + | |
20462 | +config GRKERNSEC_PROC_USER | |
20463 | + bool "Restrict /proc to user only" | |
20464 | + depends on GRKERNSEC_PROC | |
20465 | + help | |
20466 | + If you say Y here, non-root users will only be able to view their own | |
20467 | + processes, and restricts them from viewing network-related information, | |
20468 | + and viewing kernel symbol and module information. | |
20469 | + | |
20470 | +config GRKERNSEC_PROC_USERGROUP | |
20471 | + bool "Allow special group" | |
20472 | + depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER | |
20473 | + help | |
20474 | + If you say Y here, you will be able to select a group that will be | |
20475 | + able to view all processes, network-related information, and | |
20476 | + kernel and symbol information. This option is useful if you want | |
20477 | + to run identd as a non-root user. | |
20478 | + | |
20479 | +config GRKERNSEC_PROC_GID | |
20480 | + int "GID for special group" | |
20481 | + depends on GRKERNSEC_PROC_USERGROUP | |
20482 | + default 1001 | |
20483 | + | |
20484 | +config GRKERNSEC_PROC_ADD | |
20485 | + bool "Additional restrictions" | |
20486 | + depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP | |
20487 | + help | |
20488 | + If you say Y here, additional restrictions will be placed on | |
20489 | + /proc that keep normal users from viewing device information and | |
20490 | + slabinfo information that could be useful for exploits. | |
20491 | + | |
20492 | +config GRKERNSEC_LINK | |
20493 | + bool "Linking restrictions" | |
20494 | + help | |
20495 | + If you say Y here, /tmp race exploits will be prevented, since users | |
20496 | + will no longer be able to follow symlinks owned by other users in | |
20497 | + world-writable +t directories (i.e. /tmp), unless the owner of the | |
20498 | + symlink is the owner of the directory. users will also not be | |
20499 | + able to hardlink to files they do not own. If the sysctl option is | |
20500 | + enabled, a sysctl option with name "linking_restrictions" is created. | |
20501 | + | |
20502 | +config GRKERNSEC_FIFO | |
20503 | + bool "FIFO restrictions" | |
20504 | + help | |
20505 | + If you say Y here, users will not be able to write to FIFOs they don't | |
20506 | + own in world-writable +t directories (i.e. /tmp), unless the owner of | |
20507 | + the FIFO is the same owner of the directory it's held in. If the sysctl | |
20508 | + option is enabled, a sysctl option with name "fifo_restrictions" is | |
20509 | + created. | |
20510 | + | |
20511 | +config GRKERNSEC_CHROOT | |
20512 | + bool "Chroot jail restrictions" | |
20513 | + help | |
20514 | + If you say Y here, you will be able to choose several options that will | |
20515 | + make breaking out of a chrooted jail much more difficult. If you | |
20516 | + encounter no software incompatibilities with the following options, it | |
20517 | + is recommended that you enable each one. | |
20518 | + | |
20519 | +config GRKERNSEC_CHROOT_MOUNT | |
20520 | + bool "Deny mounts" | |
20521 | + depends on GRKERNSEC_CHROOT | |
20522 | + help | |
20523 | + If you say Y here, processes inside a chroot will not be able to | |
20524 | + mount or remount filesystems. If the sysctl option is enabled, a | |
20525 | + sysctl option with name "chroot_deny_mount" is created. | |
20526 | + | |
20527 | +config GRKERNSEC_CHROOT_DOUBLE | |
20528 | + bool "Deny double-chroots" | |
20529 | + depends on GRKERNSEC_CHROOT | |
20530 | + help | |
20531 | + If you say Y here, processes inside a chroot will not be able to chroot | |
20532 | + again outside the chroot. This is a widely used method of breaking | |
20533 | + out of a chroot jail and should not be allowed. If the sysctl | |
20534 | + option is enabled, a sysctl option with name | |
20535 | + "chroot_deny_chroot" is created. | |
20536 | + | |
20537 | +config GRKERNSEC_CHROOT_PIVOT | |
20538 | + bool "Deny pivot_root in chroot" | |
20539 | + depends on GRKERNSEC_CHROOT | |
20540 | + help | |
20541 | + If you say Y here, processes inside a chroot will not be able to use | |
20542 | + a function called pivot_root() that was introduced in Linux 2.3.41. It | |
20543 | + works similar to chroot in that it changes the root filesystem. This | |
20544 | + function could be misused in a chrooted process to attempt to break out | |
20545 | + of the chroot, and therefore should not be allowed. If the sysctl | |
20546 | + option is enabled, a sysctl option with name "chroot_deny_pivot" is | |
20547 | + created. | |
20548 | + | |
20549 | +config GRKERNSEC_CHROOT_CHDIR | |
20550 | + bool "Enforce chdir(\"/\") on all chroots" | |
20551 | + depends on GRKERNSEC_CHROOT | |
20552 | + help | |
20553 | + If you say Y here, the current working directory of all newly-chrooted | |
20554 | + applications will be set to the the root directory of the chroot. | |
20555 | + The man page on chroot(2) states: | |
20556 | + Note that this call does not change the current working | |
20557 | + directory, so that `.' can be outside the tree rooted at | |
20558 | + `/'. In particular, the super-user can escape from a | |
20559 | + `chroot jail' by doing `mkdir foo; chroot foo; cd ..'. | |
20560 | + | |
20561 | + It is recommended that you say Y here, since it's not known to break | |
20562 | + any software. If the sysctl option is enabled, a sysctl option with | |
20563 | + name "chroot_enforce_chdir" is created. | |
20564 | + | |
20565 | +config GRKERNSEC_CHROOT_CHMOD | |
20566 | + bool "Deny (f)chmod +s" | |
20567 | + depends on GRKERNSEC_CHROOT | |
20568 | + help | |
20569 | + If you say Y here, processes inside a chroot will not be able to chmod | |
20570 | + or fchmod files to make them have suid or sgid bits. This protects | |
20571 | + against another published method of breaking a chroot. If the sysctl | |
20572 | + option is enabled, a sysctl option with name "chroot_deny_chmod" is | |
20573 | + created. | |
20574 | + | |
20575 | +config GRKERNSEC_CHROOT_FCHDIR | |
20576 | + bool "Deny fchdir out of chroot" | |
20577 | + depends on GRKERNSEC_CHROOT | |
20578 | + help | |
20579 | + If you say Y here, a well-known method of breaking chroots by fchdir'ing | |
20580 | + to a file descriptor of the chrooting process that points to a directory | |
20581 | + outside the filesystem will be stopped. If the sysctl option | |
20582 | + is enabled, a sysctl option with name "chroot_deny_fchdir" is created. | |
20583 | + | |
20584 | +config GRKERNSEC_CHROOT_MKNOD | |
20585 | + bool "Deny mknod" | |
20586 | + depends on GRKERNSEC_CHROOT | |
20587 | + help | |
20588 | + If you say Y here, processes inside a chroot will not be allowed to | |
20589 | + mknod. The problem with using mknod inside a chroot is that it | |
20590 | + would allow an attacker to create a device entry that is the same | |
20591 | + as one on the physical root of your system, which could range from | |
20592 | + anything from the console device to a device for your harddrive (which | |
20593 | + they could then use to wipe the drive or steal data). It is recommended | |
20594 | + that you say Y here, unless you run into software incompatibilities. | |
20595 | + If the sysctl option is enabled, a sysctl option with name | |
20596 | + "chroot_deny_mknod" is created. | |
20597 | + | |
20598 | +config GRKERNSEC_CHROOT_SHMAT | |
20599 | + bool "Deny shmat() out of chroot" | |
20600 | + depends on GRKERNSEC_CHROOT | |
20601 | + help | |
20602 | + If you say Y here, processes inside a chroot will not be able to attach | |
20603 | + to shared memory segments that were created outside of the chroot jail. | |
20604 | + It is recommended that you say Y here. If the sysctl option is enabled, | |
20605 | + a sysctl option with name "chroot_deny_shmat" is created. | |
20606 | + | |
20607 | +config GRKERNSEC_CHROOT_UNIX | |
20608 | + bool "Deny access to abstract AF_UNIX sockets out of chroot" | |
20609 | + depends on GRKERNSEC_CHROOT | |
20610 | + help | |
20611 | + If you say Y here, processes inside a chroot will not be able to | |
20612 | + connect to abstract (meaning not belonging to a filesystem) Unix | |
20613 | + domain sockets that were bound outside of a chroot. It is recommended | |
20614 | + that you say Y here. If the sysctl option is enabled, a sysctl option | |
20615 | + with name "chroot_deny_unix" is created. | |
20616 | + | |
20617 | +config GRKERNSEC_CHROOT_FINDTASK | |
20618 | + bool "Protect outside processes" | |
20619 | + depends on GRKERNSEC_CHROOT | |
20620 | + help | |
20621 | + If you say Y here, processes inside a chroot will not be able to | |
20622 | + kill, send signals with fcntl, ptrace, capget, setpgid, getpgid, | |
20623 | + getsid, or view any process outside of the chroot. If the sysctl | |
20624 | + option is enabled, a sysctl option with name "chroot_findtask" is | |
20625 | + created. | |
20626 | + | |
20627 | +config GRKERNSEC_CHROOT_NICE | |
20628 | + bool "Restrict priority changes" | |
20629 | + depends on GRKERNSEC_CHROOT | |
20630 | + help | |
20631 | + If you say Y here, processes inside a chroot will not be able to raise | |
20632 | + the priority of processes in the chroot, or alter the priority of | |
20633 | + processes outside the chroot. This provides more security than simply | |
20634 | + removing CAP_SYS_NICE from the process' capability set. If the | |
20635 | + sysctl option is enabled, a sysctl option with name "chroot_restrict_nice" | |
20636 | + is created. | |
20637 | + | |
20638 | +config GRKERNSEC_CHROOT_SYSCTL | |
20639 | + bool "Deny sysctl writes" | |
20640 | + depends on GRKERNSEC_CHROOT | |
20641 | + help | |
20642 | + If you say Y here, an attacker in a chroot will not be able to | |
20643 | + write to sysctl entries, either by sysctl(2) or through a /proc | |
20644 | + interface. It is strongly recommended that you say Y here. If the | |
20645 | + sysctl option is enabled, a sysctl option with name | |
20646 | + "chroot_deny_sysctl" is created. | |
20647 | + | |
20648 | +config GRKERNSEC_CHROOT_CAPS | |
20649 | + bool "Capability restrictions" | |
20650 | + depends on GRKERNSEC_CHROOT | |
20651 | + help | |
20652 | + If you say Y here, the capabilities on all root processes within a | |
20653 | + chroot jail will be lowered to stop module insertion, raw i/o, | |
20654 | + system and net admin tasks, rebooting the system, modifying immutable | |
20655 | + files, modifying IPC owned by another, and changing the system time. | |
20656 | + This is left an option because it can break some apps. Disable this | |
20657 | + if your chrooted apps are having problems performing those kinds of | |
20658 | + tasks. If the sysctl option is enabled, a sysctl option with | |
20659 | + name "chroot_caps" is created. | |
20660 | + | |
20661 | +endmenu | |
20662 | +menu "Kernel Auditing" | |
20663 | +depends on GRKERNSEC | |
20664 | + | |
20665 | +config GRKERNSEC_AUDIT_GROUP | |
20666 | + bool "Single group for auditing" | |
20667 | + help | |
20668 | + If you say Y here, the exec, chdir, (un)mount, and ipc logging features | |
20669 | + will only operate on a group you specify. This option is recommended | |
20670 | + if you only want to watch certain users instead of having a large | |
20671 | + amount of logs from the entire system. If the sysctl option is enabled, | |
20672 | + a sysctl option with name "audit_group" is created. | |
20673 | + | |
20674 | +config GRKERNSEC_AUDIT_GID | |
20675 | + int "GID for auditing" | |
20676 | + depends on GRKERNSEC_AUDIT_GROUP | |
20677 | + default 1007 | |
20678 | + | |
20679 | +config GRKERNSEC_EXECLOG | |
20680 | + bool "Exec logging" | |
20681 | + help | |
20682 | + If you say Y here, all execve() calls will be logged (since the | |
20683 | + other exec*() calls are frontends to execve(), all execution | |
20684 | + will be logged). Useful for shell-servers that like to keep track | |
20685 | + of their users. If the sysctl option is enabled, a sysctl option with | |
20686 | + name "exec_logging" is created. | |
20687 | + WARNING: This option when enabled will produce a LOT of logs, especially | |
20688 | + on an active system. | |
20689 | + | |
20690 | +config GRKERNSEC_RESLOG | |
20691 | + bool "Resource logging" | |
20692 | + help | |
20693 | + If you say Y here, all attempts to overstep resource limits will | |
20694 | + be logged with the resource name, the requested size, and the current | |
20695 | + limit. It is highly recommended that you say Y here. If the sysctl | |
20696 | + option is enabled, a sysctl option with name "resource_logging" is | |
20697 | + created. If the RBAC system is enabled, the sysctl value is ignored. | |
20698 | + | |
20699 | +config GRKERNSEC_CHROOT_EXECLOG | |
20700 | + bool "Log execs within chroot" | |
20701 | + help | |
20702 | + If you say Y here, all executions inside a chroot jail will be logged | |
20703 | + to syslog. This can cause a large amount of logs if certain | |
20704 | + applications (eg. djb's daemontools) are installed on the system, and | |
20705 | + is therefore left as an option. If the sysctl option is enabled, a | |
20706 | + sysctl option with name "chroot_execlog" is created. | |
20707 | + | |
20708 | +config GRKERNSEC_AUDIT_CHDIR | |
20709 | + bool "Chdir logging" | |
20710 | + help | |
20711 | + If you say Y here, all chdir() calls will be logged. If the sysctl | |
20712 | + option is enabled, a sysctl option with name "audit_chdir" is created. | |
20713 | + | |
20714 | +config GRKERNSEC_AUDIT_MOUNT | |
20715 | + bool "(Un)Mount logging" | |
20716 | + help | |
20717 | + If you say Y here, all mounts and unmounts will be logged. If the | |
20718 | + sysctl option is enabled, a sysctl option with name "audit_mount" is | |
20719 | + created. | |
20720 | + | |
20721 | +config GRKERNSEC_AUDIT_IPC | |
20722 | + bool "IPC logging" | |
20723 | + help | |
20724 | + If you say Y here, creation and removal of message queues, semaphores, | |
20725 | + and shared memory will be logged. If the sysctl option is enabled, a | |
20726 | + sysctl option with name "audit_ipc" is created. | |
20727 | + | |
20728 | +config GRKERNSEC_SIGNAL | |
20729 | + bool "Signal logging" | |
20730 | + help | |
20731 | + If you say Y here, certain important signals will be logged, such as | |
20732 | + SIGSEGV, which will as a result inform you of when a error in a program | |
20733 | + occurred, which in some cases could mean a possible exploit attempt. | |
20734 | + If the sysctl option is enabled, a sysctl option with name | |
20735 | + "signal_logging" is created. | |
20736 | + | |
20737 | +config GRKERNSEC_FORKFAIL | |
20738 | + bool "Fork failure logging" | |
20739 | + help | |
20740 | + If you say Y here, all failed fork() attempts will be logged. | |
20741 | + This could suggest a fork bomb, or someone attempting to overstep | |
20742 | + their process limit. If the sysctl option is enabled, a sysctl option | |
20743 | + with name "forkfail_logging" is created. | |
20744 | + | |
20745 | +config GRKERNSEC_TIME | |
20746 | + bool "Time change logging" | |
20747 | + help | |
20748 | + If you say Y here, any changes of the system clock will be logged. | |
20749 | + If the sysctl option is enabled, a sysctl option with name | |
20750 | + "timechange_logging" is created. | |
20751 | + | |
20752 | +config GRKERNSEC_PROC_IPADDR | |
20753 | + bool "/proc/<pid>/ipaddr support" | |
20754 | + help | |
20755 | + If you say Y here, a new entry will be added to each /proc/<pid> | |
20756 | + directory that contains the IP address of the person using the task. | |
20757 | + The IP is carried across local TCP and AF_UNIX stream sockets. | |
20758 | + This information can be useful for IDS/IPSes to perform remote response | |
20759 | + to a local attack. The entry is readable by only the owner of the | |
20760 | + process (and root if he has CAP_DAC_OVERRIDE, which can be removed via | |
20761 | + the RBAC system), and thus does not create privacy concerns. | |
20762 | + | |
20763 | +config GRKERNSEC_AUDIT_TEXTREL | |
20764 | + bool 'ELF text relocations logging (READ HELP)' | |
20765 | + depends on PAX_MPROTECT | |
20766 | + help | |
20767 | + If you say Y here, text relocations will be logged with the filename | |
20768 | + of the offending library or binary. The purpose of the feature is | |
20769 | + to help Linux distribution developers get rid of libraries and | |
20770 | + binaries that need text relocations which hinder the future progress | |
20771 | + of PaX. Only Linux distribution developers should say Y here, and | |
20772 | + never on a production machine, as this option creates an information | |
20773 | + leak that could aid an attacker in defeating the randomization of | |
20774 | + a single memory region. If the sysctl option is enabled, a sysctl | |
20775 | + option with name "audit_textrel" is created. | |
20776 | + | |
20777 | +endmenu | |
20778 | + | |
20779 | +menu "Executable Protections" | |
20780 | +depends on GRKERNSEC | |
20781 | + | |
20782 | +config GRKERNSEC_EXECVE | |
20783 | + bool "Enforce RLIMIT_NPROC on execs" | |
20784 | + help | |
20785 | + If you say Y here, users with a resource limit on processes will | |
20786 | + have the value checked during execve() calls. The current system | |
20787 | + only checks the system limit during fork() calls. If the sysctl option | |
20788 | + is enabled, a sysctl option with name "execve_limiting" is created. | |
20789 | + | |
20790 | +config GRKERNSEC_SHM | |
20791 | + bool "Destroy unused shared memory" | |
20792 | + depends on SYSVIPC | |
20793 | + help | |
20794 | + If you say Y here, shared memory will be destroyed when no one is | |
20795 | + attached to it. Otherwise, resources involved with the shared | |
20796 | + memory can be used up and not be associated with any process (as the | |
20797 | + shared memory still exists, and the creating process has exited). If | |
20798 | + the sysctl option is enabled, a sysctl option with name | |
20799 | + "destroy_unused_shm" is created. | |
20800 | + | |
20801 | +config GRKERNSEC_DMESG | |
20802 | + bool "Dmesg(8) restriction" | |
20803 | + help | |
20804 | + If you say Y here, non-root users will not be able to use dmesg(8) | |
20805 | + to view up to the last 4kb of messages in the kernel's log buffer. | |
20806 | + If the sysctl option is enabled, a sysctl option with name "dmesg" is | |
20807 | + created. | |
20808 | + | |
20809 | +config GRKERNSEC_RANDPID | |
20810 | + bool "Randomized PIDs" | |
20811 | + help | |
20812 | + If you say Y here, all PIDs created on the system will be | |
20813 | + pseudo-randomly generated. This is extremely effective along | |
20814 | + with the /proc restrictions to disallow an attacker from guessing | |
20815 | + pids of daemons, etc. PIDs are also used in some cases as part | |
20816 | + of a naming system for temporary files, so this option would keep | |
20817 | + those filenames from being predicted as well. We also use code | |
20818 | + to make sure that PID numbers aren't reused too soon. If the sysctl | |
20819 | + option is enabled, a sysctl option with name "rand_pids" is created. | |
20820 | + | |
20821 | +config GRKERNSEC_TPE | |
20822 | + bool "Trusted Path Execution (TPE)" | |
20823 | + help | |
20824 | + If you say Y here, you will be able to choose a gid to add to the | |
20825 | + supplementary groups of users you want to mark as "untrusted." | |
20826 | + These users will not be able to execute any files that are not in | |
20827 | + root-owned directories writable only by root. If the sysctl option | |
20828 | + is enabled, a sysctl option with name "tpe" is created. | |
20829 | + | |
20830 | +config GRKERNSEC_TPE_ALL | |
20831 | + bool "Partially restrict non-root users" | |
20832 | + depends on GRKERNSEC_TPE | |
20833 | + help | |
20834 | + If you say Y here, All non-root users other than the ones in the | |
20835 | + group specified in the main TPE option will only be allowed to | |
20836 | + execute files in directories they own that are not group or | |
20837 | + world-writable, or in directories owned by root and writable only by | |
20838 | + root. If the sysctl option is enabled, a sysctl option with name | |
20839 | + "tpe_restrict_all" is created. | |
20840 | + | |
20841 | +config GRKERNSEC_TPE_INVERT | |
20842 | + bool "Invert GID option" | |
20843 | + depends on GRKERNSEC_TPE | |
20844 | + help | |
20845 | + If you say Y here, the group you specify in the TPE configuration will | |
20846 | + decide what group TPE restrictions will be *disabled* for. This | |
20847 | + option is useful if you want TPE restrictions to be applied to most | |
20848 | + users on the system. | |
20849 | + | |
20850 | +config GRKERNSEC_TPE_GID | |
20851 | + int "GID for untrusted users" | |
20852 | + depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT | |
20853 | + default 1005 | |
20854 | + help | |
20855 | + If you have selected the "Invert GID option" above, setting this | |
20856 | + GID determines what group TPE restrictions will be *disabled* for. | |
20857 | + If you have not selected the "Invert GID option" above, setting this | |
20858 | + GID determines what group TPE restrictions will be *enabled* for. | |
20859 | + If the sysctl option is enabled, a sysctl option with name "tpe_gid" | |
20860 | + is created. | |
20861 | + | |
20862 | +config GRKERNSEC_TPE_GID | |
20863 | + int "GID for trusted users" | |
20864 | + depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT | |
20865 | + default 1005 | |
20866 | + help | |
20867 | + If you have selected the "Invert GID option" above, setting this | |
20868 | + GID determines what group TPE restrictions will be *disabled* for. | |
20869 | + If you have not selected the "Invert GID option" above, setting this | |
20870 | + GID determines what group TPE restrictions will be *enabled* for. | |
20871 | + If the sysctl option is enabled, a sysctl option with name "tpe_gid" | |
20872 | + is created. | |
20873 | + | |
20874 | +endmenu | |
20875 | +menu "Network Protections" | |
20876 | +depends on GRKERNSEC | |
20877 | + | |
20878 | +config GRKERNSEC_RANDNET | |
20879 | + bool "Larger entropy pools" | |
20880 | + help | |
20881 | + If you say Y here, the entropy pools used for many features of Linux | |
20882 | + and grsecurity will be doubled in size. Since several grsecurity | |
20883 | + features use additional randomness, it is recommended that you say Y | |
20884 | + here. Saying Y here has a similar effect as modifying | |
20885 | + /proc/sys/kernel/random/poolsize. | |
20886 | + | |
20887 | +config GRKERNSEC_SOCKET | |
20888 | + bool "Socket restrictions" | |
20889 | + help | |
20890 | + If you say Y here, you will be able to choose from several options. | |
20891 | + If you assign a GID on your system and add it to the supplementary | |
20892 | + groups of users you want to restrict socket access to, this patch | |
20893 | + will perform up to three things, based on the option(s) you choose. | |
20894 | + | |
20895 | +config GRKERNSEC_SOCKET_ALL | |
20896 | + bool "Deny any sockets to group" | |
20897 | + depends on GRKERNSEC_SOCKET | |
20898 | + help | |
20899 | + If you say Y here, you will be able to choose a GID of whose users will | |
20900 | + be unable to connect to other hosts from your machine or run server | |
20901 | + applications from your machine. If the sysctl option is enabled, a | |
20902 | + sysctl option with name "socket_all" is created. | |
20903 | + | |
20904 | +config GRKERNSEC_SOCKET_ALL_GID | |
20905 | + int "GID to deny all sockets for" | |
20906 | + depends on GRKERNSEC_SOCKET_ALL | |
20907 | + default 1004 | |
20908 | + help | |
20909 | + Here you can choose the GID to disable socket access for. Remember to | |
20910 | + add the users you want socket access disabled for to the GID | |
20911 | + specified here. If the sysctl option is enabled, a sysctl option | |
20912 | + with name "socket_all_gid" is created. | |
20913 | + | |
20914 | +config GRKERNSEC_SOCKET_CLIENT | |
20915 | + bool "Deny client sockets to group" | |
20916 | + depends on GRKERNSEC_SOCKET | |
20917 | + help | |
20918 | + If you say Y here, you will be able to choose a GID of whose users will | |
20919 | + be unable to connect to other hosts from your machine, but will be | |
20920 | + able to run servers. If this option is enabled, all users in the group | |
20921 | + you specify will have to use passive mode when initiating ftp transfers | |
20922 | + from the shell on your machine. If the sysctl option is enabled, a | |
20923 | + sysctl option with name "socket_client" is created. | |
20924 | + | |
20925 | +config GRKERNSEC_SOCKET_CLIENT_GID | |
20926 | + int "GID to deny client sockets for" | |
20927 | + depends on GRKERNSEC_SOCKET_CLIENT | |
20928 | + default 1003 | |
20929 | + help | |
20930 | + Here you can choose the GID to disable client socket access for. | |
20931 | + Remember to add the users you want client socket access disabled for to | |
20932 | + the GID specified here. If the sysctl option is enabled, a sysctl | |
20933 | + option with name "socket_client_gid" is created. | |
20934 | + | |
20935 | +config GRKERNSEC_SOCKET_SERVER | |
20936 | + bool "Deny server sockets to group" | |
20937 | + depends on GRKERNSEC_SOCKET | |
20938 | + help | |
20939 | + If you say Y here, you will be able to choose a GID of whose users will | |
20940 | + be unable to run server applications from your machine. If the sysctl | |
20941 | + option is enabled, a sysctl option with name "socket_server" is created. | |
20942 | + | |
20943 | +config GRKERNSEC_SOCKET_SERVER_GID | |
20944 | + int "GID to deny server sockets for" | |
20945 | + depends on GRKERNSEC_SOCKET_SERVER | |
20946 | + default 1002 | |
20947 | + help | |
20948 | + Here you can choose the GID to disable server socket access for. | |
20949 | + Remember to add the users you want server socket access disabled for to | |
20950 | + the GID specified here. If the sysctl option is enabled, a sysctl | |
20951 | + option with name "socket_server_gid" is created. | |
20952 | + | |
20953 | +endmenu | |
20954 | +menu "Sysctl support" | |
20955 | +depends on GRKERNSEC && SYSCTL | |
20956 | + | |
20957 | +config GRKERNSEC_SYSCTL | |
20958 | + bool "Sysctl support" | |
20959 | + help | |
20960 | + If you say Y here, you will be able to change the options that | |
20961 | + grsecurity runs with at bootup, without having to recompile your | |
20962 | + kernel. You can echo values to files in /proc/sys/kernel/grsecurity | |
20963 | + to enable (1) or disable (0) various features. All the sysctl entries | |
20964 | + are mutable until the "grsec_lock" entry is set to a non-zero value. | |
20965 | + All features enabled in the kernel configuration are disabled at boot | |
20966 | + if you do not say Y to the "Turn on features by default" option. | |
20967 | + All options should be set at startup, and the grsec_lock entry should | |
20968 | + be set to a non-zero value after all the options are set. | |
20969 | + *THIS IS EXTREMELY IMPORTANT* | |
20970 | + | |
20971 | +config GRKERNSEC_SYSCTL_ON | |
20972 | + bool "Turn on features by default" | |
20973 | + depends on GRKERNSEC_SYSCTL | |
20974 | + help | |
20975 | + If you say Y here, instead of having all features enabled in the | |
20976 | + kernel configuration disabled at boot time, the features will be | |
20977 | + enabled at boot time. It is recommended you say Y here unless | |
20978 | + there is some reason you would want all sysctl-tunable features to | |
20979 | + be disabled by default. As mentioned elsewhere, it is important | |
20980 | + to enable the grsec_lock entry once you have finished modifying | |
20981 | + the sysctl entries. | |
20982 | + | |
20983 | +endmenu | |
20984 | +menu "Logging Options" | |
20985 | +depends on GRKERNSEC | |
20986 | + | |
20987 | +config GRKERNSEC_FLOODTIME | |
20988 | + int "Seconds in between log messages (minimum)" | |
20989 | + default 10 | |
20990 | + help | |
20991 | + This option allows you to enforce the number of seconds between | |
20992 | + grsecurity log messages. The default should be suitable for most | |
20993 | + people, however, if you choose to change it, choose a value small enough | |
20994 | + to allow informative logs to be produced, but large enough to | |
20995 | + prevent flooding. | |
20996 | + | |
20997 | +config GRKERNSEC_FLOODBURST | |
20998 | + int "Number of messages in a burst (maximum)" | |
20999 | + default 4 | |
21000 | + help | |
21001 | + This option allows you to choose the maximum number of messages allowed | |
21002 | + within the flood time interval you chose in a separate option. The | |
21003 | + default should be suitable for most people, however if you find that | |
21004 | + many of your logs are being interpreted as flooding, you may want to | |
21005 | + raise this value. | |
21006 | + | |
21007 | +endmenu | |
21008 | + | |
21009 | +endmenu | |
21010 | diff -urNp linux-2.6.19.1/grsecurity/Makefile linux-2.6.19.1/grsecurity/Makefile | |
21011 | --- linux-2.6.19.1/grsecurity/Makefile 1969-12-31 19:00:00.000000000 -0500 | |
21012 | +++ linux-2.6.19.1/grsecurity/Makefile 2006-12-03 15:16:32.000000000 -0500 | |
21013 | @@ -0,0 +1,20 @@ | |
21014 | +# grsecurity's ACL system was originally written in 2001 by Michael Dalton | |
21015 | +# during 2001-2005 it has been completely redesigned by Brad Spengler | |
21016 | +# into an RBAC system | |
21017 | +# | |
21018 | +# All code in this directory and various hooks inserted throughout the kernel | |
21019 | +# are copyright Brad Spengler, and released under the GPL v2 or higher | |
21020 | + | |
21021 | +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ | |
21022 | + grsec_mount.o grsec_rand.o grsec_sig.o grsec_sock.o grsec_sysctl.o \ | |
21023 | + grsec_time.o grsec_tpe.o grsec_ipc.o grsec_link.o grsec_textrel.o | |
21024 | + | |
21025 | +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \ | |
21026 | + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ | |
21027 | + gracl_learn.o grsec_log.o | |
21028 | +obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o | |
21029 | + | |
21030 | +ifndef CONFIG_GRKERNSEC | |
21031 | +obj-y += grsec_disabled.o | |
21032 | +endif | |
21033 | + | |
21034 | diff -urNp linux-2.6.19.1/include/acpi/acmacros.h linux-2.6.19.1/include/acpi/acmacros.h | |
21035 | --- linux-2.6.19.1/include/acpi/acmacros.h 2006-11-29 16:57:37.000000000 -0500 | |
21036 | +++ linux-2.6.19.1/include/acpi/acmacros.h 2006-12-03 15:16:16.000000000 -0500 | |
21037 | @@ -672,7 +672,7 @@ | |
21038 | #define ACPI_DUMP_PATHNAME(a,b,c,d) | |
21039 | #define ACPI_DUMP_RESOURCE_LIST(a) | |
21040 | #define ACPI_DUMP_BUFFER(a,b) | |
21041 | -#define ACPI_DEBUG_PRINT(pl) | |
21042 | +#define ACPI_DEBUG_PRINT(pl) do {} while (0) | |
21043 | #define ACPI_DEBUG_PRINT_RAW(pl) | |
21044 | ||
21045 | #define return_VOID return | |
21046 | diff -urNp linux-2.6.19.1/include/asm-alpha/a.out.h linux-2.6.19.1/include/asm-alpha/a.out.h | |
21047 | --- linux-2.6.19.1/include/asm-alpha/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
21048 | +++ linux-2.6.19.1/include/asm-alpha/a.out.h 2006-12-03 15:16:16.000000000 -0500 | |
21049 | @@ -98,7 +98,7 @@ struct exec | |
21050 | set_personality (((BFPM->sh_bang || EX.ah.entry < 0x100000000L \ | |
21051 | ? ADDR_LIMIT_32BIT : 0) | PER_OSF4)) | |
21052 | ||
21053 | -#define STACK_TOP \ | |
21054 | +#define __STACK_TOP \ | |
21055 | (current->personality & ADDR_LIMIT_32BIT ? 0x80000000 : 0x00120000000UL) | |
21056 | ||
21057 | #endif | |
21058 | diff -urNp linux-2.6.19.1/include/asm-alpha/elf.h linux-2.6.19.1/include/asm-alpha/elf.h | |
21059 | --- linux-2.6.19.1/include/asm-alpha/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
21060 | +++ linux-2.6.19.1/include/asm-alpha/elf.h 2006-12-03 15:16:16.000000000 -0500 | |
21061 | @@ -91,6 +91,17 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N | |
21062 | ||
21063 | #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000) | |
21064 | ||
21065 | +#ifdef CONFIG_PAX_ASLR | |
21066 | +#define PAX_ELF_ET_DYN_BASE(tsk) ((tsk)->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL) | |
21067 | + | |
21068 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
21069 | +#define PAX_DELTA_MMAP_LEN(tsk) ((tsk)->personality & ADDR_LIMIT_32BIT ? 14 : 28) | |
21070 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
21071 | +#define PAX_DELTA_EXEC_LEN(tsk) ((tsk)->personality & ADDR_LIMIT_32BIT ? 14 : 28) | |
21072 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
21073 | +#define PAX_DELTA_STACK_LEN(tsk) ((tsk)->personality & ADDR_LIMIT_32BIT ? 14 : 19) | |
21074 | +#endif | |
21075 | + | |
21076 | /* $0 is set by ld.so to a pointer to a function which might be | |
21077 | registered using atexit. This provides a mean for the dynamic | |
21078 | linker to call DT_FINI functions for shared libraries that have | |
21079 | diff -urNp linux-2.6.19.1/include/asm-alpha/kmap_types.h linux-2.6.19.1/include/asm-alpha/kmap_types.h | |
21080 | --- linux-2.6.19.1/include/asm-alpha/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
21081 | +++ linux-2.6.19.1/include/asm-alpha/kmap_types.h 2006-12-03 15:16:16.000000000 -0500 | |
21082 | @@ -24,7 +24,8 @@ D(9) KM_IRQ0, | |
21083 | D(10) KM_IRQ1, | |
21084 | D(11) KM_SOFTIRQ0, | |
21085 | D(12) KM_SOFTIRQ1, | |
21086 | -D(13) KM_TYPE_NR | |
21087 | +D(13) KM_CLEARPAGE, | |
21088 | +D(14) KM_TYPE_NR | |
21089 | }; | |
21090 | ||
21091 | #undef D | |
21092 | diff -urNp linux-2.6.19.1/include/asm-alpha/page.h linux-2.6.19.1/include/asm-alpha/page.h | |
21093 | --- linux-2.6.19.1/include/asm-alpha/page.h 2006-11-29 16:57:37.000000000 -0500 | |
21094 | +++ linux-2.6.19.1/include/asm-alpha/page.h 2006-12-03 15:16:16.000000000 -0500 | |
21095 | @@ -93,6 +93,15 @@ typedef unsigned long pgprot_t; | |
21096 | #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \ | |
21097 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
21098 | ||
21099 | +#ifdef CONFIG_PAX_PAGEEXEC | |
21100 | +#ifdef CONFIG_PAX_MPROTECT | |
21101 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
21102 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
21103 | +#else | |
21104 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
21105 | +#endif | |
21106 | +#endif | |
21107 | + | |
21108 | #include <asm-generic/memory_model.h> | |
21109 | #include <asm-generic/page.h> | |
21110 | ||
21111 | diff -urNp linux-2.6.19.1/include/asm-alpha/pgtable.h linux-2.6.19.1/include/asm-alpha/pgtable.h | |
21112 | --- linux-2.6.19.1/include/asm-alpha/pgtable.h 2006-11-29 16:57:37.000000000 -0500 | |
21113 | +++ linux-2.6.19.1/include/asm-alpha/pgtable.h 2006-12-03 15:16:16.000000000 -0500 | |
21114 | @@ -101,6 +101,17 @@ struct vm_area_struct; | |
21115 | #define PAGE_SHARED __pgprot(_PAGE_VALID | __ACCESS_BITS) | |
21116 | #define PAGE_COPY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW) | |
21117 | #define PAGE_READONLY __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW) | |
21118 | + | |
21119 | +#ifdef CONFIG_PAX_PAGEEXEC | |
21120 | +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE) | |
21121 | +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE) | |
21122 | +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE) | |
21123 | +#else | |
21124 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
21125 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
21126 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
21127 | +#endif | |
21128 | + | |
21129 | #define PAGE_KERNEL __pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE) | |
21130 | ||
21131 | #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x)) | |
21132 | diff -urNp linux-2.6.19.1/include/asm-arm/a.out.h linux-2.6.19.1/include/asm-arm/a.out.h | |
21133 | --- linux-2.6.19.1/include/asm-arm/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
21134 | +++ linux-2.6.19.1/include/asm-arm/a.out.h 2006-12-03 15:16:16.000000000 -0500 | |
21135 | @@ -28,7 +28,7 @@ struct exec | |
21136 | #define M_ARM 103 | |
21137 | ||
21138 | #ifdef __KERNEL__ | |
21139 | -#define STACK_TOP ((current->personality == PER_LINUX_32BIT) ? \ | |
21140 | +#define __STACK_TOP ((current->personality == PER_LINUX_32BIT) ? \ | |
21141 | TASK_SIZE : TASK_SIZE_26) | |
21142 | #endif | |
21143 | ||
21144 | diff -urNp linux-2.6.19.1/include/asm-arm/elf.h linux-2.6.19.1/include/asm-arm/elf.h | |
21145 | --- linux-2.6.19.1/include/asm-arm/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
21146 | +++ linux-2.6.19.1/include/asm-arm/elf.h 2006-12-03 15:16:17.000000000 -0500 | |
21147 | @@ -57,6 +57,17 @@ typedef struct user_fp elf_fpregset_t; | |
21148 | ||
21149 | #define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3) | |
21150 | ||
21151 | +#ifdef CONFIG_PAX_ASLR | |
21152 | +#define PAX_ELF_ET_DYN_BASE(tsk) 0x00008000UL | |
21153 | + | |
21154 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
21155 | +#define PAX_DELTA_MMAP_LEN(tsk) ((tsk->personality == PER_LINUX_32BIT) ? 16 : 10) | |
21156 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
21157 | +#define PAX_DELTA_EXEC_LEN(tsk) ((tsk->personality == PER_LINUX_32BIT) ? 16 : 10) | |
21158 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
21159 | +#define PAX_DELTA_STACK_LEN(tsk) ((tsk->personality == PER_LINUX_32BIT) ? 16 : 10) | |
21160 | +#endif | |
21161 | + | |
21162 | /* When the program starts, a1 contains a pointer to a function to be | |
21163 | registered with atexit, as per the SVR4 ABI. A value of 0 means we | |
21164 | have no such handler. */ | |
21165 | diff -urNp linux-2.6.19.1/include/asm-arm/kmap_types.h linux-2.6.19.1/include/asm-arm/kmap_types.h | |
21166 | --- linux-2.6.19.1/include/asm-arm/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
21167 | +++ linux-2.6.19.1/include/asm-arm/kmap_types.h 2006-12-03 15:16:17.000000000 -0500 | |
21168 | @@ -18,6 +18,7 @@ enum km_type { | |
21169 | KM_IRQ1, | |
21170 | KM_SOFTIRQ0, | |
21171 | KM_SOFTIRQ1, | |
21172 | + KM_CLEARPAGE, | |
21173 | KM_TYPE_NR | |
21174 | }; | |
21175 | ||
21176 | diff -urNp linux-2.6.19.1/include/asm-arm26/kmap_types.h linux-2.6.19.1/include/asm-arm26/kmap_types.h | |
21177 | --- linux-2.6.19.1/include/asm-arm26/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
21178 | +++ linux-2.6.19.1/include/asm-arm26/kmap_types.h 2006-12-03 15:16:17.000000000 -0500 | |
21179 | @@ -6,7 +6,8 @@ | |
21180 | */ | |
21181 | enum km_type { | |
21182 | KM_IRQ0, | |
21183 | - KM_USER1 | |
21184 | + KM_USER1, | |
21185 | + KM_CLEARPAGE | |
21186 | }; | |
21187 | ||
21188 | #endif | |
21189 | diff -urNp linux-2.6.19.1/include/asm-cris/kmap_types.h linux-2.6.19.1/include/asm-cris/kmap_types.h | |
21190 | --- linux-2.6.19.1/include/asm-cris/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
21191 | +++ linux-2.6.19.1/include/asm-cris/kmap_types.h 2006-12-03 15:16:19.000000000 -0500 | |
21192 | @@ -19,6 +19,7 @@ enum km_type { | |
21193 | KM_IRQ1, | |
21194 | KM_SOFTIRQ0, | |
21195 | KM_SOFTIRQ1, | |
21196 | + KM_CLEARPAGE, | |
21197 | KM_TYPE_NR | |
21198 | }; | |
21199 | ||
21200 | diff -urNp linux-2.6.19.1/include/asm-frv/kmap_types.h linux-2.6.19.1/include/asm-frv/kmap_types.h | |
21201 | --- linux-2.6.19.1/include/asm-frv/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
21202 | +++ linux-2.6.19.1/include/asm-frv/kmap_types.h 2006-12-03 15:16:19.000000000 -0500 | |
21203 | @@ -23,6 +23,7 @@ enum km_type { | |
21204 | KM_IRQ1, | |
21205 | KM_SOFTIRQ0, | |
21206 | KM_SOFTIRQ1, | |
21207 | + KM_CLEARPAGE, | |
21208 | KM_TYPE_NR | |
21209 | }; | |
21210 | ||
21211 | diff -urNp linux-2.6.19.1/include/asm-h8300/kmap_types.h linux-2.6.19.1/include/asm-h8300/kmap_types.h | |
21212 | --- linux-2.6.19.1/include/asm-h8300/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
21213 | +++ linux-2.6.19.1/include/asm-h8300/kmap_types.h 2006-12-03 15:16:20.000000000 -0500 | |
21214 | @@ -15,6 +15,7 @@ enum km_type { | |
21215 | KM_IRQ1, | |
21216 | KM_SOFTIRQ0, | |
21217 | KM_SOFTIRQ1, | |
21218 | + KM_CLEARPAGE, | |
21219 | KM_TYPE_NR | |
21220 | }; | |
21221 | ||
21222 | diff -urNp linux-2.6.19.1/include/asm-i386/alternative.h linux-2.6.19.1/include/asm-i386/alternative.h | |
21223 | --- linux-2.6.19.1/include/asm-i386/alternative.h 2006-11-29 16:57:37.000000000 -0500 | |
21224 | +++ linux-2.6.19.1/include/asm-i386/alternative.h 2006-12-03 15:16:20.000000000 -0500 | |
21225 | @@ -57,7 +57,7 @@ static inline void alternatives_smp_swit | |
21226 | " .byte 662b-661b\n" /* sourcelen */ \ | |
21227 | " .byte 664f-663f\n" /* replacementlen */ \ | |
21228 | ".previous\n" \ | |
21229 | - ".section .altinstr_replacement,\"ax\"\n" \ | |
21230 | + ".section .altinstr_replacement,\"a\"\n" \ | |
21231 | "663:\n\t" newinstr "\n664:\n" /* replacement */\ | |
21232 | ".previous" :: "i" (feature) : "memory") | |
21233 | ||
21234 | @@ -81,7 +81,7 @@ static inline void alternatives_smp_swit | |
21235 | " .byte 662b-661b\n" /* sourcelen */ \ | |
21236 | " .byte 664f-663f\n" /* replacementlen */ \ | |
21237 | ".previous\n" \ | |
21238 | - ".section .altinstr_replacement,\"ax\"\n" \ | |
21239 | + ".section .altinstr_replacement,\"a\"\n" \ | |
21240 | "663:\n\t" newinstr "\n664:\n" /* replacement */\ | |
21241 | ".previous" :: "i" (feature), ##input) | |
21242 | ||
21243 | diff -urNp linux-2.6.19.1/include/asm-i386/a.out.h linux-2.6.19.1/include/asm-i386/a.out.h | |
21244 | --- linux-2.6.19.1/include/asm-i386/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
21245 | +++ linux-2.6.19.1/include/asm-i386/a.out.h 2006-12-03 15:16:20.000000000 -0500 | |
21246 | @@ -19,7 +19,11 @@ struct exec | |
21247 | ||
21248 | #ifdef __KERNEL__ | |
21249 | ||
21250 | -#define STACK_TOP TASK_SIZE | |
21251 | +#ifdef CONFIG_PAX_SEGMEXEC | |
21252 | +#define __STACK_TOP ((current->mm->pax_flags & MF_PAX_SEGMEXEC)?TASK_SIZE/2:TASK_SIZE) | |
21253 | +#else | |
21254 | +#define __STACK_TOP TASK_SIZE | |
21255 | +#endif | |
21256 | ||
21257 | #endif | |
21258 | ||
21259 | diff -urNp linux-2.6.19.1/include/asm-i386/apic.h linux-2.6.19.1/include/asm-i386/apic.h | |
21260 | --- linux-2.6.19.1/include/asm-i386/apic.h 2006-11-29 16:57:37.000000000 -0500 | |
21261 | +++ linux-2.6.19.1/include/asm-i386/apic.h 2006-12-03 15:16:20.000000000 -0500 | |
21262 | @@ -7,7 +7,7 @@ | |
21263 | #include <asm/processor.h> | |
21264 | #include <asm/system.h> | |
21265 | ||
21266 | -#define Dprintk(x...) | |
21267 | +#define Dprintk(x...) do {} while (0) | |
21268 | ||
21269 | /* | |
21270 | * Debugging macros | |
21271 | diff -urNp linux-2.6.19.1/include/asm-i386/bug.h linux-2.6.19.1/include/asm-i386/bug.h | |
21272 | --- linux-2.6.19.1/include/asm-i386/bug.h 2006-11-29 16:57:37.000000000 -0500 | |
21273 | +++ linux-2.6.19.1/include/asm-i386/bug.h 2006-12-03 15:16:20.000000000 -0500 | |
21274 | @@ -11,10 +11,9 @@ | |
21275 | #ifdef CONFIG_BUG | |
21276 | #define HAVE_ARCH_BUG | |
21277 | #ifdef CONFIG_DEBUG_BUGVERBOSE | |
21278 | -#define BUG() \ | |
21279 | - __asm__ __volatile__( "ud2\n" \ | |
21280 | - "\t.word %c0\n" \ | |
21281 | - "\t.long %c1\n" \ | |
21282 | +#define BUG() \ | |
21283 | + __asm__ __volatile__( "ud2\n\t" \ | |
21284 | + "ljmp %0, %1\n\t" \ | |
21285 | : : "i" (__LINE__), "i" (__FILE__)) | |
21286 | #else | |
21287 | #define BUG() __asm__ __volatile__("ud2\n") | |
21288 | diff -urNp linux-2.6.19.1/include/asm-i386/checksum.h linux-2.6.19.1/include/asm-i386/checksum.h | |
21289 | --- linux-2.6.19.1/include/asm-i386/checksum.h 2006-11-29 16:57:37.000000000 -0500 | |
21290 | +++ linux-2.6.19.1/include/asm-i386/checksum.h 2006-12-03 15:16:20.000000000 -0500 | |
21291 | @@ -30,6 +30,12 @@ asmlinkage unsigned int csum_partial(con | |
21292 | asmlinkage unsigned int csum_partial_copy_generic(const unsigned char *src, unsigned char *dst, | |
21293 | int len, int sum, int *src_err_ptr, int *dst_err_ptr); | |
21294 | ||
21295 | +asmlinkage unsigned int csum_partial_copy_generic_to_user(const unsigned char *src, unsigned char *dst, | |
21296 | + int len, int sum, int *src_err_ptr, int *dst_err_ptr); | |
21297 | + | |
21298 | +asmlinkage unsigned int csum_partial_copy_generic_from_user(const unsigned char *src, unsigned char *dst, | |
21299 | + int len, int sum, int *src_err_ptr, int *dst_err_ptr); | |
21300 | + | |
21301 | /* | |
21302 | * Note: when you get a NULL pointer exception here this means someone | |
21303 | * passed in an incorrect kernel address to one of these functions. | |
21304 | @@ -49,7 +55,7 @@ unsigned int csum_partial_copy_from_user | |
21305 | int len, int sum, int *err_ptr) | |
21306 | { | |
21307 | might_sleep(); | |
21308 | - return csum_partial_copy_generic((__force unsigned char *)src, dst, | |
21309 | + return csum_partial_copy_generic_from_user((__force unsigned char *)src, dst, | |
21310 | len, sum, err_ptr, NULL); | |
21311 | } | |
21312 | ||
21313 | @@ -183,7 +189,7 @@ static __inline__ unsigned int csum_and_ | |
21314 | { | |
21315 | might_sleep(); | |
21316 | if (access_ok(VERIFY_WRITE, dst, len)) | |
21317 | - return csum_partial_copy_generic(src, (__force unsigned char *)dst, len, sum, NULL, err_ptr); | |
21318 | + return csum_partial_copy_generic_to_user(src, (__force unsigned char *)dst, len, sum, NULL, err_ptr); | |
21319 | ||
21320 | if (len) | |
21321 | *err_ptr = -EFAULT; | |
21322 | diff -urNp linux-2.6.19.1/include/asm-i386/desc.h linux-2.6.19.1/include/asm-i386/desc.h | |
21323 | --- linux-2.6.19.1/include/asm-i386/desc.h 2006-11-29 16:57:37.000000000 -0500 | |
21324 | +++ linux-2.6.19.1/include/asm-i386/desc.h 2006-12-03 15:16:20.000000000 -0500 | |
21325 | @@ -10,11 +10,13 @@ | |
21326 | ||
21327 | #include <linux/preempt.h> | |
21328 | #include <linux/smp.h> | |
21329 | -#include <linux/percpu.h> | |
21330 | +#include <linux/sched.h> | |
21331 | ||
21332 | #include <asm/mmu.h> | |
21333 | +#include <asm/pgtable.h> | |
21334 | +#include <asm/tlbflush.h> | |
21335 | ||
21336 | -extern struct desc_struct cpu_gdt_table[GDT_ENTRIES]; | |
21337 | +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)]; | |
21338 | ||
21339 | DECLARE_PER_CPU(unsigned char, cpu_16bit_stack[CPU_16BIT_STACK_SIZE]); | |
21340 | ||
21341 | @@ -24,20 +26,33 @@ struct Xgt_desc_struct { | |
21342 | unsigned short pad; | |
21343 | } __attribute__ ((packed)); | |
21344 | ||
21345 | -extern struct Xgt_desc_struct idt_descr; | |
21346 | -DECLARE_PER_CPU(struct Xgt_desc_struct, cpu_gdt_descr); | |
21347 | - | |
21348 | +extern struct Xgt_desc_struct idt_descr, cpu_gdt_descr[NR_CPUS]; | |
21349 | ||
21350 | static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu) | |
21351 | { | |
21352 | - return (struct desc_struct *)per_cpu(cpu_gdt_descr, cpu).address; | |
21353 | + return cpu_gdt_table[cpu]; | |
21354 | } | |
21355 | ||
21356 | +#define pax_open_kernel(cr0) \ | |
21357 | +do { \ | |
21358 | + typecheck(unsigned long,cr0); \ | |
21359 | + preempt_disable(); \ | |
21360 | + cr0 = read_cr0(); \ | |
21361 | + write_cr0(cr0 & ~0x10000UL); \ | |
21362 | +} while(0) | |
21363 | + | |
21364 | +#define pax_close_kernel(cr0) \ | |
21365 | +do { \ | |
21366 | + typecheck(unsigned long,cr0); \ | |
21367 | + write_cr0(cr0); \ | |
21368 | + preempt_enable_no_resched(); \ | |
21369 | +} while(0) | |
21370 | + | |
21371 | /* | |
21372 | * This is the ldt that every process will get unless we need | |
21373 | * something other than this. | |
21374 | */ | |
21375 | -extern struct desc_struct default_ldt[]; | |
21376 | +extern const struct desc_struct default_ldt[]; | |
21377 | extern struct desc_struct idt_table[]; | |
21378 | extern void set_intr_gate(unsigned int irq, void * addr); | |
21379 | ||
21380 | @@ -91,8 +106,20 @@ static inline void load_TLS(struct threa | |
21381 | static inline void write_dt_entry(void *dt, int entry, __u32 entry_a, __u32 entry_b) | |
21382 | { | |
21383 | __u32 *lp = (__u32 *)((char *)dt + entry*8); | |
21384 | + | |
21385 | +#ifdef CONFIG_PAX_KERNEXEC | |
21386 | + unsigned long cr0; | |
21387 | + | |
21388 | + pax_open_kernel(cr0); | |
21389 | +#endif | |
21390 | + | |
21391 | *lp = entry_a; | |
21392 | *(lp+1) = entry_b; | |
21393 | + | |
21394 | +#ifdef CONFIG_PAX_KERNEXEC | |
21395 | + pax_close_kernel(cr0); | |
21396 | +#endif | |
21397 | + | |
21398 | } | |
21399 | ||
21400 | #define write_ldt_entry(dt, entry, a, b) write_dt_entry(dt, entry, a, b) | |
21401 | @@ -115,7 +142,7 @@ static inline void __set_tss_desc(unsign | |
21402 | write_gdt_entry(get_cpu_gdt_table(cpu), entry, a, b); | |
21403 | } | |
21404 | ||
21405 | -static inline void set_ldt_desc(unsigned int cpu, void *addr, unsigned int entries) | |
21406 | +static inline void set_ldt_desc(unsigned int cpu, const void *addr, unsigned int entries) | |
21407 | { | |
21408 | __u32 a, b; | |
21409 | pack_descriptor(&a, &b, (unsigned long)addr, | |
21410 | @@ -139,7 +166,7 @@ static inline void set_ldt_desc(unsigned | |
21411 | ((info)->seg_32bit << 22) | \ | |
21412 | ((info)->limit_in_pages << 23) | \ | |
21413 | ((info)->useable << 20) | \ | |
21414 | - 0x7000) | |
21415 | + 0x7100) | |
21416 | ||
21417 | #define LDT_empty(info) (\ | |
21418 | (info)->base_addr == 0 && \ | |
21419 | @@ -165,7 +192,7 @@ static inline void clear_LDT(void) | |
21420 | */ | |
21421 | static inline void load_LDT_nolock(mm_context_t *pc, int cpu) | |
21422 | { | |
21423 | - void *segments = pc->ldt; | |
21424 | + const void *segments = pc->ldt; | |
21425 | int count = pc->size; | |
21426 | ||
21427 | if (likely(!count)) { | |
21428 | @@ -184,15 +211,25 @@ static inline void load_LDT(mm_context_t | |
21429 | put_cpu(); | |
21430 | } | |
21431 | ||
21432 | -static inline unsigned long get_desc_base(unsigned long *desc) | |
21433 | +static inline unsigned long get_desc_base(struct desc_struct *desc) | |
21434 | { | |
21435 | unsigned long base; | |
21436 | - base = ((desc[0] >> 16) & 0x0000ffff) | | |
21437 | - ((desc[1] << 16) & 0x00ff0000) | | |
21438 | - (desc[1] & 0xff000000); | |
21439 | + base = ((desc->a >> 16) & 0x0000ffff) | | |
21440 | + ((desc->b << 16) & 0x00ff0000) | | |
21441 | + (desc->b & 0xff000000); | |
21442 | return base; | |
21443 | } | |
21444 | ||
21445 | +static inline void set_user_cs(struct mm_struct *mm, int cpu) | |
21446 | +{ | |
21447 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
21448 | + __u32 a, b; | |
21449 | + | |
21450 | + pack_descriptor(&a, &b, mm->context.user_cs_base, mm->context.user_cs_limit - 1, 0xFB, 0xC); | |
21451 | + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, a, b); | |
21452 | +#endif | |
21453 | +} | |
21454 | + | |
21455 | #endif /* !__ASSEMBLY__ */ | |
21456 | ||
21457 | #endif | |
21458 | diff -urNp linux-2.6.19.1/include/asm-i386/elf.h linux-2.6.19.1/include/asm-i386/elf.h | |
21459 | --- linux-2.6.19.1/include/asm-i386/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
21460 | +++ linux-2.6.19.1/include/asm-i386/elf.h 2006-12-03 15:16:20.000000000 -0500 | |
21461 | @@ -75,7 +75,22 @@ typedef struct user_fxsr_struct elf_fpxr | |
21462 | the loader. We need to make sure that it is out of the way of the program | |
21463 | that it will "exec", and that there is sufficient room for the brk. */ | |
21464 | ||
21465 | +#ifdef CONFIG_PAX_SEGMEXEC | |
b6fa5d20 | 21466 | +#define ELF_ET_DYN_BASE ((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : (TASK_UNMAPPED_BASE) * 2) |
c3e8c1b5 | 21467 | +#else |
5c9295bc | 21468 | #define ELF_ET_DYN_BASE ((TASK_UNMAPPED_BASE) * 2) |
c3e8c1b5 | 21469 | +#endif |
21470 | + | |
21471 | +#ifdef CONFIG_PAX_ASLR | |
21472 | +#define PAX_ELF_ET_DYN_BASE(tsk) 0x10000000UL | |
21473 | + | |
21474 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
21475 | +#define PAX_DELTA_MMAP_LEN(tsk) ((tsk)->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16) | |
21476 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
21477 | +#define PAX_DELTA_EXEC_LEN(tsk) 15 | |
21478 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
21479 | +#define PAX_DELTA_STACK_LEN(tsk) ((tsk)->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16) | |
21480 | +#endif | |
21481 | ||
21482 | /* regs is struct pt_regs, pr_reg is elf_gregset_t (which is | |
21483 | now struct_user_regs, they are different) */ | |
21484 | @@ -133,7 +148,7 @@ extern int dump_task_extended_fpu (struc | |
21485 | #define ELF_CORE_COPY_XFPREGS(tsk, elf_xfpregs) dump_task_extended_fpu(tsk, elf_xfpregs) | |
21486 | ||
21487 | #define VDSO_HIGH_BASE (__fix_to_virt(FIX_VDSO)) | |
21488 | -#define VDSO_BASE ((unsigned long)current->mm->context.vdso) | |
21489 | +#define VDSO_BASE (current->mm->context.vdso) | |
21490 | ||
21491 | #ifdef CONFIG_COMPAT_VDSO | |
21492 | # define VDSO_COMPAT_BASE VDSO_HIGH_BASE | |
21493 | diff -urNp linux-2.6.19.1/include/asm-i386/i387.h linux-2.6.19.1/include/asm-i386/i387.h | |
21494 | --- linux-2.6.19.1/include/asm-i386/i387.h 2006-11-29 16:57:37.000000000 -0500 | |
21495 | +++ linux-2.6.19.1/include/asm-i386/i387.h 2006-12-03 15:16:20.000000000 -0500 | |
21496 | @@ -40,13 +40,8 @@ extern void kernel_fpu_begin(void); | |
21497 | #define kernel_fpu_end() do { stts(); preempt_enable(); } while(0) | |
21498 | ||
21499 | /* We need a safe address that is cheap to find and that is already | |
21500 | - in L1 during context switch. The best choices are unfortunately | |
21501 | - different for UP and SMP */ | |
21502 | -#ifdef CONFIG_SMP | |
21503 | -#define safe_address (__per_cpu_offset[0]) | |
21504 | -#else | |
21505 | -#define safe_address (kstat_cpu(0).cpustat.user) | |
21506 | -#endif | |
21507 | + in L1 during context switch. */ | |
21508 | +#define safe_address (init_tss[smp_processor_id()].esp0) | |
21509 | ||
21510 | /* | |
21511 | * These must be called with preempt disabled | |
21512 | diff -urNp linux-2.6.19.1/include/asm-i386/kmap_types.h linux-2.6.19.1/include/asm-i386/kmap_types.h | |
21513 | --- linux-2.6.19.1/include/asm-i386/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
21514 | +++ linux-2.6.19.1/include/asm-i386/kmap_types.h 2006-12-03 15:16:20.000000000 -0500 | |
21515 | @@ -22,7 +22,8 @@ D(9) KM_IRQ0, | |
21516 | D(10) KM_IRQ1, | |
21517 | D(11) KM_SOFTIRQ0, | |
21518 | D(12) KM_SOFTIRQ1, | |
21519 | -D(13) KM_TYPE_NR | |
21520 | +D(13) KM_CLEARPAGE, | |
21521 | +D(14) KM_TYPE_NR | |
21522 | }; | |
21523 | ||
21524 | #undef D | |
21525 | diff -urNp linux-2.6.19.1/include/asm-i386/mach-default/apm.h linux-2.6.19.1/include/asm-i386/mach-default/apm.h | |
21526 | --- linux-2.6.19.1/include/asm-i386/mach-default/apm.h 2006-11-29 16:57:37.000000000 -0500 | |
21527 | +++ linux-2.6.19.1/include/asm-i386/mach-default/apm.h 2006-12-03 15:16:20.000000000 -0500 | |
21528 | @@ -36,7 +36,7 @@ static inline void apm_bios_call_asm(u32 | |
21529 | __asm__ __volatile__(APM_DO_ZERO_SEGS | |
21530 | "pushl %%edi\n\t" | |
21531 | "pushl %%ebp\n\t" | |
21532 | - "lcall *%%cs:apm_bios_entry\n\t" | |
21533 | + "lcall *%%ss:apm_bios_entry\n\t" | |
21534 | "setc %%al\n\t" | |
21535 | "popl %%ebp\n\t" | |
21536 | "popl %%edi\n\t" | |
21537 | @@ -60,7 +60,7 @@ static inline u8 apm_bios_call_simple_as | |
21538 | __asm__ __volatile__(APM_DO_ZERO_SEGS | |
21539 | "pushl %%edi\n\t" | |
21540 | "pushl %%ebp\n\t" | |
21541 | - "lcall *%%cs:apm_bios_entry\n\t" | |
21542 | + "lcall *%%ss:apm_bios_entry\n\t" | |
21543 | "setc %%bl\n\t" | |
21544 | "popl %%ebp\n\t" | |
21545 | "popl %%edi\n\t" | |
21546 | diff -urNp linux-2.6.19.1/include/asm-i386/mach-default/do_timer.h linux-2.6.19.1/include/asm-i386/mach-default/do_timer.h | |
21547 | --- linux-2.6.19.1/include/asm-i386/mach-default/do_timer.h 2006-11-29 16:57:37.000000000 -0500 | |
21548 | +++ linux-2.6.19.1/include/asm-i386/mach-default/do_timer.h 2006-12-03 15:16:20.000000000 -0500 | |
21549 | @@ -18,7 +18,7 @@ static inline void do_timer_interrupt_ho | |
21550 | { | |
21551 | do_timer(1); | |
21552 | #ifndef CONFIG_SMP | |
21553 | - update_process_times(user_mode_vm(get_irq_regs())); | |
21554 | + update_process_times(user_mode(get_irq_regs())); | |
21555 | #endif | |
21556 | /* | |
21557 | * In the SMP case we use the local APIC timer interrupt to do the | |
21558 | diff -urNp linux-2.6.19.1/include/asm-i386/mach-voyager/do_timer.h linux-2.6.19.1/include/asm-i386/mach-voyager/do_timer.h | |
21559 | --- linux-2.6.19.1/include/asm-i386/mach-voyager/do_timer.h 2006-11-29 16:57:37.000000000 -0500 | |
21560 | +++ linux-2.6.19.1/include/asm-i386/mach-voyager/do_timer.h 2006-12-03 15:16:20.000000000 -0500 | |
21561 | @@ -5,7 +5,7 @@ static inline void do_timer_interrupt_ho | |
21562 | { | |
21563 | do_timer(1); | |
21564 | #ifndef CONFIG_SMP | |
21565 | - update_process_times(user_mode_vm(irq_regs)); | |
21566 | + update_process_times(user_mode(irq_regs)); | |
21567 | #endif | |
21568 | ||
21569 | voyager_timer_interrupt(); | |
21570 | diff -urNp linux-2.6.19.1/include/asm-i386/mman.h linux-2.6.19.1/include/asm-i386/mman.h | |
21571 | --- linux-2.6.19.1/include/asm-i386/mman.h 2006-11-29 16:57:37.000000000 -0500 | |
21572 | +++ linux-2.6.19.1/include/asm-i386/mman.h 2006-12-03 15:16:20.000000000 -0500 | |
21573 | @@ -11,6 +11,10 @@ | |
21574 | #define MAP_POPULATE 0x8000 /* populate (prefault) pagetables */ | |
21575 | #define MAP_NONBLOCK 0x10000 /* do not block on IO */ | |
21576 | ||
21577 | +#ifdef CONFIG_PAX_SEGMEXEC | |
21578 | +#define MAP_MIRROR 0x20000 | |
21579 | +#endif | |
21580 | + | |
21581 | #define MCL_CURRENT 1 /* lock all current mappings */ | |
21582 | #define MCL_FUTURE 2 /* lock all future mappings */ | |
21583 | ||
21584 | diff -urNp linux-2.6.19.1/include/asm-i386/mmu_context.h linux-2.6.19.1/include/asm-i386/mmu_context.h | |
21585 | --- linux-2.6.19.1/include/asm-i386/mmu_context.h 2006-11-29 16:57:37.000000000 -0500 | |
21586 | +++ linux-2.6.19.1/include/asm-i386/mmu_context.h 2006-12-03 15:16:20.000000000 -0500 | |
21587 | @@ -45,6 +45,17 @@ static inline void switch_mm(struct mm_s | |
21588 | */ | |
21589 | if (unlikely(prev->context.ldt != next->context.ldt)) | |
21590 | load_LDT_nolock(&next->context, cpu); | |
21591 | + | |
21592 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) | |
21593 | + cpu_clear(cpu, prev->context.cpu_user_cs_mask); | |
21594 | + cpu_set(cpu, next->context.cpu_user_cs_mask); | |
21595 | +#endif | |
21596 | + | |
21597 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
21598 | + if (unlikely(prev->context.user_cs_base != next->context.user_cs_base || | |
21599 | + prev->context.user_cs_limit != next->context.user_cs_limit)) | |
21600 | +#endif | |
21601 | + set_user_cs(next, cpu); | |
21602 | } | |
21603 | #ifdef CONFIG_SMP | |
21604 | else { | |
21605 | @@ -57,6 +68,12 @@ static inline void switch_mm(struct mm_s | |
21606 | */ | |
21607 | load_cr3(next->pgd); | |
21608 | load_LDT_nolock(&next->context, cpu); | |
21609 | + | |
21610 | +#ifdef CONFIG_PAX_PAGEEXEC | |
21611 | + cpu_set(cpu, next->context.cpu_user_cs_mask); | |
21612 | +#endif | |
21613 | + | |
21614 | + set_user_cs(next, cpu); | |
21615 | } | |
21616 | } | |
21617 | #endif | |
21618 | diff -urNp linux-2.6.19.1/include/asm-i386/mmu.h linux-2.6.19.1/include/asm-i386/mmu.h | |
21619 | --- linux-2.6.19.1/include/asm-i386/mmu.h 2006-11-29 16:57:37.000000000 -0500 | |
21620 | +++ linux-2.6.19.1/include/asm-i386/mmu.h 2006-12-03 15:16:20.000000000 -0500 | |
21621 | @@ -11,8 +11,19 @@ | |
21622 | typedef struct { | |
21623 | int size; | |
21624 | struct semaphore sem; | |
21625 | - void *ldt; | |
21626 | - void *vdso; | |
21627 | + struct desc_struct *ldt; | |
21628 | + unsigned long vdso; | |
21629 | + | |
21630 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
21631 | + unsigned long user_cs_base; | |
21632 | + unsigned long user_cs_limit; | |
21633 | + | |
21634 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) | |
21635 | + cpumask_t cpu_user_cs_mask; | |
21636 | +#endif | |
21637 | + | |
21638 | +#endif | |
21639 | + | |
21640 | } mm_context_t; | |
21641 | ||
21642 | #endif | |
21643 | diff -urNp linux-2.6.19.1/include/asm-i386/module.h linux-2.6.19.1/include/asm-i386/module.h | |
21644 | --- linux-2.6.19.1/include/asm-i386/module.h 2006-11-29 16:57:37.000000000 -0500 | |
21645 | +++ linux-2.6.19.1/include/asm-i386/module.h 2006-12-03 15:16:20.000000000 -0500 | |
21646 | @@ -72,6 +72,12 @@ struct mod_arch_specific | |
21647 | #define MODULE_STACKSIZE "" | |
21648 | #endif | |
21649 | ||
21650 | -#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_REGPARM MODULE_STACKSIZE | |
21651 | +#ifdef CONFIG_GRKERNSEC | |
21652 | +#define MODULE_GRSEC "GRSECURITY " | |
21653 | +#else | |
21654 | +#define MODULE_GRSEC "" | |
21655 | +#endif | |
21656 | + | |
21657 | +#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_REGPARM MODULE_STACKSIZE MODULE_GRSEC | |
21658 | ||
21659 | #endif /* _ASM_I386_MODULE_H */ | |
21660 | diff -urNp linux-2.6.19.1/include/asm-i386/page.h linux-2.6.19.1/include/asm-i386/page.h | |
21661 | --- linux-2.6.19.1/include/asm-i386/page.h 2006-11-29 16:57:37.000000000 -0500 | |
21662 | +++ linux-2.6.19.1/include/asm-i386/page.h 2006-12-03 15:16:20.000000000 -0500 | |
21663 | @@ -51,13 +51,14 @@ typedef struct { unsigned long long pgpr | |
21664 | #define pmd_val(x) ((x).pmd) | |
21665 | #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) | |
21666 | #define __pmd(x) ((pmd_t) { (x) } ) | |
21667 | +#define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; }) | |
21668 | #define HPAGE_SHIFT 21 | |
21669 | #else | |
21670 | typedef struct { unsigned long pte_low; } pte_t; | |
21671 | typedef struct { unsigned long pgd; } pgd_t; | |
21672 | typedef struct { unsigned long pgprot; } pgprot_t; | |
21673 | -#define boot_pte_t pte_t /* or would you rather have a typedef */ | |
21674 | #define pte_val(x) ((x).pte_low) | |
21675 | +#define __pte(x) ((pte_t) { (x) } ) | |
21676 | #define HPAGE_SHIFT 22 | |
21677 | #endif | |
21678 | #define PTE_MASK PAGE_MASK | |
21679 | @@ -72,7 +73,6 @@ typedef struct { unsigned long pgprot; } | |
21680 | #define pgd_val(x) ((x).pgd) | |
21681 | #define pgprot_val(x) ((x).pgprot) | |
21682 | ||
21683 | -#define __pte(x) ((pte_t) { (x) } ) | |
21684 | #define __pgd(x) ((pgd_t) { (x) } ) | |
21685 | #define __pgprot(x) ((pgprot_t) { (x) } ) | |
21686 | ||
21687 | @@ -119,6 +119,15 @@ extern int page_is_ram(unsigned long pag | |
21688 | #endif | |
21689 | #define __KERNEL_START (__PAGE_OFFSET + __PHYSICAL_START) | |
21690 | ||
21691 | +#ifdef CONFIG_PAX_KERNEXEC | |
21692 | +#define __KERNEL_TEXT_OFFSET (__PAGE_OFFSET + ((__PHYSICAL_START + ~(4*1024*1024)) & (4*1024*1024))) | |
21693 | +#ifndef __ASSEMBLY__ | |
21694 | +extern unsigned char MODULES_VADDR[]; | |
21695 | +extern unsigned char MODULES_END[]; | |
21696 | +#endif | |
21697 | +#else | |
21698 | +#define __KERNEL_TEXT_OFFSET (0) | |
21699 | +#endif | |
21700 | ||
21701 | #define PAGE_OFFSET ((unsigned long)__PAGE_OFFSET) | |
21702 | #define VMALLOC_RESERVE ((unsigned long)__VMALLOC_RESERVE) | |
21703 | @@ -138,6 +147,19 @@ extern int page_is_ram(unsigned long pag | |
21704 | ((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \ | |
21705 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
21706 | ||
21707 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
21708 | +#ifdef CONFIG_PAX_MPROTECT | |
21709 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
21710 | + ((current->mm->pax_flags & (MF_PAX_PAGEEXEC|MF_PAX_SEGMEXEC))?0:VM_EXEC)) | |
21711 | +#else | |
21712 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & (MF_PAX_PAGEEXEC|MF_PAX_SEGMEXEC))?0:VM_EXEC)) | |
21713 | +#endif | |
21714 | +#endif | |
21715 | + | |
21716 | +#ifdef CONFIG_PAX_PAGEEXEC | |
21717 | +#define CONFIG_ARCH_TRACK_EXEC_LIMIT 1 | |
21718 | +#endif | |
21719 | + | |
21720 | #include <asm-generic/memory_model.h> | |
21721 | #include <asm-generic/page.h> | |
21722 | ||
21723 | diff -urNp linux-2.6.19.1/include/asm-i386/pgalloc.h linux-2.6.19.1/include/asm-i386/pgalloc.h | |
21724 | --- linux-2.6.19.1/include/asm-i386/pgalloc.h 2006-11-29 16:57:37.000000000 -0500 | |
21725 | +++ linux-2.6.19.1/include/asm-i386/pgalloc.h 2006-12-03 15:16:20.000000000 -0500 | |
21726 | @@ -2,11 +2,17 @@ | |
21727 | #define _I386_PGALLOC_H | |
21728 | ||
21729 | #include <asm/fixmap.h> | |
21730 | +#include <asm/desc.h> | |
21731 | #include <linux/threads.h> | |
21732 | #include <linux/mm.h> /* for struct page */ | |
21733 | ||
21734 | +#ifdef CONFIG_COMPAT_VDSO | |
21735 | #define pmd_populate_kernel(mm, pmd, pte) \ | |
21736 | set_pmd(pmd, __pmd(_PAGE_TABLE + __pa(pte))) | |
21737 | +#else | |
21738 | +#define pmd_populate_kernel(mm, pmd, pte) \ | |
21739 | + set_pmd(pmd, __pmd(_KERNPG_TABLE + __pa(pte))) | |
21740 | +#endif | |
21741 | ||
21742 | #define pmd_populate(mm, pmd, pte) \ | |
21743 | set_pmd(pmd, __pmd(_PAGE_TABLE + \ | |
21744 | diff -urNp linux-2.6.19.1/include/asm-i386/pgtable.h linux-2.6.19.1/include/asm-i386/pgtable.h | |
21745 | --- linux-2.6.19.1/include/asm-i386/pgtable.h 2006-11-29 16:57:37.000000000 -0500 | |
21746 | +++ linux-2.6.19.1/include/asm-i386/pgtable.h 2006-12-03 15:16:20.000000000 -0500 | |
21747 | @@ -33,7 +33,6 @@ struct vm_area_struct; | |
21748 | */ | |
21749 | #define ZERO_PAGE(vaddr) (virt_to_page(empty_zero_page)) | |
21750 | extern unsigned long empty_zero_page[1024]; | |
21751 | -extern pgd_t swapper_pg_dir[1024]; | |
21752 | extern kmem_cache_t *pgd_cache; | |
21753 | extern kmem_cache_t *pmd_cache; | |
21754 | extern spinlock_t pgd_lock; | |
21755 | @@ -58,6 +57,11 @@ void paging_init(void); | |
21756 | # include <asm/pgtable-2level-defs.h> | |
21757 | #endif | |
21758 | ||
21759 | +extern pgd_t swapper_pg_dir[PTRS_PER_PGD]; | |
21760 | +#ifdef CONFIG_X86_PAE | |
21761 | +extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD]; | |
21762 | +#endif | |
21763 | + | |
21764 | #define PGDIR_SIZE (1UL << PGDIR_SHIFT) | |
21765 | #define PGDIR_MASK (~(PGDIR_SIZE-1)) | |
21766 | ||
21767 | @@ -67,9 +71,11 @@ void paging_init(void); | |
21768 | #define USER_PGD_PTRS (PAGE_OFFSET >> PGDIR_SHIFT) | |
21769 | #define KERNEL_PGD_PTRS (PTRS_PER_PGD-USER_PGD_PTRS) | |
21770 | ||
21771 | +#ifndef CONFIG_X86_PAE | |
21772 | #define TWOLEVEL_PGDIR_SHIFT 22 | |
21773 | #define BOOT_USER_PGD_PTRS (__PAGE_OFFSET >> TWOLEVEL_PGDIR_SHIFT) | |
21774 | #define BOOT_KERNEL_PGD_PTRS (1024-BOOT_USER_PGD_PTRS) | |
21775 | +#endif | |
21776 | ||
21777 | /* Just any arbitrary offset to the start of the vmalloc VM area: the | |
21778 | * current 8MB value just means that there will be a 8MB "hole" after the | |
21779 | @@ -140,17 +146,26 @@ void paging_init(void); | |
21780 | ||
21781 | #define PAGE_SHARED_EXEC \ | |
21782 | __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | _PAGE_ACCESSED) | |
21783 | -#define PAGE_COPY_NOEXEC \ | |
21784 | - __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED | _PAGE_NX) | |
21785 | #define PAGE_COPY_EXEC \ | |
21786 | __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED) | |
21787 | -#define PAGE_COPY \ | |
21788 | - PAGE_COPY_NOEXEC | |
21789 | #define PAGE_READONLY \ | |
21790 | __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED | _PAGE_NX) | |
21791 | #define PAGE_READONLY_EXEC \ | |
21792 | __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED) | |
21793 | ||
21794 | +#ifdef CONFIG_PAX_PAGEEXEC | |
21795 | +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_RW | _PAGE_ACCESSED) | |
21796 | +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED) | |
21797 | +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_ACCESSED) | |
21798 | +#else | |
21799 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
21800 | +# define PAGE_COPY_NOEXEC \ | |
21801 | + __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED | _PAGE_NX) | |
21802 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
21803 | +#endif | |
21804 | + | |
21805 | +#define PAGE_COPY \ | |
21806 | + PAGE_COPY_NOEXEC | |
21807 | #define _PAGE_KERNEL \ | |
21808 | (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_NX) | |
21809 | #define _PAGE_KERNEL_EXEC \ | |
21810 | @@ -175,18 +190,18 @@ extern unsigned long long __PAGE_KERNEL, | |
21811 | * This is the closest we can get.. | |
21812 | */ | |
21813 | #define __P000 PAGE_NONE | |
21814 | -#define __P001 PAGE_READONLY | |
21815 | -#define __P010 PAGE_COPY | |
21816 | -#define __P011 PAGE_COPY | |
21817 | +#define __P001 PAGE_READONLY_NOEXEC | |
21818 | +#define __P010 PAGE_COPY_NOEXEC | |
21819 | +#define __P011 PAGE_COPY_NOEXEC | |
21820 | #define __P100 PAGE_READONLY_EXEC | |
21821 | #define __P101 PAGE_READONLY_EXEC | |
21822 | #define __P110 PAGE_COPY_EXEC | |
21823 | #define __P111 PAGE_COPY_EXEC | |
21824 | ||
21825 | #define __S000 PAGE_NONE | |
21826 | -#define __S001 PAGE_READONLY | |
21827 | -#define __S010 PAGE_SHARED | |
21828 | -#define __S011 PAGE_SHARED | |
21829 | +#define __S001 PAGE_READONLY_NOEXEC | |
21830 | +#define __S010 PAGE_SHARED_NOEXEC | |
21831 | +#define __S011 PAGE_SHARED_NOEXEC | |
21832 | #define __S100 PAGE_READONLY_EXEC | |
21833 | #define __S101 PAGE_READONLY_EXEC | |
21834 | #define __S110 PAGE_SHARED_EXEC | |
21835 | @@ -487,6 +502,9 @@ do { \ | |
21836 | #define update_mmu_cache(vma,address,pte) do { } while (0) | |
21837 | #endif /* !__ASSEMBLY__ */ | |
21838 | ||
21839 | +#define HAVE_ARCH_UNMAPPED_AREA | |
21840 | +#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN | |
21841 | + | |
21842 | #ifdef CONFIG_FLATMEM | |
21843 | #define kern_addr_valid(addr) (1) | |
21844 | #endif /* CONFIG_FLATMEM */ | |
21845 | diff -urNp linux-2.6.19.1/include/asm-i386/processor.h linux-2.6.19.1/include/asm-i386/processor.h | |
21846 | --- linux-2.6.19.1/include/asm-i386/processor.h 2006-11-29 16:57:37.000000000 -0500 | |
21847 | +++ linux-2.6.19.1/include/asm-i386/processor.h 2006-12-03 15:16:20.000000000 -0500 | |
21848 | @@ -18,7 +18,6 @@ | |
21849 | #include <asm/system.h> | |
21850 | #include <linux/cache.h> | |
21851 | #include <linux/threads.h> | |
21852 | -#include <asm/percpu.h> | |
21853 | #include <linux/cpumask.h> | |
21854 | ||
21855 | /* flag for disabling the tsc */ | |
21856 | @@ -97,8 +96,6 @@ struct cpuinfo_x86 { | |
21857 | ||
21858 | extern struct cpuinfo_x86 boot_cpu_data; | |
21859 | extern struct cpuinfo_x86 new_cpu_data; | |
21860 | -extern struct tss_struct doublefault_tss; | |
21861 | -DECLARE_PER_CPU(struct tss_struct, init_tss); | |
21862 | ||
21863 | #ifdef CONFIG_SMP | |
21864 | extern struct cpuinfo_x86 cpu_data[]; | |
21865 | @@ -323,10 +320,19 @@ extern int bootloader_type; | |
21866 | */ | |
21867 | #define TASK_SIZE (PAGE_OFFSET) | |
21868 | ||
21869 | +#ifdef CONFIG_PAX_SEGMEXEC | |
21870 | +#define SEGMEXEC_TASK_SIZE ((PAGE_OFFSET) / 2) | |
21871 | +#endif | |
21872 | + | |
21873 | /* This decides where the kernel will search for a free chunk of vm | |
21874 | * space during mmap's. | |
21875 | */ | |
21876 | + | |
21877 | +#ifdef CONFIG_PAX_SEGMEXEC | |
21878 | +#define TASK_UNMAPPED_BASE (PAGE_ALIGN((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3 : TASK_SIZE/3)) | |
21879 | +#else | |
21880 | #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) | |
21881 | +#endif | |
21882 | ||
21883 | #define HAVE_ARCH_PICK_MMAP_LAYOUT | |
21884 | ||
21885 | @@ -442,6 +448,9 @@ struct tss_struct { | |
21886 | ||
21887 | #define ARCH_MIN_TASKALIGN 16 | |
21888 | ||
21889 | +extern struct tss_struct doublefault_tss; | |
21890 | +extern struct tss_struct init_tss[NR_CPUS]; | |
21891 | + | |
21892 | struct thread_struct { | |
21893 | /* cached TLS descriptors. */ | |
21894 | struct desc_struct tls_array[GDT_ENTRY_TLS_ENTRIES]; | |
21895 | @@ -470,6 +479,7 @@ struct thread_struct { | |
21896 | }; | |
21897 | ||
21898 | #define INIT_THREAD { \ | |
21899 | + .esp0 = sizeof(init_stack) + (long)&init_stack - 8, \ | |
21900 | .vm86_info = NULL, \ | |
21901 | .sysenter_cs = __KERNEL_CS, \ | |
21902 | .io_bitmap_ptr = NULL, \ | |
21903 | @@ -482,7 +492,7 @@ struct thread_struct { | |
21904 | * be within the limit. | |
21905 | */ | |
21906 | #define INIT_TSS { \ | |
21907 | - .esp0 = sizeof(init_stack) + (long)&init_stack, \ | |
21908 | + .esp0 = sizeof(init_stack) + (long)&init_stack - 8, \ | |
21909 | .ss0 = __KERNEL_DS, \ | |
21910 | .ss1 = __KERNEL_CS, \ | |
21911 | .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ | |
21912 | @@ -558,11 +568,7 @@ void show_trace(struct task_struct *task | |
21913 | unsigned long get_wchan(struct task_struct *p); | |
21914 | ||
21915 | #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) | |
21916 | -#define KSTK_TOP(info) \ | |
21917 | -({ \ | |
21918 | - unsigned long *__ptr = (unsigned long *)(info); \ | |
21919 | - (unsigned long)(&__ptr[THREAD_SIZE_LONGS]); \ | |
21920 | -}) | |
21921 | +#define KSTK_TOP(info) ((info)->task.thread.esp0) | |
21922 | ||
21923 | /* | |
21924 | * The below -8 is to reserve 8 bytes on top of the ring0 stack. | |
21925 | @@ -577,7 +583,7 @@ unsigned long get_wchan(struct task_stru | |
21926 | #define task_pt_regs(task) \ | |
21927 | ({ \ | |
21928 | struct pt_regs *__regs__; \ | |
21929 | - __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \ | |
21930 | + __regs__ = (struct pt_regs *)((task)->thread.esp0); \ | |
21931 | __regs__ - 1; \ | |
21932 | }) | |
21933 | ||
21934 | diff -urNp linux-2.6.19.1/include/asm-i386/ptrace.h linux-2.6.19.1/include/asm-i386/ptrace.h | |
21935 | --- linux-2.6.19.1/include/asm-i386/ptrace.h 2006-11-29 16:57:37.000000000 -0500 | |
21936 | +++ linux-2.6.19.1/include/asm-i386/ptrace.h 2006-12-03 15:16:20.000000000 -0500 | |
21937 | @@ -33,17 +33,18 @@ struct task_struct; | |
21938 | extern void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, int error_code); | |
21939 | ||
21940 | /* | |
21941 | - * user_mode_vm(regs) determines whether a register set came from user mode. | |
21942 | + * user_mode(regs) determines whether a register set came from user mode. | |
21943 | * This is true if V8086 mode was enabled OR if the register set was from | |
21944 | * protected mode with RPL-3 CS value. This tricky test checks that with | |
21945 | * one comparison. Many places in the kernel can bypass this full check | |
21946 | - * if they have already ruled out V8086 mode, so user_mode(regs) can be used. | |
21947 | + * if they have already ruled out V8086 mode, so user_mode_novm(regs) can | |
21948 | + * be used. | |
21949 | */ | |
21950 | -static inline int user_mode(struct pt_regs *regs) | |
21951 | +static inline int user_mode_novm(struct pt_regs *regs) | |
21952 | { | |
21953 | return (regs->xcs & SEGMENT_RPL_MASK) == USER_RPL; | |
21954 | } | |
21955 | -static inline int user_mode_vm(struct pt_regs *regs) | |
21956 | +static inline int user_mode(struct pt_regs *regs) | |
21957 | { | |
21958 | return ((regs->xcs & SEGMENT_RPL_MASK) | (regs->eflags & VM_MASK)) >= USER_RPL; | |
21959 | } | |
21960 | diff -urNp linux-2.6.19.1/include/asm-i386/segment.h linux-2.6.19.1/include/asm-i386/segment.h | |
21961 | --- linux-2.6.19.1/include/asm-i386/segment.h 2006-11-29 16:57:37.000000000 -0500 | |
21962 | +++ linux-2.6.19.1/include/asm-i386/segment.h 2006-12-03 15:16:20.000000000 -0500 | |
21963 | @@ -84,9 +84,9 @@ | |
21964 | #define GDT_SIZE (GDT_ENTRIES * 8) | |
21965 | ||
21966 | /* Matches __KERNEL_CS and __USER_CS (they must be 2 entries apart) */ | |
21967 | -#define SEGMENT_IS_FLAT_CODE(x) (((x) & 0xec) == GDT_ENTRY_KERNEL_CS * 8) | |
21968 | +#define SEGMENT_IS_FLAT_CODE(x) (((x) & 0xFFFCU) == __KERNEL_CS || ((x) & 0xFFFCU) == __USER_CS) | |
21969 | /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */ | |
21970 | -#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xf4) == GDT_ENTRY_PNPBIOS_BASE * 8) | |
21971 | +#define SEGMENT_IS_PNP_CODE(x) (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16) | |
21972 | ||
21973 | /* Simple and small GDT entries for booting only */ | |
21974 | ||
21975 | diff -urNp linux-2.6.19.1/include/asm-i386/system.h linux-2.6.19.1/include/asm-i386/system.h | |
21976 | --- linux-2.6.19.1/include/asm-i386/system.h 2006-11-29 16:57:37.000000000 -0500 | |
21977 | +++ linux-2.6.19.1/include/asm-i386/system.h 2006-12-03 15:16:20.000000000 -0500 | |
21978 | @@ -4,6 +4,7 @@ | |
21979 | #include <linux/kernel.h> | |
21980 | #include <asm/segment.h> | |
21981 | #include <asm/cpufeature.h> | |
21982 | +#include <asm/page.h> | |
21983 | #include <linux/bitops.h> /* for LOCK_PREFIX */ | |
21984 | ||
21985 | #ifdef __KERNEL__ | |
21986 | @@ -155,7 +156,7 @@ static inline unsigned long get_limit(un | |
21987 | unsigned long __limit; | |
21988 | __asm__("lsll %1,%0" | |
21989 | :"=r" (__limit):"r" (segment)); | |
21990 | - return __limit+1; | |
21991 | + return __limit; | |
21992 | } | |
21993 | ||
21994 | #define nop() __asm__ __volatile__ ("nop") | |
21995 | @@ -516,7 +517,7 @@ static inline void sched_cacheflush(void | |
21996 | wbinvd(); | |
21997 | } | |
21998 | ||
21999 | -extern unsigned long arch_align_stack(unsigned long sp); | |
22000 | +#define arch_align_stack(x) (x) | |
22001 | extern void free_init_pages(char *what, unsigned long begin, unsigned long end); | |
22002 | ||
22003 | void default_idle(void); | |
22004 | diff -urNp linux-2.6.19.1/include/asm-i386/uaccess.h linux-2.6.19.1/include/asm-i386/uaccess.h | |
22005 | --- linux-2.6.19.1/include/asm-i386/uaccess.h 2006-11-29 16:57:37.000000000 -0500 | |
22006 | +++ linux-2.6.19.1/include/asm-i386/uaccess.h 2006-12-03 15:16:20.000000000 -0500 | |
22007 | @@ -9,6 +9,8 @@ | |
22008 | #include <linux/prefetch.h> | |
22009 | #include <linux/string.h> | |
22010 | #include <asm/page.h> | |
22011 | +#include <asm/segment.h> | |
22012 | +#include <asm/desc.h> | |
22013 | ||
22014 | #define VERIFY_READ 0 | |
22015 | #define VERIFY_WRITE 1 | |
22016 | @@ -29,7 +31,8 @@ | |
22017 | ||
22018 | #define get_ds() (KERNEL_DS) | |
22019 | #define get_fs() (current_thread_info()->addr_limit) | |
22020 | -#define set_fs(x) (current_thread_info()->addr_limit = (x)) | |
22021 | +void __set_fs(mm_segment_t x, int cpu); | |
22022 | +void set_fs(mm_segment_t x); | |
22023 | ||
22024 | #define segment_eq(a,b) ((a).seg == (b).seg) | |
22025 | ||
22026 | @@ -280,9 +283,12 @@ extern void __put_user_8(void); | |
22027 | ||
22028 | #define __put_user_u64(x, addr, err) \ | |
22029 | __asm__ __volatile__( \ | |
22030 | - "1: movl %%eax,0(%2)\n" \ | |
22031 | - "2: movl %%edx,4(%2)\n" \ | |
22032 | + " movw %w5,%%ds\n" \ | |
22033 | + "1: movl %%eax,%%ds:0(%2)\n" \ | |
22034 | + "2: movl %%edx,%%ds:4(%2)\n" \ | |
22035 | "3:\n" \ | |
22036 | + " pushl %%ss\n" \ | |
22037 | + " popl %%ds\n" \ | |
22038 | ".section .fixup,\"ax\"\n" \ | |
22039 | "4: movl %3,%0\n" \ | |
22040 | " jmp 3b\n" \ | |
22041 | @@ -293,7 +299,8 @@ extern void __put_user_8(void); | |
22042 | " .long 2b,4b\n" \ | |
22043 | ".previous" \ | |
22044 | : "=r"(err) \ | |
22045 | - : "A" (x), "r" (addr), "i"(-EFAULT), "0"(err)) | |
22046 | + : "A" (x), "r" (addr), "i"(-EFAULT), "0"(err), \ | |
22047 | + "r"(__USER_DS)) | |
22048 | ||
22049 | #ifdef CONFIG_X86_WP_WORKS_OK | |
22050 | ||
22051 | @@ -332,8 +339,11 @@ struct __large_struct { unsigned long bu | |
22052 | */ | |
22053 | #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
22054 | __asm__ __volatile__( \ | |
22055 | - "1: mov"itype" %"rtype"1,%2\n" \ | |
22056 | + " movw %w5,%%ds\n" \ | |
22057 | + "1: mov"itype" %"rtype"1,%%ds:%2\n" \ | |
22058 | "2:\n" \ | |
22059 | + " pushl %%ss\n" \ | |
22060 | + " popl %%ds\n" \ | |
22061 | ".section .fixup,\"ax\"\n" \ | |
22062 | "3: movl %3,%0\n" \ | |
22063 | " jmp 2b\n" \ | |
22064 | @@ -343,7 +353,8 @@ struct __large_struct { unsigned long bu | |
22065 | " .long 1b,3b\n" \ | |
22066 | ".previous" \ | |
22067 | : "=r"(err) \ | |
22068 | - : ltype (x), "m"(__m(addr)), "i"(errret), "0"(err)) | |
22069 | + : ltype (x), "m"(__m(addr)), "i"(errret), "0"(err), \ | |
22070 | + "r"(__USER_DS)) | |
22071 | ||
22072 | ||
22073 | #define __get_user_nocheck(x,ptr,size) \ | |
22074 | @@ -371,8 +382,11 @@ do { \ | |
22075 | ||
22076 | #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | |
22077 | __asm__ __volatile__( \ | |
22078 | - "1: mov"itype" %2,%"rtype"1\n" \ | |
22079 | + " movw %w5,%%ds\n" \ | |
22080 | + "1: mov"itype" %%ds:%2,%"rtype"1\n" \ | |
22081 | "2:\n" \ | |
22082 | + " pushl %%ss\n" \ | |
22083 | + " popl %%ds\n" \ | |
22084 | ".section .fixup,\"ax\"\n" \ | |
22085 | "3: movl %3,%0\n" \ | |
22086 | " xor"itype" %"rtype"1,%"rtype"1\n" \ | |
22087 | @@ -383,7 +397,7 @@ do { \ | |
22088 | " .long 1b,3b\n" \ | |
22089 | ".previous" \ | |
22090 | : "=r"(err), ltype (x) \ | |
22091 | - : "m"(__m(addr)), "i"(errret), "0"(err)) | |
22092 | + : "m"(__m(addr)), "i"(errret), "0"(err), "r"(__USER_DS)) | |
22093 | ||
22094 | ||
22095 | unsigned long __must_check __copy_to_user_ll(void __user *to, | |
22096 | diff -urNp linux-2.6.19.1/include/asm-i386/unwind.h linux-2.6.19.1/include/asm-i386/unwind.h | |
22097 | --- linux-2.6.19.1/include/asm-i386/unwind.h 2006-11-29 16:57:37.000000000 -0500 | |
22098 | +++ linux-2.6.19.1/include/asm-i386/unwind.h 2006-12-03 15:16:20.000000000 -0500 | |
22099 | @@ -52,7 +52,7 @@ struct unwind_frame_info | |
22100 | static inline void arch_unw_init_frame_info(struct unwind_frame_info *info, | |
22101 | /*const*/ struct pt_regs *regs) | |
22102 | { | |
22103 | - if (user_mode_vm(regs)) | |
22104 | + if (user_mode(regs)) | |
22105 | info->regs = *regs; | |
22106 | else { | |
22107 | memcpy(&info->regs, regs, offsetof(struct pt_regs, esp)); | |
22108 | @@ -69,8 +69,8 @@ static inline void arch_unw_init_blocked | |
22109 | __get_user(info->regs.ebp, (long *)info->task->thread.esp); | |
22110 | info->regs.esp = info->task->thread.esp; | |
22111 | info->regs.xss = __KERNEL_DS; | |
22112 | - info->regs.xds = __USER_DS; | |
22113 | - info->regs.xes = __USER_DS; | |
22114 | + info->regs.xds = __KERNEL_DS; | |
22115 | + info->regs.xes = __KERNEL_DS; | |
22116 | } | |
22117 | ||
22118 | extern asmlinkage int arch_unwind_init_running(struct unwind_frame_info *, | |
22119 | @@ -82,9 +82,9 @@ static inline int arch_unw_user_mode(con | |
22120 | { | |
22121 | #if 0 /* This can only work when selector register and EFLAGS saves/restores | |
22122 | are properly annotated (and tracked in UNW_REGISTER_INFO). */ | |
22123 | - return user_mode_vm(&info->regs); | |
22124 | + return user_mode(&info->regs); | |
22125 | #else | |
22126 | - return info->regs.eip < PAGE_OFFSET | |
22127 | + return (info->regs.eip < PAGE_OFFSET && (info->regs.xcs & 0xFFFF) != __KERNEL_CS) | |
22128 | || (info->regs.eip >= __fix_to_virt(FIX_VDSO) | |
22129 | && info->regs.eip < __fix_to_virt(FIX_VDSO) + PAGE_SIZE) | |
22130 | || info->regs.esp < PAGE_OFFSET; | |
22131 | diff -urNp linux-2.6.19.1/include/asm-ia64/elf.h linux-2.6.19.1/include/asm-ia64/elf.h | |
22132 | --- linux-2.6.19.1/include/asm-ia64/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
22133 | +++ linux-2.6.19.1/include/asm-ia64/elf.h 2006-12-03 15:16:20.000000000 -0500 | |
22134 | @@ -162,6 +162,16 @@ typedef elf_greg_t elf_gregset_t[ELF_NGR | |
22135 | typedef struct ia64_fpreg elf_fpreg_t; | |
22136 | typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; | |
22137 | ||
22138 | +#ifdef CONFIG_PAX_ASLR | |
22139 | +#define PAX_ELF_ET_DYN_BASE(tsk) ((tsk)->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL) | |
22140 | + | |
22141 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
22142 | +#define PAX_DELTA_MMAP_LEN(tsk) ((tsk)->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13) | |
22143 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
22144 | +#define PAX_DELTA_EXEC_LEN(tsk) ((tsk)->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13) | |
22145 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22146 | +#define PAX_DELTA_STACK_LEN(tsk) ((tsk)->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13) | |
22147 | +#endif | |
22148 | ||
22149 | ||
22150 | struct pt_regs; /* forward declaration... */ | |
22151 | diff -urNp linux-2.6.19.1/include/asm-ia64/kmap_types.h linux-2.6.19.1/include/asm-ia64/kmap_types.h | |
22152 | --- linux-2.6.19.1/include/asm-ia64/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22153 | +++ linux-2.6.19.1/include/asm-ia64/kmap_types.h 2006-12-03 15:16:20.000000000 -0500 | |
22154 | @@ -22,7 +22,8 @@ D(9) KM_IRQ0, | |
22155 | D(10) KM_IRQ1, | |
22156 | D(11) KM_SOFTIRQ0, | |
22157 | D(12) KM_SOFTIRQ1, | |
22158 | -D(13) KM_TYPE_NR | |
22159 | +D(13) KM_CLEARPAGE, | |
22160 | +D(14) KM_TYPE_NR | |
22161 | }; | |
22162 | ||
22163 | #undef D | |
22164 | diff -urNp linux-2.6.19.1/include/asm-ia64/page.h linux-2.6.19.1/include/asm-ia64/page.h | |
22165 | --- linux-2.6.19.1/include/asm-ia64/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22166 | +++ linux-2.6.19.1/include/asm-ia64/page.h 2006-12-03 15:16:20.000000000 -0500 | |
22167 | @@ -227,5 +227,14 @@ get_order (unsigned long size) | |
22168 | (((current->personality & READ_IMPLIES_EXEC) != 0) \ | |
22169 | ? VM_EXEC : 0)) | |
22170 | ||
22171 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22172 | +#ifdef CONFIG_PAX_MPROTECT | |
22173 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22174 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22175 | +#else | |
22176 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22177 | +#endif | |
22178 | +#endif | |
22179 | + | |
22180 | # endif /* __KERNEL__ */ | |
22181 | #endif /* _ASM_IA64_PAGE_H */ | |
22182 | diff -urNp linux-2.6.19.1/include/asm-ia64/pgtable.h linux-2.6.19.1/include/asm-ia64/pgtable.h | |
22183 | --- linux-2.6.19.1/include/asm-ia64/pgtable.h 2006-11-29 16:57:37.000000000 -0500 | |
22184 | +++ linux-2.6.19.1/include/asm-ia64/pgtable.h 2006-12-03 15:16:20.000000000 -0500 | |
22185 | @@ -143,6 +143,17 @@ | |
22186 | #define PAGE_READONLY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
22187 | #define PAGE_COPY __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
22188 | #define PAGE_COPY_EXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX) | |
22189 | + | |
22190 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22191 | +# define PAGE_SHARED_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW) | |
22192 | +# define PAGE_READONLY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
22193 | +# define PAGE_COPY_NOEXEC __pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R) | |
22194 | +#else | |
22195 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
22196 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
22197 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
22198 | +#endif | |
22199 | + | |
22200 | #define PAGE_GATE __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX) | |
22201 | #define PAGE_KERNEL __pgprot(__DIRTY_BITS | _PAGE_PL_0 | _PAGE_AR_RWX) | |
22202 | #define PAGE_KERNELRX __pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX) | |
22203 | diff -urNp linux-2.6.19.1/include/asm-ia64/processor.h linux-2.6.19.1/include/asm-ia64/processor.h | |
22204 | --- linux-2.6.19.1/include/asm-ia64/processor.h 2006-11-29 16:57:37.000000000 -0500 | |
22205 | +++ linux-2.6.19.1/include/asm-ia64/processor.h 2006-12-03 15:16:20.000000000 -0500 | |
22206 | @@ -274,7 +274,7 @@ struct thread_struct { | |
22207 | .on_ustack = 0, \ | |
22208 | .ksp = 0, \ | |
22209 | .map_base = DEFAULT_MAP_BASE, \ | |
22210 | - .rbs_bot = STACK_TOP - DEFAULT_USER_STACK_SIZE, \ | |
22211 | + .rbs_bot = __STACK_TOP - DEFAULT_USER_STACK_SIZE, \ | |
22212 | .task_size = DEFAULT_TASK_SIZE, \ | |
22213 | .last_fph_cpu = -1, \ | |
22214 | INIT_THREAD_IA32 \ | |
22215 | diff -urNp linux-2.6.19.1/include/asm-ia64/ustack.h linux-2.6.19.1/include/asm-ia64/ustack.h | |
22216 | --- linux-2.6.19.1/include/asm-ia64/ustack.h 2006-11-29 16:57:37.000000000 -0500 | |
22217 | +++ linux-2.6.19.1/include/asm-ia64/ustack.h 2006-12-03 15:16:20.000000000 -0500 | |
22218 | @@ -10,10 +10,10 @@ | |
22219 | ||
22220 | /* The absolute hard limit for stack size is 1/2 of the mappable space in the region */ | |
22221 | #define MAX_USER_STACK_SIZE (RGN_MAP_LIMIT/2) | |
22222 | -#define STACK_TOP (0x6000000000000000UL + RGN_MAP_LIMIT) | |
22223 | +#define __STACK_TOP (0x6000000000000000UL + RGN_MAP_LIMIT) | |
22224 | #endif | |
22225 | ||
22226 | -/* Make a default stack size of 2GiB */ | |
22227 | +/* Make a default stack size of 2GB */ | |
22228 | #define DEFAULT_USER_STACK_SIZE (1UL << 31) | |
22229 | ||
22230 | #endif /* _ASM_IA64_USTACK_H */ | |
22231 | diff -urNp linux-2.6.19.1/include/asm-m32r/kmap_types.h linux-2.6.19.1/include/asm-m32r/kmap_types.h | |
22232 | --- linux-2.6.19.1/include/asm-m32r/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22233 | +++ linux-2.6.19.1/include/asm-m32r/kmap_types.h 2006-12-03 15:16:20.000000000 -0500 | |
22234 | @@ -24,7 +24,8 @@ D(9) KM_IRQ0, | |
22235 | D(10) KM_IRQ1, | |
22236 | D(11) KM_SOFTIRQ0, | |
22237 | D(12) KM_SOFTIRQ1, | |
22238 | -D(13) KM_TYPE_NR | |
22239 | +D(13) KM_CLEARPAGE, | |
22240 | +D(14) KM_TYPE_NR | |
22241 | }; | |
22242 | ||
22243 | #undef D | |
22244 | diff -urNp linux-2.6.19.1/include/asm-m68k/kmap_types.h linux-2.6.19.1/include/asm-m68k/kmap_types.h | |
22245 | --- linux-2.6.19.1/include/asm-m68k/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22246 | +++ linux-2.6.19.1/include/asm-m68k/kmap_types.h 2006-12-03 15:16:20.000000000 -0500 | |
22247 | @@ -15,6 +15,7 @@ enum km_type { | |
22248 | KM_IRQ1, | |
22249 | KM_SOFTIRQ0, | |
22250 | KM_SOFTIRQ1, | |
22251 | + KM_CLEARPAGE, | |
22252 | KM_TYPE_NR | |
22253 | }; | |
22254 | ||
22255 | diff -urNp linux-2.6.19.1/include/asm-m68knommu/kmap_types.h linux-2.6.19.1/include/asm-m68knommu/kmap_types.h | |
22256 | --- linux-2.6.19.1/include/asm-m68knommu/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22257 | +++ linux-2.6.19.1/include/asm-m68knommu/kmap_types.h 2006-12-03 15:16:20.000000000 -0500 | |
22258 | @@ -15,6 +15,7 @@ enum km_type { | |
22259 | KM_IRQ1, | |
22260 | KM_SOFTIRQ0, | |
22261 | KM_SOFTIRQ1, | |
22262 | + KM_CLEARPAGE, | |
22263 | KM_TYPE_NR | |
22264 | }; | |
22265 | ||
22266 | diff -urNp linux-2.6.19.1/include/asm-mips/a.out.h linux-2.6.19.1/include/asm-mips/a.out.h | |
22267 | --- linux-2.6.19.1/include/asm-mips/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
22268 | +++ linux-2.6.19.1/include/asm-mips/a.out.h 2006-12-03 15:16:20.000000000 -0500 | |
22269 | @@ -35,10 +35,10 @@ struct exec | |
22270 | #ifdef __KERNEL__ | |
22271 | ||
22272 | #ifdef CONFIG_32BIT | |
22273 | -#define STACK_TOP TASK_SIZE | |
22274 | +#define __STACK_TOP TASK_SIZE | |
22275 | #endif | |
22276 | #ifdef CONFIG_64BIT | |
22277 | -#define STACK_TOP (current->thread.mflags & MF_32BIT_ADDR ? TASK_SIZE32 : TASK_SIZE) | |
22278 | +#define __STACK_TOP (current->thread.mflags & MF_32BIT_ADDR ? TASK_SIZE32 : TASK_SIZE) | |
22279 | #endif | |
22280 | ||
22281 | #endif | |
22282 | diff -urNp linux-2.6.19.1/include/asm-mips/elf.h linux-2.6.19.1/include/asm-mips/elf.h | |
22283 | --- linux-2.6.19.1/include/asm-mips/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
22284 | +++ linux-2.6.19.1/include/asm-mips/elf.h 2006-12-03 15:16:20.000000000 -0500 | |
22285 | @@ -371,4 +371,15 @@ extern int dump_task_fpu(struct task_str | |
22286 | #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) | |
22287 | #endif | |
22288 | ||
22289 | +#ifdef CONFIG_PAX_ASLR | |
22290 | +#define PAX_ELF_ET_DYN_BASE(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL) | |
22291 | + | |
22292 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
22293 | +#define PAX_DELTA_MMAP_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
22294 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
22295 | +#define PAX_DELTA_EXEC_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
22296 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22297 | +#define PAX_DELTA_STACK_LEN(tsk) (((tsk)->thread.mflags & MF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT) | |
22298 | +#endif | |
22299 | + | |
22300 | #endif /* _ASM_ELF_H */ | |
22301 | diff -urNp linux-2.6.19.1/include/asm-mips/kmap_types.h linux-2.6.19.1/include/asm-mips/kmap_types.h | |
22302 | --- linux-2.6.19.1/include/asm-mips/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22303 | +++ linux-2.6.19.1/include/asm-mips/kmap_types.h 2006-12-03 15:16:20.000000000 -0500 | |
22304 | @@ -22,7 +22,8 @@ D(9) KM_IRQ0, | |
22305 | D(10) KM_IRQ1, | |
22306 | D(11) KM_SOFTIRQ0, | |
22307 | D(12) KM_SOFTIRQ1, | |
22308 | -D(13) KM_TYPE_NR | |
22309 | +D(13) KM_CLEARPAGE, | |
22310 | +D(14) KM_TYPE_NR | |
22311 | }; | |
22312 | ||
22313 | #undef D | |
22314 | diff -urNp linux-2.6.19.1/include/asm-mips/page.h linux-2.6.19.1/include/asm-mips/page.h | |
22315 | --- linux-2.6.19.1/include/asm-mips/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22316 | +++ linux-2.6.19.1/include/asm-mips/page.h 2006-12-03 15:16:20.000000000 -0500 | |
22317 | @@ -77,7 +77,7 @@ static inline void copy_user_page(void * | |
22318 | #ifdef CONFIG_CPU_MIPS32 | |
22319 | typedef struct { unsigned long pte_low, pte_high; } pte_t; | |
22320 | #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) | |
22321 | - #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; }) | |
22322 | + #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; }) | |
22323 | #else | |
22324 | typedef struct { unsigned long long pte; } pte_t; | |
22325 | #define pte_val(x) ((x).pte) | |
22326 | @@ -166,6 +166,15 @@ typedef struct { unsigned long pgprot; } | |
22327 | #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \ | |
22328 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22329 | ||
22330 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22331 | +#ifdef CONFIG_PAX_MPROTECT | |
22332 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22333 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22334 | +#else | |
22335 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22336 | +#endif | |
22337 | +#endif | |
22338 | + | |
22339 | #define UNCAC_ADDR(addr) ((addr) - PAGE_OFFSET + UNCAC_BASE) | |
22340 | #define CAC_ADDR(addr) ((addr) - UNCAC_BASE + PAGE_OFFSET) | |
22341 | ||
22342 | diff -urNp linux-2.6.19.1/include/asm-parisc/a.out.h linux-2.6.19.1/include/asm-parisc/a.out.h | |
22343 | --- linux-2.6.19.1/include/asm-parisc/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
22344 | +++ linux-2.6.19.1/include/asm-parisc/a.out.h 2006-12-03 15:16:21.000000000 -0500 | |
22345 | @@ -22,7 +22,7 @@ struct exec | |
22346 | /* XXX: STACK_TOP actually should be STACK_BOTTOM for parisc. | |
22347 | * prumpf */ | |
22348 | ||
22349 | -#define STACK_TOP TASK_SIZE | |
22350 | +#define __STACK_TOP TASK_SIZE | |
22351 | ||
22352 | #endif | |
22353 | ||
22354 | diff -urNp linux-2.6.19.1/include/asm-parisc/elf.h linux-2.6.19.1/include/asm-parisc/elf.h | |
22355 | --- linux-2.6.19.1/include/asm-parisc/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
22356 | +++ linux-2.6.19.1/include/asm-parisc/elf.h 2006-12-03 15:16:21.000000000 -0500 | |
22357 | @@ -337,6 +337,17 @@ struct pt_regs; /* forward declaration.. | |
22358 | ||
22359 | #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x01000000) | |
22360 | ||
22361 | +#ifdef CONFIG_PAX_ASLR | |
22362 | +#define PAX_ELF_ET_DYN_BASE(tsk) 0x10000UL | |
22363 | + | |
22364 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
22365 | +#define PAX_DELTA_MMAP_LEN(tsk) 16 | |
22366 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
22367 | +#define PAX_DELTA_EXEC_LEN(tsk) 16 | |
22368 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22369 | +#define PAX_DELTA_STACK_LEN(tsk) 16 | |
22370 | +#endif | |
22371 | + | |
22372 | /* This yields a mask that user programs can use to figure out what | |
22373 | instruction set this CPU supports. This could be done in user space, | |
22374 | but it's not easy, and we've already done it here. */ | |
22375 | diff -urNp linux-2.6.19.1/include/asm-parisc/kmap_types.h linux-2.6.19.1/include/asm-parisc/kmap_types.h | |
22376 | --- linux-2.6.19.1/include/asm-parisc/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22377 | +++ linux-2.6.19.1/include/asm-parisc/kmap_types.h 2006-12-03 15:16:21.000000000 -0500 | |
22378 | @@ -22,7 +22,8 @@ D(9) KM_IRQ0, | |
22379 | D(10) KM_IRQ1, | |
22380 | D(11) KM_SOFTIRQ0, | |
22381 | D(12) KM_SOFTIRQ1, | |
22382 | -D(13) KM_TYPE_NR | |
22383 | +D(13) KM_CLEARPAGE, | |
22384 | +D(14) KM_TYPE_NR | |
22385 | }; | |
22386 | ||
22387 | #undef D | |
22388 | diff -urNp linux-2.6.19.1/include/asm-parisc/page.h linux-2.6.19.1/include/asm-parisc/page.h | |
22389 | --- linux-2.6.19.1/include/asm-parisc/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22390 | +++ linux-2.6.19.1/include/asm-parisc/page.h 2006-12-03 15:16:21.000000000 -0500 | |
22391 | @@ -166,6 +166,15 @@ extern int npmem_ranges; | |
22392 | #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \ | |
22393 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22394 | ||
22395 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22396 | +#ifdef CONFIG_PAX_MPROTECT | |
22397 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22398 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22399 | +#else | |
22400 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22401 | +#endif | |
22402 | +#endif | |
22403 | + | |
22404 | #include <asm-generic/memory_model.h> | |
22405 | #include <asm-generic/page.h> | |
22406 | ||
22407 | diff -urNp linux-2.6.19.1/include/asm-parisc/pgtable.h linux-2.6.19.1/include/asm-parisc/pgtable.h | |
22408 | --- linux-2.6.19.1/include/asm-parisc/pgtable.h 2006-11-29 16:57:37.000000000 -0500 | |
22409 | +++ linux-2.6.19.1/include/asm-parisc/pgtable.h 2006-12-03 15:16:21.000000000 -0500 | |
22410 | @@ -219,6 +219,17 @@ extern void *vmalloc_start; | |
22411 | #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED) | |
22412 | #define PAGE_COPY PAGE_EXECREAD | |
22413 | #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED) | |
22414 | + | |
22415 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22416 | +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED) | |
22417 | +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED) | |
22418 | +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED) | |
22419 | +#else | |
22420 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
22421 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
22422 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
22423 | +#endif | |
22424 | + | |
22425 | #define PAGE_KERNEL __pgprot(_PAGE_KERNEL) | |
22426 | #define PAGE_KERNEL_RO __pgprot(_PAGE_KERNEL & ~_PAGE_WRITE) | |
22427 | #define PAGE_KERNEL_UNC __pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE) | |
22428 | diff -urNp linux-2.6.19.1/include/asm-powerpc/a.out.h linux-2.6.19.1/include/asm-powerpc/a.out.h | |
22429 | --- linux-2.6.19.1/include/asm-powerpc/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
22430 | +++ linux-2.6.19.1/include/asm-powerpc/a.out.h 2006-12-03 15:16:21.000000000 -0500 | |
22431 | @@ -23,12 +23,12 @@ struct exec | |
22432 | #define STACK_TOP_USER64 TASK_SIZE_USER64 | |
22433 | #define STACK_TOP_USER32 TASK_SIZE_USER32 | |
22434 | ||
22435 | -#define STACK_TOP (test_thread_flag(TIF_32BIT) ? \ | |
22436 | +#define __STACK_TOP (test_thread_flag(TIF_32BIT) ? \ | |
22437 | STACK_TOP_USER32 : STACK_TOP_USER64) | |
22438 | ||
22439 | #else /* __powerpc64__ */ | |
22440 | ||
22441 | -#define STACK_TOP TASK_SIZE | |
22442 | +#define __STACK_TOP TASK_SIZE | |
22443 | ||
22444 | #endif /* __powerpc64__ */ | |
22445 | #endif /* __KERNEL__ */ | |
22446 | diff -urNp linux-2.6.19.1/include/asm-powerpc/elf.h linux-2.6.19.1/include/asm-powerpc/elf.h | |
22447 | --- linux-2.6.19.1/include/asm-powerpc/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
22448 | +++ linux-2.6.19.1/include/asm-powerpc/elf.h 2006-12-03 15:16:21.000000000 -0500 | |
22449 | @@ -161,6 +161,26 @@ typedef elf_vrreg_t elf_vrregset_t[ELF_N | |
22450 | typedef elf_vrreg_t elf_vrregset_t32[ELF_NVRREG32]; | |
22451 | #endif | |
22452 | ||
22453 | +#ifdef CONFIG_PAX_ASLR | |
22454 | +#define PAX_ELF_ET_DYN_BASE(tsk) (0x10000000UL) | |
22455 | + | |
22456 | +#ifdef __powerpc64__ | |
22457 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
22458 | +#define PAX_DELTA_MMAP_LEN(tsk) (test_thread_flag(TIF_32BIT) ? 16 : 28) | |
22459 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
22460 | +#define PAX_DELTA_EXEC_LEN(tsk) (test_thread_flag(TIF_32BIT) ? 16 : 28) | |
22461 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22462 | +#define PAX_DELTA_STACK_LEN(tsk) (test_thread_flag(TIF_32BIT) ? 16 : 28) | |
22463 | +#else | |
22464 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
22465 | +#define PAX_DELTA_MMAP_LEN(tsk) 15 | |
22466 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
22467 | +#define PAX_DELTA_EXEC_LEN(tsk) 15 | |
22468 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22469 | +#define PAX_DELTA_STACK_LEN(tsk) 15 | |
22470 | +#endif | |
22471 | +#endif | |
22472 | + | |
22473 | #ifdef __KERNEL__ | |
22474 | /* | |
22475 | * This is used to ensure we don't load something for the wrong architecture. | |
22476 | diff -urNp linux-2.6.19.1/include/asm-powerpc/kmap_types.h linux-2.6.19.1/include/asm-powerpc/kmap_types.h | |
22477 | --- linux-2.6.19.1/include/asm-powerpc/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22478 | +++ linux-2.6.19.1/include/asm-powerpc/kmap_types.h 2006-12-03 15:16:21.000000000 -0500 | |
22479 | @@ -26,6 +26,7 @@ enum km_type { | |
22480 | KM_SOFTIRQ1, | |
22481 | KM_PPC_SYNC_PAGE, | |
22482 | KM_PPC_SYNC_ICACHE, | |
22483 | + KM_CLEARPAGE, | |
22484 | KM_TYPE_NR | |
22485 | }; | |
22486 | ||
22487 | diff -urNp linux-2.6.19.1/include/asm-powerpc/page_64.h linux-2.6.19.1/include/asm-powerpc/page_64.h | |
22488 | --- linux-2.6.19.1/include/asm-powerpc/page_64.h 2006-11-29 16:57:37.000000000 -0500 | |
22489 | +++ linux-2.6.19.1/include/asm-powerpc/page_64.h 2006-12-03 15:16:21.000000000 -0500 | |
22490 | @@ -160,15 +160,18 @@ extern unsigned int HPAGE_SHIFT; | |
22491 | * stack by default, so in the absense of a PT_GNU_STACK program header | |
22492 | * we turn execute permission off. | |
22493 | */ | |
22494 | -#define VM_STACK_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \ | |
22495 | - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22496 | +#define VM_STACK_DEFAULT_FLAGS32 \ | |
22497 | + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \ | |
22498 | + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22499 | ||
22500 | #define VM_STACK_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ | |
22501 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22502 | ||
22503 | +#ifndef CONFIG_PAX_PAGEEXEC | |
22504 | #define VM_STACK_DEFAULT_FLAGS \ | |
22505 | (test_thread_flag(TIF_32BIT) ? \ | |
22506 | VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64) | |
22507 | +#endif | |
22508 | ||
22509 | #include <asm-generic/page.h> | |
22510 | ||
22511 | diff -urNp linux-2.6.19.1/include/asm-powerpc/page.h linux-2.6.19.1/include/asm-powerpc/page.h | |
22512 | --- linux-2.6.19.1/include/asm-powerpc/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22513 | +++ linux-2.6.19.1/include/asm-powerpc/page.h 2006-12-03 15:16:21.000000000 -0500 | |
22514 | @@ -71,8 +71,9 @@ | |
22515 | * and needs to be executable. This means the whole heap ends | |
22516 | * up being executable. | |
22517 | */ | |
22518 | -#define VM_DATA_DEFAULT_FLAGS32 (VM_READ | VM_WRITE | VM_EXEC | \ | |
22519 | - VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22520 | +#define VM_DATA_DEFAULT_FLAGS32 \ | |
22521 | + (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \ | |
22522 | + VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22523 | ||
22524 | #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ | |
22525 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22526 | @@ -83,6 +84,15 @@ | |
22527 | #include <asm/page_32.h> | |
22528 | #endif | |
22529 | ||
22530 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22531 | +#ifdef CONFIG_PAX_MPROTECT | |
22532 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22533 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22534 | +#else | |
22535 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22536 | +#endif | |
22537 | +#endif | |
22538 | + | |
22539 | /* align addr on a size boundary - adjust address up/down if needed */ | |
22540 | #define _ALIGN_UP(addr,size) (((addr)+((size)-1))&(~((size)-1))) | |
22541 | #define _ALIGN_DOWN(addr,size) ((addr)&(~((size)-1))) | |
22542 | diff -urNp linux-2.6.19.1/include/asm-ppc/mmu_context.h linux-2.6.19.1/include/asm-ppc/mmu_context.h | |
22543 | --- linux-2.6.19.1/include/asm-ppc/mmu_context.h 2006-11-29 16:57:37.000000000 -0500 | |
22544 | +++ linux-2.6.19.1/include/asm-ppc/mmu_context.h 2006-12-03 15:16:21.000000000 -0500 | |
22545 | @@ -144,7 +144,8 @@ static inline void get_mmu_context(struc | |
22546 | static inline int init_new_context(struct task_struct *t, struct mm_struct *mm) | |
22547 | { | |
22548 | mm->context.id = NO_CONTEXT; | |
22549 | - mm->context.vdso_base = 0; | |
22550 | + if (t == current) | |
22551 | + mm->context.vdso_base = ~0UL; | |
22552 | return 0; | |
22553 | } | |
22554 | ||
22555 | diff -urNp linux-2.6.19.1/include/asm-ppc/page.h linux-2.6.19.1/include/asm-ppc/page.h | |
22556 | --- linux-2.6.19.1/include/asm-ppc/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22557 | +++ linux-2.6.19.1/include/asm-ppc/page.h 2006-12-03 15:16:21.000000000 -0500 | |
22558 | @@ -173,6 +173,15 @@ extern __inline__ int get_order(unsigned | |
22559 | /* We do define AT_SYSINFO_EHDR but don't use the gate mechanism */ | |
22560 | #define __HAVE_ARCH_GATE_AREA 1 | |
22561 | ||
22562 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22563 | +#ifdef CONFIG_PAX_MPROTECT | |
22564 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22565 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22566 | +#else | |
22567 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22568 | +#endif | |
22569 | +#endif | |
22570 | + | |
22571 | #include <asm-generic/memory_model.h> | |
22572 | #endif /* __KERNEL__ */ | |
22573 | #endif /* _PPC_PAGE_H */ | |
22574 | diff -urNp linux-2.6.19.1/include/asm-ppc/pgtable.h linux-2.6.19.1/include/asm-ppc/pgtable.h | |
22575 | --- linux-2.6.19.1/include/asm-ppc/pgtable.h 2006-11-29 16:57:37.000000000 -0500 | |
22576 | +++ linux-2.6.19.1/include/asm-ppc/pgtable.h 2006-12-03 15:16:21.000000000 -0500 | |
22577 | @@ -440,11 +440,21 @@ extern unsigned long ioremap_bot, iorema | |
22578 | ||
22579 | #define PAGE_NONE __pgprot(_PAGE_BASE) | |
22580 | #define PAGE_READONLY __pgprot(_PAGE_BASE | _PAGE_USER) | |
22581 | -#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC) | |
22582 | +#define PAGE_READONLY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC) | |
22583 | #define PAGE_SHARED __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW) | |
22584 | -#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC) | |
22585 | +#define PAGE_SHARED_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_EXEC | _PAGE_HWEXEC) | |
22586 | #define PAGE_COPY __pgprot(_PAGE_BASE | _PAGE_USER) | |
22587 | -#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC) | |
22588 | +#define PAGE_COPY_X __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_EXEC | _PAGE_HWEXEC) | |
22589 | + | |
22590 | +#if defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_40x) && !defined(CONFIG_44x) | |
22591 | +# define PAGE_SHARED_NOEXEC __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_RW | _PAGE_GUARDED) | |
22592 | +# define PAGE_COPY_NOEXEC __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_GUARDED) | |
22593 | +# define PAGE_READONLY_NOEXEC __pgprot(_PAGE_BASE | _PAGE_USER | _PAGE_GUARDED) | |
22594 | +#else | |
22595 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
22596 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
22597 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
22598 | +#endif | |
22599 | ||
22600 | #define PAGE_KERNEL __pgprot(_PAGE_RAM) | |
22601 | #define PAGE_KERNEL_NOCACHE __pgprot(_PAGE_IO) | |
22602 | @@ -456,21 +466,21 @@ extern unsigned long ioremap_bot, iorema | |
22603 | * This is the closest we can get.. | |
22604 | */ | |
22605 | #define __P000 PAGE_NONE | |
22606 | -#define __P001 PAGE_READONLY_X | |
22607 | -#define __P010 PAGE_COPY | |
22608 | -#define __P011 PAGE_COPY_X | |
22609 | -#define __P100 PAGE_READONLY | |
22610 | +#define __P001 PAGE_READONLY_NOEXEC | |
22611 | +#define __P010 PAGE_COPY_NOEXEC | |
22612 | +#define __P011 PAGE_COPY_NOEXEC | |
22613 | +#define __P100 PAGE_READONLY_X | |
22614 | #define __P101 PAGE_READONLY_X | |
22615 | -#define __P110 PAGE_COPY | |
22616 | +#define __P110 PAGE_COPY_X | |
22617 | #define __P111 PAGE_COPY_X | |
22618 | ||
22619 | #define __S000 PAGE_NONE | |
22620 | -#define __S001 PAGE_READONLY_X | |
22621 | -#define __S010 PAGE_SHARED | |
22622 | -#define __S011 PAGE_SHARED_X | |
22623 | -#define __S100 PAGE_READONLY | |
22624 | +#define __S001 PAGE_READONLY_NOEXEC | |
22625 | +#define __S010 PAGE_SHARED_NOEXEC | |
22626 | +#define __S011 PAGE_SHARED_NOEXEC | |
22627 | +#define __S100 PAGE_READONLY_X | |
22628 | #define __S101 PAGE_READONLY_X | |
22629 | -#define __S110 PAGE_SHARED | |
22630 | +#define __S110 PAGE_SHARED_X | |
22631 | #define __S111 PAGE_SHARED_X | |
22632 | ||
22633 | #ifndef __ASSEMBLY__ | |
22634 | diff -urNp linux-2.6.19.1/include/asm-s390/kmap_types.h linux-2.6.19.1/include/asm-s390/kmap_types.h | |
22635 | --- linux-2.6.19.1/include/asm-s390/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22636 | +++ linux-2.6.19.1/include/asm-s390/kmap_types.h 2006-12-03 15:16:21.000000000 -0500 | |
22637 | @@ -16,6 +16,7 @@ enum km_type { | |
22638 | KM_IRQ1, | |
22639 | KM_SOFTIRQ0, | |
22640 | KM_SOFTIRQ1, | |
22641 | + KM_CLEARPAGE, | |
22642 | KM_TYPE_NR | |
22643 | }; | |
22644 | ||
22645 | diff -urNp linux-2.6.19.1/include/asm-sh/kmap_types.h linux-2.6.19.1/include/asm-sh/kmap_types.h | |
22646 | --- linux-2.6.19.1/include/asm-sh/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22647 | +++ linux-2.6.19.1/include/asm-sh/kmap_types.h 2006-12-03 15:16:21.000000000 -0500 | |
22648 | @@ -24,7 +24,8 @@ D(9) KM_IRQ0, | |
22649 | D(10) KM_IRQ1, | |
22650 | D(11) KM_SOFTIRQ0, | |
22651 | D(12) KM_SOFTIRQ1, | |
22652 | -D(13) KM_TYPE_NR | |
22653 | +D(13) KM_CLEARPAGE, | |
22654 | +D(14) KM_TYPE_NR | |
22655 | }; | |
22656 | ||
22657 | #undef D | |
22658 | diff -urNp linux-2.6.19.1/include/asm-sparc/a.out.h linux-2.6.19.1/include/asm-sparc/a.out.h | |
22659 | --- linux-2.6.19.1/include/asm-sparc/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
22660 | +++ linux-2.6.19.1/include/asm-sparc/a.out.h 2006-12-03 15:16:21.000000000 -0500 | |
22661 | @@ -91,7 +91,7 @@ struct relocation_info /* used when head | |
22662 | ||
22663 | #include <asm/page.h> | |
22664 | ||
22665 | -#define STACK_TOP (PAGE_OFFSET - PAGE_SIZE) | |
22666 | +#define __STACK_TOP (PAGE_OFFSET - PAGE_SIZE) | |
22667 | ||
22668 | #endif /* __KERNEL__ */ | |
22669 | ||
22670 | diff -urNp linux-2.6.19.1/include/asm-sparc/elf.h linux-2.6.19.1/include/asm-sparc/elf.h | |
22671 | --- linux-2.6.19.1/include/asm-sparc/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
22672 | +++ linux-2.6.19.1/include/asm-sparc/elf.h 2006-12-03 15:16:21.000000000 -0500 | |
22673 | @@ -143,6 +143,17 @@ do { unsigned long *dest = &(__elf_regs[ | |
22674 | ||
22675 | #define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE) | |
22676 | ||
22677 | +#ifdef CONFIG_PAX_ASLR | |
22678 | +#define PAX_ELF_ET_DYN_BASE(tsk) 0x10000UL | |
22679 | + | |
22680 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
22681 | +#define PAX_DELTA_MMAP_LEN(tsk) 16 | |
22682 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
22683 | +#define PAX_DELTA_EXEC_LEN(tsk) 16 | |
22684 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22685 | +#define PAX_DELTA_STACK_LEN(tsk) 16 | |
22686 | +#endif | |
22687 | + | |
22688 | /* This yields a mask that user programs can use to figure out what | |
22689 | instruction set this cpu supports. This can NOT be done in userspace | |
22690 | on Sparc. */ | |
22691 | diff -urNp linux-2.6.19.1/include/asm-sparc/kmap_types.h linux-2.6.19.1/include/asm-sparc/kmap_types.h | |
22692 | --- linux-2.6.19.1/include/asm-sparc/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22693 | +++ linux-2.6.19.1/include/asm-sparc/kmap_types.h 2006-12-03 15:16:21.000000000 -0500 | |
22694 | @@ -15,6 +15,7 @@ enum km_type { | |
22695 | KM_IRQ1, | |
22696 | KM_SOFTIRQ0, | |
22697 | KM_SOFTIRQ1, | |
22698 | + KM_CLEARPAGE, | |
22699 | KM_TYPE_NR | |
22700 | }; | |
22701 | ||
22702 | diff -urNp linux-2.6.19.1/include/asm-sparc/page.h linux-2.6.19.1/include/asm-sparc/page.h | |
22703 | --- linux-2.6.19.1/include/asm-sparc/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22704 | +++ linux-2.6.19.1/include/asm-sparc/page.h 2006-12-03 15:16:21.000000000 -0500 | |
22705 | @@ -160,6 +160,15 @@ extern unsigned long pfn_base; | |
22706 | #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \ | |
22707 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22708 | ||
22709 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22710 | +#ifdef CONFIG_PAX_MPROTECT | |
22711 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22712 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22713 | +#else | |
22714 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22715 | +#endif | |
22716 | +#endif | |
22717 | + | |
22718 | #include <asm-generic/memory_model.h> | |
22719 | #include <asm-generic/page.h> | |
22720 | ||
22721 | diff -urNp linux-2.6.19.1/include/asm-sparc/pgtable.h linux-2.6.19.1/include/asm-sparc/pgtable.h | |
22722 | --- linux-2.6.19.1/include/asm-sparc/pgtable.h 2006-11-29 16:57:37.000000000 -0500 | |
22723 | +++ linux-2.6.19.1/include/asm-sparc/pgtable.h 2006-12-03 15:16:21.000000000 -0500 | |
22724 | @@ -49,6 +49,13 @@ BTFIXUPDEF_INT(page_none) | |
22725 | BTFIXUPDEF_INT(page_shared) | |
22726 | BTFIXUPDEF_INT(page_copy) | |
22727 | BTFIXUPDEF_INT(page_readonly) | |
22728 | + | |
22729 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22730 | +BTFIXUPDEF_INT(page_shared_noexec) | |
22731 | +BTFIXUPDEF_INT(page_copy_noexec) | |
22732 | +BTFIXUPDEF_INT(page_readonly_noexec) | |
22733 | +#endif | |
22734 | + | |
22735 | BTFIXUPDEF_INT(page_kernel) | |
22736 | ||
22737 | #define PMD_SHIFT SUN4C_PMD_SHIFT | |
22738 | @@ -70,6 +77,16 @@ BTFIXUPDEF_INT(page_kernel) | |
22739 | #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy)) | |
22740 | #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly)) | |
22741 | ||
22742 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22743 | +# define PAGE_SHARED_NOEXEC __pgprot(BTFIXUP_INT(page_shared_noexec)) | |
22744 | +# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec)) | |
22745 | +# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec)) | |
22746 | +#else | |
22747 | +# define PAGE_SHARED_NOEXEC PAGE_SHARED | |
22748 | +# define PAGE_COPY_NOEXEC PAGE_COPY | |
22749 | +# define PAGE_READONLY_NOEXEC PAGE_READONLY | |
22750 | +#endif | |
22751 | + | |
22752 | extern unsigned long page_kernel; | |
22753 | ||
22754 | #ifdef MODULE | |
22755 | diff -urNp linux-2.6.19.1/include/asm-sparc/pgtsrmmu.h linux-2.6.19.1/include/asm-sparc/pgtsrmmu.h | |
22756 | --- linux-2.6.19.1/include/asm-sparc/pgtsrmmu.h 2006-11-29 16:57:37.000000000 -0500 | |
22757 | +++ linux-2.6.19.1/include/asm-sparc/pgtsrmmu.h 2006-12-03 15:16:21.000000000 -0500 | |
22758 | @@ -115,6 +115,16 @@ | |
22759 | SRMMU_EXEC | SRMMU_REF) | |
22760 | #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \ | |
22761 | SRMMU_EXEC | SRMMU_REF) | |
22762 | + | |
22763 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22764 | +#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | \ | |
22765 | + SRMMU_WRITE | SRMMU_REF) | |
22766 | +#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | \ | |
22767 | + SRMMU_REF) | |
22768 | +#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | \ | |
22769 | + SRMMU_REF) | |
22770 | +#endif | |
22771 | + | |
22772 | #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \ | |
22773 | SRMMU_DIRTY | SRMMU_REF) | |
22774 | ||
22775 | diff -urNp linux-2.6.19.1/include/asm-sparc/uaccess.h linux-2.6.19.1/include/asm-sparc/uaccess.h | |
22776 | --- linux-2.6.19.1/include/asm-sparc/uaccess.h 2006-11-29 16:57:37.000000000 -0500 | |
22777 | +++ linux-2.6.19.1/include/asm-sparc/uaccess.h 2006-12-03 15:16:21.000000000 -0500 | |
22778 | @@ -41,7 +41,7 @@ | |
22779 | * No one can read/write anything from userland in the kernel space by setting | |
22780 | * large size and address near to PAGE_OFFSET - a fault will break his intentions. | |
22781 | */ | |
22782 | -#define __user_ok(addr, size) ({ (void)(size); (addr) < STACK_TOP; }) | |
22783 | +#define __user_ok(addr, size) ({ (void)(size); (addr) < __STACK_TOP; }) | |
22784 | #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS)) | |
22785 | #define __access_ok(addr,size) (__user_ok((addr) & get_fs().seg,(size))) | |
22786 | #define access_ok(type, addr, size) \ | |
22787 | diff -urNp linux-2.6.19.1/include/asm-sparc64/a.out.h linux-2.6.19.1/include/asm-sparc64/a.out.h | |
22788 | --- linux-2.6.19.1/include/asm-sparc64/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
22789 | +++ linux-2.6.19.1/include/asm-sparc64/a.out.h 2006-12-03 15:16:21.000000000 -0500 | |
22790 | @@ -98,7 +98,7 @@ struct relocation_info /* used when head | |
22791 | #define STACK_TOP32 ((1UL << 32UL) - PAGE_SIZE) | |
22792 | #define STACK_TOP64 (0x0000080000000000UL - (1UL << 32UL)) | |
22793 | ||
22794 | -#define STACK_TOP (test_thread_flag(TIF_32BIT) ? \ | |
22795 | +#define __STACK_TOP (test_thread_flag(TIF_32BIT) ? \ | |
22796 | STACK_TOP32 : STACK_TOP64) | |
22797 | ||
22798 | #endif | |
22799 | diff -urNp linux-2.6.19.1/include/asm-sparc64/elf.h linux-2.6.19.1/include/asm-sparc64/elf.h | |
22800 | --- linux-2.6.19.1/include/asm-sparc64/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
22801 | +++ linux-2.6.19.1/include/asm-sparc64/elf.h 2006-12-03 15:16:21.000000000 -0500 | |
22802 | @@ -142,6 +142,16 @@ typedef struct { | |
22803 | #define ELF_ET_DYN_BASE 0x0000010000000000UL | |
22804 | #endif | |
22805 | ||
22806 | +#ifdef CONFIG_PAX_ASLR | |
22807 | +#define PAX_ELF_ET_DYN_BASE(tsk) (test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL) | |
22808 | + | |
22809 | +#define PAX_DELTA_MMAP_LSB(tsk) (PAGE_SHIFT + 1) | |
22810 | +#define PAX_DELTA_MMAP_LEN(tsk) (test_thread_flag(TIF_32BIT) ? 14 : 28 ) | |
22811 | +#define PAX_DELTA_EXEC_LSB(tsk) (PAGE_SHIFT + 1) | |
22812 | +#define PAX_DELTA_EXEC_LEN(tsk) (test_thread_flag(TIF_32BIT) ? 14 : 28 ) | |
22813 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22814 | +#define PAX_DELTA_STACK_LEN(tsk) (test_thread_flag(TIF_32BIT) ? 15 : 29 ) | |
22815 | +#endif | |
22816 | ||
22817 | /* This yields a mask that user programs can use to figure out what | |
22818 | instruction set this cpu supports. */ | |
22819 | diff -urNp linux-2.6.19.1/include/asm-sparc64/kmap_types.h linux-2.6.19.1/include/asm-sparc64/kmap_types.h | |
22820 | --- linux-2.6.19.1/include/asm-sparc64/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22821 | +++ linux-2.6.19.1/include/asm-sparc64/kmap_types.h 2006-12-03 15:16:21.000000000 -0500 | |
22822 | @@ -19,6 +19,7 @@ enum km_type { | |
22823 | KM_IRQ1, | |
22824 | KM_SOFTIRQ0, | |
22825 | KM_SOFTIRQ1, | |
22826 | + KM_CLEARPAGE, | |
22827 | KM_TYPE_NR | |
22828 | }; | |
22829 | ||
22830 | diff -urNp linux-2.6.19.1/include/asm-sparc64/page.h linux-2.6.19.1/include/asm-sparc64/page.h | |
22831 | --- linux-2.6.19.1/include/asm-sparc64/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22832 | +++ linux-2.6.19.1/include/asm-sparc64/page.h 2006-12-03 15:16:21.000000000 -0500 | |
22833 | @@ -141,6 +141,15 @@ typedef unsigned long pgprot_t; | |
22834 | #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \ | |
22835 | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22836 | ||
22837 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22838 | +#ifdef CONFIG_PAX_MPROTECT | |
22839 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22840 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22841 | +#else | |
22842 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22843 | +#endif | |
22844 | +#endif | |
22845 | + | |
22846 | #include <asm-generic/page.h> | |
22847 | ||
22848 | #endif /* __KERNEL__ */ | |
22849 | diff -urNp linux-2.6.19.1/include/asm-v850/kmap_types.h linux-2.6.19.1/include/asm-v850/kmap_types.h | |
22850 | --- linux-2.6.19.1/include/asm-v850/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22851 | +++ linux-2.6.19.1/include/asm-v850/kmap_types.h 2006-12-03 15:16:22.000000000 -0500 | |
22852 | @@ -13,6 +13,7 @@ enum km_type { | |
22853 | KM_PTE1, | |
22854 | KM_IRQ0, | |
22855 | KM_IRQ1, | |
22856 | + KM_CLEARPAGE, | |
22857 | KM_TYPE_NR | |
22858 | }; | |
22859 | ||
22860 | diff -urNp linux-2.6.19.1/include/asm-x86_64/a.out.h linux-2.6.19.1/include/asm-x86_64/a.out.h | |
22861 | --- linux-2.6.19.1/include/asm-x86_64/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
22862 | +++ linux-2.6.19.1/include/asm-x86_64/a.out.h 2006-12-03 15:16:22.000000000 -0500 | |
22863 | @@ -21,7 +21,7 @@ struct exec | |
22864 | ||
22865 | #ifdef __KERNEL__ | |
22866 | #include <linux/thread_info.h> | |
22867 | -#define STACK_TOP TASK_SIZE | |
22868 | +#define __STACK_TOP TASK_SIZE | |
22869 | #endif | |
22870 | ||
22871 | #endif /* __A_OUT_GNU_H__ */ | |
22872 | diff -urNp linux-2.6.19.1/include/asm-x86_64/elf.h linux-2.6.19.1/include/asm-x86_64/elf.h | |
22873 | --- linux-2.6.19.1/include/asm-x86_64/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
22874 | +++ linux-2.6.19.1/include/asm-x86_64/elf.h 2006-12-03 15:16:22.000000000 -0500 | |
22875 | @@ -93,6 +93,17 @@ typedef struct user_i387_struct elf_fpre | |
22876 | ||
22877 | #define ELF_ET_DYN_BASE (2 * TASK_SIZE / 3) | |
22878 | ||
22879 | +#ifdef CONFIG_PAX_ASLR | |
22880 | +#define PAX_ELF_ET_DYN_BASE(tsk) (test_thread_flag(TIF_IA32) ? 0x08048000UL : 0x400000UL) | |
22881 | + | |
22882 | +#define PAX_DELTA_MMAP_LSB(tsk) PAGE_SHIFT | |
22883 | +#define PAX_DELTA_MMAP_LEN(tsk) (test_thread_flag(TIF_IA32) ? 16 : 32) | |
22884 | +#define PAX_DELTA_EXEC_LSB(tsk) PAGE_SHIFT | |
22885 | +#define PAX_DELTA_EXEC_LEN(tsk) (test_thread_flag(TIF_IA32) ? 16 : 32) | |
22886 | +#define PAX_DELTA_STACK_LSB(tsk) PAGE_SHIFT | |
22887 | +#define PAX_DELTA_STACK_LEN(tsk) (test_thread_flag(TIF_IA32) ? 16 : 32) | |
22888 | +#endif | |
22889 | + | |
22890 | /* regs is struct pt_regs, pr_reg is elf_gregset_t (which is | |
22891 | now struct_user_regs, they are different). Assumes current is the process | |
22892 | getting dumped. */ | |
22893 | diff -urNp linux-2.6.19.1/include/asm-x86_64/ia32.h linux-2.6.19.1/include/asm-x86_64/ia32.h | |
22894 | --- linux-2.6.19.1/include/asm-x86_64/ia32.h 2006-11-29 16:57:37.000000000 -0500 | |
22895 | +++ linux-2.6.19.1/include/asm-x86_64/ia32.h 2006-12-03 15:16:22.000000000 -0500 | |
22896 | @@ -156,7 +156,13 @@ struct ustat32 { | |
22897 | char f_fpack[6]; | |
22898 | }; | |
22899 | ||
22900 | -#define IA32_STACK_TOP IA32_PAGE_OFFSET | |
22901 | +#ifdef CONFIG_PAX_RANDUSTACK | |
22902 | +#define IA32_DELTA_STACK (current->mm->delta_stack) | |
22903 | +#else | |
22904 | +#define IA32_DELTA_STACK 0UL | |
22905 | +#endif | |
22906 | + | |
22907 | +#define IA32_STACK_TOP (IA32_PAGE_OFFSET - IA32_DELTA_STACK) | |
22908 | ||
22909 | #ifdef __KERNEL__ | |
22910 | struct user_desc; | |
22911 | diff -urNp linux-2.6.19.1/include/asm-x86_64/kmap_types.h linux-2.6.19.1/include/asm-x86_64/kmap_types.h | |
22912 | --- linux-2.6.19.1/include/asm-x86_64/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
22913 | +++ linux-2.6.19.1/include/asm-x86_64/kmap_types.h 2006-12-03 15:16:22.000000000 -0500 | |
22914 | @@ -13,6 +13,7 @@ enum km_type { | |
22915 | KM_IRQ1, | |
22916 | KM_SOFTIRQ0, | |
22917 | KM_SOFTIRQ1, | |
22918 | + KM_CLEARPAGE, | |
22919 | KM_TYPE_NR | |
22920 | }; | |
22921 | ||
22922 | diff -urNp linux-2.6.19.1/include/asm-x86_64/page.h linux-2.6.19.1/include/asm-x86_64/page.h | |
22923 | --- linux-2.6.19.1/include/asm-x86_64/page.h 2006-11-29 16:57:37.000000000 -0500 | |
22924 | +++ linux-2.6.19.1/include/asm-x86_64/page.h 2006-12-03 15:16:22.000000000 -0500 | |
22925 | @@ -88,6 +88,8 @@ typedef struct { unsigned long pgprot; } | |
22926 | #define __PAGE_OFFSET 0xffff810000000000 | |
22927 | #endif /* !__ASSEMBLY__ */ | |
22928 | ||
22929 | +#define __KERNEL_TEXT_OFFSET (0) | |
22930 | + | |
22931 | /* to align the pointer to the (next) page boundary */ | |
22932 | #define PAGE_ALIGN(addr) (((addr)+PAGE_SIZE-1)&PAGE_MASK) | |
22933 | ||
22934 | @@ -133,6 +135,15 @@ typedef struct { unsigned long pgprot; } | |
22935 | (((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0 ) | \ | |
22936 | VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) | |
22937 | ||
22938 | +#ifdef CONFIG_PAX_PAGEEXEC | |
22939 | +#ifdef CONFIG_PAX_MPROTECT | |
22940 | +#define __VM_STACK_FLAGS (((current->mm->pax_flags & MF_PAX_MPROTECT)?0:VM_MAYEXEC) | \ | |
22941 | + ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22942 | +#else | |
22943 | +#define __VM_STACK_FLAGS (VM_MAYEXEC | ((current->mm->pax_flags & MF_PAX_PAGEEXEC)?0:VM_EXEC)) | |
22944 | +#endif | |
22945 | +#endif | |
22946 | + | |
22947 | #define __HAVE_ARCH_GATE_AREA 1 | |
22948 | ||
22949 | #include <asm-generic/memory_model.h> | |
22950 | diff -urNp linux-2.6.19.1/include/asm-x86_64/pgalloc.h linux-2.6.19.1/include/asm-x86_64/pgalloc.h | |
22951 | --- linux-2.6.19.1/include/asm-x86_64/pgalloc.h 2006-11-29 16:57:37.000000000 -0500 | |
22952 | +++ linux-2.6.19.1/include/asm-x86_64/pgalloc.h 2006-12-03 15:16:22.000000000 -0500 | |
22953 | @@ -7,7 +7,7 @@ | |
22954 | #include <linux/mm.h> | |
22955 | ||
22956 | #define pmd_populate_kernel(mm, pmd, pte) \ | |
22957 | - set_pmd(pmd, __pmd(_PAGE_TABLE | __pa(pte))) | |
22958 | + set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(pte))) | |
22959 | #define pud_populate(mm, pud, pmd) \ | |
22960 | set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd))) | |
22961 | #define pgd_populate(mm, pgd, pud) \ | |
22962 | diff -urNp linux-2.6.19.1/include/asm-x86_64/pgtable.h linux-2.6.19.1/include/asm-x86_64/pgtable.h | |
22963 | --- linux-2.6.19.1/include/asm-x86_64/pgtable.h 2006-11-29 16:57:37.000000000 -0500 | |
22964 | +++ linux-2.6.19.1/include/asm-x86_64/pgtable.h 2006-12-03 15:16:22.000000000 -0500 | |
22965 | @@ -174,6 +174,10 @@ static inline pte_t ptep_get_and_clear_f | |
22966 | #define PAGE_COPY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED) | |
22967 | #define PAGE_READONLY __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED | _PAGE_NX) | |
22968 | #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_ACCESSED) | |
22969 | + | |
22970 | +#define PAGE_READONLY_NOEXEC PAGE_READONLY | |
22971 | +#define PAGE_SHARED_NOEXEC PAGE_SHARED | |
22972 | + | |
22973 | #define __PAGE_KERNEL \ | |
22974 | (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_NX) | |
22975 | #define __PAGE_KERNEL_EXEC \ | |
22976 | @@ -262,7 +266,15 @@ static inline pte_t pfn_pte(unsigned lon | |
22977 | #define __LARGE_PTE (_PAGE_PSE|_PAGE_PRESENT) | |
22978 | static inline int pte_user(pte_t pte) { return pte_val(pte) & _PAGE_USER; } | |
22979 | static inline int pte_read(pte_t pte) { return pte_val(pte) & _PAGE_USER; } | |
22980 | -static inline int pte_exec(pte_t pte) { return !(pte_val(pte) & _PAGE_NX); } | |
22981 | + | |
22982 | +static inline int pte_exec(pte_t pte) | |
22983 | +{ | |
22984 | + if (__supported_pte_mask & _PAGE_NX) | |
22985 | + return pte_val(pte) & _PAGE_NX; | |
22986 | + else | |
22987 | + return pte_val(pte) & _PAGE_USER; | |
22988 | +} | |
22989 | + | |
22990 | static inline int pte_dirty(pte_t pte) { return pte_val(pte) & _PAGE_DIRTY; } | |
22991 | static inline int pte_young(pte_t pte) { return pte_val(pte) & _PAGE_ACCESSED; } | |
22992 | static inline int pte_write(pte_t pte) { return pte_val(pte) & _PAGE_RW; } | |
22993 | @@ -270,12 +282,30 @@ static inline int pte_file(pte_t pte) { | |
22994 | static inline int pte_huge(pte_t pte) { return pte_val(pte) & _PAGE_PSE; } | |
22995 | ||
22996 | static inline pte_t pte_rdprotect(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_USER)); return pte; } | |
22997 | -static inline pte_t pte_exprotect(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_USER)); return pte; } | |
22998 | + | |
22999 | +static inline pte_t pte_exprotect(pte_t pte) | |
23000 | +{ | |
23001 | + if (__supported_pte_mask & _PAGE_NX) | |
23002 | + set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_NX)); | |
23003 | + else | |
23004 | + set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_USER)); | |
23005 | + return pte; | |
23006 | +} | |
23007 | + | |
23008 | static inline pte_t pte_mkclean(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_DIRTY)); return pte; } | |
23009 | static inline pte_t pte_mkold(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_ACCESSED)); return pte; } | |
23010 | static inline pte_t pte_wrprotect(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_RW)); return pte; } | |
23011 | static inline pte_t pte_mkread(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) | _PAGE_USER)); return pte; } | |
23012 | -static inline pte_t pte_mkexec(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) & ~_PAGE_NX)); return pte; } | |
23013 | + | |
23014 | +extern inline pte_t pte_mkexec(pte_t pte) | |
23015 | +{ | |
23016 | + if (__supported_pte_mask & _PAGE_NX) | |
23017 | + set_pte(&pte, __pte(pte_val(pte) | _PAGE_NX)); | |
23018 | + else | |
23019 | + set_pte(&pte, __pte(pte_val(pte) | _PAGE_USER)); | |
23020 | + return pte; | |
23021 | +} | |
23022 | + | |
23023 | static inline pte_t pte_mkdirty(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) | _PAGE_DIRTY)); return pte; } | |
23024 | static inline pte_t pte_mkyoung(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) | _PAGE_ACCESSED)); return pte; } | |
23025 | static inline pte_t pte_mkwrite(pte_t pte) { set_pte(&pte, __pte(pte_val(pte) | _PAGE_RW)); return pte; } | |
23026 | diff -urNp linux-2.6.19.1/include/asm-x86_64/system.h linux-2.6.19.1/include/asm-x86_64/system.h | |
23027 | --- linux-2.6.19.1/include/asm-x86_64/system.h 2006-11-29 16:57:37.000000000 -0500 | |
23028 | +++ linux-2.6.19.1/include/asm-x86_64/system.h 2006-12-03 15:16:22.000000000 -0500 | |
23029 | @@ -248,7 +248,7 @@ static inline unsigned long __cmpxchg(vo | |
23030 | ||
23031 | void cpu_idle_wait(void); | |
23032 | ||
23033 | -extern unsigned long arch_align_stack(unsigned long sp); | |
23034 | +#define arch_align_stack(x) (x) | |
23035 | extern void free_init_pages(char *what, unsigned long begin, unsigned long end); | |
23036 | ||
23037 | #endif | |
23038 | diff -urNp linux-2.6.19.1/include/asm-xtensa/kmap_types.h linux-2.6.19.1/include/asm-xtensa/kmap_types.h | |
23039 | --- linux-2.6.19.1/include/asm-xtensa/kmap_types.h 2006-11-29 16:57:37.000000000 -0500 | |
23040 | +++ linux-2.6.19.1/include/asm-xtensa/kmap_types.h 2006-12-03 15:16:22.000000000 -0500 | |
23041 | @@ -25,6 +25,7 @@ enum km_type { | |
23042 | KM_IRQ1, | |
23043 | KM_SOFTIRQ0, | |
23044 | KM_SOFTIRQ1, | |
23045 | + KM_CLEARPAGE, | |
23046 | KM_TYPE_NR | |
23047 | }; | |
23048 | ||
23049 | diff -urNp linux-2.6.19.1/include/linux/a.out.h linux-2.6.19.1/include/linux/a.out.h | |
23050 | --- linux-2.6.19.1/include/linux/a.out.h 2006-11-29 16:57:37.000000000 -0500 | |
23051 | +++ linux-2.6.19.1/include/linux/a.out.h 2006-12-03 15:16:22.000000000 -0500 | |
23052 | @@ -7,6 +7,16 @@ | |
23053 | ||
23054 | #include <asm/a.out.h> | |
23055 | ||
23056 | +#ifdef CONFIG_PAX_RANDUSTACK | |
23057 | +#define __DELTA_STACK (current->mm->delta_stack) | |
23058 | +#else | |
23059 | +#define __DELTA_STACK 0UL | |
23060 | +#endif | |
23061 | + | |
23062 | +#ifndef STACK_TOP | |
23063 | +#define STACK_TOP (__STACK_TOP - __DELTA_STACK) | |
23064 | +#endif | |
23065 | + | |
23066 | #endif /* __STRUCT_EXEC_OVERRIDE__ */ | |
23067 | ||
23068 | /* these go in the N_MACHTYPE field */ | |
23069 | @@ -37,6 +47,14 @@ enum machine_type { | |
23070 | M_MIPS2 = 152 /* MIPS R6000/R4000 binary */ | |
23071 | }; | |
23072 | ||
23073 | +/* Constants for the N_FLAGS field */ | |
23074 | +#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ | |
23075 | +#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */ | |
23076 | +#define F_PAX_MPROTECT 4 /* Restrict mprotect() */ | |
23077 | +#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */ | |
23078 | +/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ | |
23079 | +#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ | |
23080 | + | |
23081 | #if !defined (N_MAGIC) | |
23082 | #define N_MAGIC(exec) ((exec).a_info & 0xffff) | |
23083 | #endif | |
23084 | diff -urNp linux-2.6.19.1/include/linux/binfmts.h linux-2.6.19.1/include/linux/binfmts.h | |
23085 | --- linux-2.6.19.1/include/linux/binfmts.h 2006-11-29 16:57:37.000000000 -0500 | |
23086 | +++ linux-2.6.19.1/include/linux/binfmts.h 2006-12-03 15:16:22.000000000 -0500 | |
23087 | @@ -7,10 +7,10 @@ struct pt_regs; | |
23088 | ||
23089 | /* | |
23090 | * MAX_ARG_PAGES defines the number of pages allocated for arguments | |
23091 | - * and envelope for the new program. 32 should suffice, this gives | |
23092 | - * a maximum env+arg of 128kB w/4KB pages! | |
23093 | + * and envelope for the new program. 33 should suffice, this gives | |
23094 | + * a maximum env+arg of 132kB w/4KB pages! | |
23095 | */ | |
23096 | -#define MAX_ARG_PAGES 32 | |
23097 | +#define MAX_ARG_PAGES 33 | |
23098 | ||
23099 | /* sizeof(linux_binprm->buf) */ | |
23100 | #define BINPRM_BUF_SIZE 128 | |
23101 | @@ -38,6 +38,7 @@ struct linux_binprm{ | |
23102 | unsigned interp_flags; | |
23103 | unsigned interp_data; | |
23104 | unsigned long loader, exec; | |
23105 | + int misc; | |
23106 | }; | |
23107 | ||
23108 | #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 | |
23109 | @@ -87,5 +88,8 @@ extern void compute_creds(struct linux_b | |
23110 | extern int do_coredump(long signr, int exit_code, struct pt_regs * regs); | |
23111 | extern int set_binfmt(struct linux_binfmt *new); | |
23112 | ||
23113 | +void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); | |
23114 | +void pax_report_insns(void *pc, void *sp); | |
23115 | + | |
23116 | #endif /* __KERNEL__ */ | |
23117 | #endif /* _LINUX_BINFMTS_H */ | |
23118 | diff -urNp linux-2.6.19.1/include/linux/capability.h linux-2.6.19.1/include/linux/capability.h | |
23119 | --- linux-2.6.19.1/include/linux/capability.h 2006-11-29 16:57:37.000000000 -0500 | |
23120 | +++ linux-2.6.19.1/include/linux/capability.h 2006-12-03 15:16:22.000000000 -0500 | |
23121 | @@ -358,6 +358,7 @@ static inline kernel_cap_t cap_invert(ke | |
23122 | #define cap_is_fs_cap(c) (CAP_TO_MASK(c) & CAP_FS_MASK) | |
23123 | ||
23124 | int capable(int cap); | |
23125 | +int capable_nolog(int cap); | |
23126 | int __capable(struct task_struct *t, int cap); | |
23127 | ||
23128 | #endif /* __KERNEL__ */ | |
23129 | diff -urNp linux-2.6.19.1/include/linux/elf.h linux-2.6.19.1/include/linux/elf.h | |
23130 | --- linux-2.6.19.1/include/linux/elf.h 2006-11-29 16:57:37.000000000 -0500 | |
23131 | +++ linux-2.6.19.1/include/linux/elf.h 2006-12-03 15:16:24.000000000 -0500 | |
23132 | @@ -6,6 +6,10 @@ | |
23133 | #include <linux/elf-em.h> | |
23134 | #include <asm/elf.h> | |
23135 | ||
23136 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
23137 | +#undef elf_read_implies_exec | |
23138 | +#endif | |
23139 | + | |
23140 | #ifndef elf_read_implies_exec | |
23141 | /* Executables for which elf_read_implies_exec() returns TRUE will | |
23142 | have the READ_IMPLIES_EXEC personality flag set automatically. | |
23143 | @@ -47,6 +51,16 @@ typedef __s64 Elf64_Sxword; | |
23144 | ||
23145 | #define PT_GNU_STACK (PT_LOOS + 0x474e551) | |
23146 | ||
23147 | +#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) | |
23148 | + | |
23149 | +/* Constants for the e_flags field */ | |
23150 | +#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ | |
23151 | +#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */ | |
23152 | +#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */ | |
23153 | +#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */ | |
23154 | +/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ | |
23155 | +#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ | |
23156 | + | |
23157 | /* These constants define the different elf file types */ | |
23158 | #define ET_NONE 0 | |
23159 | #define ET_REL 1 | |
23160 | @@ -81,6 +95,8 @@ typedef __s64 Elf64_Sxword; | |
23161 | #define DT_DEBUG 21 | |
23162 | #define DT_TEXTREL 22 | |
23163 | #define DT_JMPREL 23 | |
23164 | +#define DT_FLAGS 30 | |
23165 | + #define DF_TEXTREL 0x00000004 | |
23166 | #define DT_LOPROC 0x70000000 | |
23167 | #define DT_HIPROC 0x7fffffff | |
23168 | ||
23169 | @@ -210,6 +226,19 @@ typedef struct elf64_hdr { | |
23170 | #define PF_W 0x2 | |
23171 | #define PF_X 0x1 | |
23172 | ||
23173 | +#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */ | |
23174 | +#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */ | |
23175 | +#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */ | |
23176 | +#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */ | |
23177 | +#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */ | |
23178 | +#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */ | |
23179 | +/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */ | |
23180 | +/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */ | |
23181 | +#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */ | |
23182 | +#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */ | |
23183 | +#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */ | |
23184 | +#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */ | |
23185 | + | |
23186 | typedef struct elf32_phdr{ | |
23187 | Elf32_Word p_type; | |
23188 | Elf32_Off p_offset; | |
23189 | @@ -302,6 +331,8 @@ typedef struct elf64_shdr { | |
23190 | #define EI_OSABI 7 | |
23191 | #define EI_PAD 8 | |
23192 | ||
23193 | +#define EI_PAX 14 | |
23194 | + | |
23195 | #define ELFMAG0 0x7f /* EI_MAG */ | |
23196 | #define ELFMAG1 'E' | |
23197 | #define ELFMAG2 'L' | |
23198 | @@ -358,6 +389,7 @@ extern Elf32_Dyn _DYNAMIC []; | |
23199 | #define elfhdr elf32_hdr | |
23200 | #define elf_phdr elf32_phdr | |
23201 | #define elf_note elf32_note | |
23202 | +#define elf_dyn Elf32_Dyn | |
23203 | ||
23204 | #else | |
23205 | ||
23206 | @@ -365,6 +397,7 @@ extern Elf64_Dyn _DYNAMIC []; | |
23207 | #define elfhdr elf64_hdr | |
23208 | #define elf_phdr elf64_phdr | |
23209 | #define elf_note elf64_note | |
23210 | +#define elf_dyn Elf64_Dyn | |
23211 | ||
23212 | #endif | |
23213 | ||
23214 | diff -urNp linux-2.6.19.1/include/linux/ext4_fs_extents.h linux-2.6.19.1/include/linux/ext4_fs_extents.h | |
23215 | --- linux-2.6.19.1/include/linux/ext4_fs_extents.h 2006-11-29 16:57:37.000000000 -0500 | |
23216 | +++ linux-2.6.19.1/include/linux/ext4_fs_extents.h 2006-12-03 15:16:24.000000000 -0500 | |
23217 | @@ -50,7 +50,7 @@ | |
23218 | #ifdef EXT_DEBUG | |
23219 | #define ext_debug(a...) printk(a) | |
23220 | #else | |
23221 | -#define ext_debug(a...) | |
23222 | +#define ext_debug(a...) do {} while (0) | |
23223 | #endif | |
23224 | ||
23225 | /* | |
23226 | diff -urNp linux-2.6.19.1/include/linux/gracl.h linux-2.6.19.1/include/linux/gracl.h | |
23227 | --- linux-2.6.19.1/include/linux/gracl.h 1969-12-31 19:00:00.000000000 -0500 | |
23228 | +++ linux-2.6.19.1/include/linux/gracl.h 2006-12-03 15:16:25.000000000 -0500 | |
23229 | @@ -0,0 +1,316 @@ | |
23230 | +#ifndef GR_ACL_H | |
23231 | +#define GR_ACL_H | |
23232 | + | |
23233 | +#include <linux/grdefs.h> | |
23234 | +#include <linux/resource.h> | |
23235 | +#include <linux/dcache.h> | |
23236 | +#include <asm/resource.h> | |
23237 | + | |
23238 | +/* Major status information */ | |
23239 | + | |
23240 | +#define GR_VERSION "grsecurity 2.1.9" | |
23241 | +#define GRSECURITY_VERSION 0x219 | |
23242 | + | |
23243 | +enum { | |
23244 | + | |
23245 | + SHUTDOWN = 0, | |
23246 | + ENABLE = 1, | |
23247 | + SPROLE = 2, | |
23248 | + RELOAD = 3, | |
23249 | + SEGVMOD = 4, | |
23250 | + STATUS = 5, | |
23251 | + UNSPROLE = 6, | |
23252 | + PASSSET = 7, | |
23253 | + SPROLEPAM = 8 | |
23254 | +}; | |
23255 | + | |
23256 | +/* Password setup definitions | |
23257 | + * kernel/grhash.c */ | |
23258 | +enum { | |
23259 | + GR_PW_LEN = 128, | |
23260 | + GR_SALT_LEN = 16, | |
23261 | + GR_SHA_LEN = 32, | |
23262 | +}; | |
23263 | + | |
23264 | +enum { | |
23265 | + GR_SPROLE_LEN = 64, | |
23266 | +}; | |
23267 | + | |
23268 | +#define GR_NLIMITS (RLIMIT_LOCKS + 2) | |
23269 | + | |
23270 | +/* Begin Data Structures */ | |
23271 | + | |
23272 | +struct sprole_pw { | |
23273 | + unsigned char *rolename; | |
23274 | + unsigned char salt[GR_SALT_LEN]; | |
23275 | + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */ | |
23276 | +}; | |
23277 | + | |
23278 | +struct name_entry { | |
23279 | + __u32 key; | |
23280 | + ino_t inode; | |
23281 | + dev_t device; | |
23282 | + char *name; | |
23283 | + __u16 len; | |
23284 | + struct name_entry *prev; | |
23285 | + struct name_entry *next; | |
23286 | +}; | |
23287 | + | |
23288 | +struct inodev_entry { | |
23289 | + struct name_entry *nentry; | |
23290 | + struct inodev_entry *prev; | |
23291 | + struct inodev_entry *next; | |
23292 | +}; | |
23293 | + | |
23294 | +struct acl_role_db { | |
23295 | + struct acl_role_label **r_hash; | |
23296 | + __u32 r_size; | |
23297 | +}; | |
23298 | + | |
23299 | +struct inodev_db { | |
23300 | + struct inodev_entry **i_hash; | |
23301 | + __u32 i_size; | |
23302 | +}; | |
23303 | + | |
23304 | +struct name_db { | |
23305 | + struct name_entry **n_hash; | |
23306 | + __u32 n_size; | |
23307 | +}; | |
23308 | + | |
23309 | +struct crash_uid { | |
23310 | + uid_t uid; | |
23311 | + unsigned long expires; | |
23312 | +}; | |
23313 | + | |
23314 | +struct gr_hash_struct { | |
23315 | + void **table; | |
23316 | + void **nametable; | |
23317 | + void *first; | |
23318 | + __u32 table_size; | |
23319 | + __u32 used_size; | |
23320 | + int type; | |
23321 | +}; | |
23322 | + | |
23323 | +/* Userspace Grsecurity ACL data structures */ | |
23324 | + | |
23325 | +struct acl_subject_label { | |
23326 | + char *filename; | |
23327 | + ino_t inode; | |
23328 | + dev_t device; | |
23329 | + __u32 mode; | |
23330 | + __u32 cap_mask; | |
23331 | + __u32 cap_lower; | |
23332 | + | |
23333 | + struct rlimit res[GR_NLIMITS]; | |
23334 | + __u16 resmask; | |
23335 | + | |
23336 | + __u8 user_trans_type; | |
23337 | + __u8 group_trans_type; | |
23338 | + uid_t *user_transitions; | |
23339 | + gid_t *group_transitions; | |
23340 | + __u16 user_trans_num; | |
23341 | + __u16 group_trans_num; | |
23342 | + | |
23343 | + __u32 ip_proto[8]; | |
23344 | + __u32 ip_type; | |
23345 | + struct acl_ip_label **ips; | |
23346 | + __u32 ip_num; | |
23347 | + | |
23348 | + __u32 crashes; | |
23349 | + unsigned long expires; | |
23350 | + | |
23351 | + struct acl_subject_label *parent_subject; | |
23352 | + struct gr_hash_struct *hash; | |
23353 | + struct acl_subject_label *prev; | |
23354 | + struct acl_subject_label *next; | |
23355 | + | |
23356 | + struct acl_object_label **obj_hash; | |
23357 | + __u32 obj_hash_size; | |
23358 | + __u16 pax_flags; | |
23359 | +}; | |
23360 | + | |
23361 | +struct role_allowed_ip { | |
23362 | + __u32 addr; | |
23363 | + __u32 netmask; | |
23364 | + | |
23365 | + struct role_allowed_ip *prev; | |
23366 | + struct role_allowed_ip *next; | |
23367 | +}; | |
23368 | + | |
23369 | +struct role_transition { | |
23370 | + char *rolename; | |
23371 | + | |
23372 | + struct role_transition *prev; | |
23373 | + struct role_transition *next; | |
23374 | +}; | |
23375 | + | |
23376 | +struct acl_role_label { | |
23377 | + char *rolename; | |
23378 | + uid_t uidgid; | |
23379 | + __u16 roletype; | |
23380 | + | |
23381 | + __u16 auth_attempts; | |
23382 | + unsigned long expires; | |
23383 | + | |
23384 | + struct acl_subject_label *root_label; | |
23385 | + struct gr_hash_struct *hash; | |
23386 | + | |
23387 | + struct acl_role_label *prev; | |
23388 | + struct acl_role_label *next; | |
23389 | + | |
23390 | + struct role_transition *transitions; | |
23391 | + struct role_allowed_ip *allowed_ips; | |
23392 | + uid_t *domain_children; | |
23393 | + __u16 domain_child_num; | |
23394 | + | |
23395 | + struct acl_subject_label **subj_hash; | |
23396 | + __u32 subj_hash_size; | |
23397 | +}; | |
23398 | + | |
23399 | +struct user_acl_role_db { | |
23400 | + struct acl_role_label **r_table; | |
23401 | + __u32 num_pointers; /* Number of allocations to track */ | |
23402 | + __u32 num_roles; /* Number of roles */ | |
23403 | + __u32 num_domain_children; /* Number of domain children */ | |
23404 | + __u32 num_subjects; /* Number of subjects */ | |
23405 | + __u32 num_objects; /* Number of objects */ | |
23406 | +}; | |
23407 | + | |
23408 | +struct acl_object_label { | |
23409 | + char *filename; | |
23410 | + ino_t inode; | |
23411 | + dev_t device; | |
23412 | + __u32 mode; | |
23413 | + | |
23414 | + struct acl_subject_label *nested; | |
23415 | + struct acl_object_label *globbed; | |
23416 | + | |
23417 | + /* next two structures not used */ | |
23418 | + | |
23419 | + struct acl_object_label *prev; | |
23420 | + struct acl_object_label *next; | |
23421 | +}; | |
23422 | + | |
23423 | +struct acl_ip_label { | |
23424 | + char *iface; | |
23425 | + __u32 addr; | |
23426 | + __u32 netmask; | |
23427 | + __u16 low, high; | |
23428 | + __u8 mode; | |
23429 | + __u32 type; | |
23430 | + __u32 proto[8]; | |
23431 | + | |
23432 | + /* next two structures not used */ | |
23433 | + | |
23434 | + struct acl_ip_label *prev; | |
23435 | + struct acl_ip_label *next; | |
23436 | +}; | |
23437 | + | |
23438 | +struct gr_arg { | |
23439 | + struct user_acl_role_db role_db; | |
23440 | + unsigned char pw[GR_PW_LEN]; | |
23441 | + unsigned char salt[GR_SALT_LEN]; | |
23442 | + unsigned char sum[GR_SHA_LEN]; | |
23443 | + unsigned char sp_role[GR_SPROLE_LEN]; | |
23444 | + struct sprole_pw *sprole_pws; | |
23445 | + dev_t segv_device; | |
23446 | + ino_t segv_inode; | |
23447 | + uid_t segv_uid; | |
23448 | + __u16 num_sprole_pws; | |
23449 | + __u16 mode; | |
23450 | +}; | |
23451 | + | |
23452 | +struct gr_arg_wrapper { | |
23453 | + struct gr_arg *arg; | |
23454 | + __u32 version; | |
23455 | + __u32 size; | |
23456 | +}; | |
23457 | + | |
23458 | +struct subject_map { | |
23459 | + struct acl_subject_label *user; | |
23460 | + struct acl_subject_label *kernel; | |
23461 | + struct subject_map *prev; | |
23462 | + struct subject_map *next; | |
23463 | +}; | |
23464 | + | |
23465 | +struct acl_subj_map_db { | |
23466 | + struct subject_map **s_hash; | |
23467 | + __u32 s_size; | |
23468 | +}; | |
23469 | + | |
23470 | +/* End Data Structures Section */ | |
23471 | + | |
23472 | +/* Hash functions generated by empirical testing by Brad Spengler | |
23473 | + Makes good use of the low bits of the inode. Generally 0-1 times | |
23474 | + in loop for successful match. 0-3 for unsuccessful match. | |
23475 | + Shift/add algorithm with modulus of table size and an XOR*/ | |
23476 | + | |
23477 | +static __inline__ unsigned int | |
23478 | +rhash(const uid_t uid, const __u16 type, const unsigned int sz) | |
23479 | +{ | |
23480 | + return (((uid << type) + (uid ^ type)) % sz); | |
23481 | +} | |
23482 | + | |
23483 | + static __inline__ unsigned int | |
23484 | +shash(const struct acl_subject_label *userp, const unsigned int sz) | |
23485 | +{ | |
23486 | + return ((const unsigned long)userp % sz); | |
23487 | +} | |
23488 | + | |
23489 | +static __inline__ unsigned int | |
23490 | +fhash(const ino_t ino, const dev_t dev, const unsigned int sz) | |
23491 | +{ | |
23492 | + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz); | |
23493 | +} | |
23494 | + | |
23495 | +static __inline__ unsigned int | |
23496 | +nhash(const char *name, const __u16 len, const unsigned int sz) | |
23497 | +{ | |
23498 | + return full_name_hash(name, len) % sz; | |
23499 | +} | |
23500 | + | |
23501 | +#define FOR_EACH_ROLE_START(role,iter) \ | |
23502 | + role = NULL; \ | |
23503 | + iter = 0; \ | |
23504 | + while (iter < acl_role_set.r_size) { \ | |
23505 | + if (role == NULL) \ | |
23506 | + role = acl_role_set.r_hash[iter]; \ | |
23507 | + if (role == NULL) { \ | |
23508 | + iter++; \ | |
23509 | + continue; \ | |
23510 | + } | |
23511 | + | |
23512 | +#define FOR_EACH_ROLE_END(role,iter) \ | |
23513 | + role = role->next; \ | |
23514 | + if (role == NULL) \ | |
23515 | + iter++; \ | |
23516 | + } | |
23517 | + | |
23518 | +#define FOR_EACH_SUBJECT_START(role,subj,iter) \ | |
23519 | + subj = NULL; \ | |
23520 | + iter = 0; \ | |
23521 | + while (iter < role->subj_hash_size) { \ | |
23522 | + if (subj == NULL) \ | |
23523 | + subj = role->subj_hash[iter]; \ | |
23524 | + if (subj == NULL) { \ | |
23525 | + iter++; \ | |
23526 | + continue; \ | |
23527 | + } | |
23528 | + | |
23529 | +#define FOR_EACH_SUBJECT_END(subj,iter) \ | |
23530 | + subj = subj->next; \ | |
23531 | + if (subj == NULL) \ | |
23532 | + iter++; \ | |
23533 | + } | |
23534 | + | |
23535 | + | |
23536 | +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \ | |
23537 | + subj = role->hash->first; \ | |
23538 | + while (subj != NULL) { | |
23539 | + | |
23540 | +#define FOR_EACH_NESTED_SUBJECT_END(subj) \ | |
23541 | + subj = subj->next; \ | |
23542 | + } | |
23543 | + | |
23544 | +#endif | |
23545 | + | |
23546 | diff -urNp linux-2.6.19.1/include/linux/gralloc.h linux-2.6.19.1/include/linux/gralloc.h | |
23547 | --- linux-2.6.19.1/include/linux/gralloc.h 1969-12-31 19:00:00.000000000 -0500 | |
23548 | +++ linux-2.6.19.1/include/linux/gralloc.h 2006-12-03 15:16:25.000000000 -0500 | |
23549 | @@ -0,0 +1,8 @@ | |
23550 | +#ifndef __GRALLOC_H | |
23551 | +#define __GRALLOC_H | |
23552 | + | |
23553 | +void acl_free_all(void); | |
23554 | +int acl_alloc_stack_init(unsigned long size); | |
23555 | +void *acl_alloc(unsigned long len); | |
23556 | + | |
23557 | +#endif | |
23558 | diff -urNp linux-2.6.19.1/include/linux/grdefs.h linux-2.6.19.1/include/linux/grdefs.h | |
23559 | --- linux-2.6.19.1/include/linux/grdefs.h 1969-12-31 19:00:00.000000000 -0500 | |
23560 | +++ linux-2.6.19.1/include/linux/grdefs.h 2006-12-03 15:16:25.000000000 -0500 | |
23561 | @@ -0,0 +1,131 @@ | |
23562 | +#ifndef GRDEFS_H | |
23563 | +#define GRDEFS_H | |
23564 | + | |
23565 | +/* Begin grsecurity status declarations */ | |
23566 | + | |
23567 | +enum { | |
23568 | + GR_READY = 0x01, | |
23569 | + GR_STATUS_INIT = 0x00 // disabled state | |
23570 | +}; | |
23571 | + | |
23572 | +/* Begin ACL declarations */ | |
23573 | + | |
23574 | +/* Role flags */ | |
23575 | + | |
23576 | +enum { | |
23577 | + GR_ROLE_USER = 0x0001, | |
23578 | + GR_ROLE_GROUP = 0x0002, | |
23579 | + GR_ROLE_DEFAULT = 0x0004, | |
23580 | + GR_ROLE_SPECIAL = 0x0008, | |
23581 | + GR_ROLE_AUTH = 0x0010, | |
23582 | + GR_ROLE_NOPW = 0x0020, | |
23583 | + GR_ROLE_GOD = 0x0040, | |
23584 | + GR_ROLE_LEARN = 0x0080, | |
23585 | + GR_ROLE_TPE = 0x0100, | |
23586 | + GR_ROLE_DOMAIN = 0x0200, | |
23587 | + GR_ROLE_PAM = 0x0400 | |
23588 | +}; | |
23589 | + | |
23590 | +/* ACL Subject and Object mode flags */ | |
23591 | +enum { | |
23592 | + GR_DELETED = 0x80000000 | |
23593 | +}; | |
23594 | + | |
23595 | +/* ACL Object-only mode flags */ | |
23596 | +enum { | |
23597 | + GR_READ = 0x00000001, | |
23598 | + GR_APPEND = 0x00000002, | |
23599 | + GR_WRITE = 0x00000004, | |
23600 | + GR_EXEC = 0x00000008, | |
23601 | + GR_FIND = 0x00000010, | |
23602 | + GR_INHERIT = 0x00000020, | |
23603 | + GR_SETID = 0x00000040, | |
23604 | + GR_CREATE = 0x00000080, | |
23605 | + GR_DELETE = 0x00000100, | |
23606 | + GR_LINK = 0x00000200, | |
23607 | + GR_AUDIT_READ = 0x00000400, | |
23608 | + GR_AUDIT_APPEND = 0x00000800, | |
23609 | + GR_AUDIT_WRITE = 0x00001000, | |
23610 | + GR_AUDIT_EXEC = 0x00002000, | |
23611 | + GR_AUDIT_FIND = 0x00004000, | |
23612 | + GR_AUDIT_INHERIT= 0x00008000, | |
23613 | + GR_AUDIT_SETID = 0x00010000, | |
23614 | + GR_AUDIT_CREATE = 0x00020000, | |
23615 | + GR_AUDIT_DELETE = 0x00040000, | |
23616 | + GR_AUDIT_LINK = 0x00080000, | |
23617 | + GR_PTRACERD = 0x00100000, | |
23618 | + GR_NOPTRACE = 0x00200000, | |
23619 | + GR_SUPPRESS = 0x00400000, | |
23620 | + GR_NOLEARN = 0x00800000 | |
23621 | +}; | |
23622 | + | |
23623 | +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \ | |
23624 | + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \ | |
23625 | + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK) | |
23626 | + | |
23627 | +/* ACL subject-only mode flags */ | |
23628 | +enum { | |
23629 | + GR_KILL = 0x00000001, | |
23630 | + GR_VIEW = 0x00000002, | |
23631 | + GR_PROTECTED = 0x00000004, | |
23632 | + GR_LEARN = 0x00000008, | |
23633 | + GR_OVERRIDE = 0x00000010, | |
23634 | + /* just a placeholder, this mode is only used in userspace */ | |
23635 | + GR_DUMMY = 0x00000020, | |
23636 | + GR_PROTSHM = 0x00000040, | |
23637 | + GR_KILLPROC = 0x00000080, | |
23638 | + GR_KILLIPPROC = 0x00000100, | |
23639 | + /* just a placeholder, this mode is only used in userspace */ | |
23640 | + GR_NOTROJAN = 0x00000200, | |
23641 | + GR_PROTPROCFD = 0x00000400, | |
23642 | + GR_PROCACCT = 0x00000800, | |
23643 | + GR_RELAXPTRACE = 0x00001000, | |
23644 | + GR_NESTED = 0x00002000, | |
23645 | + GR_INHERITLEARN = 0x00004000, | |
23646 | + GR_PROCFIND = 0x00008000, | |
23647 | + GR_POVERRIDE = 0x00010000, | |
23648 | + GR_KERNELAUTH = 0x00020000, | |
23649 | +}; | |
23650 | + | |
23651 | +enum { | |
23652 | + GR_PAX_ENABLE_SEGMEXEC = 0x0001, | |
23653 | + GR_PAX_ENABLE_PAGEEXEC = 0x0002, | |
23654 | + GR_PAX_ENABLE_MPROTECT = 0x0004, | |
23655 | + GR_PAX_ENABLE_RANDMMAP = 0x0008, | |
23656 | + GR_PAX_ENABLE_EMUTRAMP = 0x0010, | |
23657 | + GR_PAX_DISABLE_SEGMEXEC = 0x8001, | |
23658 | + GR_PAX_DISABLE_PAGEEXEC = 0x8002, | |
23659 | + GR_PAX_DISABLE_MPROTECT = 0x8004, | |
23660 | + GR_PAX_DISABLE_RANDMMAP = 0x8008, | |
23661 | + GR_PAX_DISABLE_EMUTRAMP = 0x8010, | |
23662 | +}; | |
23663 | + | |
23664 | +enum { | |
23665 | + GR_ID_USER = 0x01, | |
23666 | + GR_ID_GROUP = 0x02, | |
23667 | +}; | |
23668 | + | |
23669 | +enum { | |
23670 | + GR_ID_ALLOW = 0x01, | |
23671 | + GR_ID_DENY = 0x02, | |
23672 | +}; | |
23673 | + | |
23674 | +#define GR_CRASH_RES 11 | |
23675 | +#define GR_UIDTABLE_MAX 500 | |
23676 | + | |
23677 | +/* begin resource learning section */ | |
23678 | +enum { | |
23679 | + GR_RLIM_CPU_BUMP = 60, | |
23680 | + GR_RLIM_FSIZE_BUMP = 50000, | |
23681 | + GR_RLIM_DATA_BUMP = 10000, | |
23682 | + GR_RLIM_STACK_BUMP = 1000, | |
23683 | + GR_RLIM_CORE_BUMP = 10000, | |
23684 | + GR_RLIM_RSS_BUMP = 500000, | |
23685 | + GR_RLIM_NPROC_BUMP = 1, | |
23686 | + GR_RLIM_NOFILE_BUMP = 5, | |
23687 | + GR_RLIM_MEMLOCK_BUMP = 50000, | |
23688 | + GR_RLIM_AS_BUMP = 500000, | |
23689 | + GR_RLIM_LOCKS_BUMP = 2 | |
23690 | +}; | |
23691 | + | |
23692 | +#endif | |
23693 | diff -urNp linux-2.6.19.1/include/linux/grinternal.h linux-2.6.19.1/include/linux/grinternal.h | |
23694 | --- linux-2.6.19.1/include/linux/grinternal.h 1969-12-31 19:00:00.000000000 -0500 | |
23695 | +++ linux-2.6.19.1/include/linux/grinternal.h 2006-12-03 15:16:25.000000000 -0500 | |
23696 | @@ -0,0 +1,211 @@ | |
23697 | +#ifndef __GRINTERNAL_H | |
23698 | +#define __GRINTERNAL_H | |
23699 | + | |
23700 | +#ifdef CONFIG_GRKERNSEC | |
23701 | + | |
23702 | +#include <linux/fs.h> | |
23703 | +#include <linux/gracl.h> | |
23704 | +#include <linux/grdefs.h> | |
23705 | +#include <linux/grmsg.h> | |
23706 | + | |
23707 | +extern void gr_add_learn_entry(const char *fmt, ...); | |
23708 | +extern __u32 gr_search_file(const struct dentry *dentry, const __u32 mode, | |
23709 | + const struct vfsmount *mnt); | |
23710 | +extern __u32 gr_check_create(const struct dentry *new_dentry, | |
23711 | + const struct dentry *parent, | |
23712 | + const struct vfsmount *mnt, const __u32 mode); | |
23713 | +extern int gr_check_protected_task(const struct task_struct *task); | |
23714 | +extern __u32 to_gr_audit(const __u32 reqmode); | |
23715 | +extern int gr_set_acls(const int type); | |
23716 | + | |
23717 | +extern int gr_acl_is_enabled(void); | |
23718 | +extern char gr_roletype_to_char(void); | |
23719 | + | |
23720 | +extern void gr_handle_alertkill(struct task_struct *task); | |
23721 | +extern char *gr_to_filename(const struct dentry *dentry, | |
23722 | + const struct vfsmount *mnt); | |
23723 | +extern char *gr_to_filename1(const struct dentry *dentry, | |
23724 | + const struct vfsmount *mnt); | |
23725 | +extern char *gr_to_filename2(const struct dentry *dentry, | |
23726 | + const struct vfsmount *mnt); | |
23727 | +extern char *gr_to_filename3(const struct dentry *dentry, | |
23728 | + const struct vfsmount *mnt); | |
23729 | + | |
23730 | +extern int grsec_enable_link; | |
23731 | +extern int grsec_enable_fifo; | |
23732 | +extern int grsec_enable_execve; | |
23733 | +extern int grsec_enable_shm; | |
23734 | +extern int grsec_enable_execlog; | |
23735 | +extern int grsec_enable_signal; | |
23736 | +extern int grsec_enable_forkfail; | |
23737 | +extern int grsec_enable_time; | |
23738 | +extern int grsec_enable_chroot_shmat; | |
23739 | +extern int grsec_enable_chroot_findtask; | |
23740 | +extern int grsec_enable_chroot_mount; | |
23741 | +extern int grsec_enable_chroot_double; | |
23742 | +extern int grsec_enable_chroot_pivot; | |
23743 | +extern int grsec_enable_chroot_chdir; | |
23744 | +extern int grsec_enable_chroot_chmod; | |
23745 | +extern int grsec_enable_chroot_mknod; | |
23746 | +extern int grsec_enable_chroot_fchdir; | |
23747 | +extern int grsec_enable_chroot_nice; | |
23748 | +extern int grsec_enable_chroot_execlog; | |
23749 | +extern int grsec_enable_chroot_caps; | |
23750 | +extern int grsec_enable_chroot_sysctl; | |
23751 | +extern int grsec_enable_chroot_unix; | |
23752 | +extern int grsec_enable_tpe; | |
23753 | +extern int grsec_tpe_gid; | |
23754 | +extern int grsec_enable_tpe_all; | |
23755 | +extern int grsec_enable_sidcaps; | |
23756 | +extern int grsec_enable_randpid; | |
23757 | +extern int grsec_enable_socket_all; | |
23758 | +extern int grsec_socket_all_gid; | |
23759 | +extern int grsec_enable_socket_client; | |
23760 | +extern int grsec_socket_client_gid; | |
23761 | +extern int grsec_enable_socket_server; | |
23762 | +extern int grsec_socket_server_gid; | |
23763 | +extern int grsec_audit_gid; | |
23764 | +extern int grsec_enable_group; | |
23765 | +extern int grsec_enable_audit_ipc; | |
23766 | +extern int grsec_enable_audit_textrel; | |
23767 | +extern int grsec_enable_mount; | |
23768 | +extern int grsec_enable_chdir; | |
23769 | +extern int grsec_resource_logging; | |
23770 | +extern int grsec_lock; | |
23771 | + | |
23772 | +extern struct task_struct *child_reaper; | |
23773 | + | |
23774 | +extern spinlock_t grsec_alert_lock; | |
23775 | +extern unsigned long grsec_alert_wtime; | |
23776 | +extern unsigned long grsec_alert_fyet; | |
23777 | + | |
23778 | +extern spinlock_t grsec_audit_lock; | |
23779 | + | |
23780 | +extern rwlock_t grsec_exec_file_lock; | |
23781 | + | |
23782 | +#define gr_task_fullpath(tsk) (tsk->exec_file ? \ | |
23783 | + gr_to_filename2(tsk->exec_file->f_dentry, \ | |
23784 | + tsk->exec_file->f_vfsmnt) : "/") | |
23785 | + | |
23786 | +#define gr_parent_task_fullpath(tsk) (tsk->parent->exec_file ? \ | |
23787 | + gr_to_filename3(tsk->parent->exec_file->f_dentry, \ | |
23788 | + tsk->parent->exec_file->f_vfsmnt) : "/") | |
23789 | + | |
23790 | +#define gr_task_fullpath0(tsk) (tsk->exec_file ? \ | |
23791 | + gr_to_filename(tsk->exec_file->f_dentry, \ | |
23792 | + tsk->exec_file->f_vfsmnt) : "/") | |
23793 | + | |
23794 | +#define gr_parent_task_fullpath0(tsk) (tsk->parent->exec_file ? \ | |
23795 | + gr_to_filename1(tsk->parent->exec_file->f_dentry, \ | |
23796 | + tsk->parent->exec_file->f_vfsmnt) : "/") | |
23797 | + | |
23798 | +#define proc_is_chrooted(tsk_a) ((tsk_a->pid > 1) && (tsk_a->fs != NULL) && \ | |
23799 | + ((tsk_a->fs->root->d_inode->i_sb->s_dev != \ | |
23800 | + child_reaper->fs->root->d_inode->i_sb->s_dev) || \ | |
23801 | + (tsk_a->fs->root->d_inode->i_ino != \ | |
23802 | + child_reaper->fs->root->d_inode->i_ino))) | |
23803 | + | |
23804 | +#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs != NULL) && (tsk_b->fs != NULL) && \ | |
23805 | + (tsk_a->fs->root->d_inode->i_sb->s_dev == \ | |
23806 | + tsk_b->fs->root->d_inode->i_sb->s_dev) && \ | |
23807 | + (tsk_a->fs->root->d_inode->i_ino == \ | |
23808 | + tsk_b->fs->root->d_inode->i_ino)) | |
23809 | + | |
23810 | +#define DEFAULTSECARGS(task) gr_task_fullpath(task), task->comm, \ | |
23811 | + task->pid, task->uid, \ | |
23812 | + task->euid, task->gid, task->egid, \ | |
23813 | + gr_parent_task_fullpath(task), \ | |
23814 | + task->parent->comm, task->parent->pid, \ | |
23815 | + task->parent->uid, task->parent->euid, \ | |
23816 | + task->parent->gid, task->parent->egid | |
23817 | + | |
23818 | +#define GR_CHROOT_CAPS ( \ | |
23819 | + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \ | |
23820 | + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \ | |
23821 | + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \ | |
23822 | + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \ | |
23823 | + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \ | |
23824 | + CAP_TO_MASK(CAP_IPC_OWNER)) | |
23825 | + | |
23826 | +#define security_learn(normal_msg,args...) \ | |
23827 | +({ \ | |
23828 | + read_lock(&grsec_exec_file_lock); \ | |
23829 | + gr_add_learn_entry(normal_msg "\n", ## args); \ | |
23830 | + read_unlock(&grsec_exec_file_lock); \ | |
23831 | +}) | |
23832 | + | |
23833 | +enum { | |
23834 | + GR_DO_AUDIT, | |
23835 | + GR_DONT_AUDIT, | |
23836 | + GR_DONT_AUDIT_GOOD | |
23837 | +}; | |
23838 | + | |
23839 | +enum { | |
23840 | + GR_TTYSNIFF, | |
23841 | + GR_RBAC, | |
23842 | + GR_RBAC_STR, | |
23843 | + GR_STR_RBAC, | |
23844 | + GR_RBAC_MODE2, | |
23845 | + GR_RBAC_MODE3, | |
23846 | + GR_FILENAME, | |
23847 | + GR_NOARGS, | |
23848 | + GR_ONE_INT, | |
23849 | + GR_ONE_INT_TWO_STR, | |
23850 | + GR_ONE_STR, | |
23851 | + GR_STR_INT, | |
23852 | + GR_TWO_INT, | |
23853 | + GR_THREE_INT, | |
23854 | + GR_FIVE_INT_TWO_STR, | |
23855 | + GR_TWO_STR, | |
23856 | + GR_THREE_STR, | |
23857 | + GR_FOUR_STR, | |
23858 | + GR_STR_FILENAME, | |
23859 | + GR_FILENAME_STR, | |
23860 | + GR_FILENAME_TWO_INT, | |
23861 | + GR_FILENAME_TWO_INT_STR, | |
23862 | + GR_TEXTREL, | |
23863 | + GR_PTRACE, | |
23864 | + GR_RESOURCE, | |
23865 | + GR_CAP, | |
23866 | + GR_SIG, | |
23867 | + GR_CRASH1, | |
23868 | + GR_CRASH2, | |
23869 | + GR_PSACCT | |
23870 | +}; | |
23871 | + | |
23872 | +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task) | |
23873 | +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt) | |
23874 | +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str) | |
23875 | +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt) | |
23876 | +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2) | |
23877 | +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3) | |
23878 | +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt) | |
23879 | +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS) | |
23880 | +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num) | |
23881 | +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2) | |
23882 | +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str) | |
23883 | +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num) | |
23884 | +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2) | |
23885 | +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3) | |
23886 | +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2) | |
23887 | +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2) | |
23888 | +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3) | |
23889 | +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4) | |
23890 | +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt) | |
23891 | +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str) | |
23892 | +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2) | |
23893 | +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str) | |
23894 | +#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2) | |
23895 | +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task) | |
23896 | +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2) | |
23897 | +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str) | |
23898 | +#define gr_log_sig(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG, task, num) | |
23899 | +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong) | |
23900 | +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1) | |
23901 | +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) | |
23902 | + | |
23903 | +extern void gr_log_varargs(int audit, const char *msg, int argtypes, ...); | |
23904 | + | |
23905 | +#endif | |
23906 | + | |
23907 | +#endif | |
23908 | diff -urNp linux-2.6.19.1/include/linux/grmsg.h linux-2.6.19.1/include/linux/grmsg.h | |
23909 | --- linux-2.6.19.1/include/linux/grmsg.h 1969-12-31 19:00:00.000000000 -0500 | |
23910 | +++ linux-2.6.19.1/include/linux/grmsg.h 2006-12-03 15:16:25.000000000 -0500 | |
23911 | @@ -0,0 +1,108 @@ | |
23912 | +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" | |
23913 | +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" | |
23914 | +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " | |
23915 | +#define GR_STOPMOD_MSG "denied modification of module state by " | |
23916 | +#define GR_IOPERM_MSG "denied use of ioperm() by " | |
23917 | +#define GR_IOPL_MSG "denied use of iopl() by " | |
23918 | +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by " | |
23919 | +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by " | |
23920 | +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by " | |
23921 | +#define GR_KMEM_MSG "denied write of /dev/kmem by " | |
23922 | +#define GR_PORT_OPEN_MSG "denied open of /dev/port by " | |
23923 | +#define GR_MEM_WRITE_MSG "denied write of /dev/mem by " | |
23924 | +#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by " | |
23925 | +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by " | |
23926 | +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%u.%u.%u.%u" | |
23927 | +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%u.%u.%u.%u" | |
23928 | +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by " | |
23929 | +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by " | |
23930 | +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by " | |
23931 | +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by " | |
23932 | +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by " | |
23933 | +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by " | |
23934 | +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by " | |
23935 | +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%u.%u.%u.%u %.480s[%.16s:%d], parent %.480s[%.16s:%d] against " | |
23936 | +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by " | |
23937 | +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by " | |
23938 | +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by " | |
23939 | +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by " | |
23940 | +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for " | |
23941 | +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by " | |
23942 | +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by " | |
23943 | +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " | |
23944 | +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " | |
23945 | +#define GR_NPROC_MSG "denied overstep of process limit by " | |
23946 | +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " | |
23947 | +#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by " | |
23948 | +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds" | |
23949 | +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds" | |
23950 | +#define GR_MOUNT_CHROOT_MSG "denied mount of %.30s as %.930s from chroot by " | |
23951 | +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by " | |
23952 | +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by " | |
23953 | +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " | |
23954 | +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " | |
23955 | +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by " | |
23956 | +#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by " | |
23957 | +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " | |
23958 | +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " | |
23959 | +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " | |
23960 | +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " | |
23961 | +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " | |
23962 | +#define GR_INITF_ACL_MSG "init_variables() failed %s by " | |
23963 | +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader" | |
23964 | +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by " | |
23965 | +#define GR_SHUTS_ACL_MSG "shutdown auth success for " | |
23966 | +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " | |
23967 | +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " | |
23968 | +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for " | |
23969 | +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for " | |
23970 | +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for " | |
23971 | +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by " | |
23972 | +#define GR_ENABLEF_ACL_MSG "unable to load %s for " | |
23973 | +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system" | |
23974 | +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by " | |
23975 | +#define GR_RELOADF_ACL_MSG "failed reload of %s for " | |
23976 | +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for " | |
23977 | +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by " | |
23978 | +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by " | |
23979 | +#define GR_SPROLEF_ACL_MSG "special role %s failure for " | |
23980 | +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for " | |
23981 | +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by " | |
23982 | +#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for " | |
23983 | +#define GR_INVMODE_ACL_MSG "invalid mode %d by " | |
23984 | +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by " | |
23985 | +#define GR_FAILFORK_MSG "failed fork with errno %d by " | |
23986 | +#define GR_NICE_CHROOT_MSG "denied priority change by " | |
23987 | +#define GR_UNISIGLOG_MSG "signal %d sent to " | |
23988 | +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by " | |
23989 | +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by " | |
23990 | +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by " | |
23991 | +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by " | |
23992 | +#define GR_TIME_MSG "time set by " | |
23993 | +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by " | |
23994 | +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by " | |
23995 | +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by " | |
23996 | +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by " | |
23997 | +#define GR_SOCK2_MSG "denied socket(%d,%.16s,%.16s) by " | |
23998 | +#define GR_BIND_MSG "denied bind() by " | |
23999 | +#define GR_CONNECT_MSG "denied connect() by " | |
24000 | +#define GR_BIND_ACL_MSG "denied bind() to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " | |
24001 | +#define GR_CONNECT_ACL_MSG "denied connect() to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by " | |
24002 | +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%u.%u.%u.%u\t%u\t%u\t%u\t%u\t%u.%u.%u.%u" | |
24003 | +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " | |
24004 | +#define GR_CAP_ACL_MSG "use of %s denied for " | |
24005 | +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for " | |
24006 | +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for " | |
24007 | +#define GR_REMOUNT_AUDIT_MSG "remount of %.30s by " | |
24008 | +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.30s by " | |
24009 | +#define GR_MOUNT_AUDIT_MSG "mount of %.30s to %.64s by " | |
24010 | +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by " | |
24011 | +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by " | |
24012 | +#define GR_MSGQ_AUDIT_MSG "message queue created by " | |
24013 | +#define GR_MSGQR_AUDIT_MSG "message queue of uid:%u euid:%u removed by " | |
24014 | +#define GR_SEM_AUDIT_MSG "semaphore created by " | |
24015 | +#define GR_SEMR_AUDIT_MSG "semaphore of uid:%u euid:%u removed by " | |
24016 | +#define GR_SHM_AUDIT_MSG "shared memory of size %d created by " | |
24017 | +#define GR_SHMR_AUDIT_MSG "shared memory of uid:%u euid:%u removed by " | |
24018 | +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for " | |
24019 | +#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by " | |
24020 | diff -urNp linux-2.6.19.1/include/linux/grsecurity.h linux-2.6.19.1/include/linux/grsecurity.h | |
24021 | --- linux-2.6.19.1/include/linux/grsecurity.h 1969-12-31 19:00:00.000000000 -0500 | |
24022 | +++ linux-2.6.19.1/include/linux/grsecurity.h 2006-12-03 15:16:25.000000000 -0500 | |
24023 | @@ -0,0 +1,196 @@ | |
24024 | +#ifndef GR_SECURITY_H | |
24025 | +#define GR_SECURITY_H | |
24026 | +#include <linux/fs.h> | |
24027 | +#include <linux/binfmts.h> | |
24028 | +#include <linux/gracl.h> | |
24029 | + | |
24030 | +extern void gr_handle_brute_attach(struct task_struct *p); | |
24031 | +extern void gr_handle_brute_check(void); | |
24032 | + | |
24033 | +extern char gr_roletype_to_char(void); | |
24034 | + | |
24035 | +extern int gr_check_user_change(int real, int effective, int fs); | |
24036 | +extern int gr_check_group_change(int real, int effective, int fs); | |
24037 | + | |
24038 | +extern void gr_del_task_from_ip_table(struct task_struct *p); | |
24039 | + | |
24040 | +extern int gr_pid_is_chrooted(struct task_struct *p); | |
24041 | +extern int gr_handle_chroot_nice(void); | |
24042 | +extern int gr_handle_chroot_sysctl(const int op); | |
24043 | +extern int gr_handle_chroot_setpriority(struct task_struct *p, | |
24044 | + const int niceval); | |
24045 | +extern int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); | |
24046 | +extern int gr_handle_chroot_chroot(const struct dentry *dentry, | |
24047 | + const struct vfsmount *mnt); | |
24048 | +extern void gr_handle_chroot_caps(struct task_struct *task); | |
24049 | +extern void gr_handle_chroot_chdir(struct dentry *dentry, struct vfsmount *mnt); | |
24050 | +extern int gr_handle_chroot_chmod(const struct dentry *dentry, | |
24051 | + const struct vfsmount *mnt, const int mode); | |
24052 | +extern int gr_handle_chroot_mknod(const struct dentry *dentry, | |
24053 | + const struct vfsmount *mnt, const int mode); | |
24054 | +extern int gr_handle_chroot_mount(const struct dentry *dentry, | |
24055 | + const struct vfsmount *mnt, | |
24056 | + const char *dev_name); | |
24057 | +extern int gr_handle_chroot_pivot(void); | |
24058 | +extern int gr_handle_chroot_unix(const pid_t pid); | |
24059 | + | |
24060 | +extern int gr_handle_rawio(const struct inode *inode); | |
24061 | +extern int gr_handle_nproc(void); | |
24062 | + | |
24063 | +extern void gr_handle_ioperm(void); | |
24064 | +extern void gr_handle_iopl(void); | |
24065 | + | |
24066 | +extern int gr_tpe_allow(const struct file *file); | |
24067 | + | |
24068 | +extern int gr_random_pid(void); | |
24069 | + | |
24070 | +extern void gr_log_forkfail(const int retval); | |
24071 | +extern void gr_log_timechange(void); | |
24072 | +extern void gr_log_signal(const int sig, const struct task_struct *t); | |
24073 | +extern void gr_log_chdir(const struct dentry *dentry, | |
24074 | + const struct vfsmount *mnt); | |
24075 | +extern void gr_log_chroot_exec(const struct dentry *dentry, | |
24076 | + const struct vfsmount *mnt); | |
24077 | +extern void gr_handle_exec_args(struct linux_binprm *bprm, char **argv); | |
24078 | +extern void gr_log_remount(const char *devname, const int retval); | |
24079 | +extern void gr_log_unmount(const char *devname, const int retval); | |
24080 | +extern void gr_log_mount(const char *from, const char *to, const int retval); | |
24081 | +extern void gr_log_msgget(const int ret, const int msgflg); | |
24082 | +extern void gr_log_msgrm(const uid_t uid, const uid_t cuid); | |
24083 | +extern void gr_log_semget(const int err, const int semflg); | |
24084 | +extern void gr_log_semrm(const uid_t uid, const uid_t cuid); | |
24085 | +extern void gr_log_shmget(const int err, const int shmflg, const size_t size); | |
24086 | +extern void gr_log_shmrm(const uid_t uid, const uid_t cuid); | |
24087 | +extern void gr_log_textrel(struct vm_area_struct *vma); | |
24088 | + | |
24089 | +extern int gr_handle_follow_link(const struct inode *parent, | |
24090 | + const struct inode *inode, | |
24091 | + const struct dentry *dentry, | |
24092 | + const struct vfsmount *mnt); | |
24093 | +extern int gr_handle_fifo(const struct dentry *dentry, | |
24094 | + const struct vfsmount *mnt, | |
24095 | + const struct dentry *dir, const int flag, | |
24096 | + const int acc_mode); | |
24097 | +extern int gr_handle_hardlink(const struct dentry *dentry, | |
24098 | + const struct vfsmount *mnt, | |
24099 | + struct inode *inode, | |
24100 | + const int mode, const char *to); | |
24101 | + | |
24102 | +extern int gr_task_is_capable(struct task_struct *task, const int cap); | |
24103 | +extern int gr_is_capable_nolog(const int cap); | |
24104 | +extern void gr_learn_resource(const struct task_struct *task, const int limit, | |
24105 | + const unsigned long wanted, const int gt); | |
24106 | +extern void gr_copy_label(struct task_struct *tsk); | |
24107 | +extern void gr_handle_crash(struct task_struct *task, const int sig); | |
24108 | +extern int gr_handle_signal(const struct task_struct *p, const int sig); | |
24109 | +extern int gr_check_crash_uid(const uid_t uid); | |
24110 | +extern int gr_check_protected_task(const struct task_struct *task); | |
24111 | +extern int gr_acl_handle_mmap(const struct file *file, | |
24112 | + const unsigned long prot); | |
24113 | +extern int gr_acl_handle_mprotect(const struct file *file, | |
24114 | + const unsigned long prot); | |
24115 | +extern int gr_check_hidden_task(const struct task_struct *tsk); | |
24116 | +extern __u32 gr_acl_handle_truncate(const struct dentry *dentry, | |
24117 | + const struct vfsmount *mnt); | |
24118 | +extern __u32 gr_acl_handle_utime(const struct dentry *dentry, | |
24119 | + const struct vfsmount *mnt); | |
24120 | +extern __u32 gr_acl_handle_access(const struct dentry *dentry, | |
24121 | + const struct vfsmount *mnt, const int fmode); | |
24122 | +extern __u32 gr_acl_handle_fchmod(const struct dentry *dentry, | |
24123 | + const struct vfsmount *mnt, mode_t mode); | |
24124 | +extern __u32 gr_acl_handle_chmod(const struct dentry *dentry, | |
24125 | + const struct vfsmount *mnt, mode_t mode); | |
24126 | +extern __u32 gr_acl_handle_chown(const struct dentry *dentry, | |
24127 | + const struct vfsmount *mnt); | |
24128 | +extern int gr_handle_ptrace(struct task_struct *task, const long request); | |
24129 | +extern int gr_handle_proc_ptrace(struct task_struct *task); | |
24130 | +extern __u32 gr_acl_handle_execve(const struct dentry *dentry, | |
24131 | + const struct vfsmount *mnt); | |
24132 | +extern int gr_check_crash_exec(const struct file *filp); | |
24133 | +extern int gr_acl_is_enabled(void); | |
24134 | +extern void gr_set_kernel_label(struct task_struct *task); | |
24135 | +extern void gr_set_role_label(struct task_struct *task, const uid_t uid, | |
24136 | + const gid_t gid); | |
24137 | +extern int gr_set_proc_label(const struct dentry *dentry, | |
24138 | + const struct vfsmount *mnt); | |
24139 | +extern __u32 gr_acl_handle_hidden_file(const struct dentry *dentry, | |
24140 | + const struct vfsmount *mnt); | |
24141 | +extern __u32 gr_acl_handle_open(const struct dentry *dentry, | |
24142 | + const struct vfsmount *mnt, const int fmode); | |
24143 | +extern __u32 gr_acl_handle_creat(const struct dentry *dentry, | |
24144 | + const struct dentry *p_dentry, | |
24145 | + const struct vfsmount *p_mnt, const int fmode, | |
24146 | + const int imode); | |
24147 | +extern void gr_handle_create(const struct dentry *dentry, | |
24148 | + const struct vfsmount *mnt); | |
24149 | +extern __u32 gr_acl_handle_mknod(const struct dentry *new_dentry, | |
24150 | + const struct dentry *parent_dentry, | |
24151 | + const struct vfsmount *parent_mnt, | |
24152 | + const int mode); | |
24153 | +extern __u32 gr_acl_handle_mkdir(const struct dentry *new_dentry, | |
24154 | + const struct dentry *parent_dentry, | |
24155 | + const struct vfsmount *parent_mnt); | |
24156 | +extern __u32 gr_acl_handle_rmdir(const struct dentry *dentry, | |
24157 | + const struct vfsmount *mnt); | |
24158 | +extern void gr_handle_delete(const ino_t ino, const dev_t dev); | |
24159 | +extern __u32 gr_acl_handle_unlink(const struct dentry *dentry, | |
24160 | + const struct vfsmount *mnt); | |
24161 | +extern __u32 gr_acl_handle_symlink(const struct dentry *new_dentry, | |
24162 | + const struct dentry *parent_dentry, | |
24163 | + const struct vfsmount *parent_mnt, | |
24164 | + const char *from); | |
24165 | +extern __u32 gr_acl_handle_link(const struct dentry *new_dentry, | |
24166 | + const struct dentry *parent_dentry, | |
24167 | + const struct vfsmount *parent_mnt, | |
24168 | + const struct dentry *old_dentry, | |
24169 | + const struct vfsmount *old_mnt, const char *to); | |
24170 | +extern int gr_acl_handle_rename(struct dentry *new_dentry, | |
24171 | + struct dentry *parent_dentry, | |
24172 | + const struct vfsmount *parent_mnt, | |
24173 | + struct dentry *old_dentry, | |
24174 | + struct inode *old_parent_inode, | |
24175 | + struct vfsmount *old_mnt, const char *newname); | |
24176 | +extern void gr_handle_rename(struct inode *old_dir, struct inode *new_dir, | |
24177 | + struct dentry *old_dentry, | |
24178 | + struct dentry *new_dentry, | |
24179 | + struct vfsmount *mnt, const __u8 replace); | |
24180 | +extern __u32 gr_check_link(const struct dentry *new_dentry, | |
24181 | + const struct dentry *parent_dentry, | |
24182 | + const struct vfsmount *parent_mnt, | |
24183 | + const struct dentry *old_dentry, | |
24184 | + const struct vfsmount *old_mnt); | |
24185 | +extern int gr_acl_handle_filldir(const struct file *file, const char *name, | |
24186 | + const unsigned int namelen, const ino_t ino); | |
24187 | + | |
24188 | +extern __u32 gr_acl_handle_unix(const struct dentry *dentry, | |
24189 | + const struct vfsmount *mnt); | |
24190 | +extern void gr_acl_handle_exit(void); | |
24191 | +extern void gr_acl_handle_psacct(struct task_struct *task, const long code); | |
24192 | +extern int gr_acl_handle_procpidmem(const struct task_struct *task); | |
24193 | +extern __u32 gr_cap_rtnetlink(void); | |
24194 | + | |
24195 | +#ifdef CONFIG_SYSVIPC | |
24196 | +extern void gr_shm_exit(struct task_struct *task); | |
24197 | +#else | |
24198 | +static inline void gr_shm_exit(struct task_struct *task) | |
24199 | +{ | |
24200 | + return; | |
24201 | +} | |
24202 | +#endif | |
24203 | + | |
24204 | +#ifdef CONFIG_GRKERNSEC | |
24205 | +extern void gr_handle_mem_write(void); | |
24206 | +extern void gr_handle_kmem_write(void); | |
24207 | +extern void gr_handle_open_port(void); | |
24208 | +extern int gr_handle_mem_mmap(const unsigned long offset, | |
24209 | + struct vm_area_struct *vma); | |
24210 | + | |
24211 | +extern unsigned long pax_get_random_long(void); | |
24212 | +#define get_random_long() pax_get_random_long() | |
24213 | + | |
24214 | +extern int grsec_enable_dmesg; | |
24215 | +extern int grsec_enable_randsrc; | |
24216 | +extern int grsec_enable_shm; | |
24217 | +#endif | |
24218 | + | |
24219 | +#endif | |
24220 | diff -urNp linux-2.6.19.1/include/linux/highmem.h linux-2.6.19.1/include/linux/highmem.h | |
24221 | --- linux-2.6.19.1/include/linux/highmem.h 2006-11-29 16:57:37.000000000 -0500 | |
24222 | +++ linux-2.6.19.1/include/linux/highmem.h 2006-12-03 15:16:24.000000000 -0500 | |
24223 | @@ -74,9 +74,9 @@ alloc_zeroed_user_highpage(struct vm_are | |
24224 | ||
24225 | static inline void clear_highpage(struct page *page) | |
24226 | { | |
24227 | - void *kaddr = kmap_atomic(page, KM_USER0); | |
24228 | + void *kaddr = kmap_atomic(page, KM_CLEARPAGE); | |
24229 | clear_page(kaddr); | |
24230 | - kunmap_atomic(kaddr, KM_USER0); | |
24231 | + kunmap_atomic(kaddr, KM_CLEARPAGE); | |
24232 | } | |
24233 | ||
24234 | /* | |
24235 | diff -urNp linux-2.6.19.1/include/linux/jbd2.h linux-2.6.19.1/include/linux/jbd2.h | |
24236 | --- linux-2.6.19.1/include/linux/jbd2.h 2006-11-29 16:57:37.000000000 -0500 | |
24237 | +++ linux-2.6.19.1/include/linux/jbd2.h 2006-12-03 15:16:24.000000000 -0500 | |
24238 | @@ -68,7 +68,7 @@ extern int jbd2_journal_enable_debug; | |
24239 | } \ | |
24240 | } while (0) | |
24241 | #else | |
24242 | -#define jbd_debug(f, a...) /**/ | |
24243 | +#define jbd_debug(f, a...) do {} while (0) | |
24244 | #endif | |
24245 | ||
24246 | extern void * __jbd2_kmalloc (const char *where, size_t size, gfp_t flags, int retry); | |
24247 | diff -urNp linux-2.6.19.1/include/linux/jbd.h linux-2.6.19.1/include/linux/jbd.h | |
24248 | --- linux-2.6.19.1/include/linux/jbd.h 2006-11-29 16:57:37.000000000 -0500 | |
24249 | +++ linux-2.6.19.1/include/linux/jbd.h 2006-12-03 15:16:24.000000000 -0500 | |
24250 | @@ -68,7 +68,7 @@ extern int journal_enable_debug; | |
24251 | } \ | |
24252 | } while (0) | |
24253 | #else | |
24254 | -#define jbd_debug(f, a...) /**/ | |
24255 | +#define jbd_debug(f, a...) do {} while (0) | |
24256 | #endif | |
24257 | ||
24258 | extern void * __jbd_kmalloc (const char *where, size_t size, gfp_t flags, int retry); | |
24259 | diff -urNp linux-2.6.19.1/include/linux/mman.h linux-2.6.19.1/include/linux/mman.h | |
24260 | --- linux-2.6.19.1/include/linux/mman.h 2006-11-29 16:57:37.000000000 -0500 | |
24261 | +++ linux-2.6.19.1/include/linux/mman.h 2006-12-03 15:16:25.000000000 -0500 | |
24262 | @@ -61,6 +61,11 @@ static inline unsigned long | |
24263 | calc_vm_flag_bits(unsigned long flags) | |
24264 | { | |
24265 | return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | | |
24266 | + | |
24267 | +#ifdef CONFIG_PAX_SEGMEXEC | |
24268 | + _calc_vm_trans(flags, MAP_MIRROR, VM_MIRROR) | | |
24269 | +#endif | |
24270 | + | |
24271 | _calc_vm_trans(flags, MAP_DENYWRITE, VM_DENYWRITE ) | | |
24272 | _calc_vm_trans(flags, MAP_EXECUTABLE, VM_EXECUTABLE) | | |
24273 | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ); | |
24274 | diff -urNp linux-2.6.19.1/include/linux/mm.h linux-2.6.19.1/include/linux/mm.h | |
24275 | --- linux-2.6.19.1/include/linux/mm.h 2006-11-29 16:57:37.000000000 -0500 | |
24276 | +++ linux-2.6.19.1/include/linux/mm.h 2006-12-03 15:16:25.000000000 -0500 | |
24277 | @@ -39,6 +39,7 @@ extern int sysctl_legacy_va_layout; | |
24278 | #include <asm/page.h> | |
24279 | #include <asm/pgtable.h> | |
24280 | #include <asm/processor.h> | |
24281 | +#include <asm/mman.h> | |
24282 | ||
24283 | #define nth_page(page,n) pfn_to_page(page_to_pfn((page)) + (n)) | |
24284 | ||
24285 | @@ -112,8 +113,43 @@ struct vm_area_struct { | |
24286 | #ifdef CONFIG_NUMA | |
24287 | struct mempolicy *vm_policy; /* NUMA policy for the VMA */ | |
24288 | #endif | |
24289 | + | |
24290 | + unsigned long vm_mirror; /* PaX: mirror distance */ | |
24291 | }; | |
24292 | ||
24293 | +#ifdef CONFIG_PAX_SOFTMODE | |
24294 | +extern unsigned int pax_softmode; | |
24295 | +#endif | |
24296 | + | |
24297 | +extern int pax_check_flags(unsigned long *); | |
24298 | + | |
24299 | +/* if tsk != current then task_lock must be held on it */ | |
24300 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
24301 | +static inline unsigned long pax_get_flags(struct task_struct *tsk) | |
24302 | +{ | |
24303 | + if (likely(tsk->mm)) | |
24304 | + return tsk->mm->pax_flags; | |
24305 | + else | |
24306 | + return 0UL; | |
24307 | +} | |
24308 | + | |
24309 | +/* if tsk != current then task_lock must be held on it */ | |
24310 | +static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags) | |
24311 | +{ | |
24312 | + if (likely(tsk->mm)) { | |
24313 | + tsk->mm->pax_flags = flags; | |
24314 | + return 0; | |
24315 | + } | |
24316 | + return -EINVAL; | |
24317 | +} | |
24318 | +#endif | |
24319 | + | |
24320 | +#ifdef CONFIG_PAX_HAVE_ACL_FLAGS | |
24321 | +extern void pax_set_initial_flags(struct linux_binprm * bprm); | |
24322 | +#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS) | |
24323 | +extern void (*pax_set_initial_flags_func)(struct linux_binprm * bprm); | |
24324 | +#endif | |
24325 | + | |
24326 | /* | |
24327 | * This struct defines the per-mm list of VMAs for uClinux. If CONFIG_MMU is | |
24328 | * disabled, then there's a single shared list of VMAs maintained by the | |
24329 | @@ -167,6 +203,18 @@ extern unsigned int kobjsize(const void | |
24330 | #define VM_MAPPED_COPY 0x01000000 /* T if mapped copy of data (nommu mmap) */ | |
24331 | #define VM_INSERTPAGE 0x02000000 /* The vma has had "vm_insert_page()" done on it */ | |
24332 | ||
24333 | +#ifdef CONFIG_PAX_SEGMEXEC | |
24334 | +#define VM_MIRROR 0x04000000 /* vma is mirroring another */ | |
24335 | +#endif | |
24336 | + | |
24337 | +#ifdef CONFIG_PAX_MPROTECT | |
24338 | +#define VM_MAYNOTWRITE 0x08000000 /* vma cannot be granted VM_WRITE any more */ | |
24339 | +#endif | |
24340 | + | |
24341 | +#ifdef __VM_STACK_FLAGS | |
24342 | +#define VM_STACK_DEFAULT_FLAGS (0x00000033 | __VM_STACK_FLAGS) | |
24343 | +#endif | |
24344 | + | |
24345 | #ifndef VM_STACK_DEFAULT_FLAGS /* arch can override this */ | |
24346 | #define VM_STACK_DEFAULT_FLAGS VM_DATA_DEFAULT_FLAGS | |
24347 | #endif | |
24348 | @@ -1130,5 +1178,11 @@ extern int randomize_va_space; | |
24349 | ||
24350 | __attribute__((weak)) const char *arch_vma_name(struct vm_area_struct *vma); | |
24351 | ||
24352 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
24353 | +extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot); | |
24354 | +#else | |
24355 | +static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {} | |
24356 | +#endif | |
24357 | + | |
24358 | #endif /* __KERNEL__ */ | |
24359 | #endif /* _LINUX_MM_H */ | |
24360 | diff -urNp linux-2.6.19.1/include/linux/module.h linux-2.6.19.1/include/linux/module.h | |
24361 | --- linux-2.6.19.1/include/linux/module.h 2006-11-29 16:57:37.000000000 -0500 | |
24362 | +++ linux-2.6.19.1/include/linux/module.h 2006-12-03 15:16:25.000000000 -0500 | |
24363 | @@ -297,16 +297,16 @@ struct module | |
24364 | int (*init)(void); | |
24365 | ||
24366 | /* If this is non-NULL, vfree after init() returns */ | |
24367 | - void *module_init; | |
24368 | + void *module_init_rx, *module_init_rw; | |
24369 | ||
24370 | /* Here is the actual code + data, vfree'd on unload. */ | |
24371 | - void *module_core; | |
24372 | + void *module_core_rx, *module_core_rw; | |
24373 | ||
24374 | /* Here are the sizes of the init and core sections */ | |
24375 | - unsigned long init_size, core_size; | |
24376 | + unsigned long init_size_rw, core_size_rw; | |
24377 | ||
24378 | /* The size of the executable code in each section. */ | |
24379 | - unsigned long init_text_size, core_text_size; | |
24380 | + unsigned long init_size_rx, core_size_rx; | |
24381 | ||
24382 | /* The handle returned from unwind_add_table. */ | |
24383 | void *unwind_info; | |
24384 | diff -urNp linux-2.6.19.1/include/linux/moduleloader.h linux-2.6.19.1/include/linux/moduleloader.h | |
24385 | --- linux-2.6.19.1/include/linux/moduleloader.h 2006-11-29 16:57:37.000000000 -0500 | |
24386 | +++ linux-2.6.19.1/include/linux/moduleloader.h 2006-12-03 15:16:25.000000000 -0500 | |
24387 | @@ -17,9 +17,21 @@ int module_frob_arch_sections(Elf_Ehdr * | |
24388 | sections. Returns NULL on failure. */ | |
24389 | void *module_alloc(unsigned long size); | |
24390 | ||
24391 | +#ifdef CONFIG_PAX_KERNEXEC | |
24392 | +void *module_alloc_exec(unsigned long size); | |
24393 | +#else | |
24394 | +#define module_alloc_exec(x) module_alloc(x) | |
24395 | +#endif | |
24396 | + | |
24397 | /* Free memory returned from module_alloc. */ | |
24398 | void module_free(struct module *mod, void *module_region); | |
24399 | ||
24400 | +#ifdef CONFIG_PAX_KERNEXEC | |
24401 | +void module_free_exec(struct module *mod, void *module_region); | |
24402 | +#else | |
24403 | +#define module_free_exec(x, y) module_free(x, y) | |
24404 | +#endif | |
24405 | + | |
24406 | /* Apply the given relocation to the (simplified) ELF. Return -error | |
24407 | or 0. */ | |
24408 | int apply_relocate(Elf_Shdr *sechdrs, | |
24409 | diff -urNp linux-2.6.19.1/include/linux/random.h linux-2.6.19.1/include/linux/random.h | |
24410 | --- linux-2.6.19.1/include/linux/random.h 2006-11-29 16:57:37.000000000 -0500 | |
24411 | +++ linux-2.6.19.1/include/linux/random.h 2006-12-03 15:16:25.000000000 -0500 | |
24412 | @@ -62,6 +62,8 @@ extern __u32 secure_tcpv6_sequence_numbe | |
24413 | extern u64 secure_dccp_sequence_number(__u32 saddr, __u32 daddr, | |
24414 | __u16 sport, __u16 dport); | |
24415 | ||
24416 | +extern unsigned long pax_get_random_long(void); | |
24417 | + | |
24418 | #ifndef MODULE | |
24419 | extern struct file_operations random_fops, urandom_fops; | |
24420 | #endif | |
24421 | diff -urNp linux-2.6.19.1/include/linux/sched.h linux-2.6.19.1/include/linux/sched.h | |
24422 | --- linux-2.6.19.1/include/linux/sched.h 2006-11-29 16:57:37.000000000 -0500 | |
24423 | +++ linux-2.6.19.1/include/linux/sched.h 2006-12-03 15:16:25.000000000 -0500 | |
24424 | @@ -87,6 +87,7 @@ struct sched_param { | |
24425 | ||
24426 | struct exec_domain; | |
24427 | struct futex_pi_state; | |
24428 | +struct linux_binprm; | |
24429 | ||
24430 | /* | |
24431 | * List of flags we want to share for kernel threads, | |
24432 | @@ -355,8 +356,34 @@ struct mm_struct { | |
24433 | /* aio bits */ | |
24434 | rwlock_t ioctx_list_lock; | |
24435 | struct kioctx *ioctx_list; | |
24436 | + | |
24437 | +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) | |
24438 | + unsigned long pax_flags; | |
24439 | +#endif | |
24440 | + | |
24441 | +#ifdef CONFIG_PAX_DLRESOLVE | |
24442 | + unsigned long call_dl_resolve; | |
24443 | +#endif | |
24444 | + | |
24445 | +#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT) | |
24446 | + unsigned long call_syscall; | |
24447 | +#endif | |
24448 | + | |
24449 | +#ifdef CONFIG_PAX_ASLR | |
24450 | + unsigned long delta_mmap; /* randomized offset */ | |
24451 | + unsigned long delta_exec; /* randomized offset */ | |
24452 | + unsigned long delta_stack; /* randomized offset */ | |
24453 | +#endif | |
24454 | + | |
24455 | }; | |
24456 | ||
24457 | +#define MF_PAX_PAGEEXEC 0x01000000 /* Paging based non-executable pages */ | |
24458 | +#define MF_PAX_EMUTRAMP 0x02000000 /* Emulate trampolines */ | |
24459 | +#define MF_PAX_MPROTECT 0x04000000 /* Restrict mprotect() */ | |
24460 | +#define MF_PAX_RANDMMAP 0x08000000 /* Randomize mmap() base */ | |
24461 | +/*#define MF_PAX_RANDEXEC 0x10000000*/ /* Randomize ET_EXEC base */ | |
24462 | +#define MF_PAX_SEGMEXEC 0x20000000 /* Segmentation based non-executable pages */ | |
24463 | + | |
24464 | struct sighand_struct { | |
24465 | atomic_t count; | |
24466 | struct k_sigaction action[_NSIG]; | |
24467 | @@ -468,6 +495,15 @@ struct signal_struct { | |
24468 | #ifdef CONFIG_TASKSTATS | |
24469 | struct taskstats *stats; | |
24470 | #endif | |
24471 | + | |
24472 | +#ifdef CONFIG_GRKERNSEC | |
24473 | + u32 curr_ip; | |
24474 | + u32 gr_saddr; | |
24475 | + u32 gr_daddr; | |
24476 | + u16 gr_sport; | |
24477 | + u16 gr_dport; | |
24478 | + u8 used_accept:1; | |
24479 | +#endif | |
24480 | }; | |
24481 | ||
24482 | /* Context switch must be unlocked if interrupts are to be enabled */ | |
24483 | @@ -1013,6 +1049,17 @@ struct task_struct { | |
24484 | struct list_head pi_state_list; | |
24485 | struct futex_pi_state *pi_state_cache; | |
24486 | ||
24487 | +#ifdef CONFIG_GRKERNSEC | |
24488 | + /* grsecurity */ | |
24489 | + struct acl_subject_label *acl; | |
24490 | + struct acl_role_label *role; | |
24491 | + struct file *exec_file; | |
24492 | + u16 acl_role_id; | |
24493 | + u8 acl_sp_role:1; | |
24494 | + u8 is_writable:1; | |
24495 | + u8 brute:1; | |
24496 | +#endif | |
24497 | + | |
24498 | atomic_t fs_excl; /* holding fs exclusive resources */ | |
24499 | struct rcu_head rcu; | |
24500 | ||
24501 | @@ -1595,6 +1642,12 @@ extern void arch_pick_mmap_layout(struct | |
24502 | static inline void arch_pick_mmap_layout(struct mm_struct *mm) | |
24503 | { | |
24504 | mm->mmap_base = TASK_UNMAPPED_BASE; | |
24505 | + | |
24506 | +#ifdef CONFIG_PAX_RANDMMAP | |
24507 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
24508 | + mm->mmap_base += mm->delta_mmap; | |
24509 | +#endif | |
24510 | + | |
24511 | mm->get_unmapped_area = arch_get_unmapped_area; | |
24512 | mm->unmap_area = arch_unmap_area; | |
24513 | } | |
24514 | diff -urNp linux-2.6.19.1/include/linux/shm.h linux-2.6.19.1/include/linux/shm.h | |
24515 | --- linux-2.6.19.1/include/linux/shm.h 2006-11-29 16:57:37.000000000 -0500 | |
24516 | +++ linux-2.6.19.1/include/linux/shm.h 2006-12-03 15:16:25.000000000 -0500 | |
24517 | @@ -86,6 +86,10 @@ struct shmid_kernel /* private to the ke | |
24518 | pid_t shm_cprid; | |
24519 | pid_t shm_lprid; | |
24520 | struct user_struct *mlock_user; | |
24521 | +#ifdef CONFIG_GRKERNSEC | |
24522 | + time_t shm_createtime; | |
24523 | + pid_t shm_lapid; | |
24524 | +#endif | |
24525 | }; | |
24526 | ||
24527 | /* shm_mode upper byte flags */ | |
24528 | diff -urNp linux-2.6.19.1/include/linux/skbuff.h linux-2.6.19.1/include/linux/skbuff.h | |
24529 | --- linux-2.6.19.1/include/linux/skbuff.h 2006-11-29 16:57:37.000000000 -0500 | |
24530 | +++ linux-2.6.19.1/include/linux/skbuff.h 2006-12-03 15:16:25.000000000 -0500 | |
24531 | @@ -372,7 +372,7 @@ extern void skb_truesize_bug(struc | |
24532 | ||
24533 | static inline void skb_truesize_check(struct sk_buff *skb) | |
24534 | { | |
24535 | - if (unlikely((int)skb->truesize < sizeof(struct sk_buff) + skb->len)) | |
24536 | + if (unlikely(skb->truesize < sizeof(struct sk_buff) + skb->len)) | |
24537 | skb_truesize_bug(skb); | |
24538 | } | |
24539 | ||
24540 | diff -urNp linux-2.6.19.1/include/linux/sysctl.h linux-2.6.19.1/include/linux/sysctl.h | |
24541 | --- linux-2.6.19.1/include/linux/sysctl.h 2006-11-29 16:57:37.000000000 -0500 | |
24542 | +++ linux-2.6.19.1/include/linux/sysctl.h 2006-12-03 15:16:25.000000000 -0500 | |
24543 | @@ -160,9 +160,21 @@ enum | |
24544 | KERN_MAX_LOCK_DEPTH=74, | |
24545 | KERN_NMI_WATCHDOG=75, /* int: enable/disable nmi watchdog */ | |
24546 | KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ | |
24547 | -}; | |
24548 | +#ifdef CONFIG_GRKERNSEC | |
24549 | + KERN_GRSECURITY=98, /* grsecurity */ | |
24550 | +#endif | |
24551 | + | |
24552 | +#ifdef CONFIG_PAX_SOFTMODE | |
24553 | + KERN_PAX=99, /* PaX control */ | |
24554 | +#endif | |
24555 | ||
24556 | +}; | |
24557 | ||
24558 | +#ifdef CONFIG_PAX_SOFTMODE | |
24559 | +enum { | |
24560 | + PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ | |
24561 | +}; | |
24562 | +#endif | |
24563 | ||
24564 | /* CTL_VM names: */ | |
24565 | enum | |
24566 | diff -urNp linux-2.6.19.1/include/linux/uaccess.h linux-2.6.19.1/include/linux/uaccess.h | |
24567 | --- linux-2.6.19.1/include/linux/uaccess.h 2006-11-29 16:57:37.000000000 -0500 | |
24568 | +++ linux-2.6.19.1/include/linux/uaccess.h 2006-12-03 15:16:25.000000000 -0500 | |
24569 | @@ -34,9 +34,12 @@ static inline unsigned long __copy_from_ | |
24570 | #define probe_kernel_address(addr, retval) \ | |
24571 | ({ \ | |
24572 | long ret; \ | |
24573 | + mm_segment_t old_fs = get_fs(); \ | |
24574 | \ | |
24575 | inc_preempt_count(); \ | |
24576 | + set_fs(KERNEL_DS); \ | |
24577 | ret = __get_user(retval, addr); \ | |
24578 | + set_fs(old_fs); \ | |
24579 | dec_preempt_count(); \ | |
24580 | ret; \ | |
24581 | }) | |
24582 | diff -urNp linux-2.6.19.1/include/linux/udf_fs.h linux-2.6.19.1/include/linux/udf_fs.h | |
24583 | --- linux-2.6.19.1/include/linux/udf_fs.h 2006-11-29 16:57:37.000000000 -0500 | |
24584 | +++ linux-2.6.19.1/include/linux/udf_fs.h 2006-12-03 15:16:25.000000000 -0500 | |
24585 | @@ -45,7 +45,7 @@ | |
24586 | printk (f, ##a); \ | |
24587 | } | |
24588 | #else | |
24589 | -#define udf_debug(f, a...) /**/ | |
24590 | +#define udf_debug(f, a...) do {} while (0) | |
24591 | #endif | |
24592 | ||
24593 | #define udf_info(f, a...) \ | |
24594 | diff -urNp linux-2.6.19.1/include/net/sctp/sctp.h linux-2.6.19.1/include/net/sctp/sctp.h | |
24595 | --- linux-2.6.19.1/include/net/sctp/sctp.h 2006-11-29 16:57:37.000000000 -0500 | |
24596 | +++ linux-2.6.19.1/include/net/sctp/sctp.h 2006-12-03 15:16:25.000000000 -0500 | |
24597 | @@ -308,8 +308,8 @@ extern int sctp_debug_flag; | |
24598 | ||
24599 | #else /* SCTP_DEBUG */ | |
24600 | ||
24601 | -#define SCTP_DEBUG_PRINTK(whatever...) | |
24602 | -#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) | |
24603 | +#define SCTP_DEBUG_PRINTK(whatever...) do {} while (0) | |
24604 | +#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) do {} while (0) | |
24605 | #define SCTP_ENABLE_DEBUG | |
24606 | #define SCTP_DISABLE_DEBUG | |
24607 | #define SCTP_ASSERT(expr, str, func) | |
24608 | diff -urNp linux-2.6.19.1/include/sound/core.h linux-2.6.19.1/include/sound/core.h | |
24609 | --- linux-2.6.19.1/include/sound/core.h 2006-11-29 16:57:37.000000000 -0500 | |
24610 | +++ linux-2.6.19.1/include/sound/core.h 2006-12-03 15:16:25.000000000 -0500 | |
24611 | @@ -351,9 +351,9 @@ void snd_verbose_printd(const char *file | |
24612 | ||
24613 | #else /* !CONFIG_SND_DEBUG */ | |
24614 | ||
24615 | -#define snd_printd(fmt, args...) /* nothing */ | |
24616 | +#define snd_printd(fmt, args...) do {} while (0) | |
24617 | #define snd_assert(expr, args...) (void)(expr) | |
24618 | -#define snd_BUG() /* nothing */ | |
24619 | +#define snd_BUG() do {} while (0) | |
24620 | ||
24621 | #endif /* CONFIG_SND_DEBUG */ | |
24622 | ||
24623 | diff -urNp linux-2.6.19.1/init/do_mounts.c linux-2.6.19.1/init/do_mounts.c | |
24624 | --- linux-2.6.19.1/init/do_mounts.c 2006-11-29 16:57:37.000000000 -0500 | |
24625 | +++ linux-2.6.19.1/init/do_mounts.c 2006-12-03 15:16:25.000000000 -0500 | |
24626 | @@ -65,11 +65,12 @@ static dev_t try_name(char *name, int pa | |
24627 | ||
24628 | /* read device number from .../dev */ | |
24629 | ||
24630 | - sprintf(path, "/sys/block/%s/dev", name); | |
24631 | - fd = sys_open(path, 0, 0); | |
24632 | + if (sizeof path <= snprintf(path, sizeof path, "/sys/block/%s/dev", name)) | |
24633 | + goto fail; | |
24634 | + fd = sys_open((char __user *)path, 0, 0); | |
24635 | if (fd < 0) | |
24636 | goto fail; | |
24637 | - len = sys_read(fd, buf, 32); | |
24638 | + len = sys_read(fd, (char __user *)buf, 32); | |
24639 | sys_close(fd); | |
24640 | if (len <= 0 || len == 32 || buf[len - 1] != '\n') | |
24641 | goto fail; | |
24642 | @@ -95,11 +96,12 @@ static dev_t try_name(char *name, int pa | |
24643 | return res; | |
24644 | ||
24645 | /* otherwise read range from .../range */ | |
24646 | - sprintf(path, "/sys/block/%s/range", name); | |
24647 | - fd = sys_open(path, 0, 0); | |
24648 | + if (sizeof path <= snprintf(path, sizeof path, "/sys/block/%s/range", name)) | |
24649 | + goto fail; | |
24650 | + fd = sys_open((char __user *)path, 0, 0); | |
24651 | if (fd < 0) | |
24652 | goto fail; | |
24653 | - len = sys_read(fd, buf, 32); | |
24654 | + len = sys_read(fd, (char __user *)buf, 32); | |
24655 | sys_close(fd); | |
24656 | if (len <= 0 || len == 32 || buf[len - 1] != '\n') | |
24657 | goto fail; | |
62894557 | 24658 | @@ -158,7 +159,7 @@ dev_t name_to_dev_t(char *name) |
b6fa5d20 | 24659 | int part, mount_result; |
c3e8c1b5 | 24660 | |
24661 | #ifdef CONFIG_SYSFS | |
24662 | - int mkdir_err = sys_mkdir("/sys", 0700); | |
c3e8c1b5 | 24663 | + int mkdir_err = sys_mkdir((char __user *)"/sys", 0700); |
62894557 | 24664 | /* |
24665 | * When changing resume2 parameter for Software Suspend, sysfs may | |
24666 | * already be mounted. | |
24667 | @@ -163,7 +164,7 @@ dev_t name_to_dev_t(char *name) | |
b6fa5d20 | 24668 | * When changing resume2 parameter for Software Suspend, sysfs may |
62894557 | 24669 | * already be mounted. |
b6fa5d20 | 24670 | */ |
24671 | - mount_result = sys_mount("sysfs", "/sys", "sysfs", 0, NULL); | |
62894557 | 24672 | + mount_result = sys_mount((char __user *)"sysfs", (char __user *)"/sys", (char __user *)"sysfs", 0, NULL); |
b6fa5d20 | 24673 | if (mount_result < 0 && mount_result != -EBUSY) |
c3e8c1b5 | 24674 | goto out; |
24675 | #endif | |
c3e8c1b5 | 24676 | @@ -195,10 +197,10 @@ dev_t name_to_dev_t(char *name) |
c3e8c1b5 | 24677 | done: |
24678 | #ifdef CONFIG_SYSFS | |
b6fa5d20 | 24679 | if (mount_result >= 0) |
24680 | - sys_umount("/sys", 0); | |
24681 | + sys_umount((char __user *)"/sys", 0); | |
c3e8c1b5 | 24682 | out: |
24683 | if (!mkdir_err) | |
24684 | - sys_rmdir("/sys"); | |
24685 | + sys_rmdir((char __user *)"/sys"); | |
24686 | #endif | |
24687 | return res; | |
24688 | fail: | |
24689 | @@ -268,11 +270,11 @@ static void __init get_fs_names(char *pa | |
24690 | ||
24691 | static int __init do_mount_root(char *name, char *fs, int flags, void *data) | |
24692 | { | |
24693 | - int err = sys_mount(name, "/root", fs, flags, data); | |
24694 | + int err = sys_mount((char __user *)name, (char __user *)"/root", (char __user *)fs, flags, (void __user *)data); | |
24695 | if (err) | |
24696 | return err; | |
24697 | ||
24698 | - sys_chdir("/root"); | |
24699 | + sys_chdir((char __user *)"/root"); | |
24700 | ROOT_DEV = current->fs->pwdmnt->mnt_sb->s_dev; | |
24701 | printk("VFS: Mounted root (%s filesystem)%s.\n", | |
24702 | current->fs->pwdmnt->mnt_sb->s_type->name, | |
24703 | @@ -354,18 +356,18 @@ void __init change_floppy(char *fmt, ... | |
24704 | va_start(args, fmt); | |
24705 | vsprintf(buf, fmt, args); | |
24706 | va_end(args); | |
24707 | - fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0); | |
24708 | + fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0); | |
24709 | if (fd >= 0) { | |
24710 | sys_ioctl(fd, FDEJECT, 0); | |
24711 | sys_close(fd); | |
24712 | } | |
24713 | printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf); | |
24714 | - fd = sys_open("/dev/console", O_RDWR, 0); | |
24715 | + fd = sys_open((char __user *)"/dev/console", O_RDWR, 0); | |
24716 | if (fd >= 0) { | |
24717 | sys_ioctl(fd, TCGETS, (long)&termios); | |
24718 | termios.c_lflag &= ~ICANON; | |
24719 | sys_ioctl(fd, TCSETSF, (long)&termios); | |
24720 | - sys_read(fd, &c, 1); | |
24721 | + sys_read(fd, (char __user *)&c, 1); | |
24722 | termios.c_lflag |= ICANON; | |
24723 | sys_ioctl(fd, TCSETSF, (long)&termios); | |
24724 | sys_close(fd); | |
24725 | @@ -442,8 +444,8 @@ void __init prepare_namespace(void) | |
24726 | ||
24727 | mount_root(); | |
24728 | out: | |
24729 | - sys_mount(".", "/", NULL, MS_MOVE, NULL); | |
24730 | - sys_chroot("."); | |
24731 | + sys_mount((char __user *)".", (char __user *)"/", NULL, MS_MOVE, NULL); | |
24732 | + sys_chroot((char __user *)"."); | |
24733 | security_sb_post_mountroot(); | |
24734 | } | |
24735 | ||
24736 | diff -urNp linux-2.6.19.1/init/do_mounts.h linux-2.6.19.1/init/do_mounts.h | |
24737 | --- linux-2.6.19.1/init/do_mounts.h 2006-11-29 16:57:37.000000000 -0500 | |
24738 | +++ linux-2.6.19.1/init/do_mounts.h 2006-12-03 15:16:25.000000000 -0500 | |
24739 | @@ -15,15 +15,15 @@ extern char *root_device_name; | |
24740 | ||
24741 | static inline int create_dev(char *name, dev_t dev) | |
24742 | { | |
24743 | - sys_unlink(name); | |
24744 | - return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev)); | |
24745 | + sys_unlink((char __user *)name); | |
24746 | + return sys_mknod((char __user *)name, S_IFBLK|0600, new_encode_dev(dev)); | |
24747 | } | |
24748 | ||
24749 | #if BITS_PER_LONG == 32 | |
24750 | static inline u32 bstat(char *name) | |
24751 | { | |
24752 | struct stat64 stat; | |
24753 | - if (sys_stat64(name, &stat) != 0) | |
24754 | + if (sys_stat64((char __user *)name, (struct stat64 __user *)&stat) != 0) | |
24755 | return 0; | |
24756 | if (!S_ISBLK(stat.st_mode)) | |
24757 | return 0; | |
24758 | diff -urNp linux-2.6.19.1/init/do_mounts_md.c linux-2.6.19.1/init/do_mounts_md.c | |
24759 | --- linux-2.6.19.1/init/do_mounts_md.c 2006-11-29 16:57:37.000000000 -0500 | |
24760 | +++ linux-2.6.19.1/init/do_mounts_md.c 2006-12-03 15:16:25.000000000 -0500 | |
24761 | @@ -167,7 +167,7 @@ static void __init md_setup_drive(void) | |
24762 | partitioned ? "_d" : "", minor, | |
24763 | md_setup_args[ent].device_names); | |
24764 | ||
24765 | - fd = sys_open(name, 0, 0); | |
24766 | + fd = sys_open((char __user *)name, 0, 0); | |
24767 | if (fd < 0) { | |
24768 | printk(KERN_ERR "md: open failed - cannot start " | |
24769 | "array %s\n", name); | |
24770 | @@ -230,7 +230,7 @@ static void __init md_setup_drive(void) | |
24771 | * array without it | |
24772 | */ | |
24773 | sys_close(fd); | |
24774 | - fd = sys_open(name, 0, 0); | |
24775 | + fd = sys_open((char __user *)name, 0, 0); | |
24776 | sys_ioctl(fd, BLKRRPART, 0); | |
24777 | } | |
24778 | sys_close(fd); | |
24779 | @@ -271,7 +271,7 @@ void __init md_run_setup(void) | |
24780 | if (raid_noautodetect) | |
24781 | printk(KERN_INFO "md: Skipping autodetection of RAID arrays. (raid=noautodetect)\n"); | |
24782 | else { | |
24783 | - int fd = sys_open("/dev/md0", 0, 0); | |
24784 | + int fd = sys_open((char __user *)"/dev/md0", 0, 0); | |
24785 | if (fd >= 0) { | |
24786 | sys_ioctl(fd, RAID_AUTORUN, raid_autopart); | |
24787 | sys_close(fd); | |
24788 | diff -urNp linux-2.6.19.1/init/initramfs.c linux-2.6.19.1/init/initramfs.c | |
24789 | --- linux-2.6.19.1/init/initramfs.c 2006-11-29 16:57:37.000000000 -0500 | |
24790 | +++ linux-2.6.19.1/init/initramfs.c 2006-12-03 15:16:25.000000000 -0500 | |
24791 | @@ -236,7 +236,7 @@ static int __init maybe_link(void) | |
24792 | if (nlink >= 2) { | |
24793 | char *old = find_link(major, minor, ino, mode, collected); | |
24794 | if (old) | |
24795 | - return (sys_link(old, collected) < 0) ? -1 : 1; | |
24796 | + return (sys_link((char __user *)old, (char __user *)collected) < 0) ? -1 : 1; | |
24797 | } | |
24798 | return 0; | |
24799 | } | |
24800 | @@ -245,11 +245,11 @@ static void __init clean_path(char *path | |
24801 | { | |
24802 | struct stat st; | |
24803 | ||
24804 | - if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) { | |
24805 | + if (!sys_newlstat((char __user *)path, (struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) { | |
24806 | if (S_ISDIR(st.st_mode)) | |
24807 | - sys_rmdir(path); | |
24808 | + sys_rmdir((char __user *)path); | |
24809 | else | |
24810 | - sys_unlink(path); | |
24811 | + sys_unlink((char __user *)path); | |
24812 | } | |
24813 | } | |
24814 | ||
24815 | @@ -272,7 +272,7 @@ static int __init do_name(void) | |
24816 | int openflags = O_WRONLY|O_CREAT; | |
24817 | if (ml != 1) | |
24818 | openflags |= O_TRUNC; | |
24819 | - wfd = sys_open(collected, openflags, mode); | |
24820 | + wfd = sys_open((char __user *)collected, openflags, mode); | |
24821 | ||
24822 | if (wfd >= 0) { | |
24823 | sys_fchown(wfd, uid, gid); | |
24824 | @@ -281,15 +281,15 @@ static int __init do_name(void) | |
24825 | } | |
24826 | } | |
24827 | } else if (S_ISDIR(mode)) { | |
24828 | - sys_mkdir(collected, mode); | |
24829 | - sys_chown(collected, uid, gid); | |
24830 | - sys_chmod(collected, mode); | |
24831 | + sys_mkdir((char __user *)collected, mode); | |
24832 | + sys_chown((char __user *)collected, uid, gid); | |
24833 | + sys_chmod((char __user *)collected, mode); | |
24834 | } else if (S_ISBLK(mode) || S_ISCHR(mode) || | |
24835 | S_ISFIFO(mode) || S_ISSOCK(mode)) { | |
24836 | if (maybe_link() == 0) { | |
24837 | - sys_mknod(collected, mode, rdev); | |
24838 | - sys_chown(collected, uid, gid); | |
24839 | - sys_chmod(collected, mode); | |
24840 | + sys_mknod((char __user *)collected, mode, rdev); | |
24841 | + sys_chown((char __user *)collected, uid, gid); | |
24842 | + sys_chmod((char __user *)collected, mode); | |
24843 | } | |
24844 | } | |
24845 | return 0; | |
24846 | @@ -298,13 +298,13 @@ static int __init do_name(void) | |
24847 | static int __init do_copy(void) | |
24848 | { | |
24849 | if (count >= body_len) { | |
24850 | - sys_write(wfd, victim, body_len); | |
24851 | + sys_write(wfd, (char __user *)victim, body_len); | |
24852 | sys_close(wfd); | |
24853 | eat(body_len); | |
24854 | state = SkipIt; | |
24855 | return 0; | |
24856 | } else { | |
24857 | - sys_write(wfd, victim, count); | |
24858 | + sys_write(wfd, (char __user *)victim, count); | |
24859 | body_len -= count; | |
24860 | eat(count); | |
24861 | return 1; | |
24862 | @@ -315,8 +315,8 @@ static int __init do_symlink(void) | |
24863 | { | |
24864 | collected[N_ALIGN(name_len) + body_len] = '\0'; | |
24865 | clean_path(collected, 0); | |
24866 | - sys_symlink(collected + N_ALIGN(name_len), collected); | |
24867 | - sys_lchown(collected, uid, gid); | |
24868 | + sys_symlink((char __user *)collected + N_ALIGN(name_len), (char __user *)collected); | |
24869 | + sys_lchown((char __user *)collected, uid, gid); | |
24870 | state = SkipIt; | |
24871 | next_state = Reset; | |
24872 | return 0; | |
24873 | diff -urNp linux-2.6.19.1/init/Kconfig linux-2.6.19.1/init/Kconfig | |
24874 | --- linux-2.6.19.1/init/Kconfig 2006-11-29 16:57:37.000000000 -0500 | |
24875 | +++ linux-2.6.19.1/init/Kconfig 2006-12-03 15:16:25.000000000 -0500 | |
24876 | @@ -321,6 +321,7 @@ config SYSCTL_SYSCALL | |
24877 | config KALLSYMS | |
24878 | bool "Load all symbols for debugging/kksymoops" if EMBEDDED | |
24879 | default y | |
24880 | + depends on !GRKERNSEC_HIDESYM | |
24881 | help | |
24882 | Say Y here to let the kernel print out symbolic crash information and | |
24883 | symbolic stack backtraces. This increases the size of the kernel | |
24884 | diff -urNp linux-2.6.19.1/init/main.c linux-2.6.19.1/init/main.c | |
24885 | --- linux-2.6.19.1/init/main.c 2006-11-29 16:57:37.000000000 -0500 | |
24886 | +++ linux-2.6.19.1/init/main.c 2006-12-03 15:16:25.000000000 -0500 | |
24887 | @@ -101,6 +101,7 @@ static inline void mark_rodata_ro(void) | |
24888 | #ifdef CONFIG_TC | |
24889 | extern void tc_init(void); | |
24890 | #endif | |
24891 | +extern void grsecurity_init(void); | |
24892 | ||
24893 | enum system_states system_state; | |
24894 | EXPORT_SYMBOL(system_state); | |
24895 | @@ -171,6 +172,15 @@ static int __init set_reset_devices(char | |
24896 | ||
24897 | __setup("reset_devices", set_reset_devices); | |
24898 | ||
24899 | +#ifdef CONFIG_PAX_SOFTMODE | |
24900 | +static int __init setup_pax_softmode(char *str) | |
24901 | +{ | |
24902 | + get_option(&str, &pax_softmode); | |
24903 | + return 1; | |
24904 | +} | |
24905 | +__setup("pax_softmode=", setup_pax_softmode); | |
24906 | +#endif | |
24907 | + | |
24908 | static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; | |
24909 | char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; | |
24910 | static const char *panic_later, *panic_param; | |
24911 | @@ -754,6 +764,8 @@ static int init(void * unused) | |
24912 | prepare_namespace(); | |
24913 | } | |
24914 | ||
24915 | + grsecurity_init(); | |
24916 | + | |
24917 | /* | |
24918 | * Ok, we have completed the initial bootup, and | |
24919 | * we're essentially up and running. Get rid of the | |
24920 | diff -urNp linux-2.6.19.1/ipc/msg.c linux-2.6.19.1/ipc/msg.c | |
24921 | --- linux-2.6.19.1/ipc/msg.c 2006-11-29 16:57:37.000000000 -0500 | |
24922 | +++ linux-2.6.19.1/ipc/msg.c 2006-12-03 15:16:26.000000000 -0500 | |
24923 | @@ -36,6 +36,7 @@ | |
c3e8c1b5 | 24924 | #include <linux/mutex.h> |
24925 | #include <linux/nsproxy.h> | |
9bdf255b | 24926 | #include <linux/vs_base.h> |
c3e8c1b5 | 24927 | +#include <linux/grsecurity.h> |
24928 | ||
24929 | #include <asm/current.h> | |
24930 | #include <asm/uaccess.h> | |
24931 | @@ -288,6 +289,8 @@ asmlinkage long sys_msgget(key_t key, in | |
24932 | } | |
24933 | mutex_unlock(&msg_ids(ns).mutex); | |
24934 | ||
24935 | + gr_log_msgget(ret, msgflg); | |
24936 | + | |
24937 | return ret; | |
24938 | } | |
24939 | ||
24940 | @@ -554,6 +557,7 @@ asmlinkage long sys_msgctl(int msqid, in | |
24941 | break; | |
24942 | } | |
24943 | case IPC_RMID: | |
24944 | + gr_log_msgrm(ipcp->uid, ipcp->cuid); | |
24945 | freeque(ns, msq, msqid); | |
24946 | break; | |
24947 | } | |
24948 | diff -urNp linux-2.6.19.1/ipc/sem.c linux-2.6.19.1/ipc/sem.c | |
24949 | --- linux-2.6.19.1/ipc/sem.c 2006-11-29 16:57:37.000000000 -0500 | |
24950 | +++ linux-2.6.19.1/ipc/sem.c 2006-12-03 15:16:26.000000000 -0500 | |
24951 | @@ -83,6 +83,7 @@ | |
c3e8c1b5 | 24952 | #include <linux/nsproxy.h> |
9bdf255b | 24953 | #include <linux/vs_base.h> |
24954 | #include <linux/vs_limit.h> | |
c3e8c1b5 | 24955 | +#include <linux/grsecurity.h> |
24956 | ||
24957 | #include <asm/uaccess.h> | |
24958 | #include "util.h" | |
24959 | @@ -296,6 +297,9 @@ asmlinkage long sys_semget (key_t key, i | |
24960 | } | |
24961 | ||
24962 | mutex_unlock(&sem_ids(ns).mutex); | |
24963 | + | |
24964 | + gr_log_semget(err, semflg); | |
24965 | + | |
24966 | return err; | |
24967 | } | |
24968 | ||
24969 | @@ -897,6 +901,7 @@ static int semctl_down(struct ipc_namesp | |
24970 | ||
24971 | switch(cmd){ | |
24972 | case IPC_RMID: | |
24973 | + gr_log_semrm(ipcp->uid, ipcp->cuid); | |
24974 | freeary(ns, sma, semid); | |
24975 | err = 0; | |
24976 | break; | |
24977 | diff -urNp linux-2.6.19.1/ipc/shm.c linux-2.6.19.1/ipc/shm.c | |
24978 | --- linux-2.6.19.1/ipc/shm.c 2006-11-29 16:57:37.000000000 -0500 | |
24979 | +++ linux-2.6.19.1/ipc/shm.c 2006-12-03 15:16:26.000000000 -0500 | |
24980 | @@ -37,6 +37,7 @@ | |
c3e8c1b5 | 24981 | #include <linux/nsproxy.h> |
9bdf255b | 24982 | #include <linux/vs_context.h> |
24983 | #include <linux/vs_limit.h> | |
c3e8c1b5 | 24984 | +#include <linux/grsecurity.h> |
24985 | ||
24986 | #include <asm/uaccess.h> | |
24987 | ||
24988 | @@ -67,6 +68,14 @@ static void shm_destroy (struct ipc_name | |
24989 | static int sysvipc_shm_proc_show(struct seq_file *s, void *it); | |
24990 | #endif | |
24991 | ||
24992 | +#ifdef CONFIG_GRKERNSEC | |
24993 | +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
24994 | + const time_t shm_createtime, const uid_t cuid, | |
24995 | + const int shmid); | |
24996 | +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, | |
24997 | + const time_t shm_createtime); | |
24998 | +#endif | |
24999 | + | |
25000 | static void __ipc_init __shm_init_ns(struct ipc_namespace *ns, struct ipc_ids *ids) | |
25001 | { | |
25002 | ns->ids[IPC_SHM_IDS] = ids; | |
25003 | @@ -79,6 +88,8 @@ static void __ipc_init __shm_init_ns(str | |
25004 | ||
25005 | static void do_shm_rmid(struct ipc_namespace *ns, struct shmid_kernel *shp) | |
25006 | { | |
25007 | + gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid); | |
25008 | + | |
25009 | if (shp->shm_nattch){ | |
25010 | shp->shm_perm.mode |= SHM_DEST; | |
25011 | /* Do not find it any more */ | |
25012 | @@ -216,6 +227,17 @@ static void shm_close (struct vm_area_st | |
25013 | shp->shm_lprid = current->tgid; | |
25014 | shp->shm_dtim = get_seconds(); | |
25015 | shp->shm_nattch--; | |
25016 | +#ifdef CONFIG_GRKERNSEC_SHM | |
25017 | + if (grsec_enable_shm) { | |
25018 | + if (shp->shm_nattch == 0) { | |
25019 | + shp->shm_perm.mode |= SHM_DEST; | |
25020 | + shm_destroy(ns, shp); | |
25021 | + } else | |
25022 | + shm_unlock(shp); | |
25023 | + mutex_unlock(&shm_ids(ns).mutex); | |
25024 | + return; | |
25025 | + } | |
25026 | +#endif | |
25027 | if(shp->shm_nattch == 0 && | |
25028 | shp->shm_perm.mode & SHM_DEST) | |
25029 | shm_destroy(ns, shp); | |
25030 | @@ -326,6 +348,9 @@ static int newseg (struct ipc_namespace | |
25031 | shp->shm_lprid = 0; | |
25032 | shp->shm_atim = shp->shm_dtim = 0; | |
25033 | shp->shm_ctim = get_seconds(); | |
25034 | +#ifdef CONFIG_GRKERNSEC | |
25035 | + shp->shm_createtime = get_seconds(); | |
25036 | +#endif | |
25037 | shp->shm_segsz = size; | |
25038 | shp->shm_nattch = 0; | |
25039 | shp->id = shm_buildid(ns, id, shp->shm_perm.seq); | |
25040 | @@ -385,6 +410,8 @@ asmlinkage long sys_shmget (key_t key, s | |
25041 | } | |
25042 | mutex_unlock(&shm_ids(ns).mutex); | |
25043 | ||
25044 | + gr_log_shmget(err, shmflg, size); | |
25045 | + | |
25046 | return err; | |
25047 | } | |
25048 | ||
25049 | @@ -842,9 +869,27 @@ long do_shmat(int shmid, char __user *sh | |
25050 | return err; | |
25051 | } | |
25052 | ||
25053 | +#ifdef CONFIG_GRKERNSEC | |
25054 | + if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime, | |
25055 | + shp->shm_perm.cuid, shmid)) { | |
25056 | + shm_unlock(shp); | |
25057 | + return -EACCES; | |
25058 | + } | |
25059 | + | |
25060 | + if (!gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) { | |
25061 | + shm_unlock(shp); | |
25062 | + return -EACCES; | |
25063 | + } | |
25064 | +#endif | |
25065 | + | |
25066 | file = shp->shm_file; | |
25067 | size = i_size_read(file->f_dentry->d_inode); | |
25068 | shp->shm_nattch++; | |
25069 | + | |
25070 | +#ifdef CONFIG_GRKERNSEC | |
25071 | + shp->shm_lapid = current->pid; | |
25072 | +#endif | |
25073 | + | |
25074 | shm_unlock(shp); | |
25075 | ||
25076 | down_write(¤t->mm->mmap_sem); | |
25077 | @@ -1014,3 +1059,27 @@ static int sysvipc_shm_proc_show(struct | |
25078 | shp->shm_ctim); | |
25079 | } | |
25080 | #endif | |
25081 | + | |
25082 | +void gr_shm_exit(struct task_struct *task) | |
25083 | +{ | |
25084 | +#ifdef CONFIG_GRKERNSEC_SHM | |
25085 | + int i; | |
25086 | + struct shmid_kernel *shp; | |
25087 | + struct ipc_namespace *ns; | |
25088 | + | |
25089 | + ns = current->nsproxy->ipc_ns; | |
25090 | + | |
25091 | + if (!grsec_enable_shm) | |
25092 | + return; | |
25093 | + | |
25094 | + for (i = 0; i <= shm_ids(ns).max_id; i++) { | |
25095 | + shp = shm_get(ns, i); | |
25096 | + if (shp && (shp->shm_cprid == task->pid) && | |
25097 | + (shp->shm_nattch <= 0)) { | |
25098 | + shp->shm_perm.mode |= SHM_DEST; | |
25099 | + shm_destroy(ns, shp); | |
25100 | + } | |
25101 | + } | |
25102 | +#endif | |
25103 | + return; | |
25104 | +} | |
25105 | diff -urNp linux-2.6.19.1/kernel/acct.c linux-2.6.19.1/kernel/acct.c | |
25106 | --- linux-2.6.19.1/kernel/acct.c 2006-11-29 16:57:37.000000000 -0500 | |
25107 | +++ linux-2.6.19.1/kernel/acct.c 2006-12-03 15:16:26.000000000 -0500 | |
25108 | @@ -516,7 +516,7 @@ static void do_acct_process(struct file | |
25109 | */ | |
25110 | flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; | |
25111 | current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; | |
25112 | - file->f_op->write(file, (char *)&ac, | |
25113 | + file->f_op->write(file, (char __user *)&ac, | |
25114 | sizeof(acct_t), &file->f_pos); | |
25115 | current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; | |
25116 | set_fs(fs); | |
25117 | diff -urNp linux-2.6.19.1/kernel/capability.c linux-2.6.19.1/kernel/capability.c | |
25118 | --- linux-2.6.19.1/kernel/capability.c 2006-11-29 16:57:37.000000000 -0500 | |
25119 | +++ linux-2.6.19.1/kernel/capability.c 2006-12-03 15:16:26.000000000 -0500 | |
25120 | @@ -12,6 +12,7 @@ | |
c3e8c1b5 | 25121 | #include <linux/security.h> |
25122 | #include <linux/syscalls.h> | |
9bdf255b | 25123 | #include <linux/vs_context.h> |
c3e8c1b5 | 25124 | +#include <linux/grsecurity.h> |
25125 | #include <asm/uaccess.h> | |
25126 | ||
25127 | unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ | |
25128 | @@ -234,14 +235,25 @@ out: | |
25129 | return ret; | |
25130 | } | |
25131 | ||
25132 | +extern int gr_task_is_capable(struct task_struct *task, const int cap); | |
25133 | +extern int gr_is_capable_nolog(const int cap); | |
25134 | + | |
25135 | int __capable(struct task_struct *t, int cap) | |
25136 | { | |
25137 | - if (security_capable(t, cap) == 0) { | |
25138 | + if ((security_capable(t, cap) == 0) && gr_task_is_capable(t, cap)) { | |
25139 | t->flags |= PF_SUPERPRIV; | |
25140 | return 1; | |
25141 | } | |
25142 | return 0; | |
25143 | } | |
25144 | +int capable_nolog(int cap) | |
25145 | +{ | |
25146 | + if ((security_capable(current, cap) == 0) && gr_is_capable_nolog(cap)) { | |
25147 | + current->flags |= PF_SUPERPRIV; | |
25148 | + return 1; | |
25149 | + } | |
25150 | + return 0; | |
25151 | +} | |
25152 | EXPORT_SYMBOL(__capable); | |
25153 | ||
25154 | int capable(int cap) | |
25155 | @@ -249,3 +261,4 @@ int capable(int cap) | |
25156 | return __capable(current, cap); | |
25157 | } | |
25158 | EXPORT_SYMBOL(capable); | |
25159 | +EXPORT_SYMBOL(capable_nolog); | |
25160 | diff -urNp linux-2.6.19.1/kernel/configs.c linux-2.6.19.1/kernel/configs.c | |
25161 | --- linux-2.6.19.1/kernel/configs.c 2006-11-29 16:57:37.000000000 -0500 | |
25162 | +++ linux-2.6.19.1/kernel/configs.c 2006-12-03 15:16:26.000000000 -0500 | |
25163 | @@ -88,8 +88,16 @@ static int __init ikconfig_init(void) | |
25164 | struct proc_dir_entry *entry; | |
25165 | ||
25166 | /* create the current config file */ | |
25167 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
25168 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
25169 | + entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR, &proc_root); | |
25170 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
25171 | + entry = create_proc_entry("config.gz", S_IFREG | S_IRUSR | S_IRGRP, &proc_root); | |
25172 | +#endif | |
25173 | +#else | |
25174 | entry = create_proc_entry("config.gz", S_IFREG | S_IRUGO, | |
25175 | &proc_root); | |
25176 | +#endif | |
25177 | if (!entry) | |
25178 | return -ENOMEM; | |
25179 | ||
25180 | diff -urNp linux-2.6.19.1/kernel/exit.c linux-2.6.19.1/kernel/exit.c | |
25181 | --- linux-2.6.19.1/kernel/exit.c 2006-11-29 16:57:37.000000000 -0500 | |
25182 | +++ linux-2.6.19.1/kernel/exit.c 2006-12-03 15:16:26.000000000 -0500 | |
25183 | @@ -41,6 +41,11 @@ | |
9bdf255b | 25184 | #include <linux/vs_limit.h> |
25185 | #include <linux/vs_context.h> | |
25186 | #include <linux/vs_network.h> | |
c3e8c1b5 | 25187 | +#include <linux/grsecurity.h> |
25188 | + | |
25189 | +#ifdef CONFIG_GRKERNSEC | |
25190 | +extern rwlock_t grsec_exec_file_lock; | |
25191 | +#endif | |
25192 | ||
25193 | #include <asm/uaccess.h> | |
25194 | #include <asm/unistd.h> | |
25195 | @@ -118,6 +123,7 @@ static void __exit_signal(struct task_st | |
25196 | ||
25197 | __unhash_process(tsk); | |
25198 | ||
25199 | + gr_del_task_from_ip_table(tsk); | |
25200 | tsk->signal = NULL; | |
25201 | tsk->sighand = NULL; | |
25202 | spin_unlock(&sighand->siglock); | |
25203 | @@ -275,6 +281,15 @@ static void reparent_to_init(void) | |
25204 | { | |
25205 | write_lock_irq(&tasklist_lock); | |
25206 | ||
25207 | +#ifdef CONFIG_GRKERNSEC | |
25208 | + write_lock(&grsec_exec_file_lock); | |
25209 | + if (current->exec_file) { | |
25210 | + fput(current->exec_file); | |
25211 | + current->exec_file = NULL; | |
25212 | + } | |
25213 | + write_unlock(&grsec_exec_file_lock); | |
25214 | +#endif | |
25215 | + | |
25216 | ptrace_unlink(current); | |
25217 | /* Reparent to init */ | |
25218 | remove_parent(current); | |
25219 | @@ -282,6 +297,8 @@ static void reparent_to_init(void) | |
25220 | current->real_parent = child_reaper; | |
25221 | add_parent(current); | |
25222 | ||
25223 | + gr_set_kernel_label(current); | |
25224 | + | |
25225 | /* Set the exit signal to SIGCHLD so we signal init on exit */ | |
25226 | current->exit_signal = SIGCHLD; | |
25227 | ||
25228 | @@ -376,6 +393,17 @@ void daemonize(const char *name, ...) | |
25229 | vsnprintf(current->comm, sizeof(current->comm), name, args); | |
25230 | va_end(args); | |
25231 | ||
25232 | +#ifdef CONFIG_GRKERNSEC | |
25233 | + write_lock(&grsec_exec_file_lock); | |
25234 | + if (current->exec_file) { | |
25235 | + fput(current->exec_file); | |
25236 | + current->exec_file = NULL; | |
25237 | + } | |
25238 | + write_unlock(&grsec_exec_file_lock); | |
25239 | +#endif | |
25240 | + | |
25241 | + gr_set_kernel_label(current); | |
25242 | + | |
25243 | /* | |
25244 | * If we were started as result of loading a module, close all of the | |
25245 | * user space pages. We don't need them, and if we didn't close them | |
25246 | @@ -914,11 +942,15 @@ fastcall NORET_TYPE void do_exit(long co | |
25247 | taskstats_exit_send(tsk, tidstats, group_dead, mycpu); | |
25248 | taskstats_exit_free(tidstats); | |
25249 | ||
25250 | + gr_acl_handle_psacct(tsk, code); | |
25251 | + gr_acl_handle_exit(); | |
25252 | + | |
25253 | exit_mm(tsk); | |
25254 | ||
25255 | if (group_dead) | |
25256 | acct_process(); | |
25257 | exit_sem(tsk); | |
25258 | + gr_shm_exit(tsk); | |
25259 | __exit_files(tsk); | |
25260 | __exit_fs(tsk); | |
25261 | exit_thread(); | |
25262 | diff -urNp linux-2.6.19.1/kernel/fork.c linux-2.6.19.1/kernel/fork.c | |
25263 | --- linux-2.6.19.1/kernel/fork.c 2006-11-29 16:57:37.000000000 -0500 | |
25264 | +++ linux-2.6.19.1/kernel/fork.c 2006-12-03 15:16:26.000000000 -0500 | |
25265 | @@ -48,6 +48,7 @@ | |
9bdf255b | 25266 | #include <linux/vs_network.h> |
25267 | #include <linux/vs_limit.h> | |
25268 | #include <linux/vs_memory.h> | |
c3e8c1b5 | 25269 | +#include <linux/grsecurity.h> |
25270 | ||
25271 | #include <asm/pgtable.h> | |
25272 | #include <asm/pgalloc.h> | |
25273 | @@ -179,7 +180,7 @@ static struct task_struct *dup_task_stru | |
25274 | setup_thread_stack(tsk, orig); | |
25275 | ||
25276 | #ifdef CONFIG_CC_STACKPROTECTOR | |
25277 | - tsk->stack_canary = get_random_int(); | |
25278 | + tsk->stack_canary = pax_get_random_long(); | |
25279 | #endif | |
25280 | ||
25281 | /* One for us, one for whoever does the "release_task()" (usually parent) */ | |
25282 | @@ -211,8 +212,8 @@ static inline int dup_mmap(struct mm_str | |
25283 | mm->locked_vm = 0; | |
25284 | mm->mmap = NULL; | |
25285 | mm->mmap_cache = NULL; | |
25286 | - mm->free_area_cache = oldmm->mmap_base; | |
25287 | - mm->cached_hole_size = ~0UL; | |
25288 | + mm->free_area_cache = oldmm->free_area_cache; | |
25289 | + mm->cached_hole_size = oldmm->cached_hole_size; | |
25290 | mm->map_count = 0; | |
25291 | cpus_clear(mm->cpu_vm_mask); | |
25292 | mm->mm_rb = RB_ROOT; | |
25293 | @@ -337,7 +338,7 @@ static struct mm_struct * mm_init(struct | |
25294 | spin_lock_init(&mm->page_table_lock); | |
25295 | rwlock_init(&mm->ioctx_list_lock); | |
25296 | mm->ioctx_list = NULL; | |
25297 | - mm->free_area_cache = TASK_UNMAPPED_BASE; | |
25298 | + mm->free_area_cache = ~0UL; | |
25299 | mm->cached_hole_size = ~0UL; | |
25300 | ||
25301 | if (likely(!mm_alloc_pgd(mm))) { | |
25302 | @@ -990,6 +991,9 @@ static struct task_struct *copy_process( | |
9bdf255b | 25303 | if (!vx_nproc_avail(1)) |
25304 | goto bad_fork_cleanup_vm; | |
25305 | ||
c3e8c1b5 | 25306 | + |
25307 | + gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->user->processes), 0); | |
25308 | + | |
25309 | if (atomic_read(&p->user->processes) >= | |
25310 | p->signal->rlim[RLIMIT_NPROC].rlim_cur) { | |
25311 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && | |
25312 | @@ -1122,6 +1126,8 @@ static struct task_struct *copy_process( | |
25313 | if (retval) | |
25314 | goto bad_fork_cleanup_namespaces; | |
25315 | ||
25316 | + gr_copy_label(p); | |
25317 | + | |
25318 | p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; | |
25319 | /* | |
25320 | * Clear TID on mm_release()? | |
25321 | @@ -1300,6 +1306,8 @@ bad_fork_cleanup_count: | |
25322 | bad_fork_free: | |
25323 | free_task(p); | |
25324 | fork_out: | |
25325 | + gr_log_forkfail(retval); | |
25326 | + | |
25327 | return ERR_PTR(retval); | |
25328 | } | |
25329 | ||
25330 | @@ -1372,6 +1380,8 @@ long do_fork(unsigned long clone_flags, | |
25331 | if (!IS_ERR(p)) { | |
25332 | struct completion vfork; | |
25333 | ||
25334 | + gr_handle_brute_check(); | |
25335 | + | |
25336 | if (clone_flags & CLONE_VFORK) { | |
25337 | p->vfork_done = &vfork; | |
25338 | init_completion(&vfork); | |
25339 | diff -urNp linux-2.6.19.1/kernel/futex.c linux-2.6.19.1/kernel/futex.c | |
25340 | --- linux-2.6.19.1/kernel/futex.c 2006-11-29 16:57:37.000000000 -0500 | |
25341 | +++ linux-2.6.19.1/kernel/futex.c 2006-12-03 15:16:26.000000000 -0500 | |
25342 | @@ -183,6 +183,11 @@ static int get_futex_key(u32 __user *uad | |
25343 | struct page *page; | |
25344 | int err; | |
25345 | ||
25346 | +#ifdef CONFIG_PAX_SEGMEXEC | |
25347 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((unsigned long)uaddr >= SEGMEXEC_TASK_SIZE)) | |
25348 | + return -EFAULT; | |
25349 | +#endif | |
25350 | + | |
25351 | /* | |
25352 | * The futex address must be "naturally" aligned. | |
25353 | */ | |
25354 | diff -urNp linux-2.6.19.1/kernel/kallsyms.c linux-2.6.19.1/kernel/kallsyms.c | |
25355 | --- linux-2.6.19.1/kernel/kallsyms.c 2006-11-29 16:57:37.000000000 -0500 | |
25356 | +++ linux-2.6.19.1/kernel/kallsyms.c 2006-12-03 15:16:26.000000000 -0500 | |
25357 | @@ -337,7 +337,6 @@ static unsigned long get_ksymbol_core(st | |
25358 | ||
25359 | static void reset_iter(struct kallsym_iter *iter, loff_t new_pos) | |
25360 | { | |
25361 | - iter->name[0] = '\0'; | |
25362 | iter->nameoff = get_symbol_offset(new_pos); | |
25363 | iter->pos = new_pos; | |
25364 | } | |
25365 | @@ -416,7 +415,7 @@ static int kallsyms_open(struct inode *i | |
25366 | struct kallsym_iter *iter; | |
25367 | int ret; | |
25368 | ||
25369 | - iter = kmalloc(sizeof(*iter), GFP_KERNEL); | |
25370 | + iter = kzalloc(sizeof(*iter), GFP_KERNEL); | |
25371 | if (!iter) | |
25372 | return -ENOMEM; | |
25373 | reset_iter(iter, 0); | |
25374 | @@ -447,7 +446,15 @@ static int __init kallsyms_init(void) | |
25375 | { | |
25376 | struct proc_dir_entry *entry; | |
25377 | ||
25378 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
25379 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
25380 | + entry = create_proc_entry("kallsyms", S_IFREG | S_IRUSR, NULL); | |
25381 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
25382 | + entry = create_proc_entry("kallsyms", S_IFREG | S_IRUSR | S_IRGRP, NULL); | |
25383 | +#endif | |
25384 | +#else | |
25385 | entry = create_proc_entry("kallsyms", 0444, NULL); | |
25386 | +#endif | |
25387 | if (entry) | |
25388 | entry->proc_fops = &kallsyms_operations; | |
25389 | return 0; | |
25390 | diff -urNp linux-2.6.19.1/kernel/kprobes.c linux-2.6.19.1/kernel/kprobes.c | |
25391 | --- linux-2.6.19.1/kernel/kprobes.c 2006-11-29 16:57:37.000000000 -0500 | |
25392 | +++ linux-2.6.19.1/kernel/kprobes.c 2006-12-03 15:16:26.000000000 -0500 | |
25393 | @@ -123,7 +123,7 @@ kprobe_opcode_t __kprobes *get_insn_slot | |
25394 | * kernel image and loaded module images reside. This is required | |
25395 | * so x86_64 can correctly handle the %rip-relative fixups. | |
25396 | */ | |
25397 | - kip->insns = module_alloc(PAGE_SIZE); | |
25398 | + kip->insns = module_alloc_exec(PAGE_SIZE); | |
25399 | if (!kip->insns) { | |
25400 | kfree(kip); | |
25401 | return NULL; | |
25402 | diff -urNp linux-2.6.19.1/kernel/module.c linux-2.6.19.1/kernel/module.c | |
25403 | --- linux-2.6.19.1/kernel/module.c 2006-11-29 16:57:37.000000000 -0500 | |
25404 | +++ linux-2.6.19.1/kernel/module.c 2006-12-03 15:16:26.000000000 -0500 | |
25405 | @@ -43,6 +43,11 @@ | |
25406 | #include <asm/uaccess.h> | |
25407 | #include <asm/semaphore.h> | |
25408 | #include <asm/cacheflush.h> | |
25409 | + | |
25410 | +#ifdef CONFIG_PAX_KERNEXEC | |
25411 | +#include <asm/desc.h> | |
25412 | +#endif | |
25413 | + | |
25414 | #include <linux/license.h> | |
25415 | ||
25416 | #if 0 | |
25417 | @@ -67,6 +72,8 @@ static LIST_HEAD(modules); | |
25418 | ||
25419 | static BLOCKING_NOTIFIER_HEAD(module_notify_list); | |
25420 | ||
25421 | +extern int gr_check_modstop(void); | |
25422 | + | |
25423 | int register_module_notifier(struct notifier_block * nb) | |
25424 | { | |
25425 | return blocking_notifier_chain_register(&module_notify_list, nb); | |
25426 | @@ -656,6 +663,9 @@ sys_delete_module(const char __user *nam | |
25427 | char name[MODULE_NAME_LEN]; | |
25428 | int ret, forced = 0; | |
25429 | ||
25430 | + if (gr_check_modstop()) | |
25431 | + return -EPERM; | |
25432 | + | |
25433 | if (!capable(CAP_SYS_MODULE)) | |
25434 | return -EPERM; | |
25435 | ||
25436 | @@ -1142,16 +1152,19 @@ static void free_module(struct module *m | |
25437 | module_unload_free(mod); | |
25438 | ||
25439 | /* This may be NULL, but that's OK */ | |
25440 | - module_free(mod, mod->module_init); | |
25441 | + module_free(mod, mod->module_init_rw); | |
25442 | + module_free_exec(mod, mod->module_init_rx); | |
25443 | kfree(mod->args); | |
25444 | if (mod->percpu) | |
25445 | percpu_modfree(mod->percpu); | |
25446 | ||
25447 | /* Free lock-classes: */ | |
25448 | - lockdep_free_key_range(mod->module_core, mod->core_size); | |
25449 | + lockdep_free_key_range(mod->module_core_rx, mod->core_size_rx); | |
25450 | + lockdep_free_key_range(mod->module_core_rw, mod->core_size_rw); | |
25451 | ||
25452 | /* Finally, free the core (containing the module structure) */ | |
25453 | - module_free(mod, mod->module_core); | |
25454 | + module_free_exec(mod, mod->module_core_rx); | |
25455 | + module_free(mod, mod->module_core_rw); | |
25456 | } | |
25457 | ||
25458 | void *__symbol_get(const char *symbol) | |
25459 | @@ -1308,11 +1321,14 @@ static void layout_sections(struct modul | |
25460 | || strncmp(secstrings + s->sh_name, | |
25461 | ".init", 5) == 0) | |
25462 | continue; | |
25463 | - s->sh_entsize = get_offset(&mod->core_size, s); | |
25464 | + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC)) | |
25465 | + s->sh_entsize = get_offset(&mod->core_size_rw, s); | |
25466 | + else | |
25467 | + s->sh_entsize = get_offset(&mod->core_size_rx, s); | |
25468 | DEBUGP("\t%s\n", secstrings + s->sh_name); | |
25469 | } | |
25470 | if (m == 0) | |
25471 | - mod->core_text_size = mod->core_size; | |
25472 | + mod->core_size_rx = mod->core_size_rx; | |
25473 | } | |
25474 | ||
25475 | DEBUGP("Init section allocation order:\n"); | |
25476 | @@ -1326,12 +1342,15 @@ static void layout_sections(struct modul | |
25477 | || strncmp(secstrings + s->sh_name, | |
25478 | ".init", 5) != 0) | |
25479 | continue; | |
25480 | - s->sh_entsize = (get_offset(&mod->init_size, s) | |
25481 | - | INIT_OFFSET_MASK); | |
25482 | + if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC)) | |
25483 | + s->sh_entsize = get_offset(&mod->init_size_rw, s); | |
25484 | + else | |
25485 | + s->sh_entsize = get_offset(&mod->init_size_rx, s); | |
25486 | + s->sh_entsize |= INIT_OFFSET_MASK; | |
25487 | DEBUGP("\t%s\n", secstrings + s->sh_name); | |
25488 | } | |
25489 | if (m == 0) | |
25490 | - mod->init_text_size = mod->init_size; | |
25491 | + mod->init_size_rx = mod->init_size_rx; | |
25492 | } | |
25493 | } | |
25494 | ||
25495 | @@ -1513,6 +1532,10 @@ static struct module *load_module(void _ | |
25496 | struct exception_table_entry *extable; | |
25497 | mm_segment_t old_fs; | |
25498 | ||
25499 | +#ifdef CONFIG_PAX_KERNEXEC | |
25500 | + unsigned long cr0; | |
25501 | +#endif | |
25502 | + | |
25503 | DEBUGP("load_module: umod=%p, len=%lu, uargs=%p\n", | |
25504 | umod, len, uargs); | |
25505 | if (len < sizeof(*hdr)) | |
25506 | @@ -1671,21 +1694,57 @@ static struct module *load_module(void _ | |
25507 | layout_sections(mod, hdr, sechdrs, secstrings); | |
25508 | ||
25509 | /* Do the allocs. */ | |
25510 | - ptr = module_alloc(mod->core_size); | |
25511 | + ptr = module_alloc(mod->core_size_rw); | |
25512 | if (!ptr) { | |
25513 | err = -ENOMEM; | |
25514 | goto free_percpu; | |
25515 | } | |
25516 | - memset(ptr, 0, mod->core_size); | |
25517 | - mod->module_core = ptr; | |
25518 | + memset(ptr, 0, mod->core_size_rw); | |
25519 | + mod->module_core_rw = ptr; | |
25520 | + | |
25521 | + ptr = module_alloc(mod->init_size_rw); | |
25522 | + if (!ptr && mod->init_size_rw) { | |
25523 | + err = -ENOMEM; | |
25524 | + goto free_core_rw; | |
25525 | + } | |
25526 | + memset(ptr, 0, mod->init_size_rw); | |
25527 | + mod->module_init_rw = ptr; | |
25528 | + | |
25529 | + ptr = module_alloc_exec(mod->core_size_rx); | |
25530 | + if (!ptr) { | |
25531 | + err = -ENOMEM; | |
25532 | + goto free_init_rw; | |
25533 | + } | |
25534 | ||
25535 | - ptr = module_alloc(mod->init_size); | |
25536 | - if (!ptr && mod->init_size) { | |
25537 | +#ifdef CONFIG_PAX_KERNEXEC | |
25538 | + pax_open_kernel(cr0); | |
25539 | +#endif | |
25540 | + | |
25541 | + memset(ptr, 0, mod->core_size_rx); | |
25542 | + | |
25543 | +#ifdef CONFIG_PAX_KERNEXEC | |
25544 | + pax_close_kernel(cr0); | |
25545 | +#endif | |
25546 | + | |
25547 | + mod->module_core_rx = ptr; | |
25548 | + | |
25549 | + ptr = module_alloc_exec(mod->init_size_rx); | |
25550 | + if (!ptr && mod->init_size_rx) { | |
25551 | err = -ENOMEM; | |
25552 | - goto free_core; | |
25553 | + goto free_core_rx; | |
25554 | } | |
25555 | - memset(ptr, 0, mod->init_size); | |
25556 | - mod->module_init = ptr; | |
25557 | + | |
25558 | +#ifdef CONFIG_PAX_KERNEXEC | |
25559 | + pax_open_kernel(cr0); | |
25560 | +#endif | |
25561 | + | |
25562 | + memset(ptr, 0, mod->init_size_rx); | |
25563 | + | |
25564 | +#ifdef CONFIG_PAX_KERNEXEC | |
25565 | + pax_close_kernel(cr0); | |
25566 | +#endif | |
25567 | + | |
25568 | + mod->module_init_rx = ptr; | |
25569 | ||
25570 | /* Transfer each section which specifies SHF_ALLOC */ | |
25571 | DEBUGP("final section addresses:\n"); | |
25572 | @@ -1695,17 +1754,44 @@ static struct module *load_module(void _ | |
25573 | if (!(sechdrs[i].sh_flags & SHF_ALLOC)) | |
25574 | continue; | |
25575 | ||
25576 | - if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) | |
25577 | - dest = mod->module_init | |
25578 | - + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK); | |
25579 | - else | |
25580 | - dest = mod->module_core + sechdrs[i].sh_entsize; | |
25581 | + if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) { | |
25582 | + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC)) | |
25583 | + dest = mod->module_init_rw | |
25584 | + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK); | |
25585 | + else | |
25586 | + dest = mod->module_init_rx | |
25587 | + + (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK); | |
25588 | + } else { | |
25589 | + if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC)) | |
25590 | + dest = mod->module_core_rw + sechdrs[i].sh_entsize; | |
25591 | + else | |
25592 | + dest = mod->module_core_rx + sechdrs[i].sh_entsize; | |
25593 | + } | |
25594 | + | |
25595 | + if (sechdrs[i].sh_type != SHT_NOBITS) { | |
25596 | ||
25597 | - if (sechdrs[i].sh_type != SHT_NOBITS) | |
25598 | - memcpy(dest, (void *)sechdrs[i].sh_addr, | |
25599 | - sechdrs[i].sh_size); | |
25600 | +#ifdef CONFIG_PAX_KERNEXEC | |
25601 | + if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) | |
25602 | + pax_open_kernel(cr0); | |
25603 | +#endif | |
25604 | + | |
25605 | + memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size); | |
25606 | + | |
25607 | +#ifdef CONFIG_PAX_KERNEXEC | |
25608 | + if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) | |
25609 | + pax_close_kernel(cr0); | |
25610 | +#endif | |
25611 | + | |
25612 | + } | |
25613 | /* Update sh_addr to point to copy in image. */ | |
25614 | - sechdrs[i].sh_addr = (unsigned long)dest; | |
25615 | + | |
25616 | +#ifdef CONFIG_PAX_KERNEXEC | |
25617 | + if (sechdrs[i].sh_flags & SHF_EXECINSTR) | |
25618 | + sechdrs[i].sh_addr = (unsigned long)dest - __KERNEL_TEXT_OFFSET; | |
25619 | + else | |
25620 | +#endif | |
25621 | + | |
25622 | + sechdrs[i].sh_addr = (unsigned long)dest; | |
25623 | DEBUGP("\t0x%lx %s\n", sechdrs[i].sh_addr, secstrings + sechdrs[i].sh_name); | |
25624 | } | |
25625 | /* Module has been moved. */ | |
25626 | @@ -1726,8 +1812,18 @@ static struct module *load_module(void _ | |
25627 | setup_modinfo(mod, sechdrs, infoindex); | |
25628 | ||
25629 | /* Fix up syms, so that st_value is a pointer to location. */ | |
25630 | + | |
25631 | +#ifdef CONFIG_PAX_KERNEXEC | |
25632 | + pax_open_kernel(cr0); | |
25633 | +#endif | |
25634 | + | |
25635 | err = simplify_symbols(sechdrs, symindex, strtab, versindex, pcpuindex, | |
25636 | mod); | |
25637 | + | |
25638 | +#ifdef CONFIG_PAX_KERNEXEC | |
25639 | + pax_close_kernel(cr0); | |
25640 | +#endif | |
25641 | + | |
25642 | if (err < 0) | |
25643 | goto cleanup; | |
25644 | ||
25645 | @@ -1782,11 +1878,20 @@ static struct module *load_module(void _ | |
25646 | if (!(sechdrs[info].sh_flags & SHF_ALLOC)) | |
25647 | continue; | |
25648 | ||
25649 | +#ifdef CONFIG_PAX_KERNEXEC | |
25650 | + pax_open_kernel(cr0); | |
25651 | +#endif | |
25652 | + | |
25653 | if (sechdrs[i].sh_type == SHT_REL) | |
25654 | err = apply_relocate(sechdrs, strtab, symindex, i,mod); | |
25655 | else if (sechdrs[i].sh_type == SHT_RELA) | |
25656 | err = apply_relocate_add(sechdrs, strtab, symindex, i, | |
25657 | mod); | |
25658 | + | |
25659 | +#ifdef CONFIG_PAX_KERNEXEC | |
25660 | + pax_close_kernel(cr0); | |
25661 | +#endif | |
25662 | + | |
25663 | if (err < 0) | |
25664 | goto cleanup; | |
25665 | } | |
25666 | @@ -1800,14 +1905,31 @@ static struct module *load_module(void _ | |
25667 | /* Set up and sort exception table */ | |
25668 | mod->num_exentries = sechdrs[exindex].sh_size / sizeof(*mod->extable); | |
25669 | mod->extable = extable = (void *)sechdrs[exindex].sh_addr; | |
25670 | + | |
25671 | +#ifdef CONFIG_PAX_KERNEXEC | |
25672 | + pax_open_kernel(cr0); | |
25673 | +#endif | |
25674 | + | |
25675 | sort_extable(extable, extable + mod->num_exentries); | |
25676 | ||
25677 | +#ifdef CONFIG_PAX_KERNEXEC | |
25678 | + pax_close_kernel(cr0); | |
25679 | +#endif | |
25680 | + | |
25681 | /* Finally, copy percpu area over. */ | |
25682 | percpu_modcopy(mod->percpu, (void *)sechdrs[pcpuindex].sh_addr, | |
25683 | sechdrs[pcpuindex].sh_size); | |
25684 | ||
25685 | +#ifdef CONFIG_PAX_KERNEXEC | |
25686 | + pax_open_kernel(cr0); | |
25687 | +#endif | |
25688 | + | |
25689 | add_kallsyms(mod, sechdrs, symindex, strindex, secstrings); | |
25690 | ||
25691 | +#ifdef CONFIG_PAX_KERNEXEC | |
25692 | + pax_close_kernel(cr0); | |
25693 | +#endif | |
25694 | + | |
25695 | err = module_finalize(hdr, sechdrs, mod); | |
25696 | if (err < 0) | |
25697 | goto cleanup; | |
25698 | @@ -1821,12 +1943,12 @@ static struct module *load_module(void _ | |
25699 | * Do it before processing of module parameters, so the module | |
25700 | * can provide parameter accessor functions of its own. | |
25701 | */ | |
25702 | - if (mod->module_init) | |
25703 | - flush_icache_range((unsigned long)mod->module_init, | |
25704 | - (unsigned long)mod->module_init | |
25705 | - + mod->init_size); | |
25706 | - flush_icache_range((unsigned long)mod->module_core, | |
25707 | - (unsigned long)mod->module_core + mod->core_size); | |
25708 | + if (mod->module_init_rx) | |
25709 | + flush_icache_range((unsigned long)mod->module_init_rx, | |
25710 | + (unsigned long)mod->module_init_rx | |
25711 | + + mod->init_size_rx); | |
25712 | + flush_icache_range((unsigned long)mod->module_core_rx, | |
25713 | + (unsigned long)mod->module_core_rx + mod->core_size_rx); | |
25714 | ||
25715 | set_fs(old_fs); | |
25716 | ||
25717 | @@ -1869,9 +1991,13 @@ static struct module *load_module(void _ | |
25718 | module_arch_cleanup(mod); | |
25719 | cleanup: | |
25720 | module_unload_free(mod); | |
25721 | - module_free(mod, mod->module_init); | |
25722 | - free_core: | |
25723 | - module_free(mod, mod->module_core); | |
25724 | + module_free_exec(mod, mod->module_init_rx); | |
25725 | + free_core_rx: | |
25726 | + module_free_exec(mod, mod->module_core_rx); | |
25727 | + free_init_rw: | |
25728 | + module_free(mod, mod->module_init_rw); | |
25729 | + free_core_rw: | |
25730 | + module_free(mod, mod->module_core_rw); | |
25731 | free_percpu: | |
25732 | if (percpu) | |
25733 | percpu_modfree(percpu); | |
25734 | @@ -1907,6 +2033,9 @@ sys_init_module(void __user *umod, | |
25735 | struct module *mod; | |
25736 | int ret = 0; | |
25737 | ||
25738 | + if (gr_check_modstop()) | |
25739 | + return -EPERM; | |
25740 | + | |
25741 | /* Must have permission */ | |
25742 | if (!capable(CAP_SYS_MODULE)) | |
25743 | return -EPERM; | |
25744 | @@ -1958,10 +2087,12 @@ sys_init_module(void __user *umod, | |
25745 | /* Drop initial reference. */ | |
25746 | module_put(mod); | |
25747 | unwind_remove_table(mod->unwind_info, 1); | |
25748 | - module_free(mod, mod->module_init); | |
25749 | - mod->module_init = NULL; | |
25750 | - mod->init_size = 0; | |
25751 | - mod->init_text_size = 0; | |
25752 | + module_free(mod, mod->module_init_rw); | |
25753 | + module_free_exec(mod, mod->module_init_rx); | |
25754 | + mod->module_init_rw = NULL; | |
25755 | + mod->module_init_rx = NULL; | |
25756 | + mod->init_size_rw = 0; | |
25757 | + mod->init_size_rx = 0; | |
25758 | mutex_unlock(&module_mutex); | |
25759 | ||
25760 | return 0; | |
25761 | @@ -1992,10 +2123,14 @@ static const char *get_ksymbol(struct mo | |
25762 | unsigned long nextval; | |
25763 | ||
25764 | /* At worse, next value is at end of module */ | |
25765 | - if (within(addr, mod->module_init, mod->init_size)) | |
25766 | - nextval = (unsigned long)mod->module_init+mod->init_text_size; | |
25767 | - else | |
25768 | - nextval = (unsigned long)mod->module_core+mod->core_text_size; | |
25769 | + if (within(addr, mod->module_init_rx, mod->init_size_rx)) | |
25770 | + nextval = (unsigned long)mod->module_init_rw; | |
25771 | + else if (within(addr, mod->module_init_rw, mod->init_size_rw)) | |
25772 | + nextval = (unsigned long)mod->module_core_rx; | |
25773 | + else if (within(addr, mod->module_core_rx, mod->core_size_rx)) | |
25774 | + nextval = (unsigned long)mod->module_core_rw; | |
25775 | + else | |
25776 | + nextval = (unsigned long)mod->module_core_rw+mod->core_size_rw; | |
25777 | ||
25778 | /* Scan for closest preceeding symbol, and next symbol. (ELF | |
25779 | starts real symbols at 1). */ | |
25780 | @@ -2036,8 +2171,10 @@ const char *module_address_lookup(unsign | |
25781 | struct module *mod; | |
25782 | ||
25783 | list_for_each_entry(mod, &modules, list) { | |
25784 | - if (within(addr, mod->module_init, mod->init_size) | |
25785 | - || within(addr, mod->module_core, mod->core_size)) { | |
25786 | + if (within(addr, mod->module_init_rx, mod->init_size_rx) | |
25787 | + || within(addr, mod->module_init_rw, mod->init_size_rw) | |
25788 | + || within(addr, mod->module_core_rx, mod->core_size_rx) | |
25789 | + || within(addr, mod->module_core_rw, mod->core_size_rw)) { | |
25790 | if (modname) | |
25791 | *modname = mod->name; | |
25792 | return get_ksymbol(mod, addr, size, offset); | |
25793 | @@ -2158,7 +2295,7 @@ static int m_show(struct seq_file *m, vo | |
25794 | char buf[8]; | |
25795 | ||
25796 | seq_printf(m, "%s %lu", | |
25797 | - mod->name, mod->init_size + mod->core_size); | |
25798 | + mod->name, mod->init_size_rx + mod->init_size_rw + mod->core_size_rx + mod->core_size_rw); | |
25799 | print_unload_info(m, mod); | |
25800 | ||
25801 | /* Informative for users. */ | |
25802 | @@ -2167,7 +2304,7 @@ static int m_show(struct seq_file *m, vo | |
25803 | mod->state == MODULE_STATE_COMING ? "Loading": | |
25804 | "Live"); | |
25805 | /* Used by oprofile and other similar tools. */ | |
25806 | - seq_printf(m, " 0x%p", mod->module_core); | |
25807 | + seq_printf(m, " 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw); | |
25808 | ||
25809 | /* Taints info */ | |
25810 | if (mod->taints) | |
25811 | @@ -2225,7 +2362,8 @@ int is_module_address(unsigned long addr | |
25812 | spin_lock_irqsave(&modlist_lock, flags); | |
25813 | ||
25814 | list_for_each_entry(mod, &modules, list) { | |
25815 | - if (within(addr, mod->module_core, mod->core_size)) { | |
25816 | + if (within(addr, mod->module_core_rx, mod->core_size_rx) || | |
25817 | + within(addr, mod->module_core_rw, mod->core_size_rw)) { | |
25818 | spin_unlock_irqrestore(&modlist_lock, flags); | |
25819 | return 1; | |
25820 | } | |
25821 | @@ -2243,8 +2381,8 @@ struct module *__module_text_address(uns | |
25822 | struct module *mod; | |
25823 | ||
25824 | list_for_each_entry(mod, &modules, list) | |
25825 | - if (within(addr, mod->module_init, mod->init_text_size) | |
25826 | - || within(addr, mod->module_core, mod->core_text_size)) | |
25827 | + if (within(addr, mod->module_init_rx, mod->init_size_rx) | |
25828 | + || within(addr, mod->module_core_rx, mod->core_size_rx)) | |
25829 | return mod; | |
25830 | return NULL; | |
25831 | } | |
25832 | diff -urNp linux-2.6.19.1/kernel/mutex.c linux-2.6.19.1/kernel/mutex.c | |
25833 | --- linux-2.6.19.1/kernel/mutex.c 2006-11-29 16:57:37.000000000 -0500 | |
25834 | +++ linux-2.6.19.1/kernel/mutex.c 2006-12-03 15:16:26.000000000 -0500 | |
25835 | @@ -81,7 +81,7 @@ __mutex_lock_slowpath(atomic_t *lock_cou | |
25836 | * | |
25837 | * This function is similar to (but not equivalent to) down(). | |
25838 | */ | |
25839 | -void inline fastcall __sched mutex_lock(struct mutex *lock) | |
25840 | +inline void fastcall __sched mutex_lock(struct mutex *lock) | |
25841 | { | |
25842 | might_sleep(); | |
25843 | /* | |
25844 | diff -urNp linux-2.6.19.1/kernel/pid.c linux-2.6.19.1/kernel/pid.c | |
25845 | --- linux-2.6.19.1/kernel/pid.c 2006-11-29 16:57:37.000000000 -0500 | |
25846 | +++ linux-2.6.19.1/kernel/pid.c 2006-12-03 15:16:26.000000000 -0500 | |
25847 | @@ -27,6 +27,7 @@ | |
c3e8c1b5 | 25848 | #include <linux/hash.h> |
25849 | #include <linux/pspace.h> | |
9bdf255b | 25850 | #include <linux/vs_pid.h> |
c3e8c1b5 | 25851 | +#include <linux/grsecurity.h> |
25852 | ||
25853 | #define pid_hashfn(nr) hash_long((unsigned long)nr, pidhash_shift) | |
25854 | static struct hlist_head *pid_hash; | |
25855 | @@ -35,7 +36,7 @@ static kmem_cache_t *pid_cachep; | |
25856 | ||
25857 | int pid_max = PID_MAX_DEFAULT; | |
25858 | ||
25859 | -#define RESERVED_PIDS 300 | |
25860 | +#define RESERVED_PIDS 500 | |
25861 | ||
25862 | int pid_max_min = RESERVED_PIDS + 1; | |
25863 | int pid_max_max = PID_MAX_LIMIT; | |
25864 | @@ -94,7 +95,9 @@ static int alloc_pidmap(struct pspace *p | |
25865 | int i, offset, max_scan, pid, last = pspace->last_pid; | |
25866 | struct pidmap *map; | |
25867 | ||
25868 | - pid = last + 1; | |
25869 | + pid = gr_random_pid(); | |
25870 | + if (!pid) | |
25871 | + pid = pspace->last_pid + 1; | |
25872 | if (pid >= pid_max) | |
25873 | pid = RESERVED_PIDS; | |
25874 | offset = pid & BITS_PER_PAGE_MASK; | |
9bdf255b | 25875 | @@ -299,11 +302,18 @@ struct task_struct * fastcall pid_task(s |
c3e8c1b5 | 25876 | */ |
25877 | struct task_struct *find_task_by_pid_type(int type, int nr) | |
25878 | { | |
9bdf255b | 25879 | + struct task_struct *task; |
25880 | + | |
25881 | if (type == PIDTYPE_PID) | |
25882 | nr = vx_rmap_pid(nr); | |
25883 | else if (type == PIDTYPE_REALPID) | |
25884 | type = PIDTYPE_PID; | |
c3e8c1b5 | 25885 | - return pid_task(find_pid(nr), type); |
c3e8c1b5 | 25886 | + task = pid_task(find_pid(nr), type); |
25887 | + | |
25888 | + if (gr_pid_is_chrooted(task)) | |
25889 | + return NULL; | |
25890 | + | |
25891 | + return task; | |
25892 | } | |
25893 | ||
25894 | EXPORT_SYMBOL(find_task_by_pid_type); | |
25895 | @@ -318,6 +328,8 @@ struct task_struct *fastcall get_pid_tas | |
25896 | struct task_struct *result; | |
25897 | rcu_read_lock(); | |
25898 | result = pid_task(pid, type); | |
25899 | + if (gr_pid_is_chrooted(result)) | |
25900 | + result = NULL; | |
25901 | if (result) | |
25902 | get_task_struct(result); | |
25903 | rcu_read_unlock(); | |
25904 | diff -urNp linux-2.6.19.1/kernel/posix-cpu-timers.c linux-2.6.19.1/kernel/posix-cpu-timers.c | |
25905 | --- linux-2.6.19.1/kernel/posix-cpu-timers.c 2006-11-29 16:57:37.000000000 -0500 | |
25906 | +++ linux-2.6.19.1/kernel/posix-cpu-timers.c 2006-12-03 15:16:26.000000000 -0500 | |
25907 | @@ -6,6 +6,7 @@ | |
25908 | #include <linux/posix-timers.h> | |
25909 | #include <asm/uaccess.h> | |
25910 | #include <linux/errno.h> | |
25911 | +#include <linux/grsecurity.h> | |
25912 | ||
25913 | static int check_clock(const clockid_t which_clock) | |
25914 | { | |
25915 | @@ -1139,6 +1140,7 @@ static void check_process_timers(struct | |
25916 | __group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk); | |
25917 | return; | |
25918 | } | |
25919 | + gr_learn_resource(tsk, RLIMIT_CPU, psecs, 1); | |
25920 | if (psecs >= sig->rlim[RLIMIT_CPU].rlim_cur) { | |
25921 | /* | |
25922 | * At the soft limit, send a SIGXCPU every second. | |
25923 | diff -urNp linux-2.6.19.1/kernel/power/poweroff.c linux-2.6.19.1/kernel/power/poweroff.c | |
25924 | --- linux-2.6.19.1/kernel/power/poweroff.c 2006-11-29 16:57:37.000000000 -0500 | |
25925 | +++ linux-2.6.19.1/kernel/power/poweroff.c 2006-12-10 21:43:36.000000000 -0500 | |
25926 | @@ -35,7 +35,7 @@ static struct sysrq_key_op sysrq_powerof | |
25927 | .enable_mask = SYSRQ_ENABLE_BOOT, | |
25928 | }; | |
25929 | ||
25930 | -static int pm_sysrq_init(void) | |
25931 | +static int __init pm_sysrq_init(void) | |
25932 | { | |
25933 | register_sysrq_key('o', &sysrq_poweroff_op); | |
25934 | return 0; | |
25935 | diff -urNp linux-2.6.19.1/kernel/printk.c linux-2.6.19.1/kernel/printk.c | |
25936 | --- linux-2.6.19.1/kernel/printk.c 2006-11-29 16:57:37.000000000 -0500 | |
25937 | +++ linux-2.6.19.1/kernel/printk.c 2006-12-03 15:16:26.000000000 -0500 | |
25938 | @@ -32,6 +32,7 @@ | |
c3e8c1b5 | 25939 | #include <linux/syscalls.h> |
25940 | #include <linux/jiffies.h> | |
9bdf255b | 25941 | #include <linux/vs_cvirt.h> |
c3e8c1b5 | 25942 | +#include <linux/grsecurity.h> |
25943 | ||
25944 | #include <asm/uaccess.h> | |
25945 | ||
25946 | @@ -187,6 +188,11 @@ int do_syslog(int type, char __user *buf | |
25947 | char c; | |
25948 | int error = 0; | |
25949 | ||
25950 | +#ifdef CONFIG_GRKERNSEC_DMESG | |
25951 | + if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN)) | |
25952 | + return -EPERM; | |
25953 | +#endif | |
25954 | + | |
25955 | error = security_syslog(type); | |
25956 | if (error) | |
25957 | return error; | |
25958 | diff -urNp linux-2.6.19.1/kernel/ptrace.c linux-2.6.19.1/kernel/ptrace.c | |
25959 | --- linux-2.6.19.1/kernel/ptrace.c 2006-11-29 16:57:37.000000000 -0500 | |
25960 | +++ linux-2.6.19.1/kernel/ptrace.c 2006-12-03 15:16:26.000000000 -0500 | |
25961 | @@ -18,6 +18,7 @@ | |
c3e8c1b5 | 25962 | #include <linux/security.h> |
25963 | #include <linux/signal.h> | |
9bdf255b | 25964 | #include <linux/vs_context.h> |
c3e8c1b5 | 25965 | +#include <linux/grsecurity.h> |
25966 | ||
25967 | #include <asm/pgtable.h> | |
25968 | #include <asm/uaccess.h> | |
25969 | @@ -137,12 +138,12 @@ static int may_attach(struct task_struct | |
25970 | (current->uid != task->uid) || | |
25971 | (current->gid != task->egid) || | |
25972 | (current->gid != task->sgid) || | |
25973 | - (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE)) | |
25974 | + (current->gid != task->gid)) && !capable_nolog(CAP_SYS_PTRACE)) | |
25975 | return -EPERM; | |
25976 | smp_rmb(); | |
25977 | if (task->mm) | |
25978 | dumpable = task->mm->dumpable; | |
25979 | - if (!dumpable && !capable(CAP_SYS_PTRACE)) | |
25980 | + if (!dumpable && !capable_nolog(CAP_SYS_PTRACE)) | |
25981 | return -EPERM; | |
25982 | ||
25983 | return security_ptrace(current, task); | |
25984 | @@ -477,6 +478,11 @@ asmlinkage long sys_ptrace(long request, | |
25985 | if (ret < 0) | |
25986 | goto out_put_task_struct; | |
25987 | ||
25988 | + if (gr_handle_ptrace(child, request)) { | |
25989 | + ret = -EPERM; | |
25990 | + goto out_put_task_struct; | |
25991 | + } | |
25992 | + | |
25993 | ret = arch_ptrace(child, request, addr, data); | |
25994 | if (ret < 0) | |
25995 | goto out_put_task_struct; | |
25996 | diff -urNp linux-2.6.19.1/kernel/resource.c linux-2.6.19.1/kernel/resource.c | |
25997 | --- linux-2.6.19.1/kernel/resource.c 2006-11-29 16:57:37.000000000 -0500 | |
25998 | +++ linux-2.6.19.1/kernel/resource.c 2006-12-03 15:16:26.000000000 -0500 | |
25999 | @@ -133,10 +133,27 @@ static int __init ioresources_init(void) | |
26000 | { | |
26001 | struct proc_dir_entry *entry; | |
26002 | ||
26003 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
26004 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
26005 | + entry = create_proc_entry("ioports", S_IRUSR, NULL); | |
26006 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
26007 | + entry = create_proc_entry("ioports", S_IRUSR | S_IRGRP, NULL); | |
26008 | +#endif | |
26009 | +#else | |
26010 | entry = create_proc_entry("ioports", 0, NULL); | |
26011 | +#endif | |
26012 | if (entry) | |
26013 | entry->proc_fops = &proc_ioports_operations; | |
26014 | + | |
26015 | +#ifdef CONFIG_GRKERNSEC_PROC_ADD | |
26016 | +#ifdef CONFIG_GRKERNSEC_PROC_USER | |
26017 | + entry = create_proc_entry("iomem", S_IRUSR, NULL); | |
26018 | +#elif CONFIG_GRKERNSEC_PROC_USERGROUP | |
26019 | + entry = create_proc_entry("iomem", S_IRUSR | S_IRGRP, NULL); | |
26020 | +#endif | |
26021 | +#else | |
26022 | entry = create_proc_entry("iomem", 0, NULL); | |
26023 | +#endif | |
26024 | if (entry) | |
26025 | entry->proc_fops = &proc_iomem_operations; | |
26026 | return 0; | |
26027 | diff -urNp linux-2.6.19.1/kernel/sched.c linux-2.6.19.1/kernel/sched.c | |
26028 | --- linux-2.6.19.1/kernel/sched.c 2006-11-29 16:57:37.000000000 -0500 | |
26029 | +++ linux-2.6.19.1/kernel/sched.c 2006-12-03 15:16:26.000000000 -0500 | |
26030 | @@ -52,6 +52,7 @@ | |
26031 | #include <linux/tsacct_kern.h> | |
26032 | #include <linux/kprobes.h> | |
26033 | #include <linux/delayacct.h> | |
26034 | +#include <linux/grsecurity.h> | |
26035 | #include <asm/tlb.h> | |
26036 | ||
26037 | #include <asm/unistd.h> | |
26038 | @@ -4012,7 +4013,8 @@ asmlinkage long sys_nice(int increment) | |
26039 | if (nice > 19) | |
26040 | nice = 19; | |
26041 | ||
26042 | - if (increment < 0 && !can_nice(current, nice)) | |
26043 | + if (increment < 0 && (!can_nice(current, nice) || | |
26044 | + gr_handle_chroot_nice())) | |
9bdf255b | 26045 | return vx_flags(VXF_IGNEG_NICE, 0) ? 0 : -EPERM; |
c3e8c1b5 | 26046 | |
26047 | retval = security_task_setnice(current, nice); | |
26048 | diff -urNp linux-2.6.19.1/kernel/signal.c linux-2.6.19.1/kernel/signal.c | |
26049 | --- linux-2.6.19.1/kernel/signal.c 2006-11-29 16:57:37.000000000 -0500 | |
26050 | +++ linux-2.6.19.1/kernel/signal.c 2006-12-03 15:16:26.000000000 -0500 | |
26051 | @@ -23,6 +23,7 @@ | |
c3e8c1b5 | 26052 | #include <linux/capability.h> |
9bdf255b | 26053 | #include <linux/vs_context.h> |
26054 | #include <linux/freezer.h> | |
c3e8c1b5 | 26055 | +#include <linux/grsecurity.h> |
26056 | #include <asm/param.h> | |
26057 | #include <asm/uaccess.h> | |
26058 | #include <asm/unistd.h> | |
9bdf255b | 26059 | @@ -581,11 +582,11 @@ static int check_kill_permission(int sig |
26060 | goto skip; | |
26061 | ||
c3e8c1b5 | 26062 | error = -EPERM; |
9bdf255b | 26063 | - if (((sig != SIGCONT) || |
26064 | + if (((((sig != SIGCONT) || | |
c3e8c1b5 | 26065 | (current->signal->session != t->signal->session)) |
26066 | && (current->euid ^ t->suid) && (current->euid ^ t->uid) | |
26067 | && (current->uid ^ t->suid) && (current->uid ^ t->uid) | |
26068 | - && !capable(CAP_KILL)) | |
26069 | + && !capable(CAP_KILL)) || gr_handle_signal(t, sig))) | |
26070 | return error; | |
26071 | ||
9bdf255b | 26072 | error = -ESRCH; |
26073 | @@ -604,8 +605,10 @@ static int check_kill_permission(int sig | |
26074 | } | |
26075 | skip: | |
c3e8c1b5 | 26076 | error = security_task_kill(t, info, sig, 0); |
26077 | - if (!error) | |
26078 | + if (!error) { | |
26079 | audit_signal_info(sig, t); /* Let audit system see the signal */ | |
26080 | + gr_log_signal(sig, t); | |
26081 | + } | |
26082 | return error; | |
26083 | } | |
26084 | ||
26085 | @@ -768,7 +771,7 @@ out_set: | |
26086 | (((sig) < SIGRTMIN) && sigismember(&(sigptr)->signal, (sig))) | |
26087 | ||
26088 | ||
26089 | -static int | |
26090 | +int | |
26091 | specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) | |
26092 | { | |
26093 | int ret = 0; | |
26094 | @@ -822,6 +825,10 @@ force_sig_info(int sig, struct siginfo * | |
26095 | } | |
26096 | } | |
26097 | ret = specific_send_sig_info(sig, info, t); | |
26098 | + | |
26099 | + gr_log_signal(sig, t); | |
26100 | + gr_handle_crash(t, sig); | |
26101 | + | |
26102 | spin_unlock_irqrestore(&t->sighand->siglock, flags); | |
26103 | ||
26104 | return ret; | |
26105 | diff -urNp linux-2.6.19.1/kernel/sys.c linux-2.6.19.1/kernel/sys.c | |
26106 | --- linux-2.6.19.1/kernel/sys.c 2006-11-29 16:57:37.000000000 -0500 | |
26107 | +++ linux-2.6.19.1/kernel/sys.c 2006-12-03 15:16:26.000000000 -0500 | |
26108 | @@ -29,6 +29,7 @@ | |
26109 | #include <linux/signal.h> | |
26110 | #include <linux/cn_proc.h> | |
26111 | #include <linux/getcpu.h> | |
26112 | +#include <linux/grsecurity.h> | |
26113 | ||
26114 | #include <linux/compat.h> | |
26115 | #include <linux/syscalls.h> | |
26116 | @@ -572,6 +573,12 @@ static int set_one_prio(struct task_stru | |
26117 | error = -EACCES; | |
26118 | goto out; | |
26119 | } | |
26120 | + | |
26121 | + if (gr_handle_chroot_setpriority(p, niceval)) { | |
26122 | + error = -EACCES; | |
26123 | + goto out; | |
26124 | + } | |
26125 | + | |
26126 | no_nice = security_task_setnice(p, niceval); | |
26127 | if (no_nice) { | |
26128 | error = no_nice; | |
26129 | @@ -954,6 +961,9 @@ asmlinkage long sys_setregid(gid_t rgid, | |
26130 | if (rgid != (gid_t) -1 || | |
26131 | (egid != (gid_t) -1 && egid != old_rgid)) | |
26132 | current->sgid = new_egid; | |
26133 | + | |
26134 | + gr_set_role_label(current, current->uid, new_rgid); | |
26135 | + | |
26136 | current->fsgid = new_egid; | |
26137 | current->egid = new_egid; | |
26138 | current->gid = new_rgid; | |
26139 | @@ -981,6 +991,9 @@ asmlinkage long sys_setgid(gid_t gid) | |
26140 | current->mm->dumpable = suid_dumpable; | |
26141 | smp_wmb(); | |
26142 | } | |
26143 | + | |
26144 | + gr_set_role_label(current, current->uid, gid); | |
26145 | + | |
26146 | current->gid = current->egid = current->sgid = current->fsgid = gid; | |
26147 | } else if ((gid == current->gid) || (gid == current->sgid)) { | |
26148 | if (old_egid != gid) { | |
26149 | @@ -1018,6 +1031,9 @@ static int set_user(uid_t new_ruid, int | |
26150 | current->mm->dumpable = suid_dumpable; | |
26151 | smp_wmb(); | |
26152 | } | |
26153 | + | |
26154 | + gr_set_role_label(current, new_ruid, current->gid); | |
26155 | + | |
26156 | current->uid = new_ruid; | |
26157 | return 0; | |
26158 | } | |
26159 | @@ -1120,6 +1136,9 @@ asmlinkage long sys_setuid(uid_t uid) | |
26160 | } else if ((uid != current->uid) && (uid != new_suid)) | |
26161 | return -EPERM; | |
26162 | ||
26163 | + if (gr_check_crash_uid(uid)) | |
26164 | + return -EPERM; | |
26165 | + | |
26166 | if (old_euid != uid) { | |
26167 | current->mm->dumpable = suid_dumpable; | |
26168 | smp_wmb(); | |
26169 | @@ -1222,8 +1241,10 @@ asmlinkage long sys_setresgid(gid_t rgid | |
26170 | current->egid = egid; | |
26171 | } | |
26172 | current->fsgid = current->egid; | |
26173 | - if (rgid != (gid_t) -1) | |
26174 | + if (rgid != (gid_t) -1) { | |
26175 | + gr_set_role_label(current, current->uid, rgid); | |
26176 | current->gid = rgid; | |
26177 | + } | |
26178 | if (sgid != (gid_t) -1) | |
26179 | current->sgid = sgid; | |
26180 | ||
26181 | @@ -2086,7 +2107,7 @@ asmlinkage long sys_prctl(int option, un | |
26182 | error = current->mm->dumpable; | |
26183 | break; | |
26184 | case PR_SET_DUMPABLE: | |
26185 | - if (arg2 < 0 || arg2 > 1) { | |
26186 | + if (arg2 > 1) { | |
26187 | error = -EINVAL; | |
26188 | break; | |
26189 | } | |
26190 | diff -urNp linux-2.6.19.1/kernel/sysctl.c linux-2.6.19.1/kernel/sysctl.c | |
26191 | --- linux-2.6.19.1/kernel/sysctl.c 2006-11-29 16:57:37.000000000 -0500 | |
26192 | +++ linux-2.6.19.1/kernel/sysctl.c 2006-12-03 15:16:26.000000000 -0500 | |
26193 | @@ -57,6 +57,14 @@ extern int proc_nr_files(ctl_table *tabl | |
26194 | #endif | |
26195 | ||
26196 | #if defined(CONFIG_SYSCTL) | |
26197 | +#include <linux/grsecurity.h> | |
26198 | +#include <linux/grinternal.h> | |
26199 | + | |
26200 | +extern __u32 gr_handle_sysctl(const ctl_table *table, const void *oldval, | |
26201 | + const void *newval); | |
26202 | +extern int gr_handle_sysctl_mod(const char *dirname, const char *name, | |
26203 | + const int op); | |
26204 | +extern int gr_handle_chroot_sysctl(const int op); | |
26205 | ||
26206 | /* External variables not in a header file. */ | |
26207 | extern int C_A_D; | |
26208 | @@ -161,6 +169,22 @@ extern ctl_table inotify_table[]; | |
26209 | #ifdef HAVE_ARCH_PICK_MMAP_LAYOUT | |
26210 | int sysctl_legacy_va_layout; | |
26211 | #endif | |
26212 | +extern ctl_table grsecurity_table[]; | |
26213 | + | |
26214 | +#ifdef CONFIG_PAX_SOFTMODE | |
26215 | +static ctl_table pax_table[] = { | |
26216 | + { | |
26217 | + .ctl_name = PAX_SOFTMODE, | |
26218 | + .procname = "softmode", | |
26219 | + .data = &pax_softmode, | |
26220 | + .maxlen = sizeof(unsigned int), | |
26221 | + .mode = 0600, | |
26222 | + .proc_handler = &proc_dointvec, | |
26223 | + }, | |
26224 | + | |
26225 | + { .ctl_name = 0 } | |
26226 | +}; | |
26227 | +#endif | |
26228 | ||
26229 | /* /proc declarations: */ | |
26230 | ||
26231 | @@ -223,7 +247,6 @@ static ctl_table root_table[] = { | |
26232 | .mode = 0555, | |
26233 | .child = dev_table, | |
26234 | }, | |
26235 | - | |
26236 | { .ctl_name = 0 } | |
26237 | }; | |
26238 | ||
26239 | @@ -769,6 +792,24 @@ static ctl_table kern_table[] = { | |
26240 | }, | |
26241 | #endif | |
26242 | ||
26243 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP) | |
26244 | + { | |
26245 | + .ctl_name = KERN_GRSECURITY, | |
26246 | + .procname = "grsecurity", | |
26247 | + .mode = 0500, | |
26248 | + .child = grsecurity_table, | |
26249 | + }, | |
26250 | +#endif | |
26251 | + | |
26252 | +#ifdef CONFIG_PAX_SOFTMODE | |
26253 | + { | |
26254 | + .ctl_name = KERN_PAX, | |
26255 | + .procname = "pax", | |
26256 | + .mode = 0500, | |
26257 | + .child = pax_table, | |
26258 | + }, | |
26259 | +#endif | |
26260 | + | |
26261 | { .ctl_name = 0 } | |
26262 | }; | |
26263 | ||
26264 | @@ -1297,6 +1338,10 @@ static int test_perm(int mode, int op) | |
26265 | static inline int ctl_perm(ctl_table *table, int op) | |
26266 | { | |
26267 | int error; | |
26268 | + if (table->de && gr_handle_sysctl_mod(table->de->parent->name, table->de->name, op)) | |
26269 | + return -EACCES; | |
26270 | + if (gr_handle_chroot_sysctl(op)) | |
26271 | + return -EACCES; | |
26272 | error = security_sysctl(table, op); | |
26273 | if (error) | |
26274 | return error; | |
26275 | @@ -1336,6 +1381,10 @@ repeat: | |
26276 | table = table->child; | |
26277 | goto repeat; | |
26278 | } | |
26279 | + | |
26280 | + if (!gr_handle_sysctl(table, oldval, newval)) | |
26281 | + return -EPERM; | |
26282 | + | |
26283 | error = do_sysctl_strategy(table, name, nlen, | |
26284 | oldval, oldlenp, | |
26285 | newval, newlen, context); | |
26286 | diff -urNp linux-2.6.19.1/kernel/time.c linux-2.6.19.1/kernel/time.c | |
26287 | --- linux-2.6.19.1/kernel/time.c 2006-11-29 16:57:37.000000000 -0500 | |
26288 | +++ linux-2.6.19.1/kernel/time.c 2006-12-03 15:16:26.000000000 -0500 | |
26289 | @@ -36,6 +36,7 @@ | |
26290 | #include <linux/security.h> | |
26291 | #include <linux/fs.h> | |
26292 | #include <linux/module.h> | |
26293 | +#include <linux/grsecurity.h> | |
26294 | ||
26295 | #include <asm/uaccess.h> | |
26296 | #include <asm/unistd.h> | |
26297 | @@ -93,6 +94,9 @@ asmlinkage long sys_stime(time_t __user | |
26298 | return err; | |
26299 | ||
9bdf255b | 26300 | vx_settimeofday(&tv); |
c3e8c1b5 | 26301 | + |
26302 | + gr_log_timechange(); | |
26303 | + | |
26304 | return 0; | |
26305 | } | |
26306 | ||
26307 | @@ -199,6 +203,8 @@ asmlinkage long sys_settimeofday(struct | |
26308 | return -EFAULT; | |
26309 | } | |
26310 | ||
26311 | + gr_log_timechange(); | |
26312 | + | |
26313 | return do_sys_settimeofday(tv ? &new_ts : NULL, tz ? &new_tz : NULL); | |
26314 | } | |
26315 | ||
26316 | diff -urNp linux-2.6.19.1/kernel/unwind.c linux-2.6.19.1/kernel/unwind.c | |
26317 | --- linux-2.6.19.1/kernel/unwind.c 2006-11-29 16:57:37.000000000 -0500 | |
26318 | +++ linux-2.6.19.1/kernel/unwind.c 2006-12-03 15:16:26.000000000 -0500 | |
26319 | @@ -351,8 +351,8 @@ void *unwind_add_table(struct module *mo | |
26320 | return NULL; | |
26321 | ||
26322 | init_unwind_table(table, module->name, | |
26323 | - module->module_core, module->core_size, | |
26324 | - module->module_init, module->init_size, | |
26325 | + module->module_core_rx, module->core_size_rx, | |
26326 | + module->module_init_rx, module->init_size_rx, | |
26327 | table_start, table_size, | |
26328 | NULL, 0); | |
26329 | ||
c3e8c1b5 | 26330 | diff -urNp linux-2.6.19.1/Makefile linux-2.6.19.1/Makefile |
26331 | --- linux-2.6.19.1/Makefile 2006-12-10 21:40:26.000000000 -0500 | |
26332 | +++ linux-2.6.19.1/Makefile 2006-12-10 21:40:15.000000000 -0500 | |
26333 | @@ -313,7 +313,7 @@ LINUXINCLUDE := -Iinclude \ | |
26334 | ||
26335 | CPPFLAGS := -D__KERNEL__ $(LINUXINCLUDE) | |
26336 | ||
26337 | -CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ | |
26338 | +CFLAGS := -Wall -W -Wno-unused -Wno-sign-compare -Wundef -Wstrict-prototypes -Wno-trigraphs \ | |
26339 | -fno-strict-aliasing -fno-common | |
26340 | AFLAGS := -D__ASSEMBLY__ | |
26341 | ||
26342 | @@ -559,7 +559,7 @@ export mod_strip_cmd | |
26343 | ||
26344 | ||
26345 | ifeq ($(KBUILD_EXTMOD),) | |
26346 | -core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ | |
26347 | +core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/ | |
26348 | ||
26349 | vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ | |
26350 | $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ | |
26351 | diff -urNp linux-2.6.19.1/mm/filemap.c linux-2.6.19.1/mm/filemap.c | |
26352 | --- linux-2.6.19.1/mm/filemap.c 2006-11-29 16:57:37.000000000 -0500 | |
26353 | +++ linux-2.6.19.1/mm/filemap.c 2006-12-03 15:16:26.000000000 -0500 | |
26354 | @@ -30,6 +30,7 @@ | |
26355 | #include <linux/security.h> | |
26356 | #include <linux/syscalls.h> | |
26357 | #include <linux/cpuset.h> | |
26358 | +#include <linux/grsecurity.h> | |
26359 | #include "filemap.h" | |
26360 | #include "internal.h" | |
26361 | ||
26362 | @@ -1720,7 +1721,13 @@ int generic_file_mmap(struct file * file | |
26363 | struct address_space *mapping = file->f_mapping; | |
26364 | ||
26365 | if (!mapping->a_ops->readpage) | |
26366 | - return -ENOEXEC; | |
26367 | + return -ENODEV; | |
26368 | + | |
26369 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
26370 | + if ((vma->vm_mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_EXEC)) | |
26371 | + vma->vm_page_prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(vma->vm_page_prot))))); | |
26372 | +#endif | |
26373 | + | |
26374 | file_accessed(file); | |
26375 | vma->vm_ops = &generic_file_vm_ops; | |
26376 | return 0; | |
26377 | @@ -1957,6 +1964,7 @@ inline int generic_write_checks(struct f | |
26378 | *pos = i_size_read(inode); | |
26379 | ||
26380 | if (limit != RLIM_INFINITY) { | |
26381 | + gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0); | |
26382 | if (*pos >= limit) { | |
26383 | send_sig(SIGXFSZ, current, 0); | |
26384 | return -EFBIG; | |
26385 | diff -urNp linux-2.6.19.1/mm/filemap_xip.c linux-2.6.19.1/mm/filemap_xip.c | |
26386 | --- linux-2.6.19.1/mm/filemap_xip.c 2006-11-29 16:57:37.000000000 -0500 | |
26387 | +++ linux-2.6.19.1/mm/filemap_xip.c 2006-12-03 15:16:26.000000000 -0500 | |
26388 | @@ -262,6 +262,11 @@ int xip_file_mmap(struct file * file, st | |
26389 | { | |
26390 | BUG_ON(!file->f_mapping->a_ops->get_xip_page); | |
26391 | ||
26392 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
26393 | + if ((vma->vm_mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_EXEC)) | |
26394 | + vma->vm_page_prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(vma->vm_page_prot))))); | |
26395 | +#endif | |
26396 | + | |
26397 | file_accessed(file); | |
26398 | vma->vm_ops = &xip_file_vm_ops; | |
26399 | return 0; | |
26400 | diff -urNp linux-2.6.19.1/mm/madvise.c linux-2.6.19.1/mm/madvise.c | |
26401 | --- linux-2.6.19.1/mm/madvise.c 2006-11-29 16:57:37.000000000 -0500 | |
26402 | +++ linux-2.6.19.1/mm/madvise.c 2006-12-03 15:16:26.000000000 -0500 | |
26403 | @@ -15,9 +15,46 @@ | |
26404 | * We can potentially split a vm area into separate | |
26405 | * areas, each area with its own behavior. | |
26406 | */ | |
26407 | + | |
26408 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26409 | +static long __madvise_behavior(struct vm_area_struct * vma, | |
26410 | + struct vm_area_struct **prev, | |
26411 | + unsigned long start, unsigned long end, int behavior); | |
26412 | + | |
26413 | +static long madvise_behavior(struct vm_area_struct * vma, | |
26414 | + struct vm_area_struct **prev, | |
26415 | + unsigned long start, unsigned long end, int behavior) | |
26416 | +{ | |
26417 | + if (vma->vm_flags & VM_MIRROR) { | |
26418 | + struct vm_area_struct * vma_m, * prev_m; | |
26419 | + unsigned long start_m, end_m; | |
26420 | + int error; | |
26421 | + | |
26422 | + start_m = vma->vm_start + vma->vm_mirror; | |
26423 | + vma_m = find_vma_prev(vma->vm_mm, start_m, &prev_m); | |
26424 | + if (vma_m && vma_m->vm_start == start_m && (vma_m->vm_flags & VM_MIRROR)) { | |
26425 | + start_m = start + vma->vm_mirror; | |
26426 | + end_m = end + vma->vm_mirror; | |
26427 | + error = __madvise_behavior(vma_m, &prev_m, start_m, end_m, behavior); | |
26428 | + if (error) | |
26429 | + return error; | |
26430 | + } else { | |
26431 | + printk("PAX: VMMIRROR: madvise bug in %s, %08lx\n", current->comm, vma->vm_start); | |
26432 | + return -ENOMEM; | |
26433 | + } | |
26434 | + } | |
26435 | + | |
26436 | + return __madvise_behavior(vma, prev, start, end, behavior); | |
26437 | +} | |
26438 | + | |
26439 | +static long __madvise_behavior(struct vm_area_struct * vma, | |
26440 | + struct vm_area_struct **prev, | |
26441 | + unsigned long start, unsigned long end, int behavior) | |
26442 | +#else | |
26443 | static long madvise_behavior(struct vm_area_struct * vma, | |
26444 | struct vm_area_struct **prev, | |
26445 | unsigned long start, unsigned long end, int behavior) | |
26446 | +#endif | |
26447 | { | |
26448 | struct mm_struct * mm = vma->vm_mm; | |
26449 | int error = 0; | |
26450 | diff -urNp linux-2.6.19.1/mm/memory.c linux-2.6.19.1/mm/memory.c | |
26451 | --- linux-2.6.19.1/mm/memory.c 2006-11-29 16:57:37.000000000 -0500 | |
26452 | +++ linux-2.6.19.1/mm/memory.c 2006-12-03 15:16:26.000000000 -0500 | |
26453 | @@ -50,6 +50,7 @@ | |
26454 | #include <linux/delayacct.h> | |
26455 | #include <linux/init.h> | |
26456 | #include <linux/writeback.h> | |
26457 | +#include <linux/grsecurity.h> | |
26458 | ||
26459 | #include <asm/pgalloc.h> | |
26460 | #include <asm/uaccess.h> | |
26461 | @@ -322,6 +323,11 @@ int __pte_alloc(struct mm_struct *mm, pm | |
26462 | ||
26463 | int __pte_alloc_kernel(pmd_t *pmd, unsigned long address) | |
26464 | { | |
26465 | + | |
26466 | +#ifdef CONFIG_PAX_KERNEXEC | |
26467 | + unsigned long cr0; | |
26468 | +#endif | |
26469 | + | |
26470 | pte_t *new = pte_alloc_one_kernel(&init_mm, address); | |
26471 | if (!new) | |
26472 | return -ENOMEM; | |
26473 | @@ -329,8 +335,19 @@ int __pte_alloc_kernel(pmd_t *pmd, unsig | |
26474 | spin_lock(&init_mm.page_table_lock); | |
26475 | if (pmd_present(*pmd)) /* Another has populated it */ | |
26476 | pte_free_kernel(new); | |
26477 | - else | |
26478 | + else { | |
26479 | + | |
26480 | +#ifdef CONFIG_PAX_KERNEXEC | |
26481 | + pax_open_kernel(cr0); | |
26482 | +#endif | |
26483 | + | |
26484 | pmd_populate_kernel(&init_mm, pmd, new); | |
26485 | + | |
26486 | +#ifdef CONFIG_PAX_KERNEXEC | |
26487 | + pax_close_kernel(cr0); | |
26488 | +#endif | |
26489 | + | |
26490 | + } | |
26491 | spin_unlock(&init_mm.page_table_lock); | |
26492 | return 0; | |
26493 | } | |
26494 | @@ -1459,6 +1476,88 @@ static inline void cow_user_page(struct | |
26495 | copy_user_highpage(dst, src, va); | |
26496 | } | |
26497 | ||
26498 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26499 | +/* PaX: if vma is mirrored, synchronize the mirror's PTE | |
26500 | + * | |
26501 | + * the ptl of the lower mapped page is held on entry and is not released on exit | |
26502 | + * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc) | |
26503 | + */ | |
26504 | +static void pax_mirror_fault(struct vm_area_struct *vma, unsigned long address, pte_t *pte) | |
26505 | +{ | |
26506 | + struct mm_struct *mm = vma->vm_mm; | |
26507 | + unsigned long address_m, pfn_m; | |
26508 | + struct vm_area_struct * vma_m = NULL; | |
26509 | + pte_t * pte_m, entry_m; | |
26510 | + struct page * page_m = NULL; | |
26511 | + | |
26512 | + address_m = vma->vm_start + vma->vm_mirror; | |
26513 | + vma_m = find_vma(mm, address_m); | |
26514 | + BUG_ON(!vma_m || vma_m->vm_start != address_m); | |
26515 | + | |
26516 | + address_m = address + vma->vm_mirror; | |
26517 | + pte_m = pte_offset_map_nested(pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m), address_m); | |
26518 | + | |
26519 | + if (pte_same(*pte, *pte_m)) { | |
26520 | + pte_unmap_nested(pte_m); | |
26521 | + return; | |
26522 | + } | |
26523 | + | |
26524 | + pfn_m = pte_pfn(*pte); | |
26525 | + if (pte_present(*pte_m)) { | |
26526 | + page_m = vm_normal_page(vma_m, address_m, *pte_m); | |
26527 | + if (page_m) { | |
26528 | + flush_cache_page(vma_m, address_m, pfn_m); | |
26529 | + flush_icache_page(vma_m, page_m); | |
26530 | + } | |
26531 | + } | |
26532 | + | |
26533 | + if (pte_present(*pte_m)) | |
26534 | + entry_m = ptep_clear_flush(vma_m, address_m, pte_m); | |
26535 | + else | |
26536 | + entry_m = ptep_get_and_clear(mm, address_m, pte_m); | |
26537 | + | |
26538 | + if (pte_none(entry_m)) { | |
26539 | + } else if (pte_present(entry_m)) { | |
26540 | + if (page_m) { | |
26541 | + page_remove_rmap(page_m); | |
26542 | + if (PageAnon(page_m)) | |
26543 | + dec_mm_counter(mm, anon_rss); | |
26544 | + else | |
26545 | + dec_mm_counter(mm, file_rss); | |
26546 | + page_cache_release(page_m); | |
26547 | + } | |
26548 | + } else if (!pte_file(entry_m)) { | |
26549 | + free_swap_and_cache(pte_to_swp_entry(entry_m)); | |
26550 | + } else { | |
26551 | + printk(KERN_ERR "PAX: VMMIRROR: bug in mirror_fault: %08lx, %08lx, %08lx, %08lx\n", | |
26552 | + address, vma->vm_start, address_m, vma_m->vm_start); | |
26553 | + } | |
26554 | + | |
26555 | + page_m = vm_normal_page(vma, address, *pte); | |
26556 | + entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot); | |
26557 | + if (pte_write(*pte)) | |
26558 | + entry_m = maybe_mkwrite(pte_mkdirty(entry_m), vma_m); | |
26559 | + if (page_m) { | |
26560 | + page_cache_get(page_m); | |
26561 | + /* | |
26562 | + * we can test PAGE_MAPPING_ANON without holding page_map_lock because | |
26563 | + * we hold the page table lock and have a reference to page_m | |
26564 | + */ | |
26565 | + if (PageAnon(page_m)) { | |
26566 | + page_add_anon_rmap(page_m, vma_m, address_m); | |
26567 | + inc_mm_counter(mm, anon_rss); | |
26568 | + } else { | |
26569 | + page_add_file_rmap(page_m); | |
26570 | + inc_mm_counter(mm, file_rss); | |
26571 | + } | |
26572 | + } | |
26573 | + set_pte_at(mm, address_m, pte_m, entry_m); | |
26574 | + update_mmu_cache(vma_m, address_m, entry_m); | |
26575 | + lazy_mmu_prot_update(entry_m); | |
26576 | + pte_unmap_nested(pte_m); | |
26577 | +} | |
26578 | +#endif | |
26579 | + | |
26580 | /* | |
26581 | * This routine handles present pages, when users try to write | |
26582 | * to a shared page. It is done by copying the page to a new address | |
26583 | @@ -1602,6 +1701,12 @@ gotten: | |
26584 | /* Free the old page.. */ | |
26585 | new_page = old_page; | |
26586 | ret |= VM_FAULT_WRITE; | |
26587 | + | |
26588 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26589 | + if (vma->vm_flags & VM_MIRROR) | |
26590 | + pax_mirror_fault(vma, address, page_table); | |
26591 | +#endif | |
26592 | + | |
26593 | } | |
26594 | if (new_page) | |
26595 | page_cache_release(new_page); | |
26596 | @@ -1861,6 +1966,7 @@ int vmtruncate(struct inode * inode, lof | |
26597 | ||
26598 | do_expand: | |
26599 | limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; | |
26600 | + gr_learn_resource(current, RLIMIT_FSIZE, offset, 1); | |
26601 | if (limit != RLIM_INFINITY && offset > limit) | |
26602 | goto out_sig; | |
26603 | if (offset > inode->i_sb->s_maxbytes) | |
26604 | @@ -2055,6 +2161,12 @@ static int do_swap_page(struct mm_struct | |
26605 | /* No need to invalidate - it was non-present before */ | |
26606 | update_mmu_cache(vma, address, pte); | |
26607 | lazy_mmu_prot_update(pte); | |
26608 | + | |
26609 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26610 | + if (vma->vm_flags & VM_MIRROR) | |
26611 | + pax_mirror_fault(vma, address, page_table); | |
26612 | +#endif | |
26613 | + | |
26614 | unlock: | |
26615 | pte_unmap_unlock(page_table, ptl); | |
26616 | out: | |
26617 | @@ -2117,6 +2229,12 @@ static int do_anonymous_page(struct mm_s | |
26618 | /* No need to invalidate - it was non-present before */ | |
26619 | update_mmu_cache(vma, address, entry); | |
26620 | lazy_mmu_prot_update(entry); | |
26621 | + | |
26622 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26623 | + if (vma->vm_flags & VM_MIRROR) | |
26624 | + pax_mirror_fault(vma, address, page_table); | |
26625 | +#endif | |
26626 | + | |
26627 | unlock: | |
26628 | pte_unmap_unlock(page_table, ptl); | |
26629 | return VM_FAULT_MINOR; | |
26630 | @@ -2262,6 +2380,12 @@ retry: | |
26631 | /* no need to invalidate: a not-present page shouldn't be cached */ | |
26632 | update_mmu_cache(vma, address, entry); | |
26633 | lazy_mmu_prot_update(entry); | |
26634 | + | |
26635 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26636 | + if (vma->vm_flags & VM_MIRROR) | |
26637 | + pax_mirror_fault(vma, address, page_table); | |
26638 | +#endif | |
26639 | + | |
26640 | unlock: | |
26641 | pte_unmap_unlock(page_table, ptl); | |
26642 | if (dirty_page) { | |
26643 | @@ -2429,6 +2553,12 @@ static inline int handle_pte_fault(struc | |
26644 | flush_tlb_page(vma, address); | |
26645 | } | |
26646 | unlock: | |
26647 | + | |
26648 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26649 | + if (vma->vm_flags & VM_MIRROR) | |
26650 | + pax_mirror_fault(vma, address, pte); | |
26651 | +#endif | |
26652 | + | |
26653 | pte_unmap_unlock(pte, ptl); | |
26654 | return VM_FAULT_MINOR; | |
26655 | } | |
26656 | @@ -2451,6 +2581,49 @@ int __handle_mm_fault(struct mm_struct * | |
26657 | if (unlikely(is_vm_hugetlb_page(vma))) | |
26658 | return hugetlb_fault(mm, vma, address, write_access); | |
26659 | ||
26660 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26661 | + if (vma->vm_flags & VM_MIRROR) { | |
26662 | + unsigned long address_m; | |
26663 | + struct vm_area_struct * vma_m; | |
26664 | + pgd_t *pgd_m; | |
26665 | + pud_t *pud_m; | |
26666 | + pmd_t *pmd_m; | |
26667 | + | |
26668 | + address_m = vma->vm_start + vma->vm_mirror; | |
26669 | + vma_m = find_vma(mm, address_m); | |
26670 | + | |
26671 | + /* PaX: sanity checks */ | |
26672 | + if (!vma_m) { | |
26673 | + printk(KERN_ERR "PAX: VMMIRROR: fault bug, %08lx, %p, %08lx, %p\n", | |
26674 | + address, vma, address_m, vma_m); | |
26675 | + return VM_FAULT_SIGBUS; | |
26676 | + } else if (!(vma_m->vm_flags & VM_MIRROR) || | |
26677 | + vma_m->vm_start != address_m || | |
26678 | + vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start) | |
26679 | + { | |
26680 | + printk(KERN_ERR "PAX: VMMIRROR: fault bug2, %08lx, %08lx, %08lx, %08lx, %08lx\n", | |
26681 | + address, vma->vm_start, vma_m->vm_start, vma->vm_end, vma_m->vm_end); | |
26682 | + return VM_FAULT_SIGBUS; | |
26683 | + } | |
26684 | + | |
26685 | + if (address_m < address) { | |
26686 | + address += vma->vm_mirror; | |
26687 | + vma = vma_m; | |
26688 | + } | |
26689 | + | |
26690 | + address_m = address + vma->vm_mirror; | |
26691 | + pgd_m = pgd_offset(mm, address_m); | |
26692 | + pud_m = pud_alloc(mm, pgd_m, address_m); | |
26693 | + if (!pud_m) | |
26694 | + return VM_FAULT_OOM; | |
26695 | + pmd_m = pmd_alloc(mm, pud_m, address_m); | |
26696 | + if (!pmd_m) | |
26697 | + return VM_FAULT_OOM; | |
26698 | + if (!pmd_present(*pmd_m) && __pte_alloc(mm, pmd_m, address_m)) | |
26699 | + return VM_FAULT_OOM; | |
26700 | + } | |
26701 | +#endif | |
26702 | + | |
26703 | pgd = pgd_offset(mm, address); | |
26704 | pud = pud_alloc(mm, pgd, address); | |
26705 | if (!pud) | |
26706 | diff -urNp linux-2.6.19.1/mm/mempolicy.c linux-2.6.19.1/mm/mempolicy.c | |
26707 | --- linux-2.6.19.1/mm/mempolicy.c 2006-11-29 16:57:37.000000000 -0500 | |
26708 | +++ linux-2.6.19.1/mm/mempolicy.c 2006-12-03 15:16:26.000000000 -0500 | |
26709 | @@ -353,6 +353,12 @@ check_range(struct mm_struct *mm, unsign | |
26710 | if (prev && prev->vm_end < vma->vm_start) | |
26711 | return ERR_PTR(-EFAULT); | |
26712 | } | |
26713 | + | |
26714 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26715 | + if (vma->vm_flags & VM_MIRROR) | |
26716 | + return ERR_PTR(-EFAULT); | |
26717 | +#endif | |
26718 | + | |
26719 | if (!is_vm_hugetlb_page(vma) && | |
26720 | ((flags & MPOL_MF_STRICT) || | |
26721 | ((flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) && | |
26722 | diff -urNp linux-2.6.19.1/mm/mlock.c linux-2.6.19.1/mm/mlock.c | |
26723 | --- linux-2.6.19.1/mm/mlock.c 2006-11-29 16:57:37.000000000 -0500 | |
26724 | +++ linux-2.6.19.1/mm/mlock.c 2006-12-03 15:16:26.000000000 -0500 | |
26725 | @@ -10,14 +10,85 @@ | |
c3e8c1b5 | 26726 | #include <linux/mempolicy.h> |
26727 | #include <linux/syscalls.h> | |
9bdf255b | 26728 | #include <linux/vs_memory.h> |
c3e8c1b5 | 26729 | +#include <linux/grsecurity.h> |
26730 | ||
26731 | +static int __mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev, | |
26732 | + unsigned long start, unsigned long end, unsigned int newflags); | |
26733 | ||
26734 | static int mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev, | |
26735 | unsigned long start, unsigned long end, unsigned int newflags) | |
26736 | { | |
26737 | struct mm_struct * mm = vma->vm_mm; | |
26738 | - pgoff_t pgoff; | |
26739 | int pages; | |
26740 | + int ret; | |
26741 | + | |
26742 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26743 | + struct vm_area_struct * vma_m = NULL, *prev_m; | |
26744 | + unsigned long start_m = 0UL, end_m = 0UL, newflags_m = 0UL; | |
26745 | + | |
26746 | + if (vma->vm_flags & VM_MIRROR) { | |
26747 | + start_m = vma->vm_start + vma->vm_mirror; | |
26748 | + vma_m = find_vma_prev(mm, start_m, &prev_m); | |
26749 | + if (!vma_m || vma_m->vm_start != start_m || !(vma_m->vm_flags & VM_MIRROR)) { | |
26750 | + printk("PAX: VMMIRROR: mlock bug in %s, %08lx\n", current->comm, vma->vm_start); | |
26751 | + return -ENOMEM; | |
26752 | + } | |
26753 | + | |
26754 | + start_m = start + vma->vm_mirror; | |
26755 | + end_m = end + vma->vm_mirror; | |
26756 | + if (newflags & VM_LOCKED) | |
26757 | + newflags_m = vma_m->vm_flags | VM_LOCKED; | |
26758 | + else | |
26759 | + newflags_m = vma_m->vm_flags & ~VM_LOCKED; | |
26760 | + ret = __mlock_fixup(vma_m, &prev_m, start_m, end_m, newflags_m); | |
26761 | + if (ret) | |
26762 | + return ret; | |
26763 | + } | |
26764 | +#endif | |
26765 | + | |
26766 | + ret = __mlock_fixup(vma, prev, start, end, newflags); | |
26767 | + if (ret) | |
26768 | + return ret; | |
26769 | + | |
26770 | + /* | |
26771 | + * vm_flags is protected by the mmap_sem held in write mode. | |
26772 | + * It's okay if try_to_unmap_one unmaps a page just after we | |
26773 | + * set VM_LOCKED, make_pages_present below will bring it back. | |
26774 | + */ | |
26775 | + vma->vm_flags = newflags; | |
26776 | + | |
26777 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26778 | + if (vma->vm_flags & VM_MIRROR) | |
26779 | + vma_m->vm_flags = newflags_m; | |
26780 | +#endif | |
26781 | + | |
26782 | + /* | |
26783 | + * Keep track of amount of locked VM. | |
26784 | + */ | |
26785 | + pages = (end - start) >> PAGE_SHIFT; | |
26786 | + if (newflags & VM_LOCKED) { | |
26787 | + pages = -pages; | |
26788 | + if (!(newflags & VM_IO)) | |
26789 | + ret = make_pages_present(start, end); | |
26790 | + } | |
26791 | + | |
26792 | + mm->locked_vm -= pages; | |
26793 | + | |
26794 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26795 | + if (vma->vm_flags & VM_MIRROR) | |
26796 | + mm->locked_vm -= pages; | |
26797 | +#endif | |
26798 | + | |
26799 | + if (ret == -ENOMEM) | |
26800 | + ret = -EAGAIN; | |
26801 | + return ret; | |
26802 | +} | |
26803 | + | |
26804 | +static int __mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev, | |
26805 | + unsigned long start, unsigned long end, unsigned int newflags) | |
26806 | +{ | |
26807 | + struct mm_struct * mm = vma->vm_mm; | |
26808 | + pgoff_t pgoff; | |
26809 | int ret = 0; | |
26810 | ||
26811 | if (newflags == vma->vm_flags) { | |
26812 | @@ -30,7 +101,7 @@ static int mlock_fixup(struct vm_area_st | |
26813 | vma->vm_file, pgoff, vma_policy(vma)); | |
26814 | if (*prev) { | |
26815 | vma = *prev; | |
26816 | - goto success; | |
26817 | + goto out; | |
26818 | } | |
26819 | ||
26820 | *prev = vma; | |
26821 | @@ -41,31 +112,9 @@ static int mlock_fixup(struct vm_area_st | |
26822 | goto out; | |
26823 | } | |
26824 | ||
26825 | - if (end != vma->vm_end) { | |
26826 | + if (end != vma->vm_end) | |
26827 | ret = split_vma(mm, vma, end, 0); | |
26828 | - if (ret) | |
26829 | - goto out; | |
26830 | - } | |
26831 | ||
26832 | -success: | |
26833 | - /* | |
26834 | - * vm_flags is protected by the mmap_sem held in write mode. | |
26835 | - * It's okay if try_to_unmap_one unmaps a page just after we | |
26836 | - * set VM_LOCKED, make_pages_present below will bring it back. | |
26837 | - */ | |
26838 | - vma->vm_flags = newflags; | |
26839 | - | |
26840 | - /* | |
26841 | - * Keep track of amount of locked VM. | |
26842 | - */ | |
26843 | - pages = (end - start) >> PAGE_SHIFT; | |
26844 | - if (newflags & VM_LOCKED) { | |
26845 | - pages = -pages; | |
26846 | - if (!(newflags & VM_IO)) | |
26847 | - ret = make_pages_present(start, end); | |
26848 | - } | |
26849 | - | |
9bdf255b | 26850 | - vx_vmlocked_sub(vma->vm_mm, pages); |
c3e8c1b5 | 26851 | out: |
26852 | if (ret == -ENOMEM) | |
26853 | ret = -EAGAIN; | |
26854 | @@ -84,6 +133,17 @@ static int do_mlock(unsigned long start, | |
26855 | return -EINVAL; | |
26856 | if (end == start) | |
26857 | return 0; | |
26858 | + | |
26859 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26860 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
26861 | + if (end > SEGMEXEC_TASK_SIZE) | |
26862 | + return -EINVAL; | |
26863 | + } else | |
26864 | +#endif | |
26865 | + | |
26866 | + if (end > TASK_SIZE) | |
26867 | + return -EINVAL; | |
26868 | + | |
26869 | vma = find_vma_prev(current->mm, start, &prev); | |
26870 | if (!vma || vma->vm_start > start) | |
26871 | return -ENOMEM; | |
26872 | @@ -141,6 +201,7 @@ asmlinkage long sys_mlock(unsigned long | |
26873 | lock_limit >>= PAGE_SHIFT; | |
26874 | ||
26875 | /* check against resource limits */ | |
26876 | + gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1); | |
26877 | if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) | |
26878 | error = do_mlock(start, len, 1); | |
26879 | up_write(¤t->mm->mmap_sem); | |
26880 | @@ -173,6 +234,16 @@ static int do_mlockall(int flags) | |
26881 | for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { | |
26882 | unsigned int newflags; | |
26883 | ||
26884 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26885 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
26886 | + if (vma->vm_end > SEGMEXEC_TASK_SIZE) | |
26887 | + break; | |
26888 | + } else | |
26889 | +#endif | |
26890 | + | |
26891 | + if (vma->vm_end > TASK_SIZE) | |
26892 | + break; | |
26893 | + | |
26894 | newflags = vma->vm_flags | VM_LOCKED; | |
26895 | if (!(flags & MCL_CURRENT)) | |
26896 | newflags &= ~VM_LOCKED; | |
26897 | @@ -202,6 +273,7 @@ asmlinkage long sys_mlockall(int flags) | |
26898 | lock_limit >>= PAGE_SHIFT; | |
26899 | ||
26900 | ret = -ENOMEM; | |
26901 | + gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1); | |
9bdf255b | 26902 | if (!vx_vmlocked_avail(current->mm, current->mm->total_vm)) |
c3e8c1b5 | 26903 | capable(CAP_IPC_LOCK)) |
9bdf255b | 26904 | ret = do_mlockall(flags); |
c3e8c1b5 | 26905 | diff -urNp linux-2.6.19.1/mm/mmap.c linux-2.6.19.1/mm/mmap.c |
26906 | --- linux-2.6.19.1/mm/mmap.c 2006-11-29 16:57:37.000000000 -0500 | |
26907 | +++ linux-2.6.19.1/mm/mmap.c 2006-12-03 15:16:26.000000000 -0500 | |
26908 | @@ -25,6 +25,7 @@ | |
26909 | #include <linux/mount.h> | |
26910 | #include <linux/mempolicy.h> | |
26911 | #include <linux/rmap.h> | |
26912 | +#include <linux/grsecurity.h> | |
26913 | ||
26914 | #include <asm/uaccess.h> | |
26915 | #include <asm/cacheflush.h> | |
26916 | @@ -251,6 +252,7 @@ asmlinkage unsigned long sys_brk(unsigne | |
26917 | * not page aligned -Ram Gupta | |
26918 | */ | |
26919 | rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; | |
26920 | + gr_learn_resource(current, RLIMIT_DATA, brk - mm->start_data, 1); | |
26921 | if (rlim < RLIM_INFINITY && brk - mm->start_data > rlim) | |
26922 | goto out; | |
26923 | ||
26924 | @@ -639,11 +641,17 @@ again: remove_next = 1 + (end > next-> | |
26925 | * If the vma has a ->close operation then the driver probably needs to release | |
26926 | * per-vma resources, so we don't attempt to merge those. | |
26927 | */ | |
26928 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26929 | +#define VM_SPECIAL (VM_IO | VM_DONTEXPAND | VM_RESERVED | VM_PFNMAP | VM_MIRROR) | |
26930 | +#else | |
26931 | #define VM_SPECIAL (VM_IO | VM_DONTEXPAND | VM_RESERVED | VM_PFNMAP) | |
26932 | +#endif | |
26933 | ||
26934 | static inline int is_mergeable_vma(struct vm_area_struct *vma, | |
26935 | struct file *file, unsigned long vm_flags) | |
26936 | { | |
26937 | + if ((vma->vm_flags | vm_flags) & VM_SPECIAL) | |
26938 | + return 0; | |
26939 | if (vma->vm_flags != vm_flags) | |
26940 | return 0; | |
26941 | if (vma->vm_file != file) | |
26942 | @@ -868,14 +876,11 @@ none: | |
26943 | void vm_stat_account(struct mm_struct *mm, unsigned long flags, | |
26944 | struct file *file, long pages) | |
26945 | { | |
26946 | - const unsigned long stack_flags | |
26947 | - = VM_STACK_FLAGS & (VM_GROWSUP|VM_GROWSDOWN); | |
26948 | - | |
26949 | if (file) { | |
26950 | mm->shared_vm += pages; | |
26951 | if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) | |
26952 | mm->exec_vm += pages; | |
26953 | - } else if (flags & stack_flags) | |
26954 | + } else if (flags & (VM_GROWSUP|VM_GROWSDOWN)) | |
26955 | mm->stack_vm += pages; | |
26956 | if (flags & (VM_RESERVED|VM_IO)) | |
26957 | mm->reserved_vm += pages; | |
26958 | @@ -886,9 +891,54 @@ void vm_stat_account(struct mm_struct *m | |
26959 | * The caller must hold down_write(current->mm->mmap_sem). | |
26960 | */ | |
26961 | ||
26962 | +#ifdef CONFIG_PAX_SEGMEXEC | |
26963 | +static unsigned long __do_mmap_pgoff(struct file * file, unsigned long addr, | |
26964 | + unsigned long len, unsigned long prot, | |
26965 | + unsigned long flags, unsigned long pgoff); | |
26966 | + | |
26967 | +unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, | |
26968 | + unsigned long len, unsigned long prot, | |
26969 | + unsigned long flags, unsigned long pgoff) | |
26970 | +{ | |
26971 | + unsigned long ret = -EINVAL; | |
26972 | + | |
26973 | + if (flags & MAP_MIRROR) | |
26974 | + return ret; | |
26975 | + | |
26976 | + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && | |
26977 | + (len > SEGMEXEC_TASK_SIZE || (addr > SEGMEXEC_TASK_SIZE-len))) | |
26978 | + return ret; | |
26979 | + | |
26980 | + ret = __do_mmap_pgoff(file, addr, len, prot, flags, pgoff); | |
26981 | + | |
26982 | + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && ret < TASK_SIZE && ((flags & MAP_TYPE) == MAP_PRIVATE) | |
26983 | + | |
26984 | +#ifdef CONFIG_PAX_MPROTECT | |
26985 | + && (!(current->mm->pax_flags & MF_PAX_MPROTECT) || ((prot & PROT_EXEC) && file && !(prot & PROT_WRITE))) | |
26986 | +#endif | |
26987 | + | |
26988 | + ) | |
26989 | + { | |
26990 | + unsigned long ret_m; | |
26991 | + prot = prot & PROT_EXEC ? prot & ~PROT_WRITE : PROT_NONE; | |
26992 | + ret_m = __do_mmap_pgoff(NULL, ret + SEGMEXEC_TASK_SIZE, 0UL, prot, flags | MAP_MIRROR | MAP_FIXED, ret); | |
26993 | + if (ret_m >= TASK_SIZE) { | |
26994 | + do_munmap(current->mm, ret, len); | |
26995 | + ret = ret_m; | |
26996 | + } | |
26997 | + } | |
26998 | + | |
26999 | + return ret; | |
27000 | +} | |
27001 | + | |
27002 | +static unsigned long __do_mmap_pgoff(struct file * file, unsigned long addr, | |
27003 | + unsigned long len, unsigned long prot, | |
27004 | + unsigned long flags, unsigned long pgoff) | |
27005 | +#else | |
27006 | unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, | |
27007 | unsigned long len, unsigned long prot, | |
27008 | unsigned long flags, unsigned long pgoff) | |
27009 | +#endif | |
27010 | { | |
27011 | struct mm_struct * mm = current->mm; | |
27012 | struct vm_area_struct * vma, * prev; | |
27013 | @@ -900,13 +950,35 @@ unsigned long do_mmap_pgoff(struct file | |
27014 | int accountable = 1; | |
27015 | unsigned long charged = 0, reqprot = prot; | |
27016 | ||
27017 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27018 | + struct vm_area_struct * vma_m = NULL; | |
27019 | + | |
27020 | + if (flags & MAP_MIRROR) { | |
27021 | + /* PaX: sanity checks, to be removed when proved to be stable */ | |
27022 | + if (file || len || ((flags & MAP_TYPE) != MAP_PRIVATE)) | |
27023 | + return -EINVAL; | |
27024 | + | |
27025 | + vma_m = find_vma(mm, pgoff); | |
27026 | + | |
27027 | + if (!vma_m || is_vm_hugetlb_page(vma_m) || | |
27028 | + vma_m->vm_start != pgoff || | |
27029 | + (vma_m->vm_flags & VM_SPECIAL) || | |
27030 | + (prot & PROT_WRITE)) | |
27031 | + return -EINVAL; | |
27032 | + | |
27033 | + file = vma_m->vm_file; | |
27034 | + pgoff = vma_m->vm_pgoff; | |
27035 | + len = vma_m->vm_end - vma_m->vm_start; | |
27036 | + } | |
27037 | +#endif | |
27038 | + | |
27039 | /* | |
27040 | * Does the application expect PROT_READ to imply PROT_EXEC? | |
27041 | * | |
27042 | * (the exception is when the underlying filesystem is noexec | |
27043 | * mounted, in which case we dont add PROT_EXEC.) | |
27044 | */ | |
27045 | - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC)) | |
27046 | + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC)) | |
27047 | if (!(file && (file->f_vfsmnt->mnt_flags & MNT_NOEXEC))) | |
27048 | prot |= PROT_EXEC; | |
27049 | ||
27050 | @@ -933,7 +1005,7 @@ unsigned long do_mmap_pgoff(struct file | |
27051 | /* Obtain the address to map to. we verify (or select) it and ensure | |
27052 | * that it represents a valid section of the address space. | |
27053 | */ | |
27054 | - addr = get_unmapped_area(file, addr, len, pgoff, flags); | |
27055 | + addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0)); | |
27056 | if (addr & ~PAGE_MASK) | |
27057 | return addr; | |
27058 | ||
27059 | @@ -944,6 +1016,21 @@ unsigned long do_mmap_pgoff(struct file | |
27060 | vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | | |
27061 | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; | |
27062 | ||
27063 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
27064 | + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
27065 | + | |
27066 | +#ifdef CONFIG_PAX_MPROTECT | |
27067 | + if (mm->pax_flags & MF_PAX_MPROTECT) { | |
27068 | + if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC) | |
27069 | + vm_flags &= ~(VM_EXEC | VM_MAYEXEC); | |
27070 | + else | |
27071 | + vm_flags &= ~(VM_WRITE | VM_MAYWRITE); | |
27072 | + } | |
27073 | +#endif | |
27074 | + | |
27075 | + } | |
27076 | +#endif | |
27077 | + | |
27078 | if (flags & MAP_LOCKED) { | |
27079 | if (!can_do_mlock()) | |
27080 | return -EPERM; | |
27081 | @@ -956,6 +1043,7 @@ unsigned long do_mmap_pgoff(struct file | |
27082 | locked += mm->locked_vm; | |
27083 | lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; | |
27084 | lock_limit >>= PAGE_SHIFT; | |
27085 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1); | |
27086 | if (locked > lock_limit && !capable(CAP_IPC_LOCK)) | |
27087 | return -EAGAIN; | |
27088 | } | |
27089 | @@ -1013,6 +1101,11 @@ unsigned long do_mmap_pgoff(struct file | |
27090 | /* | |
27091 | * Set pgoff according to addr for anon_vma. | |
27092 | */ | |
27093 | + | |
27094 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27095 | + if (!(flags & MAP_MIRROR)) | |
27096 | +#endif | |
27097 | + | |
27098 | pgoff = addr >> PAGE_SHIFT; | |
27099 | break; | |
27100 | default: | |
27101 | @@ -1024,14 +1117,17 @@ unsigned long do_mmap_pgoff(struct file | |
27102 | if (error) | |
27103 | return error; | |
27104 | ||
27105 | + if (!gr_acl_handle_mmap(file, prot)) | |
27106 | + return -EACCES; | |
27107 | + | |
27108 | /* Clear old maps */ | |
27109 | error = -ENOMEM; | |
27110 | -munmap_back: | |
27111 | vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
27112 | if (vma && vma->vm_start < addr + len) { | |
27113 | if (do_munmap(mm, addr, len)) | |
27114 | return -ENOMEM; | |
27115 | - goto munmap_back; | |
27116 | + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
27117 | + BUG_ON(vma && vma->vm_start < addr + len); | |
27118 | } | |
27119 | ||
27120 | /* Check against address space limit. */ | |
27121 | @@ -1079,6 +1175,13 @@ munmap_back: | |
27122 | vma->vm_start = addr; | |
27123 | vma->vm_end = addr + len; | |
27124 | vma->vm_flags = vm_flags; | |
27125 | + | |
27126 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
27127 | + if ((file || !(mm->pax_flags & MF_PAX_PAGEEXEC)) && (vm_flags & (VM_READ|VM_WRITE))) | |
27128 | + vma->vm_page_prot = protection_map[(vm_flags | VM_EXEC) & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; | |
27129 | + else | |
27130 | +#endif | |
27131 | + | |
27132 | vma->vm_page_prot = protection_map[vm_flags & | |
27133 | (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; | |
27134 | vma->vm_pgoff = pgoff; | |
27135 | @@ -1104,6 +1207,14 @@ munmap_back: | |
27136 | goto free_vma; | |
27137 | } | |
27138 | ||
27139 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27140 | + if (flags & MAP_MIRROR) { | |
27141 | + vma_m->vm_flags |= VM_MIRROR; | |
27142 | + vma_m->vm_mirror = vma->vm_start - vma_m->vm_start; | |
27143 | + vma->vm_mirror = vma_m->vm_start - vma->vm_start; | |
27144 | + } | |
27145 | +#endif | |
27146 | + | |
27147 | /* We set VM_ACCOUNT in a shared mapping's vm_flags, to inform | |
27148 | * shmem_zero_setup (perhaps called through /dev/zero's ->mmap) | |
27149 | * that memory reservation must be checked; but that reservation | |
27150 | @@ -1121,9 +1232,17 @@ munmap_back: | |
27151 | pgoff = vma->vm_pgoff; | |
27152 | vm_flags = vma->vm_flags; | |
27153 | ||
27154 | - if (vma_wants_writenotify(vma)) | |
27155 | + if (vma_wants_writenotify(vma)) { | |
27156 | + | |
27157 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
27158 | + if ((file || !(mm->pax_flags & MF_PAX_PAGEEXEC)) && (vm_flags & (VM_READ|VM_WRITE))) | |
27159 | + vma->vm_page_prot = protection_map[(vm_flags | VM_EXEC) & (VM_READ|VM_WRITE|VM_EXEC)]; | |
27160 | + else | |
27161 | +#endif | |
27162 | + | |
27163 | vma->vm_page_prot = | |
27164 | protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC)]; | |
27165 | + } | |
27166 | ||
27167 | if (!file || !vma_merge(mm, prev, addr, vma->vm_end, | |
27168 | vma->vm_flags, NULL, file, pgoff, vma_policy(vma))) { | |
27169 | @@ -1143,6 +1262,7 @@ munmap_back: | |
27170 | out: | |
27171 | mm->total_vm += len >> PAGE_SHIFT; | |
27172 | vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); | |
27173 | + track_exec_limit(mm, addr, addr + len, vm_flags); | |
27174 | if (vm_flags & VM_LOCKED) { | |
27175 | mm->locked_vm += len >> PAGE_SHIFT; | |
27176 | make_pages_present(addr, addr + len); | |
27177 | @@ -1197,6 +1317,10 @@ arch_get_unmapped_area(struct file *filp | |
27178 | if (len > TASK_SIZE) | |
27179 | return -ENOMEM; | |
27180 | ||
27181 | +#ifdef CONFIG_PAX_RANDMMAP | |
27182 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
27183 | +#endif | |
27184 | + | |
27185 | if (addr) { | |
27186 | addr = PAGE_ALIGN(addr); | |
27187 | vma = find_vma(mm, addr); | |
27188 | @@ -1207,7 +1331,7 @@ arch_get_unmapped_area(struct file *filp | |
27189 | if (len > mm->cached_hole_size) { | |
27190 | start_addr = addr = mm->free_area_cache; | |
27191 | } else { | |
27192 | - start_addr = addr = TASK_UNMAPPED_BASE; | |
27193 | + start_addr = addr = mm->mmap_base; | |
27194 | mm->cached_hole_size = 0; | |
27195 | } | |
27196 | ||
27197 | @@ -1219,9 +1343,8 @@ full_search: | |
27198 | * Start a new search - just in case we missed | |
27199 | * some holes. | |
27200 | */ | |
27201 | - if (start_addr != TASK_UNMAPPED_BASE) { | |
27202 | - addr = TASK_UNMAPPED_BASE; | |
27203 | - start_addr = addr; | |
27204 | + if (start_addr != mm->mmap_base) { | |
27205 | + start_addr = addr = mm->mmap_base; | |
27206 | mm->cached_hole_size = 0; | |
27207 | goto full_search; | |
27208 | } | |
27209 | @@ -1246,7 +1369,7 @@ void arch_unmap_area(struct mm_struct *m | |
27210 | /* | |
27211 | * Is this a new hole at the lowest possible address? | |
27212 | */ | |
27213 | - if (addr >= TASK_UNMAPPED_BASE && addr < mm->free_area_cache) { | |
27214 | + if (addr >= mm->mmap_base && addr < mm->free_area_cache) { | |
27215 | mm->free_area_cache = addr; | |
27216 | mm->cached_hole_size = ~0UL; | |
27217 | } | |
27218 | @@ -1264,12 +1387,16 @@ arch_get_unmapped_area_topdown(struct fi | |
27219 | { | |
27220 | struct vm_area_struct *vma; | |
27221 | struct mm_struct *mm = current->mm; | |
27222 | - unsigned long addr = addr0; | |
27223 | + unsigned long base = mm->mmap_base, addr = addr0; | |
27224 | ||
27225 | /* requested length too big for entire address space */ | |
27226 | if (len > TASK_SIZE) | |
27227 | return -ENOMEM; | |
27228 | ||
27229 | +#ifdef CONFIG_PAX_RANDMMAP | |
27230 | + if (!(mm->pax_flags & MF_PAX_RANDMMAP)) | |
27231 | +#endif | |
27232 | + | |
27233 | /* requesting a specific address */ | |
27234 | if (addr) { | |
27235 | addr = PAGE_ALIGN(addr); | |
27236 | @@ -1327,13 +1454,21 @@ bottomup: | |
27237 | * can happen with large stack limits and large mmap() | |
27238 | * allocations. | |
27239 | */ | |
27240 | + mm->mmap_base = TASK_UNMAPPED_BASE; | |
27241 | + | |
27242 | +#ifdef CONFIG_PAX_RANDMMAP | |
27243 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | |
27244 | + mm->mmap_base += mm->delta_mmap; | |
27245 | +#endif | |
27246 | + | |
27247 | + mm->free_area_cache = mm->mmap_base; | |
27248 | mm->cached_hole_size = ~0UL; | |
27249 | - mm->free_area_cache = TASK_UNMAPPED_BASE; | |
27250 | addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | |
27251 | /* | |
27252 | * Restore the topdown base: | |
27253 | */ | |
27254 | - mm->free_area_cache = mm->mmap_base; | |
27255 | + mm->mmap_base = base; | |
27256 | + mm->free_area_cache = base; | |
27257 | mm->cached_hole_size = ~0UL; | |
27258 | ||
27259 | return addr; | |
27260 | @@ -1349,8 +1484,10 @@ void arch_unmap_area_topdown(struct mm_s | |
27261 | mm->free_area_cache = addr; | |
27262 | ||
27263 | /* dont allow allocations above current base */ | |
27264 | - if (mm->free_area_cache > mm->mmap_base) | |
27265 | + if (mm->free_area_cache > mm->mmap_base) { | |
27266 | mm->free_area_cache = mm->mmap_base; | |
27267 | + mm->cached_hole_size = ~0UL; | |
27268 | + } | |
27269 | } | |
27270 | ||
27271 | unsigned long | |
27272 | @@ -1483,6 +1620,7 @@ static int acct_stack_growth(struct vm_a | |
27273 | return -ENOMEM; | |
27274 | ||
27275 | /* Stack limit test */ | |
27276 | + gr_learn_resource(current, RLIMIT_STACK, size, 1); | |
27277 | if (size > rlim[RLIMIT_STACK].rlim_cur) | |
27278 | return -ENOMEM; | |
27279 | ||
27280 | @@ -1492,6 +1630,7 @@ static int acct_stack_growth(struct vm_a | |
27281 | unsigned long limit; | |
27282 | locked = mm->locked_vm + grow; | |
27283 | limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT; | |
27284 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1); | |
27285 | if (locked > limit && !capable(CAP_IPC_LOCK)) | |
27286 | return -ENOMEM; | |
27287 | } | |
27288 | @@ -1609,13 +1748,49 @@ int expand_stack(struct vm_area_struct * | |
27289 | if (address < vma->vm_start) { | |
27290 | unsigned long size, grow; | |
27291 | ||
27292 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27293 | + struct vm_area_struct *vma_m = NULL; | |
27294 | + unsigned long address_m = 0UL; | |
27295 | + | |
27296 | + if (vma->vm_flags & VM_MIRROR) { | |
27297 | + address_m = vma->vm_start + vma->vm_mirror; | |
27298 | + vma_m = find_vma(vma->vm_mm, address_m); | |
27299 | + if (!vma_m || vma_m->vm_start != address_m || | |
27300 | + !(vma_m->vm_flags & VM_MIRROR) || | |
27301 | + vma->vm_end - vma->vm_start != | |
27302 | + vma_m->vm_end - vma_m->vm_start || | |
27303 | + vma->anon_vma != vma_m->anon_vma) { | |
27304 | + printk(KERN_ERR "PAX: VMMIRROR: expand bug, %08lx, %08lx, %08lx, %08lx, %08lx\n", | |
27305 | + address, vma->vm_start, vma_m->vm_start, vma->vm_end, vma_m->vm_end); | |
27306 | + anon_vma_unlock(vma); | |
27307 | + return -EFAULT; | |
27308 | + } | |
27309 | + address_m = address + vma->vm_mirror; | |
27310 | + } | |
27311 | +#endif | |
27312 | + | |
27313 | size = vma->vm_end - address; | |
27314 | grow = (vma->vm_start - address) >> PAGE_SHIFT; | |
27315 | ||
27316 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27317 | + if (vma_m) | |
27318 | + error = acct_stack_growth(vma, size, 2*grow); | |
27319 | + else | |
27320 | +#endif | |
27321 | + | |
27322 | error = acct_stack_growth(vma, size, grow); | |
27323 | if (!error) { | |
27324 | vma->vm_start = address; | |
27325 | vma->vm_pgoff -= grow; | |
27326 | + track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags); | |
27327 | + | |
27328 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27329 | + if (vma_m) { | |
27330 | + vma_m->vm_start = address_m; | |
27331 | + vma_m->vm_pgoff -= grow; | |
27332 | + } | |
27333 | +#endif | |
27334 | + | |
27335 | } | |
27336 | } | |
27337 | anon_vma_unlock(vma); | |
27338 | @@ -1777,8 +1952,25 @@ int split_vma(struct mm_struct * mm, str | |
27339 | * work. This now handles partial unmappings. | |
27340 | * Jeremy Fitzhardinge <jeremy@goop.org> | |
27341 | */ | |
27342 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27343 | +static int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len); | |
27344 | + | |
27345 | int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | |
27346 | { | |
27347 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) { | |
27348 | + int ret = __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len); | |
27349 | + if (ret) | |
27350 | + return ret; | |
27351 | + } | |
27352 | + | |
27353 | + return __do_munmap(mm, start, len); | |
27354 | +} | |
27355 | + | |
27356 | +static int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | |
27357 | +#else | |
27358 | +int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | |
27359 | +#endif | |
27360 | +{ | |
27361 | unsigned long end; | |
27362 | struct vm_area_struct *vma, *prev, *last; | |
27363 | ||
27364 | @@ -1831,6 +2023,8 @@ int do_munmap(struct mm_struct *mm, unsi | |
27365 | /* Fix up all other VM information */ | |
27366 | remove_vma_list(mm, vma); | |
27367 | ||
27368 | + track_exec_limit(mm, start, end, 0UL); | |
27369 | + | |
27370 | return 0; | |
27371 | } | |
27372 | ||
27373 | @@ -1843,6 +2037,12 @@ asmlinkage long sys_munmap(unsigned long | |
27374 | ||
27375 | profile_munmap(addr); | |
27376 | ||
27377 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27378 | + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && | |
27379 | + (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len)) | |
27380 | + return -EINVAL; | |
27381 | +#endif | |
27382 | + | |
27383 | down_write(&mm->mmap_sem); | |
27384 | ret = do_munmap(mm, addr, len); | |
27385 | up_write(&mm->mmap_sem); | |
27386 | @@ -1864,11 +2064,35 @@ static inline void verify_mm_writelocked | |
27387 | * anonymous maps. eventually we may be able to do some | |
27388 | * brk-specific accounting here. | |
27389 | */ | |
27390 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27391 | +static unsigned long __do_brk(unsigned long addr, unsigned long len); | |
27392 | + | |
27393 | unsigned long do_brk(unsigned long addr, unsigned long len) | |
27394 | { | |
27395 | + unsigned long ret; | |
27396 | + | |
27397 | + ret = __do_brk(addr, len); | |
27398 | + if (ret == addr && (current->mm->pax_flags & (MF_PAX_SEGMEXEC | MF_PAX_MPROTECT)) == MF_PAX_SEGMEXEC) { | |
27399 | + unsigned long ret_m; | |
27400 | + | |
27401 | + ret_m = __do_mmap_pgoff(NULL, addr + SEGMEXEC_TASK_SIZE, 0UL, PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_MIRROR, addr); | |
27402 | + if (ret_m > TASK_SIZE) { | |
27403 | + do_munmap(current->mm, addr, len); | |
27404 | + ret = ret_m; | |
27405 | + } | |
27406 | + } | |
27407 | + | |
27408 | + return ret; | |
27409 | +} | |
27410 | + | |
27411 | +static unsigned long __do_brk(unsigned long addr, unsigned long len) | |
27412 | +#else | |
27413 | +unsigned long do_brk(unsigned long addr, unsigned long len) | |
27414 | +#endif | |
27415 | +{ | |
27416 | struct mm_struct * mm = current->mm; | |
27417 | struct vm_area_struct * vma, * prev; | |
27418 | - unsigned long flags; | |
27419 | + unsigned long flags, task_size = TASK_SIZE; | |
27420 | struct rb_node ** rb_link, * rb_parent; | |
27421 | pgoff_t pgoff = addr >> PAGE_SHIFT; | |
27422 | int error; | |
27423 | @@ -1877,7 +2101,12 @@ unsigned long do_brk(unsigned long addr, | |
27424 | if (!len) | |
27425 | return addr; | |
27426 | ||
27427 | - if ((addr + len) > TASK_SIZE || (addr + len) < addr) | |
27428 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27429 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | |
27430 | + task_size = SEGMEXEC_TASK_SIZE; | |
27431 | +#endif | |
27432 | + | |
27433 | + if ((addr + len) > task_size || (addr + len) < addr) | |
27434 | return -EINVAL; | |
27435 | ||
27436 | if (is_hugepage_only_range(mm, addr, len)) | |
27437 | @@ -1885,6 +2114,18 @@ unsigned long do_brk(unsigned long addr, | |
27438 | ||
27439 | flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; | |
27440 | ||
27441 | +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) | |
27442 | + if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { | |
27443 | + flags &= ~VM_EXEC; | |
27444 | + | |
27445 | +#ifdef CONFIG_PAX_MPROTECT | |
27446 | + if (mm->pax_flags & MF_PAX_MPROTECT) | |
27447 | + flags &= ~VM_MAYEXEC; | |
27448 | +#endif | |
27449 | + | |
27450 | + } | |
27451 | +#endif | |
27452 | + | |
27453 | error = arch_mmap_check(addr, len, flags); | |
27454 | if (error) | |
27455 | return error; | |
27456 | @@ -1898,6 +2139,7 @@ unsigned long do_brk(unsigned long addr, | |
27457 | locked += mm->locked_vm; | |
27458 | lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur; | |
27459 | lock_limit >>= PAGE_SHIFT; | |
27460 | + gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1); | |
27461 | if (locked > lock_limit && !capable(CAP_IPC_LOCK)) | |
27462 | return -EAGAIN; | |
27463 | } | |
27464 | @@ -1911,12 +2153,12 @@ unsigned long do_brk(unsigned long addr, | |
27465 | /* | |
27466 | * Clear old maps. this also does some error checking for us | |
27467 | */ | |
27468 | - munmap_back: | |
27469 | vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
27470 | if (vma && vma->vm_start < addr + len) { | |
27471 | if (do_munmap(mm, addr, len)) | |
27472 | return -ENOMEM; | |
27473 | - goto munmap_back; | |
27474 | + vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); | |
27475 | + BUG_ON(vma && vma->vm_start < addr + len); | |
27476 | } | |
27477 | ||
27478 | /* Check against address space limits *after* clearing old maps... */ | |
27479 | @@ -1948,6 +2190,13 @@ unsigned long do_brk(unsigned long addr, | |
27480 | vma->vm_end = addr + len; | |
27481 | vma->vm_pgoff = pgoff; | |
27482 | vma->vm_flags = flags; | |
27483 | + | |
27484 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
27485 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC)) | |
27486 | + vma->vm_page_prot = protection_map[(flags | VM_EXEC) & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; | |
27487 | + else | |
27488 | +#endif | |
27489 | + | |
27490 | vma->vm_page_prot = protection_map[flags & | |
27491 | (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; | |
27492 | vma_link(mm, vma, prev, rb_link, rb_parent); | |
27493 | @@ -1957,6 +2206,7 @@ out: | |
27494 | mm->locked_vm += len >> PAGE_SHIFT; | |
27495 | make_pages_present(addr, addr + len); | |
27496 | } | |
27497 | + track_exec_limit(mm, addr, addr + len, flags); | |
27498 | return addr; | |
27499 | } | |
27500 | ||
27501 | @@ -2089,7 +2339,7 @@ int may_expand_vm(struct mm_struct *mm, | |
27502 | unsigned long lim; | |
27503 | ||
27504 | lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT; | |
27505 | - | |
27506 | + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); | |
27507 | if (cur + npages > lim) | |
27508 | return 0; | |
27509 | return 1; | |
27510 | diff -urNp linux-2.6.19.1/mm/mprotect.c linux-2.6.19.1/mm/mprotect.c | |
27511 | --- linux-2.6.19.1/mm/mprotect.c 2006-11-29 16:57:37.000000000 -0500 | |
27512 | +++ linux-2.6.19.1/mm/mprotect.c 2006-12-03 15:16:26.000000000 -0500 | |
27513 | @@ -21,10 +21,17 @@ | |
27514 | #include <linux/syscalls.h> | |
27515 | #include <linux/swap.h> | |
27516 | #include <linux/swapops.h> | |
27517 | +#include <linux/grsecurity.h> | |
27518 | + | |
27519 | +#ifdef CONFIG_PAX_MPROTECT | |
27520 | +#include <linux/elf.h> | |
27521 | +#endif | |
27522 | + | |
27523 | #include <asm/uaccess.h> | |
27524 | #include <asm/pgtable.h> | |
27525 | #include <asm/cacheflush.h> | |
27526 | #include <asm/tlbflush.h> | |
27527 | +#include <asm/mmu_context.h> | |
27528 | ||
27529 | static void change_pte_range(struct mm_struct *mm, pmd_t *pmd, | |
27530 | unsigned long addr, unsigned long end, pgprot_t newprot, | |
27531 | @@ -128,6 +135,94 @@ static void change_protection(struct vm_ | |
27532 | flush_tlb_range(vma, start, end); | |
27533 | } | |
27534 | ||
27535 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
27536 | +/* called while holding the mmap semaphor for writing */ | |
27537 | +static inline void establish_user_cs_limit(struct mm_struct *mm, unsigned long start, unsigned long end) | |
27538 | +{ | |
27539 | + struct vm_area_struct *vma = find_vma(mm, start); | |
27540 | + | |
27541 | + for (; vma && vma->vm_start < end; vma = vma->vm_next) | |
27542 | + change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma)); | |
27543 | + | |
27544 | +} | |
27545 | + | |
27546 | +void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) | |
27547 | +{ | |
27548 | + unsigned long oldlimit, newlimit = 0UL; | |
27549 | + | |
27550 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC)) | |
27551 | + return; | |
27552 | + | |
27553 | + spin_lock(&mm->page_table_lock); | |
27554 | + oldlimit = mm->context.user_cs_limit; | |
27555 | + if ((prot & VM_EXEC) && oldlimit < end) | |
27556 | + /* USER_CS limit moved up */ | |
27557 | + newlimit = end; | |
27558 | + else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end) | |
27559 | + /* USER_CS limit moved down */ | |
27560 | + newlimit = start; | |
27561 | + | |
27562 | + if (newlimit) { | |
27563 | + mm->context.user_cs_limit = newlimit; | |
27564 | + | |
27565 | +#ifdef CONFIG_SMP | |
27566 | + wmb(); | |
27567 | + cpus_clear(mm->context.cpu_user_cs_mask); | |
27568 | + cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask); | |
27569 | +#endif | |
27570 | + | |
27571 | + set_user_cs(mm, smp_processor_id()); | |
27572 | + } | |
27573 | + spin_unlock(&mm->page_table_lock); | |
27574 | + if (newlimit == end) | |
27575 | + establish_user_cs_limit(mm, oldlimit, end); | |
27576 | +} | |
27577 | +#endif | |
27578 | + | |
27579 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27580 | +static int __mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, | |
27581 | + unsigned long start, unsigned long end, unsigned int newflags); | |
27582 | + | |
27583 | +static int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, | |
27584 | + unsigned long start, unsigned long end, unsigned int newflags) | |
27585 | +{ | |
27586 | + if (vma->vm_flags & VM_MIRROR) { | |
27587 | + struct vm_area_struct * vma_m, * prev_m; | |
27588 | + unsigned long start_m, end_m; | |
27589 | + int error; | |
27590 | + | |
27591 | + start_m = vma->vm_start + vma->vm_mirror; | |
27592 | + vma_m = find_vma_prev(vma->vm_mm, start_m, &prev_m); | |
27593 | + if (vma_m && vma_m->vm_start == start_m && (vma_m->vm_flags & VM_MIRROR)) { | |
27594 | + start_m = start + vma->vm_mirror; | |
27595 | + end_m = end + vma->vm_mirror; | |
27596 | + | |
27597 | + if (vma_m->vm_start >= SEGMEXEC_TASK_SIZE && !(newflags & VM_EXEC)) | |
27598 | + error = __mprotect_fixup(vma_m, &prev_m, start_m, end_m, vma_m->vm_flags & ~(VM_READ | VM_WRITE | VM_EXEC)); | |
27599 | + else | |
27600 | + error = __mprotect_fixup(vma_m, &prev_m, start_m, end_m, newflags); | |
27601 | + if (error) | |
27602 | + return error; | |
27603 | + } else { | |
27604 | + printk("PAX: VMMIRROR: mprotect bug in %s, %08lx\n", current->comm, vma->vm_start); | |
27605 | + return -ENOMEM; | |
27606 | + } | |
27607 | + } | |
27608 | + | |
27609 | + return __mprotect_fixup(vma, pprev, start, end, newflags); | |
27610 | +} | |
27611 | + | |
27612 | +static int __mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, | |
27613 | + unsigned long start, unsigned long end, unsigned int newflags) | |
27614 | +{ | |
27615 | + struct mm_struct * mm = vma->vm_mm; | |
27616 | + unsigned long oldflags = vma->vm_flags; | |
27617 | + long nrpages = (end - start) >> PAGE_SHIFT; | |
27618 | + unsigned long charged = 0; | |
27619 | + pgoff_t pgoff; | |
27620 | + int error; | |
27621 | + int dirty_accountable = 0; | |
27622 | +#else | |
27623 | static int | |
27624 | mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, | |
27625 | unsigned long start, unsigned long end, unsigned long newflags) | |
27626 | @@ -144,6 +239,7 @@ mprotect_fixup(struct vm_area_struct *vm | |
27627 | *pprev = vma; | |
27628 | return 0; | |
27629 | } | |
27630 | +#endif | |
27631 | ||
27632 | /* | |
27633 | * If we make a private mapping writable we increase our commit; | |
27634 | @@ -193,12 +289,29 @@ success: | |
27635 | * held in write mode. | |
27636 | */ | |
27637 | vma->vm_flags = newflags; | |
27638 | - vma->vm_page_prot = protection_map[newflags & | |
27639 | - (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; | |
27640 | if (vma_wants_writenotify(vma)) { | |
27641 | + | |
27642 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
27643 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) && (newflags & (VM_READ|VM_WRITE))) | |
27644 | + vma->vm_page_prot = protection_map[(newflags | VM_EXEC) & | |
27645 | + (VM_READ|VM_WRITE|VM_EXEC)]; | |
27646 | + else | |
27647 | +#endif | |
27648 | + | |
27649 | vma->vm_page_prot = protection_map[newflags & | |
27650 | (VM_READ|VM_WRITE|VM_EXEC)]; | |
27651 | dirty_accountable = 1; | |
27652 | + } else { | |
27653 | + | |
27654 | +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) | |
27655 | + if (!(mm->pax_flags & MF_PAX_PAGEEXEC) && (newflags & (VM_READ|VM_WRITE))) | |
27656 | + vma->vm_page_prot = protection_map[(newflags | VM_EXEC) & | |
27657 | + (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; | |
27658 | + else | |
27659 | +#endif | |
27660 | + | |
27661 | + vma->vm_page_prot = protection_map[newflags & | |
27662 | + (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]; | |
27663 | } | |
27664 | ||
27665 | if (is_vm_hugetlb_page(vma)) | |
27666 | @@ -214,6 +327,69 @@ fail: | |
27667 | return error; | |
27668 | } | |
27669 | ||
27670 | +#ifdef CONFIG_PAX_MPROTECT | |
27671 | +/* PaX: non-PIC ELF libraries need relocations on their executable segments | |
27672 | + * therefore we'll grant them VM_MAYWRITE once during their life. | |
27673 | + * | |
27674 | + * The checks favour ld-linux.so behaviour which operates on a per ELF segment | |
27675 | + * basis because we want to allow the common case and not the special ones. | |
27676 | + */ | |
27677 | +static inline void pax_handle_maywrite(struct vm_area_struct * vma, unsigned long start) | |
27678 | +{ | |
27679 | + struct elfhdr elf_h; | |
27680 | + struct elf_phdr elf_p, p_dyn; | |
27681 | + elf_dyn dyn; | |
27682 | + unsigned long i, j = 65536UL / sizeof(struct elf_phdr); | |
27683 | + | |
27684 | +#ifndef CONFIG_PAX_NOELFRELOCS | |
27685 | + if ((vma->vm_start != start) || | |
27686 | + !vma->vm_file || | |
27687 | + !(vma->vm_flags & VM_MAYEXEC) || | |
27688 | + (vma->vm_flags & VM_MAYNOTWRITE)) | |
27689 | +#endif | |
27690 | + | |
27691 | + return; | |
27692 | + | |
27693 | + if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char*)&elf_h, sizeof(elf_h)) || | |
27694 | + memcmp(elf_h.e_ident, ELFMAG, SELFMAG) || | |
27695 | + | |
27696 | +#ifdef CONFIG_PAX_ETEXECRELOCS | |
27697 | + (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC) || | |
27698 | +#else | |
27699 | + elf_h.e_type != ET_DYN || | |
27700 | +#endif | |
27701 | + | |
27702 | + !elf_check_arch(&elf_h) || | |
27703 | + elf_h.e_phentsize != sizeof(struct elf_phdr) || | |
27704 | + elf_h.e_phnum > j) | |
27705 | + return; | |
27706 | + | |
27707 | + for (i = 0UL; i < elf_h.e_phnum; i++) { | |
27708 | + if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char*)&elf_p, sizeof(elf_p))) | |
27709 | + return; | |
27710 | + if (elf_p.p_type == PT_DYNAMIC) { | |
27711 | + p_dyn = elf_p; | |
27712 | + j = i; | |
27713 | + } | |
27714 | + } | |
27715 | + if (elf_h.e_phnum <= j) | |
27716 | + return; | |
27717 | + | |
27718 | + i = 0UL; | |
27719 | + do { | |
27720 | + if (sizeof(dyn) != kernel_read(vma->vm_file, p_dyn.p_offset + i*sizeof(dyn), (char*)&dyn, sizeof(dyn))) | |
27721 | + return; | |
27722 | + if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) { | |
27723 | + vma->vm_flags |= VM_MAYWRITE | VM_MAYNOTWRITE; | |
27724 | + gr_log_textrel(vma); | |
27725 | + return; | |
27726 | + } | |
27727 | + i++; | |
27728 | + } while (dyn.d_tag != DT_NULL); | |
27729 | + return; | |
27730 | +} | |
27731 | +#endif | |
27732 | + | |
27733 | asmlinkage long | |
27734 | sys_mprotect(unsigned long start, size_t len, unsigned long prot) | |
27735 | { | |
27736 | @@ -233,6 +409,17 @@ sys_mprotect(unsigned long start, size_t | |
27737 | end = start + len; | |
27738 | if (end <= start) | |
27739 | return -ENOMEM; | |
27740 | + | |
27741 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27742 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) { | |
27743 | + if (end > SEGMEXEC_TASK_SIZE) | |
27744 | + return -EINVAL; | |
27745 | + } else | |
27746 | +#endif | |
27747 | + | |
27748 | + if (end > TASK_SIZE) | |
27749 | + return -EINVAL; | |
27750 | + | |
27751 | if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM)) | |
27752 | return -EINVAL; | |
27753 | ||
27754 | @@ -240,7 +427,7 @@ sys_mprotect(unsigned long start, size_t | |
27755 | /* | |
27756 | * Does the application expect PROT_READ to imply PROT_EXEC: | |
27757 | */ | |
27758 | - if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC)) | |
27759 | + if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC)) | |
27760 | prot |= PROT_EXEC; | |
27761 | ||
27762 | vm_flags = calc_vm_prot_bits(prot); | |
27763 | @@ -272,6 +459,16 @@ sys_mprotect(unsigned long start, size_t | |
27764 | if (start > vma->vm_start) | |
27765 | prev = vma; | |
27766 | ||
27767 | + if (!gr_acl_handle_mprotect(vma->vm_file, prot)) { | |
27768 | + error = -EACCES; | |
27769 | + goto out; | |
27770 | + } | |
27771 | + | |
27772 | +#ifdef CONFIG_PAX_MPROTECT | |
27773 | + if ((vma->vm_mm->pax_flags & MF_PAX_MPROTECT) && (prot & PROT_WRITE)) | |
27774 | + pax_handle_maywrite(vma, start); | |
27775 | +#endif | |
27776 | + | |
27777 | for (nstart = start ; ; ) { | |
27778 | unsigned long newflags; | |
27779 | ||
27780 | @@ -285,6 +482,12 @@ sys_mprotect(unsigned long start, size_t | |
27781 | goto out; | |
27782 | } | |
27783 | ||
27784 | +#ifdef CONFIG_PAX_MPROTECT | |
27785 | + /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */ | |
27786 | + if ((vma->vm_mm->pax_flags & MF_PAX_MPROTECT) && !(prot & PROT_WRITE) && (vma->vm_flags & VM_MAYNOTWRITE)) | |
27787 | + newflags &= ~VM_MAYWRITE; | |
27788 | +#endif | |
27789 | + | |
27790 | error = security_file_mprotect(vma, reqprot, prot); | |
27791 | if (error) | |
27792 | goto out; | |
27793 | @@ -308,6 +511,9 @@ sys_mprotect(unsigned long start, size_t | |
27794 | goto out; | |
27795 | } | |
27796 | } | |
27797 | + | |
27798 | + track_exec_limit(current->mm, start, end, vm_flags); | |
27799 | + | |
27800 | out: | |
27801 | up_write(¤t->mm->mmap_sem); | |
27802 | return error; | |
27803 | diff -urNp linux-2.6.19.1/mm/mremap.c linux-2.6.19.1/mm/mremap.c | |
27804 | --- linux-2.6.19.1/mm/mremap.c 2006-11-29 16:57:37.000000000 -0500 | |
27805 | +++ linux-2.6.19.1/mm/mremap.c 2006-12-03 15:16:26.000000000 -0500 | |
27806 | @@ -107,6 +107,12 @@ static void move_ptes(struct vm_area_str | |
27807 | pte = ptep_clear_flush(vma, old_addr, old_pte); | |
27808 | /* ZERO_PAGE can be dependant on virtual addr */ | |
27809 | pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); | |
27810 | + | |
27811 | +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT | |
27812 | + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_EXEC)) | |
27813 | + pte_exprotect(pte); | |
27814 | +#endif | |
27815 | + | |
27816 | set_pte_at(mm, new_addr, new_pte, pte); | |
27817 | } | |
27818 | ||
27819 | @@ -255,6 +261,7 @@ unsigned long do_mremap(unsigned long ad | |
27820 | struct vm_area_struct *vma; | |
27821 | unsigned long ret = -EINVAL; | |
27822 | unsigned long charged = 0; | |
27823 | + unsigned long task_size = TASK_SIZE; | |
27824 | ||
27825 | if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) | |
27826 | goto out; | |
27827 | @@ -273,6 +280,15 @@ unsigned long do_mremap(unsigned long ad | |
27828 | if (!new_len) | |
27829 | goto out; | |
27830 | ||
27831 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27832 | + if (current->mm->pax_flags & MF_PAX_SEGMEXEC) | |
27833 | + task_size = SEGMEXEC_TASK_SIZE; | |
27834 | +#endif | |
27835 | + | |
27836 | + if (new_len > task_size || addr > task_size-new_len || | |
27837 | + old_len > task_size || addr > task_size-old_len) | |
27838 | + goto out; | |
27839 | + | |
27840 | /* new_addr is only valid if MREMAP_FIXED is specified */ | |
27841 | if (flags & MREMAP_FIXED) { | |
27842 | if (new_addr & ~PAGE_MASK) | |
27843 | @@ -280,16 +296,13 @@ unsigned long do_mremap(unsigned long ad | |
27844 | if (!(flags & MREMAP_MAYMOVE)) | |
27845 | goto out; | |
27846 | ||
27847 | - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) | |
27848 | + if (new_addr > task_size - new_len) | |
27849 | goto out; | |
27850 | ||
27851 | /* Check if the location we're moving into overlaps the | |
27852 | * old location at all, and fail if it does. | |
27853 | */ | |
27854 | - if ((new_addr <= addr) && (new_addr+new_len) > addr) | |
27855 | - goto out; | |
27856 | - | |
27857 | - if ((addr <= new_addr) && (addr+old_len) > new_addr) | |
27858 | + if (addr + old_len > new_addr && new_addr + new_len > addr) | |
27859 | goto out; | |
27860 | ||
27861 | ret = do_munmap(mm, new_addr, new_len); | |
27862 | @@ -323,6 +336,14 @@ unsigned long do_mremap(unsigned long ad | |
27863 | ret = -EINVAL; | |
27864 | goto out; | |
27865 | } | |
27866 | + | |
27867 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27868 | + if (vma->vm_flags & VM_MIRROR) { | |
27869 | + ret = -EINVAL; | |
27870 | + goto out; | |
27871 | + } | |
27872 | +#endif | |
27873 | + | |
27874 | /* We can't remap across vm area boundaries */ | |
27875 | if (old_len > vma->vm_end - addr) | |
27876 | goto out; | |
27877 | @@ -356,7 +377,7 @@ unsigned long do_mremap(unsigned long ad | |
27878 | if (old_len == vma->vm_end - addr && | |
27879 | !((flags & MREMAP_FIXED) && (addr != new_addr)) && | |
27880 | (old_len != new_len || !(flags & MREMAP_MAYMOVE))) { | |
27881 | - unsigned long max_addr = TASK_SIZE; | |
27882 | + unsigned long max_addr = task_size; | |
27883 | if (vma->vm_next) | |
27884 | max_addr = vma->vm_next->vm_start; | |
27885 | /* can we just expand the current mapping? */ | |
27886 | @@ -374,6 +395,7 @@ unsigned long do_mremap(unsigned long ad | |
27887 | addr + new_len); | |
27888 | } | |
27889 | ret = addr; | |
27890 | + track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags); | |
27891 | goto out; | |
27892 | } | |
27893 | } | |
27894 | @@ -384,8 +406,8 @@ unsigned long do_mremap(unsigned long ad | |
27895 | */ | |
27896 | ret = -ENOMEM; | |
27897 | if (flags & MREMAP_MAYMOVE) { | |
27898 | + unsigned long map_flags = 0; | |
27899 | if (!(flags & MREMAP_FIXED)) { | |
27900 | - unsigned long map_flags = 0; | |
27901 | if (vma->vm_flags & VM_MAYSHARE) | |
27902 | map_flags |= MAP_SHARED; | |
27903 | ||
27904 | @@ -395,7 +417,12 @@ unsigned long do_mremap(unsigned long ad | |
27905 | if (new_addr & ~PAGE_MASK) | |
27906 | goto out; | |
27907 | } | |
27908 | + map_flags = vma->vm_flags; | |
27909 | ret = move_vma(vma, addr, old_len, new_len, new_addr); | |
27910 | + if (!(ret & ~PAGE_MASK)) { | |
27911 | + track_exec_limit(current->mm, addr, addr + old_len, 0UL); | |
27912 | + track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags); | |
27913 | + } | |
27914 | } | |
27915 | out: | |
27916 | if (ret & ~PAGE_MASK) | |
27917 | diff -urNp linux-2.6.19.1/mm/page_alloc.c linux-2.6.19.1/mm/page_alloc.c | |
27918 | --- linux-2.6.19.1/mm/page_alloc.c 2006-11-29 16:57:37.000000000 -0500 | |
27919 | +++ linux-2.6.19.1/mm/page_alloc.c 2006-12-03 15:16:26.000000000 -0500 | |
27920 | @@ -390,7 +390,7 @@ static inline int page_is_buddy(struct p | |
27921 | static inline void __free_one_page(struct page *page, | |
27922 | struct zone *zone, unsigned int order) | |
27923 | { | |
27924 | - unsigned long page_idx; | |
27925 | + unsigned long page_idx, index; | |
27926 | int order_size = 1 << order; | |
27927 | ||
27928 | if (unlikely(PageCompound(page))) | |
27929 | @@ -401,6 +401,11 @@ static inline void __free_one_page(struc | |
27930 | VM_BUG_ON(page_idx & (order_size - 1)); | |
27931 | VM_BUG_ON(bad_range(zone, page)); | |
27932 | ||
27933 | +#ifdef CONFIG_PAX_MEMORY_SANITIZE | |
27934 | + for (index = order_size; index; --index) | |
27935 | + clear_highpage(page + index - 1); | |
27936 | +#endif | |
27937 | + | |
27938 | zone->free_pages += order_size; | |
27939 | while (order < MAX_ORDER-1) { | |
27940 | unsigned long combined_idx; | |
27941 | diff -urNp linux-2.6.19.1/mm/rmap.c linux-2.6.19.1/mm/rmap.c | |
27942 | --- linux-2.6.19.1/mm/rmap.c 2006-11-29 16:57:37.000000000 -0500 | |
27943 | +++ linux-2.6.19.1/mm/rmap.c 2006-12-03 15:16:26.000000000 -0500 | |
27944 | @@ -99,6 +99,19 @@ int anon_vma_prepare(struct vm_area_stru | |
27945 | vma->anon_vma = anon_vma; | |
27946 | list_add_tail(&vma->anon_vma_node, &anon_vma->head); | |
27947 | allocated = NULL; | |
27948 | + | |
27949 | +#ifdef CONFIG_PAX_SEGMEXEC | |
27950 | + if (vma->vm_flags & VM_MIRROR) { | |
27951 | + struct vm_area_struct *vma_m; | |
27952 | + | |
27953 | + vma_m = find_vma(vma->vm_mm, vma->vm_start + vma->vm_mirror); | |
27954 | + BUG_ON(!vma_m || vma_m->vm_start != vma->vm_start + vma->vm_mirror); | |
27955 | + BUG_ON(vma_m->anon_vma || vma->vm_pgoff != vma_m->vm_pgoff); | |
27956 | + vma_m->anon_vma = anon_vma; | |
27957 | + __anon_vma_link(vma_m); | |
27958 | + } | |
27959 | +#endif | |
27960 | + | |
27961 | } | |
27962 | spin_unlock(&mm->page_table_lock); | |
27963 | ||
27964 | diff -urNp linux-2.6.19.1/mm/shmem.c linux-2.6.19.1/mm/shmem.c | |
27965 | --- linux-2.6.19.1/mm/shmem.c 2006-11-29 16:57:37.000000000 -0500 | |
27966 | +++ linux-2.6.19.1/mm/shmem.c 2006-12-03 15:16:26.000000000 -0500 | |
27967 | @@ -2411,7 +2411,7 @@ static struct file_system_type tmpfs_fs_ | |
27968 | .get_sb = shmem_get_sb, | |
27969 | .kill_sb = kill_litter_super, | |
27970 | }; | |
27971 | -static struct vfsmount *shm_mnt; | |
27972 | +struct vfsmount *shm_mnt; | |
27973 | ||
27974 | static int __init init_tmpfs(void) | |
27975 | { | |
27976 | diff -urNp linux-2.6.19.1/mm/slab.c linux-2.6.19.1/mm/slab.c | |
27977 | --- linux-2.6.19.1/mm/slab.c 2006-11-29 16:57:37.000000000 -0500 | |
27978 | +++ linux-2.6.19.1/mm/slab.c 2006-12-03 15:16:26.000000000 -0500 | |
27979 | @@ -1661,6 +1661,11 @@ static void store_stackinfo(struct kmem_ | |
27980 | ||
27981 | while (!kstack_end(sptr)) { | |
27982 | svalue = *sptr++; | |
27983 | + | |
27984 | +#ifdef CONFIG_PAX_KERNEXEC | |
27985 | + svalue += __KERNEL_TEXT_OFFSET; | |
27986 | +#endif | |
27987 | + | |
27988 | if (kernel_text_address(svalue)) { | |
27989 | *addr++ = svalue; | |
27990 | size -= sizeof(unsigned long); | |
27991 | @@ -2116,7 +2121,7 @@ kmem_cache_create (const char *name, siz | |
27992 | * area of the module. Print a warning. | |
27993 | */ | |
27994 | set_fs(KERNEL_DS); | |
27995 | - res = __get_user(tmp, pc->name); | |
27996 | + res = __get_user(tmp, (char __user *)pc->name); | |
27997 | set_fs(old_fs); | |
27998 | if (res) { | |
27999 | printk("SLAB: cache with size %d has lost its name\n", | |
28000 | diff -urNp linux-2.6.19.1/mm/tiny-shmem.c linux-2.6.19.1/mm/tiny-shmem.c | |
28001 | --- linux-2.6.19.1/mm/tiny-shmem.c 2006-11-29 16:57:37.000000000 -0500 | |
28002 | +++ linux-2.6.19.1/mm/tiny-shmem.c 2006-12-03 15:16:26.000000000 -0500 | |
28003 | @@ -26,7 +26,7 @@ static struct file_system_type tmpfs_fs_ | |
28004 | .kill_sb = kill_litter_super, | |
28005 | }; | |
28006 | ||
28007 | -static struct vfsmount *shm_mnt; | |
28008 | +struct vfsmount *shm_mnt; | |
28009 | ||
28010 | static int __init init_tmpfs(void) | |
28011 | { | |
28012 | diff -urNp linux-2.6.19.1/mm/vmalloc.c linux-2.6.19.1/mm/vmalloc.c | |
28013 | --- linux-2.6.19.1/mm/vmalloc.c 2006-11-29 16:57:37.000000000 -0500 | |
28014 | +++ linux-2.6.19.1/mm/vmalloc.c 2006-12-03 15:16:26.000000000 -0500 | |
28015 | @@ -195,6 +195,8 @@ static struct vm_struct *__get_vm_area_n | |
28016 | ||
28017 | write_lock(&vmlist_lock); | |
28018 | for (p = &vmlist; (tmp = *p) != NULL ;p = &tmp->next) { | |
28019 | + if (addr > end - size) | |
28020 | + goto out; | |
28021 | if ((unsigned long)tmp->addr < addr) { | |
28022 | if((unsigned long)tmp->addr + tmp->size >= addr) | |
28023 | addr = ALIGN(tmp->size + | |
28024 | @@ -206,8 +208,6 @@ static struct vm_struct *__get_vm_area_n | |
28025 | if (size + addr <= (unsigned long)tmp->addr) | |
28026 | goto found; | |
28027 | addr = ALIGN(tmp->size + (unsigned long)tmp->addr, align); | |
28028 | - if (addr > end - size) | |
28029 | - goto out; | |
28030 | } | |
28031 | ||
28032 | found: | |
28033 | diff -urNp linux-2.6.19.1/net/core/sock.c linux-2.6.19.1/net/core/sock.c | |
28034 | --- linux-2.6.19.1/net/core/sock.c 2006-11-29 16:57:37.000000000 -0500 | |
28035 | +++ linux-2.6.19.1/net/core/sock.c 2006-12-03 15:16:26.000000000 -0500 | |
28036 | @@ -804,7 +804,7 @@ lenout: | |
28037 | * | |
28038 | * (We also register the sk_lock with the lock validator.) | |
28039 | */ | |
28040 | -static void inline sock_lock_init(struct sock *sk) | |
28041 | +static inline void sock_lock_init(struct sock *sk) | |
28042 | { | |
28043 | spin_lock_init(&sk->sk_lock.slock); | |
28044 | sk->sk_lock.owner = NULL; | |
28045 | diff -urNp linux-2.6.19.1/net/dccp/ccids/ccid3.c linux-2.6.19.1/net/dccp/ccids/ccid3.c | |
28046 | --- linux-2.6.19.1/net/dccp/ccids/ccid3.c 2006-11-29 16:57:37.000000000 -0500 | |
28047 | +++ linux-2.6.19.1/net/dccp/ccids/ccid3.c 2006-12-03 15:16:26.000000000 -0500 | |
28048 | @@ -68,7 +68,7 @@ static int ccid3_debug; | |
28049 | printk(KERN_DEBUG "%s: " format, __FUNCTION__, ##a); \ | |
28050 | } while (0) | |
28051 | #else | |
28052 | -#define ccid3_pr_debug(format, a...) | |
28053 | +#define ccid3_pr_debug(format, a...) do {} while (0) | |
28054 | #endif | |
28055 | ||
28056 | static struct dccp_tx_hist *ccid3_tx_hist; | |
28057 | diff -urNp linux-2.6.19.1/net/dccp/dccp.h linux-2.6.19.1/net/dccp/dccp.h | |
28058 | --- linux-2.6.19.1/net/dccp/dccp.h 2006-11-29 16:57:37.000000000 -0500 | |
28059 | +++ linux-2.6.19.1/net/dccp/dccp.h 2006-12-03 15:16:26.000000000 -0500 | |
28060 | @@ -28,8 +28,8 @@ extern int dccp_debug; | |
28061 | #define dccp_pr_debug_cat(format, a...) do { if (dccp_debug) \ | |
28062 | printk(format, ##a); } while (0) | |
28063 | #else | |
28064 | -#define dccp_pr_debug(format, a...) | |
28065 | -#define dccp_pr_debug_cat(format, a...) | |
28066 | +#define dccp_pr_debug(format, a...) do {} while (0) | |
28067 | +#define dccp_pr_debug_cat(format, a...) do {} while (0) | |
28068 | #endif | |
28069 | ||
28070 | extern struct inet_hashinfo dccp_hashinfo; | |
28071 | diff -urNp linux-2.6.19.1/net/ipv4/inet_connection_sock.c linux-2.6.19.1/net/ipv4/inet_connection_sock.c | |
28072 | --- linux-2.6.19.1/net/ipv4/inet_connection_sock.c 2006-11-29 16:57:37.000000000 -0500 | |
28073 | +++ linux-2.6.19.1/net/ipv4/inet_connection_sock.c 2006-12-03 15:16:27.000000000 -0500 | |
28074 | @@ -15,6 +15,7 @@ | |
28075 | ||
28076 | #include <linux/module.h> | |
28077 | #include <linux/jhash.h> | |
28078 | +#include <linux/grsecurity.h> | |
28079 | ||
28080 | #include <net/inet_connection_sock.h> | |
28081 | #include <net/inet_hashtables.h> | |
28082 | diff -urNp linux-2.6.19.1/net/ipv4/inet_hashtables.c linux-2.6.19.1/net/ipv4/inet_hashtables.c | |
28083 | --- linux-2.6.19.1/net/ipv4/inet_hashtables.c 2006-11-29 16:57:37.000000000 -0500 | |
28084 | +++ linux-2.6.19.1/net/ipv4/inet_hashtables.c 2006-12-03 15:16:27.000000000 -0500 | |
28085 | @@ -18,11 +18,14 @@ | |
28086 | #include <linux/sched.h> | |
28087 | #include <linux/slab.h> | |
28088 | #include <linux/wait.h> | |
28089 | +#include <linux/grsecurity.h> | |
28090 | ||
28091 | #include <net/inet_connection_sock.h> | |
28092 | #include <net/inet_hashtables.h> | |
28093 | #include <net/ip.h> | |
28094 | ||
28095 | +extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet); | |
28096 | + | |
28097 | /* | |
28098 | * Allocate and initialize a new local port bind bucket. | |
28099 | * The bindhash mutex for snum's hash chain must be held here. | |
28100 | @@ -338,6 +341,8 @@ ok: | |
28101 | } | |
28102 | spin_unlock(&head->lock); | |
28103 | ||
28104 | + gr_update_task_in_ip_table(current, inet_sk(sk)); | |
28105 | + | |
28106 | if (tw) { | |
28107 | inet_twsk_deschedule(tw, death_row); | |
28108 | inet_twsk_put(tw); | |
28109 | diff -urNp linux-2.6.19.1/net/ipv4/netfilter/ipt_stealth.c linux-2.6.19.1/net/ipv4/netfilter/ipt_stealth.c | |
28110 | --- linux-2.6.19.1/net/ipv4/netfilter/ipt_stealth.c 1969-12-31 19:00:00.000000000 -0500 | |
28111 | +++ linux-2.6.19.1/net/ipv4/netfilter/ipt_stealth.c 2006-12-03 15:16:27.000000000 -0500 | |
28112 | @@ -0,0 +1,116 @@ | |
28113 | +/* Kernel module to add stealth support. | |
28114 | + * | |
28115 | + * Copyright (C) 2002,2005 Brad Spengler <spender@grsecurity.net> | |
28116 | + * | |
28117 | + */ | |
28118 | + | |
28119 | +#include <linux/kernel.h> | |
28120 | +#include <linux/module.h> | |
28121 | +#include <linux/skbuff.h> | |
28122 | +#include <linux/net.h> | |
28123 | +#include <linux/sched.h> | |
28124 | +#include <linux/inet.h> | |
28125 | +#include <linux/stddef.h> | |
28126 | + | |
28127 | +#include <net/ip.h> | |
28128 | +#include <net/sock.h> | |
28129 | +#include <net/tcp.h> | |
28130 | +#include <net/udp.h> | |
28131 | +#include <net/route.h> | |
28132 | +#include <net/inet_common.h> | |
28133 | + | |
28134 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
28135 | + | |
28136 | +MODULE_LICENSE("GPL"); | |
28137 | + | |
28138 | +extern struct sock *udp_v4_lookup(u32 saddr, u16 sport, u32 daddr, u16 dport, int dif); | |
28139 | + | |
28140 | +static int | |
28141 | +match(const struct sk_buff *skb, | |
28142 | + const struct net_device *in, | |
28143 | + const struct net_device *out, | |
28144 | + const struct xt_match *match, | |
28145 | + const void *matchinfo, | |
28146 | + int offset, | |
28147 | + unsigned int protoff, | |
28148 | + int *hotdrop) | |
28149 | +{ | |
28150 | + struct iphdr *ip = skb->nh.iph; | |
28151 | + struct tcphdr th; | |
28152 | + struct udphdr uh; | |
28153 | + struct sock *sk = NULL; | |
28154 | + | |
28155 | + if (!ip || offset) return 0; | |
28156 | + | |
28157 | + switch(ip->protocol) { | |
28158 | + case IPPROTO_TCP: | |
28159 | + if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &th, sizeof(th)) < 0) { | |
28160 | + *hotdrop = 1; | |
28161 | + return 0; | |
28162 | + } | |
28163 | + if (!(th.syn && !th.ack)) return 0; | |
28164 | + sk = inet_lookup_listener(&tcp_hashinfo, ip->daddr, ntohs(th.dest), ((struct rtable*)skb->dst)->rt_iif); | |
28165 | + break; | |
28166 | + case IPPROTO_UDP: | |
28167 | + if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &uh, sizeof(uh)) < 0) { | |
28168 | + *hotdrop = 1; | |
28169 | + return 0; | |
28170 | + } | |
28171 | + sk = udp_v4_lookup(ip->saddr, uh.source, ip->daddr, uh.dest, skb->dev->ifindex); | |
28172 | + break; | |
28173 | + default: | |
28174 | + return 0; | |
28175 | + } | |
28176 | + | |
28177 | + if(!sk) // port is being listened on, match this | |
28178 | + return 1; | |
28179 | + else { | |
28180 | + sock_put(sk); | |
28181 | + return 0; | |
28182 | + } | |
28183 | +} | |
28184 | + | |
28185 | +/* Called when user tries to insert an entry of this type. */ | |
28186 | +static int | |
28187 | +checkentry(const char *tablename, | |
28188 | + const void *nip, | |
28189 | + const struct xt_match *match, | |
28190 | + void *matchinfo, | |
28191 | + unsigned int matchsize, | |
28192 | + unsigned int hook_mask) | |
28193 | +{ | |
28194 | + const struct ipt_ip *ip = (const struct ipt_ip *)nip; | |
28195 | + if (matchsize != IPT_ALIGN(0)) | |
28196 | + return 0; | |
28197 | + | |
28198 | + if(((ip->proto == IPPROTO_TCP && !(ip->invflags & IPT_INV_PROTO)) || | |
28199 | + ((ip->proto == IPPROTO_UDP) && !(ip->invflags & IPT_INV_PROTO))) | |
28200 | + && (hook_mask & (1 << NF_IP_LOCAL_IN))) | |
28201 | + return 1; | |
28202 | + | |
28203 | + printk("stealth: Only works on TCP and UDP for the INPUT chain.\n"); | |
28204 | + | |
28205 | + return 0; | |
28206 | +} | |
28207 | + | |
28208 | + | |
28209 | +static struct ipt_match stealth_match = { | |
28210 | + .name = "stealth", | |
28211 | + .match = match, | |
28212 | + .checkentry = checkentry, | |
28213 | + .destroy = NULL, | |
28214 | + .me = THIS_MODULE | |
28215 | +}; | |
28216 | + | |
28217 | +static int __init init(void) | |
28218 | +{ | |
28219 | + return ipt_register_match(&stealth_match); | |
28220 | +} | |
28221 | + | |
28222 | +static void __exit fini(void) | |
28223 | +{ | |
28224 | + ipt_unregister_match(&stealth_match); | |
28225 | +} | |
28226 | + | |
28227 | +module_init(init); | |
28228 | +module_exit(fini); | |
28229 | diff -urNp linux-2.6.19.1/net/ipv4/netfilter/Kconfig linux-2.6.19.1/net/ipv4/netfilter/Kconfig | |
28230 | --- linux-2.6.19.1/net/ipv4/netfilter/Kconfig 2006-11-29 16:57:37.000000000 -0500 | |
28231 | +++ linux-2.6.19.1/net/ipv4/netfilter/Kconfig 2006-12-03 15:16:27.000000000 -0500 | |
28232 | @@ -329,6 +329,21 @@ config IP_NF_MATCH_HASHLIMIT | |
28233 | destination IP' or `500pps from any given source IP' with a single | |
28234 | IPtables rule. | |
28235 | ||
28236 | +config IP_NF_MATCH_STEALTH | |
28237 | + tristate "stealth match support" | |
28238 | + depends on IP_NF_IPTABLES | |
28239 | + help | |
28240 | + Enabling this option will drop all syn packets coming to unserved tcp | |
28241 | + ports as well as all packets coming to unserved udp ports. If you | |
28242 | + are using your system to route any type of packets (ie. via NAT) | |
28243 | + you should put this module at the end of your ruleset, since it will | |
28244 | + drop packets that aren't going to ports that are listening on your | |
28245 | + machine itself, it doesn't take into account that the packet might be | |
28246 | + destined for someone on your internal network if you're using NAT for | |
28247 | + instance. | |
28248 | + | |
28249 | + To compile it as a module, choose M here. If unsure, say N. | |
28250 | + | |
28251 | # `filter', generic and specific targets | |
28252 | config IP_NF_FILTER | |
28253 | tristate "Packet filtering" | |
28254 | @@ -624,4 +639,3 @@ config IP_NF_ARP_MANGLE | |
28255 | hardware and network addresses. | |
28256 | ||
28257 | endmenu | |
28258 | - | |
28259 | diff -urNp linux-2.6.19.1/net/ipv4/netfilter/Makefile linux-2.6.19.1/net/ipv4/netfilter/Makefile | |
28260 | --- linux-2.6.19.1/net/ipv4/netfilter/Makefile 2006-11-29 16:57:37.000000000 -0500 | |
28261 | +++ linux-2.6.19.1/net/ipv4/netfilter/Makefile 2006-12-03 15:16:27.000000000 -0500 | |
28262 | @@ -62,6 +62,7 @@ obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn | |
28263 | obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o | |
28264 | obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o | |
28265 | obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o | |
28266 | +obj-$(CONFIG_IP_NF_MATCH_STEALTH) += ipt_stealth.o | |
28267 | ||
28268 | # targets | |
28269 | obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o | |
28270 | diff -urNp linux-2.6.19.1/net/ipv4/tcp_ipv4.c linux-2.6.19.1/net/ipv4/tcp_ipv4.c | |
28271 | --- linux-2.6.19.1/net/ipv4/tcp_ipv4.c 2006-11-29 16:57:37.000000000 -0500 | |
28272 | +++ linux-2.6.19.1/net/ipv4/tcp_ipv4.c 2006-12-03 15:16:27.000000000 -0500 | |
28273 | @@ -61,6 +61,7 @@ | |
28274 | #include <linux/jhash.h> | |
28275 | #include <linux/init.h> | |
28276 | #include <linux/times.h> | |
28277 | +#include <linux/grsecurity.h> | |
28278 | ||
28279 | #include <net/icmp.h> | |
28280 | #include <net/inet_hashtables.h> | |
28281 | diff -urNp linux-2.6.19.1/net/ipv4/udp.c linux-2.6.19.1/net/ipv4/udp.c | |
28282 | --- linux-2.6.19.1/net/ipv4/udp.c 2006-11-29 16:57:37.000000000 -0500 | |
28283 | +++ linux-2.6.19.1/net/ipv4/udp.c 2006-12-03 15:16:27.000000000 -0500 | |
28284 | @@ -101,6 +101,7 @@ | |
28285 | #include <linux/skbuff.h> | |
28286 | #include <linux/proc_fs.h> | |
28287 | #include <linux/seq_file.h> | |
28288 | +#include <linux/grsecurity.h> | |
28289 | #include <net/sock.h> | |
28290 | #include <net/udp.h> | |
28291 | #include <net/icmp.h> | |
28292 | @@ -109,6 +110,12 @@ | |
28293 | #include <net/checksum.h> | |
28294 | #include <net/xfrm.h> | |
28295 | ||
28296 | +extern int gr_search_udp_recvmsg(const struct sock *sk, | |
28297 | + const struct sk_buff *skb); | |
28298 | +extern int gr_search_udp_sendmsg(const struct sock *sk, | |
28299 | + const struct sockaddr_in *addr); | |
28300 | + | |
28301 | + | |
28302 | /* | |
28303 | * Snmp MIB for the UDP layer | |
28304 | */ | |
28305 | @@ -288,8 +295,8 @@ static struct sock *udp_v4_lookup_longwa | |
28306 | return result; | |
28307 | } | |
28308 | ||
28309 | -static __inline__ struct sock *udp_v4_lookup(__be32 saddr, __be16 sport, | |
28310 | - __be32 daddr, __be16 dport, int dif) | |
28311 | +struct sock *udp_v4_lookup(__be32 saddr, __be16 sport, | |
28312 | + __be32 daddr, __be16 dport, int dif) | |
28313 | { | |
28314 | struct sock *sk; | |
28315 | ||
28316 | @@ -564,9 +571,16 @@ int udp_sendmsg(struct kiocb *iocb, stru | |
28317 | dport = usin->sin_port; | |
28318 | if (dport == 0) | |
28319 | return -EINVAL; | |
28320 | + | |
28321 | + if (!gr_search_udp_sendmsg(sk, usin)) | |
28322 | + return -EPERM; | |
28323 | } else { | |
28324 | if (sk->sk_state != TCP_ESTABLISHED) | |
28325 | return -EDESTADDRREQ; | |
28326 | + | |
28327 | + if (!gr_search_udp_sendmsg(sk, NULL)) | |
28328 | + return -EPERM; | |
28329 | + | |
28330 | daddr = inet->daddr; | |
28331 | dport = inet->dport; | |
28332 | /* Open fast path for connected socket. | |
28333 | @@ -833,6 +847,11 @@ try_again: | |
28334 | if (!skb) | |
28335 | goto out; | |
28336 | ||
28337 | + if (!gr_search_udp_recvmsg(sk, skb)) { | |
28338 | + err = -EPERM; | |
28339 | + goto out_free; | |
28340 | + } | |
28341 | + | |
28342 | copied = skb->len - sizeof(struct udphdr); | |
28343 | if (copied > len) { | |
28344 | copied = len; | |
28345 | diff -urNp linux-2.6.19.1/net/ipv6/addrconf.c linux-2.6.19.1/net/ipv6/addrconf.c | |
28346 | --- linux-2.6.19.1/net/ipv6/addrconf.c 2006-11-29 16:57:37.000000000 -0500 | |
28347 | +++ linux-2.6.19.1/net/ipv6/addrconf.c 2006-12-03 15:16:27.000000000 -0500 | |
28348 | @@ -869,7 +869,7 @@ struct ipv6_saddr_score { | |
28349 | #define IPV6_SADDR_SCORE_LABEL 0x0020 | |
28350 | #define IPV6_SADDR_SCORE_PRIVACY 0x0040 | |
28351 | ||
28352 | -static int inline ipv6_saddr_preferred(int type) | |
28353 | +static inline int ipv6_saddr_preferred(int type) | |
28354 | { | |
28355 | if (type & (IPV6_ADDR_MAPPED|IPV6_ADDR_COMPATv4| | |
28356 | IPV6_ADDR_LOOPBACK|IPV6_ADDR_RESERVED)) | |
28357 | @@ -878,7 +878,7 @@ static int inline ipv6_saddr_preferred(i | |
28358 | } | |
28359 | ||
28360 | /* static matching label */ | |
28361 | -static int inline ipv6_saddr_label(const struct in6_addr *addr, int type) | |
28362 | +static inline int ipv6_saddr_label(const struct in6_addr *addr, int type) | |
28363 | { | |
28364 | /* | |
28365 | * prefix (longest match) label | |
28366 | @@ -3362,7 +3362,7 @@ errout: | |
28367 | rtnl_set_sk_err(RTNLGRP_IPV6_IFADDR, err); | |
28368 | } | |
28369 | ||
28370 | -static void inline ipv6_store_devconf(struct ipv6_devconf *cnf, | |
28371 | +static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, | |
28372 | __s32 *array, int bytes) | |
28373 | { | |
28374 | memset(array, 0, bytes); | |
28375 | diff -urNp linux-2.6.19.1/net/ipv6/raw.c linux-2.6.19.1/net/ipv6/raw.c | |
28376 | --- linux-2.6.19.1/net/ipv6/raw.c 2006-11-29 16:57:37.000000000 -0500 | |
28377 | +++ linux-2.6.19.1/net/ipv6/raw.c 2006-12-03 15:16:29.000000000 -0500 | |
28378 | @@ -549,7 +549,7 @@ out: | |
28379 | return err; | |
28380 | } | |
28381 | ||
28382 | -static int rawv6_send_hdrinc(struct sock *sk, void *from, int length, | |
28383 | +static int rawv6_send_hdrinc(struct sock *sk, void *from, unsigned int length, | |
28384 | struct flowi *fl, struct rt6_info *rt, | |
28385 | unsigned int flags) | |
28386 | { | |
28387 | @@ -691,7 +691,7 @@ static int rawv6_sendmsg(struct kiocb *i | |
28388 | /* Rough check on arithmetic overflow, | |
28389 | better check is made in ip6_build_xmit | |
28390 | */ | |
28391 | - if (len < 0) | |
28392 | + if ((ssize_t)len < 0) | |
28393 | return -EMSGSIZE; | |
28394 | ||
28395 | /* Mirror BSD error message compatibility */ | |
28396 | diff -urNp linux-2.6.19.1/net/ipv6/route.c linux-2.6.19.1/net/ipv6/route.c | |
28397 | --- linux-2.6.19.1/net/ipv6/route.c 2006-11-29 16:57:37.000000000 -0500 | |
28398 | +++ linux-2.6.19.1/net/ipv6/route.c 2006-12-03 15:16:29.000000000 -0500 | |
28399 | @@ -308,7 +308,7 @@ static inline void rt6_probe(struct rt6_ | |
28400 | /* | |
28401 | * Default Router Selection (RFC 2461 6.3.6) | |
28402 | */ | |
28403 | -static int inline rt6_check_dev(struct rt6_info *rt, int oif) | |
28404 | +static inline int rt6_check_dev(struct rt6_info *rt, int oif) | |
28405 | { | |
28406 | struct net_device *dev = rt->rt6i_dev; | |
28407 | if (!oif || dev->ifindex == oif) | |
28408 | @@ -319,7 +319,7 @@ static int inline rt6_check_dev(struct r | |
28409 | return 0; | |
28410 | } | |
28411 | ||
28412 | -static int inline rt6_check_neigh(struct rt6_info *rt) | |
28413 | +static inline int rt6_check_neigh(struct rt6_info *rt) | |
28414 | { | |
28415 | struct neighbour *neigh = rt->rt6i_nexthop; | |
28416 | int m = 0; | |
28417 | diff -urNp linux-2.6.19.1/net/ipv6/xfrm6_tunnel.c linux-2.6.19.1/net/ipv6/xfrm6_tunnel.c | |
28418 | --- linux-2.6.19.1/net/ipv6/xfrm6_tunnel.c 2006-11-29 16:57:37.000000000 -0500 | |
28419 | +++ linux-2.6.19.1/net/ipv6/xfrm6_tunnel.c 2006-12-03 15:16:29.000000000 -0500 | |
28420 | @@ -58,7 +58,7 @@ static kmem_cache_t *xfrm6_tunnel_spi_km | |
28421 | static struct hlist_head xfrm6_tunnel_spi_byaddr[XFRM6_TUNNEL_SPI_BYADDR_HSIZE]; | |
28422 | static struct hlist_head xfrm6_tunnel_spi_byspi[XFRM6_TUNNEL_SPI_BYSPI_HSIZE]; | |
28423 | ||
28424 | -static unsigned inline xfrm6_tunnel_spi_hash_byaddr(xfrm_address_t *addr) | |
28425 | +static inline unsigned xfrm6_tunnel_spi_hash_byaddr(xfrm_address_t *addr) | |
28426 | { | |
28427 | unsigned h; | |
28428 | ||
28429 | @@ -70,7 +70,7 @@ static unsigned inline xfrm6_tunnel_spi_ | |
28430 | return h; | |
28431 | } | |
28432 | ||
28433 | -static unsigned inline xfrm6_tunnel_spi_hash_byspi(u32 spi) | |
28434 | +static inline unsigned xfrm6_tunnel_spi_hash_byspi(u32 spi) | |
28435 | { | |
28436 | return spi % XFRM6_TUNNEL_SPI_BYSPI_HSIZE; | |
28437 | } | |
28438 | diff -urNp linux-2.6.19.1/net/sctp/sm_statetable.c linux-2.6.19.1/net/sctp/sm_statetable.c | |
28439 | --- linux-2.6.19.1/net/sctp/sm_statetable.c 2006-11-29 16:57:37.000000000 -0500 | |
28440 | +++ linux-2.6.19.1/net/sctp/sm_statetable.c 2006-12-03 15:16:29.000000000 -0500 | |
28441 | @@ -986,7 +986,7 @@ static const sctp_sm_table_entry_t *sctp | |
28442 | if (state > SCTP_STATE_MAX) | |
28443 | return &bug; | |
28444 | ||
28445 | - if (cid >= 0 && cid <= SCTP_CID_BASE_MAX) | |
28446 | + if (cid <= SCTP_CID_BASE_MAX) | |
28447 | return &chunk_event_table[cid][state]; | |
28448 | ||
28449 | if (sctp_prsctp_enable) { | |
28450 | diff -urNp linux-2.6.19.1/net/socket.c linux-2.6.19.1/net/socket.c | |
28451 | --- linux-2.6.19.1/net/socket.c 2006-11-29 16:57:37.000000000 -0500 | |
28452 | +++ linux-2.6.19.1/net/socket.c 2006-12-03 15:16:29.000000000 -0500 | |
28453 | @@ -85,6 +85,7 @@ | |
28454 | #include <linux/kmod.h> | |
28455 | #include <linux/audit.h> | |
28456 | #include <linux/wireless.h> | |
28457 | +#include <linux/in.h> | |
28458 | ||
28459 | #include <asm/uaccess.h> | |
28460 | #include <asm/unistd.h> | |
28461 | @@ -94,6 +95,21 @@ | |
28462 | #include <net/sock.h> | |
28463 | #include <linux/netfilter.h> | |
28464 | ||
28465 | +extern void gr_attach_curr_ip(const struct sock *sk); | |
28466 | +extern int gr_handle_sock_all(const int family, const int type, | |
28467 | + const int protocol); | |
28468 | +extern int gr_handle_sock_server(const struct sockaddr *sck); | |
28469 | +extern int gr_handle_sock_server_other(const struct socket *sck); | |
28470 | +extern int gr_handle_sock_client(const struct sockaddr *sck); | |
28471 | +extern int gr_search_connect(const struct socket * sock, | |
28472 | + const struct sockaddr_in * addr); | |
28473 | +extern int gr_search_bind(const struct socket * sock, | |
28474 | + const struct sockaddr_in * addr); | |
28475 | +extern int gr_search_listen(const struct socket * sock); | |
28476 | +extern int gr_search_accept(const struct socket * sock); | |
28477 | +extern int gr_search_socket(const int domain, const int type, | |
28478 | + const int protocol); | |
28479 | + | |
28480 | static int sock_no_open(struct inode *irrelevant, struct file *dontcare); | |
28481 | static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, | |
28482 | unsigned long nr_segs, loff_t pos); | |
28483 | @@ -296,7 +312,7 @@ static int sockfs_get_sb(struct file_sys | |
28484 | mnt); | |
28485 | } | |
28486 | ||
28487 | -static struct vfsmount *sock_mnt __read_mostly; | |
28488 | +struct vfsmount *sock_mnt __read_mostly; | |
28489 | ||
28490 | static struct file_system_type sock_fs_type = { | |
28491 | .name = "sockfs", | |
28492 | @@ -1174,6 +1190,16 @@ asmlinkage long sys_socket(int family, i | |
28493 | int retval; | |
28494 | struct socket *sock; | |
28495 | ||
28496 | + if(!gr_search_socket(family, type, protocol)) { | |
28497 | + retval = -EACCES; | |
28498 | + goto out; | |
28499 | + } | |
28500 | + | |
28501 | + if (gr_handle_sock_all(family, type, protocol)) { | |
28502 | + retval = -EACCES; | |
28503 | + goto out; | |
28504 | + } | |
28505 | + | |
28506 | retval = sock_create(family, type, protocol, &sock); | |
28507 | if (retval < 0) | |
28508 | goto out; | |
28509 | @@ -1269,12 +1295,20 @@ asmlinkage long sys_bind(int fd, struct | |
28510 | { | |
28511 | struct socket *sock; | |
28512 | char address[MAX_SOCK_ADDR]; | |
28513 | + struct sockaddr *sck; | |
28514 | int err, fput_needed; | |
28515 | ||
28516 | sock = sockfd_lookup_light(fd, &err, &fput_needed); | |
28517 | if(sock) { | |
28518 | err = move_addr_to_kernel(umyaddr, addrlen, address); | |
28519 | if (err >= 0) { | |
28520 | + sck = (struct sockaddr *)address; | |
28521 | + if (!gr_search_bind(sock, (struct sockaddr_in *)sck) || | |
28522 | + gr_handle_sock_server(sck)) { | |
28523 | + err = -EACCES; | |
28524 | + goto error; | |
28525 | + } | |
28526 | + | |
28527 | err = security_socket_bind(sock, | |
28528 | (struct sockaddr *)address, | |
28529 | addrlen); | |
28530 | @@ -1283,6 +1317,7 @@ asmlinkage long sys_bind(int fd, struct | |
28531 | (struct sockaddr *) | |
28532 | address, addrlen); | |
28533 | } | |
28534 | +error: | |
28535 | fput_light(sock->file, fput_needed); | |
28536 | } | |
28537 | return err; | |
28538 | @@ -1306,10 +1341,17 @@ asmlinkage long sys_listen(int fd, int b | |
28539 | if ((unsigned)backlog > sysctl_somaxconn) | |
28540 | backlog = sysctl_somaxconn; | |
28541 | ||
28542 | + if (gr_handle_sock_server_other(sock) || | |
28543 | + !gr_search_listen(sock)) { | |
28544 | + err = -EPERM; | |
28545 | + goto error; | |
28546 | + } | |
28547 | + | |
28548 | err = security_socket_listen(sock, backlog); | |
28549 | if (!err) | |
28550 | err = sock->ops->listen(sock, backlog); | |
28551 | ||
28552 | +error: | |
28553 | fput_light(sock->file, fput_needed); | |
28554 | } | |
28555 | return err; | |
28556 | @@ -1346,6 +1388,13 @@ asmlinkage long sys_accept(int fd, struc | |
28557 | newsock->type = sock->type; | |
28558 | newsock->ops = sock->ops; | |
28559 | ||
28560 | + if (gr_handle_sock_server_other(sock) || | |
28561 | + !gr_search_accept(sock)) { | |
28562 | + err = -EPERM; | |
28563 | + sock_release(newsock); | |
28564 | + goto out_put; | |
28565 | + } | |
28566 | + | |
28567 | /* | |
28568 | * We don't need try_module_get here, as the listening socket (sock) | |
28569 | * has the protocol module (sock->ops->owner) held. | |
28570 | @@ -1389,6 +1438,7 @@ asmlinkage long sys_accept(int fd, struc | |
28571 | err = newfd; | |
28572 | ||
28573 | security_socket_post_accept(sock, newsock); | |
28574 | + gr_attach_curr_ip(newsock->sk); | |
28575 | ||
28576 | out_put: | |
28577 | fput_light(sock->file, fput_needed); | |
28578 | @@ -1417,6 +1467,7 @@ asmlinkage long sys_connect(int fd, stru | |
28579 | { | |
28580 | struct socket *sock; | |
28581 | char address[MAX_SOCK_ADDR]; | |
28582 | + struct sockaddr *sck; | |
28583 | int err, fput_needed; | |
28584 | ||
28585 | sock = sockfd_lookup_light(fd, &err, &fput_needed); | |
28586 | @@ -1426,6 +1477,13 @@ asmlinkage long sys_connect(int fd, stru | |
28587 | if (err < 0) | |
28588 | goto out_put; | |
28589 | ||
28590 | + sck = (struct sockaddr *)address; | |
28591 | + if (!gr_search_connect(sock, (struct sockaddr_in *)sck) || | |
28592 | + gr_handle_sock_client(sck)) { | |
28593 | + err = -EACCES; | |
28594 | + goto out_put; | |
28595 | + } | |
28596 | + | |
28597 | err = | |
28598 | security_socket_connect(sock, (struct sockaddr *)address, addrlen); | |
28599 | if (err) | |
28600 | @@ -1699,6 +1757,7 @@ asmlinkage long sys_shutdown(int fd, int | |
28601 | err = sock->ops->shutdown(sock, how); | |
28602 | fput_light(sock->file, fput_needed); | |
28603 | } | |
28604 | + | |
28605 | return err; | |
28606 | } | |
28607 | ||
28608 | diff -urNp linux-2.6.19.1/net/unix/af_unix.c linux-2.6.19.1/net/unix/af_unix.c | |
28609 | --- linux-2.6.19.1/net/unix/af_unix.c 2006-11-29 16:57:37.000000000 -0500 | |
28610 | +++ linux-2.6.19.1/net/unix/af_unix.c 2006-12-03 15:16:30.000000000 -0500 | |
28611 | @@ -116,6 +116,7 @@ | |
c3e8c1b5 | 28612 | #include <linux/security.h> |
5c9295bc | 28613 | #include <linux/vs_context.h> |
28614 | #include <linux/vs_limit.h> | |
c3e8c1b5 | 28615 | +#include <linux/grsecurity.h> |
28616 | ||
28617 | int sysctl_unix_max_dgram_qlen __read_mostly = 10; | |
28618 | ||
28619 | @@ -706,6 +707,11 @@ static struct sock *unix_find_other(stru | |
28620 | if (err) | |
28621 | goto put_fail; | |
28622 | ||
28623 | + if (!gr_acl_handle_unix(nd.dentry, nd.mnt)) { | |
28624 | + err = -EACCES; | |
28625 | + goto put_fail; | |
28626 | + } | |
28627 | + | |
28628 | err = -ECONNREFUSED; | |
28629 | if (!S_ISSOCK(nd.dentry->d_inode->i_mode)) | |
28630 | goto put_fail; | |
28631 | @@ -729,6 +735,13 @@ static struct sock *unix_find_other(stru | |
28632 | if (u) { | |
28633 | struct dentry *dentry; | |
28634 | dentry = unix_sk(u)->dentry; | |
28635 | + | |
28636 | + if (!gr_handle_chroot_unix(u->sk_peercred.pid)) { | |
28637 | + err = -EPERM; | |
28638 | + sock_put(u); | |
28639 | + goto fail; | |
28640 | + } | |
28641 | + | |
28642 | if (dentry) | |
28643 | touch_atime(unix_sk(u)->mnt, dentry); | |
28644 | } else | |
28645 | @@ -807,9 +820,18 @@ static int unix_bind(struct socket *sock | |
28646 | */ | |
28647 | mode = S_IFSOCK | | |
28648 | (SOCK_INODE(sock)->i_mode & ~current->fs->umask); | |
28649 | + | |
28650 | + if (!gr_acl_handle_mknod(dentry, nd.dentry, nd.mnt, mode)) { | |
28651 | + err = -EACCES; | |
28652 | + goto out_mknod_dput; | |
28653 | + } | |
28654 | + | |
5c9295bc | 28655 | err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0, NULL); |
c3e8c1b5 | 28656 | if (err) |
28657 | goto out_mknod_dput; | |
28658 | + | |
28659 | + gr_handle_create(dentry, nd.mnt); | |
28660 | + | |
28661 | mutex_unlock(&nd.dentry->d_inode->i_mutex); | |
28662 | dput(nd.dentry); | |
28663 | nd.dentry = dentry; | |
28664 | @@ -827,6 +849,10 @@ static int unix_bind(struct socket *sock | |
28665 | goto out_unlock; | |
28666 | } | |
28667 | ||
28668 | +#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX | |
28669 | + sk->sk_peercred.pid = current->pid; | |
28670 | +#endif | |
28671 | + | |
28672 | list = &unix_socket_table[addr->hash]; | |
28673 | } else { | |
28674 | list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)]; | |
28675 | diff -urNp linux-2.6.19.1/net/xfrm/xfrm_user.c linux-2.6.19.1/net/xfrm/xfrm_user.c | |
28676 | --- linux-2.6.19.1/net/xfrm/xfrm_user.c 2006-11-29 16:57:37.000000000 -0500 | |
28677 | +++ linux-2.6.19.1/net/xfrm/xfrm_user.c 2006-12-03 15:16:30.000000000 -0500 | |
28678 | @@ -1782,7 +1782,7 @@ nlmsg_failure: | |
28679 | return -1; | |
28680 | } | |
28681 | ||
28682 | -static int inline xfrm_sa_len(struct xfrm_state *x) | |
28683 | +static inline int xfrm_sa_len(struct xfrm_state *x) | |
28684 | { | |
28685 | int l = 0; | |
28686 | if (x->aalg) | |
28687 | diff -urNp linux-2.6.19.1/scripts/Kbuild.include linux-2.6.19.1/scripts/Kbuild.include | |
28688 | --- linux-2.6.19.1/scripts/Kbuild.include 2006-11-29 16:57:37.000000000 -0500 | |
28689 | +++ linux-2.6.19.1/scripts/Kbuild.include 2006-12-10 21:43:36.000000000 -0500 | |
28690 | @@ -66,9 +66,8 @@ as-option = $(shell if $(CC) $(CFLAGS) $ | |
28691 | # as-instr | |
28692 | # Usage: cflags-y += $(call as-instr, instr, option1, option2) | |
28693 | ||
28694 | -as-instr = $(shell if echo -e "$(1)" | $(AS) >/dev/null 2>&1 -W -Z -o astest$$$$.out ; \ | |
28695 | - then echo "$(2)"; else echo "$(3)"; fi; \ | |
28696 | - rm -f astest$$$$.out) | |
28697 | +as-instr = $(shell if echo -e "$(1)" | $(AS) >/dev/null 2>&1 -W -Z -o /dev/null ; \ | |
28698 | + then echo "$(2)"; else echo "$(3)"; fi; ) | |
28699 | ||
28700 | # cc-option | |
28701 | # Usage: cflags-y += $(call cc-option, -march=winchip-c6, -march=i586) | |
28702 | diff -urNp linux-2.6.19.1/security/commoncap.c linux-2.6.19.1/security/commoncap.c | |
28703 | --- linux-2.6.19.1/security/commoncap.c 2006-11-29 16:57:37.000000000 -0500 | |
28704 | +++ linux-2.6.19.1/security/commoncap.c 2006-12-03 15:16:30.000000000 -0500 | |
62894557 | 28705 | @@ -23,6 +23,7 @@ |
c3e8c1b5 | 28706 | #include <linux/xattr.h> |
28707 | #include <linux/hugetlb.h> | |
62894557 | 28708 | #include <linux/vs_context.h> |
c3e8c1b5 | 28709 | +#include <linux/grsecurity.h> |
28710 | ||
28711 | int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | |
28712 | { | |
c3e8c1b5 | 28713 | @@ -44,7 +45,15 @@ EXPORT_SYMBOL(cap_netlink_recv); |
28714 | int cap_capable (struct task_struct *tsk, int cap) | |
28715 | { | |
28716 | /* Derived from include/linux/sched.h:capable. */ | |
62894557 | 28717 | - if (vx_cap_raised(tsk->vx_info, tsk->cap_effective, cap)) |
28718 | + if (vx_cap_raised(tsk->vx_info, tsk->cap_effective, cap) && gr_task_is_capable(tsk, cap)) | |
c3e8c1b5 | 28719 | + return 0; |
28720 | + return -EPERM; | |
28721 | +} | |
28722 | + | |
28723 | +int cap_capable_nolog (struct task_struct *tsk, int cap) | |
28724 | +{ | |
28725 | + /* Derived from include/linux/sched.h:capable. */ | |
da3dbdc5 | 28726 | + if (vx_cap_raised(tsk->vx_info, tsk->cap_effective, cap)) |
c3e8c1b5 | 28727 | return 0; |
28728 | return -EPERM; | |
28729 | } | |
28730 | @@ -163,8 +172,11 @@ void cap_bprm_apply_creds (struct linux_ | |
28731 | } | |
28732 | } | |
28733 | ||
28734 | - current->suid = current->euid = current->fsuid = bprm->e_uid; | |
28735 | - current->sgid = current->egid = current->fsgid = bprm->e_gid; | |
28736 | + if (!gr_check_user_change(-1, bprm->e_uid, bprm->e_uid)) | |
28737 | + current->suid = current->euid = current->fsuid = bprm->e_uid; | |
28738 | + | |
28739 | + if (!gr_check_group_change(-1, bprm->e_gid, bprm->e_gid)) | |
28740 | + current->sgid = current->egid = current->fsgid = bprm->e_gid; | |
28741 | ||
28742 | /* For init, we want to retain the capabilities set | |
28743 | * in the init_task struct. Thus we skip the usual | |
28744 | @@ -175,6 +187,8 @@ void cap_bprm_apply_creds (struct linux_ | |
28745 | cap_intersect (new_permitted, bprm->cap_effective); | |
28746 | } | |
28747 | ||
28748 | + gr_handle_chroot_caps(current); | |
28749 | + | |
28750 | /* AUD: Audit candidate if current->cap_effective is set */ | |
28751 | ||
28752 | current->keep_capabilities = 0; | |
28753 | @@ -320,12 +334,13 @@ int cap_vm_enough_memory(long pages) | |
28754 | { | |
28755 | int cap_sys_admin = 0; | |
28756 | ||
28757 | - if (cap_capable(current, CAP_SYS_ADMIN) == 0) | |
28758 | + if (cap_capable_nolog(current, CAP_SYS_ADMIN) == 0) | |
28759 | cap_sys_admin = 1; | |
28760 | return __vm_enough_memory(pages, cap_sys_admin); | |
28761 | } | |
28762 | ||
28763 | EXPORT_SYMBOL(cap_capable); | |
28764 | +EXPORT_SYMBOL(cap_capable_nolog); | |
28765 | EXPORT_SYMBOL(cap_settime); | |
28766 | EXPORT_SYMBOL(cap_ptrace); | |
28767 | EXPORT_SYMBOL(cap_capget); | |
28768 | diff -urNp linux-2.6.19.1/security/dummy.c linux-2.6.19.1/security/dummy.c | |
28769 | --- linux-2.6.19.1/security/dummy.c 2006-11-29 16:57:37.000000000 -0500 | |
28770 | +++ linux-2.6.19.1/security/dummy.c 2006-12-03 15:16:30.000000000 -0500 | |
28771 | @@ -28,6 +28,7 @@ | |
c3e8c1b5 | 28772 | #include <linux/ptrace.h> |
28773 | #include <linux/file.h> | |
62894557 | 28774 | #include <linux/vs_context.h> |
c3e8c1b5 | 28775 | +#include <linux/grsecurity.h> |
28776 | ||
28777 | static int dummy_ptrace (struct task_struct *parent, struct task_struct *child) | |
28778 | { | |
28779 | @@ -138,8 +139,11 @@ static void dummy_bprm_apply_creds (stru | |
28780 | } | |
28781 | } | |
28782 | ||
28783 | - current->suid = current->euid = current->fsuid = bprm->e_uid; | |
28784 | - current->sgid = current->egid = current->fsgid = bprm->e_gid; | |
28785 | + if (!gr_check_user_change(-1, bprm->e_uid, bprm->e_uid)) | |
28786 | + current->suid = current->euid = current->fsuid = bprm->e_uid; | |
28787 | + | |
28788 | + if (!gr_check_group_change(-1, bprm->e_gid, bprm->e_gid)) | |
28789 | + current->sgid = current->egid = current->fsgid = bprm->e_gid; | |
28790 | ||
28791 | dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); | |
28792 | } | |
28793 | diff -urNp linux-2.6.19.1/security/Kconfig linux-2.6.19.1/security/Kconfig | |
28794 | --- linux-2.6.19.1/security/Kconfig 2006-11-29 16:57:37.000000000 -0500 | |
28795 | +++ linux-2.6.19.1/security/Kconfig 2006-12-03 15:16:30.000000000 -0500 | |
28796 | @@ -4,6 +4,432 @@ | |
28797 | ||
28798 | menu "Security options" | |
28799 | ||
28800 | +menu "PaX" | |
28801 | + | |
28802 | +config PAX | |
28803 | + bool "Enable various PaX features" | |
28804 | + depends on GRKERNSEC && (ALPHA || ARM || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86 || X86_64) | |
28805 | + help | |
28806 | + This allows you to enable various PaX features. PaX adds | |
28807 | + intrusion prevention mechanisms to the kernel that reduce | |
28808 | + the risks posed by exploitable memory corruption bugs. | |
28809 | + | |
28810 | +menu "PaX Control" | |
28811 | + depends on PAX | |
28812 | + | |
28813 | +config PAX_SOFTMODE | |
28814 | + bool 'Support soft mode' | |
28815 | + help | |
28816 | + Enabling this option will allow you to run PaX in soft mode, that | |
28817 | + is, PaX features will not be enforced by default, only on executables | |
28818 | + marked explicitly. You must also enable PT_PAX_FLAGS support as it | |
28819 | + is the only way to mark executables for soft mode use. | |
28820 | + | |
28821 | + Soft mode can be activated by using the "pax_softmode=1" kernel command | |
28822 | + line option on boot. Furthermore you can control various PaX features | |
28823 | + at runtime via the entries in /proc/sys/kernel/pax. | |
28824 | + | |
28825 | +config PAX_EI_PAX | |
28826 | + bool 'Use legacy ELF header marking' | |
28827 | + help | |
28828 | + Enabling this option will allow you to control PaX features on | |
28829 | + a per executable basis via the 'chpax' utility available at | |
28830 | + http://pax.grsecurity.net/. The control flags will be read from | |
28831 | + an otherwise reserved part of the ELF header. This marking has | |
28832 | + numerous drawbacks (no support for soft-mode, toolchain does not | |
28833 | + know about the non-standard use of the ELF header) therefore it | |
28834 | + has been deprecated in favour of PT_PAX_FLAGS support. | |
28835 | + | |
28836 | + If you have applications not marked by the PT_PAX_FLAGS ELF | |
28837 | + program header then you MUST enable this option otherwise they | |
28838 | + will not get any protection. | |
28839 | + | |
28840 | + Note that if you enable PT_PAX_FLAGS marking support as well, | |
28841 | + the PT_PAX_FLAG marks will override the legacy EI_PAX marks. | |
28842 | + | |
28843 | +config PAX_PT_PAX_FLAGS | |
28844 | + bool 'Use ELF program header marking' | |
28845 | + help | |
28846 | + Enabling this option will allow you to control PaX features on | |
28847 | + a per executable basis via the 'paxctl' utility available at | |
28848 | + http://pax.grsecurity.net/. The control flags will be read from | |
28849 | + a PaX specific ELF program header (PT_PAX_FLAGS). This marking | |
28850 | + has the benefits of supporting both soft mode and being fully | |
28851 | + integrated into the toolchain (the binutils patch is available | |
28852 | + from http://pax.grsecurity.net). | |
28853 | + | |
28854 | + If you have applications not marked by the PT_PAX_FLAGS ELF | |
28855 | + program header then you MUST enable the EI_PAX marking support | |
28856 | + otherwise they will not get any protection. | |
28857 | + | |
28858 | + Note that if you enable the legacy EI_PAX marking support as well, | |
28859 | + the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks. | |
28860 | + | |
28861 | +choice | |
28862 | + prompt 'MAC system integration' | |
28863 | + default PAX_NO_ACL_FLAGS | |
28864 | + help | |
28865 | + Mandatory Access Control systems have the option of controlling | |
28866 | + PaX flags on a per executable basis, choose the method supported | |
28867 | + by your particular system. | |
28868 | + | |
28869 | + - "none": if your MAC system does not interact with PaX, | |
28870 | + - "direct": if your MAC system defines pax_set_flags() itself, | |
28871 | + - "hook": if your MAC system uses the pax_set_flags_func callback. | |
28872 | + | |
28873 | + NOTE: this option is for developers/integrators only. | |
28874 | + | |
28875 | +config PAX_NO_ACL_FLAGS | |
28876 | + bool 'none' | |
28877 | + | |
28878 | +config PAX_HAVE_ACL_FLAGS | |
28879 | + bool 'direct' | |
28880 | + | |
28881 | +config PAX_HOOK_ACL_FLAGS | |
28882 | + bool 'hook' | |
28883 | +endchoice | |
28884 | + | |
28885 | +endmenu | |
28886 | + | |
28887 | +menu "Non-executable pages" | |
28888 | + depends on PAX | |
28889 | + | |
28890 | +config PAX_NOEXEC | |
28891 | + bool "Enforce non-executable pages" | |
28892 | + depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86 || X86_64) | |
28893 | + help | |
28894 | + By design some architectures do not allow for protecting memory | |
28895 | + pages against execution or even if they do, Linux does not make | |
28896 | + use of this feature. In practice this means that if a page is | |
28897 | + readable (such as the stack or heap) it is also executable. | |
28898 | + | |
28899 | + There is a well known exploit technique that makes use of this | |
28900 | + fact and a common programming mistake where an attacker can | |
28901 | + introduce code of his choice somewhere in the attacked program's | |
28902 | + memory (typically the stack or the heap) and then execute it. | |
28903 | + | |
28904 | + If the attacked program was running with different (typically | |
28905 | + higher) privileges than that of the attacker, then he can elevate | |
28906 | + his own privilege level (e.g. get a root shell, write to files for | |
28907 | + which he does not have write access to, etc). | |
28908 | + | |
28909 | + Enabling this option will let you choose from various features | |
28910 | + that prevent the injection and execution of 'foreign' code in | |
28911 | + a program. | |
28912 | + | |
28913 | + This will also break programs that rely on the old behaviour and | |
28914 | + expect that dynamically allocated memory via the malloc() family | |
28915 | + of functions is executable (which it is not). Notable examples | |
28916 | + are the XFree86 4.x server, the java runtime and wine. | |
28917 | + | |
28918 | +config PAX_PAGEEXEC | |
28919 | + bool "Paging based non-executable pages" | |
28920 | + depends on !COMPAT_VDSO && PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MPENTIUM4 || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2) | |
28921 | + help | |
28922 | + This implementation is based on the paging feature of the CPU. | |
28923 | + On i386 and ppc there is a variable but usually low performance | |
28924 | + impact on applications. On alpha, ia64, parisc, sparc, sparc64 | |
28925 | + and x86_64 there is no performance impact. | |
28926 | + | |
28927 | +config PAX_SEGMEXEC | |
28928 | + bool "Segmentation based non-executable pages" | |
28929 | + depends on !COMPAT_VDSO && PAX_NOEXEC && X86_32 | |
28930 | + help | |
28931 | + This implementation is based on the segmentation feature of the | |
28932 | + CPU and has little performance impact, however applications will | |
28933 | + be limited to a 1.5 GB address space instead of the normal 3 GB. | |
28934 | + | |
28935 | +choice | |
28936 | + prompt "Default non-executable page method" | |
28937 | + depends on PAX_PAGEEXEC && PAX_SEGMEXEC | |
28938 | + default PAX_DEFAULT_SEGMEXEC | |
28939 | + help | |
28940 | + Select the default non-executable page method applied to applications | |
28941 | + that do not select one themselves. | |
28942 | + | |
28943 | +config PAX_DEFAULT_PAGEEXEC | |
28944 | + bool "PAGEEXEC" | |
28945 | + | |
28946 | +config PAX_DEFAULT_SEGMEXEC | |
28947 | + bool "SEGMEXEC" | |
28948 | +endchoice | |
28949 | + | |
28950 | +config PAX_EMUTRAMP | |
28951 | + bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || PPC32 || X86_32) | |
28952 | + default y if PARISC || PPC32 | |
28953 | + help | |
28954 | + There are some programs and libraries that for one reason or | |
28955 | + another attempt to execute special small code snippets from | |
28956 | + non-executable memory pages. Most notable examples are the | |
28957 | + signal handler return code generated by the kernel itself and | |
28958 | + the GCC trampolines. | |
28959 | + | |
28960 | + If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then | |
28961 | + such programs will no longer work under your kernel. | |
28962 | + | |
28963 | + As a remedy you can say Y here and use the 'chpax' or 'paxctl' | |
28964 | + utilities to enable trampoline emulation for the affected programs | |
28965 | + yet still have the protection provided by the non-executable pages. | |
28966 | + | |
28967 | + On parisc and ppc you MUST enable this option and EMUSIGRT as | |
28968 | + well, otherwise your system will not even boot. | |
28969 | + | |
28970 | + Alternatively you can say N here and use the 'chpax' or 'paxctl' | |
28971 | + utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC | |
28972 | + for the affected files. | |
28973 | + | |
28974 | + NOTE: enabling this feature *may* open up a loophole in the | |
28975 | + protection provided by non-executable pages that an attacker | |
28976 | + could abuse. Therefore the best solution is to not have any | |
28977 | + files on your system that would require this option. This can | |
28978 | + be achieved by not using libc5 (which relies on the kernel | |
28979 | + signal handler return code) and not using or rewriting programs | |
28980 | + that make use of the nested function implementation of GCC. | |
28981 | + Skilled users can just fix GCC itself so that it implements | |
28982 | + nested function calls in a way that does not interfere with PaX. | |
28983 | + | |
28984 | +config PAX_EMUSIGRT | |
28985 | + bool "Automatically emulate sigreturn trampolines" | |
28986 | + depends on PAX_EMUTRAMP && (PARISC || PPC32) | |
28987 | + default y | |
28988 | + help | |
28989 | + Enabling this option will have the kernel automatically detect | |
28990 | + and emulate signal return trampolines executing on the stack | |
28991 | + that would otherwise lead to task termination. | |
28992 | + | |
28993 | + This solution is intended as a temporary one for users with | |
28994 | + legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17, | |
28995 | + Modula-3 runtime, etc) or executables linked to such, basically | |
28996 | + everything that does not specify its own SA_RESTORER function in | |
28997 | + normal executable memory like glibc 2.1+ does. | |
28998 | + | |
28999 | + On parisc and ppc you MUST enable this option, otherwise your | |
29000 | + system will not even boot. | |
29001 | + | |
29002 | + NOTE: this feature cannot be disabled on a per executable basis | |
29003 | + and since it *does* open up a loophole in the protection provided | |
29004 | + by non-executable pages, the best solution is to not have any | |
29005 | + files on your system that would require this option. | |
29006 | + | |
29007 | +config PAX_MPROTECT | |
29008 | + bool "Restrict mprotect()" | |
29009 | + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && !PPC64 | |
29010 | + help | |
29011 | + Enabling this option will prevent programs from | |
29012 | + - changing the executable status of memory pages that were | |
29013 | + not originally created as executable, | |
29014 | + - making read-only executable pages writable again, | |
29015 | + - creating executable pages from anonymous memory. | |
29016 | + | |
29017 | + You should say Y here to complete the protection provided by | |
29018 | + the enforcement of non-executable pages. | |
29019 | + | |
29020 | + NOTE: you can use the 'chpax' or 'paxctl' utilities to control | |
29021 | + this feature on a per file basis. | |
29022 | + | |
29023 | +config PAX_NOELFRELOCS | |
29024 | + bool "Disallow ELF text relocations" | |
29025 | + depends on PAX_MPROTECT && !PAX_ETEXECRELOCS && (IA64 || X86 || X86_64) | |
29026 | + help | |
29027 | + Non-executable pages and mprotect() restrictions are effective | |
29028 | + in preventing the introduction of new executable code into an | |
29029 | + attacked task's address space. There remain only two venues | |
29030 | + for this kind of attack: if the attacker can execute already | |
29031 | + existing code in the attacked task then he can either have it | |
29032 | + create and mmap() a file containing his code or have it mmap() | |
29033 | + an already existing ELF library that does not have position | |
29034 | + independent code in it and use mprotect() on it to make it | |
29035 | + writable and copy his code there. While protecting against | |
29036 | + the former approach is beyond PaX, the latter can be prevented | |
29037 | + by having only PIC ELF libraries on one's system (which do not | |
29038 | + need to relocate their code). If you are sure this is your case, | |
29039 | + then enable this option otherwise be careful as you may not even | |
29040 | + be able to boot or log on your system (for example, some PAM | |
29041 | + modules are erroneously compiled as non-PIC by default). | |
29042 | + | |
29043 | + NOTE: if you are using dynamic ELF executables (as suggested | |
29044 | + when using ASLR) then you must have made sure that you linked | |
29045 | + your files using the PIC version of crt1 (the et_dyn.tar.gz package | |
29046 | + referenced there has already been updated to support this). | |
29047 | + | |
29048 | +config PAX_ETEXECRELOCS | |
29049 | + bool "Allow ELF ET_EXEC text relocations" | |
29050 | + depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC) | |
29051 | + default y | |
29052 | + help | |
29053 | + On some architectures there are incorrectly created applications | |
29054 | + that require text relocations and would not work without enabling | |
29055 | + this option. If you are an alpha, ia64 or parisc user, you should | |
29056 | + enable this option and disable it once you have made sure that | |
29057 | + none of your applications need it. | |
29058 | + | |
29059 | +config PAX_EMUPLT | |
29060 | + bool "Automatically emulate ELF PLT" | |
29061 | + depends on PAX_MPROTECT && (ALPHA || PARISC || PPC32 || SPARC32 || SPARC64) | |
29062 | + default y | |
29063 | + help | |
29064 | + Enabling this option will have the kernel automatically detect | |
29065 | + and emulate the Procedure Linkage Table entries in ELF files. | |
29066 | + On some architectures such entries are in writable memory, and | |
29067 | + become non-executable leading to task termination. Therefore | |
29068 | + it is mandatory that you enable this option on alpha, parisc, ppc, | |
29069 | + sparc and sparc64, otherwise your system would not even boot. | |
29070 | + | |
29071 | + NOTE: this feature *does* open up a loophole in the protection | |
29072 | + provided by the non-executable pages, therefore the proper | |
29073 | + solution is to modify the toolchain to produce a PLT that does | |
29074 | + not need to be writable. | |
29075 | + | |
29076 | +config PAX_DLRESOLVE | |
29077 | + bool | |
29078 | + depends on PAX_EMUPLT && (SPARC32 || SPARC64) | |
29079 | + default y | |
29080 | + | |
29081 | +config PAX_SYSCALL | |
29082 | + bool | |
29083 | + depends on PAX_PAGEEXEC && PPC32 | |
29084 | + default y | |
29085 | + | |
29086 | +config PAX_KERNEXEC | |
29087 | + bool "Enforce non-executable kernel pages" | |
29088 | + depends on PAX_NOEXEC && X86_32 && !HOTPLUG_PCI_COMPAQ_NVRAM && !PCI_BIOS && !EFI && !COMPAT_VDSO && X86_WP_WORKS_OK | |
29089 | + help | |
29090 | + This is the kernel land equivalent of PAGEEXEC and MPROTECT, | |
29091 | + that is, enabling this option will make it harder to inject | |
29092 | + and execute 'foreign' code in kernel memory itself. | |
29093 | + | |
29094 | +endmenu | |
29095 | + | |
29096 | +menu "Address Space Layout Randomization" | |
29097 | + depends on PAX | |
29098 | + | |
29099 | +config PAX_ASLR | |
29100 | + bool "Address Space Layout Randomization" | |
29101 | + depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS | |
29102 | + help | |
29103 | + Many if not most exploit techniques rely on the knowledge of | |
29104 | + certain addresses in the attacked program. The following options | |
29105 | + will allow the kernel to apply a certain amount of randomization | |
29106 | + to specific parts of the program thereby forcing an attacker to | |
29107 | + guess them in most cases. Any failed guess will most likely crash | |
29108 | + the attacked program which allows the kernel to detect such attempts | |
29109 | + and react on them. PaX itself provides no reaction mechanisms, | |
29110 | + instead it is strongly encouraged that you make use of Nergal's | |
29111 | + segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's | |
29112 | + (http://www.grsecurity.net/) built-in crash detection features or | |
29113 | + develop one yourself. | |
29114 | + | |
29115 | + By saying Y here you can choose to randomize the following areas: | |
29116 | + - top of the task's kernel stack | |
29117 | + - top of the task's userland stack | |
29118 | + - base address for mmap() requests that do not specify one | |
29119 | + (this includes all libraries) | |
29120 | + - base address of the main executable | |
29121 | + | |
29122 | + It is strongly recommended to say Y here as address space layout | |
29123 | + randomization has negligible impact on performance yet it provides | |
29124 | + a very effective protection. | |
29125 | + | |
29126 | + NOTE: you can use the 'chpax' or 'paxctl' utilities to control | |
29127 | + this feature on a per file basis. | |
29128 | + | |
29129 | +config PAX_RANDKSTACK | |
29130 | + bool "Randomize kernel stack base" | |
29131 | + depends on PAX_ASLR && X86_TSC && X86_32 | |
29132 | + help | |
29133 | + By saying Y here the kernel will randomize every task's kernel | |
29134 | + stack on every system call. This will not only force an attacker | |
29135 | + to guess it but also prevent him from making use of possible | |
29136 | + leaked information about it. | |
29137 | + | |
29138 | + Since the kernel stack is a rather scarce resource, randomization | |
29139 | + may cause unexpected stack overflows, therefore you should very | |
29140 | + carefully test your system. Note that once enabled in the kernel | |
29141 | + configuration, this feature cannot be disabled on a per file basis. | |
29142 | + | |
29143 | +config PAX_RANDUSTACK | |
29144 | + bool "Randomize user stack base" | |
29145 | + depends on PAX_ASLR | |
29146 | + help | |
29147 | + By saying Y here the kernel will randomize every task's userland | |
29148 | + stack. The randomization is done in two steps where the second | |
29149 | + one may apply a big amount of shift to the top of the stack and | |
29150 | + cause problems for programs that want to use lots of memory (more | |
29151 | + than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is). | |
29152 | + For this reason the second step can be controlled by 'chpax' or | |
29153 | + 'paxctl' on a per file basis. | |
29154 | + | |
29155 | +config PAX_RANDMMAP | |
29156 | + bool "Randomize mmap() base" | |
29157 | + depends on PAX_ASLR | |
29158 | + help | |
29159 | + By saying Y here the kernel will use a randomized base address for | |
29160 | + mmap() requests that do not specify one themselves. As a result | |
29161 | + all dynamically loaded libraries will appear at random addresses | |
29162 | + and therefore be harder to exploit by a technique where an attacker | |
29163 | + attempts to execute library code for his purposes (e.g. spawn a | |
29164 | + shell from an exploited program that is running at an elevated | |
29165 | + privilege level). | |
29166 | + | |
29167 | + Furthermore, if a program is relinked as a dynamic ELF file, its | |
29168 | + base address will be randomized as well, completing the full | |
29169 | + randomization of the address space layout. Attacking such programs | |
29170 | + becomes a guess game. You can find an example of doing this at | |
29171 | + http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at | |
29172 | + http://www.grsecurity.net/grsec-gcc-specs.tar.gz . | |
29173 | + | |
29174 | + NOTE: you can use the 'chpax' or 'paxctl' utilities to control this | |
29175 | + feature on a per file basis. | |
29176 | + | |
29177 | +endmenu | |
29178 | + | |
29179 | +menu "Miscellaneous hardening features" | |
29180 | + | |
29181 | +config PAX_MEMORY_SANITIZE | |
29182 | + bool "Sanitize all freed memory" | |
29183 | + help | |
29184 | + By saying Y here the kernel will erase memory pages as soon as they | |
29185 | + are freed. This in turn reduces the lifetime of data stored in the | |
29186 | + pages, making it less likely that sensitive information such as | |
29187 | + passwords, cryptographic secrets, etc stay in memory for too long. | |
29188 | + | |
29189 | + This is especially useful for programs whose runtime is short, long | |
29190 | + lived processes and the kernel itself benefit from this as long as | |
29191 | + they operate on whole memory pages and ensure timely freeing of pages | |
29192 | + that may hold sensitive information. | |
29193 | + | |
29194 | + The tradeoff is performance impact, on a single CPU system kernel | |
29195 | + compilation sees a 3% slowdown, other systems and workloads may vary | |
29196 | + and you are advised to test this feature on your expected workload | |
29197 | + before deploying it. | |
29198 | + | |
29199 | + Note that this feature does not protect data stored in live pages, | |
29200 | + e.g., process memory swapped to disk may stay there for a long time. | |
29201 | + | |
29202 | +config PAX_MEMORY_UDEREF | |
29203 | + bool "Prevent invalid userland pointer dereference" | |
29204 | + depends on X86_32 && !COMPAT_VDSO | |
29205 | + help | |
29206 | + By saying Y here the kernel will be prevented from dereferencing | |
29207 | + userland pointers in contexts where the kernel expects only kernel | |
29208 | + pointers. This is both a useful runtime debugging feature and a | |
29209 | + security measure that prevents exploiting a class of kernel bugs. | |
29210 | + | |
29211 | + The tradeoff is that some virtualization solutions may experience | |
29212 | + a huge slowdown and therefore you should not enable this feature | |
29213 | + for kernels meant to run in such environments. Whether a given VM | |
29214 | + solution is affected or not is best determined by simply trying it | |
29215 | + out, the performance impact will be obvious right on boot as this | |
29216 | + mechanism engages from very early on. A good rule of thumb is that | |
29217 | + VMs running on CPUs without hardware virtualization support (i.e., | |
29218 | + the majority of IA-32 CPUs) will likely experience the slowdown. | |
29219 | + | |
29220 | +endmenu | |
29221 | + | |
29222 | +endmenu | |
29223 | + | |
29224 | +source grsecurity/Kconfig | |
29225 | + | |
29226 | config KEYS | |
29227 | bool "Enable access key retention support" | |
29228 | help | |
29229 | diff -urNp linux-2.6.19.1/sound/core/oss/pcm_oss.c linux-2.6.19.1/sound/core/oss/pcm_oss.c | |
29230 | --- linux-2.6.19.1/sound/core/oss/pcm_oss.c 2006-11-29 16:57:37.000000000 -0500 | |
29231 | +++ linux-2.6.19.1/sound/core/oss/pcm_oss.c 2006-12-03 15:16:30.000000000 -0500 | |
29232 | @@ -2853,8 +2853,8 @@ static void snd_pcm_oss_proc_done(struct | |
29233 | } | |
29234 | } | |
29235 | #else /* !CONFIG_SND_VERBOSE_PROCFS */ | |
29236 | -#define snd_pcm_oss_proc_init(pcm) | |
29237 | -#define snd_pcm_oss_proc_done(pcm) | |
29238 | +#define snd_pcm_oss_proc_init(pcm) do {} while (0) | |
29239 | +#define snd_pcm_oss_proc_done(pcm) do {} while (0) | |
29240 | #endif /* CONFIG_SND_VERBOSE_PROCFS */ | |
29241 | ||
29242 | /* | |
29243 | diff -urNp linux-2.6.19.1/sound/core/seq/seq_lock.h linux-2.6.19.1/sound/core/seq/seq_lock.h | |
29244 | --- linux-2.6.19.1/sound/core/seq/seq_lock.h 2006-11-29 16:57:37.000000000 -0500 | |
29245 | +++ linux-2.6.19.1/sound/core/seq/seq_lock.h 2006-12-03 15:16:30.000000000 -0500 | |
29246 | @@ -23,10 +23,10 @@ void snd_use_lock_sync_helper(snd_use_lo | |
29247 | #else /* SMP || CONFIG_SND_DEBUG */ | |
29248 | ||
29249 | typedef spinlock_t snd_use_lock_t; /* dummy */ | |
29250 | -#define snd_use_lock_init(lockp) /**/ | |
29251 | -#define snd_use_lock_use(lockp) /**/ | |
29252 | -#define snd_use_lock_free(lockp) /**/ | |
29253 | -#define snd_use_lock_sync(lockp) /**/ | |
29254 | +#define snd_use_lock_init(lockp) do {} while (0) | |
29255 | +#define snd_use_lock_use(lockp) do {} while (0) | |
29256 | +#define snd_use_lock_free(lockp) do {} while (0) | |
29257 | +#define snd_use_lock_sync(lockp) do {} while (0) | |
29258 | ||
29259 | #endif /* SMP || CONFIG_SND_DEBUG */ | |
29260 |