[packages/kernel.git] / linux-2.4.20-grsecurity-1.9.9-rc3-kmem.patch

diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
--- linux-2.4.20.org/drivers/char/mem.c	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/drivers/char/mem.c	Sat Feb  1 11:44:42 2003
@@ -115,10 +115,10 @@
 	unsigned long p = *ppos;
 	unsigned long end_mem;
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_secure_kmem){
 	gr_handle_mem_write();
 	return -EPERM;
-#endif
+}
 
 	end_mem = __pa(high_memory);
 	if (p >= end_mem)
@@ -192,10 +192,10 @@
 {
 	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+if (grsec_secure_kmem){
 	if (gr_handle_mem_mmap(offset, vma))
 		return -EPERM;
-#endif
+}
 
 
 	/*
@@ -297,10 +297,10 @@
 	ssize_t virtr = 0;
 	char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_secure_kmem){
 	gr_handle_kmem_write();
 	return -EPERM;
-#endif
+}
 
 	if (p < (unsigned long) high_memory) {
 		wrote = count;
@@ -534,10 +534,10 @@
 
 static int open_port(struct inode * inode, struct file * filp)
 {
-#ifdef CONFIG_GRKERNSEC_KMEM
+if(grsec_secure_kmem){
 	gr_handle_open_port();
 	return -EPERM;
-#endif
+}
 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }
 
diff -Nur linux-2.4.20.org/grsecurity/grsecurity.c linux-2.4.20/grsecurity/grsecurity.c
--- linux-2.4.20.org/grsecurity/grsecurity.c	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/grsecurity/grsecurity.c	Sat Feb  1 11:40:46 2003
@@ -56,6 +56,7 @@
 int grsec_socket_client_gid;
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
+int grsec_secure_kmem;
 int grsec_lock;
 
 /* 
@@ -174,6 +175,9 @@
 grsec_enable_socket_server = 1;
 grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+grsec_secure_kmem = 1;
+#endif
 #endif
 
 return;
diff -Nur linux-2.4.20.org/include/linux/grinternal.h linux-2.4.20/include/linux/grinternal.h
--- linux-2.4.20.org/include/linux/grinternal.h	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/include/linux/grinternal.h	Sat Feb  1 11:39:19 2003
@@ -63,6 +63,7 @@
 extern int grsec_enable_audit_ipc;
 extern int grsec_enable_mount;
 extern int grsec_enable_chdir;
+extern int grsec_secure_kmem;
 extern int grsec_lock;
 
 extern struct task_struct *child_reaper;
diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
--- linux-2.4.20.org/kernel/sysctl.c	Sat Feb  1 11:29:04 2003
+++ linux-2.4.20/kernel/sysctl.c	Sat Feb  1 11:40:06 2003
@@ -281,7 +281,7 @@
 GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
-GS_FINDTASK, GS_LOCK};
+GS_FINDTASK, GS_LOCK, GS_KMEM};
 
 static ctl_table grsecurity_table[] = {
 	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
@@ -443,6 +443,10 @@
 	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask, 
 	 sizeof (int), 0600, NULL, &proc_dointvec},
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+	{GS_FINDTASK, "kmem", &grsec_secure_kmem, 
+	 sizeof (int), 0600, NULL, &proc_dointvec},
+#endif
 	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
 	 &proc_dointvec},
 #endif
Commit	Line	Data
037ee48d	1	diff -Nur linux-2.4.20.org/drivers/char/mem.c linux-2.4.20/drivers/char/mem.c
	2	--- linux-2.4.20.org/drivers/char/mem.c Sat Feb 1 11:29:04 2003
	3	+++ linux-2.4.20/drivers/char/mem.c Sat Feb 1 11:44:42 2003
	4	@@ -115,10 +115,10 @@
	5	unsigned long p = *ppos;
	6	unsigned long end_mem;
	7
	8	-#ifdef CONFIG_GRKERNSEC_KMEM
	9	+if(grsec_secure_kmem){
	10	gr_handle_mem_write();
	11	return -EPERM;
	12	-#endif
	13	+}
	14
	15	end_mem = __pa(high_memory);
	16	if (p >= end_mem)
	17	@@ -192,10 +192,10 @@
	18	{
	19	unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
	20
	21	-#ifdef CONFIG_GRKERNSEC_KMEM
	22	+if (grsec_secure_kmem){
	23	if (gr_handle_mem_mmap(offset, vma))
	24	return -EPERM;
	25	-#endif
	26	+}
	27
	28
	29	/*
	30	@@ -297,10 +297,10 @@
	31	ssize_t virtr = 0;
	32	char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
	33
	34	-#ifdef CONFIG_GRKERNSEC_KMEM
	35	+if(grsec_secure_kmem){
	36	gr_handle_kmem_write();
	37	return -EPERM;
	38	-#endif
	39	+}
	40
	41	if (p < (unsigned long) high_memory) {
	42	wrote = count;
	43	@@ -534,10 +534,10 @@
	44
	45	static int open_port(struct inode * inode, struct file * filp)
	46	{
	47	-#ifdef CONFIG_GRKERNSEC_KMEM
	48	+if(grsec_secure_kmem){
	49	gr_handle_open_port();
	50	return -EPERM;
	51	-#endif
	52	+}
	53	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
	54	}
	55
	56	diff -Nur linux-2.4.20.org/grsecurity/grsecurity.c linux-2.4.20/grsecurity/grsecurity.c
	57	--- linux-2.4.20.org/grsecurity/grsecurity.c Sat Feb 1 11:29:04 2003
	58	+++ linux-2.4.20/grsecurity/grsecurity.c Sat Feb 1 11:40:46 2003
	59	@@ -56,6 +56,7 @@
	60	int grsec_socket_client_gid;
	61	int grsec_enable_socket_server;
	62	int grsec_socket_server_gid;
	63	+int grsec_secure_kmem;
	64	int grsec_lock;
65
66	/*
67	@@ -174,6 +175,9 @@
68	grsec_enable_socket_server = 1;
69	grsec_socket_server_gid= CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
70	#endif
71	+#ifdef CONFIG_GRKERNSEC_KMEM
72	+grsec_secure_kmem = 1;
73	+#endif
74	#endif
75
76	return;
77	diff -Nur linux-2.4.20.org/include/linux/grinternal.h linux-2.4.20/include/linux/grinternal.h
78	--- linux-2.4.20.org/include/linux/grinternal.h Sat Feb 1 11:29:04 2003
79	+++ linux-2.4.20/include/linux/grinternal.h Sat Feb 1 11:39:19 2003
80	@@ -63,6 +63,7 @@
81	extern int grsec_enable_audit_ipc;
82	extern int grsec_enable_mount;
83	extern int grsec_enable_chdir;
84	+extern int grsec_secure_kmem;
85	extern int grsec_lock;
86
87	extern struct task_struct *child_reaper;
88	diff -Nur linux-2.4.20.org/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
89	--- linux-2.4.20.org/kernel/sysctl.c Sat Feb 1 11:29:04 2003
90	+++ linux-2.4.20/kernel/sysctl.c Sat Feb 1 11:40:06 2003
91	@@ -281,7 +281,7 @@
92	GS_RANDPING, GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
93	GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
94	GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
95	-GS_FINDTASK, GS_LOCK};
96	+GS_FINDTASK, GS_LOCK, GS_KMEM};
97
98	static ctl_table grsecurity_table[] = {
99	{GS_ACL,"acl", NULL, sizeof(int), 0600, NULL, &gr_proc_handler},
100	@@ -443,6 +443,10 @@
101	{GS_FINDTASK, "chroot_findtask", &grsec_enable_chroot_findtask,
102	sizeof (int), 0600, NULL, &proc_dointvec},
103	#endif
104	+#ifdef CONFIG_GRKERNSEC_KMEM
105	+ {GS_FINDTASK, "kmem", &grsec_secure_kmem,
106	+ sizeof (int), 0600, NULL, &proc_dointvec},
107	+#endif
108	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
109	&proc_dointvec},
110	#endif