diff options
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.43-201107191826.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.43-201107142110.patch) | 110 | ||||
-rw-r--r-- | 2.6.39/0000_README | 2 | ||||
-rw-r--r-- | 2.6.39/4420_grsecurity-2.2.2-2.6.39.3-201107191826.patch (renamed from 2.6.39/4420_grsecurity-2.2.2-2.6.39.3-201107161559.patch) | 99 |
4 files changed, 142 insertions, 71 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index b4d5b5c..d1f7ce8 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.32.43-201107142110.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.43-201107191826.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.43-201107142110.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.43-201107191826.patch index f729b69..27cdae4 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.43-201107142110.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.43-201107191826.patch @@ -15572,8 +15572,18 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/module.c linux-2.6.32.43/arch/x86/ker goto overflow; diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/kernel/paravirt.c --- linux-2.6.32.43/arch/x86/kernel/paravirt.c 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.43/arch/x86/kernel/paravirt.c 2011-05-16 21:46:57.000000000 -0400 -@@ -122,7 +122,7 @@ unsigned paravirt_patch_jmp(void *insnbu ++++ linux-2.6.32.43/arch/x86/kernel/paravirt.c 2011-07-19 18:26:50.000000000 -0400 +@@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x) + { + return x; + } ++#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) ++PV_CALLEE_SAVE_REGS_THUNK(_paravirt_ident_64); ++#endif + + void __init default_banner(void) + { +@@ -122,7 +125,7 @@ unsigned paravirt_patch_jmp(void *insnbu * corresponding structure. */ static void *get_call_destination(u8 type) { @@ -15582,7 +15592,7 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k .pv_init_ops = pv_init_ops, .pv_time_ops = pv_time_ops, .pv_cpu_ops = pv_cpu_ops, -@@ -133,6 +133,9 @@ static void *get_call_destination(u8 typ +@@ -133,6 +136,9 @@ static void *get_call_destination(u8 typ .pv_lock_ops = pv_lock_ops, #endif }; @@ -15592,7 +15602,7 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k return *((void **)&tmpl + type); } -@@ -145,14 +148,14 @@ unsigned paravirt_patch_default(u8 type, +@@ -145,15 +151,19 @@ unsigned paravirt_patch_default(u8 type, if (opfunc == NULL) /* If there's no function, patch it with a ud2a (BUG) */ ret = paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a)); @@ -15608,9 +15618,14 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k - else if (opfunc == _paravirt_ident_64) + else if (opfunc == (void *)_paravirt_ident_64) ret = paravirt_patch_ident_64(insnbuf, len); ++#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) ++ else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64) ++ ret = paravirt_patch_ident_64(insnbuf, len); ++#endif else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || -@@ -178,7 +181,7 @@ unsigned paravirt_patch_insns(void *insn + type == PARAVIRT_PATCH(pv_cpu_ops.irq_enable_sysexit) || +@@ -178,7 +188,7 @@ unsigned paravirt_patch_insns(void *insn if (insn_len > len || start == NULL) insn_len = len; else @@ -15619,7 +15634,7 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k return insn_len; } -@@ -294,22 +297,22 @@ void arch_flush_lazy_mmu_mode(void) +@@ -294,22 +304,22 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } @@ -15646,7 +15661,7 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -321,7 +324,7 @@ struct pv_irq_ops pv_irq_ops = { +@@ -321,7 +331,7 @@ struct pv_irq_ops pv_irq_ops = { #endif }; @@ -15655,7 +15670,7 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k .cpuid = native_cpuid, .get_debugreg = native_get_debugreg, .set_debugreg = native_set_debugreg, -@@ -382,7 +385,7 @@ struct pv_cpu_ops pv_cpu_ops = { +@@ -382,21 +392,26 @@ struct pv_cpu_ops pv_cpu_ops = { .end_context_switch = paravirt_nop, }; @@ -15664,7 +15679,19 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k #ifdef CONFIG_X86_LOCAL_APIC .startup_ipi_hook = paravirt_nop, #endif -@@ -396,7 +399,7 @@ struct pv_apic_ops pv_apic_ops = { + }; + +-#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_PAE) ++#ifdef CONFIG_X86_32 ++#ifdef CONFIG_X86_PAE ++/* 64-bit pagetable entries */ ++#define PTE_IDENT PV_CALLEE_SAVE(_paravirt_ident_64) ++#else + /* 32-bit pagetable entries */ + #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_32) ++#endif + #else + /* 64-bit pagetable entries */ #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64) #endif @@ -15673,7 +15700,7 @@ diff -urNp linux-2.6.32.43/arch/x86/kernel/paravirt.c linux-2.6.32.43/arch/x86/k .read_cr2 = native_read_cr2, .write_cr2 = native_write_cr2, -@@ -467,6 +470,12 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -467,6 +482,12 @@ struct pv_mmu_ops pv_mmu_ops = { }, .set_fixmap = native_set_fixmap, @@ -20339,8 +20366,16 @@ diff -urNp linux-2.6.32.43/arch/x86/lib/usercopy_64.c linux-2.6.32.43/arch/x86/l diff -urNp linux-2.6.32.43/arch/x86/Makefile linux-2.6.32.43/arch/x86/Makefile --- linux-2.6.32.43/arch/x86/Makefile 2011-03-27 14:31:47.000000000 -0400 -+++ linux-2.6.32.43/arch/x86/Makefile 2011-04-17 15:56:46.000000000 -0400 -@@ -189,3 +189,12 @@ define archhelp ++++ linux-2.6.32.43/arch/x86/Makefile 2011-07-19 18:16:02.000000000 -0400 +@@ -44,6 +44,7 @@ ifeq ($(CONFIG_X86_32),y) + else + BITS := 64 + UTS_MACHINE := x86_64 ++ biarch := $(call cc-option,-m64) + CHECKFLAGS += -D__x86_64__ -m64 + + KBUILD_AFLAGS += -m64 +@@ -189,3 +190,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -50202,8 +50237,8 @@ diff -urNp linux-2.6.32.43/grsecurity/grsec_chdir.c linux-2.6.32.43/grsecurity/g +} diff -urNp linux-2.6.32.43/grsecurity/grsec_chroot.c linux-2.6.32.43/grsecurity/grsec_chroot.c --- linux-2.6.32.43/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.32.43/grsecurity/grsec_chroot.c 2011-07-14 19:24:30.000000000 -0400 -@@ -0,0 +1,378 @@ ++++ linux-2.6.32.43/grsecurity/grsec_chroot.c 2011-07-18 17:14:10.000000000 -0400 +@@ -0,0 +1,384 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -50429,14 +50464,19 @@ diff -urNp linux-2.6.32.43/grsecurity/grsec_chroot.c linux-2.6.32.43/grsecurity/ + + if ((p = find_task_by_vpid_unrestricted(shm_cprid))) { + starttime = p->start_time.tv_sec; -+ if (unlikely(!have_same_root(current, p) && -+ time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) { -+ read_unlock(&tasklist_lock); -+ rcu_read_unlock(); -+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); -+ return 0; ++ if (time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime)) { ++ if (have_same_root(current, p)) { ++ goto allow; ++ } else { ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); ++ return 0; ++ } + } -+ } else if ((p = find_task_by_vpid_unrestricted(shm_lapid))) { ++ /* creator exited, pid reuse, fall through to next check */ ++ } ++ if ((p = find_task_by_vpid_unrestricted(shm_lapid))) { + if (unlikely(!have_same_root(current, p))) { + read_unlock(&tasklist_lock); + rcu_read_unlock(); @@ -50445,6 +50485,7 @@ diff -urNp linux-2.6.32.43/grsecurity/grsec_chroot.c linux-2.6.32.43/grsecurity/ + } + } + ++allow: + read_unlock(&tasklist_lock); + rcu_read_unlock(); +#endif @@ -70775,7 +70816,7 @@ diff -urNp linux-2.6.32.43/net/sysctl_net.c linux-2.6.32.43/net/sysctl_net.c } diff -urNp linux-2.6.32.43/net/unix/af_unix.c linux-2.6.32.43/net/unix/af_unix.c --- linux-2.6.32.43/net/unix/af_unix.c 2011-05-10 22:12:02.000000000 -0400 -+++ linux-2.6.32.43/net/unix/af_unix.c 2011-05-10 22:12:34.000000000 -0400 ++++ linux-2.6.32.43/net/unix/af_unix.c 2011-07-18 18:17:33.000000000 -0400 @@ -745,6 +745,12 @@ static struct sock *unix_find_other(stru err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) @@ -70822,18 +70863,7 @@ diff -urNp linux-2.6.32.43/net/unix/af_unix.c linux-2.6.32.43/net/unix/af_unix.c mutex_unlock(&nd.path.dentry->d_inode->i_mutex); dput(nd.path.dentry); nd.path.dentry = dentry; -@@ -872,6 +892,10 @@ out_mknod_drop_write: - goto out_unlock; - } - -+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX -+ sk->sk_peercred.pid = current->pid; -+#endif -+ - list = &unix_socket_table[addr->hash]; - } else { - list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)]; -@@ -2211,7 +2235,11 @@ static int unix_seq_show(struct seq_file +@@ -2211,7 +2231,11 @@ static int unix_seq_show(struct seq_file unix_state_lock(s); seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu", @@ -71245,6 +71275,18 @@ diff -urNp linux-2.6.32.43/scripts/mod/sumversion.c linux-2.6.32.43/scripts/mod/ warn("writing sum in %s failed: %s\n", filename, strerror(errno)); goto out; +diff -urNp linux-2.6.32.43/scripts/package/mkspec linux-2.6.32.43/scripts/package/mkspec +--- linux-2.6.32.43/scripts/package/mkspec 2011-03-27 14:31:47.000000000 -0400 ++++ linux-2.6.32.43/scripts/package/mkspec 2011-07-19 18:19:12.000000000 -0400 +@@ -70,7 +70,7 @@ echo 'mkdir -p $RPM_BUILD_ROOT/boot $RPM + echo 'mkdir -p $RPM_BUILD_ROOT/lib/firmware' + echo "%endif" + +-echo 'INSTALL_MOD_PATH=$RPM_BUILD_ROOT make %{_smp_mflags} KBUILD_SRC= modules_install' ++echo 'INSTALL_MOD_PATH=$RPM_BUILD_ROOT make %{?_smp_mflags} KBUILD_SRC= modules_install' + echo "%ifarch ia64" + echo 'cp $KBUILD_IMAGE $RPM_BUILD_ROOT'"/boot/efi/vmlinuz-$KERNELRELEASE" + echo 'ln -s '"efi/vmlinuz-$KERNELRELEASE" '$RPM_BUILD_ROOT'"/boot/" diff -urNp linux-2.6.32.43/scripts/pnmtologo.c linux-2.6.32.43/scripts/pnmtologo.c --- linux-2.6.32.43/scripts/pnmtologo.c 2011-03-27 14:31:47.000000000 -0400 +++ linux-2.6.32.43/scripts/pnmtologo.c 2011-04-17 15:56:46.000000000 -0400 diff --git a/2.6.39/0000_README b/2.6.39/0000_README index 4559efd..66fcae4 100644 --- a/2.6.39/0000_README +++ b/2.6.39/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.39.3-201107161559.patch +Patch: 4420_grsecurity-2.2.2-2.6.39.3-201107191826.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.39/4420_grsecurity-2.2.2-2.6.39.3-201107161559.patch b/2.6.39/4420_grsecurity-2.2.2-2.6.39.3-201107191826.patch index b63ab98..f85e905 100644 --- a/2.6.39/4420_grsecurity-2.2.2-2.6.39.3-201107161559.patch +++ b/2.6.39/4420_grsecurity-2.2.2-2.6.39.3-201107191826.patch @@ -16527,8 +16527,18 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/module.c linux-2.6.39.3/arch/x86/kerne goto overflow; diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/kernel/paravirt.c --- linux-2.6.39.3/arch/x86/kernel/paravirt.c 2011-05-19 00:06:34.000000000 -0400 -+++ linux-2.6.39.3/arch/x86/kernel/paravirt.c 2011-05-22 19:36:30.000000000 -0400 -@@ -122,7 +122,7 @@ unsigned paravirt_patch_jmp(void *insnbu ++++ linux-2.6.39.3/arch/x86/kernel/paravirt.c 2011-07-19 18:26:58.000000000 -0400 +@@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x) + { + return x; + } ++#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) ++PV_CALLEE_SAVE_REGS_THUNK(_paravirt_ident_64); ++#endif + + void __init default_banner(void) + { +@@ -122,7 +125,7 @@ unsigned paravirt_patch_jmp(void *insnbu * corresponding structure. */ static void *get_call_destination(u8 type) { @@ -16537,7 +16547,7 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker .pv_init_ops = pv_init_ops, .pv_time_ops = pv_time_ops, .pv_cpu_ops = pv_cpu_ops, -@@ -133,6 +133,9 @@ static void *get_call_destination(u8 typ +@@ -133,6 +136,9 @@ static void *get_call_destination(u8 typ .pv_lock_ops = pv_lock_ops, #endif }; @@ -16547,7 +16557,7 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker return *((void **)&tmpl + type); } -@@ -145,14 +148,14 @@ unsigned paravirt_patch_default(u8 type, +@@ -145,15 +151,19 @@ unsigned paravirt_patch_default(u8 type, if (opfunc == NULL) /* If there's no function, patch it with a ud2a (BUG) */ ret = paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a)); @@ -16563,9 +16573,14 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker - else if (opfunc == _paravirt_ident_64) + else if (opfunc == (void *)_paravirt_ident_64) ret = paravirt_patch_ident_64(insnbuf, len); ++#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) ++ else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64) ++ ret = paravirt_patch_ident_64(insnbuf, len); ++#endif else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || -@@ -178,7 +181,7 @@ unsigned paravirt_patch_insns(void *insn + type == PARAVIRT_PATCH(pv_cpu_ops.irq_enable_sysexit) || +@@ -178,7 +188,7 @@ unsigned paravirt_patch_insns(void *insn if (insn_len > len || start == NULL) insn_len = len; else @@ -16574,7 +16589,7 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker return insn_len; } -@@ -294,22 +297,22 @@ void arch_flush_lazy_mmu_mode(void) +@@ -294,22 +304,22 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } @@ -16601,7 +16616,7 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -321,7 +324,7 @@ struct pv_irq_ops pv_irq_ops = { +@@ -321,7 +331,7 @@ struct pv_irq_ops pv_irq_ops = { #endif }; @@ -16610,7 +16625,7 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker .cpuid = native_cpuid, .get_debugreg = native_get_debugreg, .set_debugreg = native_set_debugreg, -@@ -382,7 +385,7 @@ struct pv_cpu_ops pv_cpu_ops = { +@@ -382,21 +392,26 @@ struct pv_cpu_ops pv_cpu_ops = { .end_context_switch = paravirt_nop, }; @@ -16619,7 +16634,19 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker #ifdef CONFIG_X86_LOCAL_APIC .startup_ipi_hook = paravirt_nop, #endif -@@ -396,7 +399,7 @@ struct pv_apic_ops pv_apic_ops = { + }; + +-#if defined(CONFIG_X86_32) && !defined(CONFIG_X86_PAE) ++#ifdef CONFIG_X86_32 ++#ifdef CONFIG_X86_PAE ++/* 64-bit pagetable entries */ ++#define PTE_IDENT PV_CALLEE_SAVE(_paravirt_ident_64) ++#else + /* 32-bit pagetable entries */ + #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_32) ++#endif + #else + /* 64-bit pagetable entries */ #define PTE_IDENT __PV_IS_CALLEE_SAVE(_paravirt_ident_64) #endif @@ -16628,7 +16655,7 @@ diff -urNp linux-2.6.39.3/arch/x86/kernel/paravirt.c linux-2.6.39.3/arch/x86/ker .read_cr2 = native_read_cr2, .write_cr2 = native_write_cr2, -@@ -465,6 +468,12 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -465,6 +480,12 @@ struct pv_mmu_ops pv_mmu_ops = { }, .set_fixmap = native_set_fixmap, @@ -21193,8 +21220,16 @@ diff -urNp linux-2.6.39.3/arch/x86/lib/usercopy_64.c linux-2.6.39.3/arch/x86/lib diff -urNp linux-2.6.39.3/arch/x86/Makefile linux-2.6.39.3/arch/x86/Makefile --- linux-2.6.39.3/arch/x86/Makefile 2011-05-19 00:06:34.000000000 -0400 -+++ linux-2.6.39.3/arch/x86/Makefile 2011-05-22 19:36:30.000000000 -0400 -@@ -195,3 +195,12 @@ define archhelp ++++ linux-2.6.39.3/arch/x86/Makefile 2011-07-19 18:16:36.000000000 -0400 +@@ -44,6 +44,7 @@ ifeq ($(CONFIG_X86_32),y) + else + BITS := 64 + UTS_MACHINE := x86_64 ++ biarch := $(call cc-option,-m64) + CHECKFLAGS += -D__x86_64__ -m64 + + KBUILD_AFLAGS += -m64 +@@ -195,3 +196,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -57458,8 +57493,8 @@ diff -urNp linux-2.6.39.3/grsecurity/grsec_chdir.c linux-2.6.39.3/grsecurity/grs +} diff -urNp linux-2.6.39.3/grsecurity/grsec_chroot.c linux-2.6.39.3/grsecurity/grsec_chroot.c --- linux-2.6.39.3/grsecurity/grsec_chroot.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux-2.6.39.3/grsecurity/grsec_chroot.c 2011-07-16 15:27:28.000000000 -0400 -@@ -0,0 +1,343 @@ ++++ linux-2.6.39.3/grsecurity/grsec_chroot.c 2011-07-18 17:20:05.000000000 -0400 +@@ -0,0 +1,349 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -57650,14 +57685,19 @@ diff -urNp linux-2.6.39.3/grsecurity/grsec_chroot.c linux-2.6.39.3/grsecurity/gr + + if ((p = find_task_by_vpid_unrestricted(shm_cprid))) { + starttime = p->start_time.tv_sec; -+ if (unlikely(!have_same_root(current, p) && -+ time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) { -+ read_unlock(&tasklist_lock); -+ rcu_read_unlock(); -+ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); -+ return 0; ++ if (time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime)) { ++ if (have_same_root(current, p)) { ++ goto allow; ++ } else { ++ read_unlock(&tasklist_lock); ++ rcu_read_unlock(); ++ gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG); ++ return 0; ++ } + } -+ } else if ((p = find_task_by_vpid_unrestricted(shm_lapid))) { ++ /* creator exited, pid reuse, fall through to next check */ ++ } ++ if ((p = find_task_by_vpid_unrestricted(shm_lapid))) { + if (unlikely(!have_same_root(current, p))) { + read_unlock(&tasklist_lock); + rcu_read_unlock(); @@ -57666,6 +57706,7 @@ diff -urNp linux-2.6.39.3/grsecurity/grsec_chroot.c linux-2.6.39.3/grsecurity/gr + } + } + ++allow: + read_unlock(&tasklist_lock); + rcu_read_unlock(); +#endif @@ -79332,7 +79373,7 @@ diff -urNp linux-2.6.39.3/net/sysctl_net.c linux-2.6.39.3/net/sysctl_net.c } diff -urNp linux-2.6.39.3/net/unix/af_unix.c linux-2.6.39.3/net/unix/af_unix.c --- linux-2.6.39.3/net/unix/af_unix.c 2011-05-19 00:06:34.000000000 -0400 -+++ linux-2.6.39.3/net/unix/af_unix.c 2011-07-16 15:36:42.000000000 -0400 ++++ linux-2.6.39.3/net/unix/af_unix.c 2011-07-18 18:16:27.000000000 -0400 @@ -767,6 +767,12 @@ static struct sock *unix_find_other(stru err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) @@ -79379,19 +79420,7 @@ diff -urNp linux-2.6.39.3/net/unix/af_unix.c linux-2.6.39.3/net/unix/af_unix.c mutex_unlock(&nd.path.dentry->d_inode->i_mutex); dput(nd.path.dentry); nd.path.dentry = dentry; -@@ -894,6 +914,11 @@ out_mknod_drop_write: - goto out_unlock; - } - -+#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX -+ put_pid(sk->sk_peer_pid); -+ sk->sk_peer_pid = get_pid(task_tgid(current)); -+#endif -+ - list = &unix_socket_table[addr->hash]; - } else { - list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)]; -@@ -2255,7 +2280,11 @@ static int unix_seq_show(struct seq_file +@@ -2255,7 +2275,11 @@ static int unix_seq_show(struct seq_file unix_state_lock(s); seq_printf(seq, "%p: %08X %08X %08X %04X %02X %5lu", |